Data Protection Declaration
1. General provisions
1.1 Purpose and Scope
This Data Protection Declaration (Declaration) describes the handling of personal data by Airdoc, Markus Will, Zurich (Airdoc). They should create transparency and enable the user to get a clear picture about what personal data is being processed for what purpose.
Airdoc offers its users a range of services via the platform www.airdoc.ch (platform), which offers users the opportunity to select various medical services. This assumes that Airdoc can also process personal data of its users (see section 2 of this Declaration). Airdoc is aware that in healthcare protection of personal data is of particular importance. In particular, Airdoc is also aware that Swiss data protection legislation makes the processing of certain data subject to special provisions: thus, it qualifies health related personal data as personal data of particular value within the meaning of the Federal Act of 19 June 1992 on Data Protection (DSG). To the extent that Airdoc processes personal data, the Company will at all times respect all applicable legal and regulatory rules regarding the safe use of such data.
1.2 Agreement with Declaration
The user agrees to this statement and to the processing of personal data as described therein by using this platform. The user also expressly agrees that Airdoc will process health information that it uploads to the platform for one of its services in accordance with the present Declaration. If users do not agree with this Declaration, they have to renounce the further use of the platform. In addition, the user can revoke his consent to data processing by Airdoc at any time in writing, without stating any reasons.
This statement may be updated at any time by Airdoc (the date of the last update is stated at the end of this Declaration). The respective versions are applicable in accordance with the date of order.
1.3 Data Processing Principles
In the processing of personal data (in particular on the occasion of their procurement, storage, use, disclosure, archiving and destruction), Airdoc observes, in particular, the following principles:
- For every data processing, Airdoc observes the principle of proportionality (need-to-know principle);
- Airdoc processes personal data only for purposes specified in its procurement, which were evident from the circumstances or which are provided for by law;
- Airdoc will only provide personal data to third parties in accordance with the conditions set out in Section 4 of the present Declaration;
- Any person, whose personal data is processed by Airdoc, may exercise his legal right to information and correction at any time (see contact address in section 6 of this Declaration);
- Airdoc does not sell data to third parties.
The protection of patient data is our highest priority. The data transfer takes place via the extremely secure SSL technology. Your encrypted data is stored on a Swiss server. You will receive an automatically generated password, please keep it in a safe place! For security reasons, there is no way to recover or change the password. There is no link between the data and the customer stored on the server.
2. Categories and processing of personal data
2.1 Categories of personal data
The following is the personal data that Airdoc processes in the context of operating the platform, administering and communicating with users:
- Health data of users (e.g., answers and questionnaires uploaded by the user to the platform, scanned x-rays, etc.);
- Users’ key information (in particular name, home address, date of birth, gender, telephone number, email address, etc.);
- Product related data, contracts, billing information;
- Data on user contacts and correspondence;
- IP addresses of visitors to the airdoc.ch website
2.2 Processing of personal data
As part of quality assurance the information provided during registration will be checked for correctness by Airdoc.
Airdoc processes the personal data mentioned in section 2.1 in the context of handling of the offered services. This includes the operation of the platform (mainly maintenance of customer relations) and the technical operation (maintenance of the platform, storage of health data on Airdoc servers) and billing. Airdoc may also use contact information of users for marketing purposes and to inform them of news. If Airdoc processes personal data for other purposes, the user will be informed of these purposes at the time of collecting the relevant data.
3. Protection of Personal Data
Airdoc takes all organizational and technical measures for the protection of personal data required by Swiss data protection legislation. This protects against the following risks in particular:
- unauthorized or accidental destruction;
- technical errors;
- forgery, theft or unlawful use;
- unauthorized modification, copying, access or other unauthorized edits.
All health data will be hosted on servers in Switzerland that guarantee state-of-the-art data security. Airdoc will in no case transfer or store health data abroad.
Users’ data will be transmitted to Airdoc via a secure internet connection: For the transmission, a 128-bit encryption is used, which is based on the SSL protocol (SSL = secure socket layer). The secure Internet connection can be recognized by the “http” extended by an “s” (i.e. https) in the Internet address (URL) in the address bar of the Internet browser. Another sign of the secure connection is a lock icon, which is displayed in most browsers.
These protective measures will be constantly adapted in accordance with technological progress.
4. Transfer of Personal Data
With the exception of the cases described in the next paragraph, Airdoc will not share personal data with third parties. In particular, Airdoc will never sell user data to third parties.
- Airdoc transmits data from users to service providers cooperating with Airdoc, if it is necessary in the context of the respective order.
- Airdoc grants partial access to user data to third parties that Airdoc uses for the operation and maintenance of the platform and the provision of services. Airdoc grants such third party access only to the extent necessary for the corresponding performance of the third party.
By using the Airdoc platform, the customer agrees to the transfer or access of his personal data in the cases described above.
4.2 Exception: Legal obligation
Airdoc may provide personal data outside the limits specified in section 4.1 to third parties, as far as Airdoc is legally obliged to disclose it.
5. Data transfer via the Internet
As stated in this Declaration, Airdoc applies the highest level of technical and organizational security to protect the personal data of users. As users upload data to the platform over the Internet, it should be remembered that risks inherent in any data transfer over the Internet exist. For example, unauthorized third parties may be able to access information that users send via the Internet. This may result in technical errors or in this information being disclosed or changed in content. Even if the sender and the recipient are in the same country, it cannot be ruled out that data sent via the internet will leave their country and will be forwarded to a country with less stringent data protection requirements, than in the country where the user lives. Airdoc is unable to control these general risks of any data transfer over the Internet. Users of the platform should note that Airdoc is not responsible or liable for the security of user data, as it is transmitted to Airdoc over the Internet.
6. Web Analytics with Cookies/Google Analytics
Airdoc uses so-called cookies and collects, processes and uses usage data. Cookies are alphanumeric identifiers that are temporarily stored in the working memory or permanently stored on users’ hard drives. The use of these cookies is needed to make websites user-friendly, user-oriented, effective and secure. At the same time, cookies are never used to evaluate users’ health data.
In the settings of the Internet browser used, the user can choose whether to accept cookies, whether information should be given, when setting a cookie, or whether to reject all cookies. However, the functionality of Airdoc’s website is not or only partially available if function-related cookies should be rejected; certain functions are only available if and to the extent that the use of function-related cookies is approved.
6.2 Google Analytics
By means of cookies (see section 6.1) which are stored on user’s computer, so called tracking data is collected. The IP address of users is shortened directly to the user’s computer. The transmission and storage of the IP address takes place in this anonymized form. The collected tracking data is used to analyze the website and helps to improve it continuously. Airdoc uses the web analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
By using the website, the following data may be stored and evaluated anonymously and exclusively for statistical purposes: IP address (in shortened form), the pages visited and their order, the operating system and browser used, date and time of the page views, the address of the previously viewed website, if a visit was made via a direct link placed there. A personal evaluation of this technical data does not take place.
7. Information on Personal Data
In accordance with Swiss data protection legislation, the user can contact Airdoc and
- find out if Airdoc is processing personal data concerning him;
- ask Airdoc to provide a copy of personal data concerning him;
- instruct Airdoc, to correct inaccurate personal data.
8. Sum-up for Clients
What we use your data for
Airdoc ensures the confidentiality and security of your data. Your data will be used solely for the purposes for which you gave your consent and will never be given to third parties not involved in your specific case (see “Who has access to your personal data” below).
How your data is stored
Your data is kept encrypted and separate from other people’s data. All health data will be hosted on servers in Switzerland that guarantee state-of-the-art data security. Airdoc will in no case transfer or store health data abroad.
Users’ data will be transmitted to Airdoc via a secure internet connection: For the transmission, a 128-bit encryption is used, which is based on the SSL protocol (SSL = secure socket layer). The secure Internet connection can be recognized by the “http” extended by an “s” (i.e. https) in the Internet address (URL) in the address bar of the Internet browser. Another sign of the secure connection is a lock icon, which is displayed in most browsers.These protective measures will be constantly adapted in accordance with technological progress.
Your rights and our guarantees
Every user of our services (16 years old or older) has the right to be informed about their personal data we use, and the right to access the data they have given at any point in time. We always leave you the right to modify your data, manage who has the rights to access it or change it, or you can request for your personal data to be completely erased. We are committed to keep you updated about any changes regarding your personal data, and we guarantee not giving your personal information to any third parties.
Who has access to your personal data
Your personal data can only be modified by you and by your data administrator. The data can only be seen by the medical specialists and your personal interpreter when there is a need for this data to support any medical process that is required. Both the medical staff and the interpreters are not allowed to disclose your personal information to anyone else (rule of confidentiality). If the personal information is that of a child below 16 years of age, the personal information may be disclosed to the child’s legal guardians.
Requests for information or correction must be sent in writing to the following address: Airdoc, Markus Will, Heinrichstrasse 267, CH-8005 Zürich.
November 26, 2017