Privacy notice

We provide a RemoteDoc website which connects patients with doctors remotely. In providing this service we receive and process your personal data through the website. We are a controller of your personal data jointly with the hospitals using our service, therefore we understand the importance of an appropriate use and protection of your personal data. The Privacy notice is developed in accordance with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter – GDPR).

Contents

  1. Terms used in the Privacy notice
  2. About the processing of your personal data
  3. Principles of your personal data processing
  4. Recipients and cross-border transfers of your personal data
  5. How do we protect your data
  6. Cookies and Web Analysis
  7. Your rights as a data subject
  8. Updates of this Privacy notice

1. Terms used in the Privacy notice

Personal data – any information relating to a natural person (data subject). For example, first name, last name, e-mail address, phone number, an online identifier, data concerning health, etc.

Data concerning health – personal data related to the physical or mental health of a natural person, including information on the provision of medical services, which reveal information about his or her health status.

Processing – any operation or set of operations which is performed on personal data, such as collection, storage, use, disclosure by transmission, erasure or destruction, etc.

Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Cross-border transfer of personal data – transferring of personal data onto the territory of a foreign state.

Cookies – a small piece of data sent by a website server and stored on your device. It is used to store certain data about you, for example, any settings and preferences.

2. About the processing of your personal data

Patients Doctors Visitors of the website
What data do we process?
name, e-mail address, age, sex, data relating health last name, first name, e-mail address, diploma cookies
What data do we process?
to inform you about your health status to provide a service of the appointment for remote consultations to provide a functional and user-friendly website, track statistics and advertising
What legal grounds do we use?
explicit consent contract consent

We can process your data relating health as a patient while pre-screening process (answering the chatbot questions via landbot.io service). Based on your answers though a chatbot, we can receive the information about you (your name, age and sex) as well as your health status, for example, if you are fatigue, if you have a fever, cough, dyspnea, rhinorrhea, sore throat, malaise, diarrhea, headache, hyposmia, dysgeusia, COVID risk travel, COVID case contact, chronic diseases, any further symptoms, if you smoke or not, etc.

After scheduling a virtual appointment, a patient and a doctor have a virtual meeting via Google Hangouts.

1. On processing personal data of children

Our service is not intended for children (under 16 years old).

2. On automated personal data processing

The algorithms of our service provide probabilistic risk scoring of the patient health condition utilizing Bayesian networks which use data provided by the patient answering the chatbot questions.

3. Principles of your personal data processing

When processing personal data we adhere to the following principles:

  1. We process personal data lawfully, fairly and in a transparent manner. The legal basis for processing may be: an explicit consent, a contract, a consent. We provide transparent information about the processing of personal data in this Privacy notice.
  2. We collect personal data for specified, explicit and legitimate purposes. We process your personal data only to achieve the processing purposes and do not use the personal data you provide for purposes other than collection purposes.
  3. We process personal data, which is adequate, relevant and limited in relation to the stated purposes. We collect the minimum amount of personal data necessary to achieve processing purposes.
  4. We ensure accuracy and keep personal data up to date. We take the necessary measures to delete or update incomplete or inaccurate personal data.
  5. We keep personal data in a form, which permits identification of you for no longer than it is necessary for the purposes for which the personal data are processed. We ensure the timely erasure of your data and do not store them after achieving processing purposes.
  6. We ensure appropriate security (integrity, confidentiality and availability) of the personal data. We apply the necessary organisational and technical measures.

4. Recipients and cross-border transfers of your personal data

We can share your personal data with the following recipients:

  1. Hospitals using the application (the location depends on the hospital you are virtually visiting). Doctors can access your personal data in order to provide you remote consultations.
  2. Third parties providing us a platform for a chatbot, for a scheduling of virtual appointments, a CRM system for registration of the doctors and organising access to the patients’ data, and a platform for hosting our website.

When providing your personal data to third parties, we request them a confirmation of the security measures taken to protect your personal data.

5. How do we protect your data

The data is always transmitted using strong in-transit encryption standards (SSL/TLS certificates) and through secure connections. Your personal data are deleted as soon as the purposes of processing are achieved.

To protect your personal data we perform the following activities:

  1. we evaluate the risks of personal data processing and take measures to ensure the security of your data;
  2. we carry out assessments of the harm that may be caused to you in case of violation of the requirements for processing of your personal data;
  3. we take appropriate security measures to protect you from risks of discrimination, data theft, reputation damage, breach of the confidentiality of your data;
  4. we organized the process of receipt and processing control of your requests.

6. Cookies and Web Analysis

1. Cookies

This site uses the following categories of cookies:

  1. necessary cookies to ensure a secure and stable functionality of the website. These cookies do not collect information that identifies visitor of the website, but collect general information (the type and version of your browser, operating system, the website from which you came, the webpages on our site visited, the date and time of your visit, as well as the IP-address from which you visited our site);
  2. analytics cookies to optimize its performance and to improve the user experience on the website;
  3. statistic cookies to track statistics of the visiting our website;
  4. advertising cookies to select advertising based on what’s relevant to a visitor and to avoid showing ads the visitor has already seen.

You can manage cookies, which are placed on your devices (tablet, smartphone, PC, etc.): delete cookies, set permissions for them. See the browser manual for further instructions on cookie settings.

2. Web Analysis

Our website uses the following analytical services:

  1. Google Analytics;
  2. Facebook pixel;
  3. Hotjar;
  4. Hubspot.

Google Inc., Facebook Inc., Hotjar Ltd. and HubSpot Inc. analyse on our behalf how you interact with our website in order to assess the effectiveness of the website, improve its functionality and create quality content for you.

The Privacy policies of our partners can be found here:

  1. Google Inc. – https://policies.google.com/privacy?hl=en;
  2. Facebook Inc. – https://www.facebook.com/privacy/explanation;
  3. Hotjar Ltd. – https://www.hotjar.com/legal/policies/privacy/;
  4. HubSpot Inc. – https://legal.hubspot.com/privacy-policy.

7. Your rights as a data subject

We guarantee you free of charge the following rights under the GDPR in relation to your personal data:

  1. right to withdraw consent to the processing of your personal data, with the subsequent erasure of your personal data by us (Article 7 of the GDPR);
  2. right of transparent communication and information (Article 12 of the GDPR);
  3. right to information (Article 13, 14 of the GDPR);
  4. right of access to the personal data (Article 15 of the GDPR);
  5. right to rectification of inaccurate personal data (Article 16 of the GDPR);
  6. right to erasure (right to be forgotten) (Article 17 of the GDPR);
  7. right to restriction of processing (Article 18 of the GDPR);
  8. right to transmit your personal data to another controller (Article 20 of the GDPR);
  9. right to object the processing of your personal data (Article 21 of the GDPR);
  10. right to not be a subject of automated individual decision-making, including profiling (Article 22 of the GDPR);
  11. right to lodge a complaint with a supervisory authority (Article 77 of the GDPR).

To exercise these rights, you need to contact the person responsible for personal data processing at the address info@iriscan.net. We will process your request and respond to it within one month upon the receipt of the request.

8. Updates of this Privacy notice

We can change this Privacy notice at any time. We recommend you to occasionally review this page for the latest information regarding your personal data processing.