Privacy Policy

We’re Ireland’s medical
assessment and Online Medical Certificate App.

Privacy Policy – GetSickCertificate

1. Overview

Thank you for using GetSickCert platform, an application that connects customers to partner doctors for the purpose of the health practitioner running Ehealth consultations and providing sick certificates if appropriate. We are committed to preserving your privacy in line with EU regulations of the Data Protection Act of 2018. This policy outlines how we use, disclose and store your personal information. This policy will also inform you how to get access to such data. Our responsibilities while managing information in Ireland are governed by this Policy. If you have any issues. Please review this Policy carefully and get in touch if you have any further questions.

2. Agreement

By submitting your personal information, you acknowledge that we may collect, use, store, and disclose it in accordance with this Policy or as otherwise needed or permitted by law. You will be considered to have given us permission to handle your personal information in accordance with this Policy if you continue to use our services. For most cases, we will require the owner’s permission before collecting any personal information about them. Consent is typically given in writing, however it can occasionally be given verbally or implied by someone’s actions. We make every effort to only seek personal information from you when it is necessary for the services you want to avail of.

3. What types of personal information do we gather, and why?

Information gathered with regards to our users:

Your name, address and phone number.
Date of birth.
Gender.
Any photos or records that you upload, such as a medical record.
Your device ID, device type and information, geo-location information, Internet Protocol (IP) address, standard web log information, browser session data, device and network information, statistics on page views, acquisition sources, search queries, browsing patterns and information gathered through internet cookies.
Information contained in any communications between you and us.

Why we collect it:

To fulfill the original purpose for which the personal data was gathered.
To identify and communicate with you
To carry out administrative and operational tasks
To meet any other legal obligations, including those mandated by Irish Law, court or tribunal law
For any other reason for which you give your consent

How we collect it:

Use of our services
Information provided to us on our platform
Creating an account with us
Connecting with us or interacting through various social media to share personal information
Through third party service providers

Regarding the general public who may not have subscribed to our service but engage with us:

Information you have given us in correspondences with you.
Information you have supplied in the platform before you submit it to us, such as through cart abandonment.
Information about how you access and use our website, such as browser session data, device and network information, page view statistics, acquisition sources, search terms, browsing patterns, and data from internet cookies.
To recognize and communicate with you, as well as to carry out administrative and operational tasks.

About contractors or prospective staff members (including health practitioners)

Your name, address, and contact information, such as phone number, email addresses aswell as date of birth.
Your nationality and the nations in which you are a citizen.
Educational details, any qualifications you have received and/or English language test results.
Employment details, Resume, Educational Background or work examples.
Any licenses issued by pertinent regulatory boards, as well as any other organizations, councils, or authorities.
To perform any recruitment functions.
To communicate with you
To fulfil the terms of a contractual agreement
To ensure that duties can be performed

We may not be able to satisfy your needs if you choose not to provide the necessary information. For instance, if you want to use a pseudonym or remain anonymous, we won’t be able to offer you, our service. Sometimes people send us unsolicited personal information. When we receive unsolicited personal information, unless it is reasonably required for, or directly linked to, our tasks or operations, we will typically discard or de-identify the information as soon as practical if it is legal and reasonable to do so.

4. Confidential data

We may ask you for sensitive information. This includes any health information in any documents you upload, such as information about your symptoms, medical history, or any other health information. If you consent to providing us with this information, we will only use it to provide our services and for you to access our platform. When you enter your health information, you give GetSickCert permission to: (a) collect and handle it in accordance with this Privacy Policy; and (b) share it with the health practitioners who have accepted our terms in order to provide our services to you. If you do not agree to this, you should not provide us with your health information.

5. Disclosing your personal data

The following third parties may receive your personal information: (a) our business or commercial partners; (b) the medical professionals who have agreed to our terms; (c) our professional advisers, dealers, and agents; (d) third parties and contractors who provide services to us, such as customer enquiries and support services, IT service providers, data storage, webhosting and server providers, marketing and advertising organizations and payment processing services.

6. Using your personal data for direct marketing

Your personal information might be used occasionally to get in touch with you for marketing purposes in order to support our further development and growth. By contacting us at contact@getsickcert.ie or by using the unsubscribe feature provided in each direct marketing message we send, you can choose not to be contacted for marketing purposes. Once we receive a request to opt out from receiving marketing information, we will stop sending such information within a reasonable amount of time.

7. Safety

We take all necessary precautions to safeguard the personal data we have under our control from unauthorized access, modification, and disclosure as well as from misuse, interference, and loss. Your personal information is stored electronically by us in safe databases managed by our outside service providers. We use a number of different layers to protect the personal information we store, including (a) HTTPS encryption for browsing, (b) hashing or storing passwords in non-reversible formats, (c) active error and log monitoring using industry-standard tooling, (d) operating in a secure cloud environment, and (e) relying on TLS security to communicate with the databases. Our servers are hosted with Amazon Web Services and Microsoft Azure and we use the provided security functionality and monitoring to detect and prevent persistent access to rogue services. Server access and deployment are limited to revokable access keys that can only be regenerated on a master account. Access to servers can only be gained by using industry standard encryption keys that are generated and regularly updated, including when employees leave GetSickCert. In order to avoid the disclosure of user information to other parties, user logs redact specific sorts of information, such as passwords, before they are logged.

Databases and servers are only accessible internally to prevent public access, unless it related to whitelisted services or is necessary for monitoring and troubleshooting. While we take reasonable steps to ensure your personal information is protected from loss, misuse and unauthorised access, modification or disclosure, security measures over the internet can never be guaranteed. By protecting the secrecy of any passwords and account information used on our website, you can play a crucial part in keeping your personal information safe.

8. Gaining access to or updating your personal data

Please get in touch with us if you want to view your personal data. In some cases, we may not be able to grant you access to your personal information. In this event, we will notify you in writing and explain why we are unable to do so. We make a conscious effort to keep all the personal information we have on you correct, current, comprehensive, and relevant. Please get in touch with us if you think any of the personal data, we have on you needs to be updated. We will take reasonable steps to make the necessary changes.

9. Destroying or removing personally identifiable information

Unless we are otherwise required or permitted by law to store the information, we erase or de-identify personal and sensitive information when we no longer need it.

10. Making a complaint

Please get in touch with us if you feel your privacy has been violated or if you have a concern about how we handled your personal information. We take complaints about privacy seriously. We will acknowledge any complaints you may have within five days of receiving them. Within 30 days, we’ll endeavour to resolve your complaint. If we can’t do this in a timely manner, we will let you know within that timeframe how long it will take us to address your complaint. As soon as it’s practical, we will investigate your complaint and write to you to let you know what we have determined.

11. Changes

We might occasionally change this Policy. Any modifications to this Policy will be communicated to you in advance, and they take effect as soon as they are posted on our website. You will be deemed to have accepted any changes if you keep using the services after they have been made.

12. Contact us

All questions or queries about this policy and complaints should be directed to: privacy officer email: privacy@getsickcert.ie this policy was last updated in September 22.