Privacy Policy

BACKGROUND

Doocle Limited understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this Website, www.doocle.com (“Our Site”) and will only collect and use personal data in ways that are described here and in a manner that is consistent with Our obligations and your rights under the law.

Please read this Privacy Policy (the "Policy") carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. By using the Services, you consent to the privacy practices described in this Policy. This Policy may change as We continuously improve Our Services, so please check it periodically. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately

This Policy is incorporated into and is subject to Our Terms and Conditions. Capitalized words used but not defined in this Policy have the meaning given to them in the Terms and Conditions.

In addition, you have a number of rights as a data subject. You can, for instance, seek access to your medical information, object to me using your information in particular ways, request rectification of any information which is inaccurate or deletion of information which is no longer required (subject to certain exceptions). This Policy also sets out your rights in respect of your personal information, and how to exercise them.

This Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

  • 1

    Data We Collect

    Personal Data

    When you use Our Services, you may provide, and We may collect what is generally called “personally identifiable” data or “personal data”, which is data that specifically identifies an individual (“Personal Data”). Examples of Personal Data include name, email address, mailing address, mobile phone number, images and credit card or other billing information. Personal Data also includes other information, such as date of birth, geographic area, or preferences, when any such data is linked to information that identifies a specific individual.

    You may provide Us with Personal Data in various ways on the Services. For example, you provide Us with Personal Data when you register for an Account, use the Services, interact with other users of the Services through communication or messaging features, or send Us customer service-related requests.

    Personal Information

    We will hold “special categories of personal information” previously known as “sensitive personal data”) about you, such as information relating to your physical and mental health.

    1.1

    If you provide personal information to Us about other individuals (including medical or financial information), you should inform the individual about the contents of this Policy. We will also process such information in accordance with this Policy.

    1.2

    In addition, you should note that in the event you amend data which We already hold about you (for instance by amending a pre-populated form) then We will update Our systems to reflect the amendments. Our systems will continue to store historical data.

    1.3

    The confidentiality of your medical information is important to Us, and We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health (or indeed any of your personal information more generally). From 25 May 2018, the current Data Protection Act will be replaced by the EU General Data Protection Regulation (GDPR) and a new Data Protection Act. All uses of your information will comply with the GDPR and the new Data Protection Act from that date onwards and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.

    Automatically Collected Data

    When you use the Services, We may automatically record certain information from your device. This automatically “collected” information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Services, the pages or other content you view or otherwise interact with on the Services, and the dates and times that you visit, access, or use the Services. We may also collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users.

    Data from Other Sources

    We may obtain information, including Personal Data, from third parties and sources other than the Services, such as Our partners and advertisers. If We combine or associate information from other sources with Personal Data that We collect through the Services, We will treat the combined information as Personal Data in accordance with this Policy.

  • 2

    Technologies We Use

    Third Party Web Beacons and Third-Party Buttons

    We may implement third-party content or advertising on the Services that may use clear gifs or other forms of Web beacons, which allow the third-party content provider to read and write cookies to your browser in connection with your viewing of the third-party content on the Services. Additionally, We may implement third-party buttons (such as Facebook “like” or “share” buttons) that may allow third parties to collect information about you through such third parties’ browser cookies, even when you do not interact with the button. Information collected through Web beacons and buttons is collected directly by these third parties, and We do not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies.

    Google Analytics

    We use Google Analytics on the Website to create user navigation reports for Our Website administrators. We take measures to protect the technical information collected by Our use of Google Analytics. Your Personal Data will only be used on a need to know basis to resolve technical issues, to administer the Website and identify visitor preferences. Any statistical reports or website traffic information are exclusively accessed by authorised personnel within Our company. We do not use any of this information to identify visitors and We do not share it with third parties. Google operates independently from Us and has its own privacy policy in place, which We strongly suggest you review (Google Privacy Policy). Google may use the information collected by Our use of Google Analytics to evaluate users' activity on Our Website. For more information, see Google Analytics Privacy and Data Sharing.

  • 3

    Cookies

    Our Cookie Policy at www.doocle.com/cookies is hereby incorporated into this Policy by reference. Please read the Cookie Policy carefully and ensure that you understand it. Your acceptance of Our Cookie Policy is deemed to occur when you press the “Accept” button on Our Cookie pop-up. If you do not agree to Our Cookie Policy, please stop using Our Site immediately.

  • 4

    Use of Data

    We use the information that We collect to operate, maintain, enhance and provide all features of the Services, to provide services and information that you request, to respond to comments and questions and otherwise to provide support to users of the Services.

    We use the information that We collect to understand and analyse the usage trends and preferences of Our users, to improve the Services, and to develop new products, services, features, and functionality.

    We may use your email address or other information We collect (a) to contact you for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to your Data posted on the Services or (b) to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties We work with. Generally, you have the ability to opt-out of receiving any promotional communications as described below under “Right to Withdraw Consent”.

    We may use “cookies” information and “automatically collected” information to (a) personalise Our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) provide customised advertisements, content, and information; (c) monitor and analyse the effectiveness of Services and third-party marketing activities; (d) monitor aggregate Website usage metrics such as total number of visitors and pages viewed; and (e) track your entries, submissions, and status in any promotions or other activities on the Services.

  • 5

    Sharing of Data

    Except as described in this Policy, We will not disclose your information that We collect on the Services to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

    5.1

    Any information that you voluntarily choose to include in a publicly accessible area of the Services, such as a public profile page, will be available to anyone who has access to that content, including other users.

    5.2

    We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (a) compliance with various reporting obligations; (b) for business or marketing purposes; or (c) to assist such parties in understanding Our users’ interests, habits, and usage patterns for certain programmes, content, services, and/or functionality available through the Services.

    5.3

    We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

    5.4

    We also reserve the right to disclose your information that We believe, in good faith, is appropriate or necessary to (a) take precautions against liability, (b) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (c) investigate and defend ourselves against any third-party claims or allegations, (d) protect the security or integrity of the Services and any facilities or equipment used to make the Services available, or (e) protect Our property or other legal rights (including, but not limited to, enforcement of Our agreements), or the rights, property, or safety of others.

    5.5

    Information about Our users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of Our business assets.

  • 6

    Third-Party Service Providers

    We work with third-party service providers (“Service Providers”) to provide a website, application development, hosting, maintenance, payment and other services for us. These third parties may have access to or process your information as part of providing those services for us. Generally, the information provided to and gathered by these Service Providers are limited to that which is reasonably necessary for them to perform their functions, and We require them to agree to maintain the confidentiality of such information.

    Data Controller and Data Processor

    We do not own, control or direct the use of any of the information stored or processed by the Service Providers. Only they are entitled to access, retrieve and direct the use of such information depending on the service that they provide. A service provider is not aware of what information is actually being stored or made available by another third-party service provider and does not directly access such information or data except as authorised by you or as necessary to provide the Services to you.

    Because We do not collect or determine the use of any Personal Data by the Service Provider, and because We do not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, We are not acting in the capacity of data controller in terms of the General Data Protection Regulation (GDPR) on data privacy (“Directive”) and do not have the associated responsibilities under the Directive. We should be considered only as a processor on behalf of Our Service Providers and users as to any information containing Personal Data that is subject to the requirements of the Directive. Except as provided in this Policy, We do not independently cause information containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on Our behalf in connection with Our Services. Such actions are performed or authorised only by you.

    The Service Provider is the data controller under the Directive for any information containing Personal Data. This means that you or the relevant user controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data. We are not responsible for the content of the Personal Data or other information stored on the Service Provider's servers (or its subcontractors’ servers) at your discretion, and We are responsible for the manner in which the Service Provider, handles disclosure, distributes or otherwise processes such information.

    A user who seeks to access, correct, amend, delete inaccurate data or withdraw consent for further contact should direct his query to the Service Provider.

  • 7

    Data Controller

    Aside from the information stored or processed by the third-party Service Providers above, Doocle Limited is the Data Controller of all other information stored or processed on the Website.

    Our data controller registration number in England and Wales is A8185478.

    By visiting and using the Website and giving Us your Personal Data, you consent to your Personal Data being collected and processed. The data that We collect will be stored on the cloud based in the European Economic Area ("EEA"). From there, the data may be transferred to and stored by Doctors operating outside the EEA and processed by their employees or subcontractors to fulfil the services that you have requested.

    The communication of sensitive text data like medical records by the Patient is encrypted in-transit while uploaded and stored in the Cloud with only the patient and Our administrator having access to them, with Patients allowing doctors to access the data on request. The communication internally between Our servers (e.g. between application server and database) is handled via secure socket layer (“SSL”) to provide AE-256 encryption) and all information between Our servers and the user’s browser is handled via SSL (up to 256-bit encryption, depending upon your browser), providing an industry-standard level of protection for data-in-transit. Data travelling between a customer’s device and Our cloud platform is encrypted by default using HTTPS/TLS (Transport Layer Security). All encrypted data is signed using a message authentication code (MAC) so that the underlying value cannot be modified once encrypted. The cloud platforms (Amazon, Google) that We use maintain certification with robust security standards, including:

    7.1

    SSAE16 / ISAE 3402 Type II: SOC 2 and SOC 3 public audit report;

    7.2

    ISO 27001, one of the most widely recognized, internationally accepted independent security standards;

    7.3

    PCI DSS v3.0, payment card industry data security standard;

    7.4

    HIPAA BAA, US standard for protecting sensitive patient data.

  • 8

    Data Security

    We follow generally accepted industry standards to protect the information submitted to Us, both during transmission and once We receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in Our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and We also employ application-layer security features to further anonymise Personal Data.

    However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to Us or store on the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of Our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us at info@doocle.com.

    If We learn of a security systems breach, then We will attempt to notify you electronically so that you can take the appropriate protective steps. We may post a notice through the Services if a security breach occurs.

  • 9

    Data Retention

    We only retain the information collected from you for as long as your Account is active or otherwise for a limited period of time as long as We need it to fulfil the purposes for which We have initially collected it, unless otherwise required by law.

    We will permanently delete your Account, including all your Personal Data therein, as soon as reasonably practicable within 12 months of termination of your Account or from the time you have paid all monies due to us, whichever is later.

    If you have specifically requested for an earlier deletion of your Data, We shall fulfil such request within one month of receipt of such request.

    We will retain and use information as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements.

  • 10

    International Data Transfers

    Information that We or Service Providers collect may be stored and processed in and transferred between any of the countries in which We operate in order to enable us to use the information in accordance with this Policy.

    If you are in the European Union, information which you provide may be transferred to countries outside of the EEA, where data protection laws are different to those in force in the European Union. You expressly agree to such transfers.

    Please note that We have listed above the current common transfers of personal data outside of the EEA but it may be necessary, in the future, to transfer such data for other purposes. In the event that it is necessary to do so, We will update this Policy.

  • 10

    AUTOMATED DECISION MAKING

    An automated decision is a decision made by computer without any human input, and there will be no automated decision-making in relation to your consultation or other decisions which will produce legal or similarly significant effect.

  • 12

    YOUR RIGHTS

    Under data protection law you have certain rights in relation to the personal information that We hold about you. These include rights to know what information We hold about you and how it is used. You may exercise these rights at any time by contacting Doocle Limited using the details provided in Section 15.

    12.1 There will not usually be a charge for handling a request to exercise your rights.

    12.2 If We cannot comply with your request to exercise your rights, We will usually tell you why.

    12.3 There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future), the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information.

    12.4 If you make a large number of requests or it is clear that it is not reasonable for Us to comply with a request, then We do not have to respond. Alternatively, We can charge for responding.

    12.5 You are usually entitled to a copy of the personal information We hold about you and details about how We use it.

    12.6 Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.

    12.7 Please note that in some cases, We may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you.

    12.8 You are entitled to the following under data protection law:

    12.9 Under Article 15(1) of the GDPR, We must usually confirm whether We have personal information about you. If We do hold personal information about you, We usually need to explain to you:

    12.9.1

    The purposes for which We use your personal information;

    12.9.2

    The types of personal information We hold about you;

    12.9.3

    Who your personal information has been or will be shared with, including in particular organisations based outside the EEA;

    12.9.4

    If your personal information leaves the EU, how We will make sure that it is protected;

    12.9.5

    Where possible, the length of time We expect to hold your personal information. If that is not possible, the criteria We use to determine how long We hold your information for;

    12.9.6

    If the personal data We hold about you was not provided by you, details of the source of the information;

    12.9.7

    Whether We make any decisions about you solely by computer and if so details of how those decisions are made and the impact they may have on you;

    12.9.8

    Your right to ask Us to amend or delete your personal information;

    12.9.9

    Your right to ask Us to restrict how your personal information is used or to object to Our use of your personal information;

    12.9.10

    Your right to complain to the Information Commissioner's Office.

    12.10 We also need to provide you with a copy of your personal data, provided specific exceptions and exemptions do not apply.

    The right to rectification

    1 We take reasonable steps to ensure that the information We hold about you is accurate and complete. However, if you do not believe this is the case, you can ask Us to update or amend it.

    2 We take reasonable steps to ensure that the information We hold about you is accurate and complete. However, if you do not believe this is the case, you can ask Us to update or amend it.

    3 You may update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the Services. If you wish to access or amend any other Personal Data We hold about you or to request that We delete any information about you that We have obtained from an Integrated Service, you may contact us at info@doocle.com.

    4 We will, however, retain your data needed for administrative and transactional communications, including but not limited to, receipt and confirmation of payment made, notice of subscription expiration coming due, changes to Terms and Conditions, Privacy Policy, Fees, Charges, etc.

    The right to erasure (also known as the right to be forgotten)

    1 We may update this Policy from time to time to ensure that it remains accurate, and the most up-to-date version can always be found at www.doocle.com. In the event that there are any material changes to the manner in which your personal information is to be used then We will provide you with an updated copy of this Policy.

    2 In some circumstances, you have the right to request that We delete the personal information We hold about you. However, there are exceptions to this right and in certain circumstances We can refuse to delete the information in question. In particular, for example, We do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercising or defending legal claims.

    The right to restriction of processing

    In some circumstances, We must "pause" Our use of your personal data if you ask me to do so, although We do not have to comply with all requests to restrict Our use of your personal information. In particular, for example, We do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.

    The right to data portability

    In some circumstances, We must transfer personal information that you have provided to Us or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.

    The right to object to marketing

    You can ask Us to stop sending you marketing messages at any time and We must comply with your request. You can do this by contacting Us using the details provided in Section 15.

    The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone)

    1 You have a right to not be subject to automatic decisions (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you.

    2 Please see Section 10 for detail about when We may make automatic decisions about you.

    3 If you have been subject to an automated decision and do not agree with the outcome, you can challenge the decision.

    The right to withdraw consent

    1 In some cases, We may need your consent in order for Our use of your personal information to comply with data protection legislation. Where We do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting Us using the details provided in Section 15.

    2 At any time, you may legitimately object to the processing of your Personal Data, except if otherwise provided by applicable law. You may decline to share certain Personal Data with Us, in which case We may not be able to provide to you some of the features and functionality of the Services.

  • 13

    The right to complain to the Information Commissioner's Office

    13.1 You can complain to the Information Commissioner's Office if you are unhappy with the way that We have dealt with a request from you to exercise any of these rights, or if you think We have not complied with Our legal obligations.

    13.2 More information can be found on the Information Commissioner’s Office Website: https://ico.org.uk

    13.3 Making a complaint will not affect any other legal rights or remedies that you have.

  • 14

    Email Privacy Policy

    If you wish to subscribe to Our updates, We ask only for your email address.

    We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from Us in Account functionality on the Services. You may opt-out from receiving commercial email from Us, and any other promotional communications that We may send to you from time to time by modifying your Account settings, by following the instructions contained within the email, by sending your request to us by email at info@doocle.com.

    Please be aware that if you opt-out of receiving commercial email from Us or otherwise modify the nature or frequency of promotional communications you receive from Us, it may take up to ten business days for Us to process your request, and you may receive promotional communications from Us that you have opted-out from during that period.

    Additionally, even after you opt-out from receiving commercial messages from Us, you will continue to receive administrative messages from Us regarding the Services.

  • 15

    Third Party Services

    The Services may contain features or links to Websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Services. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

  • 16

    Contacting Us

    Please contact Us with any questions or comments about this Policy, your Personal Data, Our use and disclosure practices, or your consent choices to:
    Doocle Limited
    Company Registration Number and Address:
    09693471
    7-9 The Avenue, Eastbourne, England, BN21 3YA
    info@doocle.com

  • 17

    updates to this policy

    We may update this Policy from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the manner in which We process your personal data then We will provide you with an updated copy of the Policy.
    This Privacy Policy was last updated on 20 June 2018.