Appendix 1: Additional rights and information for individuals located in the EU or UK

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant? 

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

Purposes and legal bases for processing

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.  

Purpose of use / disclosure

Type of Data

Legal Basis for processing

To enable you to access and use our software, including to provide you with a login.

  • Identity Data
  • Contact Data 
  • Performance of a contract with you

To assess whether to take you on as a new client.

  • Identity Data
  • Contact Data 
  • Performance of a contract with you
  • To comply with a legal obligation

To work with you as a customer or supplier of our business, including to manage your appointments.

  • Identity Data
  • Contact Data
  • Performance of a contract with you

To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us.

  • Identity Data
  • Contact Data
  • Profile Data
  • Performance of a contract with you

To contact and communicate with you about any enquiries you make with us via our website.

  • Identity Data
  • Contact Data
  • Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions

For internal record keeping, administrative, invoicing and billing purposes.

  • Identity Data
  • Contact Data
  • Financial Data 
  • Transaction Data
  • Performance of a contract with you
  • To comply with a legal obligation
  • Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms of business and any other administrative points

For analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms.

  • Profile Data
  • Technical and Usage Data
  • Legitimate interests: to keep our website updated and relevant, to develop our business, improve our business and to inform our marketing strategy

For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.

  • Identity Data
  • Contact Data
  • Technical and Usage Data
  • Profile Data
  • Marketing and Communications Data 
  • Legitimate interests: to develop and grow our business

To offer additional benefits to you.

  • Identity Data
  • Contact Data
  • Profile Data
  • Interaction Data
  • Marketing and Communications Data 
  • Legitimate interests: to facilitate engagement with our business and grow our business

If you have applied for employment with us, to consider your employment application.

  • Identity Data
  • Contact Data
  • Professional Data
  • Legitimate interests: to consider your employment application

Where you use our platform COVIU to provide health services.

  • Technical and Usage Data
  • Profile Data
  • Professional Data
  • Performance of a contract with you
  • To comply with a legal obligation

Where you use our platform COVIU to access health services.

  • Technical and Usage Data
  • Profile Data
  • Performance of a contract with you
  • To comply with a legal obligation

To comply with our legal obligations or if otherwise required or authorised by law. 

 
  • To comply with a legal obligation

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

Data Transfers 

The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

  • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
  • including standard contractual clauses in our agreements with third parties that are overseas.

Data retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Extra rights for EU and UK individuals

You may request details of the personal information that we hold about you and how we process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation. 

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out above in our Privacy Policy

 

For any questions or notices, please contact us at:

Data Privacy Officer (privacy@coviu.com)

 

 

Are you a provider or a patient?

PROVIDER Patient

Have Questions? Contact Us

Telehealth for Enterprise

For organisations with 25+ Providers

TALK TO US

People-2-final

As a patient, you do not need to sign up to a Coviu account. Your healthcare provider will use their account and send you a link to join at the time of your consultation.

Learn how to join a Coviu Call

Chat to your provider about using Coviu