Your rights
The GDPR grants every person whose personal data is processed by Doctena the following rights:
| Right | What it lets you do |
|---|---|
| Article 15 — access | Receive a copy of the personal data we hold about you, and information about how we process it. |
| Article 16 — rectification | Have inaccurate or incomplete data corrected. |
| Article 17 — erasure | Have your data deleted, subject to overriding legal obligations (in particular the 10-year medical record retention). |
| Article 18 — restriction | Have processing paused while a dispute is resolved. |
| Article 20 — portability | Receive a portable, machine-readable copy and have it transmitted to another controller of your choosing. |
| Article 21 — objection | Object to processing based on legitimate interest, including profiling and direct marketing. |
| Article 22 — automated decisions | Not be subject to a decision based solely on automated processing with legal or similarly significant effect. |
| Article 7(3) — withdraw consent | Withdraw any consent you previously gave, with effect for the future. |
| Article 77 — complaint | Lodge a complaint with a competent supervisory authority. |
How to exercise them
You can exercise any of these rights using one of the channels below. Pick the channel that fits your preference; we treat all of them with the same priority.
Web form
privacy.doctena.com
Multi-language intake form. The form is currently powered by Typeform; a first-party form is on the roadmap.
privacy@doctena.com
Plain email with the type of request and enough information for us to identify you.
DPO direct
dpo@doctena.com
Direct line to the Data Protection Officer for complex or sensitive requests.
Postal
Doctena S.A. — Data Protection Officer
42 Rue de la Vallée, L-2661 Luxembourg
Our SLA
Identification and security
Where we have reasonable doubts about the identity of the requester, we may ask for additional information to confirm it (Article 12(6) GDPR). We do not ask for more than is necessary — for example, the date of a recent appointment and the name of the practitioner, rather than a copy of your identity document. If identity cannot be confirmed, we may refuse to act on the request and we will explain why.
Fees
Doctena does not charge for responding to a data-subject request. Where a request is manifestly unfounded or excessive — in particular because of its repetitive character — Article 12(5) GDPR allows us to either charge a reasonable administrative fee or refuse to act. We rarely invoke this: in practice, every well-formed request is handled at no cost.
Doctena as processor vs. controller
Where Doctena acts as the processor for a healthcare professional (for example, the appointment record), the primary controller is the practitioner. We forward your request to that practitioner and cooperate with them to fulfil it. Where Doctena acts as the controller in its own right (Doctena account, marketing communications, Trust Center analytics), we handle the request directly. The GDPR page sets out the full role model.
Requests for or by minors
Requests on behalf of a minor must be submitted by the legal guardian. We may require evidence of the guardianship before acting on the request. Once a minor reaches the age of majority in their country, they may submit requests in their own name.
If you are not satisfied
If our response does not resolve your request, you have the right to lodge a complaint with the supervisory authority of your country of residence, place of work or place of the alleged infringement (Article 77 GDPR). Our lead supervisory authority is the CNPD in Luxembourg.
| Country | Authority | Website |
|---|---|---|
| Luxembourg (lead supervisory authority) | CNPD | cnpd.public.lu/ |
| Belgium | APD / GBA | www.autoriteprotectiondonnees.be/ |
| Netherlands | AP | autoriteitpersoonsgegevens.nl/ |
| Germany | BlnBDI | www.datenschutz-berlin.de/ |
| Austria | DSB | www.dsb.gv.at/ |
| Switzerland | EDÖB | www.edoeb.admin.ch/ |
For non-regulatory complaints, see /complaints.
All channels above route to the same DPO queue and are equally valid.