Your privacy protection is of the utmost importance to us. Compliance with the legal provisions of data protection is a matter of course for us. We guarantee that all data collected will be treated in accordance with the applicable data protection regulations. We also want to do more on data protection than the legal framework would require. That is why we have been ISO 27001 (and ISO 9001) certified since the beginning of 2021.
We store all personal data exclusively on servers in Switzerland. When handling your personal data, we take all necessary technical and organizational measures to protect your data from unauthorized and / or illegal access.
Every time a user accesses one of our websites, access data for this process is anonymously saved in a log file. Each data record consists of:
These log files are used to optimize our services and to improve user experience of our websites.
We collect personal data provided by users themselves while registering, appointment booking, ordering medication, video consultation, actively contacting us (e.g. by e-mail), submitting a review and/or feedback on our website and booking an appointment on behalf of a third party. In particular, we also collect data provided independently through the use of a service in accordance with § 8.
We explicitly inform that independently provided data may contain particularly sensitive data. This includes information on the state of health and medical data, as well as the disclosure of the doctor-patient relationship in general.
The legal basis for the collection is based on your consent (Art. 6 para.1 lit. a GDPR or Art. 30 para. 2 lit. c in conjunction with. Art. 6 para. 7 nFADP).
Medicosearch.ch contains a directory of healthcare providers in Switzerland with details of the address, registered office and specialization. The information contained therein was obtained from publicly available sources. At the express request of the health care provider, the company logo and photos are also published.
When using Medicosearch.ch, we collect personal data of the health care providers listed in the directory, in particular the reviews and feedbacks given by the users. Furthermore, we collect personal data of health care providers who are registered as such on the website.
Any healthcare provider has the possibility to request their removal from the Directory and/or the non-publication of the evaluations and comments concerning them in accordance with § 9.
The legal basis for the collection is based on the legitimate interest on our part or on the public interest (Art. 6 para. 1 lit. e and f GDPR or Art. 17 para. 1 c item 1 and lit. e in conjunction with Art. 31 para. 1 and 2 nFADP).
We irrevocably delete all data, especially the doctor-patient relationship and all appointment booking data, 30 days after the appointment. Exceptionally, the data may be stored for up to 10 years if this is necessary due to the medical service provider's legal documentation obligation.
The login data of the user as well as the data contained in the directory of healthcare providers in Switzerland will only be deleted when the user or the healthcare provider exercises the right to erasure and withdrawal according to §9.
We determine the duration of data storage exclusively in our capacity as the responsible party. When processing data as data processor (see § 10), we act exclusively on the instructions of the responsible party and do not determine the retention period independently.
We determine the period of data storage exclusively in our capacity as responsible party. In the context of processing as a Data Processor (see § 10), we act exclusively on the instructions of the Responsible Party and do not determine the retention period independently.
If you have any questions regarding the retention period of personal data for which we act as Data Processor, please contact the relevant healthcare provider directly. Taking into account the legal documentation requirements, the healthcare providers may need to store the data in their (IT) environment for longer periods than those specified above in order to ensure optimal medical treatment.
By registering and accepting these data protection regulations, a user expressly agrees that his or her data may be processed in accordance with this privacy policy.
The legal basis for the collection is based on your consent (Art. 6 para.1 lit. a GDPR or Art. 30 para. 2 lit. c in conjunction with. Art. 6 para. 7 nFADP).
A person or a healthcare provider who has an appointment booking on behalf of a third party performed by us is deemed to be independently responsible under data protection law.
The directory of health care providers is a free service in the public interest.
The legal basis for the collection is based on the legitimate interest on our part or on the public interest (Art. 6 para. 1 lit. e and f GDPR or Art. 17 para. 1 let. c item 1 in conjunction with Art. 31 para. 1 and 2 nFADP).
MedicoBooking
To manage our online appointment service we intend to:
MedicoReview
To establish a satisfaction index for the considered health care providers, we intend to:
MedicoVideo
To provide and implement MedicoVideo, in addition to the items listed in “Managing online appointment service” we intend to:
Apart from the data listed above, we do not store any other data in connection with MedicoVideo. Furthermore, it should be noted that no conversations, messages or anything similar between doctor and patient are recorded or stored.
MedicoCheckin and MedicoFolder
To manage MedicoFolder patient record, to provide and to perform MedicoCheckin, we intend to:
MedicoPharma
For the purpose of managing the medication ordering tool, we intend to:
MedicoTransfer
To manage referrals, we intend to:
In the context of the initial referral, we do not act as data protection responsible party. In this specific case, we are subject to the instructions of the healthcare provider in accordance with an existing Agreement on order data processing. For more information, see § 10 Responsibilities under Act on Data Protection.
Both Swiss and European data protection laws grant you as a data subject extensive rights whenever your personal data is processed. We would like to support you in the best possible way in exercising your rights. Below you will find a list of your rights and how you can exercise them when using Medicosearch:
Right of access: After sufficient identification, you can request access to all data relating to your person. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.
Right to rectification: In your Medicosearch account under "Profile" you can adjust your personal data at any time. If the desired correction and/or completion of your data is not possible there, please contact us at datenschutz@medicosearch.ch at any time.
Right to restrict processing: You can request that we restrict the processing of your personal data at any time. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.
Right to erasure: In your Medicosearch account under "Settings", you can delete your Medicosearch account 30 days after the last completed appointment. In individual cases, the right to erasure may be excluded, in particular if further processing is necessary for the execution of legal claims. If you have any questions about this, please contact us at datenschutz@medicosearch.ch at any time.
Right to information: If you have claimed the right to rectification, erasure or restriction of processing of your personal data, you may also instruct us to notify all recipients to whom your personal data have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.
Right to data portability: You can contact us at any time to receive your personal data in a structured, common and machine-readable format. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.
Right to object: Since we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. The withdrawal is only valid for the future; processing activities based on your consent in the past will not become unlawful as a result of your withdrawal. For this purpose, please contact us at datenschutz@medicosearch.ch at any time.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable data protection laws:
Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern
+41 (0)58 462 43 95.
Questions: If you have any questions about your rights or how to exercise them, please contact us at datenschutz@medicosearch.ch at any time.
We act as independent data processors when handling personal data, in particular when using the Medicosearch websites, creating a user account, using the Medicosearch Services (see § 8 - except MedicoTransfer), and the directory of healthcare providers.
Data, which are communicated to a healthcare provider selected by the user within the scope of Medicosearch Services, may be stored and managed by the healthcare provider in their or our system. The healthcare provider is solely responsible for processing your data according to the Act on Data Protection and acts as an independent responsible party.
As an exception, we act as Data Processor in the context of initial referrals related to MedicoTransfer and if the healthcare provider forwards data directly to Medicosearch via MedicoCockpit. In these cases, our processing of your personal data is subject to a contract between us as the order Data Processor and the healthcare provider as the Responsible Party.
Our privacy policy does not inform you about how we process your personal data when we act as an order data processor for the healthcare provider. In this case, please refer to the data protection policy of the relevant healthcare provider.
Regardless of whether we act as the responsible party or as order data processor, we take all necessary measures to ensure the protection and confidentiality of personal data.
We do not pass on any data to third parties apart from the permission given by the user with the acceptance of this document or in cases provided by law.
Within the scope of Medicosearch Services (see § 8), but especially when booking an appointment online or ordering medication, we disclose the corresponding data to the healthcare provider selected by the user. The healthcare provider may store and manage this data in their own or in our system. The healthcare provider is solely responsible for processing the data in accordance with the Act on Data Protection and acts as an independent responsible party (see also § 10 Responsibilities under Act on Data Protection). Our privacy policy does not provide information on how the healthcare provider collects and uses your personal data.
We may also disclose your data to other third parties, such as certain authorities, if required by law.
In addition, we use order data processors for certain services, such as communication service providers, payment service providers or computer/software service providers, who process your personal data in the context of these services. All order processors are subject to confidentiality obligations and are bound by agreements on order data processing.
In the context of order processing, your data may be disclosed to recipients abroad under certain circumstances. Data will only be disclosed abroad if the applicable legal requirements are met. Our order data processors abroad are obliged to comply with data protection to the same extent as we are. If the level of data protection in a country is not equivalent to that in Switzerland, we contractually ensure that the protection of personal data is equivalent to that in Switzerland.
The list of our order data processors can be found below:
Basic principle: use of essential cookies only
We generally only use essential cookies on our websites (exception: display of maps, see below "Exception: display of maps").
We use essential cookies to ensure the proper functioning of the Medicosearch services. The cookies do not contain personalized information, but only identification numbers that are meaningless outside our website. These cookies are used to ensure the security of our website and systems and, in particular, to optimize the user experience. We do not disclose this information to third parties unless required to do so by the relevant authorities.
We use in particular the following essential cookies:
Session Cookie: storage of session data to improve user experience.
Lang Cookie: storage of the selected website language to improve user experience.
You can also use our websites without cookies. You can refuse to accept cookies by setting your browser accordingly, by disabling the option to save cookies (e.g. "Incognito Mode" or "Private Browsing"), or by instructing the browser (usually under "Internet Options" or " Settings") to inform you each time an Internet site wants to use a cookie.
Exception: Display of maps
If you would like to see the exact location of a healthcare provider on a map, we use one of the following providers to display maps:
You will be informed directly here and by clicking you decide whether the map should be activated.
When you click to activate the map, your session data (IP address, location, user behavior) is transferred to the provider's server and stored, and a cookie is set. You can find more information about this in the privacy policy of the corresponding provider.
We reserve the right to revise, amend or supplement this privacy policy in any other way at any time. We will inform you of any changes, additions or revisions to our privacy policy with a corresponding notification at the next login.
Medicosearch AG
Gerberngasse 27 – 31
3011 Bern
+41 31 312 11 00
datenschutz@medicosearch.ch
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable data protection laws.
Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern
+41 (0)58 462 43 95
13.04.2024