The Doctena Privacy Statement was updated on July 5th, 2018
Your privacy is important to Doctena. We’ve developed this Privacy Statement that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices or visit the Doctena Privacy Center to get more information
Our Privacy Principle
As your privacy is important to Doctena, we only process your data in respect with the following principles.
- We always use your personal data in a fair, trustworthy and transparent way for specified, explicit and legitimate purposes.
- You have the right to be clearly informed about how we use your personal data. We will always be transparent to you about the data we collect and the way we use it.
- If you have concerns about how we use your personal data, we assist you in understanding our treatments.
- We will take all reasonable steps to protect your information from abuse and to keep it safe.
- We are committed to all European and national privacy regulations and shall cooperate with your national supervisory authority regarding privacy where necessary.
Collection and Use of Personal Information
Personal data can be used to identify or contact, directly or indirectly a single person.
You may be asked to provide your personal data anytime you are in contact with Doctena through our website platform managed by one of our national entities or through the integration of our services on the website of your practitioner.
Doctena ensures that only the data that is timely and relevant to what is necessary for the pursuit of the declared purposes is collected, processed and stored.
No legal provision requires you to send us the personal data we request, but, failing to provide them, may disallow us to provide the required service, to answer your questions or to adapt our services to your needs.
Here are some examples of the types of personal data Doctena may collect to provide medical appointment and follow-up services via our website platform and how we may use it:
What categories of data are handled by Doctena
- When you book an appointment without creation of a Doctena user account, we may collect personal identification data, including your surname, first name, phone number, postal address, e-mail address, date of birth, age, sex, nationality, number of ID card or passport, social identification number, your signature, etc …; traffic information for each call or internet session. This traffic information contains the called numbers, the identification of phone number , the data and the duration of the communication or the date, the duration and the data volume of the internet session; moments of connection; computer identification data obtained under the access granted to the Doctena website mainly IP address, your email address, cookies, electronic signature; care-related data, including the reason for the practitioner’s appointment, the specialty of the practitioner, the frequency of the appointments, the name of the attending physician, the history and feedback* of the appointments, and any data belonging to the medical record that you share with the practitioner or the practitioner wants to share with you; data relating to the civil or professional status, in particular your marital status, family composition, your profession, …;
- When you create a Doctena user account, we may, in addition to the data mentioned above, collect other data as data relating to your login and password, as well as data relating to preference data, historical data.
How we use your personal data
- The personal data we collect is intended to enable us: to match your appointment requests with practitioner availabilities, to inform you and your practitioner on the status of appointments and follow-up services, to collect feedback*, to transmit your personal data to the practitioner to handle your appointment and to provide for both support for the appointment and related agenda management.
- If additionally, you create a Doctena user account, the collected data allows us to set up and manage your personal data profile, preferences and feedback*, to manage links to your doctor appointments and its history, to facilitate taking new appointments with practitioners linked to your account and to improve the quality of our service
For each purpose listed above, the collection and processing of data shall be carried out in accordance with the legislation in force and with the regulations on the protection of personal data, including the European Union Regulation (EU) 2016/679. April 27, 2016.
Therefore, the collection and processing are based either on the fact that the processing is necessary for the performance of the service to which you are party or the execution of measures taken at your request; whether the treatment is necessary to fulfill a legal obligation to which we are subject; on your consent; an interest recognized as legitimate on our part.
Legitimate interest is the legal basis when Doctena collects and processes data to provide its users with the highest possible quality of service, as well as the best possible tracking of their appointments and their related communications (verifications of your contact data, confirmations, reminders and feedback*). The same applies when Doctena collects and processes data to improve the functioning of its Site and to carry out optional satisfaction surveys on its services in order to improve them.
* Feedback is defined as the quality evaluation by the patient of the services rendered by the Practitioner. This information may be used by your practitioner and Doctena in its raw or aggregated form to publicly promote the provided services
Who takes care of your data
Your data may be shared with some of our internal departments in the strict framework of their assignments, including members of service management, legal and compliance, internal audit and the IT department.
- If you request an appointment via our website, only your practitioner is controller of your personal and appointment data and is responsible to execute your privacy rights and takes care of your data. All related requests should be addressed to the practitioner, or we will forward them for you. Doctena, as a subcontractor of the practitioner, can only act on the personal data upon explicit instruction by the practitioner.
- If you create a Doctena user account, Doctena becomes the controller only for the data collected to create this account and provided by you when you are logged in (personal data profile, preferences, service feedback, links to your doctor appointments and its history). For this part Doctena is responsible to execute your privacy rights and takes care of your data. All data collected by your practitioner from you or transferred by Doctena from your account to the practitioner remains on the sole control of the practitioner as previously mentioned.
Cookies and Other Technologies
Doctena websites, online services, interactive applications, email messages may use “cookies” and other technologies such as Geolocalisation, pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of your experience. As requested by EU regulation, we treat data collected by cookies and other technologies as personal information.
Most browsers are set to automatically accept cookies. In general, you can prevent the storage of cookies on your hard disk by selecting “Do not accept cookies” in your browser settings. You can also configure your browser to ask permission before storing cookies. Finally, you can delete previously set cookies at any time.
Please refer to the instructions of your browser on how to implement this measure. If you set your privacy setting as such, however, it may happen that you cannot fully use all the features of our website.
Therefore, you are informed that your browsing on Doctena’s website or use of online services and interactive applications may be limited. This could also be the case when Doctena or one of its service providers can not recognize, for technical compatibility purposes, the type of browser used by the terminal, the language and display settings, or the country from which the terminal seems connected to the Internet.
If necessary, Doctena declines all responsibility for the consequences related to the degraded functioning of the Site and the services offered by Doctena, resulting either from the refusal of Cookies or from the impossibility for Doctena to register or consult the Cookies necessary for their operation because of your choice.
Our website uses Google Analytics and Google Ads. This is a service by Google Inc. (“Google”) for analyzing accesses to websites and allows us to improve our internet presence. The data collected by means of a cookie (IP address, access time, access duration) is transmitted to Google servers in the USA and stored there. The evaluation of the activities on our website is transmitted to us in the form of reports. Google may pass on the collected data to third parties, if required by law or if third parties process this data on behalf of Google. However, to avoid that Google can have a possible direct personal relationship to you, we use the function “anonymized”. Thus, IP addresses are processed only shortened. By using our website, you agree to the processing of the data collected about you by Google.
Some browser extensions exist which allow you to disable and control Google Analytics tracking.
Doctena uses so-called web fonts provided by Google on the website for the uniform display of fonts.
Responsible: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. The legal basis is based on Art. 6 Par. 1 S.1 lit.f) GDPR. Because it is in our interest to make our website offer clear and user-friendly for our users.
If your browser does not support web fonts, a default font is used by your computer.
For more information about Google Web Fonts, see:
Marketing and advertising
In addition to providing our services, and on explicit opt-in for newsletter by the user, we will use your personal data to communicate with you about our offers or marketing promotions and to recommend other services that may interest you. These offers may contain references to new web and information offers in line with the present processing purposes.
If you no longer want to receive these recommendations or newsletters from us, you can object to this at any time by disabling this in your settings, contacting us or by using the link that you find in each of our communications.
No Disclosure to Third Parties
Your personal data will not be disclosed to third parties unless you have expressly given your consent, or if we are obliged to disclose it for example due to a court order or an official order.
Only in the event of a corporate selling of assets/stock, or during a corporate divestiture, merger or dissolution, we might share your data with the new legal entity where the purposes defined in this notice remain the same.
Transfer outside the European Union
We do not transfer any of your personal data to servers outside Europe Union (EU) or the European economic area (EEA) unless that processing is covered by an adequacy decision stated by the European Commission. This also applies to all our sub-contractors.
In any case, if a transfer is performed to a third country or international organization not covered by an adequacy decision stated by the European Commission, you will be informed before any processing to be able to assert your right to oppose it.
Protection of Personal data
Doctena takes the security of your personal data very seriously. Doctena online services protect your personal information during transit using encryption such as Transport Layer Security (TLS). When your personal data is stored by Doctena, we use computer systems with limited access housed in facilities using physical security measures. Data is stored in encrypted form including when we utilize third-party storage.
Doctena works with other companies, such as email and SMS providers, to provide its services. The selection of third party follows a comprehensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. A contract for the personal data processing of data will only be concluded if it complies with the identified security requirements including European and national regulations requirements. You can consult here the list of our sub-processors.
If you create a Doctena user account through our website, we recommend for security reasons to use a reliable password to protect your personal data and to always keep this password secret. By reliable password, we mean at least 6 characters long including a combination of letters, numbers and symbols. Your password must also be changed periodically (we recommend every 6 months).
Integrity and Retention of Personal data
Doctena makes it easy for you to keep your personal data accurate, complete, and up to date. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement and not longer than 2 years of non-activity, unless a longer retention period is required by your practitioner or permitted by the national law.
To protect this data from accidental or malicious destruction, when we remove it from our services, we may not immediately remove the remaining copies of our servers or backup systems. The complete destruction will occur after a complete cycle of backup.
Access to Personal data
You can help ensure that your personal data and preferences are accurate, complete, and up to date by logging in to your account. For other personal data we hold, we will provide you with access (including a copy) for any purpose, including to request that we correct the data if it is inaccurate or delete the data if Doctena is not required to retain it by law or for legitimate business purposes. In that case, access, correction, or deletion requests can be made through our Data Privacy Officers (see contacts below).
Our Company Wide Commitment to Your Privacy
To make sure your personal information data is secure, we communicate our privacy and security guidelines to Doctena employees and strictly enforce privacy safeguards within the company.
Privacy Questions and Rights
You have the right to:
- access the data we hold about you (article 15 GDPR),
- request the portability of your personal data, that is to say the right to receive personal data that you have provided us in a structured, commonly used and readable format or to have it sent directly to another controller, when these data are subject to automated processing based on their consent or on a contract (section 20 GDPR)
- ask us to correct (article 16 GDPR), update, complete lock or erase your personal data (article 17 of the GDPR) found in our records if they are inaccurate, incomplete, equivocal, expired, or where collection, use, disclosure or storage is prohibited,
- report to us any misuse of your personal data,
- obtain the limitation of treatment in certain circumstances such as for example the limitation of the use of data whose accuracy you contest, for a period enabling us to verify the accuracy of the data (article 18 GDPR),
- withdraw your consent to the processing of your data at any time, without compromising the lawfulness of consent-based treatment prior to such withdrawal and unless the treatment is based on a different legal basis than the consent 13-2c GDPR),
- lodge a complaint with the competent data protection authority of your country and / or the Grand Duchy of Luxembourg (National Commission for the Protection of Data – CNPD),
- oppose treatment unless we can demonstrate it is based on legitimate grounds (Article 21 GDPR),
You can address your questions regarding the processing of your personal data and exercise your rights mentioned above with the Data Protection Officer (DPO) using:
To easily manage your questions and requests, Doctena has assigned external data protection officers. For all information regarding your personal data, you can use the following contacts:
|Kemal Webersohn, LL.M
WS Datenschutz GmbH
Fax : +49 30 88 72 07 88
|Chief information security officer
Phone: +352 2040 4130
When a privacy question or request is received we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more data may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the national data authority.
Doctena may update its Privacy Statement from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Statement.
If there are any major changes that are inconsistent with the purpose for which the data was collected, we will ask for a renewed consent.
Doctena SA – 6 Rue Adolphe, L-1116 Luxembourg (Luxembourg)
Doctena Austria (formally a3L e-solutions) – Mooslackengasse 17, A-1190 Wien (Austria)
Doctena Belgium Sprl – Square de Meeus 37, B-1000 Bruxels (Belgium)
Doctena Switzerland GmbH – Hagenholzstrasse 83b, 8050 Zürich (Switzerland)
Doctena Germany GmbH – Am Treptower Park 28-30, Haus A, 12435 Berlin (Germany)
Doctena Netherlands BV – Barbara Strozzilaan 201, 1083 HN Amsterdam (Netherlands)
Sanmax Sprl – Square de Meeus 37, B-1000 Bruxels (Belgium)