Ada

We will hold the above data for as long as it is necessary in order to provide you with the Services, deal with any specific issues that may arise or, otherwise, as it is required by law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed in Section 3 above.

Once your account is terminated, we will delete the personal data relating to your account within 1 month.

If you were a user of the UK Doctor Chat services (which is no longer available since 23 March 2018), your consultation details may be retained by us for a period up to 10 years according to the UK Records Management Code of Practice Retention Schedule, or if otherwise required by Care Quality Commission (“CQC”).

If your personal data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as the shorter period expires.

We restrict access to your personal data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your personal data that is no longer needed is either irreversibly anonymized (and the anonymized data may be retained) or securely destroyed.

6.1 We use technical service providers to operate and maintain our Services, who act as our processors based on a data processing agreement.

6.4 If we are required on the basis of EU law or the law of a Member State to disclose or share your personal data.

Use justification: Legal obligation, Article 6 (1) (c) GDPR.

The personal data that we collect from you is stored in the European Union on Cloud Servers of Amazon Web Services EMEA S.A.R.L. (“AWS”) with a business seat in Luxembourg and on the Cloud Servers of Google Commerce Limited (“GCL”), a company incorporated under the laws of Ireland, with offices at Gordon House, Barrow Street, Dublin 4, Ireland. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR).

Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.

Please contact us if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA.

Last modified: 29 April 2020

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.

3.3 Facebook Login
Types of data: Facebook ID, email (if provided in Facebook account), and phone number (if provided in Facebook account) and time and date of the login.

3.12 Monitor usage to ensure proper use, functioning, maintenance and improvement of the medical reasoning system and related Services
[...]
Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purposes. Under no circumstances will we use the collected data to determine your identity. We may send you transactional emails (e.g. account creation verification email, reset password email, double opt-in email regarding the newsletter subscription, welcome email) and process the page interaction accordingly, to ensure proper reception and assess the service in order to improve it.

Right to object: You have a right to object under the conditions of Article 21 DSGVO. Below you will find more detailed information:
— Right to object where the processing is based on legitimate interests: As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
— Right to object where we process your personal data for statistical purposes: If we process your personal data for statistical purposes pursuant to Article 9 (2) (j) DSGVO, Section 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such an objection, we will no longer process the personal data concerned for this purpose unless the processing is necessary to fulfil a task in the public interest, or the discontinuation of processing is likely to make it impossible or seriously impair the realization of statistical purposes and the continuation of processing is necessary for the fulfilment of statistical purposes.