Storage, retention, and accuracy of Personal Information
Data Security and Breach Notification
We implement reasonable technical, administrative, and organizational safeguards designed to protect Personal Information against accidental loss, unauthorized access, use, alteration, and disclosure. These measures include, where appropriate, encryption, access controls, and regular monitoring of our systems.
However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
In the event of a data breach involving your Personal Information, we will comply with all applicable legal requirements, including:
- GDPR / UK GDPR – notifying affected individuals and supervisory authorities without undue delay where required.
- U.S. State Breach Laws – providing timely notification to affected individuals and regulators, as required by applicable state law.
We also require our third-party service providers to implement security measures consistent with applicable law and industry standards when processing Personal Information on our behalf.
We will retain your Personal Information for as long as necessary to provide services, comply with legal obligations, resolve disputes, or enforce agreements.
International Data Transfers
Where we transfer Personal Information outside of the country in which it was originally collected (including from the European Economic Area, United Kingdom, or Switzerland to the United States or other jurisdictions), we do so in compliance with applicable data protection laws. Specifically:
- Transfers from the European Economic Area, the United Kingdom, and Switzerland are carried out under the European Commission’s Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum, as applicable.
- Where applicable, Midera also relies on the EU-U.S. Data Privacy Framework and the UK Extension/Swiss-U.S. Data Privacy Framework, for transfers to certified entities in the United States.
- Additional safeguards, such as technical and organizational security measures, are implemented to ensure that your Personal Information remains protected when transferred internationally.
You may request a copy of the relevant transfer mechanisms (such as SCCs) by contacting us at privacy@midera.com.
Legal Bases for Processing
We process Personal Information only where we have a lawful basis under applicable data protection laws. Depending on the context, our legal bases include:
- Consent – When you have given us explicit permission (e.g., signing up for newsletters, accepting cookies, or marketing communications).
- Contract – When processing is necessary to perform a contract with you, or to take steps at your request prior to entering into a contract (e.g., fulfilling product orders, providing services).
- Legitimate Interests – When processing is necessary for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms (e.g., improving our website, preventing fraud, securing our systems, internal analytics).
- Legal Obligations – When processing is required to comply with applicable laws or regulations (e.g., tax laws, employment laws, responding to lawful requests from authorities).
Where we rely on consent, you may withdraw it at any time by following the unsubscribe instructions in our communications or contacting us directly at privacy@midera.com.