Privacy statement Doctoronline

This Privacy Statement was last modified on November 8, 2024.

This Privacy Statement describes how eMedvertise N.V., trading under the name Doctoronline, a limited liability company based in Willemstad, Curaçao (Kingdom of the Netherlands), at Mahaaiweg 6 (registered in the Trade Register under number 108686), collects and processes your (special) personal data.

Privacy-sensitive data, or personal data, is processed through Doctoronline. Doctoronline considers the careful handling of personal data to be of great importance. Personal data is therefore carefully processed and secured by us.

Despite the fact that Doctoronline is located outside the European Union, we adhere to the (applicable) European privacy legislation when processing personal data. This means, among other things, that:

• we clearly state the purposes and bases based on which we process personal data in this Privacy Statement;
• we restrict the collection of personal data to only the personal data necessary for legitimate purposes;
• we first ask you for explicit permission to process your personal data in cases where your consent is required;
• we take appropriate security measures to protect your personal data and also require this of parties that process personal data on our behalf;
• we respect your right to provide your personal data for inspection and have your personal data corrected, deleted or transferred at your request, as well as your right to object to the processing of your personal data and your right to restrict the processing of your personal data.

Doctoronline is responsible for the data processing. In this Privacy Statement, we explain which personal data we collect and use and for what purpose. We recommend that you read this statement carefully.

We collect and process the following data:

Data provided by you.
This is information you provide when you fill in forms on our website, www.doctoronline.co.uk (‘Website’), or when you contact us by telephone, email or other means. This includes information you provide when you register for our newsletter, create an account, place an order, contact our customer service or participate in other (interactive) functions on our Website. For example, we process the following data:

• Name and address
• Telephone number
• Invoice and/or delivery address
• Email address
• Payment data (bank account number/credit card information)
• Gender
• Date of birth
• Technical data such as IP address
• Medical data (prescriptions)

This data is used among other things for the following purposes:

• granting access to the Website and your personal account on the Website;
• creating an account, providing services and communicating with you;
• informing you (digitally) about ehealth issues and related topics;
• informing you of changes in our service or the services provided by the doctors and/or pharmacies;
• organising, handling and checking the order that you have provided to us. If necessary, carrying out an ID check.

Special personal data provided by you.
This is information you provide when you fill in forms on our Website or contact us by telephone, email or other means. Special personal data is also provided when you fill in the medical questionnaire. Special personal data includes data relating to health, medical history and/or sex life. We collect this data exclusively for the doctors and/or pharmacies.

This data is used among other things for the following purposes:

• enabling independent doctors to whom we have access to provide you with an online consultation on request;
• enabling independent pharmacies to which we have access to sell and deliver certain medical products to you on request.

In addition to medical data, we also process personal data provided within the framework of specials offers and marketing campaigns, such as Tell a Friend. When a friend registers with us via a personal link provided by a customer, a unique code (UUID) is used to link their registration data to the customer. The code will only be used for the purpose of granting a discount to the customer upon the friend’s registration. By submitting the registration form, the friend consents to linking their data.

Information that we collect about you.
This is data that we collect about you when you visit our Website. Where necessary, this is only done after you have consented to this, for example through accepting cookies. The information collected includes technical data, such as your IP address, login details, browser type and version, the type and version of the browser plugin, operating system and platform, and information related to your visit, such as the pages visited on our Website (including duration, date and time), viewed products, page interaction information (e.g. scrolling, clicking, mouse-overs) and the telephone number that is used to call our customer service.

This data is used among other things for the following purposes:

• managing our Website and for internal activities, such as problem solving, data analyses, testing, research, and statistical and research purposes;
• improving our Website, which includes presenting its content in the most effective way for you and your computer;
• enabling the use of the interactive functions of our Website and/or service;
• ensuring the security of our Website;
• providing you with relevant information and measuring its effectiveness;
• providing suggestions and recommendations to you and other users of our Website about products or services that could be of interest.

Information that we receive from other sources.
This is information that we receive about you from selected third parties (e.g. business partners, partners in the field of technical, payment and distribution services, advertising networks, analyses providers, search data providers, ID check providers, credit reference agencies).

This data is used among other things for the following purposes:

• linking this information to the data provided by you and the data that we collect about you. This information and the combined data can be used for the above-mentioned purposes.

Bases of data processing
We collect and process your personal data in the context of the conclusion and/or execution of your order with Doctoronline, compliance with a legal obligation (e.g. verifying your identity), to protect a vital interest of you and/or a legitimate business interest of us. If the above-mentioned bases do not apply, we will ask for your explicit consent to process your data. We always ask for permission to process special personal data.

Provision to third parties
We provide your personal data to third parties ('processors') and companies affiliated to Doctoronline to organise, manage and monitor rights and obligations, including services and payments arising from the contract concluded with you. We have concluded agreements with the aforementioned third parties, in which we ensure that the further processing of personal data by these third parties also complies with the applicable privacy legislation. In addition, Doctoronline provides your personal data to other third parties; often for marketing purposes. We only do this with your explicit consent.

The doctors and pharmacies to whom we have access perform their work independently of Doctoronline and without Doctoronline being in any way responsible for the nature and/or quality of the services provided and/or the products delivered. For the purpose of requested online consultations and/or products, Doctoronline collects your medical and other personal data for the doctors and/or pharmacies. This data is located in a secure environment on the servers of Doctoronline. Doctoronline employees do not have access to this medical information. Your personal data and medication history data are only accessible to these doctors and pharmacies, who are independently responsible for the data processing. We have made agreements with these doctors and pharmacies to safeguard your privacy and other rights. Your medical data will not be disclosed to any third party.

Newsletter
We offer a newsletter with which we want to inform interested parties about ehealth in the broad sense and/or our services. You can subscribe to this newsletter on our Website. The newsletter may contain information specifically targeted at you (for example through 'profiling'). Each newsletter contains a link with which you can unsubscribe.

Service message
By using our services, your email address is automatically added to a contact list so that we can send a service message by email in the context of a concluded contract (an 'order') regarding the status of an order and changes or incidents with regard to our Website or our services. We may also provide you with information related to orders placed with us. You can unsubscribe from these services messages via the unsubscribe link that each service message contains.

Telephone contact
Doctoronline will use your telephone number to contact you, if necessary, with questions and/or updates regarding the order you placed. Doctoronline may also contact you by telephone with regard to the services offered by Doctoronline. We will only contact you by telephone if you have explicitly consented to this when creating your account. During each telephone conversation you can object to being contacted by telephone and withdraw your earlier consent.

Publication
We do not publish your (personal) data.

Transfer to countries outside the EU
Doctoronline has a worldwide technical infrastructure. Although Doctoronline tries to avoid this as much as possible, your (personal) data may be transferred to countries outside the European Union, where privacy protection regulations might not provide the same level of protection as in the European Union. An example is the use of Google Analytics or Amazon cloud services, where your data may be transferred to or stored in the United States. You hereby consent, insofar as your consent is required, to the transfer of your (personal) data to the United States or other countries outside the European Union. In such cases, Doctoronline will take appropriate measures reasonably necessary to ensure that your data is protected as well as possible, such as concluding model contracts with the relevant companies, containing clear agreements on the use and security of your personal data.

Klarna payment method
Klarna is a payment method. Klarna may perform a credit check, for which personal data is processed. The details of Klarna are: Klarna Bank AB, registration number 556737-0431, Sveavägen 46, 111 34 Stockholm, Sweden.

We take security measures to limit abuse of and unauthorised access to personal data. In particular, we take the following measures:

• access to personal data is protected with a username and password;
• the data is stored after receipt in a separate, protected system;
• we take physical measures for access protection of the systems in which personal data is stored;
• our technical equipment and infrastructure suppliers comply with applicable ISO standards, such as ISO27002;
• we use secure connections (Secure Sockets Layer or SSL) which protects all information between you and our Website when you enter personal data.

The personal data described above is retained as long as your account has an active status. Your account - including the associated personal data - will be deleted by Doctoronline if the account hasn’t been logged into for four years or if it has been four years since you last placed an order through Doctoronline. However, certain personal data will be retained for a longer period if there is a legal obligation to do so (such as the fiscal retention period of at least seven years for payment data and at least 15 years for medical data).

Right to access, correction and deletion of your data
If you wish, Doctoronline can provide you with an overview of your personal data that is known to us (Article 15 of the GDPR). Most of this data can be viewed through your My Doctoronline account. If this information proves to be incorrect or incomplete, we will correct or complete this information at your request (Article 16 of the GDPR).

You also have the right to have your personal data erased (‘right to be forgotten’ - Article 17 of the GDPR). In that case, your account and all associated personal data - to the extent permitted by law - will be permanently deleted or anonymised.

Right to restriction of processing
If you have informed us that your personal data is inaccurate or incomplete, you may request that we restrict the processing for as long as we are processing your request (Article 18 of the GDPR). You may also request that we restrict the processing of your data if you are of the opinion that we are processing your data unlawfully or that we no longer need your personal data for the purpose of processing, or if you have objected to the processing thereof. After we receive your request for restriction, we will only process your data after we have obtained your permission or for important reasons (such as judicial proceedings).

Right to data portability
You are entitled to data portability. This means that you have the right to receive the personal data you have provided to us in a usable form (Article 20 of the GDPR). Doctoronline will send your data in XML format.

Right to object
If you do not agree with a certain processing of your data - including, for example, the automated processing of your personal data ('profiling') for direct marketing purposes - you can object to this at any time (Article 21 of the GDPR).

Right to withdraw previously given consent
If you have consented to the processing of your personal data, you can withdraw this consent at any time (Article 13(2)(c) of the GDPR). You can also withdraw your consent for the sending of marketing messages or object to this at any time.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the relevant supervisory authority (Article 77 of the GDPR). For Doctoronline this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can lodge a complaint about the manner in which we process your personal data. Of course, you can always submit your complaint to us first. If you have a complaint, you can contact our Data Protection Officer.

Contact
You can exercise your above rights and any other rights that you have under the applicable privacy laws by sending a request to info@doctoronline.com. We will respond to your request as soon as possible, in any case within four weeks.

You can also exercise your right to be forgotten and your right to data portability through your My Doctoronline account. 

If you have any questions, you can also contact our Data Protection officer, whose contact details are at the end of this Privacy Statement.

Reporting of incidents, security incidents and data leaks
If, despite of the protective measures taken, your personal data is breached or we suspect it may be breached, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) thereof. If the personal data breach is likely to have adverse consequences for you, we will communicate this to you as soon as possible. Doctoronline has an internal procedure in place for dealing with such incidents.

Third-party websites
This Privacy Statement does not apply to third-party websites that are linked to our Website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend that you read the Privacy Statement of these websites before using these websites.

Cookies
Doctoronline uses cookies on its Website and when offering services. A cookie is a small, simple file with data that is either stored on the hard disk of your computer or in the session of your browser. In our Cookie Policy, you can read all about the use of cookies by Doctoronline.

Google Analytics
We use Google Analytics to keep track of how visitors use our Website. We have entered into a processing agreement with Google to make agreements about the handling of our data. Furthermore, we have not allowed Google to use the obtained Analytics information for other Google services. Finally, we have the IP addresses anonymised.

Changes to this Privacy Statement
We reserve the right to make changes to this Privacy Statement. It is advisable to consult this Privacy Statement regularly so that you are aware of these changes.

Supervisory authority: Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
We are happy to help you if you have a complaint about the processing of your personal data. Under the privacy legislation, you also have the right to file a complaint with the national data protection authority against this processing of personal data. Because Doctoronline carries out cross-border data processing, we have designated the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) as supervisory authority.

Data Protection Officer
Doctoronline has appointed a Data Protection Officer (DPO). The DPO is independent and acts as internal supervisor. The DPO ensures that Doctoronline applies and complies with the relevant data protection regulations. If you have any questions about the processing of your personal data, please contact our DPO (Mr B. Teeken) at info@doctoronline.com or call +31 88-235 3035. You can also contact our DPO if you have questions, comments or complaints about this Privacy Statement.