Privacy Policy
Version 3.0
Effective from 12/11/2019.
Privacy policy statement
This privacy statement applies to the website, apps and services available from:
Webdoctor Ltd (www.webdoctor.ie) (Webdoctor)
Email: info@webdoctor.ie
At www.webdoctor.ie we fully respect your privacy and we will not collect any personal information on this website without your consent. It is our priority to protect your data. This is why we have taken the time to describe our information handling practices in detail. Please take the time to review this document, if you find anything that is not clear, please feel free to contact us at info@webdoctor.ie.
Personal Information we collect
Information you provide
We collect personal information from you when you apply for one of the services which we offer, this may be via an online questionnaire, a video consultation, a follow up question, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so that our medical team can make an clinical decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required. We collect your home or shipping address so that depending on the service selected, we can send your prescription or medical certificate or home test kit.
When you purchase a service from us we collect information that includes your payment information, such as your credit or debit card details and other account and authentication information. Any credit card information you provide is collected and processed directly by our payment processor, which is currently Stripe. We will never receive or store your credit card information on our servers. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS). You can view the Stripe Privacy Policy here https://stripe.com/us/checkout/legal.
Should you contact us by any electronic format, including Web Chat, www.webdoctor.ie application messages, phone, email or post or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by www.webdoctor.ie. If you give us your credit card details then we will process payments using Secure Sockets Layer (SSL) security but we will not keep a record of your card details on our servers.
Information we received about you
If you have been referred to a specialised doctor called a consultant, or for diagnostics assessment such as x-rays or laboratory tests or for treatment such as physiotherapy then the report or result from the consultant or diagnostic assessment will be received by our practice team. This information is made available to you via your secure health record on webdoctor.ie.
Device and network information
When you use our apps or website we collect information about the app, browsers and devices that you use to access webdoctor.ie services. The information that we collect may include unique identifiers, browser type and settings, device type and settings, operating system and application version number. We also collect information about the interaction of you and your browsers and devices with our services, including IP address, crash reports, system activity, and the date, time and referrer URL of your request.
Use of Personal Information
We use your personal information (subject to your consent choices) as described below and to provide and support the services described in the Webdoctor terms and conditions.
Provide you with our service
We use the information you provide as part of your online consultation so that our medical team can make an clinical decision if the service (treatment) is safe and suitable for you.
The questions that are asked are based on the latest medical standards both nationally and internationally. The questions are reviewed and updated regularly by our clinical leadership team.
We use the information you provide as input into our clinical decision support system to assist our medical personnel in the decision making process. It should be noted that the decision to determine if the service and associated treatment is safe and suitable for you is decided by our medical team.
Communicate with you
We use the email you provide to alert you of a new message from your doctor. All communication with our team relating to your consultation should be via our secure messaging system and you should always avoid sending medical or personal information via email.
If we need to contact you urgently or you are not responding to email we may use other means such as SMS or telephone calls to contact you regarding your online consultation.
When you contact us, we use this information to respond to you. This may be via web chats, application messages, telephone, email or post or by any other method.
Marketing
If you consent to marketing, we use your information to keep you informed about our service (such as when we release new services or products or run special offers), services you are interested in, general health topics and about exclusive offers. We only contact you with these offers a few times a year and you can always opt-out if you change your mind at any time.
Research and Development
To improve our service and help us make better decisions, we analyse personal data to find improvements and make clinicians aware of risks.
We may from time to time publish anonymised research on aggregate data (you will never be identifiable as we will remove all identity information).
How long do we hold your data (Data Retention Policy)
We store data until it is no longer necessary to provide our services, comply with legislation / guidelines, or until your account is deleted. If you have been treated by our medical personnel we will retain your data for a minimum period based on the following criteria:
- Adult (18 years old and older): eight years after last treatment or death.
- Children and young people: until the patient’s 25th birthday, or 26th if the young person was 17 at the conclusion of treatment, or eight years after the patient’s death.
- Maternity records: 25 years after the birth of the last child.
- Records of a mentally disordered patient: 20 years after last treatment or eight years after death.
- If the data is required for any legal case, we will retain it or make it available for as long as necessary.
- This may, of course change if the law or national guidelines requires it.
Who has access to the information we collect?
We do not share your identifiable personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations.
Webdoctor team
Patient care is team based and access to your information is crucial for your safety and continuity of care. The sharing of information within the Webdoctor team is on a need-to-know basis, depending on the role the member of staff has in your care.
All our staff are bound by confidentiality clause in their contracts. Also, under Medical Council guidance, it is a condition of registration to abide by the guidance set out by the Medical Council, which includes a requirement to respect patient confidentiality.
Disclosure with your consent
Disclosure can be made with your explicit consent. This could be a request from an Insurance company, employer or legal proceedings request but any disclosure must be with, and limited to, the authority provided by you. If this is not forthcoming, no information will be provided.
Disclosure without your consent
Disclosure can be made without your consent in two instances:
- If the disclosure is required by law. For example, when ordered by a judge in a court of law, or by a tribunal or body established by an Act of the Oireachtas.
- If the disclosure is in the public interest. For example, where mandated by infectious disease regulations, or there is a threat of serious harm to yourself or others.
Third Party Services
We require a number of third parties to deliver our service. Without these, we cannot provide you with a service. These include all the companies and services listed:
| Name | Service | Data Controller/ Data Processor | Description | Privacy URL |
|---|---|---|---|---|
| Microsoft | Azure | Data Processor | Cloud based hosting and services | https://privacy.microsoft.com/en-us/privacystatement |
| Amazon | Amazon Web Services (AWS) | Data Processor | Cloud based hosting and services | https://aws.amazon.com/privacy/ |
| Google Analytics | Data Processor | User analytics tracking | https://policies.google.com/privacy | |
| Intercom | Intercom | Data Processor | Customer messaging and engagement | https://www.intercom.com/terms-and-policies#privacy |
| Rapid7 | Logentries | Data Processor | Log management and analytics | https://www.rapid7.com/privacy-policy |
| Fabric | Data Processor | App deployment and analytics | https://policies.google.com/privacy | |
| New Relic | New Relic | Data Processor | Application and server analytics and reporting | https://newrelic.com/termsandconditions/privacy |
| AggSignal | AppSignal | Data Processor | Application and server analytics and reporting | https://appsignal.com/privacy-policy |
| Blueface | Blueface | Data Processor | Telephony services | https://www.blueface.com/privacy-policy/ |
| Twilio | SMS | Data Processor | SMS services | https://www.twilio.com/legal/privacy |
| G Suite | Data Processor | Productivity and collaborations tools | https://policies.google.com/privacy | |
| Interfax | Interfax | Data Processor | Secure faxing services | https://www.interfax.net/en/privacy |
| Sendgrid | Sendgrid | Data Processor | Email delivery service | https://sendgrid.com/policies/privacy/ |
| Freshworks | Freshdesk | Data Processor | Help desk software provider | https://www.freshworks.com/privacy/ |
| Tokbox | Tokbox | Data Processor | Cloud based service provider for video | https://tokbox.com/support/privacy-policy |
| Stripe | Stripe | Data Controller and Processor | Online payment processing | https://stripe.com/ie/privacy |
| MaxMind | MaxMind | Data Processor | IP Geolocation and Online Fraud Prevention | https://www.maxmind.com/en/privacy_policy |
| Wistia | Wistia | Data Processor | Video hosting and analytics provider | https://wistia.com/privacy |
| MedLab Pathology (MLP) | MedLab Pathology (MLP) | Data Processor | Pathology services | http://www.sonichealthcare.ie/about-us/terms-and-conditions.aspx |
| HealthMail | HealthMail secure email | Data Controller | Secure Email | https://www.healthmail.ie/privacy.cfm |
| NVRL | National Virus Reference Laboratory | Data Processor | Pathology services | https://nvrl.ucd.ie/ http://www.ucd.ie/privacy/ |
How is your Information Secured and Protected?
We have technologies and procedures in place to protect your personal information. However, emails you send us are not necessarily secure when they are transmitted to us and we can accept no liability for any loss or damage resulting from emails to www.webdoctor.ie
For every third party service that we use, we have a Data Processing Agreement with that service provider and check that processing complies with the related legislation.
Telephone Recording
We may record telephone calls for training and verification purposes.
Communication with Customers
When you request a prescription from us, you will receive a message to your www.webdoctor.ie account in relation to that prescription and we may contact you by telephone to discuss it further but you will not be added to any marketing list without your consent. No medical information will be sent to your registered personal email address. Only notification of correspondence in your www.webdoctor.ie inbox will be sent to your registered email address.
How to Access and Update your Information?
In line with the Data Protection Acts, you have the right of access to any personal information about you and can export a copy of the data associated with your webdoctor account anytime using the export functionality under your “My Account” feature. This will be in a machine readable format and can be used in other healthcare systems.
You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request (this must include a copy of identification such as a driver’s licence or passport, this is to make sure that your personal information is only updated by you).
Subject access requests must be made in writing and include a copy of identification (such as driver licence or passport, this is to make sure that your personal information is not given to the wrong person) and must be addressed to the Data Protection Officer (see below). All access requests will be processed within one month on receipt of the access request.
Account deactivation, deletion and erasure
If you have not actually used any medical services, when you delete your account, we permanently delete your webdoctor account and all the information associated with this account. Once your account is deleted you will not be able to use our service and if you change your mind you will have to re-register.
The only exception is if you have had a consultation with our medical personnel, in which case we deactivate your account and keep your data for the minimum period as defined under the “Data Retention”. Deactivation of your account means you will not be able to use our service and if you change your mind, you will have to contact support at info@webdoctor.ie to reactivate your account.
Changes to this Statement
We may occasionally update this Privacy Statement. We encourage you to periodically review this Statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of this service constitutes your agreement to this Privacy Statement and any updates.
How to contact Webdoctor with questions
The data controller responsible for your information is Webdoctor Ltd., which you can contact at info@webdoctor.ie (subject “FAO DPO”) or by post at:
Data Protection Officer
Webdoctor Ltd.
20 Knockmeenagh Road
Dublin 22
Ireland
Version 2.0
Effective from 25/05/2018.
Privacy policy statement
This privacy statement applies to the website, apps and services available from:
Webdoctor Ltd (www.webdoctor.ie) (Webdoctor)
Email: info@webdoctor.ie
At www.webdoctor.ie we fully respect your privacy and we will not collect any personal information on this website without your consent. It is our priority to protect your data. This is why we have taken the time to describe our information handling practices in detail. Please take the time to review this document, if you find anything that is not clear, please feel free to contact us at info@webdoctor.ie.
Personal Information we collect
Information you provide
We collect personal information from you when you apply for one of the services which we offer, this may be via an online questionnaire, a video consultation, a follow up question, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so that our medical team can make an clinical decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required. We collect your home or shipping address so that depending on the service selected, we can send your prescription or medical certificate or home test kit.
When you purchase a service from us we collect information that includes your payment information, such as your credit or debit card details and other account and authentication information. Any credit card information you provide is collected and processed directly by our payment processor, which is currently Stripe. We will never receive or store your credit card information on our servers. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS). You can view the Stripe Privacy Policy here https://stripe.com/us/checkout/legal.
Should you contact us by any electronic format, including Web Chat, www.webdoctor.ie application messages, phone, email or post or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by www.webdoctor.ie. If you give us your credit card details then we will process payments using Secure Sockets Layer (SSL) security but we will not keep a record of your card details on our servers.
Information we received about you
If you have been referred to a specialised doctor called a consultant, or for diagnostics assessment such as x-rays or laboratory tests or for treatment such as physiotherapy then the report or result from the consultant or diagnostic assessment will be received by our practice team. This information is made available to you via your secure health record on webdoctor.ie.
Device and network information
When you use our apps or website we collect information about the app, browsers and devices that you use to access webdoctor.ie services. The information that we collect may include unique identifiers, browser type and settings, device type and settings, operating system and application version number. We also collect information about the interaction of you and your browsers and devices with our services, including IP address, crash reports, system activity, and the date, time and referrer URL of your request.
Use of Personal Information
We use your personal information (subject to your consent choices) as described below and to provide and support the services described in the Webdoctor terms and conditions.
Provide you with our service
We use the information you provide as part of your online consultation so that our medical team can make an clinical decision if the service (treatment) is safe and suitable for you.
The questions that are asked are based on the latest medical standards both nationally and internationally. The questions are reviewed and updated regularly by our clinical leadership team.
We use the information you provide as input into our clinical decision support system to assist our medical personnel in the decision making process. It should be noted that the decision to determine if the service and associated treatment is safe and suitable for you is decided by our medical team.
Communicate with you
We use the email you provide to alert you of a new message from your doctor. All communication with our team relating to your consultation should be via our secure messaging system and you should always avoid sending medical or personal information via email.
If we need to contact you urgently or you are not responding to email we may use other means such as SMS or telephone calls to contact you regarding your online consultation.
When you contact us, we use this information to respond to you. This may be via web chats, application messages, telephone, email or post or by any other method.
Marketing
If you consent to marketing, we use your information to keep you informed about our service (such as when we release new services or products or run special offers), services you are interested in, general health topics and about exclusive offers. We only contact you with these offers a few times a year and you can always opt-out if you change your mind at any time.
Research and Development
To improve our service and help us make better decisions, we analyse personal data to find improvements and make clinicians aware of risks.
We may from time to time publish anonymised research on aggregate data (you will never be identifiable as we will remove all identity information).
How long do we hold your data (Data Retention Policy)
We store data until it is no longer necessary to provide our services, comply with legislation / guidelines, or until your account is deleted. If you have been treated by our medical personnel we will retain your data for a minimum period based on the following criteria:
- Adult (18 years old and older): eight years after last treatment or death.
- Children and young people: until the patient’s 25th birthday, or 26th if the young person was 17 at the conclusion of treatment, or eight years after the patient’s death.
- Maternity records: 25 years after the birth of the last child.
- Records of a mentally disordered patient: 20 years after last treatment or eight years after death.
- If the data is required for any legal case, we will retain it or make it available for as long as necessary.
- This may, of course change if the law or national guidelines requires it.
Who has access to the information we collect?
We do not share your identifiable personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations.
Webdoctor team
Patient care is team based and access to your information is crucial for your safety and continuity of care. The sharing of information within the Webdoctor team is on a need-to-know basis, depending on the role the member of staff has in your care.
All our staff are bound by confidentiality clause in their contracts. Also, under Medical Council guidance, it is a condition of registration to abide by the guidance set out by the Medical Council, which includes a requirement to respect patient confidentiality.
Disclosure with your consent
Disclosure can be made with your explicit consent. This could be a request from an Insurance company, employer or legal proceedings request but any disclosure must be with, and limited to, the authority provided by you. If this is not forthcoming, no information will be provided.
Disclosure without your consent
Disclosure can be made without your consent in two instances:
- If the disclosure is required by law. For example, when ordered by a judge in a court of law, or by a tribunal or body established by an Act of the Oireachtas.
- If the disclosure is in the public interest. For example, where mandated by infectious disease regulations, or there is a threat of serious harm to yourself or others.
Third Party Services
We require a number of third parties to deliver our service. Without these, we cannot provide you with a service. These include all the companies and services listed:
| Name | Service | Data Controller/ Data Processor | Description | Privacy URL |
|---|---|---|---|---|
| Microsoft | Azure | Data Processor | Cloud based hosting and services | https://privacy.microsoft.com/en-us/privacystatement |
| Amazon | Amazon Web Services (AWS) | Data Processor | Cloud based hosting and services | https://aws.amazon.com/privacy/ |
| Google Analytics | Data Processor | User analytics tracking | https://policies.google.com/privacy | |
| Intercom | Intercom | Data Processor | Customer messaging and engagement | https://www.intercom.com/terms-and-policies#privacy |
| Rapid7 | Logentries | Data Processor | Log management and analytics | https://www.rapid7.com/privacy-policy |
| Fabric | Data Processor | App deployment and analytics | https://policies.google.com/privacy | |
| New Relic | New Relic | Data Processor | Application and server analytics and reporting | https://newrelic.com/termsandconditions/privacy |
| Blueface | Blueface | Data Processor | Telephony services | https://www.blueface.com/privacy-policy/ |
| Twilio | SMS | Data Processor | SMS services | https://www.twilio.com/legal/privacy |
| G Suite | Data Processor | Productivity and collaborations tools | https://policies.google.com/privacy | |
| Interfax | Interfax | Data Processor | Secure faxing services | https://www.interfax.net/en/privacy |
| Sendgrid | Sendgrid | Data Processor | Email delivery service | https://sendgrid.com/policies/privacy/ |
| Freshworks | Freshdesk | Data Processor | Help desk software provider | https://www.freshworks.com/privacy/ |
| Tokbox | Tokbox | Data Processor | Cloud based service provider for video | https://tokbox.com/support/privacy-policy |
| Stripe | Stripe | Data Controller and Processor | Online payment processing | https://stripe.com/ie/privacy |
| MaxMind | MaxMind | Data Processor | IP Geolocation and Online Fraud Prevention | https://www.maxmind.com/en/privacy_policy |
| Wistia | Wistia | Data Processor | Video hosting and analytics provider | https://wistia.com/privacy |
| MedLab Pathology (MLP) | MedLab Pathology (MLP) | Data Processor | Pathology services | http://www.sonichealthcare.ie/about-us/terms-and-conditions.aspx |
| HealthMail | HealthMail secure email | Data Controller | Secure Email | https://www.healthmail.ie/privacy.cfm |
| NVRL | National Virus Reference Laboratory | Data Processor | Pathology services | https://nvrl.ucd.ie/ http://www.ucd.ie/privacy/ |
How is your Information Secured and Protected?
We have technologies and procedures in place to protect your personal information. However, emails you send us are not necessarily secure when they are transmitted to us and we can accept no liability for any loss or damage resulting from emails to www.webdoctor.ie
For every third party service that we use, we have a Data Processing Agreement with that service provider and check that processing complies with the related legislation.
Telephone Recording
We may record telephone calls for training and verification purposes.
Communication with Customers
When you request a prescription from us, you will receive a message to your www.webdoctor.ie account in relation to that prescription and we may contact you by telephone to discuss it further but you will not be added to any marketing list without your consent. No medical information will be sent to your registered personal email address. Only notification of correspondence in your www.webdoctor.ie inbox will be sent to your registered email address.
How to Access and Update your Information?
In line with the Data Protection Acts, you have the right of access to any personal information about you and can export a copy of the data associated with your webdoctor account anytime using the export functionality under your “My Account” feature. This will be in a machine readable format and can be used in other healthcare systems.
You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request (this must include a copy of identification such as a driver’s licence or passport, this is to make sure that your personal information is only updated by you).
Subject access requests must be made in writing and include a copy of identification (such as driver licence or passport, this is to make sure that your personal information is not given to the wrong person) and must be addressed to the Data Protection Officer (see below). All access requests will be processed within one month on receipt of the access request.
Account deactivation, deletion and erasure
If you have not actually used any medical services, when you delete your account, we permanently delete your webdoctor account and all the information associated with this account. Once your account is deleted you will not be able to use our service and if you change your mind you will have to re-register.
The only exception is if you have had a consultation with our medical personnel, in which case we deactivate your account and keep your data for the minimum period as defined under the “Data Retention”. Deactivation of your account means you will not be able to use our service and if you change your mind, you will have to contact support at info@webdoctor.ie to reactivate your account.
Changes to this Statement
We may occasionally update this Privacy Statement. We encourage you to periodically review this Statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of this service constitutes your agreement to this Privacy Statement and any updates.
How to contact Webdoctor with questions
The data controller responsible for your information is Webdoctor Ltd., which you can contact at info@webdoctor.ie (subject “FAO DPO”) or by post at:
Data Protection Officer
Webdoctor Ltd.
20 Knockmeenagh Road
Dublin 22
Ireland
Version 1.0
Effective up to 24/05/2018.
Privacy policy statement
This privacy statement applies to the website of:
Webdoctor Ltd (www.webdoctor.ie)
Email: info@webdoctor.ie
At www.webdoctor.ie we fully respect your privacy and we will not collect any personal information on this website without your consent. It is our priority to protect your data. This is why we have taken the time to disclose our information collection practices and our privacy policy. Please take the time to review this document.
Consent
By registering on www.webdoctor.ie and giving your personal data to us, you indicate your explicit consent for us, and those organisations directly involved in delivering our service, to collect, use, store, disclose and otherwise process your personal data in accordance with the terms set out in this policy.
Personal Information we collect
We collect personal information from you when you apply for one of the treatments which we offer. It is necessary for us to collect sensitive data (such as medical information) relating to you. Should you contact us by any electronic format, including Web Chat, www.webdoctor.ie application messages, phone, email or post or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by www.webdoctor.ie. If you give us your credit card details then we will process payments using Secure Sockets Layer (SSL) security but we will not keep a record of your card details on our servers.
Use of Personal Information
We use your Personal Information to administer the prescriptions and services we supply to you and to communicate with you to fulfill your requested service to the best of our ability and perform website traffic analytics and occasionally for market research. You will be given the option at the time of conducting market research of not participating in such market research.
Who has access to the information we collect?
www.webdoctor.ie does not share your personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations.
How is your Information Secured and Protected?
We have technologies and procedures in place to protect your personal information. However, emails you send us are not necessarily secure when they are transmitted to us and we can accept no liability for any loss or damage resulting from emails to www.webdoctor.ie
Telephone Recording
We may record telephone calls for training and verification purposes.
Communication with Customers
When you request a prescription from us, you will receive a message to your www.webdoctor.ie account in relation to that prescription and we may contact you by telephone to discuss it further but you will not be added to any marketing list without your consent. No medical information will be sent to your registered personal email address. Only notification of correspondence in your www.webdoctor.ie inbox will be sent to your registered email address.
How to Access and Update your Information?
In line with the Data Protection Acts 1988 and 2003, you have the right of access to any Personal Information about you which we hold by sending in a signed written request to: webdoctor Data Manager, webdoctor.ie, 20 Knockmeenagh Road, Clondalkin, Dublin 22. A fee may be charged for this (€6.35). To ensure that www.webdoctor.ie satisfies itself about the identity of the person making the request so it does not disclose personal data to a party who is not entitled to it under the Data Protection Acts, the person making the request will need to provide www.webdoctor.ie with their name, address(es), date of birth and any customer information numbers that they have along with a copy of their photo identification. You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request.
Changes to this Statement
We may occasionally update this Privacy Statement. We encourage you to periodically review this Statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of this service constitutes your agreement to this Privacy Statement and any updates.