Privacy Policy and Cookies

Our Privacy Policy was posted on 06 January 2019 and last updated on 01 January 2020. It governs the privacy terms of our website, located at www.drhellers.com, and the tools we provide you (the “Website” or the “Service”). Any capitalized terms not defined in our Privacy Policy, have the meaning as specified in our Terms of Use accessible at www.drhellers.com/terms-and-conditions/.

 

Your Privacy

We take the protection of your personal data (hereinafter ‘data’) very seriously and respect the privacy of all persons who come into contact with us. We act in total transparency, in compliance with national and international provisions regarding data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the General Data Protection Regulation or GDPR): https://gdpr-info.eu/.

Our Website follows all legal requirements to protect your privacy. Our Privacy Policy is a legal statement that explains how we may collect information from you, how we may share your information, and how you can limit our sharing of your information. You will see terms in our Privacy Policy that are capitalized. These terms have meanings as described in the Definitions section below.

 

Definitions

Personal Data: Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies: Cookies are small pieces of data stored on a User’s device.

Data Controller: Data Controller means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

Data Processors (or Service Providers): Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

Data Subject: Data Subject is any living individual who is the subject of Personal Data.

User: The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

 

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data (list is not exhaustive)

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to: Email address, Phone Number, Data of Identification emitted by Public Services, National Identity Number, the Social Security Number, Name, Address, State, Province, ZIP/Postal code, City, Cookies and Usage Data.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data (list is not exhaustive)

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data (list is not exhaustive)

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use: session cookies (we use these cookies to operate our Service) and preference cookies (we use these cookies to remember your preferences and various settings).

 

Use of Data

We use the collected data for various purposes:

To provide and maintain our Service

To notify you about changes to our Service

To allow you to participate in interactive features of our Service when you choose to do so

To provide customer support

To gather analysis or valuable information so that we can improve our Service

To monitor the usage of our Service

To detect, prevent and address technical issues

To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

 

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

 

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your data may be transferred for billing purposes in the database of the Cliniques de l’Europe a.s.b.l., Avenue de Fré 206, 1180 Uccle according to the Belgium Laws. Your medical file from the virtual consultation or the medical office may be transferred to the healthcare document management system of the Cliniques de l’Europe a.s.b.l..

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

 

Disclosure Of Data

Business Transaction. If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

 

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We hereby inform you that the information you give us by phone, SMS, the contact form on the website, e-mail or by instant messaging service are not encrypted and might be visible to third parties. Please remain careful by sharing sensible medical data over these mediums.

All our databases are encrypted at rest with the industry standard 256 bit AES algorithm. Passwords are never stored in clear text, but hashed in an irreversible way. All laptops and computers of our employees are encrypted, and we enforce strict security protocols with them. Industry standard encryption for “data in transit” is applied in all communication, making sure that no 3rd person can intercept the communications between our platform and the user’s web browser when using the platform.

We advise you to use a virtual private network, VPN, when surfing on the internet in order to share no/less data.

We advise you to familiarize with the cookie and security settings of your browser. Please consult the help section of your web browser to understand your options, but please note that if you choose to disable the cookies, some features of our website or Services may not operate as intended.

 

Legal Basis for Processing Personal Data Under General Data Protection Regulation

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:

We need to perform a contract with you

You have given us permission to do so

The processing is in our legitimate interests and it’s not overridden by your rights

For payment processing purposes

To comply with the law

 

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. TermsFeed aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us (drhellers(at)outlook(dot)com).

In certain circumstances, you have the following data protection rights:

The right to access, update or to delete the information we have on you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your Personal Data.

The right of restriction. You have the right to request that we restrict the processing of your personal information.

The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data, you may contact us at the addresses given in the ‘Contact’ section.

You may lodge a complaint with the Belgian commission for the protection of privacy at the following address:
Autorité de protection des données
Rue de la Presse, 35 – 1000 Brussels
Tel.: +32 (0) 2 274 48 00 – Fax: +32 (0)2 274 48 35
Email: contact@apd-gba.be

You may also lodge a complaint with the Court of the First Instance in your home country.

For more detailed information on complaints and possible means of appeal, please go to the [Belgian] Data Protection Authority’s website: https://www.dataprotectionauthority.be/.

 

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

 

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

 

Social Media

Facebook-Plugin
We use the plugin Custom Facebook Feed from smash balloon (https://smashballoon.com/) on our website to inform you about our latest news and posts of the social network of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You may see our latest news even when you are not member of Facebook. In order to minimize the numbers of trackers and cookies we have minimized the functions (no Facebook Pixel, no like or share button). To our knowledge we disabled 6 tracker or promotion cookie and there is no longer any cookie active. When you visit our website a connection is establish to the Facebook server, in order to download the newest post. Facebook gets information, through your IP address that you visited our website. We advise you that we have no information from the content of the transferred data, nor the use of the data by Facebook. You should consider the data policy of Facebook (https://www.facebook.com/full_data_use_policy). If you do not want, that Facebook is able to attribute your visit on our website to your Facebook account, please log out from your Facebook account and clean your browser before and after visiting our website.

 

Social Media Link Button

Facebook
We use social media link buttons to Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland), in order to be redirected to our Facebook site. Data transmission is only done by clicking on the button, without clicking on the button no data is transmitted. We advise you that we have no information from the content of the transferred data nor the use of the data by Facebook. You should consider the data policy of Facebook (https://www.facebook.com/full_data_use_policy). If you do not want, that Facebook is able to attribute your visit on our website to your Facebook account, please log out from your Facebook account and clean your browser before and after visiting our website.

 

Instagram
We use social media link buttons to Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland), in order to be redirected to our Instagram site. Data transmission is only done by clicking on the button, without clicking on the button no data is transmitted. We advise you that we have no information from the content of the transferred data nor the use of the data by Facebook. You should consider the data policy of Instagram (https://help.instagram.com/155833707900388). If you do not want, that Instagram is able to attribute your visit on our website to your Instagram account, please log out from your Instagram account and clean your browser before and after visiting our website.

 

LinkedIn
We use social media link buttons to LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland), in order to be redirected to our LinkedIn site. Data transmission is only done by clicking on the button, without clicking on the button no data is transmitted. We advise you that we have no information from the content of the transferred data nor the use of the data by LinkedIn. You should consider the data policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy). If you do not want, that LinkedIn is able to attribute your visit on our website to your LinkedIn account, please log out from your LinkedIN account and clean your browser before and after visiting our website.

 

Twitter
We use social media link buttons to Twitter (Twitter International Company
Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland), in order to be redirected to our Twitter site. Data transmission is only done by clicking on the button, without clicking on the button no data is transmitted. We advise you that we have no information from the content of the transferred data nor the use of the data by Twitter. You should consider the data policy of Twitter (https://twitter.com/de/privacy). If you do not want, that Twitter is able to attribute your visit on our website to your Twitter account, please log out from your Twitter account and clean your browser before and after visiting our website.

 

Appointment Service

Webba Booking
We use the WordPress plugin of Webba Booking for booking of a virtual consultation. To our best knowledge, their are no connections to the developer of this plugin. All the entered information like Name, Identification Number, Email-address, Phone Number are only stored on our web page server. All entries are deleted immediately after the appointments. Stripe a payment service provided by Stripe Inc., which allows users to make online payments is integrated in the Webba Booking plugin. Personal Data collected: various types of Data as specified in the privacy policy of the service. Place of processing: See the Stripe privacy policy: https://stripe.com/de-be/privacy, https://stripe.com/privacy-shield-policy, https://stripe.com/privacy-center/legal. Payment processing services enable Us to process payments by credit card, bank transfer or other means. To ensure greater security, We only shares the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of our services may also enable the sending of timed messages to you, such as emails containing invoices or notifications concerning the payment.

 

Doctena
We use the Doctena.be and the Doctena.lu plugin for booking of a consultation. When you proceed to a booking with Doctena.com, you agree on their terms of use and privacy policy: https://privacy.doctena.com/
Extract of data which are proceeded by Doctena:
Doctena defines the following services as part of the sub-contracted processing activities which are always to be taken together:

  • (i) Management of patient’s data regarding his/her doctors’ appointment and follow-up services;
  • (ii) Management of the doctor’s agenda/calendar; Including Gateway interfaces used by Gateway partners.
  • (iii) Management of the IT infrastructure, software, maintenance and administration related to the Principal Agreement services.

The nature of operations carried out on the data for the purpose of (i), (ii) and (iii) are:

  • Collection, storage and modification of personal information of patient required by the doctor to organize the appointment
  • Search of patient account using one of its stored personal data
  • Communications with data subject regarding appointment using email or (mobile) number
  • Data imports into Doctena services using Doctor provided structured data (e.g. Onboarding)
  • Automated backup of data

The category of data subject is: Patients.
Because there are multiple types of data that can enter into our systems as part of your usage, we include the most common data categories typically used in our system as part of the data processing agreement. This does not mean you or patients are obliged to share all types of data, but that Doctena is authorized to process on behalf of the practitioner in case it is entered into our doctor/patient notes or during general use of our system. These are the categories and types of data that can be collected by our service

  1. Personal data of identification: name, title, email, address (private and professional), previous addresses, (mobile) phone number (private, professional), identifiers attributed by
    the Controller;
  2. Personal details: age, sex, date of birth, place of birth, registry office and nationality;
  3. Data of electronic identification: IP addresses, cookies, moments of connection, electronic signature;
  4. Data relative to the care: data relative to resources and procedures used for the medical and paramedical care of the patients (e.g. doctor/patient notes, reason of visit);
  5. Details of the other members of the family or the household: children, supported people, other members of the household, information on parents and relatives;
  6. Pseudonymization: Controls to protect Confidentiality, Integrity and Availability of data (e.g. hashed credentials).
  7. (only if option is activated) Data of identification: emitted by public services, e.g. national identification number, social security number, number of ID card, passport.

 

Virtual Consultation Services

Doctena
We offer a virtual consultation service by Doctena.be. You agree in reservation for a virtual appointment that your data is transferred in the database of Doctena.be (view also above Appointment Service Doctena). By connecting to the virtual consultation, you agree on the terms and conditions and the privacy settings (https://privacy.doctena.com/).

 

Jitsi
Before using the service of the virtual conference on Jitsi Meet, take notice of the service and agree on their security and cookie policies: https://jitsi.org/news/security/, https://jitsi.org/meet-jit-si-terms-of-service/, https://jitsi.org/meet-jit-si-privacy/.
Jitsi Meet is a fully encrypted, 100% open source video conferencing solution. It uses the WebRTC protocol of your internet browser. There is no need to have an account.
WebRTC is the most secure voice and video calling technology available today on the market. It works with Chrome and most of Chromium based browser like Opera and Firefox. Browsers from Microsoft and Apple might have connection problems. When using Jitsi on a mobile device the Jitsi Meet application offers more comfort. The application can be downloaded in the Android or Apple market. You may also download the application form the f-droid repository for android phones.
All meeting rooms are ephemeral: they only exist while the meeting is actually taking place. They get created when the first participant joins and they are destroyed when the last one leaves. If someone joins the same room again, a brand new meeting is created with the same name and there is no connection to any previous meeting that might have been held with the same name. The meeting room will be password protected, the password will be changed in each room.
Jitsi meetings can operate in 2 ways: peer-to-peer (P2P) or via the Jitsi Videobridge (JVB). This is transparent to the user. P2P mode is only used for 1-to-1 meetings. In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers.
In the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using DTLS-SRTP). Packets are decrypted while traversing Jitsi Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting.
Any information they choose to enter, such as their name or email address is purely optional and is only shared with other meeting participants. We do not retain this information after the meeting.
Other pieces of data such as the chat, or speaker stats, for example, are stored for the duration of the meeting and then destroyed when it ends.
Jitsi is currently using Amplitude, Datadog and Crashlytics to cover various aspects of the apps and the infrastructure on meet.jit.si. Things that we track in analytics include, an anonymous identifier, bitrate, available bandwidth, SDP offers and answers, product utilization events, mobile app crash dumps  (how much various product features are used overall). Most importantly, once your meeting is over Jitsi does not retain any names, e-mail addresses or profile pictures.
WebRTC allows users to set up video connections directly between browsers and devices without the use of plugins. The protection provided by the browser is an important differentiator from other video conferencing technology. Browsers help to add security protection in a number of ways:
Without WebRTC, a plug-in must always be installed on the client’s computer/device prior to starting a video conference. This adds a level of risk to the video conference for a couple of reasons. First, nefarious actors are able to design malicious plug-ins that are designed to put you at risk. While some of these can be easy to spot, others are disguised to look like their reputable counterparts. Second, even reputable plug-ins can have vulnerabilities. They may serve a legitimate (and useful) purpose but they can have vulnerabilities that could be exploited by a third party. WebRTC is inherently safer, because it does not use plug-ins. It removes the risk associated with malware or other undesirable software installations that may be disguised as a plug-in.
Major browser vendors like Apple, Google, Microsoft and Mozilla take security very seriously. When a security risk is discovered internally by their teams, or externally by hunters for bug bounty programs,  they create and deploy patches extremely quickly, often far quicker than UC platform vendors. While security loopholes can still theoretically be uncovered, users of WebRTC can remain confident that those issues will be addressed expediently and automatically.
The major browsers also offer automatic software updates. This allows any potential security threats to be addressed without the end-user needing to opt-in to the update. Relying on your employees or other end users to stay up to date with software updates is inherently unreliable. While some users may be diligent with their updates there are others who will ignore, delay or forget which can put organizations at risk. WebRTC security benefits from automatic browser updates mitigating all of this risk.
The WebRTC specification takes active measures to ensure the security level. First, it is not possible for a WebRTC application to arbitrarily gain access to your camera or microphone without your consent. While an application or website is allowed to ask the user for one-time or permanent access, it is not able gain access without express permission. When a media request is made, a pop-up window will ask your permission to access your device before transmitting any information. Furthermore, whenever a device is in use, WebRTC requires that the browser UI clearly indicates when a microphone or camera is in use so you can be sure that there is no risk of potential eavesdropping.
Encryption is mandatory part of WebRTC and is enforced on all aspects of establishing and maintaining a connection. It makes it effectively impossible for someone to gain access to the contents of a communication stream because all media streams are securely encrypted through standardized and time-tested encryption protocols. Only those applications with the secret encryption key are able to decode the streams.
WebRTC has taken security a step further by introducing new requirements that stipulate that WebRTC enabled connections can only be established over a secure connection. This means that all WebRTC applications must be (Hypertext Transfer Protocol Secure) HTTPS compliant.
The S in HTTPS is responsible for authenticating the website as well as encoding data exchanges on the website to protect your data transmissions from hackers or other malicious parties. This means that not only does the page need to be secure in order for a connection to be established, it also means that the server you communicate with from that page also needs to be secure.

 

Map Service

We use the plugin Leaflet Map to display a map on our website to display a high resolution map. The plugin uses maps form the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The maps are located on the servers of the OpenStreetMap Foundation and not hosted on the local server. In order to display the map a connection is established and to our knowledge the IP address is transmitted. No other information (like geolocation tracking or telemetry) are transmitted by our knowledge. We advise you to refer to the policy of the OpenStreetMap Foundation (https://wiki.osmfoundation.org/wiki/Privacy_Policy).

 

Cookie Table

Please find below the stored cookies:

Session Cookies

NameDomainPathValue
__stripe_sid.meet.drhellers.com/787c2dd1-43a6-48c6-ade4-587fb61b6a29
_gat_doctena.doctena.com/1
PRODDOCTENASESSID.doctena.lu/kohegqtgfcj09vv68s2qsuso21

Stored Cookies

NameDomainPathExpirationExpiration in daysValue
_gid.doctena.com/1GA1.2.943110956.1586785618
_ga.doctena.com/730GA1.2.191386802.1586785618
mm.stripe.com/3650041296d4-a927-4bc2-bbdc-17719a2810a1
__stripe_mid.meet.drhellers.com/365212344e8-123d-4aa1-b20d-0ad3dd3cc196

Third-Party Session Cookies

NameDomainPathValue
_gat_doctena.doctena.com/1
PRODDOCTENASESSID.doctena.lu/kohegqtgfcj09vv68s2qsuso21

Third-Party Stored Cookies

 

NameDomainPathExpirationExpiration in daysValue
_gid.doctena.com/1GA1.2.943110956.1586785618
_ga.doctena.com/730GA1.2.191386802.1586785618
mm.stripe.com/

 

 

3650041296d4-a927-4bc2-bbdc-17719a2810a1

Third-Party Domains That Install Cookies

 

DomainAlgorithm
doctena.comReal Cookie Installed
m.stripe.comReal Cookie Installed
doctena.luReal Cookie Installed

 

Links To Other Sites (list is not exhaustive)

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

 

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

 

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

 

Contact Us

If you have any questions about this Privacy Policy, please contact us by using the contact information we provided on our Contact page.