§ 1 Introduction

Your privacy protection is of the utmost importance to us. Compliance with the legal provisions of data protection is a matter of course for us. We guarantee that all data collected will be treated in accordance with the applicable data protection regulations. We also want to do more on data protection than the legal framework would require. That is why we have been ISO 27001 (and ISO 9001) certified since the beginning of 2021.

§ 2 Security and Confidentiality

We store all personal data exclusively on servers in Switzerland. When handling your personal data, we take appropriate technical and organizational measures to protect your data from unauthorized and / or illegal access.

§ 3 Anonymous Access Data Collection – Logs

Every time a user accesses one of our websites, access data for this process is anonymously saved in a log file. Each data record consists of:

  • the page from which the file was requested
  • IP address
  • date and time of the request
  • the amount of data transferred
  • the description of the used operating system and browser type
These log files which do not identify any user are used to optimize the service and improve our website.

§ 4 Collection of Independently Provided Data

We collect personal data provided by users themselves while registering, appointment booking, actively contacting us (e.g. by e-mail), submitting a review and/or feedback on our website, booking an appointment on behalf of a third party or using another service according to § 8.

We explicitly inform that independently provided data may contain particularly sensitive data. This includes information on the state of health as well as the disclosure of the doctor-patient relationship in general.

§ 5 Data Collection from Health Care Providers

Medicosearch.ch contains a directory of health care providers in Switzerland with details of the address, registered office and specialization. The information contained therein was obtained from publicly available sources. At the express request of the health care provider, the company logo and photos are also published.

When using Medicosearch.ch, we collect personal data of the health care providers listed in the directory, in particular the reviews and feedbacks given by the users. Furthermore, we collect personal data of health care providers who are registered as such on the website.

§ 6 Data Retention Period

We irrevocably delete all data, especially the doctor-patient relationship and all appointment booking data, 30 days after the appointment.

The login data of the user as well as the data contained in the directory of health care providers in Switzerland will only be deleted when the user or the health care provider exercises the right to erasure and withdrawal according to §9.

§ 7 Legal Basis for Data Collection

By registering and accepting this data protection regulation, a user expressly authorizes us to process the data according to § 4 for the purposes according to § 8. The legal basis for the collection and processing of the data is the explicit consent of the user according to Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR). A person or a health care provider who allows a third party to make an appointment booking with our service is obliged to obtain the relevant express consent of the person concerned.

The directory of health care providers is a free service in the public interest according to Article 6 (1) (e) of the EU General Data Protection Regulation (GDPR). Every health care provider has the option of requesting that they are deleted from the directory and / or that the reviews and feedbacks concerning them are not published according to § 9.

§ 8 Purpose of Data Collection

Medicosearch online appointment service

To manage our online appointment service we intend to:
  • irrevocably delete all booking data, in particular the doctor-patient relationship, 30 days after the appointment.
  • submit information that is provided exclusively during online appointment scheduling, in particular information on treatment and general doctor-patient relationship, to the relevant health care provider. This data is expressly excluded from any rating and publication. This booking information contains particularly sensitive data of the patient.
  • send the registered user, in case of a successful booking, a booking confirmation by mail which contains information about the booking. This booking information contains particularly sensitive data of the patient.
  • contact the user by e-mail, letter or telephone if the profile or booking details are unclear, or enable the health care provider to do so.
  • display information on booked appointments with a health care provider, so that the user could manage it in the user account, in case of having made an appointment online with the same health care provider.

Medicosearch Reviews

To establish a satisfaction index for the considered health care providers, we intend to:
  • in case of an online booking, ask users by e-mail whether they would like to submit a review.
  • allow reviews only if the user has made an online booking with the relevant health care provider within the past 30 days.
  • publish the reviews and feedbacks submitted by users (including the information on the treatment reason provided in the review or feedback), except the cases when the feedback is obviously not credible. These publications are anonymized with regard to the user; however the health care providers are clearly identified.
  • contact the user by e-mail, letter or telephone if there are any questions about their reviews or feedbacks.
  • make the published anonymized review visible to the health care provider rated by the user. It should be noted that the health care provider may be able to deduce the identity of the user based on the (personal) doctor-patient relationship on which the review or feedback is based.
MedicoVideo

To provide and implement MedicoVideo, in addition to the items listed in “Managing online appointment service” we intend to:
  • record the bookers personal mobile phone number during the booking process. An SMS is sent to the given phone number directly before each MedicoVideo to ensure that the bookers device is ready for MedicoVideo. If MedicoVideo does not work, the booker will alternatively be called on the provided mobile phone number.
  • determine and save the device type of the user.
  • collect the credit card information as well as the personal data necessary for the payment (e.g.: last name, first name, address, etc.). This data is sent to the credit card issuer (please note their privacy policy) of the payer and to the credit card acquirer (Stripe, 510 Townsend Street, San Francisco, CA 94103, USA; privacy policy: https://stripe.com/de-ch/privacy) via a secure SSL connection, in particular to process payments, to prevent card misuse and in the event of a legal obligation. For these purposes the third party may in turn forward the data to another third party. We or third parties can store the payment information (except credit card information) in order to comply with the legal obligation of document archiving.
  • run MedicoVideo via the software of twilio (Twilio Inc. 375 Beale Street, Suite 300 San Francisco, CA 94105). MedicoVideo is always carried out via a secure peer-to-peer connection. If a peer-to-peer connection is not possible, a connection will still be established using a TURN (Traversal Using Relay NAT) media relay point.
  • if the billing takes place via Medicosearch, send an email to the user after a MedicoVideo with a link via which the user receives a detailed invoice in the user account.
Apart from the data listed above, we do not store any other data in connection with MedicoVideo. Furthermore, it should be noted that no conversations, messages or anything similar between doctor and patient are recorded or stored.

MedicoCheckin and MedicoFolder

To manage MedicoFolder patient record, to provide and to perform MedicoCheckin, we intend to:
  • collect further personal and health data of the patient (such as insurance details, vaccination details, etc.) after or during a booking according to the individual requirements of the respective health care provider.
  • enable the user to delete or adjust the data in the MedicoFolder at any time.
  • enable the user (after having given the express consent) to make the data accessible to third parties (such as doctors, medical organizations, etc.).
MedicoPortal

To manage bookings from referring doctors, we intend to:
  • allow health care providers to make a referring booking for a user after the health care provider has obtained verbal consent from the user for Medicosearch AG to process their data.
  • inform the user about their referring booking by email and to obtain their consent to data processing according to these data protection regulations.
  • irrevocably delete all of the users data if the consent to data processing was not received within 48 hours.
§ 9 Right of Access, Withdrawal and Erasure

If your personal data is processed, you are a data subject within the meaning of GDPR and you have the following rights:

Right of access: After sufficient identification, every person can request access to all personal data free of charge at datenschutz@medicosearch.ch.

Right to rectification: You have the right to obtain from the responsible the rectification and / or completion of inaccurate or incomplete personal data concerning you. The responsible must make the correction without undue delay.

Right to restriction of processing: Under certain conditions you have the right to obtain restriction of processing of your personal data.

Right to erasure: You have the right to obtain the erasure of your personal data free of charge at datenschutz@medicosearch.ch at any time and user can delete their account themselves 30 days after the last appointment in the account under user information. This especially applies if the personal data is no longer required for the purposes pursued, you have effectively withdrawn your consent or have effectively objected to the processing, or the personal data is being processed unlawfully. In individual cases, the right to erasure may be excluded, especially if processing is necessary to exercise freedom of expression or to exercise legal claims.

Right to information: If you have asserted the right to correction, deletion or restriction of processing, the responsible is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort connected.

Right to data portability: You have the right to receive the personal data concerning you, which you have provided to the responsible, in a structured, commonly used and machine-readable format.

Right to object: Since we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. The withdrawal is only valid for the future; processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable law.

§ 10 Disclosure of Data to Third Parties

We do not pass on any data to third parties apart from the permission given by the user with the acceptance of this document or in cases provided by law.

We reserve the right to pass on your personal data in accordance with § 4 and § 5 exclusively to third parties within and outside of Switzerland who are contractually obliged to us to comply with the same data protection regulations to which we are obliged. In particular, these third parties are obliged to use data only for the purposes according to § 8 or other legally permissible purposes, such as technical support, and not to disclose data to other third parties unless we permit this or it is required by law.

§ 11 Cookies and Analysis Tools

We use session cookies. Cookies are small data files like those used by most websites. Cookies do not contain any personalized information, but only code numbers that are meaningless outside our website. In addition, we use Google Analytics to analyse the user behavior on our website. Google Analytics also uses so-called "cookies". The information generated by the cookie about your using this website is usually transferred to a Google server in the USA and stored there.

In addition to the standard functions, we also use integrated services on this website, for which data is collected in Google Analytics for advertising purposes, including data collection via cookies for ad settings and anonymous identifiers. For this purpose, in addition to the data recorded by Google Analytics analysis tool, additional data is collected via Google cookies for ad settings and anonymous identifiers. We use this information to improve our website.

These tools are used to ensure the security of our website and systems. Moreover, this data is used to record the user behavior in order to improve our services and to carry out statistical evaluations. This enables us to adapt the content of our websites to the specific needs of our users. These uses are completely anonymous. We do not disclose this information to third parties unless required by the relevant authorities. We reserve the right to identify users (in particular by comparing the IP address with the information collected as part of the procedures explained under § 4 and § 5), but only in case of justified suspicion of website misuse and/or serious breach of the General Terms and Conditions.

Of course you can use our websites without cookies. You can refuse to accept cookies by changing the browser settings to disable the cookie storage option or to instruct the browser (usually under "Internet Options" or "Settings") to inform you each time a website wants to install a cookie. If you wish, you can also opt out Google Analytics by downloading and installing the browser plugin available at: "https://tools.google.com/dlpage/gaoptout?hl=en". Please note that if you deactivate cookies or Google Analytics, you may not be able to access some of the functions provided on our website.

§ 12 Changes to This Data Protection Regulation

We reserve the right to revise, amend or otherwise supplement these data protection regulations at any time. We will inform you of any changes, additions or revisions to our data protection regulations with a corresponding message the next time you log in.

§ 13 Responsible

Medicosearch AG
Gerberngasse 27 – 31
3011 Bern
+41 31 312 11 00
datenschutz@medicosearch.ch

§ 14 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes applicable data protection laws.

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern
+41 (0)58 462 43 95