Privacy Policy

Effective Date: 17/07/2025

Last Updated: 17/07/2025

At DocOnTrip, your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, mobile app, and services, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Information We Collect

We collect various types of information to provide and improve our services to you:

  • Personal Identification Information: Name, email address, phone number, gender, date of birth.
  • Account Information: Username, password (encrypted), profile photo (if applicable).
  • Medical & Health-Related Information: Health-related details provided by you when booking appointments, appointment history, consultation notes (shared by doctors with your explicit consent or as legally required), feedback related to medical services. We process this sensitive data with the utmost care and under strict confidentiality obligations.
  • Usage Data: Information about how you access and use the platform, such as your IP address, browser type, device information, operating system, pages visited, time spent on pages, and referring URLs.
  • Location Data: If you enable location services on your device, we may collect precise or approximate location data to show nearby doctors or relevant services.

2. How We Use Your Information (Legal Bases for Processing)

We use your information for the following purposes, based on specific legal grounds:

  • Contractual Necessity: To book and manage doctor appointments; to share relevant information with doctors for your consultation; to send appointment confirmations, reminders, and updates; to provide customer support and respond to your requests.
  • Legitimate Interests: To improve our platform, user experience, and services (e.g., analytics, troubleshooting); for security purposes (e.g., fraud prevention, maintaining integrity of our services).
  • Legal Obligation: To comply with legal or regulatory obligations (e.g., tax, reporting, patient safety requirements) and respond to lawful requests from public authorities.
  • Your Consent: For specific purposes where we explicitly ask for your consent, such as sending marketing communications or processing certain sensitive health data beyond what is strictly necessary for the medical consultation itself. You have the right to withdraw your consent at any time.

3. Sharing Your Information

We may share your personal information with:

  • Doctors or Clinics: To facilitate your appointments and enable them to provide medical services. These professionals are bound by strict medical confidentiality and data protection obligations.
  • Service Providers: Trusted third-party service providers who perform functions on our behalf, such as hosting, data processing, analytics, payment processing, and communications (e.g., SMS/email providers). These providers are contractually obligated to protect your data and only use it for the purposes we specify.
  • Legal Authorities: When required by law or in response to valid legal processes (e.g., court order, subpoena) or to protect our rights, property, or safety, or the safety of others.

We do not sell or rent your personal information to third parties for their marketing purposes.

4. Data Security

We are committed to protecting your personal information. We implement industry-standard security measures, including:

  • Encryption: Data is encrypted both in transit (e.g., via SSL/TLS) and at rest.
  • Secure Servers: Our data is stored on secure servers with restricted access.
  • Access Controls: Strict internal policies and procedures limit access to your data to authorized personnel only.
  • Regular Audits: We regularly review our security practices to ensure ongoing protection.

While we strive to use commercially acceptable means to protect your Personal Information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. International Data Transfers

As DocOnTrip operates internationally and serves users across different jurisdictions, your personal data may be transferred to, and stored at, a destination outside of your country of residence, including to countries that may not have the same level of data protection laws as your jurisdiction (e.g., outside the European Economic Area).

Where such transfers occur, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure that your personal data remains protected and is handled in accordance with this Privacy Policy and applicable laws.

6. Your Rights and Choices

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal information.
  • Right to Erasure (“Right to be Forgotten”): Request the deletion of your account and personal data, under certain conditions.
  • Right to Restrict Processing: Request that we limit the way we use your personal information.
  • Right to Data Portability: Receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: Object to the processing of your personal information, particularly for direct marketing purposes.
  • Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us at contact@docontrip.com. We will respond to your request within the timeframes required by applicable law.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy, including for the provision of services, compliance with legal obligations (e.g., medical record keeping, tax laws), dispute resolution, and enforcing our agreements. Specific retention periods vary depending on the type of data and the purpose of processing.

8. Children’s Privacy

DocOnTrip is not intended for use by individuals under the age of 16 without appropriate parental or guardian consent. We do not knowingly collect personal data from minors under 16 without verifiable parental consent. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

9. Third-Party Links

Our platform may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for their privacy practices, content, or any issues arising from their use. We encourage you to review the privacy policies of these third parties before providing any personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated “Last Updated” date. We recommend reviewing this page periodically to stay informed about how we are protecting your information. For significant changes, we may notify you through prominent notices on our platform or via email.

11. Contact Us

If you have questions or concerns about this Privacy Policy or how your information is handled, please contact us:

  • Email: contact@docontrip.com
  • Postal Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Scroll to Top