Privacy Policy
Introduction
Protecting your privacy and legitimate use of your personal information is a top priority for CheckMED (“we” or “us”). We are committed to ensuring your privacy. This Privacy Policy (“Policy”) explains how we collect, use, store and disclose your personal information, as part of our website (the “Site”), mobile application (the “App”), Telemedicine platform (the “Platform”) and the provision of any other services related to them (collectively, the “Services”;). We suggest that you read this Policy carefully before using the Services or the Site, and/or opening an account on the Platform (“Account”).
CheckMED reserves the right to amend this Policy from time to time, especially if changes are due to changes in our operating methods, or to changes in law or regulation.
- Information applicable to all users
Who we are
CheckMED is a product of INNOVA SOCIETA’ COOPERATIVA with registered office in MILAZZO, VIA COLONNELLO BERTE’ 100, 98057 MILAZZO (ME), REA ME-240038, C.F. and registration no. Reg. Imprese di MESSINA 03477590834. We operate the Site www.CheckMED.it and other sites linked to it.
For the purposes of the data protection laws of the European Union, especially the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data, hereinafter “GDPR”):
- INNOVA SOCIETA’ COOPERATIVA with its registered office in MILAZZO, VIA COLONNELLO BERTE’ 100, 98057 MILAZZO (ME), REA ME-240038, C.F. and registration no. Reg. Imprese di MESSINA 03477590834 (“INNOVA”),
where our technical leadership team (“INNOVA”) is based, are the controllers of your personal data.
Strategic decisions regarding the purposes and means of processing patients’ personal data are always made by our INNOVA team.
If you are a physician or health care professional who uses the Platform and Services in a professional capacity and (a) you have entered into a contract to receive our premium/fee-based Services (the “Services Agreement”), or (b) you work in, for, or with a clinic or facility that has entered into a Services Agreement, as outlined in the Services Agreement, if any, with us:
- INNOVA SOCIETA’ COOPERATIVA with its registered office in MILAZZO, VIA COLONNELLO BERTE’ 100, 98057 MILAZZO (ME), REA ME-240038, C.F. and registration no. Reg. Imprese di MESSINA 03477590834 (INNOVA).
You can contact our data protection officer (“DPO”) by sending an email to info@innovame.it or by mail, sending your request to the INNOVA offices.
What kind of personal data we collect and use, for what purposes, and on what legal basis
The nature of the personal data we collect and use, as well as the purposes of the processing and the related legal bases on which the processing is based, depend on the type of user and the user’s different use of the Platform, Site, App or Services. In particular:
- if you are a patient or user of our Site or App seeking information about specialists in the health care field or using one or more of our Services, the provisions of Section II of this Notice apply;
- if you are a physician or health professional who uses the Platform and Services in a professional capacity, and you have registered on the Platform by creating your Account (a “Registered Professional“), possibly having also entered into a Services Agreement, the provisions of Section III of this Notice apply; and
- if you are a physician or health professional whose personal information of a professional nature appears on the Platform, but you are never registered on the Platform (and thus do not have an Account nor are you subject to a Services Agreement: an “Unregistered Professional“), the provisions of Section IV of this Notice apply.
If INNOVA processes your personal data based on its own legitimate interest within the meaning of Article 6.1(f) of the GDPR, INNOVA will have carried out a test on the balancing of its own interests with your fundamental rights, so as to ensure that your fundamental rights will not be harmed or jeopardized by the exercise of our legitimate interest. Remember that you can always contact us to express your objection to our processing (see section “What are your rights regarding the processing of personal data,” below).
Sharing your data with third parties
We may disclose your personal information to other companies, solely for the purpose of providing you with the requested Services.
We may also share your personal data with outside vendors, again for the sole purpose of providing you with the requested Services. Unless you are notified otherwise, and are asked for your consent to transfer your data to another data controller, each of these third parties acts as a data controller on our instruction, and has signed a data controller appointment agreement with us pursuant to Article 28 GDPR. They include:
- Cloud hosting and server maintenance service provider,
- Providers of telephone or digital communication tools,
- providers of customer service tools,
- external consultants, auditors or advisors,
- payment service providers, banks, credit reference and fraud prevention agencies, and insurance companies,
- IT companies that provide us with software or similar services, and/or
- third parties with which corporate acquisition, merger, investment or reorganization processes are underway or planned.
Some of these third parties are based outside the European Union. In such cases, it is our obligation to ensure that the legal requirements are in place to proceed with the transfer of data in full security, and we will in all cases remain responsible for compliance with your rights and legal obligations in relation to the personal data transferred.
Finally, we may disclose your information to comply with any legal or regulatory requirements or dictates, to enforce compliance with our policies or terms of use or Service Agreement, to contact judicial or other public authorities or to comply with their lawful requests, or to protect our rights. We may also share your personal information with other business entities in the event of a merger, acquisition or investment in that business entity, or in the event of a corporate reorganization.
Except in the cases mentioned above, we will not transfer your personal information to third parties without your consent.
What are your rights regarding the processing of personal data
Under the GDPR, and regardless of how you use the Platform and Services, you have the following rights:
- you have the right to be informed about the processing of your personal data (i.e., for what purposes, what type of personal data, to which recipients it is disclosed, retention periods, any third party sources from which it was obtained, verification of automated decisions, including profiling, the logic used, and the importance and expected consequences). This Policy, as well as (where applicable) the provisions of the Services Agreement or any other disclosures or notifications regarding the processing of personal data made available by INNOVA, fulfill your right to be informed;
- you have the right to:
- request a copy of the personal data we process; or to delete (if you feel we do not have the right to keep it) or rectify (if you feel it is inaccurate) your personal data;
- object to, and thus limit, our processing of your data (in which case, you will have access only to those features of the Services that do not require the type of processing you objected to);
- revoke any consent you may have previously given to data processing (revocation of consent does not invalidate the legitimacy of the processing put in place before the revocation itself, or on the basis of legal assumptions other than consent);
- request the “portability” of your data stored by us in a digital format (i.e., to receive in a structured, commonly used, machine-readable format, personal data about you for transfer to another data controller, or to obtain such transfer directly, if this is technically feasible);
by contacting us preferably in the manner indicated in the “Contact” section of this Notice;
- you have the right to file a complaint with our DPO (preferably by contacting us in the manner indicated in the “Contact Us” section of this Notice) or, if your complaint is not resolved to our satisfaction, Data Protection Authority (reachable through www.garanteprivacy.it/) if you believe that we are processing your personal data in a manner contrary to law;
We will always comply with our legal obligations regarding your rights as a data subject so that you can fully exercise them. We will try to respond to you within a reasonable period of time and, in any case, within one month (or within the timeframe we will notify you immediately in the case of complex or numerous requests). We reserve the right to charge a reasonable fee (reflecting the cost of providing the information) or to refuse to respond when requests are manifestly unfounded or excessive: in this case, we will explain the situation and advise you of your rights. We also reserve the right to verify the identity of the requester to avoid sharing your personal information with unauthorized third parties.
Our goal is to ensure that the information we hold about you is always accurate. To help us keep your information current, you should take care to inform us of any changes in your personal information. Following a report or request from you, we will ensure that the personal information we hold about you is accurate and up-to-date.
Automated decisions and profiling
We do not use processing of personal data that results in decisions based entirely and solely on automated processing of your personal data. We do not use any profiling systems or tools to process your data, nor do we use wholly automated decision-making processes that are based on your personal data.
Links to other websites
Our Site and App may contain links to other sites, apps, or platforms, including through “social” buttons. While we make every effort to ensure that such links are always directed to sites, apps, or platforms that share our high standards for privacy, we are not in any case responsible for the content, security, or privacy policies of other websites, and a link on our Site does not constitute an endorsement of the site in question. Once you are transferred to another site, app, or platform, you are subject to their terms and conditions (including their privacy policy and underlying practices). We encourage you to review the terms of service and related privacy notices or policies applicable to these sites, apps, or platforms before sharing your personal information with them.
How we protect your data
INNOVA takes appropriate technical, physical, electronic, operational and administrative security measures to protect your personal information from unauthorized access. We follow industry-accepted standards to protect personal information provided to us, both during transmission and after receipt: for example, periodic testing of Platform security, segmentation and control of data access within the organization, and use of pseudonymization, anonymization, or encryption techniques. Unfortunately, the transmission of information via the Internet (including e-mail) is not always completely secure. Despite our constant efforts to ensure the maximum protection of your personal data, we cannot guarantee the security of your data when transmitting it to our Site, App or Platform, especially if the transmission is made by unsecured means. You therefore assume the risk arising from said transmission. Once we receive your information, we will use strict procedures and appropriate security features to prevent any unauthorized access or sharing.
Contact us
If you have any questions about your personal information, you can contact us:
- via our Contact Form on the Site,
- via e-mail to: privacy@checkmed.it,
- by mail to the address of our registered office: Milazzo (ME), Via Colonnello Bertè 100, 98057, or
- if you are a Registered Professional who has signed a Services Agreement, contacting our Customer Service Department as you would for other inquiries related to your Account.
- Section dedicated to Platform users (patients)
If you are a patient or user of our Site or App looking for information about professionals or facilities in the health care field, this section applies to you.
- A) What personal data we process; how we collect it; for what purposes, and on what legal basis, we process it
- Account creation and registration for use of our Services
We collect your personal information directly upon registration by you on our Site or App, for use of the Services, or booking a visit or appointment through the Platform. In fact, at the time of registration or booking, we ask you to provide basic data, including your email address and phone number. You can also register using social platforms such as Facebook or Google, in which case you will be asked to allow those companies to share some of your personal information with us (as indicated on the registration page). You can also add additional information such as your first name, last name, gender, or phone number. We save this information in our systems to enable you to use the Services.
Our Services allow you, among other things, to: book visits, send messages and/or chat with specialists, save your personal information in your CheckMED Account, and post your opinion about your experience during your visit on the Site. You can also check your visit history, and manage your Account.
From your User Account in the App, you can manage automatic and system notifications (e.g., pop-up windows).
When you register to use our Services, or book a visit or appointment, you then accept the Terms of Service by clicking in the relevant box, and thereby enter into a legally binding contract. The need on our part to enforce the obligations of that contract and to enable you to access the Services is a valid legal basis for processing your personal data, as specified in Article 6.1(b) of the GDPR.
- Communications
As a user of the Services with your own Account, you will receive communications from us regarding topics that may be of interest to you (i.e., closely related to the Services you use): for example, communications regarding new features, new products, additional or ancillary Services, promotions, news and other topics related to the Services or news regarding INNOVA initiatives that may be of interest to you.
The legal basis for sending such communications (via phone message or email) is legitimate interest under Article 6.1(f) of the GDPR. Nonetheless, since these are communications of a potentially commercial nature, you will always have the right to object to receiving them, in which case we will stop contacting you, except for (a) service communications sent by your physician through our Platform relating to visits or appointments you have booked through the Platform (e.g., reminders, cancellations, requests from the specialist, invitations to review), which originate from your physician (who uses our Services) and not from us (see Section II(D) of this Notice “We also act as a “data controller” on behalf of specialists and clinics”) ; and/or (b) other service-related, non-commercial communications relating to your Account or the Services (e.g., changes to contract terms, malfunction notifications, legal or regulatory messages).
Other data and purpose of processing
As part of your use of the Site, App or Platform, we may obtain other types of data, including, for example: information about your device (computer or cell phone), IP address, time zone and language, or the browser you use. We will also collect information related to the timing, manner, and duration of your use of the Services (first and last use, length of session in the Account). If you use the App, we may also obtain data about your location via GPS (you will always have the option to disable this feature directly on your mobile device).
We will treat these technical datasets (the “Metadata“) for:
- Respond to, and defend us against, any claims (yours or any third party’s) relating to the Services and your use thereof, and/or
- manage and plan our business activities (e.g., for how our users will use our Services in the future and estimate trends about their needs and preferences). In this case, in most cases the data used will be anonymized (e.g., how you browse our website), but in some cases the data, if read together with other data, could reveal your identity.
We process this information on the basis of our legitimate interests, which is a legal basis for processing personal data under Article 6.1(f) of the GDPR. Remember that you will have the right to object to the processing of this data at any time.
- B) Do we process data related to your health status?
In some of the following cases:
- when you book a visit or appointment with a specialist or clinic using the Platform,
- If you choose to save your personal information in your Account,
- If you write a review on the Site that includes personal health information,
- If, through the Platform, you initiate a chat conversation with a specialist or send one or more communications to the specialist sharing information related to your health status, and/or
- In the event that you use features or Services similar to those listed above,
we may obtain access to personal data related to your health status, which are deserving of specific protection under the GDPR.
We will therefore need your prior consent to process this data, which we will ask you for from time to time. Your consent is, in this case, necessary to be able to use the above-mentioned Services; in fact, we could not provide it to you without being able to process this data. The processing of your health data on the basis of your consent is in accordance with Article 9.2(a) of the GDPR. You may withdraw your consent at any time, in which case, however, we will not be able to continue to provide you with the Services for which the sharing of such data is necessary.
- C) Is it possible to provide personal data of other people?
If you book a visit or appointment on behalf of another person (for example, for a minor family member), you authorize us to collect that person’s personal data. We will process his or her personal data for the same purposes for which we process yours, applying the same policies and security measures.
- D) We also act as “data controllers” on behalf of specialists and clinics
We provide several services to physicians and clinics. Our Services allow our client physicians and clinics, among others, to upload and save patients’ personal data, information about patients’ visits, and information regarding their health status. They also allow them to send communications and text or email messages to patients via our Platform and to manage their work schedules.
When we process your data on the instructions of the physician or clinic our client you have approached (and not because you have used our Services directly or created an Account with us), and your patient data is transmitted to us by them, we are simply acting as a data controller (within the meaning of Article 28 of the GDPR), on behalf of and for our clients, and always and only on the basis of their instructions and directions; never for our own independent purposes.
This also applies to specialists and clinics who send you headshots, emails, advertising campaigns, or similar communications through our platform: they, and not we, decide whether or not to send them to you. We do not take responsibility for these communications, nor for the processing of your personal data by specialists or clinics or the existence of an adequate legal basis for the same.
If you do not wish to receive such messages, or want to exercise your rights regarding your personal information processed by your specialist or clinic, we suggest that you contact the doctor or clinic that sent you the message asking them not to be contacted.
- E) Retention and deletion of your data
With regard to personal data provided by you under Sections II(A), (B), and (C) above, which we process as “data controller” (within the meaning of the GDPR) on the basis of our direct relationship with you, we will retain it in our systems only as long as necessary for the purposes stated above or as long as necessary to comply with legal obligations to which we are subject.
The period for which we retain your information will vary depending on the type of information and the purposes for which we use it. In general, we will keep our records for up to 6 years after your relationship with us ends in order to comply with our legal obligations. Please see the following table for more information:
III. Section dedicated to health professionals registered on the Platform.
If you are a physician or health professional who uses the Platform and Services in a professional capacity, and you have registered on the Platform by creating your Account (a “Registered Professional”), possibly having also entered into a Services Agreement, the following provisions apply.
- A) What personal data we process; how we collect it; for what purposes, and on what legal basis, we process it
- Account creation, registration on the Platform, and use of the Services
You provide us with your information when you register on the Platform (creating your Account) and begin using our Services, and/or when you enter into a Services Agreement on your part. Alternatively, we may have obtained your personal data from the clinic or facility for which or in which you work, in the event that it was the latter that entered into a Services Contract (in which case, your data has been disclosed to us under the sole responsibility of that facility; you will then need to contact that facility to object to the processing or revoke your consent to the sharing of your personal data with us).
When you register on the Platform, or when you or the facility you work for enter into a Services Agreement, we will collect data about your professional activities and other information useful for creating your Account and profile on the Platform, which will be visible to users. The information you provide may include or relate to, among other things:
- your first and last name,
- The address where you conduct your professional activity,
- your email address and/or phone number used to conduct your professional activities;
- your training and specialty and the medical field or type of health care activity or type of diseases you deal with,
- your professional license number (the one that allows you to practice medicine),
- your image,
- Your patients’ opinions or reviews of their experience with you, and
- any other information you provide to us during the process of registering on the Platform or entering into a Services agreement.
If you have signed a Services Agreement and/or have enabled the booking calendar and/or telemedicine or other paid features on the Platform, we will ask you to provide us with additional information necessary for the provision of our Services, for example: hours of receipt; payment methods you have accepted; and information related to arranging visits.
As part of the Services, and for the purpose of giving greater visibility to your profile on the Platform, we may include your professional information, first and last name, specialty, and address in certain search engines (including Google or Google My Business) and online maps (including Google Maps). You will always be able to object to this type of use, simply by notifying us of your objection. You will have the ability to manage your profile on this platform directly and independently, and decide what personal data will be published there.
When (a) you register on the Platform to use our Services, and then accept the Terms of Service by clicking in the relevant box, or (b) a Services Agreement is signed by you or the facility for or in which you work, a legally binding contract is produced. The need on our part to perform the obligations of such a contract and to enable (you or the health care facility) to access the Services, is a valid legal basis for the processing of your personal data, as specified in Article 6.1(b) of the GDPR.
If you (or the facility for or in which you work) have entered into a Services Agreement, additional information regarding the processing of your personal data, and the personal data of third parties that you may provide to us as part of your use of the Services, can be found in the Services Agreement.
- Communications
As a Registered Professional our client, you will receive communications from us regarding topics that may be of interest to you (i.e., closely related to the Services you use): for example, communications regarding new features, new products, additional or ancillary Services, promotions, news and other topics related to the Services or news regarding Docplanner Group initiatives that may be of interest to you.
The legal basis for sending such communications (via phone message or email) is legitimate interest under Article 6.1(f) of the GDPR. Nonetheless, since these are communications of a potentially commercial nature, you will always have the right to object to receiving them, in which case we will stop contacting you, except for communications of a non-commercial nature related to your Account, the Services or the Services Agreement (for example: changes to contract terms, malfunction notifications, messages of a legal or regulatory nature).
- Other data and purpose of processing
As part of your use of the Services, we may obtain other types of data, including, for example: information about your device (computer or cell phone), IP address, time zone and language, or the browser you use. We will also collect information regarding the timing, manner, and duration of your use of the Services (first and last use, duration of session in the Account).
We will treat these technical datasets (the “Metadata“) for:
- Respond to, and defend us against, any claims (yours or any third party’s) relating to the Services and your use thereof, and/or
- manage and plan our business activities (e.g., for how our customers will use our Services in the future and estimate trends about their needs and preferences). In this case, in most cases the data used will be anonymized (e.g., how you browse our website), but in some cases the data, if read together with other data, could reveal your identity.
We process this information on the basis of our legitimate interests, which is a legal basis for processing personal data under Article 6.1(f) of the RGPD. Remember that you will have the right to object to the processing of this data at any time.
- B) Retention and deletion of your data
Regarding the personal data you provide when registering on the Platform or as part of the provision of the Services, which we process as “data controller” (under the GDPR) on the basis of our relationship with you, we will retain it in our systems only as long as necessary for the purposes stated above or as long as necessary to comply with legal obligations to which we are subject.
The period for which we retain your information will vary depending on the type of information and the purposes for which we use it. In general, we will keep our records for up to 6 years after your relationship with us ends in order to comply with our legal obligations. Please see the following table for more information:
Cookie Policy on CheckMED
This page describes what information is collected by us through cookies, how we use it, and why we sometimes need to store and retain these cookies. We also explain on this page how to prevent these cookies from being stored, even though doing so may reduce or “stop” some elements and functionality of the website.
What are cookies?
Cookies are small files that are downloaded to your computer or any other device you use to browse our website. Almost all professional websites use cookies. Usually, a cookie includes the following information: the name of the website you are coming from; how long the cookie will remain on your computer or device; and a value (usually a unique randomly generated number). Some cookies may include additional data, particularly related to the time zone or language used when browsing websites.
What kind of cookies do we use?
Some cookies are always on when you visit us and you cannot turn them off unless you change your browser settings. We call these cookies necessary. We use them to make sure our digital services work properly and enable core website functionality, such as user sign-in and account management. They are also useful for analyzing how our platform is used by users.
We also use functional cookies to make your experience more user-friendly, especially to store your information on our websites and to personalize the content of our services.
We also use performance cookies to observe how our services are used and to obtain usage statistics.
We also use third-party cookies. These cookies may track how you use different Web sites, including ours. For example, you may receive cookies from a social media company when you access our Web site using a social media plug-in. You can turn off these cookies.
Marketing cookies used for targeted advertising: you can disable these cookies.
How do we use cookies?
We use cookies for a variety of reasons described below. To make the best use of our Web site, we recommend that you set your device to accept all cookies. However, using your device settings, you may be able to disable or limit certain types of cookies.
- Provide you with a better experience as a user: Cookies are used for a variety of things to help improve your online experience. They can help in a number of ways, including: ensuring our websites load faster, keeping you connected even on different devices, making logins faster and more accessible by remembering your customer details, remembering how you used our service previously, allowing you to book a visit with a doctor faster and in a more accessible way, or making sure our pages are optimized for your browser or device.
- Tailoring our services to your preferences: Cookies can help us present you with content that meets your interests and preferences. Cookies also help us personalize our website for you.
- Improving security: We use some cookies to ensure the security of our websites.
- Improving our Web sites: We use cookies to improve our services, predict how users use our Web sites, and to make the Web sites better for our users.
- Marketing: We use some cookies to provide you with ads on our services. We use these cookies in collaboration with our marketing partners (Google and Facebook).
Third-party cookies
We use third-party cookies to pursue our legitimate interests and to improve our Web sites for our users.
- We use Google Analytics. Google Analytics is widely used by many professional Web sites around the world. This tool helps us understand, predict and tailor our Web sites for our users and helps us manage our databases and improve our SEO.
- We use cookies from our partner HubSpot to present you with relevant information about our services and to help us know if the content you are provided with is of interest to you.
- We also use third-party cookies to measure the use of our Web site; in particular, these cookies may record how much time you spend on our Web site, how you browse etc.
- We also use third-party cookies to test our new features and products. These cookies help us ensure that you receive a satisfactory experience from our services.
- We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. In order for these to work, these social media sites, including Google and Facebook, will set cookies through our site that can be used to enhance your profile on their site or contribute data they hold for various purposes described in their respective privacy policies.
- We use technical solutions provided by Facebook and Google to better tailor our services and provide you with a better experience as a user.
How long do we keep cookies?
Depending on the type of cookie, some cookies are stored for a short period of time, while others are stored for longer periods. Below you will find more detailed information.
Session cookies: these cookies last only for a given session you have with us and are automatically deleted when you close your browser.
Persistent cookies: these cookies last even if the browser is closed or the device is turned off and are active for a period of time defined in the cookie. We use persistent cookies when we need to know who you are for longer than it takes for a single browsing session. For example, we use them to remember your preferences for the next time you visit our site.
Disabling cookies
You can prevent cookies from being set by changing your browser settings: you can find instructions on how to do this in the table below. Please note that disabling cookies will affect the functionality of this and many other websites you visit. Disabling cookies will usually also result in disabling some functionality and features of our services. Therefore, we recommend that you do not disable cookies.
Browser | Link to Settings | How you can manage cookies |
Google Chrome | https://support.google.com/chrome/answer/95647?hl=it-IT&p=cpn_cookies | Click on the three dots in the upper right corner and open “settings.” In the site settings click on “security and privacy” to manage cookies. |
Safari | https://support.apple.com/it-it/HT201265 | Go to the “preferences” settings page and click on “security.” In the “security” section you can manage your cookies. |
Microsoft Edge | https://support.microsoft.com/it-it/search?query=enable%20cookies%20in%20edge | Click on the three dots in the upper right corner and open “settings.” In the site settings click on “privacy, search and services” to manage cookies. |
Mozilla Firefox | https://support.mozilla.org/it/kb/Siti%20web%20e%20avviso%20di%20blocco%20dei%20cookie | Click on the three bars located in the upper right corner and open “options.” In the site options click on “security and privacy” to manage cookies. |
More information
We hope that all the information provided is helpful to you. If you would like more information, you can contact us at the following address.
E-mail: info@CheckMED.it