Personal data of users of Doctoralia.co.uk

Notice based on Article 13 GDPR.

Who is the controller for my information?

The personal data controller is Doctoralia Internet SL . with its registered office in Barcelona, C/ Josep Pla Nº 2, Edifico B-2, Planta 13-D.,08019, CIF: B-62834981.

Data Protection Officer

Doctoralia has appointed a Data Protection Officer. The Data Protection Officer can be contacted:
1. By email: dpo@doctoralia.co.uk; or
2. In writing to the following address: Doctoralia Internet SL, C/ Josep Pla Nº 2, Edifico B-2, Planta 13-D.,08019

On what legal basis and for what purpose does Doctoralia process my personal information?

Doctoralia processes personal information about you as a user on the basis of and in connection with an Electronic Service Agreement between us.

Doctoralia also processes personal information about you as a user on the basis of its legitimate interests, as set forth in Article 6.1(f) of the GDPR. This specifically applies to the processing of your personal information to notify you of your booked appointment, your upcoming appointment or appointment cancellation. Doctoralia relies on that legal basis for the processing of personal data in connection with requests for satisfaction ratings of booked and completed appointments.

However, for personal information concerning your health (the so-called special category of personal data), Doctoralia processes that personal information based on your express consent as a user.

    Your personal information is processed for the following purposes:
  1. To provide the services described in the Terms and Conditions to you as a user;
  2. To perform the Electronic Service Agreement;
  3. To enable you as a user to book an appointment with the Professional of your choice and to provide you with information about your appointment, in particular an SMS and email notification of your booked appointment; an SMS and email reminder of your upcoming appointment; an SMS and email notification of appointment cancellation; and a request for your satisfaction rating of your appointment;
  4. To ask Professionals questions; and
  5. To post reviews of Professionals.

The provision of your personal information is required in order to enter into an Electronic Service Agreement. Your refusal to give your personal information will prevent Doctoralia from providing services to you.

Your consent to the processing of personal data for information concerning your health is required to book an appointment with your selected Professional. If you refuse your consent, you will be unable to book an appointment with your selected Professional.

Your consent to the processing of your health-related personal data is required to ask a Professional questions. If you refuse your consent, you will be unable to ask a Professional a question.

Your consent to the processing of your health-related personal data is required to post a review of a Professional. If you refuse your consent, you will be unable to post a review of a Professional.

What personal information may be collected by Doctoralia during the appointment booking process?

Doctoralia may collect the following personal information about you during the appointment booking process:

  • your name and surname;
  • your email address;
  • your phone number; and
  • the date and type of your appointment.

Where individual Professionals or Institutions require further personal information to book an appointment, Doctoralia will collect such information from you as a user; this includes, e.g., your personal identification number (PESEL).

Does Doctoralia transmit my personal information to other parties (e.g. companies, firms or doctors)?

If an appointment is booked with a selected Professional, your personal information as a user will be transmitted to that Professional or the Institution at which the Professional provides his or her services. Your personal information so transmitted may be visible not only to the Professional himself or herself but also to individuals who are employed by the Professional or work at the Institution such as nurses, receptionists or medical assistants.

    Doctoralia may also transmit your personal information to the following categories of recipients:
  • accounting and audit firms;
  • law firms;
  • IT service providers, including companies hosting ,the servers used by Doctoralia; and
  • call centre, bulk SMS and email service providers.

Doctoralia also transmits anonymised cookies and other anonymised information about the Website users to third parties. Such information does not allow to decipher the activity of a specific user on the Website or to identify that user but it allows to determine the geography, statistics and demographics of users. That information is transmitted for the purposes of improving the operation of the Website by implementing appropriate tools to enhance the Website’s appeal.

Does Doctoralia transfer my personal information outside of the European Economic Area?

Doctoralia may transfer your personal information outside of the European Economic Area because of agreements it has with third parties, specifically those relating to the maintenance of its IT infrastructure. Transfers of your personal information are based on appropriate legal mechanisms such as model contract clauses, the Privacy Shield regime or other similar legal instruments provided for in the GDPR.

Will my personal information be visible to other people or Internet users?

Your personal information such as your name or surname, your question to a Professional and your posted review of a Professional may be visible to other people and Internet users. This personal data is not anonymised by Doctoralia and is displayed in those Professional Profiles to which you have posted your review as a user.

May I revoke my consent to the processing of my health-related personal data?

Yes, you may. Each and every user may revoke his or her consent to the processing of his or her health-related personal data. You may revoke your consent at any time. To revoke your consent to the processing of your health-related personal data, go to the “Personal Data” section of your Account. Doctoralia would like to inform you that if you revoke your consent, it will not affect the lawfulness of the processing carried out by Doctoralia before you withdrew your consent.

Does Doctoralia have access to private questions or messages?

Private questions and messages are stored on the servers and in the databases of Doctoralia. Therefore, Doctoralia does have access to private questions or messages. However, such access is restricted only to those employees who are involved in server and database administration and have special authorisations granted by Doctoralia. In addition, Doctoralia uses special tools designed to identify and prevent abuses and risks related to the use of the Website. Those tools automatically monitor the content published on the Website, including private questions and messages.

Does Doctoralia process personal information of its users (patients) for marketing purposes?

No, we do not. Doctoralia does not use personal information of its users who are patients for marketing purposes.

Does Doctoralia use profiling?

Doctoralia may use anonymised data provided by the Website users (cookie files or information of the device used, etc.) for profiling, i.e. tailoring the Website content to user preferences. The legal basis for doing so is the legitimate interest of Doctoralia (Article 6.1(f) of the GDPR). Having reviewed the protection of the rights and freedoms, we concluded that such activities have no material impact on user privacy. Those activities enable us to provide better services and tailor the Website to user needs. Therefore, those activities reflect the user expectations.

How long will Doctoralia keep my personal information?

Doctoralia will keep your personal information throughout the term of the Electronic Service Agreement. Following the termination of the Agreement, your personal information will be retained for the period of limitation for possible claims, including tax or civil claims.

What rights do I have as a user in respect of my personal information?

  1. Right to object – Article 21 of the GDPR.
  2. Each and every user has the right to object to the use of his or her personal information, including profiling, where Doctoralia processes personal information based on its legitimate interests (Article 6.1(f) of the GDPR) or for profiling or direct marketing purposes.

    Opting-out (unsubscribing) from receiving commercial information or making an objection to receiving requests for completing satisfaction surveys following a booked appointment will amount to an objection to the processing of personal data. If such an objection is consistent with the law, then Doctoralia will no longer process the personal data for that purpose.

  3. Right of access – Article 15 of the GDPR.
  4. Each and every user has the right to obtain confirmation from Doctoralia as to whether or not his or her personal information is being processed by Doctoralia. To provide such confirmation to the relevant individual without infringing the rights of others, Doctoralia may ask for additional information to verify your identity.

      When exercising this right, each and every user may:
    1. access the personal information held about him or her;
    2. receive information about the purposes of processing; the categories of the personal data processed; the recipients or categories of recipients of such data; the envisaged period for which the personal data will be stored or the criteria used to determine that period; the existence of the rights conferred by the GDPR; and the right to lodge a complaint with asupervisory authority; the source of such data; the existence of automated decision- making, including profiling; and the safeguards used with relation to transfers of such data outside of the EEA.
      Additionally, each and every user may obtain a copy of his or her personal information undergoing processing by Doctoralia.

  5. Right to rectification – Article 16 of the GDPR.
  6. Each and every user has the right to have the personal data concerning him or her rectified if his or her personal data being processed by Doctoralia is inaccurate. In addition, each and every user has the right to have incomplete personal data completed, including by means of providing a supplementary statement regarding the data.

  7. Right to be forgotten – Article 17 of the GDPR.
  8. Each and every user has the right to have a part or all of his or her personal information erased. This may happen where:

    1. The consent to the processing of personal data is revoked;
    2. The personal data is no longer necessary in relation to the purposes for which is was processed by Doctoralia;
    3. An objection is made pursuant to Article 21 of the GDPR and Doctoralia has no other legitimate grounds for the processing of personal data;
    4. The personal data has been unlawfully processed; or
    5. The personal data has to be erased for compliance with a legal obligation in the European Union law or in the laws of Poland.

    Despite the exercise of the right to be forgotten, Doctoralia may continue to process all or any part of the personal data for reasons including compliance with any legal obligations to which Doctoralia is subject (e.g. tax obligations) or for seeking or defence of legal claims.

  9. Right to restriction of processing – Article 18 of the GDPR.
  10. Each and every user has the right to have the processing of the personal data concerning him or her restricted under Article 18 of the GDPR. This right means that you may request that your personal data is not processed until your request is disposed of. In such a case, you will only have access to those functionalities of Doctoralia.pl that do not involve the use of personal data.

    This right may be exercised where one of the following applies:

    1. The accuracy of your personal data is contested by you as a user; then Doctoralia will restrict the use of such data for a period enabling it to verify the accuracy of the personal data, however, for no longer than 14 days;
    2. The accuracy of your personal data is contested by you as a user; then Doctoralia will restrict the use of such data for a period enabling it to verify the accuracy of the personal data, however, for no longer than 14 days;
    3. Your personal data as a user is no longer needed for the purposes for which it was collected or used, but it is required for the establishment, exercise or defence of legal claims; or
    4. You as a user have objected to the use of your personal data; then the restriction is valid pending the verification whether the protection of your interests, rights and freedoms overrides the interests pursued by Doctoralia in processing of your personal data.

  11. Right to data portability – Article 20 of the GDPR.
  12. Each and every user has the right to the portability of the personal data concerning him or her under Article 20 of the GDPR. The right to data portability means that you have the right to receive the personal data which you have provided to Doctoralia in a structured format. That data can then be transmitted to any entity of your choosing. Alternatively, you may request Doctoralia to transmit the data to another controller, as designated by you as a user, where technically feasible.

Do I have the right to complain about the processing of my personal information?

Yes, you do. Every user may lodge a complaint to the supervisory authority which is the Inspector The Information Commissioner’s Office Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF

How does Doctoralia safeguard my personal information?

Doctoralia endeavours to ensure that the personal information being processed is kept secure. To this end, technical and organisational measures are applied which are designed to safeguard your personal information. Those measures specifically include:

  • Regular testing of the IT infrastructure for security;
  • Controlled access to data within the organisation of Doctoralia; and
  • Using cryptographic methods.