This Privacy Policy explains how DiMS Solution Sdn Bhd (hereinafter: “DiMS”) collects, uses, and discloses personal data of medical facilities and platform users (collectively hereinafter: “User or Users”) using the edialysis.org platform (hereinafter: the “Platform”). For the purpose of this policy, personal data means any information that relates to an identified or identifiable individual, even indirectly, by reference to any other information.
DiMS has appointed a Data protection officer who can be reached using the above contact information, or by email: [email protected]
1. COLLECTED INFORMATION
Provided Information
DiMS collects information the User is sharing via the Platform. The following information provided by the Users is collected:
Account data: name, email and other data of the User according to the User account;
Profile data: Users’ profile data such as: name, email, telephone, name of the home medical facility and contact details, gender, date of birth, serology status, and similar; medical facilities’ profile data such as: name of the medical facility, address, name of the contact person, website address, telephone number, email, VAT number, treatments, treatments’ price and reimbursement rates received by the state authorities for each treatment, admittance of HIV patients, Hepatitis B and C patients, description of the medical facility, designation if it is an independent medical facility or member of a group, certifications of the medical facility, accepted payment methods, availability overview, photos of the medical facility and similar;
Communication: communications via any tool provided by the Platform which are published by the Users;
Payment Data: financial information of the medical facility (credit card information);
Other data: otherwise provided information by the Users to DiMS while filling in a form, conducting a search, by updating or adding information to the User account, responding to surveys, communicating with the Platform support team via chat, email or phone, participating in promotions or using other features of the Platform and information obtained from Users upon request from DiMS such as operation permit for the medical facility.
Automatically Collected Information
DiMS automatically collects from the Platform the following information about the services and how they are used:
Usage: information about User’s interaction with the Platform - visited pages or other content viewed, searches, reservations, availability checks, bookings and other actions on the Platform;
Location: general information about User’s location;
Log Data: information on when the Platform is used, how it is used, IP address, access times, hardware and software information, device information and similar.
Information Collected from Third Parties
DiMS may collect approved information e.g. reviews and ratings of the medical facility, which is published on the Platform and visible to other logged in Users.
Information collected when signing up for the newsletter
If you provide us with your email address, with the purpose to receive newsletters without creating a User account, DiMS will store the information securely and only use it for the purpose of providing you with the newsletters. Your email address will not be shared with any third parties. You can unsubscribe at any time by emailing us at [email protected]. You will no longer receive the newsletters and your email address will be deleted.
2. COOKIES
When you use our services, DiMS can collect data about your devices using cookies and other similar technologies. The website may also include cookies and similar technologies from third parties. You can get more information here and also learn how to manage cookies at the end of this document.
3. PURPOSE OF USE OF COLLECTED INFORMATION, AND LEGAL BASES
DiMS stores and processes information about Users in order to enable treatment availability checks, reservation of bookings via the Platform and in order to improve the Platform, and in particular to: enable access and use of the Platform features;
enable communication among Users and with DiMS; operate, protect and improve the Platform and the User experience; personalise and customise User’s experience by rating search results, showing ads based on Users’ search, booking history and preferences;
provide customer service; send service or support messages/emails such as updates, security alerts, account notifications, reservation, availability responses and booking confirmations; any other purpose authorised and consented to by the User. DiMS also stores and processes information about Users in order to create and maintain a safe environment, and in particular to: detect and prevent fraud, spam, abuse, security incidents and any other harmful activity; comply with legal obligations; resolve disputes with any User; implement Terms and Conditions for Users, and other policies. DiMS stores and processes information about Users for advertising and marketing purposes and in particular to:
send to the Users promotional emails/messages, marketing, advertising and other information that may be of interest to the Users based on collected data on their preferences;
personalise, measure and improve advertising;
administer surveys, contests and other promotional activities or events sponsored and managed by DiMS.
In general, the legal basis for the processing of personal data is informed consent. When the Platform is sharing User data with the medical facilities, the legal basis is to enable conclusion or performance of a contract in the interest of the User. It is the legitimate interest of DiMS to process parts of the personal usage data to protect and keep the Platform safe.
4. PERSONAL DATA STORAGE TIME
Personal data collected by DiMS will be stored as long as it is necessary to provide services to the Users via the Platform and will be permanently deleted after deletion of the medical facility account or User account with the Platform (hereinafter: “Account”). Personal data that has been shared with the medical facilities is under control of the medical facility and will follow their specific retention schedule.
5. SHARING & DISCLOSURE
Sharing between Users and with medical facilities
To help facilitate bookings, DiMS may share information with other Users.
When a User submits a booking request, certain data about her/him is shared with the medical facility, including name. When the booking is confirmed, DiMS will share contact data of the User and assist with coordinating the treatment and vice versa - when the medical facility has a confirmed booking, certain data is shared with the User, such as contact information.
Profiles and other Public Information
Users may publish information that is visible to other Users, such as:
parts of User’s public profile page such as name, medical information i.e. designation of medical treatments being of interest, description, location, contact details and similar;
treatment facility listing pages are publicly visible and include information on name of the medical facility, location, treatment description, treatment prices, medical facility’s certification, medical facility’s public profile photos with or without logo and any additional information in connection with the stated;
after completing a booking and treatment, Users may rate and write reviews about the medical facility. The reviews become part of the Users’ available profile that other logged in users have access to.
Service Providers
DiMS uses third party service providers to support the service provision related to the Platform. Service providers may:
assist with background checks, fraud prevention, risk assessment and back-up services;
provide customer service and advertising;
process payments;
provide technical assistance, development, maintenance, support, and management of the Platform.
The above stated providers have limited access to User’s information to perform these tasks on DiMS behalf, and are contractually obligated to use it consistent with this Privacy Policy.
Safety and Compliance with Law
In order to comply with the law, DiMS will cooperate with government and law enforcement officials and private parties. DiMS will disclose any information about Users to relevant state authorities and courts as it believes necessary or appropriate to respond to claims and legal process, to protect the property and rights of DiMS or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity. DiMS will endeavour to notify Users about these requests, if allowed.
Business Transfers
If DiMS undertakes or is involved in any merger, acquisition, reorganisation, sale of assets, bankruptcy, or insolvency event, then it may sell, transfer or share some or all of its assets, including Users’ information for the same purpose of providing the services to the Users via the Platform. In the event that the User’s information is transferred and becomes subject to a different privacy policy with different purpose of processing, DiMS will notify in advance and ask the Users for consent.
Aggregated Data
DiMS may also share aggregated and anonymized information (information about Users combined together so that it no longer identifies or references an individual User) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
6. USER’S ACTIVITIES
Access and Editing
Users may review, update, or delete the information by logging into their Account and change settings and profile.
Account Deletion, Data Erasure and Rectification
For information on how the User can delete her/his Account, she/he should visit the FAQ section on the Platform for instructions. Users shall note that information shared with others (like reviews or forum postings) may continue to be visible on the Platform in association with her/his name, even after their Account is deleted.
If the User wishes for any personal information to be permanently erased from the Platform, any dissemination of the respective personal data to cease, or processing by third parties of the respective personal data to halt, she/he shall contact DiMS at [email protected] and file such request.
If the User wishes for any personal information, including the information provided at his/her User Account to be rectified, and she/he it is not able to successfully amend this information on his/her own, the respective User shall contact DiMS at [email protected] and file such request.
7. SECURITY
DiMS is continuously implementing and updating administrative, technical, and physical security measures to help protect Users’ information against unauthorised access, loss, destruction, or alteration. However, the Internet is not an absolutely secure environment so DiMS cannot guarantee the security of the transmission or storage of User’s information.
8. CONSENT AND CHANGES
User has to give consent for processing, as well as for cross border transfers of his/her personal data according to this Privacy Policy. The Consent may be withdrawn at any time. The consequence of such consent withdrawal by the User would be inability to use the Platform.
DiMS reserves the right to modify this Privacy Policy at any time in accordance with this provision. If DiMS makes material changes to this Privacy Policy, the revised Privacy Policy will be posted on the Platform with the notification appearing when User enters the account. DiMS will also provide Users with notice of the modification by email at least thirty (30) days before the date they become effective. If User disagrees with the revised Privacy Policy, she/he may cancel the edialysis.org User Account. If User does not cancel her/his dialysis.my Account before the date the revised Privacy Policy becomes effective, continued access or use of the Platform will constitute acceptance of the revised Privacy Policy.
9. YOUR RIGHTS
This is a summary of your rights as a registered User of the Platform:
You are entitled to know what Personal Data we are processing regarding you, and you can request a copy of such data.
You are entitled to have incorrect Personal Data regarding you corrected, and in some cases you may request that we delete your Personal Data (if, for example, the Personal Data is no longer necessary since the purpose of processing the data has been completed).
If you have given your consent to processing of your personal data for an explicit purpose you may always withdraw your consent.
You also have the right to object to certain processing of your Personal Data, and request that the processing of your Personal Data be limited.
You are entitled to extract your Personal Data in a machine-readable format and to transfer the Personal Data to another controller.
10. CONTACT
For any questions or concerns about this Privacy Policy & Consent to Personal Data Processing or DiMS’s information handling practices as data controller of personal data stated here, you may contact DiMS at:may email DiMS at [email protected] or [email protected]
11. COMPLAINTS
Your privacy is very important to us and we will always strive to protect and secure your personal information in the best possible way. If, in your opinion, we fail to do so, you have the right to file a complaint with the Data Protection Authority of your choice, e.g. one of the EU authorities, https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Consent to Personal Data Processing
A User registering a User Account (hereinafter: “Data Subject“) at the booking platform “bookdialysis.com” (hereinafter: “Platform”), hereby provides an informed consent (hereinafter: “Consent”) to DiMS Solutions Sdn Bhd , a company established and existing under the laws of Malaysia, registration number 1220100V (hereinafter: “DiMS”), to process his/her personal data provided on the Platform (hereinafter: „Personal Data“), in accordance with the DiMS Privacy Policy and the following terms and conditions:
The Consent hereof is given for processing of Personal Data with or without automated means.
The Consent hereof is given for processing of the following Personal Data:
name, e-mail, telephone, name of the home medical facility and contact details, gender, date of birth,, serology status;
information on costs for booked treatment by Data Subject to be provided by the medical facility (total costs of the treatment incurring to the Data Subject as non-European Health Insurance Card (EHIC) patient and the amount of reimbursement per Data Subject treatment as a European Health Insurance Card (EHIC) holder received by the medical facility from Public authorities, as well as aggregated data on completed and cancelled bookings through the Platform, of a specific Data Subject, and for a specific period of time);
other data entered to the User Account and otherwise provided information by the Data Subject to DiMS while filling in a form, conducting a medical treatment search, by updating or adding information at the User Account,
information provided while responding to surveys, participating in promotions, utilising the support function, or using other features of the Platform;
information obtained from Data Subject upon request of DiMS;
general information about Data Subject’s location and time of use of the Platform.
Personal Data is not made publicly available, except where the Data Subject publishes it at the publicly visible features of the Platform aimed for the interaction between the logged in Users of the Platform.
Purposes of Personal Data processing:
enabling treatment availability checks, reservation of bookings and execution of bookings via the Platform;
improving the Platform;
creating and maintaining a safe environment at the Platform; and
advertising and marketing.
Information on legal bases, please refer to section 3 in the Privacy policy.
Personal Data processing may involve the following actions: collection, recording, systematisation, accumulation, storage, modification (updating, revision), retrieval, use, delete, destruction, blocking, transfer (dissemination, provision, access), as well as cross-border transfer.
The cross-border transfer of Personal Data is carried out by forwarding certain Personal Data to the booked medical facility and optionally to third party service providers inside and outside of the European Economic Area (EEA) for above stated purposes commissioned by DiMS. The parties obtaining Personal Data via the cross-border transfer are bound by the DiMS Privacy Policy and Standard contractual clauses having set up appropriate confidentiality and security measures. Nevertheless, the respective parties might be subject to lower personal data protection standards in their countries compared to the country of origin of the Data Subject, which represents a higher risk for Personal Data misuse.
Personal Data is processed until the User Account is deleted or until the withdrawal of this Consent by the Data Subject is received, whichever comes first.
The Personal Data is destroyed immediately after the withdrawal of this Consent or delete of the User Account.
The Data Subject may also withdraw this Consent for processing of Personal Data by sending a written notice to DiMS at [email protected]
If Data Subject withdraws Consent for processing of Personal Data, the consequence of such consent withdrawal would be the deletion of the User Account and the inability to use the Platform.
This Consent shall be valid until the processing of the Personal Data is discontinued as indicated in clause 9 of the present Consent.
Cookie-information
This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our Platform with our social media, advertising and analytics partners who may combine it with other information that you have provided to them or that they have collected from your use of their services.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this Platform. For all other types of cookies we need your permission. This Platform uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Please note that if you do not allow us to place cookies or disable the cookies that we use, this may impact your user experience while on the Platform. You may disable cookies by using your browser settings, please be referred to “How to prevent and/or delete cookies” below. If you change your mind about cookies you can, at any time, change your web browser settings and delete the cookies from your device.
What are cookies
Cookies are files or pieces of information that may be stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website. A cookie will usually contain the name of the website from which the cookie originated, the “lifetime” of the cookie (i.e. how long it will remain on your device), and a value, which is usually a randomly generated unique number.
What we use cookies for
The Platform uses strictly necessary cookies that are essential to make the Platform work correctly and are strictly necessary in order to enable you to move around the Platform and use its features.
The Platform also uses cookies that allow us to optimise the performance of the Platform in order to enhance your website experience and to make the Platform easier to use and to better tailor the Platform to your interests and needs. Further, the cookies help speed up your future activities and experience on the Platform by remembering user preferences such as language and font size. We also use the cookies to compile anonymous, aggregated statistics that allow us to understand how people use the Platform and to help us improve its structure and content.
Information about Cookies used on the Platform
There are three types of cookies on the Platform:
Persistent cookies, Session cookies and Third party cookies.
Persistent cookies save a file for an extended period on your computer and are used, for example, with functions which describe what information is new since you last visited the particular website (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings).
Session cookies are stored temporarily in your computer’s memory while you are visiting a website and surfing a page, and is used, for example, to determine what language you have chosen. Once you leave the website, the session cookie is deleted.
Third party cookies are cookies that belong to domains different from the one shown in the address bar, which open up potential for tracking the user's browsing history. We use Google Analytics and Ads, which also set cookies, to get a picture of how our visitors use the Platform and our marketing. These cookies do not contain identifying information about who the visitor is.
Our social media links with AddThis for, for example, Facebook, Google+, Twitter and Instagram also set cookies. These cookies do not contain identifying information about who the visitor is. For more info, see privacy policy.
About Google Analytics
We use a tool called “Google Analytics” to collect information about use of the Platform. Google Analytics collects information such as how often users visit the Platform, what pages they visit when they do so, and what other sites they used prior to coming to the Platform. DiMS uses the information we get from Google Analytics to maintain and improve the Platform’s content and technical performance to offer the best experience for the website visitor. Google Analytics collects the anonymized IP address assigned to you on the date you visit the Platform. DiMS does not combine the information collected using Google Analytics with other personal information. Google’s possibility to use and share information collected by Google Analytics about your visits to the Platform is restricted by the Google Analytics Terms of Service and the Google Privacy Policy.
You can prevent Google Analytics from recognizing you on return visits to the Platform by disabling cookies on your browser. You also have the option to prevent data from being used by Google Analytics: https://tools.google.com/dlpage/gaoptout (requires installation of a browser Add-on)
About Hotjar
We use Hotjar to improve our website and to be able to offer you a better experience.
When you visit our website, we store the name of your internet service provider (ISP), the name of the website from which you visit us, the parts of the website you have visited, how much time you spend on the website and information about that device (type of device, operating system, resolution of screen, language, country you are in and type of browser) you used during your visit. When we process your IP address during the time of your visit, the IP address is cropped and thus anonymized before it is overwritten on our servers. This is done by eliminating the last octet of your complete IP address.
Hotjar uses cookies to process information, including information from standard logs on the internet, as well as details about the visitor's behavioural patterns up until the visit to us. This is done to be able to offer you a better experience and to facilitate the use of certain functions. Hotjar stores this cookie information under a pseudonymous user profile. Hotjar does not process this type of information to identify visitors, or to further match the information to an individual visitor. If you do not want Hotjar to process your personal data you can opt out of Hotjar by following the so called “Do Not Track” instructions on this page: https://www.hotjar.com/legal/compliance/opt-out/
How to prevent and/or delete cookies
Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies.
Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings:
Internet Explorer; Edge; Chrome; Mozilla Firefox; Safari
If you disable the cookies that we use, this may impact your experience while on the Platform, for example you may not be able to visit certain areas of the Platform, or you may not receive personalised information.
If you use different devices to view and access the Platform (e.g. your computer, smartphone, tablet, etc.) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.
If you wish to visit bookdialysis.com without saving cookies on your device after you close the web browser you can visit the Platform in a so-called private/incognito mode. Refer to your browser documentation on how to browse in private/incognito mode.