Privacy Notice
This Privacy Notice describes how Digimed Technologies Limited (or otherwise referred to herein as “Digimed”,” Company” “us” or “we”) treats your personal information and the data provided to us in order to be able to manage our relationship. We manage any personal information you provide to us (either through the website www.digimed.health, our mobile application, or through any other similar means) and process, store it or erase it in the manner specified in this Privacy Notice and in line with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (Cap 586 of the Laws of Malta). We at Digimed are committed and adequately equipped to comply with all data protection principles and obligations set out at law and adhere to these standards at all times.
1. Who are we?
We are Digimed Technologies Limited, a limited liability company registered in Malta under registration number (C 98180) with registered address at 204A, Vincenti Building, Old Bakery Street, Valletta, Malta. You can contact us by writing at [email protected]
We have appointed a Data Protection Officer, who may be contacted at [email protected]
2. User Types
This Privacy Notice is set out in sections based on the way you interact with the Digimed platform. You are either a patient, an independent Healthcare professional, an approved Pharmacy, or a B2B Client. Depending on which user type you are we explain what information we collect, what cookies and other similar technologies we use, how we share such information and protect your rights.
3. Why do we collect personal data?
If you are a patient.
We need to collect data from you to be able to create and manage your user account with us, and to facilitate the provision of telemedicine services offered by third party independent Healthcare professionals subscribed to the platform.
This may include the need to share these data with our partner companies and service providers, with whom we would have established safeguards to protect your data, for the purpose of providing you with our services as requested when you signed up and accepted our terms and conditions.
When we provide our services to our customers, we must collect personal data from you so that we can comply with legal obligations we may be subject to, for company tax reporting obligations to the tax authorities, and to meet our obligation to assist authorities, when requested, in the investigation of potential criminal activity. Failure to provide us with the requested personal data will preclude us from providing you with our services. By using the Service, You allow Us to contact You by email regarding Service features, changes, maintenance, and other products that may be introduced from time-to-time.
We also have a legitimate interest to protect our services from promotion abuse, fraudulent activities, and internet security risks. This also allows us to ensure the security, integrity, accessibility and availability of our data and services.
We may offer marketing communications so that you are constantly kept updated with news about new products, special offers and other similar promotions. When this happens, we will ask for your consent to receive such communications. You will have the right at all times and at no cost to withdraw your consent either through your account profile privacy settings or by sending us an email at [email protected]
If you are a platform user.
We need to collect personal data from you so as to establish a business relationship with you, to vet your request of collaboration through our appointed Medical committee if you are an independent Healthcare professional, to contact you if needed. Some information you voluntarily provide via our application will be seen by patients who avail themselves of your services.
Digimed will also make its platform available to independent Healthcare professionals to allow them to use our platform as patient management. In this context, Digimed will serve as a data processor, following the instructions of practitioners.
4. What personal data do we collect?
If you are a patient.
We may collect and process the following categories of personal data to create and administer your Digimed account:
i. Personal identification and communication details provided to us by completing the registration form on the website/mobile application or any other information you submit to us through the website or by email.
ii. Verification documents provided for Identity, Age and Address, Payment Method verification and other documentation we may request to verify your account.
iii. Contact information collected through the website/mobile application, email, telephone, or other media.
iv. Your health insurance policy details you voluntarily provide.
v. Your answers to questionnaires or surveys we may conduct directly or through third parties.
vi. Elements of transactions, including financial accounts information that you may provide us, made through the website/mobile application.
vii. Details of your visits to the site/app, including but not limited to traffic data, site information, weblogs, location data, device data (device type, OS information, etc.), and other contact information.
viii. Photographs that you may upload voluntarily to complete your user profile
ix. Face recognition integration with the app and your mobile phone.
x. Location data obtained via your device.
xi. Health data and records you voluntarily provide – You are under no obligation to provide any such information, although failure to provide with certain personal data may prevent the Independent Healthcare Professional from providing you with the service requested.
xii. Identity verification documentation, that we will request to verify legal guardianship.
We may also collect personal data of minors and of vulnerable persons, for which we will always request authorization from the appointed legal guardian.
If you are an Independent Healthcare Professional
We may collect and process the following categories of personal data as a contractual requirement with You or with your Company:
– Email address
– First name and last name
– Specialty – if you are a practitioner
– Position or title – if you are an employee of one of our business customers.
– Mobile number
– Payment details
– Details of your visits to the site/app, including but not limited to traffic data, site information, weblogs, location data, device data (device type, OS information, etc.), and other contact information.
– Certificate of Registration with the Maltese Medical Council OR Registration from the appropriate Professional Council of equivalent repute and standards.
– Certificate of Good Standing (from the Maltese Medical Council – valid for 3 months from the date of issue). Doctors applying from overseas are to provide a Certificate of Good Standing issued from the most recent country of residence/ practice (valid for 3 months from the date of issue) (only applicable for Medical Doctors).
– Curriculum Vitae
– Specialist Registration Certificate
– Proof of Professional Indemnity
– Digital signature: copy of the signature and registration number
– Medical Council Registration number
– Area of specialization
– List of clinics
If you are a Pharmacy
We may collect and process the following categories of personal data as a contractual requirement with You or with your Company:
– Email address
– First name and last name
– Position or title – if you are an employee of one of our business customers.
– Mobile number
– Details of your visits to the site/app, including but not limited to traffic data, site information, weblogs, location data, device data (device type, OS information, etc.), and other contact information.
– Certificate of Registration with the Maltese Pharmacy Council.
– Pharmacy Council Registration number
5. Use of Cookies
We and/or other parties whom we duly authorise to do so (for example, third- party advertising services) use cookies and other technologies to enhance your online experience and to learn about how you use our services.
Cookies contain information that is transferred to your computer’s hard drive. They help us to improve the website/app and provide better and more personalized services. Some of the cookies we use are necessary for the operation of the site. For those types of cookies that do not contribute to the operations on the website, we are required to obtain your consent.
If you want to delete any cookies already stored on your computer or stop cookies that record your browsing habits on the webpage, you can do so by deleting your existing cookies and / or by changing your browser’s privacy settings to block cookies (the procedure you follow will vary depending on the browser). Please note that by deleting our cookies or by deactivating our future cookies, you may not be able to access certain sites or services on the site.
To find out more, please read our Cookie Notice.
6. Why do we process your data?
We use your personal data for the following purposes:
1) To create and manage your account;
2) To allow you to use the services offered via our platform;
3) To carry out identification procedures if required;
4) To process online payments;
5) To comply with the legal and regulatory frameworks governing our operations;
6) Conduct research, questionnaires, and analysis;
7) For company tax reporting obligations to the tax authorities, and any other relevant legislation that requires us to provide some personal information;
8) Detect any malicious or fraudulent activity;
When you explicitly consent to marketing, we use your data to provide you with information about site changes, new services, offers and promotions. In case you do not wish to no longer receive marketing information, you have the right to opt-out of this service. You can opt in again to receiving marketing communications by emailing our support department [email protected].
To provide our services, and for the purpose of preventing illegitimate use of our services, we may carry out profiling of our customers and their activities using automated processes. However, any decisions taken based on these profiles and information will be taken by natural persons.
Notwithstanding the generality of the above clause and the general terms of the Privacy Policy, Digimed shall be permitted to collect and process generic usage data of the Platform for its reasonable business purposes and the benefit and improvement of the Healthcare Professional’s customer experience. In the event that Digimed wishes to make use of any such data it shall ensure that it is adequately anonymized and utilized in the aggregate form of figures, totals, averages and percentages so that it will not identify the Healthcare Professional in any manner.
In line with GDPR regulations we use encryption and pseudonymization whenever feasible.
Lawful bases for processing
Digimed will process Your personal data under one of the conditions of Art.6 GDPR, namely:
– You have provided Your consent to the processing;
– The personal data You provided is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof;
– Processing is necessary for compliance with a legal obligation We are subject to;
– Processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party.
7. Where do we keep your data?
We take all industry standard precautions to keep your personal data secure within our servers, located in the European Union. These servers may in turn be accessed through encrypted connections over the internet. For this purpose, we do our utmost to follow best security practices and standards and to use providers which ensure an adequate level of security.
Servers will be held on AWS EU region.
8. Who do we share your personal data with?
The personal data you provide via your user profile, as well as the personal data generated through the usage of our platform, will be made available to the practitioner of your choice as approved by you on the platform; such practitioner will be the data controller for the personal data necessary to provide the service.
In the event of the need of supply of personal data to third parties, a specific opt-in for transfer of your data to these third parties will be provided where the names of such parties and the purpose such persons may use your data will be disclosed. Such events may include for example marketing.
We may also share your data with selected pharmacies, to allow you to avail yourself of the e-prescription issued by your practitioner, as part of the performance of the contractual relationship we have with you.
We may also need to share your data, acting on behalf of the independent Healthcare professional of your choice, with your insurance company in the context of paying a claim, as requested by your insurance company.
Your personal data may also be shared with your insurance company, if you provide such information via the Digimed platform.
A list of our third-party suppliers can be provided upon request.
Disclosures to third parties to provide you with services.
Your personal data is transferred to some companies to carry out the following processes:
− Payment processing;
− Marketing, where consent has been provided;
− Pharmacies;
− Hospitals, clinics, independent healthcare professionals
− Video and chat communications
− AML/KYC checks
− Other Data Controllers;
− Joint Controllers;
− Data Processors.
We ensure that data transfers with service providers are covered with appropriate controller-processor contracts and safeguards as specified by the General Data Protection Regulation (EU 2016/679). Such contracts include confidentiality, strict processing rules, security safeguards, breach notification requirements and provision of assistance to Digimed so that any exercise of your rights is satisfied.
A list of our third-party suppliers can be provided upon request.
In the event of a sale or purchase of any business, asset or share, we will attempt to inform you of it, as well as of the identity of the new Data Controller either by directly contacting you, by placing public notices on our website and potentially by using other appropriate media.
We ensure that data transfers outside of Digimed are covered by appropriate controller-processor contracts and safeguards as specified by the General Data Protection Regulation (EU2016/679).
Disclosures for marketing purposes
Digimed may share personal data with marketing partners only based on a freely given, specific, informed, and unambiguous consent from you. Such partners would be limited to receive contact information such as e-mail address and sports preferences for marketing reasons.
You can withdraw your consent at all times through your account profile or by contacting us on [email protected] Should you withdraw your consent, the company will inform marketing partners to stop their marketing communications to you as soon as we receive your request.
9. Data transfers to third countries
The company may share your personal data to third parties located outside of the European Economic Area (EEA); we will always ensure a similar degree of protection when transferring personal data outside the EEA, using measures such as transferring to countries deemed to hold an adequate level of data protection by the European Commission, and/or Standard Contractual Clauses issued by the European Commission.
In the event that a practitioner is abroad when a user requests a service, we will inform you, especially in cases when a practitioner is temporarily located in a country outside the EEA; in such cases, we may request for your consent to allow the practitioner to access your data from said location.
10. For how long do we keep your data?
Digimed retains certain elements of personal data for a period of up to 10 years to meet our legal obligations, such as Company and Taxation record-keeping obligations.
Specifically:
A. For up to one (1) year from last activity: Details of your visits to the site, including but not limited to traffic data, site information, weblogs, and other contact information; Telephone calls to and from our Customer Service Department;
B. For up to five (5) years from last activity: Personal identification and communication details provided, contact information through the website, email, telephone, or other media;
C. For up to ten (10) years from last activity: Elements of transactions, including financial accounts information that you may provide us, made through the website/app, telephone, or other media.
D. Clinical data – Your health data will be kept in accordance as per instructions of the independent Healthcare professional of your choice, namely 10 years after last consultation.
We will also keep personal data for the purpose of presenting and processing in case of a litigation or a legal process which you, the relevant authorities or us may be party to, due to our provision of services to you.
If your account, in any of the above cases is not active, then we will not process the data further except for complying with the above legal obligations.
All this information is stored in accordance with this Privacy Notice.
When we act as data processors to facilitate practitioners’ activities, and/or when we act as Patient Management Platform for practitioners, we process and store personal data on behalf of our practitioner and must follow data retention periods as established by the legal obligations practitioners are subject to.
11. Your Rights
You have the right to:
a. access to the personal information provided by you;
b. request rectification of personal data that you consider incorrect;
c. request for restriction of processing of data;
d. request erasure of data;
e. file an objection about processing of your data;
f. request to export your data;
g. be informed about automated individual decision-making, including profiling; and
h. you have the right at all times to object to the processing of your data and to withdraw your consent through your account profile settings.
Your rights may be exercised in accordance with the Law, which might include restrictions on when you can exercise these rights.
You can exercise these rights by accessing the Help section on the Digimed application or by contacting us at [email protected]
You have also the right to lodge a complaint with our Data Protection Authority, which is Office of the Information and Data Protection Commissioner, whose website may be found at https://idpc.org.mt/en/Pages/Home.aspx. You may also decide to lodge a complaint with your local Data Protection Authority. You may find a list with your local Data Protection Authority contact details at https://edpb.europa.eu/about-edpb/board/members_en.
12. Changes to this Privacy Notice
Any changes we may make to our Privacy Notice in the future will be published from this page on the site and will be effective from the time of their posting. This can also be accessed on the Help section on the Digimed application under Privacy Policy. You can request previous versions of this document by sending us an email at [email protected]