Data processing information note

Data protection for registered users

Your privacy is one of our fundamental commitments, and therefore, we take utmost care to process your personal data in accordance with the principles set forth in the applicable legislation, including without limitation the General Data Protection Regulation no. 679/2016 (“GDPR”). We recognize the importance of maintaining the confidentiality, integrity and security of your personal information ("Personal Data")and have written this privacy policy (“Policy”) to explain how your Personal Data is collected, stored, used and disclosed by DOCLINK SRL,a company incorporated under the Romanian law, having its headquarters at 124D Prelungirea Ghencea street, lot 2/2, 6 ^th, floor, apartment 88, district 6, registered with the Trade Registry with no. J40 / 4017/2019, sole identification number 40850680 ("Doclink", "Us"),as a data controller, with respect to (i) your access to and use of our web platform, heymedica.com platform which aims at connecting users with medical providers across the European Union („heymedica.com platform”), and (ii) the access to, and use of the content of the heymedica.com platform including of the following services: (a) a search-engine to connect them with medical providers across the European Union; (b) a tool for real-time appointments with medical providers across the European Union; (c) a tool for storing medical history and share this data with medical providers registered on the platform; (d) a tool to receive updates in connection with your health condition (e.g. biometrics, body mass index, cardiovascular risks, lifestyle indicator (“Services”).

Each time we are required by the applicable law or, otherwise, want to use this legal basis, we will request your free, informed, specific and unequivocal consent for the processing of your Personal Data. By expressing your consent, you agree that we may collect, use, reveal, process and transfer your Personal Data in accordance with this Policy.

We reserve the right to amend the provisions of this Policy from time to time. If we make changes to this Policy, we will make the updated version available on the heymedica.com platform and we will update the & quot; Last updated ”date. We will also inform you on the changes that have occurred, to ensure that you are aware of how we use your Personal Data. Any amendments to this Policy will apply on the date that they are made, with the exception of changes which require your prior consent, and which will apply as of the moment when you express such consent.

For the avoidance of any doubt, we are not obliged to inform you, by using the contact details associated with your account on the heymedica.com platform, in respect to any and all of the changes to this Policy.

1.            APPLICABILITY

This Policy applies strictly to the processing of Personal Data carried out by Doclink as a data controller.

2.             CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING, AND LEGAL GROUNDS

1.            FOR ANONYMOUS USERS

When visiting our website without creating an account we may process the following data: IP address, session data and search history, operating system, device model. This data is used solely to improve our platform and services.

Also, please refer to our Cookie policy here

 

2.             FOR REGISTERED USERS

   1. 2.1           Registration on our heymedica.com platform

1. Registration directly on our heymedica.com platform

On our heymedica.com platform you can register and create an account. In this case, we will need your first and last name, email address and phone number.

When you create an account on our heymedica.com platform, we will validate your phone number. For this purpose, Doclink will verify the contact details by sending a verification code to the phone number.

 

 

2. Registration and log in with Facebook, LinkedIn or Google accounts

On our heymedica.com platform, you also have the possibility to register with your Facebook, LinkedIn or Google accounts.

Facebook Login

The heymedica.com platform offers you the possibility to register using your Facebook access. Before registering, you are led to a Facebook page where you can log in using your Facebook username and password. As a consequence, the heymedica.com platform will be connected to your Facebook profile. The connection automatically causes the heymedica.com platform to receive from Facebook the information you agreed to Facebook ID, email, first name, last name, profile picture, likes. This information will be processed by us in order to offer you the possibility of creating the account and to the extent necessary to identify you in the context of the features offered by the heymedica.com platform and to offer you the various features on our heymedica. com platform.

We are not responsible for the processing by Facebook of your Personal Data. For further information about Facebookâ & # x20AC; & # x2122; s privacy settings, please refer to Facebookâ & # x20AC; & # x2122; s privacy policy.

LinkedIn Login

The heymedica.com platform also offers you the possibility to register using your LinkedIn access. Before registering, you are led to a LinkedIn page where you can log in using your LinkedIn username and password. As a consequence, the heymedica.com platform will be connected to your LinkedIn profile. The connection automatically causes the heymedica.com platform to receive from LinkedIn the information you agreed to LinkedIn ID, email, first name, last name, profile picture. This information will be processed by us in order to offer you the possibility of creating the account and to the extent necessary to identify you in the context of the features offered by the heymedica.com platform and to offer you the various features on our heymedica. com platform.

We are not responsible for the processing by LinkedIn of your Personal Data. For further information about LinkedIn’s privacy settings, please refer to LinkedIn’s privacy policy.

Google Login

The heymedica.com platform also offers you the possibility to register using your Google access. Before registering, you are led to a Google page where you can log in using your Google username and password. As a consequence, the heymedica.com platform will be connected to your Google profile. The connection automatically causes the heymedica.com platform to receive from Google the information you agreed to email, first name, last name, profile picture. This information will be processed by us in order to offer you the possibility of creating the account and to the extent necessary to identify you in the context of the features offered by the heymedica.com platform and to offer you the various features on our heymedica. com platform.

We are not responsible for the processing by Google of your Personal Data. For further information about Google’s privacy settings, please refer to Google’s privacy policy.

2. 1. 2.2             Contractual notifications

During the provision of our services, we will use your email address and your phone number to notify you of any changes in the Terms of the heymedica.com platform and in connection with any other issues related to the performance of the contract between you and Doclink .

• 2. 2.3             Contact

You can contact us using the support form. In this case, in general, we will process the following Personal Data: first name, last name, email, phone and any other information you voluntarily provide when you contact us.

2. 3. 2.4             Analytical data

When using our heymedica.com platform, we process certain information regarding your activity in order to analyze the use of our heymedica.com platform. Such information includes, for example, your navigation.

This information is not collected in order to be associated to identified persons. However, insofar such information leads to the identification of a user, the provisions of this Policy shall become applicable.

2. 4. 2.5             Personal data provided upon consent

In order to benefit from the Services (ie to receive updates in connection with your health condition), the following personal data shall be processed only if we have your consent: gender, date of birth, blood type, blood Rh, height, weight, marriage status, level of activity, cigarette and alcohol consumption, diet type, level of happiness, allergies, dental issues, hereditary illnesses, family illness history, chronic diseases, chronic diseases treatments and medical appointment information and dates.

You may freely give your consent after creating an account on the heymedica.com platform by ticking the relevant boxes for the above-mentioned personal data within the heymedica.com platform. We will process only the data for which you have granted your consent.

2. 5. 2.6             Personal data for statistical purposes

We will process the personal data provided by you on the heymedica.com platform for creating medical statistics by compiling aggregated data into relevant anonymous statistics publicly available on the heymedica.com platform.

All personal data that are processed for statistical purposes will be anonymized, as follows:

All data in contained in the Anonymized data column shall not contain any element that would lead to your identification.

The anonymized data is used to generate statistics that are publicly available on the heymedica.com platform. The purpose of the statistics is to provide an overview of the overall state of health in a given geographical area.

 

3.            FAILURE TO PROVIDE PERSONAL DATA

You may refuse to provide certain Personal Data (indicated above) but, in such a case, you may not be able to benefit from certain heymedica.com platform Services and features, including, but not limited to, the creation of a user account or contacting you to solve your problem and to provide support.

4.             PROCESSING PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST

When we process on the lawful basis of legitimate interest, we undergo by the following tests to determine whether it is appropriate:

•             The purpose test – is there a legitimate interest behind the processing?

•             Necessity test – is the processing necessary for that purpose?

•             Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?

For more information on how we process the Personal Data on the lawful basis of legitimate interest, please contact us at dpo@heymedica.com.

5.             AUTOMATIC PROCESSING OF PERSONAL DATA

Your Personal Data will not be processed for making decisions based solely on automatic processing that would result in legal effects concerning you or could similarly significantly affect you.

6.             STORAGE PERIOD

As a rule, we will process your Personal Data during the existence of your account on our heymedica.com platform.

Personal Data collected based on your consent will be processed until the date of withdrawal of the consent.

We will retain your personal information for as long as it is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7.             TRANSFER OF PERSONAL DATA

Your Personal Data is filed and stored on the servers of our contractual partners that are helping us to provide our services to you.

We may transfer Personal Data, as far as necessary, to the following categories of recipients:

•             contractual partners;

•             companies offering IT services;

•             public authorities, courts of law or arbitral tribunals, and authorities competent to investigate criminal offense.

8.             SECURITY

The security of your Personal Data is important to us. Your Personal Data will therefore be processed taking reasonable technical and organizational measures to protect Personal Data, such as limiting access to Personal Data, encryption or anonymization of Personal Data, storage on secure environments. However, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented, and therefore we cannot guarantee the security of Personal Data at any time.

9.             RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA

1. 9.1           Your rights

You have the following rights in connection with the processing of your Personal Data :

Access right: You have the right to obtain from us confirmation that your Personal Data is processed by us, as well as information on the specific processing, such as: the purposes of processing, categories of processed Personal Data, recipients of Personal Data, the period for which Personal Data is stored, if we transfer the Personal Data abroad and how we protect it, your rights, the right to lodge a complaint before the supervisory authority, the source of your Personal Data.

Right to rectification: You have the possibility to request rectification of your Personal Data, provided that the heymedica.com platform applicable legal requirements are met. In the event of errors, after notification, we will immediately correct your Personal Data.

Right to erasure: In certain cases, you have the possibility to request the deletion of Personal Data, namely when: (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based according and where there is no other legal ground for the processing; (iii) you exercise the right to object to the processing; (iv) the Personal Data have been unlawfully processed. We are not obliged to comply with your request when the processing is necessary (among others) for compliance with a legal obligation or for the establishment, exercise or defense of legal claims. There are also other circumstances in which we are not obliged to comply with this request for the deletion of Personal Data.

Restriction of processing: You may request us to restrict the processing of your Personal Data in the following circumstances: (i) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy of the Personal Data; (ii) the processing is unlawful and then you oppose to the erasure of the Personal Data and request the restriction of their use instead; (iii) we no longer need the Personal Data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;(iv) you have objected to processing, pending the verification whether our legitimate grounds override yours. However, we can continue to process your Personal Data(i) when you consent; (ii) for the establishment, exercise or defense of legal claims or (iii) for the protection of the rights of another natural or legal person.

Right to data portability: Insofar the Personal Data is processed based on your consent or on the execution of the agreement and the processing is carried out by automated means, you have the right to have your Personal Data provided to you in a structured format, which is currently used and can be read automatically and you have the right to request us to transfer this Personal Data to another controller. This right shall not adversely affect the rights and freedoms of others.

Right to opposition: In certain situations, such as when we process your Personal Data on the basis of a legitimate interest, you have the right to object to the processing of your Personal Data by us. In the event of unjustified objection, Doclink is entitled to continue processing Personal Data.

Withdrawal of consent: Insofar you consented to the processing of your Personal Data, you can at all times withdraw your consent, without affecting the lawfulness of processing based on consent before its withdrawal.

Right not to be subject to any automatic individual decisions: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Such right cannot be exercised when the decision:(i) is necessary for entering into, or performance of, a contract between you and us; (ii) is authorized by law which lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (iii) is based on your explicit consent.

Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with The National Supervisory Authority for Personal Data Processing (“DPA”)in relation to any breach of your rights regarding the processing of your Personal Data. The contact details of the DPA are: 28-30 Gheorghe Magheru Boulevard, District 1, Postal Code 010336, Bucharest, Romania; e-mail: anspdcp@dataprotection.ro

The full list of data protection authorities in the European Union: https://edpb.europa.eu/about-edpb/board/members_en

9. 2. 9.2           How to exercise your rights

Rights can be exercised directly on our heymedica.com platform.

In addition, to learn more about the manner in which you may exercise the aforementioned rights, please contact us at dpo@heymedica.com

Identity verification: We take utmost care of the confidentiality of all Personal Data and we reserve the right to verify your identity if you make a request in relation to your Personal Data.

Fees: As a rule, you can exercise your rights free of charge. However, we reserve the right to request a reasonable fee if your claims are manifestly unfounded or excessive, in particular because of their repetitive nature.

Response Time: We make every effort to respond to your request within one month of receiving the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests, in which case we will inform you of any such extension and of the reasons for the delay.

10.             CONTACT

If you have any questions or concerns about this Policy or its implementation, you may contact us at dpo@heymedica.com