PRIVACY BASICS (last update June 2018)
We have changed our data processing to comply with the Regulation (EU) 2016/679 (EU GDPR) by following the data minimisation principle and anonymising /pseudonymising personal data where feasible.
How is your data kept private. We store your personally identifiable data in Your Profile (name, email, age, gender, Profile ID, IP address, country, region, time zone) and your Health Profile (your health data) in separate databases, meaning that whatever you type into our Chat is not connected to information that could personally identify you. This way, we can make improvements to our Services without knowing anything personal about you. In limited cases, we will need to access your Health Profile by Profile ID/hashed IP address to trace bugs, solve technical errors, ensure security, clinical safety and distribute answers. Push Notifications are sent in an anonymised manner using push tokens, which allow messages to be sent to you but do not directly identify you. We do not share Your Profile/Health Profile data with OneStop Health™ Partners and we enable the usage of IP addresses only for the purposes of our Services.
As a Guest User you can use our Services by sharing the minimal amount of data we need to provide our Services to you and without you being directly identified. We will not collect any historical personal information (name, email etc.) and you will receive a new Guest User Profile as well as Health Profile for each session. We will collect temporary location data so that we can show you relevant OneStop™ Health Partners in your country. You will be able to use limited Services that do not require the storing of data by way of directly identifying you, such as read articles, use our OneStop™ Health Service and Sympthom Checker. Should you want us to personalise your experience, you will need sign in with Google/FB and become an authenticated user.
As an Authenticated User you will share more data with us so that we can offer you all features. Your Profile will include name, email, age, gender, Profile ID, social media picture Url, IP address, country and region, time zone. Your Health Profile consists of Chat History, Profile ID, consultation ID's, articles in Health A-Z you viewed, top tips, Self-Assessments and Quizzes you have done, as well as the data you voluntarily shared with us, such as Medical Conditions (smoker, obesity, high blood pressure, diabetes, chronic kidney disease, chronic obstructive lung disease, coronary heart disease, stroke, cancer etc.), Health Info (Medical and Family History, Vital Signs, lifestyle and health assessments etc.), Health Tracker data (health metrics from third parties you authorise to disclose the data to us) and Notes you make within the App. We also collect an IP address and assign a Your.MD identifier (Profile ID) and consultation identifier (Consultation ID) for each consultation. With the help of the Your.MD identifier, we are able to connect Your Profile with your Health Profile in limited cases only.
Right to object and to restriction of processing. We are processing your data on legitimate interests’ basis when using our Services as Guest (either on Android App or Web App), using our Website or receiving business emails and so you have the right to object to our processing. We have limited the amount of data we collect and cannot directly identify you. To exercise your right to object or restrict processing, please send us an email to firstname.lastname@example.org.
Right to access and data portability, copy, rectification. As an authenticated user using our Android App, you can request your data by visiting Your Profile/Settings/Profile and choosing the ‘’Request Your Data’’ option. You can use the Personal Info section of Your Profile to change the data you inserted. If you are using our iOS App you can change the data you inserted in the Account or Profile section of the App and send an email to email@example.com for more info. When using messengers, please contact your messenger provider and send us an email to firstname.lastname@example.org. You have the right to request rectification of inaccurate personal data that can not be rectified within our Services by sending an email to: email@example.com. We will send you the personally identifiable data within 30 days of the receipt of your request. In case we need to acquire your data from third parties, this might take longer.
Legal basis for data processing
As a Guest user, we will process your data for internal analytics to improve your services, for security purposes (so that we can intervene in case of security breaches, check bugs and crashes), to adhere to the medical devices regulation, ensure clinical safety and provide safe Services. We wanted to give you an option to use our services even if you are not prepared to consent to the full data collection to adhere to the data minimisation requirement as well as for general social benefits, to enable more accessible free access to health information (e.g. legitimate interests). As an authenticated Android, iOS App and Messenger user, we process your data based on your consent, which you can withdraw at any time. When you are using our Website we process your data on legitimate interests basis to improve our Service and your experience. While exploring the possibilities of collaboration with business representatives of potential B2B customers/salespersons we collect and process business emails based on our legitimate comercial interests.
Data Protection Officer. Should you have any data processing or privacy related questions, please contact us at: firstname.lastname@example.org. In case we are not able to help or upon your appeal, we will refer your request to our External Data Protection Officer ("DPO"), ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg. Should you have any concerns or complaints we or our DPO is not able to solve, you have the right to lodge a complaint with our supervisory authority Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Prof. Dr. Johannes Caspar, Kurt-Schumacher-Allee 4, 20097 Hamburg, https://datenschutz-hamburg.de/pages/kontakt/ or if you are a UK customer, with Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, https://ico.org.uk/make-a-complaint/.
Why we need your data. We process your data to offer our Services such as Symptom Checker (so that you can access past consultations), Health A-Z (so that you can view articles about diseases/conditions), Health Tracker (to track health, fitness metrics and your feelings), Symptom Tracking functionality (to enable you to track your symptoms over time), to display Alerts/Reminders (to help you manage your health), Goals (to receive articles about topics of your interest), Notes (to insert your notes), Push Notifications (contextual, event based and Health Goals you chose to receive), to enable you to use our assessments, Quizzes, Tools and to recommend third-party services via our OneStop Health™ Platform. We use the information we collect to constantly improve our Services and to personalise your experience. We use your data to recommend services in your location based on your consultation/searches. We encrypt all user and profile data at rest and all personal information is double encrypted with two keys at both the infrastructure and application level.
Third Party Technology and Providers. You can use our Service with various messengers such as Kik, Skype, Telegram. By doing so your data processing shall be governed by such messenger’s individual privacy policies you accepted when registering for their service, so please read those carefully before starting to use such services. We check how you use our Services to improve them and personalise your experience with the help of analytic providers. You can use our Services via various messengers and by doing so, you accept such parties’ data policies. We use third-party providers for surveys, email verification and sending newsletters.
Data deletion. We follow generally accepted industry standards and internal procedures to protect the information submitted to us, during transmission, storing and processing. We store your data for as long as needed to provide our Services. We process your request to delete/access data within thirty (30) days of its receipt. We delete the logs we keep of the IP addresses you have used after approximately 6 months.