Privacy Policy
Okadoc Technologies FZ-LLC (and its relevant affiliates as referred to in paragraph 1.3) keep this Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last reviewed and updated on 24 October 2022.
Our Contact Details
For general enquiries please contact
help@okadoc.com.
For enquiries related to this policy please contact
dpo@okadoc.com.
For details of Okadoc entities relevant to you please see paragraph 1.3 below.
1. Introduction
1.1 Overview
Okadoc respects and is committed to protecting your privacy and personal data.
“Personal Data”
means any information about an individual from which that person can be identified. We act as a data controller in relation to any Personal Data you provide to us and will only process and share your data in line with the requirements of the applicable data protection laws as set out in this policy. We will take reasonable steps to ensure that those with whom we legitimately share your data are equally robust in their approach to data protection.
1.2 Our Services
This policy sets out information about how we process your Personal Data, which we receive through our website
https://www.okadoc.com
and mobile applications (the“Platform”
) when you use and access our Platform and our services available on the Platform which include but is not limited to:
a directory of doctors and other healthcare specialists, hospitals, and clinics (collectively, “Healthcare Providers”) in Saudi Arabia, United Arab Emirates, Algeria, and Indonesia (the “Directory” ).
- a medical appointment booking facility (the
“Appointment Booking Facility”
). - a real live real time video, audio, and instant messaging facility for online consultations between patients and Healthcare Providers (the
“Doctor Online Consultation Facility”
); - a home healthcare service booking facility enabling patients to book at home testing and at home appointments with physicians (“
Home Healthcare Facility
); - a cloud pharmacy facility enabling patients to connect with and send their prescriptions to licensed pharmacists and the delivery of prescribed medicines to the patient (“
Cloud Pharmacy Facility
”); - document storage and sharing facility (
“My Documents”
); and - general non-specific health tips and blogs for educational and informational purposes (the
“Blogs”
and together with the Directory, the Appointment Booking Facility, the Doctor Online Consultation Facility and My Documents and such other services we may provide on or from the Platform from time to time the“Services”
).
1.3 Parties
References in this Privacy Policy to
“user”
or
“you”
(or similar) are references to you as an individual or legal entity as the case may be.
References in this Privacy Policy to
"Okadoc", “we,” “our”
or
“us”
(or similar) are references:
if you are in the UAE or if you are in Algeria, to Okadoc Technologies FZ-LLC, a free zone limited liability company registered in Dubai Healthcare City Free Zone under commercial registration number 1093 with its registered office at Building 64, 5
th
Floor, Unit ED017, Dubai Healthcare City, Dubai, United Arab Emirates;
if you are in Saudi Arabia, to Okadoc Technologies Arabia LLC a limited liability company incorporated in the Kingdom of Saudi Arabia with commercial registration number 1010636612 and with its registered address at 2nd floor The Div - Alia Plaza, Abi Bakr As Saddiq Rd, Alyasmin, Riyadh, KSA 13316;
if you are in Indonesia, PT Okadoc Technologies Indonesia, a company formed in Indonesia with registration number 0220105201333 and with its registered address at CoHive 101, Unit 07-07, Jl. Mega Kuningan Barat Blok, E.4.7 No. 1 RT. 5/RW.2, Kawasan Mega Kuningan, Kel. Kuningan Timur, Kec. Setiabudi, Jakarta Selatan 12950; or
if you are in the USA, Okadoc Technologies Americas Inc. 8 The Green Ste. B, Dover, Kent, Delaware 19901, United States of America.
1.4 Your agreement to this policy
Please read this Privacy Policy carefully, to help you understand our practices in how we process your Personal Data. By using our Platform and Services, you agree to the handling of your Personal Data in accordance with this Privacy Policy and Terms of Use. If you use our Platform and Services, you consent to the processing of your Personal Data under this Privacy Policy and agree to the Terms of Use for the Platform.
1.5 Updates and revisions
We update this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (e.g. by adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices, and the choices available to you.
1.6 We do not provide healthcare services on our Platform
It is important to note, and as set out in our Terms of Use, that we are a platform provider. We do not provide any actual medical or other health services on our Platform. Nothing stated or posted on the Platform by us is intended to be, and must not be taken to be, the practice of medicine, dentistry, nursing or other healthcare professional services or the provision of medical care. Do not use the Platform or the Services for emergency medical needs. If you experience a medical emergency, immediately call your local emergency services.
If you require access to your medical records, lab test results, medical imaging, or any other such medical report or documentation, you must contact your relevant Healthcare Provider directly.
Healthcare Providers and other third parties who have registered and entered into a subscription agreement with us in relation to our appointment booking facility and other services available on the Platform will be subject to a service agreement with additional provisions as to how we will use Personal Data. We recommend that you look at the Healthcare Providers’ privacy policy to understand how they process your Personal Data.
1.7 Affiliated Entities
Furthermore, in some cases the providers of the healthcare services procured by you pursuant to the Home Healthcare Facility and/or the pharmacists who dispense medicines pursuant to the Cloud Pharmacy Facility maybe separate legal entities which are affiliated to Okadoc. Such entitles will have their own privacy policy which we recommend you look at to understand how they process your Personal Data.
2. Links to Other Sites
2.1 We are not responsible for third party sites
The Platform may include links to other third-party websites, plug-ins, and applications which may include those of Healthcare Providers. These other third-party websites are not owned or controlled by Okadoc Technologies FZ-LLC. We are not responsible for the privacy or security practices of such other third-party websites. When you leave our Platform, we strongly encourage you to read the Privacy Policy of each website that collects personally identifiable data, and to know your privacy rights before interacting with such websites.
2.2 White Label Solution
We have partnered with certain Healthcare Providers who provide Okadoc’s Services using a
White Label Solution.
In practice, this means that the Healthcare Providers’ website will contain a link to pages on our Platform and such pages will utilise the Healthcare Provider’s branding.
3. Your Data Protection Rights
3.1 Overview
Okadoc Technologies FZ-LLC uses your Personal Data for several different purposes, for example to provide our Services to you and others and to meet our legal and regulatory obligations. By ‘your information/data’ we mean any information about you that you or third parties provide to us. You have rights under relevant data protection law, and these rights are explained in this section:
3.2 Right of access (also known as ‘Subject Access Request’ or ‘SAR’)
The right of access is your right to obtain from us:
- confirmation that we are processing your Personal Data; and
- a copy of your Personal Data.
Please refer to section 4 for the type of data we collect. If following an appointment, you require access to your medical data or your notes in respect of the appointment, please contact the Healthcare Provider or the consultant directly, as we do not hold such data other than in cases where you have uploaded such data under the ‘My Documents’ feature and given specific consent (please refer to section 5.2 for further information on the ‘My Documents’ feature).
You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response to you.
3.3 Right to rectification
You have the right to require inaccurate Personal Data to be rectified on our Platform. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us by logging into your account and updating your details as appropriate, for example changes to your mobile number / email address.
3.4 Right to erasure (also known as the ‘right to be forgotten’)
This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
3.4.1 Account Deletion - Apple OS
In compliance with Apple’s App Store Guidelines, users who create an Okadoc account may delete their account in addition to deactivating it. When an account is deleted, all of the account owner’s personal details, documents, existing relative details along with their documents will be deleted.
When you delete the Okadoc application off of your device, a deletion request is sent to our operations team who will carry out certain checks to ensure, for example, that the user has no upcoming appointments with a healthcare provider, and the third party (see section 2.2) is informed of such deletion request.
The account deletion process is manual and therefore it will take up to 14 working days to action the request from the date the request is received. An Email and SMS notification will be sent to the email address and phone number on the registered account as confirmation of receipt of the request and another confirmation will be sent upon successful deletion of the account.
Please note that we are required to retain certain data by law and may retain certain data in accordance with statutory limitation periods.
When you schedule appointments with other healthcare partners with whom we are affiliated, a new Okadoc account will be automatically created for you.
In the event that you decide to return to use Okadoc services you can reuse the same phone number.
3.5 The right to restrict processing to your Personal Data
This enables you to ask us to restrict the processing of your Personal Data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your Personal Data, but we need to verify whether we have overriding legitimate grounds to use it.
3.6 The right to object to processing of your Personal Data
You have the right to object to the processing of your Personal Data when we are relying on a legitimate interest (or those of a third party), and you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
3.7 The right to data portability of your Personal Data to you or to a third party
We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
3.8 Withdraw consent at any time where we are relying on consent to process your Personal Data
Please refer to section 6 before for the types of processing of Personal Data in respect of which we rely on your consent. Your right to withdraw consent for such forms of processing of your Personal Data will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you.
3.9 Our response to your requests
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated. If you wish to exercise any of the data protection rights set out above, please contact us by email at
dpo@okadoc.com
4. Data We Collect
The different kinds of Personal Data that we collect and process are as follows:
- Identity and Contact data: first name, last name, date of birth, gender, email address, telephone number, ID.
- Healthcare Provider Data as set out below:
- Title and Full Name
- Clinic Locations
- Specialty
- Relevant expertise, symptoms, and procedures
- Languages spoken
- Accepted forms of payment
- Education (In addition, Healthcare Providers that enter into a separate subscription agreement with us, medical insurance policies which are accepted by such Healthcare Provider and local registration and licence details)
- Booking data
- Type of consultation, start time, end time
- Financial and Transaction Data: details about payments from you, payment card details, and other details of online consultations with the Healthcare Provider you have booked through the Platform. For details about our payment collection options, please refer to our Terms and Conditions.
- Medical Insurance Data: details in relation to your medical insurance coverage
- Health and Other Special Personal Data: information which you upload, which is shared through and stored on the 'My Documents' feature on the Platform, information which you and medical professionals exchange through the Platform and prescriptions uploaded by you pursuant to the Cloud Pharmacy Facility.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, make and model (mobile phones only), operating system, hardware version, platform, device settings and other technology identification on the devices used to access our Platform, file and software names and types, device identifiers, time zone setting and location, device locations such as through GPS, Bluetooth or WIFI signals, browser plug-in types and versions, operating system and platform, connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
- Profile Data: your chosen password and bookings made by you.
- Usage Data/Online Identifiers: IP Addresses, information about how you use our Platform, products, and Services, how you use your devices to access our Platform including the screens you visit and searches you make
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties, and your communication preferences
We use different methods to collect Personal Data from and about you including through:
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
- Analytics providers
- Advertising networks
- Search information providers
- Contact, Financial or Transaction Data from providers of technical and payment services, Healthcare Provider Data from publicly available sources and regulatory authorities
- Direct interactions: You may give us your Identity, Contact, Financial data, Transaction Data, Medical Insurance Data, and Health and other Special Personal Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- Apply for our products or Services
- Fill in forms or create an account on our Platform
- Upload documents to and share documents through the Platform using the 'My Documents’ feature and upload prescriptions through the Cloud Pharmacy Facility;
- Use one of our payment collection options
- Subscribe to our service or publications
- Request further information to be sent to you
- Enter a competition, promotion, or survey
- Give us feedback or contact us
Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (e.g. to provide you with booking services). In this case, we may have to cancel an appointment you have booked through the Platform, but we will notify you if this is the case at the time.
5. Special Categories of Personal Data
5.1 General
We do not require the collection of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation (
“Special Categories of Personal Data”
) when you register your account. Nor do we collect any information about criminal convictions and offences. We may process a patient user’s personal health and medical data pursuant to the ‘My Documents’ feature and the Cloud Pharmacy Facility on the Platform as described below.
5.2 My Documents Feature
Okadoc’s My Documents Feature and Processing of Health and Medical Data
- Our Account service includes a feature called “My Documents” which (after clearing Okadoc’s one-time password SMS authentication and security mechanism) enables a patient user to upload on to the Platform, and enables Healthcare Providers to access and download, digital copies of documents containing identity, medical insurance and medical information including but not limited to national identity cards, national health cards, medical insurance documents, laboratory test results, medical referral letters, prescriptions, and medical records.
- Files uploaded to My Documents are hosted by a third-party reputable cloud service provider in your jurisdiction pursuant an agreement with Okadoc.
- Files uploaded onto My Documents will automatically become available to facilities and Healthcare Providers with whom the patient user will book or has previously booked appointments through the Platform.
- Documents uploaded by patient users using My Documents via a White Label Solution can only be viewed by the Healthcare Provider who has subscribed to the relevant White Label Solution.
- Files within My Documents can be deleted by patient users at any time. However, if not deleted, files within My Documents will remain available to facilities and Healthcare Providers as described in sections 5.2(c) or 5.2(d), without any expiration.
- Files sent by patient users during a video consultation are automatically saved to My Documents and will be automatically available to facilities and Healthcare Providers as described above.
- You may book an appointment on the Platform on behalf of your relatives by adding the relative’s contact details to the Platform and providing consent for Okadoc to contact said relative via SMS to confirm the booking. You acknowledge that you are responsible for obtaining consent to provide such information from the relevant parties. Furthermore, you warrant, represent and undertake that you have the authority to make such booking and provide such information on behalf of such person, you have obtained such consent, and the information provided is accurate and complete. In addition, you acknowledge and agree that we shall have no liability for and that you shall hold us harmless from any liability for incorrect information provided or the booking being made or information provided without the said party’s consent. You acknowledge and agree that your information will be carefully reviewed and approved by you to ensure its accuracy.
- You acknowledge and agree that your information will be carefully reviewed and approved by you or someone authorised by you to ensure its accuracy. Furthermore, you acknowledge that you are responsible for and warrant the accuracy and completeness of all such information and acknowledge and agree that we shall have no liability with regards to incorrect information provided.
- By using the My Documents feature, you consent to your information being stored and shared in the manner described above.
5.3 Cloud Pharmacy Facility
Okadoc’s Cloud Pharmacy Facility and Processing of Health and Medical Data
- Okadoc has partnered with insurance providers and pharmacies to make it easy for you to have your new prescriptions or refilled prescriptions delivered to you.
- The information you share with us for this service, such as your ID, telephone number, prescription and delivery address will be securely managed and only shared with our authorised pharmacy responsible for prescription fulfilment. In some cases, Okadoc may reach out to you up to 10 days prior to your prescription refill date to ask if you would like to receive your medication ahead of time.
- We may have received your data for this service from your insurance provider. Your data will be kept securely with Okadoc in order to notify you of your next prescription delivery. To opt out of this service, kindly email us as at
services@okadoc.com.
- Lab results, medical reports and prescriptions will be storedin MyDocuments for accessto the records and for future retrieval. This will not be shared with any healthcare providers without the your consent.
6. How we use your data that you provide to us
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
Performance of Contract
means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. - Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Legitimate Interest
means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. - Where we need to comply with a legal obligation. Complying with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.
- Pursuant to your express
consent
in respect of: (i) processing Special Categories of Personal Data which in your case will comprise the health and other related data which is uploaded onto the My Documents feature of our Platform and which you may wish to share with your Healthcare Provider; and (ii) sending third party direct marketing communications to you via email or text message. In these cases, You have the right to withdraw consent to the processing of such health data and to such marketing at any time by contacting us. Other than the two aforementioned situations, generally, we do not rely on consent as a legal basis for processing your Personal Data.
We have set out below, in table format, a description of all the ways we may use your Personal Data.
| Purpose/Activity | Type of Personal Data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To list you as a Healthcare Provider | (a) Healthcare Provider | Necessary for our legitimate interests (to keep our records updated and to provide our services to our customers) |
| To register you as a user | (a) Identity (b) Contact | Performance of a contract with you |
| To process your appointment booking request | (a) Identity (b) Contact (c) Health Provider (d) Marketing and Communications (only with your consent) | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) |
| To process your appointment booking request and your online consultation request | (a) Identity (b) Contact (c) Health and Other Special Data (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications (only with your consent) | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) |
| To provide data to your Healthcare Provider at your request | (a) Identity (b) Contact (c) Health and Other Special Data (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications (only with your consent) | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) (c) Pursuant to your explicit consent |
| To manage our relationship with you which will include: (a) Notifying you about changes to our Terms of Use or Privacy Policy (b) Asking you to leave a review or take a survey | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (only with your consent) | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
| To enable you to partake in a prize draw, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (only with your consent) | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
| To administer and protect our business and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant Platform content to you and measure or understand the effectiveness of the promotions we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (only with your consent) (f) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications (only with your consent) | Necessary for our legitimate interests (to develop our products/services and grow our business) |
| Deal with legal disputes and claims | (a) Identity (b) Contact (c) Health Provider (d) Financial (e) Transaction (f) Marketing and Communications (only with your consent) | Legitimate interests (we have a legitimate interest in being able to deal with disputes and legal claims) |
| Comply with a legal obligation, like a court order requiring us to release information | (a) Identity (b) Contact (c) Health Provider (d) Financial (e) Transaction (f) Marketing and Communications (only with your consent) | Compliance with a legal obligation |
| Purpose/Activity |
|---|
| To list you as a Healthcare Provider |
| Type of Personal Data |
| (a) Healthcare Provider |
| Lawful basis for processing including basis of legitimate interest |
| Necessary for our legitimate interests (to keep our records updated and to provide our services to our customers) |
| Purpose/Activity |
|---|
| To register you as a user |
| Type of Personal Data |
| (a) Identity (b) Contact |
| Lawful basis for processing including basis of legitimate interest |
| Performance of a contract with you |
| Purpose/Activity |
|---|
| To process your appointment booking request |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Health Provider (d) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) |
| Purpose/Activity |
|---|
| To process your appointment booking request and your online consultation request |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Health and Other Special Data (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) |
| Purpose/Activity |
|---|
| To provide data to your Healthcare Provider at your request |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Health and Other Special Data (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide service) (c) Pursuant to your explicit consent |
| Purpose/Activity |
|---|
| To manage our relationship with you which will include: (a) Notifying you about changes to our Terms of Use or Privacy Policy (b) Asking you to leave a review or take a survey |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
| Purpose/Activity |
|---|
| To enable you to partake in a prize draw, competition or complete a survey |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
| Purpose/Activity |
|---|
| To administer and protect our business and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Technical |
| Lawful basis for processing including basis of legitimate interest |
| (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| Purpose/Activity |
|---|
| To deliver relevant Platform content to you and measure or understand the effectiveness of the promotions we serve to you |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (only with your consent) (f) Technical |
| Lawful basis for processing including basis of legitimate interest |
| Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| Purpose/Activity |
|---|
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
| Type of Personal Data |
| (a) Technical (b) Usage |
| Lawful basis for processing including basis of legitimate interest |
| Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| Purpose/Activity |
|---|
| To make suggestions and recommendations to you about goods or services that may be of interest to you |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| Necessary for our legitimate interests (to develop our products/services and grow our business) |
| Purpose/Activity |
|---|
| Deal with legal disputes and claims |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Health Provider (d) Financial (e) Transaction (f) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| Legitimate interests (we have a legitimate interest in being able to deal with disputes and legal claims) |
| Purpose/Activity |
|---|
| Comply with a legal obligation, like a court order requiring us to release information |
| Type of Personal Data |
| (a) Identity (b) Contact (c) Health Provider (d) Financial (e) Transaction (f) Marketing and Communications (only with your consent) |
| Lawful basis for processing including basis of legitimate interest |
| Compliance with a legal obligation |
7. Disclosures of your Personal Data
We may share your Personal Data with the parties set out below for the purposes set out in the table above.
- Internal Third Parties being companies in our group who provide IT and system administration, product development, business development and back-office services and undertake leadership reporting.
- External Third Parties being:
- In the case of Healthcare Provider Data, to our users through our Platform.
- In the case of Identity and Contact Data, to Healthcare Providers with whom you have booked appointments through our Platform.
- In the case of Identity, Contact, Financial Data and Transaction Data, to Healthcare Providers with whom you have booked appointments for online consultations through our Platform.
- In the case of your health and any other special categories of data to Healthcare Providers and physicians upon your instructions and Pharmacies selected by us to fulfill your prescriptions.
- Service providers acting as processors based in the United Arab Emirates, Saudi Arabia and Indonesia who provide IT, system administration and payment processing services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers based in the United Arab Emirates, Saudi Arabia, Algeria, and Indonesia who provide consultancy, banking, legal, insurance and accounting services.
- Regulators and other authorities acting as processors or joint controllers based in the United Arab Emirates, Saudi Arabia, Algeria, and Indonesia who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
8. Data Retention
We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it or for other legitimate business purposes, including to meet our legal, regulatory, and other compliance obligations.
In particular, the Dubai Health Authority requires certain audio recordings to be retained for a period of 90 days. Unless you have consented to such access the Dubai Health Authority will not have access.
9. Aggregated Data
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity and is anonymised. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Platform feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
10. Minors
By accessing, using and/or submitting information to or through the Platform and the Services, you represent that you are not a child, being a person under the age of 18 (“Minor”). If we learn that we have received any information directly from a Minor without his/her parent’s written consent, we will use that information only to respond directly to that Minor (or his/her parent or legal guardian) to inform the Minor that he/she cannot use the Services, and we will subsequently delete that information. If you are a parent or legal guardian of a Minor, you may, in compliance with the Terms of Use, use the Services on behalf of such Minor. Any information that you provide us while using the Services on behalf of the Minor will be treated as Personal Data as otherwise provided herein. If you are a parent or legal guardian, and you allow a Minor to use the Services, then these terms (Terms of Service) apply to you, and you are responsible for the Minor’s activity on the Services. Please refer to our Terms of Service.
11. Consent
Consent is one lawful basis for processing. When we ask for your consent, we do not use pre ticked boxes. For example, when you register your account with us, you will need to read and accept our Privacy Policy and Terms of Use by ticking the ‘I agree’ box provided. This is known as positive opt in.
Here is an example:
Please note, that you may withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you. We will advise you if this is the case at the time you withdraw your consent.
When you make an appointment using our Platform, the consultant, or the Healthcare Provider that you are seen at, either in person, or via the video conference would be responsible, as a data controller, to obtain your consent and manage the consent process. Your health and care organisation should be able to provide you with information about how your personal or confidential patient information is used during a video consultation. You must contact the consultant or the clinical practice directly if you would like to withdraw your consent related to your appointment and consultation.
12. Transfers of Personal Data outside of the United Arab Emirates, Saudi Arabia, Algeria, and Indonesia
The Personal Data that we collect from you will not be transferred to and stored at a destination outside of the jurisdictions in which the persons to whom such Personal Data relates being United Arab Emirates, Saudi Arabia, Algeria, and Indonesia respectively.
We ensure your Personal Data is protected by requiring all our group companies to follow the same rules when processing your Personal Data. Whenever we transfer your Personal Data to third parties, we aim to ensure a similar degree of protection is afforded to it using contractual obligations.
13. Marketing / Research
13.1 General
We would like to send you information about our Services, and we use MailChimp for marketing purposes. If you have agreed to receive marketing, you may always opt out later by following the opt-out/unsubscribe links on any marketing message sent to you or by contacting us at any time by sending an email to
help@okadoc.com.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us because of a product/service experience or other transactions.
13.2 Promotional offers from us
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
13.3 Third-party marketing
It is the responsibility of the third party, such as our White Label partners, to obtain your consent and get your express opt-in consent before they contact you for marketing purposes.
13.4 Mobile app push notifications
On downloading the Okadoc app, you will receive notifications asking whether you consent to: (a) Okadoc identifying and using your mobile device location; and (b) to receiving future notifications from Okadoc.
14. Data Security
14.1 General
We have put in place appropriate security measures to protect your Personal Data. We process your data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. We also have procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where required by law.
Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem using the contact details provided in section 17.
Okadoc does not warrant the accuracy, completeness, currency, or reliability of any of the content or data found on this website and Okadoc assumes no responsibility and shall not be liable for any damages to, or viruses that may infect, your computer or other equipment or other property on account of your access to, use of, or browsing on the website. In no event shall Okadoc be liable for any injury, loss, claim, damages, or any exemplary, punitive, direct, indirect, incidental, or consequential damages of any kind (including but not limited to lost profits or lost savings) whether based in contract, tort, strict liability, negligence, product liability or otherwise. The entire risk as to the quality, performance and use of this website is with you. Any communications, messages and other information obtained while using the Website is obtained at your risk and you bear the entire responsibility for any losses that you may experience because of your use of our website.
14.2 Passwords and Confidentiality (Including your Mobile Number and email address).
If you are provided with a password or any other piece of information as part of our security procedures for a registration-only section of our Platform, you are responsible for all activities that are carried out under them. We do not have the means to check the identities of people using the Platform and we will not be liable where your password or username, email address or your mobile number is used by someone else. You agree to contact us immediately of any unauthorised use of your password or username of which you become aware. We have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if you have failed to comply with any of the provisions of these terms or the Terms of Use.
15. Our Use of Cookies
For more information about the cookies we use, please see our Cookies Policy.
16. Special Note in Relation to Online Consultations
During any online consultation with a practitioner which is held on our Platform, you may exchange with the practitioner through the Platform special Personal Data including in relation to health (health history, symptoms, examinations and tests and the results thereof, diagnosis, treatment, and care plan), ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data as relevant to the practitioner. This information is held and used by the practitioner or the Healthcare Provider in accordance with its Privacy Policy, terms and conditions of service and applicable laws and regulations.
17. Any further questions
If you have any questions about this Policy or about your Personal Data, please contact the Data Protection Officer at
dpo@okadoc.com.
General enquiries not related to this Privacy Policy or your Personal Data can be directed to our Client On boarding team who can help you with your enquiries, please contact
help@okadoc.com.
