Effective Date: January 1st, 2021
Last review Date: December 24th, 2020
This is the Privacy Notice for the utilisation of the Portal, the Mobile App and the Telephone line (“Platforms”) in connection with the provision of the telemedicine services as well as for the provision of the telemedicine service itself provided by Teladoc Health UK LTD, a private limited company registered in England and Wales with registered offices at 18 King William Street, London EC4N 7BP (“Teladoc, “We” or “Us”).
When being provided with the telemedicine services (“the Services”), you (the “Data Subject”, “the Patient”, “You” and “Your”) will be required to provide information about You, including information about Your health status which is considered as sensitive information (all together your “Personal Data”).
This Privacy notice describes the kinds of Personal Data We collect about You, why We collect it, how it is collected and how We use it, how We protect it and under what circumstances We share it with third parties. This Notice also describes how You may access the Personal Data and the rights You have concerning Your Personal Data. Please review it carefully.
At Teladoc We are committed to protecting and respecting Your privacy. Teladoc operates globally and is committed to full compliance with all applicable laws and regulations of any jurisdiction, and especially the General Data protection Regulation (EU) 206/679 (“the GDPR”).
The data controller is Teladoc.
Teladoc's privacy practices comply with the GDPR which includes the following protections:
- Processing Your Personal Data lawfully, transparently and fairly
- Limiting Your Personal Data use to legitimate purposes
- Limiting the processing and storage of Your Personal Data to the minimum necessary
- Making sure that the privacy notice is accurate and sufficient
- Maintaining open and transparent privacy policies
- Being accountable to You for processing Your Personal Data
- Making sure Your consent is informed and easy to withdraw
- Defining and protecting Your sensitive/special categories of data
- Ensuring third parties (external doctors) apply similar or equivalent standards of privacy controls where they process Your Personal Data on our behalf
- Not transferring Your Personal Data outside of the EU unless the recipient has provided appropriate safeguards approved by the GDPR.
- Giving You the right to concise, timely, comprehensive information regarding our processing of Your Personal Data
- Giving You the right to rectify incomplete, inaccurate, unnecessary or excessive personal data
- Giving You the right to object (where applicable)
- Making sure We have procedures to support Your exercising of any data subject rights,
- Applying security measures, including technical and procedural support for integrity, confidentiality and availability must be provided
- Maintaining the confidentiality of Your Personal Data even after our relationship with You has terminated.
What Personal Data is collected and How We obtain Your Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Data concerning health” or “Health Data” means Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
For the purposes of this Privacy Notice, together, “Personal Data”.
Teladoc collects only Personal Data which is relevant and necessary for the provision of the Services including the operation of the software.
It is not mandatory for You to provide Your Personal Data. However, should You not provide this information, Teladoc will not be able to provide You with our Services via the Platforms.
Personal Information You Provide to Teladoc
During the course of You using the Services, You will provide and Teladoc will collect Your Personal Data.
Telephone calls, emails, and other communications between you and Teladoc and/or Teladoc’s service providers will be recorded and logged. As such, We will collect and maintain all information discussed during such communications including Your identity, the date and time of the communication, and the contents of the communications.
Personal Information Teladoc Collects About you From Other Sources
In connection with the Services, and always upon Your prior authorization, We may collect medical records from Your past or current health care providers.
We may also gather Personal Data from local or national authorities from specific purposes or from third party organisations in those cases where You may have accessed our Platforms through a third-party online service.
Purposes for which your personal data is processed and legal basis
Teladoc collects, processes and potentially discloses Your Personal Data on a lawful basis, as listed below.
We will use personal data firstly to fulfil any contractual obligations that exist between Us and Yourself; where We request Personal Data be provided to meet the terms of any such contract You will be required to provide the relevant Personal Data or We will not be able to deliver the Services You want. In such cases the lawful basis of Us processing the Personal Data is that it is necessary for the performance of a contract.
We may also process Your Personal Data in accordance with Our legitimate business interests; this is on the considered measure that We need the Personal Data to achieve reasonable various purposes.
Our data processing activities conducted on the lawful basis of legitimate interests are:
(i) To provide You with the Services
(ii) To send notifications on subjects You have subscribed to, or otherwise asked us to keep You informed of
(iii) To improve the quality of the Services, and to better understand Our customers’ needs by requesting feedback, or We may send survey forms that We ask You to complete
(iv) To allow Us to understand the scale and range of Our customer base; for statistical analysis and market research
(v) To recognise when customers re-engage with Our Services
(vi) Improve website so content is delivered more efficiently
We may also process Your Personal Data in order for Teladoc Health to comply with Our various legal obligations; this might include:
(i) Providing for financial commitments to relevant financial authorities
(ii) Complying with industry regulatory requirements and any self-regulatory schemes
(iii) Carrying out required business operations and due diligence (e.g. administration, security, reorganisations, investment or corporate/asset sales)
(iv) Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud
(v) To investigate, claim for or defend Ourselves against any claims we may receive/interpose in relation with the provision of the Services
We may process your Personal Data for the purposes of providing You with the Services subject to Your informed consent.
Where We process Your Health Data, other than where We have Your consent to do so We shall be processing this Health Data on one or more of the following lawful basis:
- It is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional
- It is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices
- It is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Teladoc may create de-identified information defined as data that does not include Your name, address, birth date, or other information that could be used to identify You(the “Anonymized data”) for the purposes of, among others, reviewing or evaluating the performance of our systems in providing the Services, improving the quality or timeliness of our Services, medical research or demonstration of the reliability of our information management.
Teladoc will retain Your Personal Data as long as it is needed for the provision of the Services to You and after that, for the statutory periods for the only purpose of attending eventual responsibilities that might arise from the provisions of the Services and to comply with applicable laws.
At the end of that retention period, Your Personal Data is securely destroyed or permanently de-identified in accordance with Data Protection Laws and Regulations. Such permanently anonymized data is no longer Personal Data and is retained by Teladoc indefinitely for the purposes set out in clause 4, above.
Access to Your Personal Data
Notwithstanding the above, You must be informed that Teladoc may be called upon to disclose Your Personal Data, including Your Health Data, by a duly empowered branch of Government or Court in any country in which our patients are citizen.
International Transfers of Your Personal Data
As this is necessary for the performance of the Services required, we are likely to transfer Your Personal Data to doctors located in the country or the region where You are travelling to. You are informed and accept that the local data protection regulation applicable to the processing of Your Personal Data in that country may not present a level of protection similar to that granted by the regulation applicable in the country where You are from, including the GDPR.
Besides, in order to better protect Your Personal Data, Teladoc uses data centres based in the EU and the USA. For that reason, Your Personal Data is transferred to the EU and the USA. These international transfers of Your Personal Data comply with all the privacy, security and contingency measures and regulations provided by Data Protection Laws and Regulations and take place following either; contractual obligations, temporary adequacy agreement, Standard Contractual Clauses or another derogation it allow the international transfer of Your Personal Data.
Your data subject rights
We strive to keep your Personal Data accurate and current; and We will update or disclose it to You whenever You request us to do so. You are responsible for communicating modifications, rectifications or additions to Your Personal Data in order that Teladoc may change it accordingly and keep it current.
You are able to access Personal Data held about You and can correct or delete it if it is inaccurate.
When the GDPR is applicable, You have rights including:
- Right of access
- Right to rectification
- Right to withdraw Your consent to the processing of Your Health Data
- Right to erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
Note that data subject rights would not be applicable to de-identified data as defined section 5 above.
You may exercise Your data subject rights by emailing to email@example.com, indicating Your name, what service was used and Your telephone number, and attaching Your Identification Card or passport or any other document that permits Us to identify You.
You may also address to the English Data Protection Authority (the Information Commissioner’s Office - www.ico.org.co.uk-) any query, claim or issue related to data protection.
Contact for further information
If You have any questions regarding this Privacy notice, or would like a copy of this Privacy notice, or otherwise You want to file a complaint or You believe Your privacy rights have been violated, You may contact the Data Protection Officer at firstname.lastname@example.org. There will be no retaliation for filing a complaint or exercising your data subject rights.
You also have the right to lodge a complaint with Your local data protection authority.