Privacy Policy directdoc

This privacy policy was last updated on June 15, 2024.

This privacy statement explains how E-Health Script BV, a Dutch company with registered office at Papaverweg 34 - unit B100, 1032 KJ Amsterdam, Kingdom of the Netherlands, and registered with the Chamber of Commerce under number 93173520, trading under the name directdoc, collects and processes your personal data (of all types).

Preliminary remark

Directdoc processes sensitive and non-sensitive personal data. Directdoc attaches great importance to the conscientious handling of personal data. For this reason, we process and protect your personal data with great care and in accordance with the provisions of the European Union. This means that:

  • we clearly state for what purposes and on what basis we process personal data; we do this by means of this privacy policy;
  • we limit the collection of personal data to only that personal data necessary for legitimate purposes;
  • in cases where your consent is required, we will first ask for your explicit consent to process your personal data;
  • we take appropriate safeguards to protect your personal data and require the same from third parties who process personal data on our behalf;
  • we respect your right to request the transfer of your personal data, to access and to correct or delete personal data, as well as your right to object to the processing of your data and your right to restrict processing.

directdoc is responsible or jointly responsible for data processing. In this privacy statement, we explain which personal data we collect and use and for what purpose. We recommend that you read this statement carefully.

Personal data and processing purposes

We collect and process the following data:

Data that you provide to us yourself. This includes information about you that you provide to us by filling in forms on our website www.directdoc.eu ("Website"), by telephone, email or other correspondence. This includes, among other things, information that you provide to us when you sign up for our newsletter, set up an account, place an order, contact customer service or use other (possibly interactive) functions on our Website.

For example, we process the following data:

  • name and address
  • Telephone number
  • Billing and/or delivery address
  • E-mail address
  • Payment details
  • Gender
  • birth date
  • technical data such as an IP address
  • Health data (questionnaires, prescriptions)

This data is used, among other things:

  • to provide access to the Website and to your personal account on the Website;
  • to set up an account, to provide services and to communicate with you;
  • to inform you (digitally or otherwise) on e-health issues and related topics upon request;
  • to inform you about changes to our services or those of doctors and/or pharmacies;
  • to organize, process and control the order you have placed with us; to carry out an identity check (if necessary).

Special personal data that you provide to us. This concerns information that you provide to us by filling in forms on our website or by corresponding with us by telephone, email or other means. When you fill out the medical questionnaire, you provide special personal data. This includes information about health. We only collect this data for the relevant doctors and/or pharmacies.

This data is used, among other things:

  • to engage independent doctors to whom we have access so that you can receive an online consultation if you request it;
  • to engage independent pharmacies to which we have access so that you can purchase and have certain medical products delivered to you upon request.

Information we collect about you. This concerns information we collect about you when you visit our website. Where appropriate, this will only happen after we have received your consent, for example after you have accepted the setting of cookies. The information we collect from you includes, among other things: technical information such as, but not limited to, IP address, your login details, type and version of your browser, type and version of browser plug-in and operating system and platform; information about your visit such as the pages you visit on our website (including duration, date and time), products visited, information about page interaction (such as scrolling, clicks and mouse-overs) and the telephone number you use when calling our customer service team.

This data is used, among other things:

  • to administer our website and for internal activities such as troubleshooting, data analysis, testing, research and statistics;
  • to improve our website, including to present content in the most effective way for you and for your computer;
  • so that you can use interactive features of our website and/or our services;
  • to secure our website;
  • to provide you with relevant information and measure its effectiveness;
  • to introduce or recommend goods and services that may be of interest to you and other users of our website.

Information we receive from other sources. This is information we receive about you from selected third parties (for example, business partners, technical partners, payment and delivery service partners, advertising networks, analytics providers, search information providers, identity verification partners, credit reference agencies).

This data will be used, among other things, to combine this information with information you provide to us and information we collect about you; we may use this information and the combined information for the purposes described above.

Basics of data processing

We collect and process your personal data in the context of creating and/or executing your order to directdoc, fulfilling a legal obligation (for example, verifying your identity), and to protect a vital interest on your part and/or a legitimate business interest on our part. If no such basis exists, we ask for your free and explicit consent to process your data. We always ask for your consent to process special personal data.

Provision to third parties

We share your personal data with third parties ("processors") and companies affiliated with directdoc in order to execute and monitor rights and obligations arising from the contract concluded with you, including services and payments. We have concluded contracts with the third parties mentioned above in which we guarantee that the further processing of personal data by these third parties also complies with the applicable data protection regulations. In addition, directdoc may make your personal data available to other third parties, often for marketing purposes. We only do this with your express consent.

The doctors and pharmacies to which we have access carry out their work independently of directdoc and without directdoc being responsible in any way for the type and/or quality of the services and/or products offered. For the requested online consultations and/or products, directdoc collects your personal data or health data on behalf of the responsible doctors and/or pharmacies. This data is stored in a secure environment on directdoc's servers. Directdoc employees do not have access to this health data. The respective personal data and information on your previous medication use are only accessible to these doctors and pharmacists; they are themselves responsible for processing this data. Doctors and pharmacists have a special legal obligation to guarantee your right to privacy. Your health data will never be passed on to third parties.

Mail services

By using our services, your email address will automatically be added to a list of recipients to whom we may send service reports by email in connection with a concluded contract (an "order"); these may, for example, concern the status of orders and adjustments, as well as incidents or satisfaction surveys with regard to our website or our services. We may also provide you with information about your past orders in this way. You can unsubscribe from these service reports by using the unsubscribe option we offer in our communications.

Telephone services

directdoc uses your telephone number to contact you, if necessary, with questions and/or updates on the order you have placed. directdoc may also contact you by telephone in connection with the services offered by directdoc. We will only call you if you have given your express consent to do so when setting up your account. During each telephone call, you have the opportunity to object to being contacted by telephone and to revoke your previously given consent.

Payment processing

directdoc has commissioned the payment provider Mangopay to process payments. Mangopay's privacy policy can be viewed here: https://mangopay.com/privacy-statement

Data storage

directdoc stores and processes personal data exclusively within the European Union.

We take security measures to limit misuse of and unauthorized access to personal information. In particular, we take the following measures:

  • access to personal data is protected with a user name and password;
  • the data will be stored in a separate, protected system upon receipt;
  • we take physical measures to protect access to the systems in which personal data is stored;
  • the suppliers of our (technical) equipment and infrastructure comply with the applicable ISO standards, such as ISO-27002;
  • We use secure connections (Secure Sockets Layer or SSL) to protect all information between you and our website when you enter personal data.
Retention periods and deletion of the account

The personal data mentioned above will be stored as long as your account is active. Your account - including the personal data linked to it - will be deleted by directdoc if no login has been made using this account for a period of 3 years or 3 years after you placed your last order via directdoc. However, certain personal data will be stored for longer due to legal obligations.

Your rights

If you wish, directdoc can provide you with an overview of your personal data that we have on file (Article 15 GDPR). You can view most of this data via your directdoc account. If this information turns out to be incorrect or incomplete, we will change or supplement this information at your request (Article 16 GDPR).

You can also invoke the right to be forgotten (Article 17 GDPR). In such a case, your account and all associated personal data will be permanently deleted or anonymized - if this is legally permissible.

If you have reported to us that your personal data is inaccurate or incomplete, you can ask us to restrict processing while we are processing your request (Article 18 GDPR). You are also entitled to request that we restrict the processing of your data if you believe that we are processing it unlawfully or no longer need it, or if you have objected to (further) processing. After receiving your request to restrict processing, we will only process your data with your explicit consent or if there are important reasons (such as legal proceedings).

Data portability

You have a right to data portability. This means that you have the right to receive the personal data you have made available to us in a usable format (Article 20 GDPR). directdoc will send you your data in an XML, CSV or TXT format.

File an objection

If you do not agree to a certain processing of your data – which includes, for example, the automated processing of your personal data (“profiling”) for direct marketing purposes – you can object to this at any time (Article 21 GDPR).

Revoke previously given consent

If you have given us your consent to process your personal data, you can withdraw this consent at any time (Article 13:2c GDPR). Furthermore, you can withdraw your consent to receive marketing reports or object to this at any time.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the competent supervisory authority (Article 77 GDPR). For directdoc, this is the Dutch Data Protection Authority Autoriteit Persoonsgegevens. You can lodge a complaint about the way we process your personal data. Of course, you can always lodge your complaint with us first. You can do this by contacting our Data Protection Officer.

Contact

You can exercise your rights set out above and any other rights you may have under the applicable data protection regulations by sending a request to info@directdoc.eu . We will respond or otherwise respond to your request as soon as possible and in any event within four weeks.

Reporting security and other incidents, data leaks

If it unexpectedly turns out that, despite the precautionary measures, the protection of your personal data has been breached, or if we suspect this, we will report this to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). If the breach of the protection of your personal data could have adverse or detrimental consequences for you, we will inform you of this as soon as possible. directdoc has set up an internal procedure for dealing with incidents of this kind.

Third-party websites

This privacy policy does not apply to third-party websites that are linked to our website. We cannot guarantee that these third parties will handle your personal data in a reliable or secure manner. We therefore recommend that you read the privacy policies of these websites before using them.

Cookies

directdoc uses cookies on the website and in providing services. A cookie is a small, simple file of data stored on your computer's hard drive or in your browser session. You can read how directdoc uses cookies in our cookie policy.

Google Analytics

We use Google Analytics to record how visitors use our website. We have entered into a contract with Google to make arrangements for handling our data. Furthermore, we have not allowed Google to use the analytics information received for other Google services. As a final step, we have the IP addresses anonymized.

Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy. We recommend that you consult this Privacy Policy periodically so that you are informed of any such changes.

Lead authority: the Dutch data protection authority Autoriteit Persoonsgegevens

Of course, we are happy to help you if you are dissatisfied with the way your personal data is processed. Under the Privacy Policy, you also have the right to lodge a complaint with the national data protection authority about such processing of personal data. Since directdoc carries out cross-border data processing, we have appointed the Dutch Data Protection Authority as the lead authority. This is the Autoriteit Persoonsgegevens.