Privacy Policy - MedicoVideo

§ 1 Introduction

Your privacy protection is of the utmost importance to us. Compliance with the legal provisions of data protection is a matter of course for us. We guarantee that all data collected will be treated in accordance with the applicable data protection regulations. We also want to do more on data protection than the legal framework would require. That is why we have been ISO 27001 (and ISO 9001) certified since the beginning of 2021.

§ 2 Security and Confidentiality

We store all personal data exclusively on servers in Switzerland. When handling your personal data, we take all necessary technical and organizational measures to protect your data from unauthorized and / or illegal access.

§ 3 Anonymous Access Data Collection – Logs

Every time a user accesses one of our websites, access data for this process is anonymously saved in a log file. Each data record consists of:

• the page from which the file was requested
• IP address
• date and time of the request
• the amount of data transferred
• the description of the used operating system and browser type

These log files are used to optimize our services and to improve user experience of our websites.

§ 4 Collection of Independently Provided Data

We collect personal data provided by users themselves while registering, appointment booking, ordering medication, video consultation, actively contacting us (e.g. by e-mail), submitting a review and/or feedback on our website and booking an appointment on behalf of a third party. In particular, we also collect data provided independently through the use of a service in accordance with § 8.

We explicitly inform that independently provided data may contain particularly sensitive data. This includes information on the state of health and medical data, as well as the disclosure of the doctor-patient relationship in general.

The legal basis for the collection is based on your consent (Art. 6 para.1 lit. a GDPR or Art. 30 para. 2 lit. c in conjunction with. Art. 6 para. 7 nFADP).

§ 5 Data Collection from Healthcare Providers

Medicosearch.ch contains a directory of healthcare providers in Switzerland with details of the address, registered office and specialization. The information contained therein was obtained from publicly available sources. At the express request of the health care provider, the company logo and photos are also published.

When using Medicosearch.ch, we collect personal data of the health care providers listed in the directory, in particular the reviews and feedbacks given by the users. Furthermore, we collect personal data of health care providers who are registered as such on the website.

Any healthcare provider has the possibility to request their removal from the Directory and/or the non-publication of the evaluations and comments concerning them in accordance with § 9.

The legal basis for the collection is based on the legitimate interest on our part or on the public interest (Art. 6 para. 1 lit. e and f GDPR or Art. 17 para. 1 c item 1 and lit. e in conjunction with Art. 31 para. 1 and 2 nFADP).

§ 6 Data Retention Period

We irrevocably delete all data, especially the doctor-patient relationship and all appointment booking data, 30 days after the appointment. Exceptionally, the data may be stored for up to 10 years if this is necessary due to the medical service provider's legal documentation obligation.

The login data of the user as well as the data contained in the directory of healthcare providers in Switzerland will only be deleted when the user or the healthcare provider exercises the right to erasure and withdrawal according to §9.

We determine the duration of data storage exclusively in our capacity as the responsible party. When processing data as data processor (see § 10), we act exclusively on the instructions of the responsible party and do not determine the retention period independently.

We determine the period of data storage exclusively in our capacity as responsible party. In the context of processing as a Data Processor (see § 10), we act exclusively on the instructions of the Responsible Party and do not determine the retention period independently.

If you have any questions regarding the retention period of personal data for which we act as Data Processor, please contact the relevant healthcare provider directly. Taking into account the legal documentation requirements, the healthcare providers may need to store the data in their (IT) environment for longer periods than those specified above in order to ensure optimal medical treatment.

§ 7 Legal Basis for Data Collection

By registering and accepting these data protection regulations, a user expressly agrees that his or her data may be processed in accordance with this privacy policy.

The legal basis for the collection is based on your consent (Art. 6 para.1 lit. a GDPR or Art. 30 para. 2 lit. c in conjunction with. Art. 6 para. 7 nFADP).

A person or a healthcare provider who has an appointment booking on behalf of a third party performed by us is deemed to be independently responsible under data protection law.

The directory of health care providers is a free service in the public interest.

The legal basis for the collection is based on the legitimate interest on our part or on the public interest (Art. 6 para. 1 lit. e and f GDPR or Art. 17 para. 1 let. c item 1 in conjunction with Art. 31 para. 1 and 2 nFADP).

§ 8 Purpose of Data Collection / Category of Collected Data

MedicoBooking

To manage our online appointment service we intend to:

• irrevocably delete all booking data, in particular the doctor-patient relationship, 30 days after the appointment. Exceptionally, the data may be stored for up to 5 years if this is necessary due to the medical service provider's legal documentation obligation.
• submit information that is provided during online appointment scheduling, in particular information on treatment and general doctor-patient relationship, to the selected healthcare provider. The healthcare provider may store and manage this data in their own or in our system. The healthcare provider is solely responsible for processing the data in accordance with the Act on Data Protection and acts as an independent responsible party (see also § 10 Responsibilities under Act on Data Protection).
• if the user enters the Medicosearch booking process via an external website or app of a booking partner and books an appointment, return an automated message (token) to the booking partner about the success of the booking. The token never contains personal data of the user or other data in connection with the booking. Nevertheless, it is possible that the booking partner knows the identity of the user based on the token and their own data. This is particularly the case if the user has independently stored personal data with the booking partner.
• send the registered user, in case of a successful booking, a booking confirmation by mail which contains information about the booking. This booking information contains particularly sensitive data of the patient.
• contact the user by e-mail, letter or telephone if the profile or booking details are unclear, or enable the health care provider to do so.
• display information on booked appointments with a health care provider, so that the user could manage it in the user account, in case of having made an appointment online with the same health care provider.

MedicoReview

To establish a satisfaction index for the considered health care providers, we intend to:

• in case of an online booking, ask users by e-mail whether they would like to submit a review.
• allow reviews only if the user has made an online booking with the relevant health care provider within the past 30 days.
• publish the reviews and feedbacks submitted by users (including the information on the treatment reason provided in the review or feedback), except the cases when the feedback is obviously not credible. These publications are anonymized with regard to the user; however the health care providers are clearly identified.
• contact the user by e-mail, letter or telephone if there are any questions about their reviews or feedbacks.
• make the published anonymized review visible to the health care provider rated by the user. It should be noted that the health care provider may be able to deduce the identity of the user based on the (personal) doctor-patient relationship on which the review or feedback is based.

MedicoVideo

To provide and implement MedicoVideo, in addition to the items listed in “Managing online appointment service” we intend to:

• record the booker's personal mobile phone number during the booking process. An SMS is sent to the given phone number directly before each MedicoVideo to ensure that the booker's device is ready for MedicoVideo. If MedicoVideo does not work, the booker will alternatively be called on the provided mobile phone number.
• determine and save the device type of the user.
• collect the credit card information as well as the personal data necessary for the payment (e.g.: last name, first name, address, etc.). This data is sent to the credit card issuer (please note their privacy policy) of the payer and to the credit card acquirer (Stripe, 510 Townsend Street, San Francisco, CA 94103, USA; privacy policy: https://stripe.com/de-ch/privacy) via a secure SSL connection, in particular to process payments, to prevent card misuse and in the event of a legal obligation. For these purposes the third party may in turn forward the data to another third party. We or third parties can store the payment information (except credit card information) in order to comply with the legal obligation of document archiving.
• run MedicoVideo via the software of twilio (Twilio Inc. 375 Beale Street, Suite 300 San Francisco, CA 94105). MedicoVideo is always carried out via a secure peer-to-peer connection. If a peer-to-peer connection is not possible, a connection will still be established using a TURN (Traversal Using Relay NAT) media relay point.
• if the billing takes place via Medicosearch, send an email to the user after a MedicoVideo with a link via which the user receives a detailed invoice in the user account.

Apart from the data listed above, we do not store any other data in connection with MedicoVideo. Furthermore, it should be noted that no conversations, messages or anything similar between doctor and patient are recorded or stored.

MedicoCheckin and MedicoFolder

To manage MedicoFolder patient record, to provide and to perform MedicoCheckin, we intend to:

• to request further personal and health data of the patient (e.g. insurance details, vaccination details, etc.) after or during a booking and to forward this data to the selected healthcare provider. The healthcare provider may store and manage this data in their own or in our system. The healthcare provider is solely responsible for processing the data in accordance with the Data Protection Act and acts as an independent responsible party (see also § 10 Responsibilities under Act on Data Protection).
• enable the user to delete or adjust the data in the MedicoFolder at any time.
• enable the user (after having given the express consent) to make the data accessible to third parties (such as doctors, medical organizations, etc.).

MedicoPharma

For the purpose of managing the medication ordering tool, we intend to:

• store all order data, in particular also the doctor-patient relationship for up to 10 years, if this is required due to the legal documentation obligation of the healthcare provider.
• communicate to the healthcare provider information that is solely collected in the context of the medication order, in particular information on the medication ordered as well as the doctor-patient relationship in principle. The healthcare provider may store and manage this data in their own or in our system. The healthcare provider is solely responsible for processing the data in accordance with the Data Protection Act and acts as an independent responsible party (see also § 10 Responsibilities under Act on Data Protection).
• send the registered user, in case of a successful booking, an order confirmation by mail, which contains information about the order. This order data contains particularly sensitive data of the patient.
• contact the user by e-mail, letter or telephone if the information in the user profile or regarding the user's order is unclear, or to enable the healthcare provider to do so.

MedicoTransfer

To manage referrals, we intend to:

• Communicate to the healthcare provider information obtained during the initial referral by the referring physician, in particular information on treatment and general doctor-patient relationship.
• irrevocably delete in particular the doctor-patient relationship, 30 days after the appointment. Exceptionally, the data may be stored for up to 5 years if this is necessary due to the healthcare provider's legal documentation obligation.
• Mail a request to book an appointment to the patient at the direction of the health care provider.

In the context of the initial referral, we do not act as data protection responsible party. In this specific case, we are subject to the instructions of the healthcare provider in accordance with an existing Agreement on order data processing. For more information, see § 10 Responsibilities under Act on Data Protection.

§ 9 Your Rights

Both Swiss and European data protection laws grant you as a data subject extensive rights whenever your personal data is processed. We would like to support you in the best possible way in exercising your rights. Below you will find a list of your rights and how you can exercise them when using Medicosearch:

Right of access: After sufficient identification, you can request access to all data relating to your person. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.

Right to rectification: In your Medicosearch account under "Profile" you can adjust your personal data at any time. If the desired correction and/or completion of your data is not possible there, please contact us at datenschutz@medicosearch.ch at any time.

Right to restrict processing: You can request that we restrict the processing of your personal data at any time. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.

Right to erasure: In your Medicosearch account under "Settings", you can delete your Medicosearch account 30 days after the last completed appointment. In individual cases, the right to erasure may be excluded, in particular if further processing is necessary for the execution of legal claims. If you have any questions about this, please contact us at datenschutz@medicosearch.ch at any time.

Right to information: If you have claimed the right to rectification, erasure or restriction of processing of your personal data, you may also instruct us to notify all recipients to whom your personal data have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.

Right to data portability: You can contact us at any time to receive your personal data in a structured, common and machine-readable format. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.

Right to object: Since we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. The withdrawal is only valid for the future; processing activities based on your consent in the past will not become unlawful as a result of your withdrawal. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable data protection laws:

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern
+41 (0)58 462 43 95.

Questions: If you have any questions about your rights or how to exercise them, please contact us at datenschutz@medicosearch.ch at any time.

§ 10 Responsibilities under Act on Data Protection

We act as independent data processors when handling personal data, in particular when using the Medicosearch websites, creating a user account, using the Medicosearch Services (see § 8 - except MedicoTransfer), and the directory of healthcare providers.

Data, which are communicated to a healthcare provider selected by the user within the scope of Medicosearch Services, may be stored and managed by the healthcare provider in their or our system. The healthcare provider is solely responsible for processing your data according to the Act on Data Protection and acts as an independent responsible party.

As an exception, we act as Data Processor in the context of initial referrals related to MedicoTransfer and if the healthcare provider forwards data directly to Medicosearch via MedicoCockpit. In these cases, our processing of your personal data is subject to a contract between us as the order Data Processor and the healthcare provider as the Responsible Party.

Our privacy policy does not inform you about how we process your personal data when we act as an order data processor for the healthcare provider. In this case, please refer to the data protection policy of the relevant healthcare provider.

Regardless of whether we act as the responsible party or as order data processor, we take all necessary measures to ensure the protection and confidentiality of personal data.

§ 11 Disclosure of Data to Third Parties

We do not pass on any data to third parties apart from the permission given by the user with the acceptance of this document or in cases provided by law.

Within the scope of Medicosearch Services (see § 8), but especially when booking an appointment online or ordering medication, we disclose the corresponding data to the healthcare provider selected by the user. The healthcare provider may store and manage this data in their own or in our system. The healthcare provider is solely responsible for processing the data in accordance with the Act on Data Protection and acts as an independent responsible party (see also § 10 Responsibilities under Act on Data Protection). Our privacy policy does not provide information on how the healthcare provider collects and uses your personal data.

We may also disclose your data to other third parties, such as certain authorities, if required by law.

In addition, we use order data processors for certain services, such as communication service providers, payment service providers or computer/software service providers, who process your personal data in the context of these services. All order processors are subject to confidentiality obligations and are bound by agreements on order data processing.

In the context of order processing, your data may be disclosed to recipients abroad under certain circumstances. Data will only be disclosed abroad if the applicable legal requirements are met. Our order data processors abroad are obliged to comply with data protection to the same extent as we are. If the level of data protection in a country is not equivalent to that in Switzerland, we contractually ensure that the protection of personal data is equivalent to that in Switzerland.

The list of our order data processors can be found below:

§ 12 Cookies

Basic principle: use of essential cookies only

We generally only use essential cookies on our websites (exception: display of maps, see below "Exception: display of maps").

We use essential cookies to ensure the proper functioning of the Medicosearch services. The cookies do not contain personalized information, but only identification numbers that are meaningless outside our website. These cookies are used to ensure the security of our website and systems and, in particular, to optimize the user experience. We do not disclose this information to third parties unless required to do so by the relevant authorities.

We use in particular the following essential cookies:
Session Cookie: storage of session data to improve user experience.
Lang Cookie: storage of the selected website language to improve user experience.

You can also use our websites without cookies. You can refuse to accept cookies by setting your browser accordingly, by disabling the option to save cookies (e.g. "Incognito Mode" or "Private Browsing"), or by instructing the browser (usually under "Internet Options" or " Settings") to inform you each time an Internet site wants to use a cookie.

Exception: Display of maps

If you would like to see the exact location of a healthcare provider on a map, we use one of the following providers to display maps:

You will be informed directly here and by clicking you decide whether the map should be activated.

When you click to activate the map, your session data (IP address, location, user behavior) is transferred to the provider's server and stored, and a cookie is set. You can find more information about this in the privacy policy of the corresponding provider.

§ 13 Changes to this Privacy Policy

We reserve the right to revise, amend or supplement this privacy policy in any other way at any time. We will inform you of any changes, additions or revisions to our privacy policy with a corresponding notification at the next login.

§ 14 Responsible / Contact

Medicosearch AG
Gerberngasse 27 – 31
3011 Bern
+41 31 312 11 00
datenschutz@medicosearch.ch

§ 15 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable data protection laws.

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern
+41 (0)58 462 43 95

13 April, 2024