PRIVACY POLICY
Owner of the Application website and related services
For the purposes of the data protection laws of the European Union, in particular the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of the natural persons with whom our technical leadership team is based are the data controllers of your personal data.
Strategic decisions regarding the purposes and means of processing patients' personal data are always made by our team in the offices of:
Pharmamedic World Ltd (Pharmamedic)
98 Otter Close E15 2PX London
Owner contact email:
Website and application information
This website and applications offer a service for booking medical visits, health care, video consultation, online sales of products, services through coupons and books.
Introduction
The protection of privacy and the legitimate use of personal data are a top priority for Pharmamedic (“we” or “Pharmamedic”). We are committed to ensuring your privacy. This Privacy Policy ("Policy") explains how we collect, use, store and disclose your personal data, within our website (the "Site"), the mobile application (the "App"), the platform for specialists and clinics (the "Platform") and the provision of any other service connected to them (collectively, the "Services";). We suggest that you read this Policy carefully before using the Services or the Site, and / or opening an account on the Platform ("Account").
Pharmamedic reserves the right to change this from time to time Information, especially if the changes are due to changes in our operating procedures, or to legislative or regulatory changes.
Information applicable to all users
What kind of personal data we collect and use, for what purposes and on what legal basis
The nature of the personal data we collect and use, as well as the purposes of the processing and the related legal bases on which the processing is based, depend on the type of user and the different use of the Platform, of the Site, the App or the Services by the latter. In particular
if you are a patient or a user of our Site or App looking for information on specialists in the medical-health field or who uses one or more of our Services, the provisions of Section II of this Notice apply;
if you are a doctor or health professional who uses the Platform and the Services in a professional capacity, and you have registered on the Platform by creating your Account (a "Registered Professional"),
If Pharmamedic processes your personal data based on its legitimate interest pursuant to art. 6.1 (f) of the GDPR, Pharmamedic will have carried out a test on the balance of its interests with your fundamental rights, in order to ensure that the latter are not harmed or endangered by the exercise of our legitimate interest. Remember that you can always contact us to express your opposition to the processing carried out by us (see paragraph “What are your rights regarding the processing of personal data”, below).
Sharing your data with third parties
We never share your data with third parties or external suppliers
If you are a patient and you use the Medical Record in the authorization phase of a professional or a facility you must give consent by signing an online authorization that you can see summarized on the page Security System
Except in the cases mentioned above, we will not transfer your personal information to third parties without your consent.
What are your rights regarding the processing of personal data
Pursuant to the GDPR, and regardless of the type of use of the Platform and the Services made by you, you have the following rights:
• you have the right to be informed about the processing of your personal data
• you have the right to:
1. request a copy of the personal data we process; o to delete (if you believe we have no right to keep them) or to rectify (if you believe they are inaccurate) your personal data;
2. oppose, and therefore limit, the processing of your data by us (in which case, you will have access only to those features of the Services that do not require the type of processing you objected to);
3. revoke any consent to the processing of data previously given by you (the withdrawal of consent does not affect the legitimacy of the treatments put in place before the revocation itself, or on the basis of legal conditions other than consent);
4. you have the right to lodge a complaint (by contacting us preferably in the manner indicated in the "Contacts" section of this Notice) or, if your complaint is not satisfactorily resolved by us, the Guarantor Authority for the Protection of Personal Data (reachable through the website www.garanteprivacy.it/) if you believe that we are processing your personal data in a manner contrary to the law;
Our goal is to ensure that the information we hold about you is always accurate. To help us keep your information up to date, you will need to take care to notify us of any changes to your personal data. Following a report or request from you, we will ensure that your personal data in our possession is accurate and up-to-date.
Automated decisions and profiling
We do not resort to processing of personal data that result in decisions based entirely and solely on the automated processing of your personal data. We do not use any profiling system or tool to process your data, nor fully automated decision-making processes based on your personal data.
Links to other websites
Our Site and our App contain links only to share posts in our social section with other social networks through “social” buttons. Through our exclusive system Pay Per Share .
Once transferred to another platform, the user is subject to the terms and conditions of the latter (including the relevant privacy policy and underlying practices). We invite you to consult the conditions of service and the related privacy policies or policies applicable to these platforms, before sharing your personal data with them.
How we protect your data
Pharmamedic adopts security measures of a technical, physical, electronic, operational and administrative nature, adequate to protect your personal data from unauthorized access. We follow industry accepted standards to protect personal information provided to us, both during transmission and after receipt: for example, periodic Platform security testing, segmentation and data access control within the organization, and use of techniques or encryption.
All communications, even if via the internet, are always processed in the SYSTEM INSIDE THE PLATFORM and no external platforms are used unless the user explicitly requests them. Our constant commitment in order to ensure maximum protection of your personal data, Pharmamedic can guarantee the security of your data in the act of transmitting them to our Site, App or Platform, especially if the transmission takes place in a secure manner. Security System
Section dedicated to users of the Platform (patients)
If you are a patient or a user of our Site or App looking for information on professionals or facilities in the medical-health sector, this section applies to you.
What personal data we process; how we collect them; for what purposes, and on what legal basis, do we process them
Account creation and registration for the use of our Services
Account creation and registration for the use of our Services
Our Services allow you, among other things, to: book visits, send messages and / or communicate in chat with specialists, save your personal information in your Pharmamedic Account, and publish your opinion on your experience during the visit on the Site. You can also check the history of your visits, and manage your Account.
From your User Account in the App, you can manage automatic and system notifications (for example, pop-up windows). < br />
When you register to use our Services, or book a visit or an appointment, you accept the Terms of Service by clicking in the relevant box. The need, on our part, to execute the obligations of providing these Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR
Use of the Services
Reservations:
When you book a visit or appointment with a specialist or clinic, or when you request a diagnostic test , through the Site or the App, we will obtain further personal data from you, including for example:
• date and time of the visit,
• reason and type of visit / appointment, exam or test you are requesting,
• any additional information that you decide to share (for example: responses to questionnaires; further instructions for the specialist; description of symptoms) during the appointment booking process.
We do not store this data at the platform but we will pass them on to the specialist or clinic. After transmitting your personal data, the specialist or clinic will become independent data controllers, for purposes determined by them (for example, to provide you with their medical services). Such processing will be subject to the specialist's or clinic's personal data processing and retention policy.
Furthermore, we may send you (via telephone message or e-mail) a communication confirming the booking, and / or a reminder before the date of the visit; and we will notify you in case of cancellation. After the visit, we may contact you to ask you to write a review of your experience on the Site. Before the visit, the specialist may decide to send you, through the Platform, a questionnaire about your symptoms and the reason for your visit. Answering the questionnaire is optional, but will help the specialist prepare for the visit. The specialist will send you the questionnaire, and only he will receive the answers, unless you expressly consent to the storage of your answers within your Pharmamedic account, for future review or use by you.
The need, on our part, to execute the conditions of service and to allow you to access the Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR.
Write a review or public question
When you decide to publish a review on the Site relating to your experience with a specialist or a medical facility, or post a question intended for professionals on the Platform, we may collect some of your personal data (for example, if you include identifying data, and / or describe the reason for your visit or details about your medical history). For this reason, we will ask for your consent to the processing of health data. The processing of health-related personal data on the basis of consent complies with Article 9.2 (a) of the GDPR.
Remember that your reviews will be made public. We advise you not to enter any information of a private or sensitive nature, as what you publish will be visible to all users of the Site.
Communications
As a user of the Services with your own Account, you will receive communications from us relating to topics that may be of interest to you (that is, strictly connected to the Services you use): for example, communications relating to new features, new products, additional or ancillary Services, promotions, news and other topics relating to the Services or news regarding initiatives that may be of interest to you.
The legal basis for sending such communications (via telephone message or e-mail) is the legitimate interest pursuant to Article 6.1 (f) of the GDPR. Nevertheless, since these are communications of a potentially commercial nature, you will always have the right to object to the receipt, in which case we will stop contacting you, except for (a) service communications sent by your doctor through our Platform relating to visits or appointments. booked by you through the Platform (for example reminders, cancellations, requests from the specialist, invitations to review), which come from your doctor (who uses our Services) and not from us (see Section II (D) of this Information "We also act as" data processors "on behalf of specialists and clinics"); and / or (b) other service communications, of a non-commercial nature relating to your Account or the Services (for example: changes to contractual conditions, malfunction notifications, messages of a legal or regulatory nature).
Other data and purpose of processing
As part of the use of the Site, the App or the Platform, we may obtain other types of data, including, for example: information relating to your device (computer or mobile phone), IP address, time zone and language, or the browser you use. We will also collect information relating to the timing, methods and duration of use of the Services by you (first and last use, duration of the session in the Account). If you use the App, we may also obtain your location data via GPS (you will always have the option to disable this feature directly on your mobile device).
We will process these data sets of a technical nature (the "Metadata") for:
• respond to, and defend against, any complaints (yours or third parties) relating to the Services and your use of the same, and / or
• manage and plan our business activities (for example, how our users will use our Services in the future and estimate trends on their needs and preferences). In this case, in most cases the data used will be anonymized (for example, the way you browse our website), but in some cases the data, when read together with other data, could reveal your identity. br />
We process this information on the basis of our legitimate interests, which constitute a legal basis for the processing of personal data pursuant to Article 6.1 (f) of the GDPR. Remember that you will have the right to object to the processing of this data at any time.
Do we process data relating to your health status?
In some of the following cases:
• when you book a visit or an appointment with a specialist or clinic using the Platform,
• if you choose to save your personal data in your Account,
• if you write a review on the Site that includes personal health data,
• if you use features or services similar to those listed above,
You will never have to provide your personal data relating to your state of health, which are deserving of specific protection under the GDPR. You can do it with Pharmamedic in maximum security through the Medical Record and directly with the professionals or facilities you have authorized access by signing the consent
Your consent is, in this case, necessary to be able to use the aforementioned Services; in fact, we could not provide them to you without being able to process these data. The processing of your health data on the basis of your consent complies with Article 9.2 (a) of the GDPR. You can withdraw your consent at any time, in which case we will not be able to continue to provide you with the Services for which the sharing of such data is necessary.
Is it possible to provide personal data of other people?
If you book a visit or appointment on behalf of another person (for example, for a minor family member), you authorize us to collect that person's personal data. We will process your personal data for the same purposes for which we process yours, applying the same policies and security measures.
We also act as "data processors" on behalf of specialists and clinics
We provide various services to doctors and clinics. Our Services allow our clients' doctors and clinics, among others, to upload and save patient personal data, patient visit information and information regarding their health status. They also allow them to send communications and text messages or emails to patients via our Platform and to manage their work commitments.
When we process your data on the instruction of the doctor or clinic of our client you contacted (and not because you used our Services directly or created an Account with us), and your patient data is transmitted to us by the latter, we simply act as data controllers (pursuant to Article 28 of the GDPR), in the name and on behalf of our customers, and always and only on the basis of their instructions and indications; never for our own independent purposes.
This also applies to specialists and clinics who send you messages of heads, emails, advertising campaigns or similar communications through our platform: it is they, and not us, who decide whether to send them to you or not. We do not take responsibility for these communications, nor for the processing of your personal data by specialists or clinics or for the existence of an adequate legal basis for the same.
If you do not wish to receive such messages, or want to exercise your rights regarding your personal data processed by your specialist or clinic, we suggest that you contact the doctor or clinic that sent you the message asking them not to be contacted.
Retention and deletion of your data
Regarding the personal data you provide pursuant to sections II (A), (B), and (C) above, which we process as "data controllers" ( under the GDPR) on the basis of our direct relationship with you, we will keep them in our systems only for as long as necessary for the purposes indicated above or as necessary to comply with the legal obligations to which we are subject.
The period in which we keep your data will vary depending on the type of information and the purposes for which we use it. Generally, we will keep our records for up to 6 years after the end of your relationship with us, to comply with our legal obligations. For more information, see the following table:
Sharing your data with third parties
In addition to the cases illustrated in this Notice, when you book a visit or an appointment with a professional or medical facility using the Platform, or when you communicate your data to them through the Platform (such as, for example, in the context of a chat, a private conversation or the completion of a pre-visit questionnaire), with your consent we will transmit your personal data to them in order to be able to provide you with the Services requested by you. Your consent is, in this case, necessary to be able to complete the booking and intermediation services between you and the professional or the structure; in fact, without this data, we cannot provide you with these Services.
Once your data has been received from us, the professional or the structure will become independent controllers of the processing of your personal data, for their own purposes and distinct from those identified in this Notice (for example, for treatment purposes, or in order to comply their contractual obligations towards you if you decide to use their services).
Section dedicated to health professionals registered on the Platform
If you are a doctor or health professional who uses the Platform and the Services in a professional capacity, and you have registered on the Platform by creating your Account (a "Registered Professional"), the following predictions.
What personal data we process; how we collect them; for what purposes, and on what legal basis, do we process them
Account creation, registration on the Platform and use of the Services
You provide us with your data when you register on the Platform (creating your Account) and start using our Services, and / or when you enter into the Service Agreement. Alternatively, we may have obtained your personal data from the clinic or facility you work for or at, in the event that the latter entered into a Service Agreement (in which case, your data was disclosed to us under the sole responsibility of said structure; you will therefore have to contact the latter to oppose the processing or withdraw consent to the sharing of your personal data with us).
At the time of registration on the Platform, or the activation of your TERMINAL by you or by the structure you work for, we will collect data relating to your professional activities and other useful information for the creation of your Account and your profile on the Platform, which will be visible to users. The information provided may include or relate to, inter alia:
• your name and surname,
• the address where you carry out your professional activity,
• your email address and / or your telephone number used to carry out your professional activity;
• your education and specialization and the medical sector or type of health activity or type of disease you deal with,
• your professional license number (the one that allows you to carry out medical-health activities),
• your image,
• your patients' opinions or reviews about their experience with you, and
If you have activated the TERMINAL you have enabled the booking calendar and / or the telemedicine function or other paid features on the Platform, we will ask you to provide us with further information necessary for the provision of our Services, for example: reception hours; payment methods accepted by you; information relating to the organization of visits.
As part of the Services, and with the purpose of giving your profile more visibility on the Platform, we may include your professional information, your name and surname, your specialization and your address in some search engines (including Google or Google My Business) and online maps (including Google Maps). You can always object to this type of use, simply by communicating your opposition to us. You will have the ability to manage your profile on this platform directly and independently, and decide which personal data will be published.
When (a) you register on the Platform to use our Services, and therefore accept the Terms of Service by activating the TERMINAL a legally binding contract is produced by you or by the facility for or in which you work. The need, on our part, to execute the obligations of this contract and to allow (you or the healthcare facility) to access the Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR.
If you (or the structure for or in which you work) has activated the TERMINAL, further information relating to the processing of your personal data, and of the personal data of third parties that you may provide to us in the context of the use of the Services, can be found in TERMS AND CONDITIONS OF THE TERMINAL
Communications
As a Registered Professional our client, you will receive communications from us relating to topics that may be of interest to you (that is, strictly connected to the Services you use): for example, communications relating to new features, new products, additional or ancillary Services, promotions, news and other topics related to the Services or news regarding initiatives that may be of interest to you.
The legal basis for sending such communications (via telephone message or e-mail) is the legitimate interest pursuant to Article 6.1 (f) of the GDPR. Nevertheless, since these are communications of a potentially commercial nature, you will always have the right to object to the receipt, in which case we will stop contacting you, except for communications of a non-commercial nature relating to your Account, the Services or the TERMS AND CONDITIONS OF THE TERMINAL ( for example: changes to contractual conditions, notifications of malfunctions, messages of a legal or regulatory nature).
Other data and purpose of processing
As part of your use of the Services, we may obtain other types of data, including, for example: information about your device (computer or mobile phone), IP address, time zone time and language, or the browser you use. We will also collect information on the timing, methods and duration of use of the Services by you (first and last use, duration of the session in the Account).
We will process these data sets of a technical nature (the "Metadata") for:
• respond to, and defend against, any complaints (yours or third parties) relating to the Services and your use of the same, and / or
• manage and plan our business activities (for example, how our customers will use our Services in the future and estimate trends on their needs and preferences). In this case, in most cases the data used will be anonymized (for example, the way you browse our website), but in some cases the data, when read together with other data, could reveal your identity. br />
We process this information on the basis of our legitimate interests, which constitute a legal basis for the processing of personal data pursuant to Article 6.1 (f) of the GDPR. Remember that you will have the right to object to the processing of this data at any time.
Retention and deletion of your data
With regard to the personal data you provide when registering on the Platform or as part of the provision of the Services, which we treat as "data controllers" (pursuant to the GDPR ) based on our relationship with you, we will keep them in our systems only for as long as necessary for the purposes outlined above or as necessary to comply with legal obligations to which we are subject.
Facebook permissions required by this application
This Application may require certain Facebook permissions that allow it to perform actions with the User's Facebook account and to collect information, including Personal Data, from it. This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook Inc. For more information on the following permissions, refer to the Facebook permissions documentation and the Facebook privacy policy.
The required permissions are as follows:
Basic information
The basic information of the User registered on Facebook which normally includes the following Data: id, name, image, gender and language of the position and, in some cases, "Friends" of Facebook. If the User has made further Data publicly available, they will be available.
E-mail
Provides access to the User's primary email address.
Authorizations to access the Personal Data present on the User's device
Depending on the specific device used by the User, this Application may require some permissions to access the User Data present on the device as described below.
Such permissions must be provided by the User before any information can be processed. Following the release, the authorization can be revoked by the User at any time. In order to revoke the permissions, the User can use the system settings or contact the Owner at the addresses indicated in this document.
The procedure for checking permissions may vary depending on the device and software used by the User.
Please consider that the revocation of one or more permissions may have consequences on the correct functioning of this Application. In the event that the User grants the permissions indicated below, the related Personal Data may be subject to processing (access, modification or removal) by this Application.
Social media account authorization
Used to access the User's social media accounts such as, for example, Facebook and Twitter.
Camera authorization
Used to access the camera or capture images and videos from the device.
Contact authorization
Used to access the address book and device profiles, allows the modification of their contents.
Other data and purpose of processing
Used to access the address book and device profiles, allows editing of their contents.
Permission Approximate location (continued)
Permission Approximate location (continued)
Microphone authorization
Microphone permission
Advertising
This type of service allows the User Data to be used for marketing communication purposes. These communications are displayed in the form of banners and other forms of advertising, also related to the User's interest.
This does not mean that all Personal Data is used for this purpose. Data and conditions of use are shown below. Some of the following services may use Tracking Tools to identify the User or use the behavioral retargeting technique, or display personalized advertisements based on the User's interests and behavior, also detected outside this Application. For more information on this, we suggest you check the privacy policies of the respective services.
In general, services of this type offer the possibility to disable such tracking. In addition to any opt-out functions provided by any of the services listed in this document, the User can read more information on how to disable interest-based ads in the appropriate section "How to disable interest-based advertising" in this document.
AdMob
AdMob is an advertising service provided by Google LLC or Google Ireland Limited, depending on where this Application is used.
To understand Google's use of data, please see Google's Partner Policy.
Personal data processed: cookies; Usage data; unique device identifiers for advertising (Google advertiser ID or IDFA identifier, for example).
Place of processing: United States - Privacy Policy - Deactivation; Ireland - Privacy Policy.
Google Ad Manager
Google Ad Manager is an advertising service provided by Google LLC or Google Ireland Limited, depending on where this Application is used, with which the Owner can conduct advertising campaigns jointly with external advertising networks with to which the Owner, unless otherwise specified in this document, has no direct relationship.
Users who do not wish to be tracked by the different advertising networks can use Youronlinechoices. For an understanding of Google's use of data, see Google's Partner Policy.
This service uses the "DoubleClick" Cookie, which tracks the use of this Application and the User's behavior in relation to the advertisements, products and services offered.
The User can decide at any time to disable all DoubleClick cookies by going to: Ads settings.
Depending on what is indicated below, the registration and authentication services can be provided with the help of third parties. In this case, this Application may access some Data stored by the third party service used for registration or identification. Some of the following services may also collect Personal Data for targeting and profiling purposes; for more information, refer to the description of each service.
Google OAuth
Google OAuth is a registration and authentication service provided by Google LLC or Google Ireland Limited, depending on where this Application is used, and connected to the Google network.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States - Privacy Policy; Ireland - Privacy Policy.
Twitter OAuth (Twitter, Inc.)
Twitter Oauth is a registration and authentication service provided by Twitter, Inc. and connected to the Twitter social network.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States - Privacy Policy.
Facebook authentication
Facebook authentication is a registration and authentication service provided by Facebook, Inc. or Facebook Ireland Ltd, depending on where this Application is used, and connected to the Facebook social network.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States - Privacy Policy; Ireland - Privacy Policy.
Information on how to opt out of interest-based advertising
In addition to any opt-out function provided by any of the services listed in this document, Users may benefit from information about YourOnlineChoices (EU), The Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. With these services it is possible to manage the tracking preferences of most advertising tools.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
The Data Controller therefore advises Users to use these resources in addition to the information provided here.
AppChoices which helps users control behavioral advertising on mobile applications.
The Owner, therefore, advises Users to use these resources in addition to the information provided here.
Users can also opt out of certain advertising features via their device settings, such as mobile device advertising settings or ad settings in general.
Defense in court
The User's Personal Data may be used by the Owner in court or in the stages leading to its eventual establishment for the defense against abuse in the use of this Application or related Services by the User.
The User declares to be aware that the Owner may be obliged to communicate the Data by order of public authorities.
Specific Disclosure
At the request of the User, in addition to the information contained in this privacy policy, this Application may provide the User with further and contextual information regarding specific Services, or the collection and processing of Personal Data.
System logs and maintenance
System and maintenance logs >
Information not contained in this policy
Further information may be requested in relation to the processing of Personal Data at any time by the Data Controller using the contact details.
Respond to "Do Not Track" Requests
Our Application does not support "Do Not Track" requests. To find out if any third party services used support them, the User is invited to consult the respective privacy policies.
Modifiche alla presente privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, on the Application as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details available to them. Please therefore consult this page frequently, referring to the date of the last modification indicated at the bottom.
If the changes affect a treatment whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
Interested
The natural person to whom the Personal Data refers.
Owner (or Manager)
The natural person, legal person, public administration and any other body that processes Personal Data on behalf of the Data Controller, as set out in this privacy policy.
Owner (or Owner)
The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, therein including the security measures relating to the operation and use of the web or the Application. The Data Controller, unless otherwise specified, is the Owner of the Application.
Our Application
The hardware or software tool through which the Personal Data of Users are collected and processed.
Service
The Service provided by our Application as defined in the relative terms (if any) on this site / application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document is understood to be extended to all current Member States of the European Union and the European Economic Area.
Legal references
This privacy statement is drawn up on the basis of multiple legislative orders, including articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this privacy policy only covers this Application.
Privacy Policy