Privacy Policy

Diagnose-Me.com (DM) Privacy Policy

Diagnose-Me.com (henceforth 'DM') Privacy Policy describes the personal information that we collect about you, how we use and protect it, when we share it, and the choices you have that keep you in control at all times.

Important Definitions

Personally Identifiable Information (PII)

Also called Personal Information, this is information that can be traced back to an individual (contrast with Non-Personal Information and Aggregate Information). Examples of PII include your name, home address, telephone number, and email address.

If other pieces of information are linked to PII, they also become PII. For example, if you use a nickname to chat online and give out your real name while chatting, your nickname becomes PII when linked with other PII.

Personal Health Information (PHI)

PHI exists when your Personally Identifiable Information (PII) is combined with known health characteristics. For example, if you indicated that you have a certain disease or condition, when that information is combined with your PII, it becomes Personal Health Information (PHI).

Why do we process your personal information?

("Lawful basis")

We process personal information for the following reasons:

  • To provide diagnosis based on signs, symptoms and risk factors
  • To answer your medical questions
  • To contact you

What Personally Identifiable Information do we collect and store?

The types of personal information we collect depends on the products or services you make use of.  This can include any or all of:

  • Simple contact information (name, email address)
  • Further identifying information (date of birth, gender)
  • The text of your question for a doctor
  • Your complete symptom questionnaire and typed notes
  • Email attachments for a doctor to review

Protecting your Personal Health Information

DM utilizes industry-standard physical, technical, and administrative security measures to safeguard the personal information that it collects.  Due to the sensitive nature of medical data, all user activity on the DM website takes place over a secure (HTTPS) connection.

It is important to note that neither PII nor PHI is stored on any publicly-accessible server: It is simply not possible for your information to be downloaded by hackers or other interested parties.  This is why, when you return to our website, you will not be able to see your previous responses to the questionnaire (we can, however, send them to you by email).

To further protect your data, be careful when forwarding email messages, restrict access to your computer and use passwords where appropriate.

How do we use your personal information?

We use your PII to contact you in order to ask or respond to questions, and send results or reminders.  We use your PHI for computationally analyzing your symptoms to produce a diagnosis, and/or to answer your medical questions.

Who do we share your personal information with?

DM may share PII or PHI with third parties in the following cases:

  1. Where a Doctor-reviewed Health Analysis is selected, a complete set of your data (required for a complete analysis of your case) is transmitted to the doctor reviewing your case;
  2. When you ask a medical question for a doctor, the doctor receives your question and basic information such as name and date of birth;
  3. While handling your case or testing software, DM operations and development staff have limited access to your personal information;
  4. When processing card payments, billing information is transmitted securely to our credit card processor, used only for the one-time billing of a credit or debit card via a secure site protected by Secure Sockets Layer (SSL) encryption technology.  No billing information is stored on any publicly-accessible server, making it impossible for your card information to be accessed by criminals;
  5. To comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order;
  6. In special cases, such as in response to a physical threat to you or others, to protect property or defend or assert legal rights.

In the event that we are legally compelled to disclose your PII or PHI to a third party, we will attempt to notify you unless doing so would violate the law or court order.

Cookies

Cookies are small data files that are stored on the hard drive of the computing device you use to view a website.  Cookies are placed by that site or by a third party with a presence on the site, such as an advertiser, and are accessible only by the party or site that placed the cookie.  A cookie placed on your computer by Diagnose-Me.com isn't accessible to any other site you visit but a cookie placed on your computer by an advertiser such as Google may be accessed by any site on which that same advertiser has a presence.

Cookies can contain pieces of PII.  These cookies are often used to make the site easier to use.  For example, if you check a box or enter your name on our website we will store these values in a cookie on your computer so that you don't have to enter it each time you visit the site.

We do not use cookies to collect or store your PHI.  Once we have your consent, we collect non-personal information about your use of our website.  Most browsers can be set to reject all cookies; if you reject our cookies then it will not be possible to complete our questionnaire or use our services.

Choice and Consent

("Right to restrict processing")

DM will inform you, give you a choice, and seek your consent at every stage when collecting, disclosing, or otherwise using your personal information.  You may withdraw your consent at any time by clicking a Manage Your Privacy link or contacting us.

Note that if you withdraw your consent to certain uses of your personal information, we may no longer be able to provide certain of our products or services to you, or even be able to contact you.  Note also that where we have provided or are providing services to you, your consent will be valid for so long as necessary to fulfill the purposes for which consent was given, and you may not be permitted to withdraw consent to certain necessary uses and disclosures (for example, maintaining reasonable business and transaction records).

How can you access your data?

("Right of access")

Your data is not stored on any server that is accessible to the public, but you may request a copy of your personal information either through our Manage Your Privacy page or by sending a request via email.

How can you ensure your data is accurate?

("Right to rectification")

You are responsible for ensuring the accuracy of the PII and PHI that you submit to DM.  Inaccurate information will affect the quality of service you receive, as well as our ability to contact you.  Your email address should be kept current because that it is how we communicate with you.

DM wants to ensure that the information we collect and use about you is accurate for its intended purpose and we have processes to help maintain this accuracy.  Any necessary corrections can be made either by re-entering data on the DM website, or by making specific requests via email.

We will take reasonable steps to verify your identity before granting you access or enabling you to make corrections.

How can you share your data with others?

("Right to data portability")

You may request a copy of your personal information in XML format either through our Manage Your Privacy page or by sending a request via email.  This XML file will be sent to you as an email attachment, which you can then use or forward as necessary.

How long do we keep your personal information?

DM will retain personal information only for the time period needed for business purposes or as required by law and will securely destroy such information thereafter.  You may request deletion of your personal information at any time through our Manage Your Privacy page.

Deleting your personal information

("Right to erasure")

If you wish to delete from our systems the PII and PHI that you have provided us with, either visit our Manage Your Privacy page, provide written instructions, or click on the appropriate action link in one of our emails to you.

Upon your request, we will delete your PII or PHI from our active databases and, where feasible, from our back-up media.  You should be aware that it is not always technologically possible to remove each and every record of the information you have provided to DM from our servers.

Note: When previously-typed data (such as your name) appears on our website, it is being retrieved from one of three sources:

  1. Cookies stored on your computer.  These files are only accessible to users of your computer and the website that created them;
  2. Encrypted hyperlinks sent in emails from DM to yourself and decrypted only when these links are followed;
  3. Your report, which is uploaded to our website and automatically removed after two months.

Therefore, even after you request removal of your data from our system, you may still see some information on our website.  To remove these items also, remove all DM cookies from your computer, delete any emails that we have sent you, and/or request removal of your report from our website.

How DM handles privacy and security internally

Here are some of the security procedures that DM uses to protect your privacy.  We:

  • Maintain a complete audit trail of who accessed what information and when
  • Only send information to the email address supplied by the user
  • Use firewalls to protect information held in our servers
  • Utilize Secure Socket Layer (SSL) encryption in transmitting health- and payment-related information to and from our servers
  • Closely monitor the limited number of DM employees who have potential access to your PII and PHI
  • Require all DM employees to abide by our Privacy Policy and to be subject to disciplinary action if they violate it
  • Back up and encrypt our systems to protect the integrity of your PII and PHI
  • Limit access to PII and PHI to authorized operators of our system
  • Allow you to Manage Your Privacy at any time: Request a copy or deletion of all data held about you, make changes to your data, stop all processing of your data, revoke all consents given, or delete all cookies.

Despite DM's best efforts to protect your PII and PHI, there is always a very small risk that an unauthorized third party may find a way around our security systems.

Use of the DM website and cookies

("Right to object")

Before collecting any information – even standard technical information such as the type of Internet browser you use, the page from which you came (referring URL), and Google Analytics data – we will first seek your consent.

You may use the complete functionality of DM without registration: There is no need, anywhere within our website, to enter a username and password to log in.  If you use our website without submitting any information, the only information we collect will be non-personal.

We store non-personal information about your use of our website in cookies.  The information stored in cookies (i) helps us dynamically generate content on web pages, (ii) allows us to statistically monitor use of our website, and (iii) facilitates a user's navigation through our website.

Due to the step-by-step nature of our website, we keep track of which page you are on and which options you have selected so that we know where to send you next.

Most browser software can be set to reject all cookies.  If you reject our cookies, it will not be possible to use our services (complete our questionnaire, ask a medical question, or contact us.)

If you choose to use our services, you will be identified only by the name, email address and date of birth (any or all of which may be fake) that you enter, as well as a random 8-digit number generated the first time you visit our site and stored in a cookie on your computer.

Our questionnaire does collect PHI, but it is not stored in cookies.  Instead, it is transmitted immediately and securely to our internal database.

Third Parties Collecting Non-Personal Information

("Right not to be subject to automated decision-making including profiling")

By placing cookies on users' devices, DM and Google (a third party service provider) passively gather information about visitors' use of the system for several reasons including, but not limited to: statistics collection and analysis, system optimization, market research, and targeting of advertisements (for users outside of the European Union).

Note: By refusing to accept cookies, you prevent this information from being gathered.

The information that is tracked with cookies includes, but is not limited to, the type of device, operating system, and browser being used, your Internet protocol ("IP") address, your referrer URL (which is the URL of the website that you were viewing prior to visiting DM), how you were directed to our website, which specific pages you accessed, how long you viewed each page, the time and date of access.

We use this technical information to improve our website, make our website function correctly, and understand how visitors use our website.

You can read more about Google's advertising technology and use of cookies at https://policies.google.com/technologies/ads, and about how Google manages data in its ads products at https://policies.google.com/technologies/partner-sites.

How do we use your email address?

Use of our service, and hence any sending of emails by DM to yourself, can only take place once you have given consent for us to contact you.

Emails that we send include a link to Manage Your Privacy.  Should you decide to revoke your consent, it may take up to a few hours for the changes to take effect and messages sent to you in the interim will be unaffected by your request.

You will not be added to any email list.  Your contact details will never be sold or made available in any way to any third party other than as mentioned in the section Who do we share your Personal Health Information with?, above.  Only essential messages will be sent, until either you have requested no further contact or we have fully supplied the service that you requested and responded to any follow-up questions.

Emails that you send to DM

This Privacy Policy does not apply to content, business information, ideas, concepts or inventions that you send to DM by email.  If you wish to keep content or business information, ideas, concepts or inventions private or proprietary, do not send them in an email to DM.

Subscription Services

DM does not provide any subscription or recurring services.  Any service is provided on a one-time basis.

Children

We are committed to protecting the privacy of children.  Neither DM nor any of its services are designed or intended to attract children under the age of 16.  We do not collect PII from any person we actually know is under the age of 16.  A parent or guardian, however, may use DM to enter personal health details on behalf of a minor.  The parent or guardian is solely responsible for providing supervision of the minor's use of DM and also assumes full responsibility for the interpretation and use of any information or suggestions provided through DM for the minor.

Head Office

If you have a complaint or problem, please use our Contact Us page.  Our customer service department will forward your complaint to the appropriate internal department for a response and/or resolution.  We try to answer every email within 24 business hours but may not always be able to do so.

If you do not receive adequate resolution of a privacy-related problem, you may write to DM's Privacy Office at:

Diagnose-Me.com
Attn: Office of Privacy and Record Removal
PO Box 370
Laupahoehoe, HI 96764
USA

Or call:

+1 (833) 271-2760

We will notify you within 30 days of receipt of your letter to confirm your PII and/or PHI has been removed.

Changes to this Privacy Policy

PII – We will inform you if a material change to the Privacy Policy, which means a change that expands the permissible uses or disclosures of PII allowed by the prior version of the Privacy Policy.  Your continued use of the DM Website will indicate acceptance of the changes.

PHI – We will inform you if a material change in the Privacy Policy is made that involves the use of your PHI, and your express opt-in authorization will be requested.  If you choose to not accept the new privacy policy, then the current privacy policy conditions will remain in effect, so long as DM continues to make the functionality available.  DM reserves the right to discontinue or limit functionality in all its products.

Non-Significant Changes – DM may make non-significant changes to the Privacy Policy that do no affect PII or PHI.  In these instances, DM will generally not notify you.

If we decide to change our privacy policy, we will post those changes to this privacy statement, the home page, and other places appropriate throughout our site so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We use cookies for traffic analysis, advertising, and to provide the best user experience