DocBay Privacy Policy and Use of Personal Data
Introduction
The protection of privacy and the lawful use of personal data are of the highest priority for Equação Perspicaz (“we”, “us” or “DocBay”). We are committed to ensuring your privacy. This privacy policy explains how your personal data is collected, used, stored and disclosed by us: it applies to the processing of your personal data on our website, our platform and our mobile application (collectively, the “Services”) . We recommend that you carefully read this privacy policy before using any of the Services.
We may change this privacy notice from time to time, particularly if, due to any changes to our operations or applicable laws and regulations, your fundamental rights or freedoms may be affected.
Who we are
Somos a Equação Perspicaz Lda. Exploramos e mantemos a plataforma www.docbay.com e as applicações DocBay e DocBay Pro.
For the purposes of European Union data protection laws, in particular, the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 27 April 2016, on the protection of personal with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC), we, together with the headquarters of our Equação Perspicaz Group in Portugal where our Technology team is located and sales, we are responsible for processing your personal data. Our team always makes strategic decisions regarding the purposes and means of processing patients' personal data.
Pode contactar o nosso Encarregado da Proteção de Dados (“EPD”) enviando um e-mail para dpo@docbay.com ou por correio tradicional, enviando-nos um pedido de informação para a nossa sede social.
User-specific sections
I. IF YOU ARE A PATIENT (NON-PROFESSIONAL USER OF OUR PLATFORM)
If you are a patient, or more generally a user of our website who is looking for information about specialists, then the following applies to you:
A. How we obtain your personal data; for what purposes and on what legal basis do we process them
1. Create your account and register for our services
We obtain your personal data directly from you when you register or use our Services.
When you register for our Services, we ask you to provide basic data, including your name, surname, gender, telephone number, email address.
You can use our Services with our website or mobile application. Our services allow you, among other features: to book appointments with specialists; guardar as suas informações pessoais na sua conta de utilizador, conversar com especialistas por teleconsulta. Pode também verificar o histórico das suas consultas e gerir a sua conta de utilizador na nossa plataforma e aplicação móvel.
In your user account on your mobile phone, you can manage push notifications (e.g. pop-ups) and other similar system notifications.
When you register to use our Services, you enter into a legally binding contract with us. This legal contract constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1.b of the GDPR.
Make an appointment with a specialist or schedule a medical exam
We obtain additional information about you when you make an appointment with a specialist or clinic, or when you schedule a medical examination on our website or using our mobile application. This information may include:
Name and surname(s).
Phone number.
Email address.
Date and time of the consultation.
Reason for your appointment, exams or tests you are scheduling, session you are participating in, etc.
Any additional information you shared or uploaded (e.g. questionnaires, additional details) during the appointment booking process.
We will store this data on our platform and transfer it to the specialist and/or the clinic that employs the specialist. Once your personal data has been transferred to the specialist or clinic, the specialist or clinic becomes an independent data controller in relation to your personal data and will process your personal data for its own purposes (e.g. for the purposes of providing medical or similar services). Such treatment will be governed by the privacy policy of the specific specialist or clinic.
We may send a booking confirmation to your mobile phone and/or email address. We may also send you a reminder when your appointment date is approaching. If the appointment is canceled by the specialist, we will inform you of the cancellation. After the consultation, we may ask you to add a review to your website.
Before your appointment, a specialist may send you a questionnaire about your symptoms and the reason for your visit. Of course, answering the questionnaire is optional, but it will help the specialist prepare for the consultation. The questionnaire is sent by the specialist and the answers are received only by him/her, unless he/she expressly consents to saving this data on our platform for future use. We do not see your responses and do not process any personal data included in them.
Some of the personal data you will share with us may be considered to be related to health (namely: the clinic or specialist you will consult; the reason for your consultation; a history of your appointments). For this reason, we will ask for your consent. We need your consent to disclose your details to the specialist with whom you book an appointment and to provide you with our Reservation and Technical Services. Without this consent, we will not be able to provide you with our Reservation and Technical Services. The processing of your health-related personal data based on consent is in accordance with Article 9.2.a GDPR.
Save your personal information and share it with an expert
As part of our services, you can create an account and store your personal data (including data related to your health) in your user account and in your Health Profile (feature available in our mobile application). In order to activate your account and/or Health Profile we will need you to provide us with the following details:
Name(s) and surname(s),
Phone number,
Email address
Furthermore, if you wish, we may also process the following data:
Citizen Card (in some cases),
information about your health insurance (if you have it),
medical data: medical history, allergies, medications you take, previous visits, family history,
and any other information you choose to include in your account or Health Profile.
Creating a Health Profile, among other features, gives you the possibility of:
have a catalog of your allergies, treatments, medications and other similar information related to your health problems easily accessible.
Share this information with experts of your choice
When adding your personal information, we will ask you for explicit consent to process your health-related personal data. We will only process your health-related data if you choose to add it. If you have made an appointment through our platform, you will have the possibility to share all or part of this information with the specialist. You decide what data you want to share with them. Sharing your information with the specialist is optional. We will only share your data with the experts you choose and only with your prior consent.
We will not use your personal data for any other purpose and will not sell it. Consent is voluntary and can be revoked at any time. If you revoke your consent, we will delete your health-related personal information that you uploaded to your Health Profile user account.
Please note that medical professionals will act as data controllers and will treat your data in accordance with their own privacy policies.
Chat with and/or send messages to a specialist
When using our platform, you can start a “chat” with an expert or send him a private message: we will be aware of this, but we will not have access to the information you provided to the expert during the “chat” or conversation, as these Data is end-to-end encrypted.
You can search your chat history and your questions, as well as experts' answers. We process your personal data based on article 9.2.a of the GDPR.
Add a review
When you add a review about a specialist on our website, we may also obtain some personal information about you (for example, if you describe the reason for your visit or your medical history in the review). For this reason, we ask you to give us your consent to the processing of your personal health-related data. The processing of your health-related personal data based on consent is in accordance with Article 9.2.a GDPR.
Please note that your comments will be public. We recommend that you do not include any private or similar information in the evaluation, as this information will not be hidden and will be available to all users of the platform.
Use of the doctor service on request
When you use our doctor-on-demand service, we obtain your personal data that is necessary to identify you and allow our third-party service provider, which is a medical entity, to create your health record. All data you provide to us will be transferred to the third party, Telmedicin sp. z oo, located in Warsaw, Poland, which is responsible for providing you with its doctor services upon request. We are simply subcontractors, collecting data on behalf of Telmedicin. You will be provided with information about Telmedicin's privacy policy and information about personal data before you start using the doctor-on-demand service.
Marketing
When you choose to receive commercial and marketing communications, we may process your email, telephone number, first name and surname for this purpose. You may opt out of receiving these communications at any time. The legal basis for processing your personal data for this purpose is Article 6.1.f GDPR.
Other purposes
When you use our Services, we may obtain additional data, including, for example: information about your device, IP address, time zone, and the language or browser you use. We also obtain information about when you first and last used our Services, as well as how long you spent using our services.
When using a mobile application, we may also obtain your location information, based on GPS data. You can always turn off your location information.
We will process this personal data to:
address any complaints or claims you may have in relation to the Services and to protect ourselves against them or any third party complaints and claims relating to your use of the Services;
inform you about new features and functionality of our Services,
manage and plan our business activities (for example, to analyze how you use our products and services and to predict demand for our products, or to predict how our users will use our Services in the future and estimate the trends in user needs and preferences). Some of this information may be anonymized (for example, how you browse our website), but some of the information, along with other information (for example, how long you have logged in to our platform and what your email address you used), may reveal your identity.
We process this information based on our legitimate interests, which constitute a legal basis for processing personal data under Article 6.1.f GDPR.
Do we process information or data related to your health?
If you make an appointment with a specialist, save your personal information in your user account or schedule a medical examination, add an assessment or chat with a specialist, we may obtain information related to your health status. We may also act as a processor on behalf of specialists and clinics who entrust us with their personal health-related data. For more details, see the section: “How we obtain your personal data; for what purposes and on what legal basis do we process them”, above and the section “Do we act as a subcontractor on behalf of specialists and clinics?” below.
Can you provide us with personal data about other people?
If you make an appointment on someone else's behalf (for example, if you make an appointment for your family member), we may obtain that person's personal data. We will process this personal data for the same purposes for which we process your personal data.
Do we act as a subcontractor on behalf of specialists and clinics?
We provide different services to doctors and clinics. These services allow doctors and clinics, among others, to upload and store patients' personal data, information about patients' appointments and their health status. The services also allow sending text messages or emails and marketing campaigns to patients, and are used by doctors and clinics to manage their working hours.
For these reasons, we act as a subcontractor (within the meaning of Article 28 GDPR) and process your patients' personal data.
When we act as a subcontractor, we process personal data only following the instructions of experts and clinics (our clients) and we do not process this data for our own purposes. This also applies to specialists and clinics who send you, via our platform, text messages, emails or similar communications or campaigns: it is they – not us – who decide whether or not to send you text messages, and -mails or similar campaigns. We do not assume any responsibility for such communications, nor for the processing of your personal data carried out by specialists or clinics.
If you do not want to receive these messages, please contact the doctor or clinic that sent you the message directly.
IF YOU ARE REGISTERED WITH US AS A SPECIALIST
If you are a specialist who uses our platform and our Services in a professional capacity and (i) has registered a profile on the platform, (ii) has entered into a contract to receive our Services, or (iii) works on, for or with a clinic that has entered into a contract to receive our Services, then the following applies to you:
How we obtain your personal data. For what purposes and on what legal basis do we process them
Registration and use of our services
We obtain your personal data directly from you when you register or use our services.
When you register for our Services, we ask you to provide us with data related to your professional activities and other information that helps inform our users about you and which will be published in your profile on our platform. In particular, you can provide us with the following information:
your name and surname;
your professional address;
your email address;
your specialization, your education and information about diseases you treat or medical exams you perform;
your professional number (the license number that allows you to carry out professional activities);
your image;
details of clinics with which it collaborates; It is
any other data that you provide to us during the registration process or during the execution of a paid contract.
If you have entered into a contract to receive our Premium Service, SaaS and/or any other similar paid Services and/or have activated the subscription calendar marcações e/ou a funcionalidade de telemedicina na nossa plataforma, também nos irá fornecer detalhes sobre o seu horário, informações sobre os preços dos seus serviços e métodos de pagamento que aceita dos seus pacientes.
When you register for our Services, you enter into a legally binding contract with us. The need to comply with our obligations and the terms of this legal contract constitutes a valid legal basis for processing your personal data, as specified in Article 6.1.b of the GDPR. We also process your personal data based on our legal obligations, for example, to issue invoices and keep our financial records up to date. This constitutes a valid legal basis for processing your personal data, as specified in Article 6.1.c of the GDPR.
As part of our services, we may list your professional information, including your first name, last name, specialization or address in search engines and maps. This helps us to provide our services to you.
We may also obtain your personal data from clinics for which you work or with which you have entered into a contract to receive our Services. Such clinics may, under their responsibility, transfer your personal data to us and we will process your personal data to perform the contract we have with the clinic. The processing of your personal data is essential for us; however, you can always contact the clinic that transferred your personal data to us and object to the processing or withdraw your consent to the use of your personal information.
Marketing purposes
When you choose to receive commercial and marketing communications, we may process your email, telephone number, first name and surname for this purpose. You may opt out of receiving these communications at any time. The legal basis for processing your personal data for this purpose is Article 6.1.f GDPR.
Other purposes
When you use our Services, we may obtain additional data, including, for example: information about your device, IP address, time zone, and the language or browser you use. We also obtain information about when you first and last used our Services, as well as how long you spent using our services.
When using a mobile application, we may also obtain your location information, based on GPS data. You can always turn off your location information.
We will process this personal data to:
address any complaints or claims you may have in relation to the Services and to protect ourselves against them or any third party complaints and claims relating to your use of the Services;
inform you about new features and functionality of our Services,
manage and plan our business activities (for example, to analyze how you use our products and services and to predict demand for our products, or to predict how our users will use our Services in the future and estimate the trends in user needs and preferences). Some of this information may be anonymized (for example, how you browse our website), but some of the information, along with other information (for example, how long you have logged in to our platform and what your email address you used), may reveal your identity.
We process this information based on our legitimate interests, which constitute a legal basis for processing personal data under Article 6.1.f GDPR.
IF YOU ARE AN UNREGISTERED SPECIALIST
If you are a specialist whose name and professional details appear on our platform, but you have not registered (i.e. created an account or profile) with us and are not receiving Services from us, then the following applies to you:
How we obtain your personal data. For what purposes and on what legal basis do we process them
DocBay obtains your personal data from publicly available sources, for example:
Commercial records;
Medical records or similar professional records;
Statistical institutes;
Or with DocBay users (patients) who wrote a review about their experience at your office.
We process your personal data to:
Make your personal data available on our platform, to inform our users about your professional activities; and/or
allow your patients who are also users of our Services to evaluate and rate their experience with you.
If you contact us to receive information about us or our Services, we may also use your personal data to send you commercial communications about our Services. Please remember that you can opt out of receiving this information at any time.
DocBay processes your personal data based on its legitimate interests, which constitute an independent legal basis for processing personal data under Article 6.1.f GDPR.
DocBay has carried out a balancing test to ensure that your interests or fundamental rights and freedoms do not override our legitimate interests in processing your personal data. You can always contact us if you wish to object to our processing of your personal data.
What scope of your personal data do we process?
We process the following personal data:
Name(s) and surname(s);
Your professional address,
Your specialization or profession;
Opinions of Service users about their hiring.
We can also process your professional number (the license number that allows you to carry out professional activities).
Information applicable to all users
Do we share your personal data with third parties?
We may disclose your personal data to other companies that are part of DocBay, solely for the purpose of providing Services to you.
If you decide to share your personal information with an expert, based on your consent, we will share the data you choose with the expert.
We may also share your personal data with third party providers, again solely for the purposes of providing our Services to you. These third parties mainly act as subcontractors and have entered into data protection agreements with us.
For example, we may share your personal data with the following categories of subcontractors:
Cloud hosting and server maintenance service providers;
Communication tools;
Customer support tools;
External consultants, auditors or advisors;
Payment service providers, banks, credit reference and fraud prevention agencies, and insurance companies;
IT companies that provide us with software and similar services.
Finally, we may disclose data to respond to legal requirements, enforce our policies, coordinate with legal or regulatory authorities when required by applicable law, and protect our rights and property. We may also share your personal information with other business entities if we plan to merge with, be acquired by, or receive investment from that business entity, or if we undergo a business reorganization.
We will not transfer your personal information to any other third party unless you give us your prior consent, or we have another legal basis for doing so.
Do we transfer your personal data to countries that are not part of the European Economic Area?
Some of our service providers (subcontractors) are based outside the European Economic Area, so we may transfer your personal data to third countries. We always guarantee that these transfers comply with GDPR requirements.
How long do we process your personal data
We will only keep the information we collect about you for as long as necessary for the purposes set out above, or as necessary to comply with any legal obligations to which we are subject.
The period for which we will retain information about you varies depending on the type of information and the purposes for which we use it. Generally speaking, we will keep our records for a maximum period of 6 years after the end of your relationship with us, to comply with our legal obligations. For more details, see the following table:
Purpose of treatment Storage period:
Providing you with our services We will process your personal data as long as you have an active user account or a service contract in force. If the Customer deletes his user account or the service contract is terminated, we will process his personal data for 6 years.
Patient data: Make an appointment or schedule a medical examination We will process your personal data for as long as you have a user account. If you delete your user account, we will process your personal data for 6 years.
Technical and statistical information We will process your personal data for as long as you have a user account. If you delete your user account, we will process your personal data for 6 years.
Marketing We will process your personal data until you withdraw your consent for marketing purposes or object to the processing of your personal data.
Patient data: Chat with a specialist We will process your personal data that you provide to us during the chat for 2 years.
Patient data: Doctor on demand functionality. We will process your personal data for 6 years after your last use of the doctor-on-demand functionality.
Complaints We will process your personal data for 6 years after submitting a complaint.
Profiles of unregistered experts We will process your personal data until you object to the processing.
What are your rights regarding the processing of your personal data?
Under the GDPR, you have the following rights:
Tem o direito de ser informado sobre o tratamento dos seus dados pessoais (ou seja, para que finalidades, que tipo de dados pessoais, para que destinatários são divulgados, períodos de conservação, quaisquer fontes de terceiros a partir das quais os mesmos foram obtidos, confirmação se que realizamos decisões automatizadas, incluindo definição de perfis e a lógica, significado e consequências previstas). A leitura desta Política de Privacidade faz parte do seu direito de ser informado; tem o direito de apresentar-nos uma reclamação (dpo@docbay.com) ou de reclamar junto da sua autoridade de controlo se considerar que tratamos os seus dados pessoais de forma ilícita;
You have the right to request a copy of the personal data relating to you that we process;
You can ask us to delete (if you consider that we do not have the right to keep them) or rectify (if you believe they are incorrect) your personal data;
You can object to the processing of your personal data or (where we rely on your consent to the processing) withdraw your consent;
You have the right to limit the processing of your personal data; and/or you may request that your data be provided on a portable basis.
You can contact us (see contact details at the bottom of this policy) if you wish to exercise any of these rights. We will comply with our legal obligations regarding your rights as a data subject.
Any request for access to your personal data must be made in writing and we will do our best to respond within a reasonable period of time and, in any case, within one month (or such different period as we will communicate to you immediately in the case of requests complex or numerous). We reserve the right to charge a reasonable fee (reflecting the costs of providing the information) or refuse to respond where requests are manifestly unfounded or excessive: in this case we will explain the situation to you and inform you of the Your rights.
We seek to ensure that the information we hold about you is always correct. To help us ensure that your information is up to date, you must inform us if any of your personal data changes. Following your request, we will take reasonable steps to ensure that the data is correct and will rectify any inaccurate personal data promptly and, in any case, within one month of making the request.
Do we carry out profiling activities?
Decisions are not being made solely based on automated decision making. We do not use any profiling systems or tools to process your data.
Links to other websites
Our website or application may contain links to other websites, including through social media buttons. Although we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by other websites and a link does not constitute a recommendation of that website. Once you access another website from our website or application, you are subject to the terms and conditions of that website, including, without limitation, its Internet privacy policy and practices. Please check these policies before submitting any data to these websites.
How we protect your information
We ensure that there are appropriate technical, physical, electronic and administrative safeguards in place to protect your personal data against unauthorized access. We comply with generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Unfortunately, the transmission of information via the Internet (including by e-mail) is not completely secure. Although we make our best efforts to protect your personal data, we cannot guarantee the security of your data transmitted to our website, platform or personnel; Any transmission is at your own risk. Once we receive your information, we will use strict security features and procedures to try to prevent unauthorized access.
Contact us
Se tiver alguma dúvida sobre os seus dados pessoais, pode contactar-nos:através de e-mail para dpo@docbay.com, ou por correspondência para o endereço da sede social Rua Dr. Eduardo Gonçalves, Loja 7, 4720-345 Ferreiros AMR, Portugal.