Privacy Policy
Data Protection Policy
Virtual Doctors (“Virtual Doctors”, “VDrs”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal data.
This Privacy Policy explains how your information is handled when you use our mobile application, website, and telemedicine services.
For the purposes of applicable data protection laws (including UK GDPR and EU GDPR), Virtual Doctors acts as the Data Controller.
Data ControllerInformation We Collect
We may collect:
- Full name
- Email address
- Phone number
- Date of birth
- Account login credentials
- Communication content (messages, consultation notes)
This information is required to create an account and provide healthcare services. If you choose not to provide this information, you may not be able to use core app features.
We collect health-related data necessary for care, including:
- Medical history
- Symptoms and diagnoses
- Consultation records
- Treatment notes and referrals
This data is required to provide medical consultations and healthcare services.
Collected automatically:
- IP address
- Device type and operating system
- App version
- Device identifiers
- Log data (crash reports, diagnostics, usage data)
Required vs Optional: Some technical data is automatically collected (required) for app functionality and security. Some analytics data may be optional, depending on device settings and configurations.
- Messages between users and healthcare professionals
- Customer support interactions
Required to provide consultation and support services.
- Contact details
- Engagement history
Optional — used only if you choose to engage as a volunteer or donor.
How We Use Your Information
We use your data to:
- Provide medical consultations and healthcare services
- Create and manage user accounts
- Enable secure communication with healthcare professionals
- Improve app performance and reliability
- Monitor and diagnose technical issues
- Respond to enquiries and support requests
- Ensure security, fraud prevention, and legal compliance
Google Play Data Safety Alignment
In accordance with Google Play requirements, we disclose:
We collect:
- Personal information (e.g., name, contact details)
- Health data (sensitive data)
- App activity and performance data
The app does not use a specific unique identifier for each device.
- Data is shared only with healthcare providers and essential service providers
- Data processed via Firebase is used only for: analytics, crash reporting, and performance monitoring
- Healthcare delivery
- Application functionality
- Security and fraud prevention
- Service improvement
Third-Party Services
We use trusted third-party providers such as:
- Cloud hosting providers
- Secure telemedicine platforms
These services may process device information, app usage data, and crash logs, used strictly for service functionality, security, and performance improvement.
App Permissions
We request only the permissions necessary for core features:
If permissions are denied, some features may not function properly.
Data Sharing
We may share data only:
- With healthcare professionals (acting as independent controllers for care delivery)
- Cloud hosting providers (data processors under contract)
- When required by law or legal obligation
International Data Transfers
We rely on Standard Contractual Clauses (SCCs) and equivalent safeguards for international transfers. Data may be processed globally with:
- Standard Contractual Clauses (SCCs)
- Equivalent legal protections and Data Processing Agreements with providers
Data Security
We implement safeguards including:
- Data is encrypted in transit and at rest using industry-standard methods
- Access controls and authentication
- Monitoring and audit logging
- Admin actions are logged and error logs are maintained
Data Retention
We retain data only as long as necessary. Google Analytics (GA4) separates data into two types with different retention periods:
- Event data (individual interactions such as page views, button clicks, scrolling) — retained for 2 months
- User data (user properties such as age, location, logged in/out status) — retained for 14 months
Your Rights
You have the right to:
Account and Data Deletion
- Doctors can request deletion of the account by sending a Zendesk request from within the app
- Requests are processed within 14 days
- Deletion removes all personally identifiable information (PII) for that user. The user record itself remains in the database but with the name and email replaced with placeholder values (e.g. “(deleted)”)
Children’s Privacy
We do not allow independent accounts for users under 18. Data relating to minors is processed exclusively via authorised guardians or licensed healthcare professionals with appropriate consent.
Analytics and Tracking
We use limited analytics tools to monitor performance, identify issues, and improve user experience.
Automated Decision-Making and Profiling
- We do not use automated decision-making or profiling to make medical, legal, or significant decisions about users
- Healthcare decisions are made by qualified human healthcare professionals
- Technology is used only to support service delivery (e.g., communication, record management)
Legal Basis and Consent
We process data based on:
- User consent
- Provision of healthcare services
- Legal obligations
- During account registration
- When submitting health information
You can withdraw consent via app settings (where available) or by contacting: privacy@virtualdoctors.org
Changes to This Policy
We may update this policy periodically. Significant changes will be communicated within the app or by other means.
Contact Information
Registered Charity No: 1129924 | Company No: 06848059 (England and Wales)
Administrative Office Tel: 01273 454755
This privacy policy is publicly accessible at: https://virtualdoctors.org/privacy-policy-2/
Data Processing Activities
| Type of Data | Data Subject | Type of Processing | Purpose | Recipients |
|---|---|---|---|---|
| Date of birth | Patient | Activities relating to the provision of medical services, including obtaining, recording or storing the Personal Data, carrying out activities based on the data such as disclosing it to healthcare professionals and using it to suggest treatment plans and diagnose medical conditions, recording the data and destroying it when appropriate. | Providing diagnostic and treatment advice to rural health workers to reduce unnecessary referrals and advance their medical skills and knowledge. | Volunteer healthcare professionals in the UK and Zambia, and VDrs employees. |
| Special Categories of Personal Data, including data relating to health conditions, diagnosis, treatment and medical history | Patient | See above. | See above. | See above. |
| Personal Data such as name, address, date of birth, phone number, CV and bank details | VDrs Employee / Volunteer | Obtaining, recording and storing the Personal Data. | Staff administration, remuneration and records. | VDrs employees, including managers and those with HR responsibility. |
| Special Categories of Personal Data including health records such as medical reports, self-certification forms, documentation required to establish rights to statutory sick pay and other sickness benefits or leaves of absence and criminal offence records | VDrs Employee | Obtaining, recording and storing the Personal Data. | Staff administration, remuneration and records. | VDrs employees, including managers and those with HR responsibility. |
| Personal Data such as name, address, date of birth, email address, phone number and bank details | Donors (including trustees, grant makers, individual and corporate donors) | Obtaining, recording and storing the Personal Data. | Administrative purposes; donation recording (including confirmation and receipts); contact purposes; marketing purposes (where individual has opted-in). | VDrs employees and managers. |
| Personal Data such as name, address, IP address; and technical information about browser type and version, time zone setting, browser plug-in types and versions, operating system and platform | Website User | Obtaining, recording and storing the Personal Data. | Administration purposes; website functionality/improvement (including but not limited to troubleshooting, testing, statistics). | VDrs employees and managers. |
