Privacy Policy - dr-online.net
This page contains general information about how we process the personal data of individuals who visit the DR-ONLINE platform (https://dr-online.net/) for the purpose of using our services or for any other purposes.
Our aim is to process your data in full compliance with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’), as well as any other applicable legislation on the territory of Romania. For the sake of transparency, we have prepared this document to inform you about how we collect, use, transfer, and protect your personal data. For any unclear aspects regarding the information provided, you can interact with us both within and outside the web application, using the contact details in the corresponding section.
We reserve the right to update and modify this Privacy Policy whenever necessary, to reflect both changes in the way we process your personal data and changes in legal requirements.
Please check periodically the content displayed on this page to be up-to-date with the latest version of the Privacy Policy.
DEFINITIONS
Dr-Online Platform – Web or native mobile application consisting of software that can be accessed both in the iOS and Android operating systems, which provides the Platform’s Services and, respectively, the Services of the Medical Service Providers, as defined in the Terms and Conditions document.
References to the Platform in this document also include the Website and the Application, as defined below.
- Website – The web site https://dr-online.net through which the Dr-Online Platform can be accessed via a web browser.
- Application – The totality of functionalities of the Dr-Online Platform available through a native application for mobile phones.
- Platform Administrator or Website Administrator – Dr-Online services LLC, identified by the Unique Identification Number 47466563, registered at the Trade Register under number J40/827/2023, headquartered in Bucharest, Plane Street No. 26, Sector 1.
- Contract – The contract concluded between the User and the Provider, according to the Terms and Conditions of the Platform.
- Medical Service Providers – Entities authorized to provide medical or similar services, which can become Partner Clients of the Dr-Online Services Platform and, subsequently, provide their services to individuals enrolled in the Platform (having the status of User Clients).
APPLICABILITY
This policy refers to the data processing activities that are likely to identify, directly or indirectly, an individual when visiting our site and when using our services – hereinafter referred to as the “DATA SUBJECT”.
This Policy addresses the following categories of data subjects:
- Partner Clients – include persons who wish to enter into or have entered into a contractual relationship with us and are legal entities or individuals conducting their activities within a profession (e.g., authorized individuals, liberal professions, ), as well as any potential Partner Client; this category includes former Partner Clients, as well as any client of an entity or business we acquire or control.
- User Clients – include individuals who enroll in the Platform, use the services of Partner Clients made available through our platform, and, if applicable, make a payment to one of our Partner Clients; this category also includes former User Clients;
- Client Representatives – include individuals acting as legal or, if applicable, conventional representatives, as well as contact persons within potential, current, or former Clients, as applicable;
- Users – include individuals interacting with our platform without being a Client, such as: a) employees of a Partner Client who benefit from our services as a result of contracting our services by the Partner Client, b) another individual benefiting from our services through a User Client, c) or any individual browsing the Dr-Online Platform or accessing or interacting in any other way with our pages on social media platforms.
When using payment processing services within the Dr-Online Platform, the data processing conditions of the card payment processing service provider will also apply.
RESPONSIBLE ENTITY
The entity responsible for processing personal data collected during interactions with the Dr-Online Platform is the Website Administrator, DOCTOR ONLINE SERVICES LLC, identified by the Unique Identification Number 43697859, registered at the Trade Register under number J40/2180/2021, headquartered in Bucharest, Calea Moșilor, No. 158, Office 2A, Sc. B, Floor 2, Sector 2, which acts as the owner and administrator of the Dr-Online Platform, accessible at the internet address https://dr-online.net.
Our company has designated a Data Protection Officer (DPO), who can be contacted at gdpr@dr-online.net.
WHAT IS GDPR
GDPR has been a constant in our activities since 25.05.2018 and is the English acronym for “General Data Protection Regulation,” which refers to REGULATION (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
In Romania, certain provisions of the GDPR have been implemented through Law 190/2018 and through certain decisions adopted by the National Authority for the Supervision of Personal Data Processing (“ANSPDCP”).
The GDPR updates the principles established two decades ago by Directive 95/46/EC, which ceased to apply upon the entry into force of the GDPR.
Unlike previous legislation, the GDPR emphasizes the rights of the individual whose data is being processed, such as the right to be informed about the operations through which personal data is processed, what data is processed, on what basis it is processed, for what duration it is stored, and under what conditions it can be accessed/deleted/rectified, etc.
The GDPR is not limited to just the ‘right to be forgotten’. The right to delete personal data is not absolute and cannot be exercised at any time; it depends on the specific circumstances in which the data was collected, the purpose of the collection, and the basis on which it was collected. More information about how we keep personal data and under what conditions it can be deleted can be found in the sections below.
Our company continuously strives to update the platform to implement the latest standards of data security and confidentiality.
FROM WHAT SOURCES WE OBTAIN PERSONAL DATA
We process personal data obtained through various channels:
- Personal data provided directly by the person concerned when interacting with the Dr-Online Platform and when using our services;
- Data provided by our Partner Clients;
- Data transmitted by our partner providers.
- We may also collect personal data when our website is accessed. Our website automatically collects certain information and stores it in log files.
This information may include internet protocol (IP) addresses, the general region or location where the user’s computer or device accesses the internet, browser type, operating system, and other usage information about the website, including a history of the pages viewed. Our website may use cookies and similar technologies, which will be explained in detail in the Cookie Policy.
WHAT PERSONAL DATA WE PROCESS. THE PURPOSES AND LEGAL BASES FOR PROCESSING
When you interact with the Dr-Online Platform and use certain features it offers, we may process the following categories of personal data:
6.1. For the purpose of creating and using a Partner Client account
To open and use a Partner Client account on the Dr-Online Platform, we will ask for certain personal data regarding the representative or owner of the legal entity that will benefit from our services, based on our legitimate interest to conduct our business activities and for the purpose of managing the contractual relationship.
Depending on the type of services provided by the Partner Client to User Clients, the categories of personal data we collect include:
- Identification data: We process names, details from the identity document, signature, tax identification data, and registration number issued by authorities or similar unique identifiers in the case of an individual conducting a regulated professional activity.
- Contact data: We process the phone number and email address provided at the time of opening the account on the Dr-Online Platform, as well as during the use of our services.
- Qualification data: For example, we process details about the profession or position held, registration number in relevant professional registers (if applicable) in cases where you act as a representative or service provider of the Partner Client.
- Connection data: We process location, IP address, device, operating system, and internet browser used.
- Authentication data: We process passwords and security information used for authentication and access to accounts and services.
Data regarding fraudulent/potentially fraudulent activity carried out using our platform: We process data related to suspicions of fraud or other illegal uses of the services we provide.
We will use personal data for the following purposes:
- Precontractual eligibility checks: Before concluding a contract, we will perform certain checks to ensure that the individuals requesting our services are eligible to use them.
- Provision of our services: We will use the contact data provided to send notifications regarding the outcome of activities carried out through the Dr-Online Platform.
- Communications: We will use the contact data provided to send notifications regarding the availability of our services or other elements related to the use of the service (security notifications, various legal notifications, etc.).
- Customer support: We use personal data to investigate, resolve, and respond to complaints or claims regarding the use of the service.
- Our own accounting records: We will use the personal data provided when issuing invoices for our services and to contact you regarding the sending of invoices.
- Service development: We use data, including feedback received through various channels, to conduct research and development activities to improve our services and reduce the risk of fraud.
We process personal data based on the following legal grounds:
- Conclusion and execution of a contract for the use of our services.
- Compliance with our legal obligations (such as client knowledge legislation, tax and accounting legislation, etc.).
- Our legitimate interest in ensuring the quality of our services and the technical capacity of our platform.
6.2. For the purpose of creating and using a User Client account
For accessing and using the services of Partner Clients available through the Dr-Online Platform, it is necessary for individuals to create and use User Client accounts, in which case we will request and collect certain personal data from User Clients.
Depending on the type of services used by User Clients, the categories of personal data we collect include:
- Identification data: We process names and tax identification numbers (Personal Numeric Code). In the profile information section, other types of data such as date of birth, gender, height, weight, and locality can be stored. These data provide a minimal context that we offer to medical service providers (Partner Clients of the Platform) only if the User Client has given their consent.
- Contact data: We process the phone number and email address indicated at the time of opening the account on the Dr-Online Platform, as well as during the use of our services.
Data regarding the used services and, where applicable, paid services: We process the date of using a service, the type of service, the duration of use, and the amount paid. If a service for which a sum has been paid in advance is not used, the method of refunding the money is described in the Terms and Conditions document.
- Health data: We only process data for which the User Client has agreed to provide text information or documents uploaded to the Platform, and subsequently consents to be provided to certain Partner Clients (Medical Service Providers) for the purpose of rendering their services. The data and documents provided by a User Client are not used for purposes other than those expressly indicated by them.
- Connection data: We process location, IP address, device, operating system, and Internet browser used.
- Authentication data: We process passwords and security information used for authentication and access to accounts and services.
- Data regarding fraudulent/potentially fraudulent activity carried out using our platform: We process data related to suspicions of fraud or other illegal uses of the services we provide.
We will use personal data for the following purposes:
- Provision of our services: We will use the contact data provided to send notifications regarding the outcome of activities carried out through the Dr-Online Platform.
- Provision of services to Partner Clients (Medical Service Providers): We will use the contact data provided to connect you with Partner Clients, Medical Service Providers, for whose services you request. Also, subject to the express condition of obtaining your prior consent, to provide health data and documents as you have provided in the Dr-Online Platform, we will provide such data to that Partner Client (Medical Service Provider) indicated by you. Any eventual withdrawal of the Partner Client’s access to the data provided by you is possible through a simple action through the Dr-Online Platform by which you withdraw such access and, where applicable, delete the documents and data uploaded to the Platform.
- Communications: We will use the contact data provided to send notifications regarding the availability of our services or other elements related to the use of the service (security notifications, various legal notifications, etc.).
- Customer support: We use personal data to investigate, resolve, and respond to complaints or claims regarding the use of the service.
- Our own accounting records: We will use the personal data provided when issuing invoices for the services of Partner Clients, for whom we have been mandated to issue invoices and collect on their behalf, and to contact you regarding the sending of invoices.
- Service development: We use data, including feedback received through various channels, to conduct research and development activities to improve our services and reduce the risk of fraud.
We process personal data based on the following legal grounds:
- Execution of our service contract to each of the Partner Clients whose services a User Client wishes to use.
- Execution of our service contract to the User Client, following their acceptance of the applicable Terms and Conditions.
- Compliance with our legal obligations (such as client knowledge legislation, tax and accounting legislation, etc.).
- Our legitimate interest in ensuring the quality of our services and the technical capacity of our platform.
IN WHAT CAPACITY WE PROCESS PERSONAL DATA
DISCLOSURE OF DATA TO THIRD PARTIES
- when requested by the subject or with their consent;
- disclosure to persons who can demonstrate that they hold the legal authority to act on behalf of the subject;
- if it is in our legitimate interest to do so to administer, expand, or develop the commercial activity (e.g., if DR-ONLINE SERVICES SRL, or a substantial part of its assets, is acquired by a third party, in which case the personal data held by DR-ONLINE SERVICES SRL will constitute part of the transferred assets);
- if we have an obligation to disclose personal data to comply with a legal obligation or a request from the authorities.
DATA SECURITY
DATA STORAGE
DATA TRANSFER
- Decisions published by the European Commission regarding countries considered to provide an adequate level of protection of personal data;
- The EU-US Privacy Shield international agreement for data transfers between the EU and the United States;
- In the case of countries not explicitly approved by the EU on the basis of international agreements or adequacy conditions, we will ensure that there is an appropriate agreement regarding data transfer, in accordance with the standard contractual clauses approved by the European Commission.
RIGHTS OF DATA SUBJECTS
- Access to data: Data subjects may request information about the personal data we hold about them, including information about the categories of data we hold or control, what they are used for, the duration of processing, and to whom these data are disclosed, if applicable. We will provide a copy of the personal data, upon request. In certain situations, we may charge a reasonable fee for providing the data, based on our administrative costs.
- Rectification of data: Data subjects may request us to correct information we process about them if it is incorrect or incomplete.
- Restriction of processing: This right can be exercised when:
- The data subject disputes the accuracy of the data in question;
- The data subject claims that data processing is unlawful, without requesting the deletion of data;
- The data is no longer needed for the original purpose, but cannot be deleted as the data subject requests them for establishing or exercising legal claims;
- The data subject objects to processing while we verify whether our legitimate reasons prevail.
- The personal data are no longer necessary for the purposes for which they were collected or processed;
- The data subject withdraws consent on which the processing is based;
- The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
- The personal data have been unlawfully processed;
- The personal data must be erased for compliance with a legal obligation;
- The personal data have been collected in relation to the offer of information society services to minors.
- Objection to processing: In certain situations, data subjects may request the cessation of processing of their personal data, provided that the processing is not based on the consent of the person, but on our legitimate interests or those of a third party. In this case, we will no longer process personal data unless we can demonstrate compelling legitimate grounds for processing that override the interests or for the establishment, exercise, or defense of legal claims.
- Data portability: Data subjects may request to whom their personal data should be transmitted, under certain conditions set by the GDPR, when the basis of processing is the execution of a contract with the data subject or the consent of the data subject.
- Right to petition: If data subjects have a grievance, we are open to remedying the situation. If we cannot, the data subject can always address the National Authority for the Supervision of Personal Data Processing (ANSPDCP) – more details in the dedicated section below.
- More information about the rights of a data subject according to the GDPR, when an organization collects and uses data about them, can be found on the website of the European Commission.
REQUESTS
Any data subject may contact our Data Protection Officer (DPO) at gdpr@dr-online.net if they wish to make a request regarding their personal data rights in the context of their interaction with the DR-ONLINE platform.
We will respond to the request within a period of up to one month, which may be extended by up to another two months for specific reasons related to the rights exercised or the complexity of the request. In all cases, if this period is extended, we will inform the data subject about the duration of the extension and the reasons that led to it.
In some cases, we may not be able to identify personal data in our records based on the identification elements provided in the request. In such cases, we will request additional information, without which we will not be able to proceed with the request.
National Supervisory Authority (ANSPDCP)
For more information about the processing of personal data, you can directly access the website of the National Authority for Supervision of Personal Data Processing – we recommend that you review the following dedicated sections:
Detailed information about the GDPR and guidelines/recommendations for application;
Frequently asked questions.
If you wish to file a complaint with the ANSPDCP, you can use this form .
UPDATES
DOCTOR ONLINE SERVICES SRL reserves the right to modify and update the content of this website at any time, without prior notice. Therefore, we kindly ask you to visit this page periodically to check the applicable conditions.