DIMEDIC PRIVACY NOTICE
Please read me
We are Dimedic Limited, the data controller of the personal data we collect about you. We are registered in the UK Companies House under 09290911 with our registered address the same as our post address .
We provide an online clinic, consultation, treatment and prescribing service for a limited number of medical conditions to patients primarily from Europe incl. the UK.
We act under a valid license granted by Care Quality Commission (CQC) under ID Provider number 1-1894320254.
If you have any questions about this privacy notice or data protection generally or you want to exercise your rights, please contact our Data Protection Officer (DPO) via email or post.
The Dimedic DPO
104 Close, Quayside,
Newcastle Upon Tyne,
Tyne And Wear,
We have a “Contact us” section on our website.
Personal data we collect about you
We may collect and use different kinds of personal data about you depending on our relationship with you. The personal data we will or may collect in the course of providing you with our services, may include special category data, which is data of a sensitive nature that includes
Table setting out the personal data we collect
|Personal Data||Where the data comes from|
Identification and Contact Data- including e.g.:
|From you when you contact us, make an appointment, when you respond to communications from us, ask for our support, communicate with us via email or share additional information about yourself through your use of our services, order or register to receive our services. We may collect certain data that can be used to identify you, contact you, to ensure we book you in for the right type and length of appointment for you or which we need for the administration and performance of our agreement with you.|
User data including e.g.:
||From you when you use our websites and when access our services and applications, we may collect information about how you access our these.|
Device Data including e.g.:
||From you when you use our websites and when access our services and applications, we may collect information about how you access our these.|
Registration details- including e.g.:
||From you when you order or register to receive our services, we may collect certain data that can be used to identify you, contact you or which we need for the administration and performance of our agreement with you.|
Appointment Details - including e.g.:
Information provided by other people on your behalf
If someone books an appointment on your behalf, we’ll ask them for basic details about you, which may include health details such as whether you have a family history of diabetes or glaucoma. This is to ensure we book you in for the right type and length of appointment. We’ll check with you when you come to your appointment to make sure the information we’ve been given is accurate.
Financial or economic data including e.g.:
Information we collect through your payments
Details about the payments you make to us when you purchase our services.
Forum data - including e.g.:
Data provided by you via our Forum
Your personal data you upload to the forum, will be visible to other forum users. We recommend that you secure your anonymity and information so that you do not allow others to identify you
Personal data that you provide to us
Details you provide when you apply for a vacancy with us, or when you register your interest in a position with us, or if you send a speculative job application to us.
Analytics Data such as:
information such as what website you were visiting before accessing our Website and other statistics related to our Products and Services
Our servers automatically record certain information regarding the use of our Website and our Products and Services.
Please see our Cookie Notice for further information.
Data received from third parties
Information we collect about you
We may collect or receive data about you from service providers, and other third parties, such as our customers, professional advisers, content providers, government authorities and public sources and records.
We may collect or receive data about you from a family member, or someone else acting on your behalf
We may collect or receive data about you from doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
We may collect or receive data about you from any service providers who work with us in relation to your product or service,
We may collect or receive data about you from organisations who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;
We may collect or receive data about you from fraud-detection and credit-reference agencies; and sources which are available to the public, such as the edited electoral register or social media.
We may receive information from advertising companies
Data we receive via technology from entities such as google.
Username and any other content you reveal in your comments. Questions or feedback regarding us
Information we collect about you
We may collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
|Your behaviour, preferences and interests||
Information we collect about you
We will also collect details of your interactions with us through telephone contact, online and when you use our websites and applications.
Health Data including:
This information can be received from you, your career, GP or health records provided to us by you when you use our services.
Details taken during your appointment
|These details are provided by you to the Medical Doctor during your appointment thorough analysis of your state of health that will help the doctor to determine if and what medicine to prescribe you which you can use safely.|
Before we prescribe medicines, we will ask you some questions about your health to help us check that the medicine we are prescribing is right for you. We understand that your health data is sensitive and will only use it to provide you with our services and that of our partners if you choose to use their services.
We may contact you by email or phone number about our services, so please ensure that you're happy with the security and privacy of the email account you provide us with.
You can manage your communication preferences in our user panel.
What if you don’t give us your personal data
Where we need your personal data to provide you with our services and you can’t or don’t want to give it to us, we likely won’t be able to provide you with those services.
How & why we use your personal data
- We need to use your personal data to provide our services.
- If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- We must have a reason (lawful basis) for processing your personal data.
- The legal reasons we rely on are summarised in our ‘Lawful basis’ table.
Lawful Basis of Processing Table
Contract Performance - We use your personal data on the basis that it is necessary for us to provide our services and products to you.
When you register with us you are entering into a contract to for our services.
When we provide our services to you, administer your account, and take payment.
To process your appointment requests
When we deal with any transaction, respond to your queries, refund requests and complaints. Handling the information, you submit to us enables us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout.
To fulfil purchase requests using payment cards.
Actual delivery of products or services, in physical or digital form, that you may have purchased from us.
We hold personal data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience.
When we rely on this as the legal reason for using your data, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection law.
Our legitimate business interests don’t automatically override your interests - we won’t use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent, or we can by law.
We process your data to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
To manage our relationship with you, our business and third parties who provide products or services for us
When we respond to your queries and complaints.
To deliver the best possible web experience, we collect technical information about your computer or device, internet connection and browser as well as the country, where your computer or device is located, your IP address, the pages viewed during your visit, the advertisements you clicked on, any search terms you may enter on our Website and other information about your visit and how you used our Website
When we capture your product reviews, for example when you buy goods and services from us we may follow it up with an enquiry about your experience of the product to help us gauge customer satisfaction.
Ensuring that our marketing is tailored to your interests and to keep our records up to date and to provide you with marketing as allowed by law.
For statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones.
To contact you about market research we are carrying out.
To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
When you place an order on our website, we carry out identity verification and anti-money laundering checks, validating the personal data you give against appropriate third-party databases. This involves sharing your personal data with organisations such as which verify those details and transactions and pick up on anything that may indicate illegal activity. This may in some cases involve the disclosure of data to a Credit Reference Agency, which will keep a record of that data and may pass it to the police.
We may use your personal data to comply with laws (for example, if we are required to cooperate with a police investigation after a court order ordered us to.
To prevent and detect fraudulent or criminal activity we may share data with forces such as the Police. This is done in a safe and secure manner. You may not be notified of this.
For accounting and taxation purposes
We supply clinical and healthcare services and as part of this, we are required to share certain amounts of personal data to meet regulatory and legal obligations.
To comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
We may have to get your consent to use your personal data such as when we collect and use sensitive data about you or when we want to send you from us or third party direct marketing communications to you via email, letters or phone calls (by phone call or SMS).
Where we process your personal data on this basis you have the right to withdraw consent at any time by contacting us.
Marketing our Products and Services generally
Collecting sensitive data
When we get your consent to share information about your treatment with your own GP and/or health team.
Additional lawful basis required for health data
|Your health data|
Your health data is personal data that needs more protection because it is sensitive and so in addition to the legal grounds set out in the lawful basis of processing table we rely on above we require an additional lawful reason to process your health data, which we have set out below:
|Processing is necessary for the purpose of the provision of healthcare or treatment||
We provide support for individuals with a disability or medical condition.
When you have an appointment with our medical doctors so they can assess and treat you
When we provide you with prescriptions and/or medicinal products.
|it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for||
For example, investigations in response to safeguarding concerns, or a regulator (such as the Care Quality Commission telling us about an issue).
It is in the public interest, in line with any laws that apply.
As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it.
If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission.
If we cannot provide a product or service without your permission (for example, we can’t manage and run DiMedic without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
We do not want to collect personal data from people under the age of 16 or let them give us their personal data without their parent or guardian’s consent. In the event we learn that we collected personal information from anyone under the age of 16, and do not have a parent or guardian's consent, we will delete that data as quickly as possible.
Sharing personal data
Do you share my personal data?
Sometimes we share your personal data to get help in running our business, delivering our medicines, applications, or services or where we are obliged to share information by law.
We require all organisations we share your personal data with to respect the security of your personal data and to treat it in accordance with the law.
We will not sell, rent, or lease your personal data to any third party.
Who we share personal data with
- our group companies, business partners, our employees, consultants, agents, and professional advisors
- courts of law and government or regulatory authorities
- third-party service providers to assist us with client insight analytics, such as Google Analytics
- other organisations for the purposes of fraud/crime protection and investigation
- anyone else with your permission
- third parties to which we outsource certain services such as couriers, IT systems or software providers, IT support service providers, companies providing e-mail/SMS/call centre services and document and data storage providers;
Do you share my personal data overseas?
Your data may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal data.
When we do this, we’ll ensure it has an appropriate level of protection and the transfer is made in line with data-protection laws. Often, this protection is set out under a contract with the organisation who receives that information. For more information about this protection, please contact us.
How do you keep my personal data safe?
We use a number of ways to keep your date safe and protected including:
- data transmission encryption with SSL protocols
- databases encryption and refraining from keeping the user’s passwords visible;
- internal data access procedures available only to authorised staff;
- anti-virus software.
We require our staff and any others who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any data and applying appropriate measures for the use and transfer of data.
We have procedures in place to deal with any suspected data security breach. We will notify of a suspected data security breach where we are legally required to do so.
Our information infrastructure boundary
We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own data.
We may use your personal data for marketing
We may use your data to provide you with details about our products and services, and products and services from our partners and other relevant third parties. We may send you marketing messages for example by email. You can manage your marketing communication settings in your users panel.
What if you don’t want to receive marketing information
You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please email us describing your preferences or use the ‘unsubscribe’ function in the emails we send you.
We may use personal data for market research
We may use your data for market research and to identify trends. Market research agencies acting on our behalf could get in touch with you by post, telephone, email, or other methods of communication to invite you to take part in research. If you are contacted about market-research, you do not have to participate. If you tell us that you do not want to receive market-research communications, we will respect this.
Data subject rights
You have several rights under data protection laws, the rights available to you depend on our reason for processing your data. For more information on your rights under the GDPR, see https://ico.org.uk/for-the-public/
Table of your data subject Rights
|Your data subject rights|
|Right to be informed: We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal data and our use of it. We have written this notice to do just that, but if you have any questions or require more specific information, you can contact us.|
|Right of access: You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information. In most cases, this will be free of charge, but in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. Please contact us to use your right of access.|
|Right to rectification: You have the right to ask us to rectify data you think is inaccurate, contact us. You also have the right to ask us to complete data you think is incomplete. This right always applies. Contact us.|
Right to erasure: You have the right to ask us to erase your personal data in certain circumstances, contact us. We have the right to refuse to comply with a request for erasure if we are processing the personal data for one of the following reasons:
Right to restriction of processing: You may ask us to stop processing your personal data – contact us . We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
|Right to object to processing: You have the right to object to processing in certain circumstances, contact us. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party)|
Right to data portability
The right only applies if we are processing data based on your consent or for the performance of a contract and the processing is automated. Contact us.
|The data subject right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Contact us.|
Using your rights
In most cases you don’t have to pay anything for using your rights.
To exercise your rights or get more information about exercising them contact us we will respond to you within one month. It would be helpful if you give us enough information to identify you and the date to which your request relates, including any useful details or dates.
How long we keep personal data
We will keep your personal data for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and in line with set periods calculated our criteria.
- How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
- How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
- Any time limits for making a claim.
- Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
- Any relevant proceedings that apply.
We collect certain data automatically and store it in log files. We sometimes collect data about our visitor's behaviour during their visits to our websites to help us provide better customer service, to improve the quality of our website experiences or to tailor advertising. For more information on which cookies we use and how we use them, please see our Cookie Notice
How you can complain
We hope that we can resolve any query or concern you raise about our use of your data. So please contact us first. All complaints will be treated in a confidential manner and we will try our best to deal with your concerns.
You have the right to lodge a complaint with a supervisory authority, in the UK or EEA member state where you work or normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner’s Office, which may be contacted at https://ico.org.uk/concerns or by telephone on (+44) 0303 123 1113. Please find the details of the other supervisory authorities https://edpb.europa.eu/about-edpb/board/members_en.
Links to other websites
Our application and websites include social media features and links, such as an icon that link to the Dimedic presence on that specific site (e.g., our page on Twitter). These features may collect your IP address and information on which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by another company or are hosted directly on our site. Your interactions with these features are governed by the privacy notice of the company providing it.
Changes to this document
We keep this document under regular review to make sure it is up to date and accurate. We encourage you to review this page regularly to identify any updates or changes to our Privacy Notice.
If you need extra help
If you would like this website Privacy Notice in another format (for example: audio, large print, braille) please contact us.