Privacy statement

This privacy statement was last modified on March 18, 2019.

This privacy statement describes how eMedvertise N.V., trading under the name Dokteronline.com, a limited liability company based in Willemstad, Curaçao (Kingdom of the Netherlands) at Mahaaiweg 6, (registered in the Trade Register under number 108686), collects and processes your (special) personal data.

Introduction


Privacy-sensitive data, or personal data, are processed via Dokteronline.com. Dokteronline.com considers the careful handling of personal data to be of great importance. Personal data is, therefore, carefully processed and secured by us.

Despite the fact that Dokteronline.com is located outside the European Union, we adhere to the (applicable) European privacy legislation when processing personal data. This means, among other things, that:

• we clearly state the purposes and bases based on which we process personal data in this privacy statement;
• we restrict the collection of personal data to only the personal data necessary for legitimate purposes;
• we first ask you for explicit permission to process your personal data in cases where your consent is required;
• we take appropriate security measures to protect your personal data and also requirements of parties that process personal data at our request;
• we respect your right to provide your personal data for inspection and have your personal data corrected, deleted or transferred at your request, as well as your right to object to the processing of your personal data and your right to restrict the processing of your personal data.

Dokteronline.com is responsible for the data processing. In this privacy statement, we explain which personal data we collect and use and for what purpose. We advise you to read this statement carefully.

Personal data that we process


We may collect information when you register for our newsletter, create an account, place an order, contact our customer service or participate in other (interactive) functions on our website. This collected data may be personal data. We keep and use the personal data provided by you directly, as part of the service requested, or which is clearly stating that it has been given to us to process.

We use the following data for the purposes mentioned in this privacy statement:

• Name and address data
• Phone number
• Invoice and/or delivery address
• E-mail address
• Payment details (bank account number)
• Sex
• Date of birth
• Technical data such as an IP address
• Medical data

Purposes and bases of data processing


We collect and process your personal data for the following purposes:
• Granting access to your personal account on the website (www.dokteronline.com);
• Creating an account, providing services and communicating with you;
• Informing you (digitally) if required about eHealth issues and related topics;
• Organising, handling and checking the order that you have provided to us;
• Enabling independent doctors to whom we have access to provide you with an online consultation on request;
• Enabling the independent pharmacies to which we have access to sell and deliver certain medical products on request;
• Carrying out an identity check;
• Carrying out analyses and research to improve our services and website;
• Determining your (browsing, searching and/or buying) behaviour when visiting or using our website in order to provide you with targeted information ('profiling').

The aforementioned is done on the basis of free and specific consent, unless this is not required because the data processing takes place in the context of the realisation and/or execution of an agreement, the fulfilment of a legal obligation, to safeguard a vital interest of you and/or a legitimate business interest of us.

The doctors and pharmacies to whom we have access perform their work independently of Dokteronline.com and without Dokteronline.com being in any way responsible for the nature and/or quality of the services and/or products delivered. For the purpose of requested online consultations and/or products, Dokteronline.com collects your (medical) personal data for the doctors and/or pharmacies. This data is located on a secure platform from Dokteronline.com. Employees of Dokteronline.com do not have access to this medical information. The personal data in question is only accessible to the treating physician and/or pharmacist, who is independently responsible for the data processing. We have made agreements with these doctors and pharmacies to guarantee your privacy rights.

Contact customer services


We offer via our website the possibility to ask questions (by telephone or another medium) via our customer services, asking you to provide various information to deal with your question. You choose which information you provide. The data that you send us will be kept for as long as the nature is required for the complete answering and processing thereof.

Newsletter


We offer a newsletter with which we want to inform interested parties about eHealth in the broad sense and/or our services. You can indicate by means of an explicit opt-in that you wish to receive the newsletter. The newsletter may contain information specifically targeted at you (for example through 'profiling'). Each newsletter contains a link with which you can unsubscribe.

Service message


By using our services, your e-mail address is automatically added to a contact list so that we can send a service message by e-mail in the context of a concluded agreement (an 'order') regarding the status of an order, regarding adjustments and incidents with regard to our website or our services, and regarding information related to services provided to you previously. You can unsubscribe from these services messages via the unsubscribe link that each service message contains.

Publication


We do not publish your customer data.

Transfer to countries outside the EU


Dokteronline.com has a worldwide technical infrastructure. Although Dokteronline.com tries to avoid this as much as possible, your personal data may be transferred to the United States or other countries outside of Europe, where the privacy protection regulations may not offer the same protection as in the European Union. Dokteronline.com will, however, take appropriate measures in such cases that are reasonably necessary to ensure that your data is protected as well as possible.

Provision to third parties


We provide your personal data to third parties ('processors') and companies affiliated to Dokteronline.com to organise, direct and monitor rights and obligations, including services and payments arising from the agreement concluded with you. We have concluded agreements with the aforementioned third parties, in which we ensure that the further processing of personal data by these third parties also complies with the applicable privacy legislation. In addition, Dokteronline.com provides your personal data to other third parties; often for marketing purposes. We only do this with your explicit consent.

Integration of the Trusted Shops Trustbadge


The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers.

This is necessary to safeguard our legitimate prevailing interests in view of the optimal marketing of our products and ensuring the safety of purchases according to Article 6(1)(f) of the GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH also uses service providers from the US. An adequate level of data protection is guaranteed. Further information on data security of Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/

When the Trustbadge is called up, the web server automatically saves a server log file which contains, among other things, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents of the call. Individual access data is stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.

This is necessary for the fulfilment of our and Trusted Shops’ legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Article 6(1)(f) of the GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.

Klarna payment method


You can pay via Klarna. Klarna may perform a credit check, for which personal data is processed. The details of Klarna are: Klarna Bank AB, registration number 556737-0431, Sveavägen 46, 111 34 Stockholm, Sweden.

Security


We take security measures to limit abuse of and unauthorised access to personal data. In particular, we take the following measures:
  • access to personal data is protected with a username and password;
  • the data is stored after receipt in a separate, protected system;
  • we take physical measures for access protection of the systems in which personal data are stored;
  • our (technical) equipment and infrastructure suppliers comply with applicable ISO standards, such as ISO-27002;
  • we use secure connections (Secure Sockets Layer or SSL) which protects all information between you and our website when you enter personal data.

Retention periods and account deletion


The personal data described above is retained as long as your account has an active status. Your account - including the associated personal data - will be deleted by Dokteronline.com if you have not logged in for 3 years here, or after 3 years after your last order via Dokteronline.com. Certain personal data will, however, be kept longer if there is a legal obligation to do so (such as the fiscal retention of at least 7 years for payment data and at least 15 years for medical data).

Your Rights


Access, correction and deletion of your data
If you wish, Dokteronline.com can provide you with an overview of your personal data that is known to us (Article 15 of the GDPR). Most of this data can be viewed through your My Dokteronline account. If this information proves to be incorrect or incomplete, we will correct or complete this information at your request (Article 16 of the GDPR).

You also have the right to have your personal data erased (‘right to be forgotten’ - Article 17 of the GDPR). In that case, your account and all associated personal data - to the extent permitted by law - will be permanently deleted or anonymised.

Right to restriction of processing
If you have informed us that your personal data is inaccurate or incomplete, you may request that we restrict the processing for as long as we are processing your request (Article 18 of the GDPR). You may also request that we restrict the processing of your data if you are of the opinion that we are processing your data unlawfully or that we no longer need your personal data for the purpose of processing, or if you have objected to the processing thereof. After we receive your request for restriction we will only process your data after we have obtained your permission or for important reasons (such as judicial proceedings).

Data Portability
You are entitled to data portability. This means that you have the right to receive the personal data you have provided to us in a usable form (Article 20 of the GDPR). Dokteronline.com will send your data in XML format.

To Object
If you do not agree with a certain processing of your data - including, for example, the automated processing of your personal data ('profiling') for direct marketing purposes - you can object to this at any time (Article 21 of the GDPR).

Withdrawing previously given permission
If you have given us permission for the processing of your personal data, you can withdraw this consent at any time (Article 13(2)(c) of the GDPR). You can also withdraw your consent for the sending of marketing messages or object to this.

The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the relevant supervisory authority (Article 77 of the GDPR). For Dokteronline.com this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can lodge a complaint about the manner in which we process your personal data. Of course you can always submit your complaint to us first. If you have a complaint you can contact our Data Protection Officer.

Contact
You can exercise the above rights and any other rights that you have under the applicable privacy laws by sending a request to [email protected] We will respond to your request as soon as possible, but in any case within 4 weeks or respond to otherwise.

You can also exercise your right to be forgotten and your right to data portability through your My Dokteronline account.

If you have any questions you can also contact our Data Protection officer, whose contact details are at the end of this privacy statement.

Reporting of security incidents and data leaks


If, despite of the protective measures taken, your personal data is breached or we suspect it may be breached, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) thereof. If the personal data breach is likely to have adverse consequences for you, we will communicate this to you as soon as possible. Dokteronline.com has an internal procedure in place for dealing with such incidents.

Third party websites


This privacy statement does not apply to websites of third parties that are connected to our website by means of links. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We encourage you to read the privacy statement of these websites before using these websites.

Cookies


Dokteronline.com uses cookies through its website and when offering its services. This is a small, simple file with data that is either stored on the hard disk of your computer or in the session of your browser. In our Cookie Policy, you can read all about the use of cookies by Dokteronline.com.

Google Analytics


We use Google Analytics to keep track of how visitors use our website. We have concluded an agreement with Google to make agreements about the handling of our data. Furthermore, we have not allowed Google to use the obtained Analytics information for other Google services. Finally, we will anonymize the IP addresses.

Changes to this Privacy Statement


We reserve the right to make changes to this privacy statement. It is advisable to consult this privacy statement regularly so that you are aware of these changes.

Leading supervisor: Authority for Personal Data


We are. of course, happy to help you if you have complaints about the processing of your personal data. Under the privacy legislation, you also have the right to file a complaint with the national privacy regulator against this processing of personal data. Because Dokteronline.com carries out cross-border data processing, we have designated the Dutch privacy regulator as the leading supervisor. This is the Authority for Personal Data.

Data Protection Officer


Dokteronline.com has appointed a Data Protection Officer (DPO). The DPO is independent and acts as internal supervisor. The DPO ensures that Dokteronline.com applies and complies with the relevant data protection regulations. If you have any questions about the processing of your personal data, please contact our Data Protection Officer (Mr J. Stienstra) at [email protected]helder.nl or call +31 88 235 3035. You can also contact our DPO if you have questions, comments or complaints about this privacy statement.

Privacy statement - Dokteronline.com (PDF)