Privacy Policy

Effective Date: July 16, 2025

Doc-Rep is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Our practices comply with applicable laws and regulations, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).

By visiting our website and using our services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, phone number, medical practice details, and any other information that helps us manage your online presence and reputation.
  • Health Information (PHI): In compliance with HIPAA, we may collect Protected Health Information (PHI) relevant to your practice and reputation management, including patient reviews and feedback.
  • Business Information: Information about your medical practice, including location, areas of specialization, and other related data.
  • Usage Data: Information about your interaction with our website (e.g., IP address, browser type, pages visited).
  • Cookies and Tracking Technologies: We use cookies to enhance your experience and analyze site traffic. You can disable cookies in your browser settings, but some website features may not function properly.

2. How We Use Your Information

We use the information collected for various purposes, including:

  • Managing Your Reputation: To monitor and manage your online reputation and patient feedback.
  • Service Delivery: To provide, maintain, and improve our services.
  • Communication: To respond to inquiries and provide customer support.
  • Marketing: To send promotional materials about our services, with your consent, where required by GDPR.
  • Legal Compliance: To comply with GDPR, HIPAA, and other relevant regulations.

3. GDPR Compliance (For EU Users)

If you are located in the European Union (EU), you are entitled to certain rights under the General Data Protection Regulation (GDPR). This includes:

  • Right to Access: You can request access to your personal information.
  • Right to Rectification: You have the right to correct any inaccurate or incomplete information.
  • Right to Erasure (Right to be Forgotten): You may request the deletion of your data under certain conditions.
  • Right to Data Portability: You can request that we transfer your data to another organization.
  • Right to Object/Restrict Processing: You can object to or restrict certain processing of your data.
  • Right to Withdraw Consent: If you have provided consent to process your data, you can withdraw it at any time.

If you wish to exercise any of these rights, please contact us at [Insert Contact Info]. We will process your request following GDPR.

Legal Basis for Processing: Under GDPR, we process your personal information on the following legal bases:

  • Your Consent: For marketing purposes, and where consent is required.
  • Contractual Necessity: To provide you with our services.
  • Legitimate Interest: To manage and improve your reputation.
  • Legal Obligation: To comply with legal requirements.

4. HIPAA Compliance (For U.S. Healthcare Providers)

As a provider of services to healthcare professionals, Doc-Rep complies with the Health Insurance Portability and Accountability Act (HIPAA) regarding the use and safeguarding of Protected Health Information (PHI).

Handling PHI:

  • We only collect PHI that is necessary for managing and improving your online reputation, including patient feedback and public reviews.
  • We enter into Business Associate Agreements (BAA) with any third-party service providers who may process PHI on our behalf, ensuring they adhere to HIPAA standards.

Security Measures:

  • Access Controls: Only authorized personnel have access to PHI.
  • Encryption: PHI is encrypted during transmission and storage to prevent unauthorized access.
  • Audit Controls: We regularly monitor and audit systems to detect unauthorized access or breaches.

Breach Notification Procedures:

In the event of a breach involving PHI, Doc-Rep is required to notify affected individuals, the Department of Health and Human Services (HHS), and, in some cases, the media. We will notify affected individuals without unreasonable delay, but no later than 60 days after the discovery of the breach, following HIPAA.

5. How We Share Your Information

We may share your information in the following situations:

  • With Service Providers: We may share your data with trusted third parties to help deliver our services (e.g., marketing platforms and review management tools). For PHI, we ensure that third-party service providers comply with HIPAA by entering into Business Associate Agreements (BAA).
  • Legal Requirements: We may disclose your information when required to do so by law (e.g., GDPR, HIPAA) or in response to valid legal requests.
  • Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred to the new owners.

6. Data Security

We use industry-standard security measures to protect your personal and health-related data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, secure data storage, and access control measures. While we strive to protect your information, please note that no method of transmission over the Internet or electronic storage is 100% secure.

7. Data Retention

We will retain your personal and health-related data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by law. When your data is no longer needed, we will securely delete or anonymize it.

  • For GDPR Compliance: We will retain your data only as long as necessary to comply with legal obligations, perform a contract, or for legitimate business purposes.
  • For HIPAA Compliance: PHI will be retained under the retention requirements of HIPAA, after which it will be securely destroyed or anonymized.

8. International Transfers of Data

If you are located in the European Economic Area (EEA), your data may be transferred to and processed in countries outside of the EEA, including the USA and Canada. We ensure that such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms under GDPR, to protect your privacy rights.

9. Your Rights

Depending on your location and applicable laws, you may have the following rights:

  • Access: Request access to the personal or health information we hold about you.
  • Correction: Request correction of any inaccurate or incomplete information.
  • Deletion: Request the deletion of personal or health information, subject to legal obligations.
  • Data Portability: Request that your data be transferred to another provider.
  • Opt-Out: Opt out of marketing communications at any time.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and for analytics. You can control the use of cookies through your browser settings. For GDPR-compliant users, we obtain explicit consent for non-essential cookies through a cookie consent banner.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy periodically. Any changes will be posted on this page, with an updated effective date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:Doc-Rep
Email: hello@doc-rep.com