Privacy Policy — vCard for Doctors

Effective date: 24 March 2026 · vCard for Doctors — vcard.physician.my

In plain language: We collect only the information you give us when you register. We use it solely to manage your account and reach out to you about your vCard service. We do not sell, trade, or share your personal data with any third party.

1. Who We Are

vCard for Doctors (vcard.physician.my) is a service operated by the DOBBS team under the DOBBS umbrella. We provide physicians and healthcare organisations with a platform to create and share professional digital contact cards.

For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection law, the DOBBS team is the data controller for personal data collected through this service.

2. What Data We Collect

When you register for an account, we collect:

Your full name and chosen username
Your email address
Your mobile phone number
Your MMC registration number (for individual doctor accounts) or business name (for clinic/hospital accounts)
Your chosen password (stored as a secure one-way hash — we cannot read it)
Basic technical data: IP address and timestamp of registration (for security purposes)

Information you choose to display on your public vCard (photo, clinic address, qualifications, social media links, etc.) is entered voluntarily by you and is publicly visible to anyone who views your card. You are solely responsible for that content.

3. Why We Collect It — Legal Basis

We process your personal data on the following legal grounds under GDPR Article 6:

Contract performance — to create and manage your account and deliver the vCard service you signed up for.
Legitimate interests — to maintain service security, prevent fraud, and send you important account-related communications (approval notices, password resets, subscription updates).
Legal obligation — to comply with applicable laws if required.

4. How We Use Your Data

Your contact details are used only for:

Account registration, verification, and approval
Sending your password reset link when requested
Notifying you of account status changes (approval, suspension, subscription)
Responding to support queries you initiate
Ensuring the security and integrity of the platform

We do not use your data for marketing, profiling, or automated decision-making.

5. Data Sharing — We Do Not Sell Your Data

Your personal data is never sold, rented, or traded to any third party. We do not share your data with advertisers or data brokers.

We may share data only in the following limited circumstances:

Within the DOBBS team — staff who need it to operate and support the service.
Legal requirement — if compelled by a court order or applicable law, and only to the extent required.

6. Data Retention

We retain your account data for as long as your account remains active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Public vCard content you published will be removed at the same time as your account is deleted.

7. Data Security

We take reasonable technical and organisational measures to protect your data, including:

Passwords stored as secure cryptographic hashes (bcrypt)
HTTPS encryption for all data in transit
Access to raw data files restricted via server-level rules
CSRF token protection on all forms
Session security measures (regeneration, timeout)

No method of transmission over the internet is 100% secure. We will notify you promptly if we become aware of a breach affecting your data, in line with GDPR Article 33/34 obligations.

8. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or the United Kingdom, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your data ("right to be forgotten")
Restriction — ask us to limit how we use your data
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests
Withdraw consent — where processing relies on consent, withdraw it at any time

To exercise any of these rights, email us at support@physician.my. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

This site uses a single session cookie (a small temporary file) to keep you signed in while you use the platform. This cookie is deleted when you log out or close your browser. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

This service is intended for registered medical professionals and healthcare organisations. We do not knowingly collect data from anyone under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify registered users by email. Continued use of the service after changes constitutes acceptance of the revised policy.

12. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact the DOBBS team:

📧 support@physician.my