DIMEDIC PRIVACY NOTICE



Please read me

Our commitment

We are committed to using your personal data to make things simpler for you and help you to improve your overall health and wellbeing. We’ll always keep your personal data safe and will never sell it to third parties. We’ll be clear and open with you about why we collect your personal data and how we use it. Where you have choices or rights, we’ll explain them to you and respect your wishes. We’ve written this Privacy Policy in plain English to tell you how and why we use your personal data. We hope you’ll find it clear and simple but if you have any concerns or questions please feel free to contact us.


About us

The Company

We are Dimedic Limited, the data controller of the personal data we collect about you. We are registered in the UK Companies House under 09290911 with our registered address the same as our post address .

We provide an online clinic, consultation, treatment and prescribing service for a limited number of medical conditions to patients primarily from Europe incl. the UK.


Our Licence

We act under a valid license granted by Care Quality Commission (CQC) under ID Provider number 1-1894320254.



Contact us

Our UK office is located at 104 Close, Quayside, Newcastle Upon Tyne, Tyne and Wear, England, NE1 3RF Email: dpo@dimedic.eu

We have appointed GRCI Law as our DPO and if you have any questions about this privacy notice, data processing practices, data protection matters generally, or you wish to exercise your legal rights you can contact them using the details set out below or via dpo@dimedic.eu.

Data Protection Officer
GRCI Law
Unit 3 Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely CB7 4EA
Email: dpoaas@grcilaw.com

Telephone: +44 (0) 333 800 7000

Our EU representative:

Email: dpo@dimedic.eu
Address: ul. Pojezierska 90a, 91-341 Łódź

Our LT representative:

Email: dpo.lt@dimedic.eu
Address: Gynėjų str. 4-333, LT-01109 Vilnius

Contact Us

We have a “Contact us” section on our website.


Personal data we collect about you

We may collect and use different kinds of personal data about you depending on our relationship with you. The personal data we will or may collect in the course of providing you with our services, may include special category data, which is data of a sensitive nature that includes


Table setting out the personal data we collect

Personal Data Where the data comes from

Identification and Contact Data- including e.g.:

  • Your Contact Details such as your email and phone numbers
  • Your Identification details such as your name and title
  • The country you live in
  • Gender
  • Appointment Details
  • Family medical History
  • Health Details
  • Registration details
  • Date of birth
  • Details of any contact we have had with you, such as any complaints or incidents
  • Information about how you use our products and services
From you when you contact us, make an appointment, when you respond to communications from us, ask for our support, communicate with us via email or share additional information about yourself through your use of our services, order or register to receive our services. We may collect certain data that can be used to identify you, contact you, to ensure we book you in for the right type and length of appointment for you or which we need for the administration and performance of our agreement with you.
User data including e.g.:
  • information about you, such as your identification and email address, your email address encrypted by us, your purchase or your preferences we gather from our interaction with you
  • the resources that you access, including the pages of our website that you view, information about your visit, including the URL clickstream to, though and from our site or a location you use in connection with your account
From you when you use our websites and when access our services and applications, we may collect information about how you access our these.
Device Data including e.g.:
  • IP address
  • login information
  • browser type and version
  • time zone setting
  • browser plugin types and versions
  • operating system and platform
  • traffic data,
  • location data
  • data, logs, text, audio, images
  • device’s unique identifier (e.g. UDID, IMEI address)
From you when you use our websites and when access our services and applications, we may collect information about how you access our these.
Registration details- including e.g.:
  • Name
  • Email Address
  • Postal Address
  • Phone Number
  • User ID
  • IP Address
From you when you order or register to receive our services, we may collect certain data that can be used to identify you, contact you or which we need for the administration and performance of our agreement with you.

Appointment Details - including e.g.:

  • Name and other Identification details
  • Family medical History
  • Health Details
  • Gender
  • Age
  • Relationship with the appointment maker

Information provided by other people on your behalf

If someone books an appointment on your behalf, we’ll ask them for basic details about you, which may include health details such as whether you have a family history of diabetes or glaucoma. This is to ensure we book you in for the right type and length of appointment. We’ll check with you when you come to your appointment to make sure the information we’ve been given is accurate.

Financial or economic data including e.g.:

  • Bank Account
  • The results of any credit checks we have made on you

Information we collect through your payments

Details about the payments you make to us when you purchase our services.

Forum data - including e.g.:

  • Feedback
  • Comments
  • Information and Content uploaded
  • username

Data provided by you via our Forum

Your personal data you upload to the forum, will be visible to other forum users. We recommend that you secure your anonymity and information so that you do not allow others to identify you

Application data

  • Identification and Contact Details
  • CV
  • Previous and current Employment details
  • Referees
  • Nationality and immigration status, passport and other identification and immigration information including copies of right to work documentation

Personal data that you provide to us

Details you provide when you apply for a vacancy with us, or when you register your interest in a position with us, or if you send a speculative job application to us.

Analytics Data such as:

information such as what website you were visiting before accessing our Website and other statistics related to our Products and Services

Our servers automatically record certain information regarding the use of our Website and our Products and Services.

Data received from third parties
  • Identification
  • Contact Details
  • Health Details
  • Your interests and preferences

Information we collect about you

We may collect or receive data about you from service providers, and other third parties, such as our customers, professional advisers, content providers, government authorities and public sources and records.

We may collect or receive data about you from a family member, or someone else acting on your behalf

We may collect or receive data about you from doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;

We may collect or receive data about you from any service providers who work with us in relation to your product or service,

We may collect or receive data about you from organisations who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;

We may collect or receive data about you from fraud-detection and credit-reference agencies; and sources which are available to the public, such as the edited electoral register or social media.

We may receive information from advertising companies

Data we receive via technology from entities such as google.

Social Media

Username and any other content you reveal in your comments. Questions or feedback regarding us

Information we collect about you

We may collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

Your behaviour, preferences and interests

Information we collect about you

We will also collect details of your interactions with us through telephone contact, online and when you use our websites and applications.

Health Data including:

  • information about your illnesses, conditions, medicinal purchases, and prescriptions.
  • information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and records of medical services you have received);
  • information about your race, ethnic origin and religion (we may get this information from your medical preferences to allow us to provide care that is tailored to your needs).

This information can be received from you, your career, GP or health records provided to us by you when you use our services.

Details taken during your appointment
This may include:

  • details of any appointments with GPs
  • results of any scans, X-rays and pathology tests;
  • details of any diagnosis and treatments given;
  • details of any longstanding health concerns and conditions;
  • details about your health, treatment and care and other relevant information from health professionals, care providers or relatives who care for you;
  • information about any allergies;
  • correspondence from other Health and Social Care providers that provide you with services.
These details are provided by you to the Medical Doctor during your appointment thorough analysis of your state of health that will help the doctor to determine if and what medicine to prescribe you which you can use safely.


Health data

Before we prescribe medicines, we will ask you some questions about your health to help us check that the medicine we are prescribing is right for you. We understand that your health data is sensitive and will only use it to provide you with our services and that of our partners if you choose to use their services.



Service contact

We may contact you by email or phone number about our services, so please ensure that you're happy with the security and privacy of the email account you provide us with.

You can manage your communication preferences in our user panel.



What if you don’t give us your personal data

Where we need your personal data to provide you with our services and you can’t or don’t want to give it to us, we likely won’t be able to provide you with those services.



How & why we use your personal data

  • We need to use your personal data to provide our services.
  • If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  • We must have a reason (lawful basis) for processing your personal data.
  • The legal reasons we rely on are summarised in our ‘Lawful basis’ table.

Lawful Basis of Processing Table

Legal Basis Details Example
Contractual

Contract Performance - We use your personal data on the basis that it is necessary for us to provide our services and products to you.

When you register with us you are entering into a contract to for our services.

When we provide our services to you, administer your account, and take payment.

To process your appointment requests

When we deal with any transaction, respond to your queries, refund requests and complaints. Handling the information, you submit to us enables us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout.

To fulfil purchase requests using payment cards.

Actual delivery of products or services, in physical or digital form, that you may have purchased from us.

Legitimate Interests

We hold personal data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience.

When we rely on this as the legal reason for using your data, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection law.

Our legitimate business interests don’t automatically override your interests - we won’t use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent, or we can by law.

We process your data to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.

To manage our relationship with you, our business and third parties who provide products or services for us

When we respond to your queries and complaints.

To deliver the best possible web experience, we collect technical information about your computer or device, internet connection and browser as well as the country, where your computer or device is located, your IP address, the pages viewed during your visit, the advertisements you clicked on, any search terms you may enter on our Website and other information about your visit and how you used our Website

When we capture your product reviews, for example when you buy goods and services from us we may follow it up with an enquiry about your experience of the product to help us gauge customer satisfaction.

Ensuring that our marketing is tailored to your interests and to keep our records up to date and to provide you with marketing as allowed by law.

When measure the effectiveness of our advertising on the website conversions and social media campaigns in order to optimise our campaigns on social media platforms such as Facebook, Instagram, Messenger and WhatsApp.

For statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones.

To contact you about market research we are carrying out.

To enforce or apply our website terms of use, our policy terms and conditions or other contracts.

To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.

When you place an order on our website, we carry out identity verification and anti-money laundering checks, validating the personal data you give against appropriate third-party databases. This involves sharing your personal data with organisations such as which verify those details and transactions and pick up on anything that may indicate illegal activity. This may in some cases involve the disclosure of data to a Credit Reference Agency, which will keep a record of that data and may pass it to the police.

Legal Obligations

We may use your personal data to comply with laws (for example, if we are required to cooperate with a police investigation after a court order ordered us to.

To prevent and detect fraudulent or criminal activity we may share data with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this.

For accounting and taxation purposes

We supply clinical and healthcare services and as part of this, we are required to share certain amounts of personal data to meet regulatory and legal obligations.

To comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Consent

We may have to get your consent to use your personal data such as when we collect and use sensitive data about you or when we want to send you from us or third party direct marketing communications to you via email, letters or phone calls (by phone call or SMS).

Where we process your personal data on this basis you have the right to withdraw consent at any time by contacting us.

Marketing our Products and Services generally

Collecting sensitive data

When we get your consent to share information about your treatment with your own GP and/or health team.


Additional lawful basis required for health data

Your health data

Your health data is personal data that needs more protection because it is sensitive and so in addition to the legal grounds set out in the lawful basis of processing table we rely on above we require an additional lawful reason to process your health data, which we have set out below:

Processing is necessary for the purpose of the provision of healthcare or treatment

We provide support for individuals with a disability or medical condition.

When you have an appointment with our medical doctors so they can assess and treat you

When we provide you with prescriptions and/or medicinal products.

it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for

For example, investigations in response to safeguarding concerns, or a regulator (such as the Care Quality Commission telling us about an issue).

Public Interest

It is in the public interest, in line with any laws that apply.

Express Consent

As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it.

If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission.

If we cannot provide a product or service without your permission (for example, we can’t manage and run DiMedic without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.



Children’s data

We do not want to collect personal data from people under the age of 16 or let them give us their personal data without their parent or guardian’s consent. In the event we learn that we collected personal information from anyone under the age of 16, and do not have a parent or guardian's consent, we will delete that data as quickly as possible.



Sharing personal data

Do you share my personal data?

Sometimes we share your personal data to get help in running our business, delivering our medicines, applications, or services or where we are obliged to share information by law.

We require all organisations we share your personal data with to respect the security of your personal data and to treat it in accordance with the law.

We will not sell, rent, or lease your personal data to any third party.

Who we share personal data with

  • our group companies, business partners, our employees, consultants, agents, and professional advisors
  • courts of law and government or regulatory authorities
  • third parties to which we outsource certain services such as couriers, IT systems or software providers, IT support service providers, and document and data storage providers
  • third-party service providers to assist us with client insight analytics, such as Google Analytics and Facebook
  • third-party service providers to assist us with optimisation our social media marketing campaigns on Facebook, Instagram, Messenger and WhatsApp.
  • third-party service providers which gather user opinion about our portal like Opineo.
  • other organisations for the purposes of fraud/crime protection and investigation
  • anyone else with your permission

Do you share my personal data overseas?

Your data may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal data.

When we do this, we’ll ensure it has an appropriate level of protection and the transfer is made in line with data-protection laws. Often, this protection is set out under a contract with the organisation who receives that information. For more information about this protection, please contact us.



How do you keep my personal data safe?

We use a number of ways to keep your date safe and protected including:

  • data transmission encryption with SSL protocols
  • databases encryption and refraining from keeping the user’s passwords visible;
  • internal data access procedures available only to authorised staff;
  • anti-virus software.

Staff

We require our staff and any others who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any data and applying appropriate measures for the use and transfer of data.


Procedures

We have procedures in place to deal with any suspected data security breach. We will notify of a suspected data security breach where we are legally required to do so.


Our information infrastructure boundary

We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own data.



Marketing

We may use your personal data for marketing

We may use your data to provide you with details about our products and services, and products and services from our partners and other relevant third parties. We may send you marketing messages for example by email. You can manage your marketing communication settings in your users panel.


What if you don’t want to receive marketing information

You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please email us describing your preferences or use the ‘unsubscribe’ function in the emails we send you.


We may use personal data for market research

We may use your data for market research and to identify trends. Market research agencies acting on our behalf could get in touch with you by post, telephone, email, or other methods of communication to invite you to take part in research. If you are contacted about market-research, you do not have to participate. If you tell us that you do not want to receive market-research communications, we will respect this.



Data subject rights

You have several rights under data protection laws, the rights available to you depend on our reason for processing your data. For more information on your rights under the GDPR, see https://ico.org.uk/for-the-public/


Table of your data subject Rights

Your data subject rights
Right to be informed: We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal data and our use of it. We have written this notice to do just that, but if you have any questions or require more specific information, you can contact us.
Right of access: You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information. In most cases, this will be free of charge, but in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. Please contact us to use your right of access.
Right to rectification: You have the right to ask us to rectify data you think is inaccurate, contact us. You also have the right to ask us to complete data you think is incomplete. This right always applies. Contact us.

Right to erasure: You have the right to ask us to erase your personal data in certain circumstances, contact us. We have the right to refuse to comply with a request for erasure if we are processing the personal data for one of the following reasons:

  • to exercise the right of freedom of expression and information.
  • to comply with a legal obligation.
  • to perform a task in the public interest or exercise official authority.
  • for archiving purposes in the public interest, scientific research, historical research, or statistical purposes.
  • for the exercise or defence of legal claims.

Right to restriction of processing: You may ask us to stop processing your personal data – contact us . We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

  • The accuracy of the personal data is contested.
  • Processing of the personal data is unlawful.
  • We no longer need the personal data for processing, but the personal data is required for part of a legal process.
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
Right to object to processing: You have the right to object to processing in certain circumstances, contact us. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party)

Right to data portability

The right only applies if we are processing data based on your consent or for the performance of a contract and the processing is automated. Contact us.

The data subject right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Contact us.

Using your rights

In most cases you don’t have to pay anything for using your rights.

To exercise your rights or get more information about exercising them contact us we will respond to you within one month. It would be helpful if you give us enough information to identify you and the date to which your request relates, including any useful details or dates.



How long we keep personal data

We will keep your personal data for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and in line with set periods calculated our criteria.


Our Criteria

  • How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
  • How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
  • Any time limits for making a claim.
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
  • Any relevant proceedings that apply.


We use cookies

We collect certain data automatically and store it in log files. We sometimes collect data about our visitor's behaviour during their visits to our websites to help us provide better customer service, to improve the quality of our website experiences or to tailor advertising. For more information on which cookies we use and how we use them, please see our Cookie Notice



How you can complain

We hope that we can resolve any query or concern you raise about our use of your data. So please contact us first. All complaints will be treated in a confidential manner and we will try our best to deal with your concerns.

You have the right to lodge a complaint with a supervisory authority, in the UK or EEA member state where you work or normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner’s Office, which may be contacted at https://ico.org.uk/concerns or by telephone on (+44) 0303 123 1113. Please find the details of the other supervisory authorities https://edpb.europa.eu/about-edpb/board/members_en.



Links to other websites

Where we provide links to websites of other organisations, this Privacy Notice does not cover how that organisation processes personal data. We do not control such third-party websites and are not responsible for their content or privacy statements. We would encourage you to read the privacy policy of every website you visit.



Social media

Our application and websites include social media features and links, such as an icon that link to the Dimedic presence on that specific site (e.g., our page on Twitter). These features may collect your IP address and information on which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by another company or are hosted directly on our site. Your interactions with these features are governed by the privacy notice of the company providing it.



Changes to this document

We keep this document under regular review to make sure it is up to date and accurate. We encourage you to review this page regularly to identify any updates or changes to our Privacy Notice.



If you need extra help

If you would like this website Privacy Notice in another format (for example: audio, large print, braille) please contact us.