PRIVACY NOTICE

1 Introduction

This Privacy Notice applies to the healthcare and wellness services (hereinafter, the «Services») provided by Teladoc Health International, S.A.U., with registered address at 252-260 Vía Augusta, 08017 Barcelona, Spain (hereinafter, «Teladoc Health» or «We»). These Services may be offered through various platforms such as a website, mobile application, or a phone line associated with the Services («Platforms»). From the moment you register, log in, make a phone call, or access specific sections of the Platform and begin navigating and using the Services, you (hereinafter, the «User» or «You») will be required to provide information about yourself and/or dependent third parties, including health-related information about yourself (and, if applicable, about dependent third parties), which is considered sensitive information (collectively, «your Personal Data»).

This Privacy Notice describes how your Personal Data may be collected, used, and disclosed by Teladoc Health, and how you can access this information. Please read it carefully. This Privacy Notice will apply unless there are specific conditions associated with any of the Services, which will be communicated to you in due course.

At Teladoc Health, we are committed to protecting and respecting your privacy. Teladoc Health operates in compliance with, among others, the General Data Protection Regulation (EU) 2016/679 («GDPR»), as well as Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights («LOPDGDD») and its implementing regulations. Hereinafter collectively referred to as the «Data Protection Regulations.»

The data controller responsible for the User’s Personal Data associated with the use of the Platforms from the moment you register, log in, make a phone call, or contact us, as well as for the provision of the Services, is Teladoc Health.

2 Fundamental Principles

Teladoc Health’s privacy practices comply with the GDPR, which includes the following protections:
• Process your Personal Data fairly, transparently, and lawfully.
• Limit the use of your Personal Data for legitimate purposes.
• Limit the processing and storage of your Personal Data to the minimum necessary.
• Ensure that the privacy notice is accurate and sufficient.
• Maintain open and transparent privacy policies.
• Take responsibility for the processing of your Personal Data.
• Ensure that your consent is informed and easy to withdraw.
• Define and protect your sensitive/special categories of data.
• Ensure that third parties (external physicians) apply similar or equivalent privacy control standards when processing your Personal Data on our behalf.
• Do not transfer your Personal Data outside the EU unless the recipient has provided the appropriate safeguards approved by the GDPR.
• Provide you with the right to concise, timely, and complete information regarding our processing of your Personal Data.
• Provide you with the right to rectify incomplete, inaccurate, unnecessary, or excessive Personal Data.
• Provide you with the right to object (where applicable).
• Ensure we have procedures in place to support the exercise of any data subject rights.
• Implement security measures, including technical and procedural support for integrity, confidentiality, and availability.
• Maintain the confidentiality of your Personal Data even after our relationship with you has ended.

3 What Personal Data is Collected?

«Personal Data» refers to any information relating to an identified or identifiable natural person (hereinafter, the «Data Subject»). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

«Health Data» refers to Personal Data related to the physical or mental health of a natural person, including the provision of healthcare services, that reveals information about their health status.

Together and unless expressly differentiated, they are referred to as «Personal Data.»

Teladoc Health only collects Personal Data that is relevant and necessary for the provision of the Services.

3.1 Personal Data You Provide to Teladoc Health During Registration/Access

When you access and register on the Platforms, we collect identification and contact information about you (such as your name, last name, email address, date of birth, gender, country of residence, phone number, location, and your password).

If you do not provide this information, you will not be able to register, and consequently, we will not be able to provide our Services to you through the Platforms.

3.2 Personal Data You Provide to Teladoc Health During the Provision of Services

During the provision of the Services, Teladoc Health will collect your Personal Data.

Phone calls, emails, and other communications between you and Teladoc Health and/or Teladoc Health service providers may be recorded for the proper provision of the Services and to verify their quality.

Similarly, if you wish, information about you can be obtained through communication with different devices you own that can connect to the Platforms.

3.3 Personal Data You Provide to Teladoc Health from Third Parties

If you introduce a third party, you will provide their personal data, including Health Data, if applicable. You will be solely responsible for obtaining/having obtained the necessary consents – or having another valid legal basis under applicable regulations – to process and share such data with Teladoc Health (hereinafter, they shall be understood to be included within the concept of your Personal Data).

3.4 Your Personal Data Collected by Teladoc Health from Third Parties

In connection with the provision of the Services and always with your prior authorization, Teladoc Health may obtain your Personal Data from your treating physicians.

3.5 Your Personal Data Shared by Teladoc Health with Third Parties

For the proper provision of the Services and medical assistance, Teladoc Health may have to share your Personal Data with third parties. In this regard, Teladoc Health commits to ensuring that such third parties are duly authorized to carry out the assignment.

Purposes for Processing Your Personal Data and Legal Basis

Teladoc Health processes your Personal Data potentially in a lawful manner, as outlined below:

Contractual Obligations

We will process your Personal Data primarily to fulfill the contractual obligations that exist between Us and You. Although it is not mandatory to provide your Personal Data, failure to do so will prevent us from providing the Services.

In such cases, the legal basis for the processing of your Personal Data is the performance of a contract.

Legitimate Interests

We may also process your Personal Data in accordance with our legitimate interests; that is, to the extent we need your Personal Data to achieve various reasonable purposes.

Our data processing activities based on legitimate interests are aimed at or include:

(i) Providing you with the Services;

(ii) Sending you notifications about topics you have subscribed to or requested to be informed about;

(iii) Better understanding our customers’ needs by requesting feedback/testimonials or sending survey forms for you to complete;

(v) Recognizing when customers interact with our Services again.

Consent

We may process your Personal Data in order to provide you with the Services subject to your informed consent.

When processing your Health Data, except when we have your consent to do so, we will process this health data under one or more of the following legal bases:

• It is necessary for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems or services under a contract with a healthcare professional;

• It is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices; or

• It is necessary for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes.

Teladoc Health may generate information devoid of identifying elements, i.e., data that does not include your name, address, date of birth, or other information that can be used to identify you (hereinafter, «Anonymized Data») for the purposes of:

Reviewing or evaluating the performance of our systems in providing the Services.
• Improving the quality or timeliness of our Services.
• Medical research.
• Demonstrating the reliability of our information management.

5 Data Retention

Teladoc Health will retain your Personal Data for the time necessary to provide the Services and, thereafter, for the legal periods exclusively for the purpose of addressing any potential liabilities that may arise from the provision of the Services.

At the end of this retention period, your Personal Data is securely destroyed or permanently anonymized in accordance with data protection regulations. Permanently anonymized data ceases to be Personal Data, and Teladoc Health retains it indefinitely for the purposes established in section 4 above.

6 Access to Your Personal Data

We will never share your Personal Data for any purpose other than strictly necessary to provide the Services for your benefit.

For this reason, healthcare professionals contracted by Teladoc Health may access and receive your Personal Data.

Our technology service providers (e.g., hosting company) may also have access to your Personal Data solely for the purpose of providing the contracted service.

Please be aware that any duly authorized public body or court in any country of our patients’ citizenship may require Teladoc Health to disclose their Personal Data, including their Health Data.

7 International Transfers of Your Personal Data
There are no planned international transfers of your Personal Data.

However, in cases where you are traveling, in order to provide you with the Services, it is likely that we may transfer your Personal Data to doctors located in the country or region you are traveling to. Please be aware, and you agree, that the local data protection regulations applicable to the processing of your Personal Data in that third country or region may not offer a level of protection similar to that provided by the Data Protection Regulations in the country of origin.

Nevertheless, we emphasize that the healthcare professionals we contract to provide support services to Teladoc Health adhere to our privacy policy and principles, as well as all applicable data protection laws and regulations worldwide.

8 Application of Security Measures

We protect your Personal Data with proven and certified technical and organizational security controls in accordance with Data Protection Regulations.

Our staff and external healthcare professionals receive training on our privacy policy and principles, as well as on Data Protection Regulations.

9 Your Rights as a User
We strive to ensure that your Personal Data is accurate and up-to-date, and we will update or disclose it when you request us to do so.

You are responsible for informing us of any changes, corrections, or additions to your Personal Data so that Teladoc Health can modify and keep it up to date accordingly.

When Data Protection Regulations are applicable, you are entitled to a series of rights, namely:

Right of access: the right to request a copy of your Personal Data from Teladoc Health.
Right of rectification: the right to request Teladoc Health to rectify the Personal Data that you consider inaccurate. You also have the right to request Teladoc Health to complete information you deem incomplete.
Right to withdraw your consent for the processing of your Health Data.
Right to erasure: the right to request Teladoc Health to delete your Personal Data under certain circumstances.
Right to restrict processing: the right to request Teladoc Health to restrict the processing of your Personal Data under certain circumstances.
Right to object to processing: the right to object to the processing of your Personal Data under certain circumstances.
Right to data portability: the right to request Teladoc Health to transfer the information you provided to another organization, or to you, under certain circumstances.
Please note that the rights of data subjects will not apply to anonymized data.

You can exercise your rights as a Data Subject by sending an email to lopd@teladochealth.com with your name, the service used, and your phone number, and attaching your identification document or any other document that allows us to identify you.

10 Contact for Additional Information

If you have any questions regarding this Privacy Notice, want a copy of it, wish to file a complaint, or believe that your privacy rights have been violated, you can contact the Data Protection Officer at dataprotectionofficer@teladochealth.com. There will be no retaliation for filing a complaint or exercising the rights granted to data subjects.

You also have the right to file a complaint with your local data protection authority: https://www.aepd.es/es.

Let's Talk

Complete the form and we’ll be in touch soon.
Permissions

(*) The personal data you provide through the Contact Form will be processed by Teladoc Health International, S.A.U. confidentially and solely for the purpose of processing your request in accordance with applicable regulations. By submitting your data, you consent to its processing for this purpose. In general, you can exercise your data protection rights at any time and free of charge by contacting Teladoc Health International, S.A.U. through this website or by sending an email to lopd@teladochealth.com. Finally, if you do not agree with the way we process your data, we invite you to use the channels provided in section 10 of our Privacy Notice attached at the bottom of the website.