Privacy Policy
At DoxOnCall.ie, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal and medical information when you use our website and online consultation services.
1. Information We Collect
We may collect the following types of information:
a. Personal Information
Information you voluntarily provide when booking a consultation or contacting us, such as:
- Name
- Email address
- Phone number
- Address
- Appointment details
- Any information submitted through contact forms
b. Health-Related Information
As an online medical service, if you submit details related to your health, symptoms, or medical history, this information is handled confidentially and securely in compliance with medical data protection laws.
c. Automatically Collected Information
When you visit our website, we automatically collect IP address, browser type, device information, pages visited, and cookies. This helps us improve website performance and user experience.
2. How We Use Your Information
We may use the information we collect to:
- Provide and improve our medical services (Video & Audio Consultations).
- Respond to inquiries and support requests.
- Process appointments and issue prescriptions or medical certificates.
- Send appointment updates or important notifications.
- Improve our website experience.
- Ensure safety, security, and compliance.
We do not sell your personal information to anyone.
3. Cookies And Tracking Technologies
Our website uses cookies to remember user preferences, analyze website traffic, and improve website performance. You can disable cookies anytime through your browser settings, but some features of the platform may not work properly.
4. Sharing Your Information
We only share your information in the following cases:
- With trusted service providers (e.g., pharmacies for prescriptions, secure payment processors, and hosting services).
- When required by law or legal authority.
- To protect our company, users, or the public.
- With your explicit consent.
We never share your health-related information without permission unless legally required.
5. Data Protection And Security
We use industry-standard security measures to protect your data, including:
- Secure Patient Portal for all consultations.
- Secure servers.
- Encryption where applicable.
- Strict access controls.
However, no online system is 100% secure. We take all reasonable steps to protect your information.
6. Your Rights
Depending on your location (and under GDPR regulations), you may have the right to:
- Access the personal data we hold.
- Request corrections or deletion.
- Withdraw consent.
- Opt out of communications.
To exercise these rights, please contact us at support@doconcall.ie.
7. Links to Third-Party Websites
Our website may include links to external websites. We are not responsible for their privacy practices. Please review their policies before providing any information.
8. Children’s Privacy
Our website and services are not intended for children under 18 without parental supervision. We do not knowingly collect information from children directly. If we learn that a child’s data was collected without guardian consent, we will delete it immediately.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated date.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us:
DoxOnCall.ie
Email: support@doconcall.ie
Website: www.doxoncall.ie
Service Area: Nationwide Ireland
Telemedicine-specific processing supplement
Categories of personal data we process
- Identity — name, date of birth, phone, email
- Address — for cert addressing and service-area validation
- Health data (special category, Article 9) — symptoms, history, prescriptions issued, sick certificates issued, diagnoses recorded, photos uploaded for dermatology / paediatric review
- Payment metadata — payment status, transaction reference (no card numbers — handled by Stripe)
- Technical data — IP address, browser, device, basic usage analytics
Lawful basis
- For booking + consultation delivery: Article 6(1)(b) contract with you, plus Article 9(2)(h) provision of healthcare under professional secrecy
- For documentation we issue (sick certs, fit-to-work, prescriptions): Article 6(1)(c) legal obligation under Irish Medical Council professional standards
- For marketing emails (only if you opt in): Article 6(1)(a) consent
- For service improvement and aggregate analytics: Article 6(1)(f) legitimate interests
Third-party processors we use
| Processor | Purpose | Data shared |
|---|---|---|
| Amelia (TMS Plugins) | Booking and scheduling | Name, email, phone, appointment time |
| Stripe Payments Europe | Card payment processing | Payment metadata only — no card details touch our servers |
| HealthMail (HSE) | Encrypted prescription routing to Irish pharmacies | Patient name, prescription details, nominated pharmacy |
| Hostinger | Hosting and CDN | All site data at rest; encrypted in transit |
| Google Analytics 4 / Site Kit | Aggregate analytics | Anonymised usage events (consent-gated where required) |
| Rank Math | SEO meta — no personal data | — |
Each processor is bound by a Data Processing Agreement under Article 28 GDPR. Where any processor stores data outside the EU/EEA, transfers rely on Standard Contractual Clauses + supplementary measures (encryption in transit + at rest).
Retention
- Clinical record (consultation notes, prescriptions, certs): 8 years (Irish Medical Council professional retention)
- Booking + payment records: 7 years (Revenue Commissioners requirement)
- Marketing consent records: until withdrawn + 12 months
- Server access logs: 30 days
- Backups: rolling 30 days, encrypted at rest
Your rights under GDPR
You have the right to: access (Subject Access Request), rectify, erase ("right to be forgotten"), restrict, port, and object. To exercise any of these, email dpo@doxoncall.ie or support@doconcall.ie. We respond within 30 days. Note: clinical records covered by the IMC 8-year retention obligation cannot be erased on request before that period.
Data breaches
If a breach is likely to result in a risk to your rights and freedoms, we notify the Data Protection Commission within 72 hours and notify you without undue delay. Our breach-response plan covers detection, containment, and forensic review.
Children
Children under 16 are seen only with a parent or guardian present and consenting. We do not market to children. The lawful basis for processing children's health data is parental consent + Article 9(2)(h) provision of healthcare.
International transfers
Personal data is processed primarily within the EU/EEA. Where any third-party processor transfers data outside the EEA (e.g., Google for analytics), the transfer is governed by the European Commission's Standard Contractual Clauses with technical and organisational safeguards.
How to contact us
Data Protection enquiries: dpo@doxoncall.ie
General support: support@doconcall.ie
To complain about how your data has been handled, contact the Data Protection Commission directly: dataprotection.ie