MedConnect Europe MedConnect Europe  ·  Synapse

Privacy Policy

Last updated April 2026  ·  MEDCONNECT EUROPE LIMITED  ·  Company No. 754335

This Privacy Policy explains how MEDCONNECT EUROPE LIMITED (“MedConnect Europe”, “we”, “us”) collects, uses, stores, and protects personal data when you use our websites (medconnecteurope.co.uk and medconnectsynapse.co.uk) and related services, including the MedConnect Synapse online assessment platform (“Synapse Platform”).

We handle your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Irish data protection legislation, including the Data Protection Acts 1988 to 2018.

As a company incorporated in Ireland, our lead supervisory authority is the Data Protection Commission (DPC), Dublin — www.dataprotection.ie.

Questions about this policy: info@medconnecteurope.co.uk

1. Who We Are

MEDCONNECT EUROPE LIMITED (Company No. 754335) is a private company incorporated in Ireland, with registered office at Suite 10836, 26/27 Pembroke Street Upper, Dublin 2, D02 X361, Ireland. We provide support services to prospective and current medical students and operate the Synapse Platform — a secure online assessment and learning environment for enrolled students and programme participants.

We act as the data controller in respect of personal data processed in connection with your use of our Site and Services.

2. Personal Data We Collect

2.1 Account and Registration Data

  • Full name (first name and last name)
  • Email address
  • Account password (stored as a secure cryptographic hash — we never store or have access to your plaintext password)
  • Date and time of account registration

2.2 Profile and Cohort Data

  • Assigned university or educational institution
  • Intake year or cohort group
  • Programme or course association (where applicable)

2.3 Platform Activity and Assessment Data

  • Test and question bank assignments (which tests and question banks have been assigned to you, by whom, and on what terms)
  • Test attempt records: start timestamp, submission timestamp, status
  • Per-question responses: answers submitted, whether by multiple-choice selection, open-text entry, labelling, matching, or other question formats
  • Time spent on individual questions
  • Auto-marking results: whether answers were marked correct, incorrect, or partially correct
  • Marks awarded per question and overall test scores
  • Percentage scores and cumulative performance metrics
  • Run-through session data: sessions started, questions encountered, answers given, session number, and completion status
  • Question-level statistics: number of times a question has been seen, attempted, answered correctly, or answered incorrectly

2.4 Tutor Marking and Feedback Data

  • Marking status applied to your answers (auto-marked, pending tutor review, marked by tutor)
  • Marks awarded by tutors for manually marked questions
  • Tutor feedback and notes associated with specific answers

2.5 Feedback and Communication Data

Where you submit a feedback form: your name, email address, university (optional), the message you submit, and your IP address at the time of submission.

2.6 Technical and Security Data

  • IP address (used for authentication, security, and anti-abuse purposes including rate limiting)
  • Session and authentication cookie data (set by the platform when you log in)
  • Login activity and timestamps
  • Platform access patterns and usage activity, to the extent monitored for security or anti-misuse purposes

3. How We Use Your Personal Data

3.1 Service Delivery — Contract Performance (Article 6(1)(b))

  • To create and manage your user account
  • To authenticate you and provide access to the Synapse Platform
  • To deliver test assignments, process your submitted answers, calculate scores, and make results available to you
  • To enable tutors to review, mark, and add feedback to your submitted answers
  • To track your progress and performance within your assigned programme
  • To send you account setup emails, password reset links, and notifications relating to your account or assignments

3.2 Security and Platform Protection — Legitimate Interests (Article 6(1)(f))

  • To monitor access and usage of the Synapse Platform to detect and prevent unauthorised access, account sharing, or misuse
  • To protect the integrity and confidentiality of proprietary Platform Content, including question banks and assessment materials
  • To investigate and respond to suspected violations of our Terms and Conditions
  • To maintain IP address-based rate limiting and anti-abuse controls

Our legitimate interest is to protect our proprietary content, our business, and the integrity of the platform for all authorised users. This monitoring is targeted, proportionate, and conducted within appropriate boundaries.

3.3 Administrative and Academic Functions — Legitimate Interests (Article 6(1)(f))

  • To enable authorised tutors, programme administrators, and where appropriate university contacts to review student progress, marking, and results
  • To generate performance reports and statistics for individual students and programme administration

3.4 Feedback and Service Improvement — Legitimate Interests (Article 6(1)(f))

To receive, store, review, and act on voluntary feedback submissions.

3.5 Legal Compliance — Legal Obligation (Article 6(1)(c))

To comply with applicable legal and regulatory obligations.

4. Synapse Platform — Specific Data Processing

4.1 Account Data and Access Control

Your name, email address, and account credentials are used to authenticate your identity and control your personal access to the Synapse Platform. Access is tied to your individual account. We process login and session data to manage platform security and ensure that only authorised users can access the platform and its content. Session tokens and authentication cookies are set when you log in and are used solely to maintain your logged-in session.

4.2 Assessment and Results Data

When you take a test or complete a question bank session, we record your submitted answers, time spent per question, scores, and overall performance. This data is stored and made available to authorised tutors and administrators for marking, feedback, review, and academic monitoring. It is also viewable by you through your results pages.

4.3 Tutor Marking and Feedback

Tutors and administrators may review your submitted answers and add marks, feedback, and notes. This information is recorded against your account and is viewable by you and by authorised MedConnect Europe personnel.

4.4 Run-Through and Study Mode Data

When you use study mode (run-throughs) within the Synapse Platform, we record your session activity: which questions you were shown, the answers you gave, and your cumulative statistics for each question. This data is used to track your performance and to inform how the question bank surfaces questions across sessions.

4.5 Security Monitoring and Misuse Detection

We monitor platform access activity — including login behaviour, access patterns, and usage signals — to detect account sharing, bulk content extraction, or other misuse. Data collected in this context is used only for security and enforcement purposes. We do not use this monitoring data for marketing or profiling.

5. Data Sharing and Third Parties

5.1 We do not sell your personal data to any third party.

5.2 We may share your personal data in the following circumstances:

  • Hosting and Infrastructure Providers: We use third-party web hosting and email delivery services to operate the Site and Synapse Platform. These providers act as data processors on our behalf and are contractually required to process data only in accordance with our instructions and in compliance with GDPR.
  • Educational Institutions and Programme Partners: Where your access has been arranged in connection with a university or institution, relevant academic administrators or programme coordinators may receive access to your performance data, results, and progress reports as part of programme delivery.
  • Legal and Regulatory Disclosure: We may disclose personal data where required to do so by applicable law, court order, or a competent regulatory authority.
  • Enforcement: In cases of suspected misuse of the Platform or Platform Content, we may share relevant access or activity data with legal advisors or, where appropriate, with relevant educational institutions.
  • Business Transfers: In the event of a merger, acquisition, or transfer of our business, personal data may be transferred to the relevant entity, subject to appropriate data protection safeguards.

6. Cookies and Similar Technologies

6.1 The Synapse Platform uses cookies and similar technologies to support functionality, security, and your user experience:

  • Authentication cookies: Set when you log in. Essential session cookies that maintain your logged-in state. Cleared when you log out or your session expires. The platform cannot function without these.
  • Security tokens (nonces): Short-lived tokens embedded in forms and requests to protect against cross-site request forgery (CSRF).
  • Session state cookies: Used to maintain temporary state during active platform use, such as tracking a test in progress.

6.2 The Synapse Platform does not use cookies for advertising, marketing, or behavioural tracking. If third-party analytics tools are used on our public website (medconnecteurope.co.uk), these will be identified separately and, where required, will be subject to your prior consent.

6.3 Disabling essential cookies through your browser settings will prevent you from logging in to or using the Synapse Platform.

7. Data Security

7.1 We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission over HTTPS
  • Hashed password storage (plaintext passwords are never stored or accessible)
  • Access controls limiting who can view personal data and assessment records
  • Session token management and authentication security
  • Security monitoring of platform access patterns

7.2 No method of internet transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the Data Protection Commission in accordance with our GDPR obligations.

8. Your Rights Under GDPR

As a data subject, you have the following rights, exercisable by contacting us at info@medconnecteurope.co.uk. We will respond within one calendar month of receipt.

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data in certain circumstances, subject to our legal grounds for continued processing.
  • Right to restriction: Ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or a contract and is automated, request your data in a structured, machine-readable format.
  • Right to object: Where processing is based on legitimate interests, you may object. We will consider your objection against our legitimate grounds for processing.
  • Right to withdraw consent: Where any processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
  • No automated decision-making: We do not make solely automated decisions producing legal or similarly significant effects about you.

9. Right to Complain

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with:

Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie

We would welcome the opportunity to address your concern directly first — please email us at info@medconnecteurope.co.uk in the first instance.

If you are based in another EU member state, you may also contact the supervisory authority in your country of residence.

10. Data Retention

  • Account and profile data: retained for the duration of your active account and for a reasonable administrative period following account closure or programme completion.
  • Assessment, results, and marking data: retained for the duration of the relevant programme and for a reasonable administrative period thereafter.
  • Run-through and question statistics: retained alongside your account data and deleted or anonymised on the same timeline.
  • Feedback form submissions: retained for review and actioned within a reasonable period; not stored indefinitely.
  • Security and access logs: retained for a limited period for security and anti-abuse purposes, then deleted or anonymised.
  • Legal or compliance records: retained for as long as required by applicable law.

11. International Data Transfers

We are based in Ireland and primarily process personal data within the European Economic Area (EEA). Where we engage service providers located outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR, including Standard Contractual Clauses or adequacy decisions where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be reflected by a revised “Last updated” date. Where material changes are made, we will take reasonable steps to notify affected users. We encourage you to review this policy periodically.

13. Contact Us

MEDCONNECT EUROPE LIMITED
Suite 10836, 26/27 Pembroke Street Upper
Dublin 2, D02 X361, Ireland
info@medconnecteurope.co.uk
© 2026 MedConnect Europe Limited Terms & Conditions Privacy Policy Feedback medconnecteurope.co.uk