DrOnline Privacy Policy

DrOnline exists to help create connections between Healthcare Providers and Patients, making the delivery of healthcare services more open and inclusive. In short, to build a world where everyone can have access to Telemedicine and Video consultation services, anywhere. We are a community built on trust. A key aspect of earning that trust is being clear about how we use your information and protect your right to privacy.

This Privacy Policy describes how DrOnline ("we", "us" or "DrOnline"), handles the personal information that we collect through the DrOnline Platform.

1. DEFINITIONS

Terms that are not defined in this Privacy Policy have the same definition as in our Terms of service ("Terms").

2. PERSONAL INFORMATION WE COLLECT

2.1 Information required to use the DrOnline Platform.

We collect the following personal information when you use the DrOnline Platform. Without it, we may not be able to provide all of the services you request. This information includes Contact, Account and Profile Information. Such as your first name, last name, phone number, postal address, email address, some of which will depend on the features you use. We do not collect or store any clinical information from Patients, which includes diagnosis and medical histories, prescriptions or clinical therapies.

Information you decide to provide.

You may choose to provide us with additional personal information. This information may include:

1. Additional profile information. Such as gender, preferred language(s), city and personal description. Some of this information, as specified in your Account settings, is part of your profile page and will be visible by the Healthcare Providers with whom you conduct telemedicine consultations.
2. Other Information. For example, when you fill out a form, add information to your account, respond to surveys, participate in community forums, participate in promotions, communicate with our customer support team or share your experience with us. This may include information about your health status, if you choose to share it with us.

2.2 Information automatically collected when using the DrOnline Platform and our Payment Services.

When you use the DrOnline Platform and Payment Services, we automatically collect personal information. This information may include:

• Geolocation Information. As the precise or approximate location determined from your device's IP address or GPS.
• User information. Such as the pages or content you view, your searches for Health Care Providers or Medical Services, the consultations you have made and other actions on the DrOnline Platform.
• Registration Data and Device Information. Such as details about how you have used the DrOnline Platform (including whether you have clicked on links to third party applications), IP address, dates and times of access, hardware and software information, device information, information about events that have occurred on the device, unique identifiers, crash data, cookie data and the pages you viewed or interacted with before or after using the DrOnline Platform. We may collect this information even if you have not created a DrOnline account or logged in. Cookies and similar technologies as described in our Cookies Policy.
• Payment Transaction Information. Such as the payment instrument used, the date and time, amount of the payment, expiry date and billing postcode of the payment instrument, PayPal email address, IBAN data, your address and other details related to the transaction.

2.3 Personal Information we collect from third parties.

We collect personal information from other sources such as:

• Third Party Services. If you create a connection, access or log into your Account on the DrOnline Platform with a third party service (e.g. Google, Facebook, WeChat), you direct the service to send us information such as your registration information, friends list and profile in accordance with the controls of that service or authorised by you through your privacy settings on that service.
• Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data or information to detect fraud and security issues, through third party service providers and/or partners and combine it with the information we have about you. For example, we may receive background check results or fraud warnings from identity verification services for use in our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the DrOnline Platform, or about your experiences and interactions from our partners

3. HOW WE USE THE INFORMATION WE COLLECT

3.1 Providing, Improving and Optimising the DrOnline Platform. 

We use personal information to:

• allow you to access the DrOnline Platform and make and receive payments
• allow you to communicate with registered DrOnline Members,
• carry out analysis, debugging and research,
• provide customer support services,
• send you messages, updates, security alerts and account notifications,
• customize and tailor your experience based on your interactions with the DrOnline Platform, your search and booking history, your profile information and preferences, and other content you submit; and
• to enable you to use our Company's products.

3.2 Creating and maintaining a trustworthy and safer environment. 

We use personal information to:

• detect and prevent fraud, spam, abuse, security incidents and other malicious activities,
• study and combat discrimination in accordance with our Non-Discrimination Policy,
• carry out safety investigations and risk assessments,
• verify or authenticate the information you provide,
• performing checks of databases and other sources of information, including background or police checks,
• resolve disputes with our users,
• enforce our agreements with third parties,
• comply with the law, respond to official requests, prevent harm and protect our rights,
• apply our Terms and other policies (e.g., Non-Discrimination Policy)

In connection with the above activities, we may perform profiling based on your interactions with the DrOnline Platform, your profile information and other content you submit to the DrOnline Platform, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the DrOnline Platform if such processes detect activity that we believe poses a security or other risk to the DrOnline Platform, our community or third parties. If you wish to contest the decision based on the automated process, please contact us via the Contact section.

3.3 Delivering, personalising, measuring and improving our Advertising and Marketing. 

• We use personal information to:
• send you promotional, marketing, advertising and other information based on your preferences and social media advertising through social media platforms,
• personalise, measure and improve our advertising,
• administer referral programs, prizes, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by DrOnline or its partners and third parties;
• analyse characteristics and preferences in order to send you promotional, marketing, advertising and other information that we feel may be of interest to you; and invite you to relevant events and opportunities

3.4 Providing Payment Services. 

Personal information is used to allow or authorise third parties to use the Payment Services:

• Detect and prevent money laundering, fraud, abuse, security incidents.
• Carry out safety investigations and risk assessments.
• Comply with legal obligations (such as anti-money laundering regulations).
• With your consent, send you promotional messages, marketing, advertising and other information that may be of interest to you based on your preferences.
• Providing and improving Payment Services.

4. SHARING AND DISSEMINATION

4.1 Sharing with your consent or on your instructions.

When you give your consent, we share your information as described at the time of consent.

4.2 Sharing between members.

To help facilitate scheduling telemedicine appointments or other interactions between Patients and Providers, we may need to share certain information, such as when a telemedicine appointment request is made, certain information may be shared between Patients and Providers, including profile, name, cancellation history, comment information and other information that you choose to share and submit. When a video consultation is confirmed, additional information is shared to help coordinate the video consultation, such as telephone number and email address. Whenever you have a video consultation confirmed as a Health Care Provider, we share certain information with the Patient to coordinate the appointment, such as your profile, full name, phone number, and email address.

4.3 Information you post on profiles, advertisements and other public information.

You can make certain information public to others, such as:

• The Health Provider's public profile page, which includes profile picture, name and description.
• Health Provider pages that include information such as a description of the Health Provider, calendar availability, your profile picture, aggregate search information (such as page views over a certain period of time), and additional information that you choose to share.
• Comments, ratings and other public comments.
• Content in a community or discussion forum, blog or social media post.

We may display parts of your public profile and other Content that you make publicly available, such as Health Provider Details on third party websites, platforms and applications.

The information you share publicly on the DrOnline Platform may be indexed through third-party search engines.

4.4 Complying with the Law, responding to official requests and protecting our rights.

We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities or authorized third parties if and to the extent that we are required or permitted to do so by law or when disclosure is reasonably necessary: (i) to comply with our legal obligations; (ii) to comply with a valid legal request or to respond to actions brought against DrOnline; (iii) to respond to a valid legal request related to a criminal investigation, or alleged or suspected illegal activities, or any other activity likely to expose DrOnline, to expose you or any other of our users to legal liability, (iv) to implement and administer our Terms of Service or other agreements concluded with Members; or (v) to protect the rights, property or personal safety of DrOnline, its employees, Members or members of the public. For example, if permitted as set forth above, the Health Provider's tax information may be shared with tax authorities or other government agencies.

Where appropriate, we may notify Members of official requests unless: (i) the legal regime itself, the court order received or the law in force prohibits notification; or (ii) we consider that sending a notification would be futile, ineffective, could carry a risk of negative effects or bodily harm to a person or a group, or carry or increase the risk that fraud or harm will be committed against DrOnline, its Members, or would expose DrOnline to an action of obstruction of justice.

In jurisdictions in which DrOnline facilitates the Collection and Remittance of Taxes, where legally permitted under applicable law, we may disclose information from Patients and Healthcare Providers about transactions, appointments, to the relevant tax authorities, including, but not limited to, the name of the Patient or Healthcare Provider, dates and amounts of transactions, tax identification number(s), the amount of taxes received (or owed) by the Healthcare Provider, from the Patient, and contact information.

In jurisdictions where DrOnline facilitates or requires a registration, notification, licence or licence application of a Healthcare Provider with a local government authority through DrOnline in accordance with local legislation, we may share information from participating Healthcare Providers with the relevant authority, both during the application process and periodically thereafter, such as the Healthcare Provider's full name and contact details and tax identification number.

4.5 Service Providers.

We share personal information with affiliated and non-affiliated service providers to help us run our business, including service providers that help us: (i) verify your identity or authenticate your identification documents; (ii) verify information against public databases; (iii) perform criminal and police background checks, fraud prevention and risk assessments; (iv) perform product development, maintenance and debugging; (v) enable the provision of DrOnline's Services through third-party software platforms and tools (e.g. through integration with our APIs); (vi) provide customer services, advertising or payment services; (vii) process, evaluate or address insurance claims or other similar claims; or (viii) facilitate non-profit and charitable activities consistent with DrOnline's mission. These providers are contractually obligated to protect your personal information and have access to your personal information to perform these tasks.

4.6 Business Transfers.

If DrOnline enters into or is involved in any merger, acquisition, reorganization, asset sale, bankruptcy or insolvency proceedings, we may in such cases transfer or share all or some of our assets, including your information in connection with such transaction or in consideration for such transaction (e.g. due diligence). In this case, DrOnline will inform you before your information is transferred and becomes subject to a different privacy policy.

5. OTHER IMPORTANT INFORMATION

5.1 Analysis of your Communications.

We may review, scan or analyze your communications on the DrOnline Platform for the reasons described in the "How We Use the Information We Collect" section of this policy, including for fraud prevention, risk assessment, regulatory compliance, research, product development, research, analysis, enforcement of our Terms of service andfor customer support purposes. For example, as part of our efforts to prevent fraud, we may scan and review messages to obscure contact information and references to other sites. In some cases, we may also scan, review or analyse messages to debug, improve and extend product offerings. We use automated methods where reasonably possible. There will be occasions when we may need to manually review communications, such as in fraud and customer support investigations, or to evaluate and optimize the operation of these automated tools. We will not review, scan or analyse your IM communications for the purpose of sending you third party marketing messages, and we will not sell reviews or analyses of these communications.

5.2 Association with Third Party Accounts.

You may link your DrOnline Account to certain third party services, such as social networks. Your contacts on these third party services are referred to as "Friends". By directing data sharing through the creation of this link:

• some of the information provided to us by linking your accounts may be published on your public profile,
• your activities on the DrOnline Platform can be shown to your Friends on the DrOnline Platform and/or the service of the third party in question;
• a link to your public profile on DrOnline can be included in your public profile on the third party service;
• other DrOnline users may be able to view Friends they have in common, or that you are a Friend of a Friend of the user in question, as the case may be;
• Other DrOnline users may be able to see the schools, places of birth or other groups that they have in common and that are specified in the social network that you are associated with;
• the information you provide to us by linking your accounts may be stored, processed and transmitted for the purposes of fraud prevention and risk assessment; and
• the publication and presentation of information that you provide to the DrOnline Platform through this association is subject to your settings and authorisations on the DrOnline Platform and the third party service.

5.3 Third Party Partners and Integrations.

Some parts of DrOnline may be linked to third-party services not owned or controlled by DrOnline. The use of these services is subject to the respective privacy policies of those providers. DrOnline does not own or control these third parties and when you interact with them you are providing them with your information.

6. YOUR RIGHTS

You may exercise any of the rights described in this section in accordance with applicable law.

6.1 Managing your information.

You can access and update some of your personal information through your Account settings. If you have linked your DrOnline Account to a third party service, such as Facebook or Google, you can change your settings and disassociate that service in your Account settings. You are responsible for keeping your personal information up to date.

6.2 Data Access and Portability.

You may request certain copies of your personal information or information about how we handle your personal information, request copies of the personal information you have provided to us in a structured, commonly used and machine-readable format and/or request that we transmit such information to another service provider (where technically feasible).

6.3 Deleting data.

You may request that your personal information be deleted. Please note that if you request the deletion of your personal information:

• We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, DrOnline may keep your information for tax, legal reporting and auditing obligations.
• Information that you have shared with others (for example, comments and ratings) will continue to be publicly visible on DrOnline, even after your DrOnline Account is cancelled. However, access and communication to you of such information will be removed. Some copies of your information (e.g. protocol logs) will remain in our database, but are disassociated from personal identifiers.
• Because we take steps to protect data from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.

7. SECURITY

While no organisation can guarantee perfect security, we are constantly implementing and updating administrative, technical and physical security measures to help us protect your information against unauthorised access, loss, destruction or alteration.

8. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time in accordance with applicable law. If we do so, we will post the revised Privacy Policy and update the "Last Updated" date at the beginning. In the event of material changes, we will also notify you of the change by email at least thirty (30) days prior to the effective date. If you disagree with the terms of the revised Privacy Policy, you may cancel your Account. If you do not cancel your Account prior to the effective date of the revised Privacy Policy, your continued access to or use of the DrOnline Platform will be subject to the revised Privacy Policy.