Eight Investments JSC, registered in Bulgaria, company number 206291447 ("we", "Healee", "us"), takes the privacy and security of your information very seriously. We are committed to safekeeping all your personal data, including sensitive personal data.
The policy outlines the rules according to which we handle and store your personal data, collected by us or provided by you to us.
Any terms used in this policy shall bear the same meaning as the ones used in the Terms & Conditions.
When using Healee MD, you may choose to not sign up and remain anonymous, or sign up by creating an account.
If you decide to use Healee MD without signing up, you will not be required to enter your email address, or any other personal information that could potentially identify you.
If you decide to sign up and create an account, you will be asked to provide an email address. Alternatively, you can choose to log in using a social account, such as Google or Facebook.
In either case, we do not have access to the email address or the social account id, as they are always store encrypted on our servers (see ”Where and how we store your data”).
You may choose to add to your profile the following data:
We deliver our services via the application, which is an online platform, allowing doctors (“Medical practitioners”, “You”) to communicate with the patients using the application (“Patient” or “Patients”), in order to provide Patients with remote medical evaluations and online consultations, based on the condition history Patients report to Medical practitioners (“Services”)
In order to achieve this and enable delivering our services, we process your personal data, which are needed when presenting you as a specialist and connecting you with patients.
We share your data with the Patients, so that the objective of the application can be fulfilled. To that end, we share your data with:
We do not store your data on your device. All of your personal and health data is stored on secure servers in the US.
We do not store any credit or debit card information. This information is maintained and payments are processed by a third party payment provider, in compliance with the payment card industry security standard.
All your data transmitted between your device and our servers is encrypted using Secure Socket Layers (SSL) technology.
All sensitive personal data that can potentially identify you, such as email address, images and messages, is encrypted not only before being transmitted, but on our servers too.
We store your data for a period of five years after your contract with us has expired or has been terminated.
Your ID data, as well as data related to your medical and professional qualifications are needed for fulfilling the contract you have signed with us as a Medical Practitioner, listed in the application. The data are solely used for communicating with the Patients in the application, establishing connections with the Patients and delivering remote medical evaluations and consultations, as well as administering/updating/maintaining the application, and notifying you about new features.
As regards your profile data, which you have voluntarily shared within the Application, they are processed for the above purposes based on the consent you have given, and can be modified or deleted at any time.
We process the data for the purposes of business analysis and intelligence, development of new products, enhancement of systems and parameters, based on our legitimate interest and objective to constantly improve and develop our products.
The data may be stored in servers outside of your local jurisdiction.
Transferring of data outside of the European Economic Area (EU, Norway, Iceland and Liechtenstein) is performed solely in case all necessary data protection measures have been taken, according to the General Data Protection Regulation (EU) 2016/679.
You have the right to request access to the information we are processing, to request that we delete it, correct any errors in your data, limit the processing of your data, to object to processing of your data, as well as to exercise your right to export and transfer your data.
You can exercise the following rights directly from within the application:
You can also exercise your rights by contacting us at firstname.lastname@example.org
You can withdraw at any time the consent based on which we process your data, without this withdrawal affecting the legality of the processing carried out with your consent up to the withdrawal. You can exercise your right to withdraw your consent by deleting your profile data or your account.
Your personal data are not subject to automated decision making, including profiling.
You have the right to file a complaint about how we process your data, with the Bulgarian Personal Data Protection Commission (PDPC), or you can contact us at email@example.com, to get more information regarding your complaints.