Data Protection Policy

1. GENERAL INFORMATION

DOCtoDOCTOR(hereinafter, the "App") is mainly targeted at duly qualified medical professionals (the "Users" or "You"), in order to offer them a convenient and useful method for safely storing certain information ("Storage Service"), which may be comprised of images, clinical results or any other information that they wish to provide, including data on patients or other third parties (hereinafter, the set of information supplied by the User shall be referred to as the "Content"), and, when such function is purchased and with the prior consent of the patients, in order to share such information with other Users for diagnostic and/or research purposes ("Share Service") (jointly, the "Services"). For further information on the Services, please consult the Terms and Conditions.

THE USER IS THE ONLY ONE RESPONSIBLE FOR THE CONTENT (INCLUDING ANY PERSONAL DATA CONTAINED THEREIN). For clarification purposes, Molinapps shall be regarded as data controller only in relation with the Users' personal data. As the case may be, Molinapps will also process any personal data included in the Content provided by the Users, in the name of and on behalf of them, as a data processor (please consult the Terms and Conditions for further information).

2. CONTROLLER

Name: Molinapps, S.L.
Address: Calle Mendez Núñez número 56, 38002, Santa Cruz de Tenerife (España)
Tel.: 902 955 531
E-mail: info@doctodoctor.com
Contact details of the Data Protection Officer: José Luis Luengo Barreto

In order to dispel any doubt, we reiterate that Molinapps shall not be regarded as data controller in relation with the personal data included in the Content. The data controllers of such processing shall be the Users, who should: (i) inform the relevant data subjects about the processing; (ii) collect their consent, when necessary; and (iii) guarantee their privacy, without us having to take any further action vis-à-vis them with regard to information or consent. Our role consists of providing to the Users a safe Content Storage Service and a mechanism so that they can share it with other Users and, therefore, we act as intermediary service providers and, thus, as data processors (consult the Terms and Conditions for information on our obligations with regard to any personal data included in the Content).

3. CATEGORIES AND SOURCE OF THE PERSONAL DATA

We shall collect and associate to your account all the data You provide us with directly during the App registration procedure, as well as such data You provide us with or which is generated in the context of the use thereof (when completing questionnaires, filling out surveys, informing of a problem or when requesting technical assistance).

The processing of the data requested during the registration and use of the App will be mandatory, unless expressly stated otherwise, for which reason, if You do not provide them, it shall not be possible to register and/or use the App function for which such data has been requested.

In addition, every time You use the App, we shall collect information on your use of the Services, including your account activity (such as to share, edit, display and move files or folders), as well as your activity when interacting with other Users or accounts, and the time, frequency and duration thereof.

Furthermore, we collect information automatically regarding your mobile phone, tablet or similar device (hereinafter, the "Device") that You use to access the Services. This includes technical information, unique device identifiers (for instance, name and model of the Device, the ID of the Device (such as IMEI), the version of the operative system, the language selected for the Device, the time zone and other similar information), network and connections information (for instance, information on the mobile phone operator, the IP address, the type and version of the browser used and other similar information) and information You allow us to receive through the configuration that You activate in the Device, such as access to the GPS location, the camera or the photos.

4. PURPOSES AND LAWFUL BASES FOR THE PROCESSING OF YOUR PERSONAL DATA

We use and process your personal data for the purposes and with the lawful bases set out below:

(a) on the basis of the execution of the contract between Molinapps and the User (the Terms and Conditions) for the following purposes:
- To provide, manage, customize and improve our Services, as well as to customize the functions of the App
- To solve your enquiries and requests.
- To send You information on the management of the Services, including information on our policies and Terms and Conditions.

(b) In order to ensure an optimum level of compliance with the applicable legal obligations to which we are subject, and cooperate and reply to requests from public administrations and security forces, when necessary; and

(c) On the basis of our legitimate interest for the following purposes:
- To protect the security and/or integrity of our App. To that end, we will process your personal data, inter alia, in order to verify accounts and activities, combat harmful conducts, preserve the integrity of our Services and promote the security of the App.
- To send different types of advertising and/or promotional material (for instance, commercial communications and loyalty programs) through any means (e-mail, post or through the App itself), regarding the App and the different services that it offers, whilst You are a User of our App.
When we collect and process your personal data on this lawful basis, we carry out a balancing test to ensure that your interests, or your fundamental rights and freedoms requiring the protection of personal data, do not prevail over our legitimate interest. We shall make such balancing test available to You, if You so request it.

If we ask for your consent to process your personal data for a specific purpose, of which You will be informed when we request it, You may withdraw such consent at any time by contacting us through the contact details indicated below in the section "Contact us" in this Data Protection Policy.

5. RECIPIENTS OF YOUR PERSONAL DATA

We shall share your personal data with third parties only in the following circumstances:

(a) Other Users. In the event of purchasing the Share Service, our Services show information such as your name, surname and profile picture to other Users of the App in places such as your user profile and the shared elements notifications. The lawful basis for this communication, in the event of purchasing the Share Service, shall be the execution of the contract to which You are party, i.e., the Terms and Conditions;

(b) Security forces and bodies, judges and courts, regulatory bodies, government authorities or other competent third parties. We may share your personal data with these third parties, when necessary, to fulfil a legal or regulatory obligation, or to protect in any other way our own rights as well as third party rights.

(c) Service providers. We will allow our service providers to access your personal data provided that they comply with adequate security and confidentiality guarantees. For instance, we associate with other companies to process secure payments, optimise our services, offer support and maintenance to our Services and to analyse information.

To the extent that You decide to share personal data with other Users located outside the European Union, we understand that You agree to such transfer. It may happen that the personal data that You provide is processed in countries which may not have been declared as adequate from a data protection perspective and the regulation of which may not be similar to that of the European Union.

6. YOUR RIGHTS WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA

Usted podrá ejercitar los siguientes derechos amparados bajo la normativa aplicable de protección de datos utilizando los datos de contacto que se facilitan más abajo en el apartado de "Póngase en contacto con nosotros":

Rights Description
Right of access You have the right to obtain a copy of the personal data we process about You and certain details on how we use such personal data. In general, these requests shall be handled free of charge.
Your information will normally be provided in writing, unless You request otherwise, or if the request is made electronically, in which case, the information shall be submitted through such means, if possible.
Right to rectification We take appropriate measures to ensure that the personal data we store about You is accurate and complete. Notwithstanding the foregoing, if You consider that this is not the case, You may request the update or correction thereof.
Right to erasure In some circumstances, You have the right to request the erasure of your personal data. Notwithstanding the foregoing, in some cases the exercise of said right could mean that we will not be able to provide our Services to You.
Right to restriction of processing In certain circumstances, You have the right to request the limitation of the processing of your personal data, and such data will only be processed for the exercise or defence of legal claims. Notwithstanding the foregoing, in some cases the exercise of said right could mean that we will not be able to provide our Services to You.
Right to object You also have the right to object to the processing, at any time, for reasons related to your particular situation, if the processing is based on our legitimate interest or on the legitimate interest of a third party. In that case, we shall put an end to such processing, unless there are legitimate reasons to continue with it. In addition, in some cases, the exercise of said right could mean that we will not be able to provide our Services to You.
Right to data portability In some circumstances, You have the right to request your personal data to be provided in a structured, commonly use and machine-readable format and to have such personal data transferred to another third party of your choice.
Right not to be subject to an automated decision (including profiling) You have the right not to be subject to a decision based solely on automated processing. Notwithstanding the foregoing, our decisions shall never be exclusively based on automated means.
Right to withdraw consent As explained above, we may request your consent for certain processing of your personal data. In that case, You have the right to withdraw your consent at any time.

You have the right to file a claim with the competent data protection authority and, in particular, with the Spanish Data Protection Agency, if You consider that the processing carried out by Molinapps with regard to your personal data breaches the applicable data protection regulations.

7. PERSONAL DATA RETENTION

We keep the personal data You store in the App for as long as necessary in order to provide You with the Services and to the extent that You do not unsubscribe. If You delete your account, we will delete your personal data. Notwithstanding the foregoing, we may need some time to delete such data and backup copies from our servers; furthermore, we will retain your personal data for a period of three (3) years or, for a longer period, during the status of limitation of any applicable legal or contractual actions, for the sole purpose of defending our rights.

8. SECURITY OF YOUR PERSONAL DATA

We implement technical and organisational measures to ensure a level of security appropriate to the risk for the personal data processed. The purpose of such measures is to guarantee the continued integrity and confidentiality of the personal data. We evaluate these measures periodically in order to guarantee the security of the processing. In particular, the following security measures will be implemented:

(i) The pseudonymisation and the encryption of personal data.

(ii) The recording of incidents, both physical and technical, stating the incidents that affect the personal data, as well as mechanisms to restore the availability of and access to the personal data rapidly, in the event of an incident.

(iii) The control of access to the personal data, both physical (for instance, controls of access to spaces where personal data are processed) and electronic (for instance, single sign-on for each User).

(iv) The management of media and documents containing personal data.

(v) The implementation of processes to guarantee the correct identification and authentication of Users (for instance, double accreditation of Users' identity).

(vi) The control of the entry of personal data.

(vii) The control of the transfer of personal data (for instance, Content shared in VIEWER mode, i.e., in a proprietary format, which will only be visible through the App).

(viii) Making backup and recovery copies of the personal data.

(ix) The segregation of personal data (for instance, personal data located in different servers).

9. CHANGES TO THIS DATA PROTECTION POLICY

We may update this Data Protection Policy periodically in order to ensure its accuracy. Therefore, it is advisable for You to consult it every time You provide personal data. When the changes to this Policy have a substantial impact on the processing of your personal data, or considerably impact You in any other way, we shall notify You sufficiently in advance so that You have the opportunity to exercise your rights with respect to your personal data. In addition, when necessary, we will ensure that we request your consent prior to such changes becoming effective.

10. CONTACT US

If You have any doubts or questions on how we collect, store or use your personal data, You may contact our Data Protection Officer on: dataprotectionofficer@doctodoctor.com.