Effective Date: January 1st, 2020
Last review Date: September 14th, 2020
This is the Privacy Notice for the utilization of the Portal, the Mobile App and the Telephone line (“Platforms”) in connection with the provision of the telemedicine services as well as for the provision of the telemedicine service itself provided by Teladoc Health UK LTD, a private limited company registered in England and Wales with registered offices at 18 King William Street, London EC4N 7BP (“Teladoc, “We” or “Us”).
When being provided with the telemedicine services (“the Services”), you (the “Data Subject”, “the Patient”, “You” and “Your”) will be required to provide information about You, including information about Your health status which is considered as sensitive information (all together your “Personal Data”).
This Privacy notice describes the kinds of Personal Data We collect about You, why We collect it, how it is collected and how We use it, how We protect it and under what circumstances We share it with third parties. This Notice also describes how You may access the Personal Data and the rights You have concerning Your Personal Data. Please review it carefully.
At Teladoc We are committed to protecting and respecting Your privacy. Teladoc operates globally and is committed to full compliance with all applicable laws and regulations of any jurisdiction, and especially the General Data protection Regulation (EU) 206/679 (“the GDPR”).
The data controller is Teladoc.
Teladoc's privacy practices comply with the GDPR which includes the following protections:
- Processing Your Personal Data lawfully, transparently and fairly
- Limiting Your Personal Data use to legitimate purposes
- Limiting the processing and storage of Your Personal Data to the minimum necessary
- Making sure that the privacy notice is accurate and sufficient
- Maintaining open and transparent privacy policies
- Being accountable to You for processing Your Personal Data
- Making sure Your consent is informed and easy to withdraw
- Defining and protecting Your sensitive/special categories of data
- Ensuring third parties (external doctors) apply similar or equivalent standards of privacy controls where they process Your Personal Data on our behalf
- Not transferring Your Personal Data outside of the EU unless the recipient has provided appropriate safeguards approved by the GDPR.
- Giving You the right to concise, timely, comprehensive information regarding our processing of Your Personal Data
- Giving You the right to rectify incomplete, inaccurate, unnecessary or excessive personal data
- Giving You the right to object (where applicable)
- Making sure We have procedures to support Your exercising of any data subject rights,
- Applying security measures, including technical and procedural support for integrity, confidentiality and availability must be provided
- Maintaining the confidentiality of Your Personal Data even after our relationship with You has terminated.
What Personal Data is collected and How We obtain Your Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Data concerning health” or “Health Data” means Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
For the purposes of this Privacy Notice, together, “Personal Data”.
Teladoc collects only Personal Data which is relevant and necessary for the provision of the Services including the operation of the software.
It is not mandatory for You to provide Your Personal Data. However, should You not provide this information, Teladoc will not be able to provide You with our Services via the Platforms.
Personal Information You Provide to Teladoc
During the course of You using the Services, You will provide and Teladoc will collect Your Personal Data.
Telephone calls, emails, and other communications between you and Teladoc and/or Teladoc’s service providers will be recorded and logged. As such, We will collect and maintain all information discussed during such communications including Your identity, the date and time of the communication, and the contents of the communications.
Personal Information Teladoc Collects About you From Other Sources
In connection with the Services, and always upon Your prior authorization, We may collect medical records from Your past or current health care providers.
We may also gather Personal Data from local or national authorities from specific purposes or from third party organisations in those cases where You may have accessed our Platforms through a third party online service.
Purposes for which your personal data is processed and legal basis
Teladoc collects, processes and potentially discloses Your Personal Data on a lawful basis, as listed below and for the purposes of providing You with the Services subject to Your informed consent. Shall You not provide that consent, Teladoc will not be entitled to provide the Services.
Where Teladoc processes Health Data, other than where Teladoc has Your consent to do so, processing of Health Data shall be on one or more of the following lawful basis:
- It is necessary for the purpose of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional;
- It is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices and;
- It is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Teladoc may create de-identified information defined as data that does not include Your name, address, birth date, or other information that could be used to identify You (the “Anonymized data”) for the purposes of, among others, reviewing or evaluating the performance of our systems in providing the Services, improving the quality or timeliness of our Services, medical research or demonstration of the reliability of our information management.
Teladoc will retain Your Personal Data as long as it is needed for the provision of the Services to You and after that, for the statutory periods for the only purpose of attending eventual responsibilities that might arise from the provisions of the Services and to comply with applicable laws.
At the end of that retention period, Your Personal Data is securely destroyed or permanently de-identified in accordance with Data Protection Laws and Regulations. Such permanently anonymized data is no longer Personal Data and is retained by Teladoc indefinitely for the purposes set out in clause 4, above.
Access to Your Personal Data
We will never share Your Personal Data for any purpose other than those strictly necessary for rendering the Services for Your benefit.
Notwithstanding the above, You must be informed that Teladoc may be called upon to disclose Your Personal Data, including Your Health Data, by a duly empowered branch of Government or Court in any country in which our patients are citizen.
International Transfers of Your Personal Data
As this is necessary for the performance of the Services required, we are likely to transfer Your Personal Data to doctors located in the country or the region where You are travelling to. You are informed and accept that the local data protection regulation applicable to the processing of Your Personal Data in that country may not present a level of protection similar to that granted by the regulation applicable in the country where You are from, including the GDPR.
In order to better protect Your Personal Data, Teladoc uses data centres based in the EU as well as in the USA. For that reason, Your Personal Data are transferred to the hosting company in the USA. This US company receiving Your Personal Data comply with all the privacy, security and contingency measures and regulations in particularly provided by Data Protection Laws and Regulations and the appropriate safeguards will have been put in place.
Your data subject rights
We strive to keep your Personal Data accurate and current; and We will update or disclose it to You whenever You request us to do so. You are responsible for communicating modifications, rectifications or additions to Your Personal Data in order that Teladoc may change it accordingly and keep it current.
You are able to access Personal Data held about You and can correct or delete it if it is inaccurate.
When the GDPR is applicable, You have rights including:
- Right of access
- Right to rectification
- Right to withdraw Your consent to the processing of Your Health Data
- Right to erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
Note that data subject rights would not be applicable to de-identified data as defined section 5 above.
You may exercise Your data subject rights by emailing to email@example.com, indicating Your name, what service was used and Your telephone number, and attaching Your Identification Card or passport or any other document that permits Us to identify You.
Contact for further information
If You have any questions regarding this Privacy notice, or would like a copy of this Privacy notice, or otherwise You want to file a complaint or You believe Your privacy rights have been violated, You may contact the Data Protection Officer at firstname.lastname@example.org. There will be no retaliation for filing a complaint or exercising your data subject rights.
You also have the right to lodge a complaint with Your local data protection authority.