Privacy Policy

This Privacy Policy explains how DoctoMoris collects, uses, shares, stores, and deletes personal data when you use the platform. DoctoMoris is a healthcare booking marketplace, not a healthcare provider, and doctors on the platform remain independent professionals. 1. Controller and Contact DoctoMoris is operated by United Next LTD (Business Registration Number: C228139), incorporated in Mauritius. United Next LTD is the controller for the personal data described in this policy. For privacy questions, data requests, or complaints, contact us through our Contact page or at the email address published there. 2. Categories of Data We may collect and process the following categories of data: - Patient account and profile data, such as name, email address, password, gender, date of birth, city, and address details you choose to provide. - Doctor account, profile, and verification data, such as name, contact details, professional profile information, licence number, specialties, qualifications, and verification documents. - Appointment and scheduling data, such as booking details, consultation type, date, time, availability, cancellations, rescheduling activity, and appointment status records. - Health-related files or notes that a patient or doctor voluntarily shares for a specific appointment. - Technical, authentication, security, and audit logs generated when the platform is used. - Communications and support records, including messages sent to support and operational notices relating to the service. 3. Purposes of Processing We use personal data to operate and protect the platform, including to: - Create accounts, authenticate users, and support login and account management. - Enable booking, appointment management, reminders, cancellations, and rescheduling. - Onboard and verify doctors before they are listed on the marketplace. - Provide support, respond to enquiries, and send service communications. - Detect, investigate, and prevent fraud, abuse, misuse, and security incidents. - Operate, maintain, improve, and audit the platform and related administrative processes. - Enable appointment-specific file exchange between the patient and doctor involved in an appointment. 4. Legal Basis Some processing is necessary to provide the DoctoMoris service you ask us to provide, including account creation, login, booking, scheduling, and operational communications. Some processing is required so that we can comply with legal, regulatory, financial, fraud-prevention, dispute-handling, and audit obligations that apply to platform operations. Where a user voluntarily provides health-related or other special-category data through appointment-specific file sharing or notes, we process that data on the basis of the user's explicit consent in the appointment context. 5. Health-Related Data and Appointment Files DoctoMoris only handles health-related files or notes when they are voluntarily shared by a user for a specific appointment. - Access to appointment-shared file content is limited to the patient and doctor involved in that appointment. - Admin users cannot access file contents and may only see limited metadata needed for operations, compliance, or support. - Appointment-shared files are not a permanent medical-record vault and should not be treated as long-term storage. - Appointment-shared files are automatically deleted 14 days after the appointment is marked completed. - Users should upload only the documents or information necessary for that appointment. 6. Data Sharing and Recipients We keep sharing narrow and limited to what is necessary: - With the doctor selected by the patient, to the extent required for the appointment or follow-up platform operations linked to that booking. - With service providers that support hosting, infrastructure, authentication, email delivery, and similar platform operations, under contractual or other confidentiality obligations. - With authorities, courts, regulators, or law-enforcement bodies where disclosure is legally required. - With verification or regulatory bodies where needed to verify doctor registration or professional status. 7. International Transfers Some service providers supporting DoctoMoris may process personal data outside Mauritius. Where that happens, we use appropriate contractual and organisational safeguards where applicable to protect the data during those transfers. 8. Retention Account and profile data: Retained while the account is active and for a limited period afterwards where needed for support, disputes, security, or compliance. Doctor verification records: Retained while the doctor account is active and afterwards where needed for verification history, compliance, or dispute handling. Appointment and scheduling records: Retained for as long as reasonably needed for platform operations, disputes, auditability, and legal requirements. Shared appointment files: Automatically deleted 14 days after appointment completion. Minimal metadata may remain where needed for audit or operational records. Support records: Retained as long as needed to resolve the issue, maintain service history, and handle related operational or legal matters. Logs and security records: Retained for limited periods appropriate to security, troubleshooting, fraud prevention, and audit needs. Longer retention may apply where law, regulation, disputes, fraud prevention, or audit obligations require it. When data is no longer needed, we delete it or anonymise it as appropriate. 9. Your Rights Subject to applicable law, you may have the right to request access to personal data we hold about you, rectification of inaccurate or incomplete data, erasure of personal data where deletion is legally available, restriction of processing in certain circumstances, objection to certain processing, and withdrawal of consent where consent is the legal basis for the processing. You may also raise a complaint with the relevant data protection authority or other competent authority if you believe your data has been handled unlawfully. 10. How to Exercise Your Rights Patients can submit privacy and data-rights requests through the in-platform settings or by contacting us through the Contact page. We may ask for reasonable information to verify your identity before acting on a request. 11. Breach Handling If DoctoMoris becomes aware of a personal data breach, we will assess the incident, contain and remediate it as appropriate, and notify affected parties or authorities where required by applicable law. 12. Children The platform is intended primarily for adults. If personal data relating to a person below the relevant age threshold is processed through DoctoMoris, parent or legal guardian consent or involvement must be obtained where applicable. 13. Cookies and Similar Technologies We use cookies and similar technologies only as described in our Cookie Policy. 14. Changes to This Policy We may update this Privacy Policy from time to time. The version published on this page is the current version and the date at the top shows when it was last updated.