Privacy Policy

  1. Introduction

EDOCTOR d.o.o., a company registered in the Register of Business Entities kept by the Business Registers Agency under registration number 21674192 (“eDoktor“), owns and makes available the technical platform and application called “eDoktor” (“Application“). The company is the controller for processing all personal data registered in the Application other than data processing for the provision of health services. In other words, when you submit health data for medical purposes (e.g., sending health data by uploading a file) or decide on medical treatments (e.g., registering with a specific healthcare provider), the relevant controller for data processing in the context of the provision of such health services is exclusively the healthcare provider (“Healthcare Provider“).

Therefore, the Healthcare Provider is the controller for personal data processing in the context of the provision of such services unless otherwise clearly communicated to you. As the technical platform and Application provider, eDoktor will process personal data on behalf of and at the direction of the Healthcare Provider (and other healthcare providers, if applicable) in the capacity of a data processor. That may include processing for maintenance, debugging, and support purposes; to assist the Healthcare Provider in its work, improve its services, and comply with regulations and information security efforts. When a new healthcare provider joins the eDoktor platform and processes your personal data in connection with your use of the Services, we will notify you when you use the Services so that you always know which Healthcare Provider is the controller of your personal data.

For any questions or comments regarding processing your personal data when using the Services, please do not hesitate to contact us or our representative (data protection officer) via our website https://edoktor.rs/ or by sending an e-mail to info@edoktor.rs.

  1. What are personal data?

Personal data shall mean any information relating to an identifiable individual based on the applicable law, such as name and surname, e-mail address, and telephone number.

2.1 Personal data registered through your user account in the

 Application

eDoktor and the Healthcare Provider process personal data registered through your account at the time of opening, such as your name, address, phone number, and e-mail address, and all information subsequently registered when using the Application. In addition, we may automatically collect and process the following information:

  1. technical information, including IP address, log-in information, operating system type and version, time settings, language settings, display settings, etc.; and

  2. information about your Application use, which features you used and when, etc.

We refer to these categories of personal data, listed when you download and use the Application, as “User Data” below.

2.2 Personal data collected by the Healthcare Provider

Contact at the Healthcare Provider

When you request a health service through us, you will first be asked to provide information about your physical and/or mental health. You do this primarily by filling out the relevant profile (e-card) in the Application itself. This information may include but is not limited to, information about whether you suffer from any disease, family medical history, your medical history, or your mental or physical condition. The Healthcare Provider you contact using the Services may also receive personal information about you for the provision and monitoring of the healthcare you received as part of the Services provided.

2.3 Health profile

If you activate your Health Profile in the Application, the Healthcare Provider may collect the information you choose to enter into your Health Profile, such as your weight, height, allergies, and nicotine use habits. This information is processed as described in section 4.3 and will be made available to the healthcare professional you consult.

Personal information about your health described above in Section
2.3 and used by the Healthcare Provider for the provision of healthcare services is hereinafter referred to as “Patient Data.”

3. Where are personal data stored?

The Application is a technology platform developed by eDoktor and is also owned and controlled by eDoktor. Most of your personal information we collect when you use the Services is not stored on your smartphone or tablet. Instead, such personal data are stored by eDoktor in an infrastructure provided by one of its subcontractors. Personal data are processed and stored in the EU/EEA (more precisely, in Frankfurt, Germany). The Healthcare Provider is obliged to maintain a health record when performing the Services, and relevant patient data are stored in the Healthcare Provider’s health record system. Your personal data in your health record are processed and stored within the EU/EEA.

4. What personal data are processed when you use eDoktor and why?

4.1 Processing of your user data by eDoktor

eDoktor processes your User Data (as described in section 2.1) for the following purposes:

  1. to enable you to register or terminate your user account in the Application;
  2. to enable you to log in and use your user account;
  3. to confirm your identity and age;
  4. to maintain accurate and up-to-date information about you and to enable and facilitate contacting the Healthcare Provider;
  5. to enable settings selection and payment information;
  6. to assist you with inquiries and requests; and
  7. to otherwise provide you with the Services under our Terms and Conditions.

The legal basis for processing personal data for the above purposes is the performance of a contract concluded with you (Article 12, Paragraph 1, Item 2 of the Law on Personal Data Protection).

4.2 Provision of health services by the Healthcare Provider

The Healthcare Provider processes Patient Data (as described above in section 2.2) for the provision of the Services (such as providing medical advice, issuing prescriptions, and referrals) and for performing necessary administrative tasks (such as payments, maintenance of the payment system, and advertising).

Accordingly, we process your personal data under applicable law. The processing of Patient Data will be from time to time based on special consent (Article 15 of the Law on Personal Data Protection) and, when necessary, compliance with the legal obligations of the controller (Article 12, Paragraph 1, Item 3 of the Law on Personal Data Protection). This includes our obligation to maintain health records that the Healthcare Provider is required to keep for a certain period.

The Healthcare Provider may also hire eDoktor to provide better quality Services. To the extent that the Health Provider makes Patient Data available to eDoktor for these purposes, eDoktor will process such information exclusively as a data processor, i.e., on behalf of and at the direction of the Healthcare Provider.

The Healthcare Provider may share anonymized data other than personal data with eDoktor to develop the Services, develop our business, organize payment for the Services, marketing, and advertising.

4.3 Providing support services in connection with your use of the Services

Support services

eDoktor and the Healthcare Provider may communicate with you as a user of the Services. That includes but is not limited to, answering inquiries and verifying complaint allegations and other support matters (including technical support) via our telephone support service or digital channels. The possible processing of your personal data for support depends on your specific case, so we process additional User Data and additional Patient Data to help you use the Services in the best possible way. The Healthcare Provider may also contact you for advice and referrals by phone or text when medically necessary. For example, to find out how you should respond to your treatment, get additional contacts with recommended healthcare professionals, or similar.

eDoktor and the Healthcare Provider provide support as stated above as part of the Services (i.e., to be able to perform the contract concluded with you and eDoktor, Article 12, Paragraph 1, Item 3 of the Law on Personal Data Protection). To the extent that support services are related to healthcare or the processing of Patient Data (or other sensitive personal data), the processing is based on the right of healthcare providers to process personal data in connection with the administration of healthcare matters. The processing of your personal data in connection with the support services may also take place in order for the Healthcare Provider to fulfill its legal obligations under the applicable healthcare laws.

4.4 The possibility of product and service marketing and improving your user experience

eDoktor processes some of your User Data (as described above in section 2.1) for direct marketing purposes by sending e-mails and text messages to you (for example, in the case of campaigns and advertising offers in cooperation with e-Doktor’s partners). That includes processing specific personal data, including your name, contact data, gender, age, place of residence, and whether you have children. The processing of your personal data for direct marketing purposes is based on your consent (Article 12, Paragraph 1, Item 1 of the Law on Personal Data Protection) that you can withdraw at any time.

We process the following data to promote our services:

  1. Name and surname
  2. Sex
  3. Marital status
  4. Phone number
  5. E-mail.

The legal basis for the above data processing is your consent (Article 12, Paragraph 1, Item 1 of the Law on Personal Data Protection), which you can withdraw at any time.

eDoktor also processes your User Data (but not Patient Data) to understand how the application is used and improve the user experience and application functionality. Data about you as a user are also used for marketing purposes. Such processing is based on our legitimate interest to analyze and improve the service (Article 12, Paragraph 1, Item 6 of the Law on Personal Data Protection).

4.5 Evaluation, development, and improvement of the quality of Services

The Healthcare Provider may process your personal data to understand the use of the Services and develop and improve the healthcare services provided as part of the Services. For example, by improving the user interface and functionality. The Healthcare Provider also processes your data as part of its quality assurance work to improve the safety, medical quality, efficiency, and availability of the Services. The processing of your information for the above purposes is based on the right of healthcare workers to process personal data for quality assurance and development of services (Article 12, Paragraph 1, Item 6 and Article 17, Paragraph 2, Item 8 of the Law on Personal Data Protection).

4.6 Fulfillment of legal obligations

eDoktor and the Healthcare Provider may process User Data and Patient Data (as described above in Sections 2.1 – 2.2) to comply with their legal obligations (Article 12, Paragraph 1, Item 3 of the Law on Personal Data Protection) specified in the laws, bylaws, court judgments or decisions of public bodies (for example, the Ministry of Health).

We store and process your personal data only to the extent necessary to be able to fulfill our legal obligations.

4.7 Administrative matters related to mergers, acquisitions, or other organizational changes

Should eDoktor or the Healthcare Provider cease to exist due to liquidation or bankruptcy, we shall delete your personal information unless we are obliged to keep it to comply with legal requirements.

In the case of a change in ownership, merger, or split-up of eDoktor or the Healthcare Provider as part of corporate restructuring, the acquiring business entity shall continue to store and use your personal information under this Privacy Notice unless you are informed otherwise. In such cases, eDoktor and the Healthcare Provider may process your User Data and Patient Data (as described above in Sections 3.1-3.2) based on our legitimate interest (Article 12, Paragraph 1, Item 6 of the Law on Personal Data Protection) and to fulfill our legal obligations (Article 12, Paragraph 1, Item 3 of the Law on Personal Data Protection). In addition to the above, for special categories of personal data, such as health data, the processing is based on the right of the healthcare provider to process personal data in connection with the provision of healthcare (Article 17, Paragraph 2, Item 8 of the Law on Personal Data Protection) and to be able to submit, exercise or defend a legal claim (Article 17, Paragraph 2, Item 6 of the Law on Personal Data Protection).

5 How long do we keep your personal data?

We process your personal data only to the extent necessary for the purposes given in Section 4 above. That means as long as we need them to provide a good healthcare service or otherwise be able to provide the Services or comply with legal obligations that apply to us. The Healthcare Provider should keep medical records related to health consultations with you for a certain period. In addition, we have personal data storage or anonymization practices to ensure that your personal data are adequately and relevantly stored or anonymized to enable the continued provision of the Services. Your user data are deleted or de-identified no later than three (3) months from closing your user account with us, provided that we are not required to store personal data to fulfill our legal obligations or when the information is otherwise necessary to establish, realize, or defend legal claims.

All information longer required for the performance and development of the Services, or quality assurance, is anonymized or automatically deleted. We delete user data stored based on your consent if you withdraw it. In this regard, please note that eDoktor and the Healthcare Provider process your personal data for different purposes (as a technical provider of the application and as a healthcare provider). Withdrawal of your consent will not affect the obligation of the Healthcare Provider to maintain medical records or process your personal data under applicable law.

6. Third parties with whom your personal data may be shared when using the Services

6.1 eDoktor subcontractors

In order to be able to offer the Services to you, we engage several external suppliers who process personal data in specific cases. Our service providers, such as operational, service, and hosting providers, work only at the request of eDoktor and according to eDoktor’s instructions in their capacity as personal data processors.

eDoktor also uses the services of suppliers who work independently and are thus solely responsible for processing your personal data, such as payment solution providers. Where applicable, you will be required to enter into separate agreements directly with such suppliers. Please note this Privacy Policy does not apply to personal data processing through these providers. Please contact these suppliers if you need information about how other suppliers process your personal data.

6.2 Healthcare Provider subcontractors

The Healthcare Provider keeps medical documentation under applicable law in connection with the provision of healthcare as part of the provision of Services. Medical records are stored in off-application medical records systems provided by a third party at the request of the Healthcare Provider and following the instructions of the Healthcare Provider. The Healthcare Provider is responsible for all personal data (Patient Data) stored in the medical record.

6.4 Employees and insurance companies

If you have been referred to us by your insurance company, in connection with your specific case, we may disclose information to your insurance company about your use of our Services and information about your health, including copies of your medical records, only if we have received your special consent. This Privacy Policy does not apply to personal data processing by your insurance company. For more information about how your insurance company processes your personal data, please contact your insurance company.

If your employer referred you to us, we act as the data controller for the personal information we receive from your employer (such as your name and your employer) and for any processing of such information and information we collect while you use the Services. We do not disclose personal data or information about your health, including whether you have used the Services, to your employer.

7. Transfer to third countries

eDoktor and the Healthcare Provider use suppliers for hosting, support, and business operations outside Serbia. Where such suppliers are engaged, we always endeavor to ensure that personal data processing takes place on servers within the EU/EEA.

8. Rights related to the audio-visual recording of consultations scheduled through the Application

Given that health personnel consultations scheduled through the Application take place online, all online consultations will be recorded to preserve the quality of Services and monitor the work of health personnel.

The basis for the processing of audio-visual recordings is your consent.

The videos will not be made public or given to third parties except in cases where this represents the controller’s legal obligation.

Persons included in the video and audio recordings have the right to request access to their data from those recordings. Video recordings are stored for 30 days, while copies of recordings may be stored for longer than 30 days solely for conducting legal proceedings, and when no longer needed, they are deleted without further delay.

The data of saved videos can only be forwarded to authorized state bodies at their request.

9. Your rights concerning the Application as a data subject

You have the right to receive information about what personal data we process about you, for what purpose, whether that personal data have been transferred to a third country and which parties have received your personal data.

In order to clarify these other rights that you have as a data subject, you can contact us at any time and:

  • request access to and information about personal data processed when you use the Application and/or Services;
  • request correction of any incorrect information about you;
  • request deletion of your Personal Data (please note, however, that healthcare providers are obliged to retain certain Personal Data, particularly concerning Patient Data, including keeping medical records related to your use of the Services). At your request, all personal data we are no longer legally obligated to keep will be deleted;
  • ask us to restrict the processing of your personal data;
  • withdraw any specific consent given when you used the Services, for example, concerning the Health Profile;
  • object to the method of personal data processing and thus demand in writing that the data cease to be used for direct marketing purposes; or
  • request the transfer of your personal data to another personal data controller by taking your personal data, to the extent that you have provided it, in an electronic format commonly used for those purposes to be able to transfer it to another party (“Right to data portability“).

If you wish to contact us regarding any of the above points, we recommend that you contact us via our website
  https://www.edoktor.rs or by an email to info@edoktor.rs.

Hvala što ste se prijavili!

eDoktor tim će vas kontaktirati u najkraćem mogućem roku.
Podelite na socijalnim mrežama!
LinkedIn