Last updated: November 11, 2020
Regardless of how You use this website or the Doxy.me Service, this section defines certain terms that are used throughout this policy.
For the purposes of this policy:
- You means the individual accessing or using the Doxy.me Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. You must be at least 18 years of age in order to use the Service.
- Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Doxy.me, LLC, 3445 Winton Pl, Ste 120, Rochester, NY 14623.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
- Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
- Personal Data is any information that relates to an identified or identifiable individual.
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing (among other things) the details of Your browsing history and/or connection information when using the Service.
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- User is someone accessing the Website as a guest, a Provider, or a Patient.
- Protected Health Information (PHI) means any health-related information as defined by applicable law.
Terms specific to the Doxy.me Service are:
- Service refers to the software product accessible from the Website.
- Provider means a doctor, medical group, or other healthcare professional who has signed up as a “Provider” on the Doxy.me Service.
- Patient refers to an individual who is using the “Patient” component of the Service using a unique URL sent by the Provider to view the Waiting Room (prior to the Session).
- Account means a unique account created for You to access our Service or parts of our Service. This may also be referred to as Your Clinic.
- Website refers to doxy.me, accessible from http://doxy.me
- Session is secure audio and/or video communication between the Patient and the Provider—the key feature of the Doxy.me Service.
- Waiting Room is the web page that is seen by Patients prior to the beginning of a video session. The Provider may change the look and feel of the Waiting Room and upload Provider-specific content.
- Provider Link is the unique URL (web address) that the Patient uses to enter the Provider’s Waiting Room prior to a Session. An example is https://Yourclinic.doxy.me/DrSmith
New Zealand Privacy Act 2020
This Bill repeals and replaces the Privacy Act 1993, as recommended by the Law Commission’s 2011 review of the Act. Its key purpose is to promote people’s confidence that their personal information is secure and will be treated properly. The Bill is expected to become law in December 2020 when it will be known as the Privacy Act 2020 (the “Act”).
The Act will regulate the collection, use, and disclosure of information about individuals. The Act retains the 1993 version’s 12 information privacy principles, which seek to protect people’s privacy, while also accommodating legitimate information use by government, firms, and other organizations.
If a person thinks his or her privacy has been breached resulting in harm, he or she can complain to the Privacy Commissioner. The Privacy Commissioner will then attempt to resolve the dispute. If it is not resolved, the person may take the complaint to the Human Rights Review Tribunal and may seek compensation.
The Act introduces additional way to enforce the information privacy principles. For example, the Privacy Commissioner will be able to make binding decisions on complaints about access to information and issue compliance notices. The Bill also requires agencies (the name used for any entity handling personal information) to notify the Privacy Commissioner and affected individuals of any unauthorized access to or disclosure of personal information where that poses a risk of harm.
What follows is how doxy.me is compliant with the Privacy Act 2020. The list isn’t exhaustive. Only the fundamental clauses are described.
New Zealand can make or receive a request for mutual assistance from any country, and there is no need for countries to be prescribed in regulations. This means that personal data may be sent overseas provided that the agency receiving and processing the data adheres to the Act. New Zealand has declared by regulations a number of countries to be prescribed foreign countries that include the United States of America. See Information Privacy Principle 12.
Information privacy principle 3
Collection of information from subject
When We collect personal information, we take any steps that are, in the circumstances, reasonable to ensure that the individual concerned is aware of (a) the fact that the information is being collected; (b) the purpose the purpose for which the information is being collected; and (c) the intended recipients of the information. You have the right to access and correct the information You provide to Us.
Information privacy principle 5
Storage and security of personal information
We use security safeguards to protect Your information from (a) loss; (b) unlawful or unintended access, modification, or disclosure; and (c) other misuse.
Information privacy principle 6
Access to personal information
Upon an individual’s request, We will confirm or deny whether We have any information about the individual. If We do, We will deliver or correct the information if the individual cannot do it themselves in the Service. The individual must be satisfactorily identified before personal information can be sent.
Information privacy principle 7
Correction of personal information
Upon an individual’s request, We will correct the personal information if the individual cannot do it themselves in the Service. The individual must be satisfactorily identified before personal information can be sent.
Information privacy principle 8
Accuracy, etc, of personal information to be checked before use or disclosure
We will not use or disclose personal information without taking reasonable steps to ensure that the information is accurate, up to date, complete, relevant, and not misleading. Also, We will not hold personal information for longer than is required for the purposes for which the information may lawfully be used.
Information privacy principle 10
Limits on use of personal information
We will only process personal information for the purpose with which the information was obtained.
Information privacy principle 11
Limits on disclosure of personal information
We will not disclose the personal information to any other agency or to any person unless We reasonable believe that (a) it is for the purpose in connection with which the information was obtained; (b) the disclosure is to the individual concerned; or (c) the disclosure is authorized by the individual concerned.
Information privacy principle 12
Disclosure of personal information outside New Zealand
We will only disclose personal information to a foreign person or entity if (a) the individual concerned authorizes the disclosure after being expressly informed the foreign person or entity may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Privacy Act; or (b) We believe on reasonable grounds that the foreign person or entity is subject to privacy laws that, overall, provide comparable safeguards to those in the Privacy Act; or (c) by a valid legal authority subject to applicable laws.
(47) We will give reasonable assistance to a person who request access to their personal information.
(50) If We receive a request for personal information, we will respond to the individual no later than 20 working days after the day on which the request is received.
(52-58) We may be legitimate reasons for not disclosing personal information.
(65) A correction request may be made only by the individual concerned or the individual’s representative
(83) If We receive an inquiry from the Commissioner, We will respond as soon as possible.
(117) If there is a “notifiable privacy breach”—briefly defined as a breach that is reasonable to believe has caused serious harm to an affected individual or individuals or is likely to do so—We will assess the breach and notify the affected individual(s) as soon as practical with information regarding the breach.
To learn more about controlling and deleting cookies, please visit this external website: https://www.aboutcookies.org/
We may update our privacy policies from time to time. We will notify You of any changes by posting the updated policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this policy.
We encourage You to review this policy periodically for any changes. Changes to this policy are effective when they are posted on this page.
By email: firstname.lastname@example.org
By phone (U.S. and Canada, toll-free): (844) 436-9963