WEBMEDCONSULT SRL (Doctor Chat)
The purpose of this policy is to ensure that Doctor Chat complies with the applicable legislation regarding Regulation (EU) 2016/679 („General Data Protection Regulation” or „GDPR”).
This policy is generally applicable, and for specific cases, for example, if during collaboration, we provide you with access to our applications, additional policies and procedures will be communicated to you.
4. TASKS AND RESPONSIBILITIES
The Administrator (GM) is responsible for implementing this policy in day-to-day operations, with the obligation to monitor its implementation at all levels of the organization.
Data Protection Officer (DPO) The Company has appointed a Data Protection Officer within the organizational structure in a manner that ensures the function is free from any influence that may compromise its ability to carry out its activities in an objective, fair, and independent manner.
The Data Protection Officer reports directly to the GM.
While performing their tasks, the DPO may, where appropriate, cooperate with all other departments of the Company, along with the explicitly designated GDPR committee of the Company. The DPO provides advice to the GM on any matter related to this policy and the regulation. GDPR requires the DPO to operate independently and without instructions from the employer regarding how to perform their tasks.
5. HOW WE COLLECT PERSONAL INFORMATION
We collect personal information from you and from third parties (any person acting on your behalf, online forms, from recording telephone calls or directly from phone calls, with the clear consent of the person we are interacting with, emails, brokers, and so on).
We collect personal information from you:
Through contact with us, including by phone (we may record or monitor phone calls to ensure compliance with laws, codes of practice, and internal policies as well as for quality assurance purposes), by email, through our websites, through applications, by mail, by completing a request or other forms, through social media.
For all our customers, we may collect information from:
Your parents or guardians if you are under the age of 18;
A family member or someone else acting on your behalf;
Doctors, other healthcare professionals, hospitals, clinics, or other healthcare providers;
Any service providers working with us in connection with the product or service for you, if it is not directly provided by us, such as application providers;
Publicly available sources of information.
6. CATEGORIES OF PERSONAL INFORMATION
We process two categories of personal information about you and, if applicable, your dependents:
– Standard personal information: This includes contact information (such as your name, city of residence, email address, and telephone numbers), date of birth, national identifiers (such as your personal identification number, ID card number, or passport number), employment-related details (for occupational medicine services), information about our interactions with you (including complaints or incidents), payment details, and information about your use of our website, applications, or other technologies.
– Special categories of information: This includes health information obtained from application forms, health notes, reports, treatments, and care you have received or may need. It may also include information recorded during our contact with you, such as claim or incident information, medical history data, test results, administered medications, blood type, received medical recommendations, the list of doctors and specialties accessed, family medical history, genetic data, and biometric information.
7. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We process your personal data based on the following legal grounds:
– Contractual necessity: We process your data to enter into or fulfill a contract with you as per Article 6(1)(b) of the GDPR, which states that processing is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract.
– Consent: With your consent, we may process your data for marketing communications, in accordance with Article 6(1)(a) of the GDPR, which states that the data subject has given consent for the processing of their personal data for one or more specific purposes.
– Legal obligation: We may process your data to fulfill a legal obligation, such as communicating information to public authorities or authorized entities, or for archiving purposes, in accordance with Article 6(1)(c) of the GDPR, which states that processing is necessary for compliance with a legal obligation to which the controller is subject.
– Legitimate interests: We may process your data based on our legitimate interests, in accordance with Article 6(1)(f) of the GDPR, which states that processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, as outlined in Article 5 of the GDPR.
8. PURPOSE OF USING YOUR PERSONAL DATA
By law, we must have a legal basis for processing personal data. We process your standard personal information if it is:
– Necessary to provide the services outlined in a contract (Terms and Conditions)
– Based on our legitimate interests
– With your consent
– Required or permitted by law
We process information from special categories because:
– It is necessary for the purposes stated in a contract (Terms and Conditions)
– It is necessary in the event of a legal dispute, based on the legitimate interest of the company
– It is in the public interest, in accordance with applicable laws
– It is information that you have made public
– We have obtained your permission. As a best practice, we will request your permission to process personal data if there is no other legal basis for processing. If we need to ask for your permission, we will clearly state the request and ask you to confirm your choice to grant us this permission. If we cannot provide a product or service without your permission, we will clarify this when requesting your consent. If you later withdraw your permission, we will no longer be able to provide a product or service that relies on obtaining your permission.
9. LEGITIMATE INTERESTS
We process your personal data for a range of legitimate interests, including managing all aspects of our relationship with you, marketing, helping us improve our services and products, and exercising our rights or resolving claims.
Legitimate interest is one of the legal grounds for processing your personal data. Taking into account your interests, rights, and freedoms, the legitimate interests that allow us to process your personal data include:
– Managing our relationship with you, our business, and third parties that provide products or services to us.
– Processing data in the event of a legal dispute.
– Investigating and reporting security breaches.
– Recording and monitoring telephone calls.
– Ensuring effective handling of complaints and investigating claims.
– Updating our records and providing marketing materials permitted by law.
– Conducting research and statistical analysis to monitor and improve our products, services, websites, and applications or develop new ones.
– Monitoring how well we meet your expectations.
– Enforcing or applying our terms and conditions for website usage.
– Exercising our rights, defending against claims, and complying with applicable laws and regulations for ourselves and the third parties we work with.
10. MARKETING AND PREFERENCES
We may use your personal data to send you marketing materials by mail, telephone, social media, email, and text messages.
We will only use your personal data to send you marketing materials if we have your permission through consent, by selecting options in your online account, or based on legitimate interests as described above.
If you do not wish to receive emails from us, you can click on the „unsubscribe” link provided in all the emails we send. If you do not want to receive text messages from us, you can inform us by contacting us at any time. Alternatively, you can always contact us to update your contact preferences.
You have the right to object to direct marketing and profiling (automated processing of your information to help us assess certain things about you, such as personal preferences and interests) related to direct marketing.
11. PROCESSING FOR PROFILING AND AUTOMATED DECISION-MAKING
Like many companies, we sometimes use automation to provide you with faster, better, more consistent, and accurate services, as well as marketing information that we believe will be of interest to you (including discounts on our products and services). This involves evaluating information about you and, in some cases, using technology to provide automated responses or decisions.
You have the right to object to direct marketing and profiling related to direct marketing. You may also have the right to object to other types of profiling and automated decision-making outlined below. In these cases, you have the right to request that one of our advisors reviews an automated decision, to inform us of how you feel about it, and to ask us to reconsider the decision. We can only use profiling if we have your explicit consent.
By law, we need to define the following:
– Automated decision-making: Making a decision using technology without human involvement.
– Profiling: The automated processing of your information to help us assess certain things about you (such as personal preferences and interests).
This is because you have certain rights concerning automated decision-making and profiling. You have the right to object to profiling for direct marketing purposes. If you do so, we will no longer profile you for direct marketing purposes. You also have the right to object to profiling in other circumstances outlined below.
12. INFORMATION SHARING
We share your information with Doctor Chat collaborators (doctors, specialists, etc.), payment/banking service providers or auxiliary services, and companies with which we may develop joint programs to offer our goods and services in the market.
For all our customers, we may distribute information:
– If we share your personal information, we will ensure that there is adequate protection to safeguard your personal information in accordance with data protection laws.
13. HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We retain your personal information in accordance with established periods, calculated using the following criteria:
– The duration of your customer relationship with us, the types of products or services you have from us, and the point at which you will no longer be our customer.
– The reasonable time required to keep records to demonstrate that we have fulfilled our obligations to you and the law.
– Any retention periods established by law or recommended by regulatory authorities, professional bodies, or associations.
– Any relevant procedures that apply.
14. YOUR RIGHTS
You have the right to access your information and request us to correct any errors, delete and restrict the use of your information. You also have the right to object to the use of your information, request us to transfer the information you provided, withdraw the permission you provided us to use the information, and request us not to use automated decision-making processes that may have legal effects.
You have the following rights (subject to certain exceptions):
– Right of access: The right to make a written request for details about your personal information and a copy of that personal information.
– Right to rectification: The right to correct or remove inaccurate information about you.
– Right to erasure („right to be forgotten”): The right to delete certain personal information about you.
– Right to restriction of processing: The right to request that your personal information is only used for restricted purposes.
– Right to object: The right to object to the processing of your personal information in cases where our processing is based on performing a task carried out in the public interest or if we have informed you that the processing is necessary for our legitimate interests or those of a third party. You can object to the use of your information for profiling purposes when it comes to direct marketing.
– Right to data portability: The right to request that the personal information you have provided to us be transferred to you or a third party in a format that can be automatically read.
– Right to withdraw consent: The right to withdraw any consent you have previously given us to manage your personal information. If you withdraw your consent, it will not affect the lawfulness of our use of your personal information prior to the withdrawal, and we will inform you if we can no longer provide you with the chosen product or service.
– Right in relation to automated decision-making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, except where it is necessary to conclude a contract with you, authorized by law, or with your explicit consent. We will inform you when such decisions are made, the legal reasons we rely on, and the rights you have.
Please note: Apart from your right to object to the use of your data for direct marketing (and profiling to the extent used for direct marketing), your rights are not absolute. They do not always apply in all cases, and we will inform you in our correspondence with you how we can address your request. If you make a request, we will ask you to confirm your identity if necessary and provide information that helps us better understand your request. If we cannot fulfill your request, we will explain why.
15. PROCESSING SECURITY
Doctor Chat places great importance on processing data in secure and confidential conditions and utilizes the latest technologies and methodologies in the field whenever possible.
To ensure the secure transmission of data, both within its network and when necessary outside of it, Doctor Chat only uses secure and up-to-date encryption methods. Additionally, during the operational processing of personal and special data, modern methods of pseudonymization and anonymization will be used whenever possible, minimizing the risk of security breaches.
Doctor Chat will always process only the data that is absolutely necessary, in accordance with the purpose and legal grounds.
16. NON-PROVISION OF YOUR DATA
If you do not agree to provide your data, we are unable to provide you with the requested services.
17. CONTACT INFORMATION FOR DATA PROTECTION
If you have any questions, comments, complaints, or suggestions regarding this policy or any other concerns related to how we process your information, you can contact us at: [email protected]
You also have the right to submit a complaint to the National Authority for the Supervision of Personal Data Processing.
18. EFFECTIVENESS AND REVISION
This policy has been adopted by the Company’s General Manager and takes effect immediately upon adoption.
The policy will be reviewed annually, even if no changes have been made to its content or whenever the Company deems it necessary.