How Mediscanner collects, uses and protects your data — written to meet Regulation (EU) 2016/679 (GDPR) in full.
Mediscanner ("we", "us") operates this informational health platform. We are the data controller under the GDPR. Contact us via the contact page or your account's Messages tab. A Data Protection Officer or EU representative will be named here prior to commercial launch.
By design we process as little personal data as possible (Art. 5(1)(c)). Depending on use:
We never ask you to enter government IDs, payment details, or sensitive health data beyond what's strictly needed to schedule an appointment with the doctor you've chosen.
| Purpose | Data | Legal basis |
|---|---|---|
| Operating your account & logging you in | Account data | Consent — Art. 6(1)(a) |
| Scheduling an appointment for healthcare | Appointment request | Explicit consent — Art. 9(2)(a) (plus Art. 9(2)(h) for healthcare provision where applicable) |
| Responding to your enquiry / message | Message data | Consent — Art. 6(1)(a) |
| Operating and securing the website | Technical/log data | Legitimate interests — Art. 6(1)(f) |
| Meeting legal obligations | As required | Legal obligation — Art. 6(1)(c) |
You may withdraw consent at any time via the My data tab in your account, without affecting the lawfulness of processing prior to withdrawal.
The symptom checker matches your symptoms against a static virus database locally in your browser. Your selections are never sent to our servers, never logged, and never stored. We cannot see what you searched for.
Authentication is provided by Netlify Identity, our processor under Art. 28. Your password is hashed server-side using industry-standard techniques and is never accessible to us in plain text or stored in this site's code. We see only your email address and account metadata (creation date, last login).
Registration is open with email confirmation required. You can delete your account at any time from the My data tab.
Submitting an appointment request is an act of explicit consent under Art. 9(2)(a) to process information that is, by its nature, health-adjacent (you are requesting healthcare from a named professional). We process only what's required to schedule: chosen doctor, hospital, date/time and your free-text reason. We do not require a full medical history.
Important: appointment requests are not confirmed bookings. We review and confirm by email. The Mediscanner website is not an electronic health record system; do not enter detailed clinical information here.
Messages you send (via the contact page or the Messages tab in your account) are delivered to our team using Netlify Forms. They are retained for as long as needed to handle your enquiry and a short period thereafter, then deleted.
We do not use advertising cookies, cross-site tracking, or third-party analytics. We use a small amount of local storage in your browser to:
You can clear this at any time in your browser settings, or by using the deletion option in My data.
We do not sell personal data and we do not share it for third-party marketing. Our processors include Netlify (hosting, Identity, Forms) and Google Fonts (font delivery). Where data is transferred outside the EEA we rely on adequacy decisions or the European Commission's Standard Contractual Clauses (Art. 46).
You can exercise all GDPR rights directly from the My data tab in your account — view, export, request deletion. You also have the right to rectification, restriction, objection and to not be subject to automated decisions producing legal effects (we do not carry out such decisions). You may lodge a complaint with your supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens.
We apply appropriate technical and organisational measures (Art. 32) including HTTPS in transit, hashed passwords via Netlify Identity, data minimisation, on-device processing of sensitive inputs, and limited access. No system is perfectly secure, but we calibrate measures to the risk.
We will update this policy as the service evolves. Material changes are reflected in the "last updated" date. For privacy questions or to exercise your rights, please use the contact page or your account's My data tab.