Search company, investor...
Doctolib company logo

The profile is currenly unclaimed by the seller. All information is provided by CB Insights.

Founded Year



Debt | Alive

Total Raised




Last Raised

$549M | 7 mos ago

About Doctolib

Doctolib offers a mobile and online platform to make reservations with doctors.

Doctolib Headquarters Location

54 quai Charles Pasqua

Levallois-Perret, 92300,


Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Research containing Doctolib

Get data-driven expert analysis from the CB Insights Intelligence Unit.

CB Insights Intelligence Analysts have mentioned Doctolib in 5 CB Insights research briefs, most recently on Mar 22, 2022.

Expert Collections containing Doctolib

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Doctolib is included in 4 Expert Collections, including Unicorns- Billion Dollar Startups.


Unicorns- Billion Dollar Startups

1,193 items


Digital Health 150

300 items

2019's cohort of the most promising digital health startups transforming the healthcare industry


Digital Health

13,114 items

Technologies, platforms, and systems that engage consumers for lifestyle, wellness, or health-related purposes; capture, store, or transmit health data; and/or support life science and clinical operations. (DiME, DTA, HealthXL, & NODE.Health)



2,853 items

Companies developing, offering, or using electronic and telecommunication technologies to facilitate the delivery of health & wellness services from a distance. *Columns updated as regularly as possible; priority given to companies with the most and/or most recent funding.

Latest Doctolib News

Can European Subsidiaries of U.S. Cloud Providers No Longer Provide IT Services in the EU?

Aug 5, 2022

To embed, copy and paste the code into your website or blog: <iframe frameborder="1" height="620" scrolling="auto" src="//" style="border: 2px solid #ccc; overflow-x:hidden !important; overflow:hidden;" width="100%"></iframe> Analysis of the Baden-Württemberg Procurement Chamber on the admissibility of the use of IT services by European subsidiaries of U.S. cloud providers I. Background In its recently published decision (12 July 2022), a Procurement Chamber of the German State Baden-Württemberg (“Chamber”) commented on one of the most controversial issues in the context of international data flow regulation and took the view that an EU subsidiary of a U.S. cloud provider could not offer its IT services in compliance with the GDPR as there would be a risk that U.S. law enforcement could request access to personal data processed when making use of the U.S. CLOUD Act. The Chamber considered this risk as constituting a transfer within the meaning of Art. 44 GDPR and further concluded that the requirements for such an international transfer were not met. As a consequence, the EU subsidiary would be barred from offering its services to the public entity which runs a public procurement process. According to Art. 44 GDPR, any transfer of personal data by controllers or processors to a third country is subject to the requirements set out in chapter V of the GDPR. Yet what does “transfer” mean? This became a controversial question following the ECJ’s Schrems decisions (see here and here ), in which, due to the long arm of the U.S. government, data transfers to the United States were found to be unlawful unless an equivalent level of data protection could be achieved by other means. Given the potential and unrestricted access to European communications data by U.S. authorities, the ECJ considered the access on a generalized basis to be so serious that it recognized – for the first time in its case law – a violation of the essence of the fundamental right to privacy enshrined in Art. 7 of the European Charter of Fundamental Rights and declared the Commission Decision 2000/520/EC (“Safe Harbour”) invalid. The ECJ did not, however, clarify how the term “transfer” is to be defined. Thus, national authorities and courts, which have still not been able to form a unanimous opinion on the question, are in a tight spot. II. In a nutshell The parties involved in the case in the German State Baden Württemberg submitted their bids in a tendering process for a cloud platform whereby one bidder was not considered in the offer evaluation due to a complaint filed by a competing bidder. The rejected bidder uses a subcontractor for the provision of server and hosting services, that operate with servers located in Germany. The subcontractor is the subsidiary of a company based in the United States. The other bidder, who was ultimately chosen as the winning bidder, argued in the case before the Chamber that the rejected applicant violated the requirements of inter alia chapter V of the GDPR. The Chamber held that the term “transfer” includes any disclosure of data to a recipient outside the EU. If data is uploaded on a platform that can be accessed from a third country then, according to the Chamber, a transfer occurs, regardless of whether access actually takes place. In its reasoning, the Chamber held that the mere possibility of access – for example by granting access rights – constitutes a latent risk of unauthorized transfer of personal data into third countries. Following this determination, the Chamber then assessed and did not find sufficient safeguards to cover that legal risk of transfer in the contract concluded between the rejected bidder and its subcontractor. Under the contract, the subcontractor’s parent company was not allowed to access or use the data unless there was a legally binding official order requiring the parent company to disclose the data [e.g., a CLOUD Act order]. The Chamber, therefore, considered the use of a platform operated by a European subsidiary whose parent company is located in the United States to be in violation of the GDPR because the requirements of Chapter V were not met. The complaining bidder filed an immediate appeal, which will be decided by the Higher Regional Court of Karlsruhe. III. What do other authorities say? Unfortunately, there is still no consensus within the EU on the interpretation of the term “transfer.” Concretely: The ECJ addressed the question as to whether holding data available for retrieval is sufficient for the presumption of a “transfer” early on in its Lindqvist decision . This broad interpretation was rejected by the ECJ: A processor who merely uploads data on a website hosted by a server located in the EU does not transfer data to third countries, since an internet user must first take additional steps [e.g., visit the website] to be able to access the stored information. Thus, only if the information is sent automatically from the server to an internet user who did not intentionally seek access to those websites and who can access such data without needing any other steps, may a transfer occur [para. 60]. Tellingly, the ECJ stated in Lindqvist [para. 68]: “Given, first, the state of development of the internet at the time Directive 95/46 was drawn up and, second, the absence, in Chapter IV, of criteria applicable to use of the internet, one cannot presume that the Community legislature intended the expression transfer [of data] to a third country to cover the loading, by an individual in Mrs Lindqvist's position, of data onto an internet page, even if those data are thereby made accessible to persons in third countries with the technical means to access them.” The ECJ suggests in Lindqvist that “transfer” should be understood as an active act. Making data passively accessible would on the other side not be sufficient to speak of a transfer. However, it must be noted that the restrictive approach of the ECJ in Lindqvist is the result of the context and especially the state of development of the internet at that time. The European Data Protection Board (EDPB) has also taken a restrictive approach in its Guidelines 05/2021 on the Interplay between Art. 3 and Chapter V GDPR adopted on November 18, 2021. A transfer shall be given only if the following criteria are cumulatively met: 1) A controller or a processor is subject to the GDPR for the given processing. 2) This controller or processor (“exporter”) discloses by transmission or otherwise makes personal data, subject to this processing, available to another controller, joint controller or processor (“importer”). 3) The importer is in a third country or is an international organization, irrespective of whether or not this importer is subject to the GDPR in respect of the given processing in accordance with Art. 3. The EDPB thus does not interpret Art. 44 GDPR broadly. In its recently published guidelines on international data transfers, the German Society for Data Protection (“GDD”) takes the view that the disclosure or holding of data for retrieval in favor of an entity located outside the EU can be deemed as a transfer. The ICO holds in its guidance on international data transfers that there is a “restricted transfer” to a third-country, if “you are (…) making it accessible, to a receiver which is located in a country outside the UK.” The Conseil d’Etat rejected in its Doctolib judgment (No. 450163) an application that was filed to block the use of AWS’s Cloud in Luxembourg due to the potential access of personal data by U.S. authorities based on the U.S. CLOUD Act. The reason for the court’s finding was that Doctolib and AWS had concluded a complementary addendum to their contract that established a specific procedure in the event of requests for access by a public authority to personal data processed on behalf of Doctolib, providing in particular for the contestation of any general request or request that does not comply with European regulations. Doctolib also implemented additional security measures for data hosted by AWS that relies on an encryption procedure based on a trusted third party located in France, in order to prevent the reading of data by third parties. The Conseil d’Etat’s summary judgment thus suggests that even a potential risk of access could constitute a transfer unless there are strong measures implemented which would prevent such access. IV. What are the implications and consequences of the decision? At first glance, the interpretation of the Chamber seems to be too far-reaching: The ECJ and the EDPB, the main interpreters of the GDPR in Europe, so far, seem to take a more restrictive approach to the interpretation of the term “transfer.” The interpretation of the Chamber is not covered by the wording of Art. 44 GDPR and recital 101 that imply the necessity of an active act of “transfer.” According to Art. 44 GDPR any “transfer of personal data which are undergoing processing” is subject to Chapter V. If storage and disclosure are understood as means of processing personal data (Art. 4 (2)) the mere possibility of access by third parties cannot be deemed as a transfer since Art. 44 GDPR speaks of a transfer that occurs with regards to data that is being processed already. Recital 101 speaks of “[f]lows of personal data to and from countries outside the Union and international organizations.” The term “flows” indicates a movement of something in to one direction and is commonly used in order to describe river, lava, electricity and traffic flows for instance. The Chamber considered the clause in the contract agreed between the entities as too permissive since the parent company was allowed to access data if necessary to maintain or provide the services or to comply with laws or enforceable orders of U.S. authorities. The potential access by the parent company, that was not restricted by contract, led the Chamber to activate the protection of Chapter V of the GDPR. However, the full protection of all transfer requirements under Chapter V may not be necessary bearing in mind that companies established in the EU may already generally be prohibited from complying with foreign transfer or disclosure orders under Art. 48 GDPR. This was not taken into consideration. An overly broad interpretation of the term “transfer” would also seem difficult to implement in practice. Even where there is no active transfer outside the EU, European companies would be obliged to evaluate foreign legal systems in order to check whether there is a risk of data being accessed by third-country authorities. As the decision of the Procurement Chamber is not final and in our view also not based on a consensus in the EU, Companies should for now not panic. One may first wait for judicial clarification and further guidance by European supervisory authorities.

Doctolib Web Traffic

Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Doctolib Rank

  • When was Doctolib founded?

    Doctolib was founded in 2013.

  • Where is Doctolib's headquarters?

    Doctolib's headquarters is located at 54 quai Charles Pasqua, Levallois-Perret.

  • What is Doctolib's latest funding round?

    Doctolib's latest funding round is Debt.

  • How much did Doctolib raise?

    Doctolib raised a total of $815.98M.

  • Who are the investors of Doctolib?

    Investors of Doctolib include Bpifrance, Eurazeo, General Atlantic, Accel, Kernel Capital and 9 more.

  • Who are Doctolib's competitors?

    Competitors of Doctolib include Air Doctor, Jameda, Qare, TokTokDoc, Doctors in Italy and 8 more.

You May Also Like

ZocDoc Logo

Zocdoc is a digital healthcare marketplace for in-person or virtual care. Zocdoc provides in-network doctors, book in-person or virtual appointments, reviews from verified patients, reminders for upcoming appointments and preventive checkups.


DocASAP provides a patient access and engagement platform for health systems, health plans, and physician groups. The platform addresses access to care issues by helping navigate patients and members to the right provider and care setting at the right time.

DocPlanner Group Logo
DocPlanner Group

The DocPlanner Group is a platform connecting patients with healthcare professionals and making the healthcare experience more human. It offers patients a space to find and review a doctor according to their needs. In turn, it offers healthcare professionals and medical centers tools to help manage their patient flow, improve the efficiency of their practice, and enhance their online presence. The DocPlanner Group currently serves 20 million patients and processes 325,000 bookings every month. It lists more than 6 million healthcare professionals with a total of 2 million patient reviews on its websites in 20 countries. The company was founded in 2012 in Poland and now boasts a team of 300 based across offices in Warsaw, Barcelona, Istanbul and Rome.

Doctors in Italy Logo
Doctors in Italy

Doctors in Italy operates a platform that helps users find and book English-speaking doctors throughout Italy.

Practo Technologies

Practo Technologies is a healthcare services platform that provides a practice management and appointment scheduling software for doctors and clinics, as well as a hospital information management solution - all on a software as a service model. In addition, Practo offers a sponsored listing service for hospitals and clinics.


Qunomedical, formerly Junomedical, is a digital health platform that provides patients with access and independent information on the world's best doctors and hospitals. Qunomedical vets medical providers by means of a multi-stage quality algorithm developed by medical practitioners together with data scientists to list only accredited clinics.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.