This privacy statement was last modified on December 12, 2019.
This privacy statement describes how eMedvertise N.V., trading under the name Dokteronline, a limited liability company based in Willemstad, Curaçao (Kingdom of the Netherlands), at Mahaaiweg 6 (registered in the Trade Register under number 108686), collects and processes your (special) personal data.
Privacy-sensitive data, or personal data, are processed via Dokteronline. Dokteronline considers the careful handling of personal data to be of great importance. Personal data is, therefore, carefully processed and secured by us.
Despite the fact that Dokteronline is located outside the European Union, we adhere to the (applicable) European privacy legislation when processing personal data. This means, among other things, that:
- we clearly state the purposes and bases based on which we process personal data in this privacy statement;
- we restrict the collection of personal data to only the personal data necessary for legitimate purposes;
- we first ask you for explicit permission to process your personal data in cases where your consent is required;
- we take appropriate security measures to protect your personal data and also requirements of parties that process personal data at our request;
- we respect your right to provide your personal data for inspection and have your personal data corrected, deleted or transferred at your request, as well as your right to object to the processing of your personal data and your right to restrict the processing of your personal data.
Dokteronline is responsible for the data processing. In this privacy statement, we explain which personal data we collect and use and for what purpose. We advise you to read this statement carefully.
Personal data and processing purposes
We collect and process the following data:
Data provided by you.
This applies to information you provide when you fill in forms on our website, cms.dokteronline (‘website’), or when you contact us by telephone, email or other means. For example, the information you provide when you register for our newsletter, create an account, place an order, contact our customer service or participate in other (interactive) functions on our website. The processed data may include your name, address, email address, telephone number, financial and/or credit card details, date of birth and gender.
- This data is used among other things for the following purposes:
- Granting access to the website and your personal account on the website;
- Creating an account, providing services and communicating with you;
- Informing you (digitally) if required about eHealth issues and related topics;
- Informing you of changes in our service or the services provided by the doctors and/or pharmacies;
- Organising, handling and checking the order that you have provided to us. If necessary, carrying out an ID check.
Special personal data provided by you.
This applies to information you provide when you fill in forms on our website or contact us by telephone, email or other means. Special personal data is also provided when you fill in the medical questionnaire. Special personal data includes data relating to health, medical history, sex life and/or sexual orientation.
- This data is used among other things for the following purposes:
- Enabling independent doctors to whom we have access to provide you with an online consultation on request;
- Enabling independent pharmacies to which we have access to sell and deliver certain medical products on request.
Information that we collect about you.
This applies to the data that we collect about you when you visit our website. Where necessary, this is only done after you have consented to this, for example through accepting cookies. The information collected includes technical data, such as your IP address, login details, browser type and version, the type and version of the browser plugin, operating system and platform, and information related to your visit, such as the pages visited on our website (including duration, date and time), viewed products, page interaction information (e.g. scrolling, clicking, mouse-overs) and the telephone number that is used to call our customer services.
- This data is used among other things for the following purposes:
- Managing our website and for internal activities, such as problem solving, data analyses, tests, research, and statistical and research purposes;
- Improving our website, which includes presenting the website’s content in the most effective way for you and your computer;
- Enabling the use of the interactive functions of our website and/or service;
- Ensuring the security of our website;
- Providing you with relevant information and measuring its effectiveness;
- Providing suggestions and recommendations to you and other users of our website about products or services that could be of interest.
Information that we receive from other sources.
This applies to information that we receive about you from selected third parties (e.g. business partners, partners in the field of technical, payment and distribution services, advertising networks, analyses providers, search data providers, ID check providers, credit reference agencies).
This data is used among other things for the following purposes:
Linking this information to the data provided by you and the data that we collect about you. This information and the combined data can be used for the above-mentioned purposes.
Bases of data processing
We collect and process your personal data in the context of the realisation and/or execution of your order with Dokteronline, the fulfilment of a legal obligation (e.g. verifying your identity), to safeguard a vital interest of you and/or a legitimate business interest of us. If the above-mentioned bases do not apply, we will ask for your free and explicit consent to process your data. We always ask for permission to process special personal data.
Provision to third parties
We provide your personal data to third parties (‘processors’) and companies affiliated to Dokteronline to organise, direct and monitor rights and obligations, including services and payments arising from the agreement concluded with you. We have concluded agreements with the aforementioned third parties, in which we ensure that the further processing of personal data by these third parties also complies with the applicable privacy legislation. In addition, Dokteronline provides your personal data to other third parties; often for marketing purposes. We only do this with your explicit consent.
The doctors and pharmacies to whom we have access perform their work independently of Dokteronline and without Dokteronline being in any way responsible for the nature and/or quality of the services and/or products delivered. For the purpose of requested online consultations and/or products, Dokteronline collects your (medical) personal data for the doctors and/or pharmacies. This data is located on a secure platform from Dokteronline. Employees of Dokteronline do not have access to this medical information. Your personal data and medication history data are only accessible to these physicians and pharmacies, who are independently responsible for the data processing. We have made agreements with these doctors and pharmacies to guarantee your privacy rights. Your medical data will not be disclosed to any third party.
We offer a newsletter with which we want to inform interested parties about eHealth in the broad sense and/or our services. You can subscribe to this newsletter on our website. The newsletter may contain information specifically targeted at you (for example through ‘profiling’). Each newsletter contains a link with which you can unsubscribe.
By using our services, your email address is automatically added to a contact list so that we can send a service message by email in the context of a concluded agreement (an ‘order’) regarding the status of an order and adjustments and incidents with regard to our website or our services. We may also provide you with information related to orders placed with us. You can unsubscribe from these services messages via the unsubscribe link that each service message contains.
We do not publish your (personal) data.
Transfer to countries outside the EU
Dokteronline has a worldwide technical infrastructure. Although Dokteronline tries to avoid this as much as possible, your (personal) data may be transferred to companies that are located outside the European Union. Dokteronline will, however, demand that these companies take appropriate measures to ensure that your data is protected as well as possible.
Identity (ID) check
Klarna payment method
Klarna is a payment method. Klarna may perform a credit check, for which personal data is processed. The details of Klarna are: Klarna Bank AB, registration number 556737-0431, Sveavägen 46, 111 34 Stockholm, Sweden.
- We take security measures to limit abuse of and unauthorised access to personal data. In particular, we take the following measures:
- Access to personal data is protected with a username and password;
- The data is stored after receipt in a separate, protected system;
- We take physical measures for access protection of the systems in which personal data is stored;
- Our (technical) equipment and infrastructure suppliers comply with applicable ISO standards, such as ISO-27002;
We use secure connections (Secure Sockets Layer or SSL) which protects all information between you and our website when you enter personal data.
Retention periods and account deletion
The personal data described above is retained as long as your account has an active status. Your account – including the associated personal data – will be deleted by Dokteronline if you have not logged in for four years here, or after four years after your last order via Dokteronline. Certain personal data will, however, be kept longer if there is a legal obligation to do so (such as the fiscal retention of at least seven years for payment data and at least 15 years for medical data).
Access, correction and deletion of your data
If you wish, Dokteronline can provide you with an overview of your personal data that is known to us (Article 15 of the GDPR). Most of this data can be viewed through your My Dokteronline account. If this information proves to be incorrect or incomplete, we will correct or complete this information at your request (Article 16 of the GDPR).
You also have the right to have your personal data erased (‘right to be forgotten’ – Article 17 of the GDPR). In that case, your account and all associated personal data – to the extent permitted by law – will be permanently deleted or anonymised.
Right to restriction of processing
If you have informed us that your personal data is inaccurate or incomplete, you may request that we restrict the processing for as long as we are processing your request (Article 18 of the GDPR). You may also request that we restrict the processing of your data if you are of the opinion that we are processing your data unlawfully or that we no longer need your personal data for the purpose of processing, or if you have objected to the processing thereof. After we receive your request for restriction we will only process your data after we have obtained your permission or for important reasons (such as judicial proceedings).
You are entitled to data portability. This means that you have the right to receive the personal data you have provided to us in a usable form (Article 20 of the GDPR). Dokteronline will send your data in XML format.
Right to object
If you do not agree with a certain processing of your data – including, for example, the automated processing of your personal data (‘profiling’) for direct marketing purposes – you can object to this at any time (Article 21 of the GDPR).
Right to withdraw previously given consent
If you have given us permission for the processing of your personal data, you can withdraw this consent at any time (Article 13(2)(c) of the GDPR). You can also withdraw your consent for the sending of marketing messages or object to this.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the relevant supervisory authority (Article 77 of the GDPR). For Dokteronline this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can lodge a complaint about the manner in which we process your personal data. Of course, you can always submit your complaint to us first. If you have a complaint you can contact our Data Protection Officer.
You can exercise your above rights and any other rights that you have under the applicable privacy laws by sending a request to [email protected] We will respond to your request as soon as possible; in any case within four weeks or respond to otherwise.
You can also exercise your right to be forgotten and your right to data portability through your My Dokteronline account
If you have any questions you can also contact our Data Protection officer, whose contact details are at the end of this privacy statement.
Reporting of incidents, security incidents and data leaks
If, despite of the protective measures taken, your personal data is breached or we suspect it may be breached, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) thereof. If the personal data breach is likely to have adverse consequences for you, we will communicate this to you as soon as possible. Dokteronline has an internal procedure in place for dealing with such incidents.
Third party websites
This privacy statement does not apply to websites of third parties that are connected to our website by means of links. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We encourage you to read the privacy statement of these websites before using these websites.
We use Google Analytics to keep track of how visitors use our website. We have concluded an agreement with Google to make agreements about the handling of our data. Furthermore, we have not allowed Google to use the obtained Analytics information for other Google services. Finally, we will anonymise the IP addresses.
Changes to this privacy statement
We reserve the right to make changes to this privacy statement. It is advisable to consult this privacy statement regularly so that you are aware of these changes.
Leading supervisor: Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
We are, of course, happy to help you if you have complaints about the processing of your personal data. Under the privacy legislation, you also have the right to file a complaint with the national privacy regulator against this processing of personal data. Because Dokteronline carries out cross-border data processing, we have designated the Dutch privacy regulator as the leading supervisor. This is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Data Protection Officer
Dokteronline has appointed a Data Protection Officer (DPO). The DPO is independent and acts as internal supervisor. The DPO ensures that Dokteronline applies and complies with the relevant data protection regulations. If you have any questions about the processing of your personal data, please contact our Data Protection Officer (Mr J. Stienstra) at [email protected] or call +31 88-235 3035. You can also contact our DPO if you have questions, comments or complaints about this privacy statement.