Privacy Policy

Doctornearyou complies with the applicable legislation on the protection of personal data, including Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR).

1. Data Controller

Doctornearyou, based in Heraklion, Crete, Greece, acts as the Data Controller for the processing of personal data collected through the Website and its services.

2. Scope of this Policy

This Privacy Policy applies to all personal data collected through the Website, appointment booking systems, contact forms, telemedicine services, medical file uploads, newsletter subscriptions and any other digital service provided by Doctornearyou.

If a user does not agree with this Privacy Policy, they should not use the Website or submit personal, medical or contact information through the platform.

3. Legal Basis for Processing

Personal data is processed on the following legal bases:

• Consent, where required
• Performance of a contract, including appointments and healthcare-related services
• Compliance with legal, tax, medical and regulatory obligations
• Legitimate interests, including platform security, fraud prevention and service improvement
• Healthcare provision and management of healthcare services, where health data is processed

4. Personal Data Collected

We may collect the following personal data:

• Name and surname
• Email address
• Phone number
• Address, city or location information
• Appointment and booking details
• Payment-related information processed through third-party providers
• Communication history
• Identity verification data, where required
• National health identifiers such as AMKA, where applicable

5. Technical Data

We may also collect technical and usage data, including:

• IP address
• Browser and device information
• Operating system
• Cookies and usage data
• Pages visited
• Approximate location based on technical data

For more information about cookies, users should refer to the Website’s Cookie Policy, where available.

6. Health Data and Special Categories of Data

Where users submit medical information or use telemedicine services, Doctornearyou may process health-related data. This may include medical history, symptoms, diagnostic reports, imaging files, prescriptions, laboratory results, medical opinions, appointment notes and other information necessary for the provision of healthcare services.

Health data is considered a special category of personal data under Article 9 of the GDPR. Such data is processed only where legally permitted, including where necessary for medical diagnosis, healthcare provision, management of healthcare services, compliance with legal obligations or where explicit consent is required.

Access to health data is restricted to authorized personnel, treating physicians and service providers who need access for the purpose of delivering, supporting or legally documenting the medical service.

7. Telemedicine Services

Where telemedicine services are provided, the platform operates in accordance with the applicable Greek legal framework, including Law 3418/2005, Law 3984/2011 and the amendments introduced by Law 5129/2024.

Telemedicine services are performed under the responsibility of the treating physician and may require prior identity verification and explicit informed consent from the patient before any medical evaluation takes place.

Before using telemedicine services, the user may be required to review and accept separate documents, including telemedicine informed consent, health data processing consent, Terms of Service and any additional clinical consent required by the treating physician.

Doctornearyou acts as a platform provider and does not replace the clinical responsibility of the treating physician. The treating physician remains responsible for assessing whether telemedicine is appropriate for the specific case or whether an in-person medical examination is required.

8. Video Consultations

Where video consultations are used, they are provided through secure digital infrastructure. The platform aims to use EU-hosted or GDPR-compliant providers where available.

Video consultations are not recorded by default. Recording may only take place where it is technically available, legally permitted and explicitly consented to by all relevant participants.

Users should participate in video consultations from a private environment and should not share access links with unauthorized persons.

9. Medical Files, Uploads and Diagnostic Images

Users may upload medical reports, laboratory results, images, prescriptions, DICOM files or other clinical documents for the purpose of medical review.

Uploaded files are used only for the relevant medical case, appointment, telemedicine service or communication with the treating physician.

Users must not upload documents belonging to another person unless they are legally authorized to do so.

10. Use of Personal Data

We may use personal data for the following purposes:

• To provide appointment booking services
• To enable communication between users and healthcare providers
• To support telemedicine and digital medical services
• To process payments and issue receipts or invoices
• To manage medical case submissions
• To improve the Website and user experience
• To respond to customer service requests
• To send service-related emails
• To comply with legal, tax, medical and regulatory obligations
• To protect the rights, safety and security of users, physicians and the platform

We do not use automated decision-making or profiling when processing health-related data.

11. Payments

Where paid services are offered, payment information may be processed by third-party payment providers. Doctornearyou does not store full payment card details on its own servers.

Payment data may be processed for completing transactions, preventing fraud, issuing receipts or invoices and complying with tax and accounting obligations.

12. Third-Party Processors

We may use third-party service providers to support the operation of the Website and services. These may include hosting providers, email providers, analytics tools, booking systems, payment processors, video consultation tools and technical support providers.

Such providers process personal data only on our behalf and only where necessary for the provision of their services.

Where personal data is transferred outside the European Economic Area, we rely on applicable GDPR data transfer mechanisms, including Standard Contractual Clauses where required.

13. Data Security

The Website and services use SSL encryption between the user’s browser and the server.

We apply appropriate technical and organizational measures to protect personal and health-related data against unauthorized access, loss, misuse, alteration or disclosure.

However, no digital system can be guaranteed to be completely secure. Users are responsible for keeping their account credentials confidential and for using secure devices and networks when accessing the platform.

14. Audit Logs and Traceability

For security, medical accountability and legal compliance, actions related to appointments, telemedicine services, medical file uploads, case reviews, consent collection and administrative access may be recorded in secure audit logs.

Audit logs may include timestamps, user actions, system events, access records and other information necessary to verify the integrity and traceability of a medical or administrative process.

Access to audit logs is limited to authorized personnel and may be used to respond to legal, regulatory, security or patient access requests.

15. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

Medical records and health-related information may be retained for the period required under applicable medical, legal, professional liability and regulatory obligations.

Where a user submits a deletion request under the GDPR, certain records may not be permanently erased where retention is legally required. In such cases, the data may be moved to a restricted-access state and used only where legally necessary.

16. Communications and Newsletter

When contacting us by email, contact form or other communication channel, the user’s details are stored for the purpose of processing the enquiry and, where applicable, follow-up questions.

If a user chooses to participate in our newsletter, the submitted email address may be processed by a third-party email service provider. Newsletter and marketing communications are sent only where legally permitted or where the user has provided consent.

Users can unsubscribe from marketing emails at any time through the unsubscribe link or by contacting us.

17. Cookies

The Website may use cookies and tracking technologies for essential functionality, analytics, security and service improvement.

Users can disable cookies through browser settings, opt out of Google’s use of cookies through Google Ads Settings and disable location services in their device or browser settings.

18. Legal Requests and Disclosure to Authorities

Doctornearyou may disclose personal data to competent judicial, police, medical, regulatory, tax or administrative authorities upon lawful request.

Such disclosure may occur where necessary to comply with applicable laws, respond to government or regulatory investigations, comply with valid legal procedures, protect the rights and property of Doctornearyou, protect users or healthcare professionals, or support medical accountability and legal defence.

19. Rights of the Data Subject

Under applicable data protection law, users may exercise their rights as data subjects, including:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure, where applicable
• Right to restriction of processing
• Right to object
• Right to data portability, where applicable
• Right to withdraw consent, where processing is based on consent

Some rights may be limited where processing or retention is required for medical, legal, tax, regulatory or professional liability reasons.

For any data protection request, users may contact: [email protected]

20. Amendments to this Policy

Doctornearyou reserves the right to modify or amend this Privacy Policy at any time. Changes take effect once published on the Website.

Users are encouraged to review this Privacy Policy periodically. Continued use of the Website after publication of changes shall be deemed acceptance of the updated Privacy Policy.