Privacy Policy heyPatient App

Effective Date: January 12, 2022

 

 

Why is this important?

Our app is your digital companion in healthcare: you have important data and appointments at your fingertips at all times.

 

The protection and security of your personal data is of the utmost importance to us.

 

We therefore ask you to take a moment to read this privacy statement.

 

Your data is yours. We process your personal data in accordance with data protection law. The processing of your patient data takes place for the purpose of the most successful possible healthcare support.

 

This privacy policy explains how we collect, use, share, pass on and protect personal data. Personal data is data or information that relates to an identified or identifiable person.

 

This data protection declaration and the terms of use apply to the use of the heyPatient app (app).

 

The heyPatient app was developed by heyPatient AG and is operated by this company. heyPatient AG is responsible for the personal data processed via the app.

 

By registering with heyPatient and accepting this data protection declaration, you agree to the processing of your personal data (including sensitive health data) as described in this data protection declaration.

In the case of a proxy account, you confirm with this consent that you are authorized to open a proxy account for the person you represent and to save the personal data (including sensitive health data) of the person represented in the heyPatient app and according to the description in this data protection declaration.

1 Use of the heyPatient app

Registration

If you register, the data stored in your heyPatient account will be saved in the cloud. You will be able to access this data from multiple devices.

 

You can revoke your consent to this data protection declaration at any time with future effect by deleting your account, i.e. uninstalling it.

 

Please do not register if you do not want us to process your personal and health data or the personal and health data of the person you represent.  

Transmission and collection of personal data

If you register, the data stored in your heyPatient account will be saved in the cloud. You will be able to access this data from multiple devices.

 

You can revoke your consent to this data protection declaration at any time with future effect by deleting your account, i.e. uninstalling it.

 

Please do not register if you do not want us to process your personal and health data or the personal and health data of the person you represent.  

 

Download the app and register

If you register with heyPatient (in Switzerland via SwissID from SwissSign), the following mandatory information is required: your surname and first name, as well as your email address and your date of birth. If you wish, you can accept this information for automatic storage in your personal profile.

 

Persons under the age of 18 are not permitted to use the app.

Health data

The app can be used to manage health data such as health appointments and to document health information.

 

Health data is personal data that relates to the physical or mental health of a natural person, including the provision of health services, and from which information about their state of health can be derived.

 

This information can include information about illnesses, allergies and medications, hospital address, dates of hospital visits, doctor's reports and much more.

Customer service

If you contact us about app usage or other customer service concerns, we record that contact. 

You may also provide us with personal information when you fill out forms, send emails when you have questions or concerns, report a problem with the app to us, or in other similar situations where you give us information about you.  

 

We use the data you provide exclusively to provide the service you have requested. Insofar as the GDPR applies, Art. 6 (1) sentence 1 lit. b) GDPR forms the relevant legal basis in this respect.

 

Information about your device

We do not collect location data from your device. When you use the app, we will automatically receive technical information such as the type of mobile device you are using, a specific device identifier (for example, your device's IMEI number, the MAC address of your device's wireless network interface, or the mobile phone number used by the device ), mobile network information, your mobile operating system and software version number, IP address, the type of mobile browser you are using, country and language code, and time zone settings. We process this data exclusively to provide the service you have requested, Art. 6 (1) sentence 1 lit. b) GDPR forms the relevant legal basis accordingly, insofar as the GDPR applies.

 

We also collect information related to your use of the app, such as log files and administration data, so that we can ensure the smooth operation of the app.  

 

The data processing processes that take place in this respect are therefore in our legitimate interest in offering you the best possible service, accordingly Article 6 (1) sentence 1 lit. f) GDPR forms the relevant legal basis for processing to the extent that the GDPR applies.  

2 Reasons for processing your personal data

We process the personal data stored in the heyPatient account, including health data, for the following purposes: >To provide you with the app with its services and functionalities and to inform you of any changes;

  • to respond to requests you receive, such as app or account support requests;

  • to further develop, test and improve the App, including offering new functionalities and features;

  • to better understand how you use the App, including its functionalities and features, and to ensure that content is presented in the most effective manner;

  • for support, maintenance, troubleshooting and troubleshooting of the app in order to ensure - among other measures - the protection and security of the app; 

  • to perform data analysis and testing, for statistical purposes, for the protection and security of the App, to test and validate App upgrades or for further development of the App;

  • to allow you to use interactive features of the App when you choose to do so;

  • to invite you to participate in opinion groups related to the operation and your use of the app or to inform you about heyPatient community activities;

  • as necessary if we need to issue a security warning or troubleshooting action for the app or your heyPatient account.

 

In this respect, Art. 6 (1) sentence 1 lit. a) and lit. b) form the relevant legal basis for the aforementioned purposes, insofar as the GDPR applies.

3 Retention Period

heyPatient will only store the personal data for as long as we need it for the purpose as described in this data protection declaration, unless there is a longer statutory storage obligation.

4 Disclosure of personal data

heyPatient can pass on the personal data stored in your heyPatient account to our service providers and contractors who are involved in the development, troubleshooting, support, testing, deployment and maintenance of the app on our behalf. See the information in Chapter 6.

 

In any case, we will only pass on personal data to third parties so that we can provide, maintain and host the app functionality and provide support for it.  

 

We may disclose personal information if we are reasonably required to do so by public authorities or if we are required to do so by law, including for national security interests.  

 

We may also disclose personal information as necessary to apply or enforce our Terms of Use, this Privacy Policy or other agreements, to investigate or protect the rights, property, or safety of heyPatient, our products and services, and our customers and business partners, or to take action to prevent or prevent illegal activity, fraud, possible threats to the safety of persons, or as evidence in a legal dispute.  

 

It may be accessed by foreign governments, courts, law enforcement and enforcement agencies, and regulators based on foreign laws. We try to prevent such access possibilities with the means available to us.  

 

Personal data release(s) granted by you

We pass on your or the personal data you manage if you have chosen to do so in the app (e.g. through the heyFamily feature or data release to service providers).  

5. Use of the app to inform third parties

The app enables you to inform third parties about information and content stored in your heyPatient account (e.g. "Share", "heyFamily" or "Release" functionality).  

 

You can use these functions to e-mail data, images and information including personal data to third parties, such as a doctor, a medical service provider or another person of your choice. Or you can give other people access to data (e.g. your timeline, allergies or medication taken).  

 

If you decide to provide personal information to someone, please do so with care and ensure that the information only reaches those you want to reach

 

Please note that communication via unencrypted e-mail is not secure and that the disclosure of personal data is at your own risk and heyPatient is not responsible for the protection or security of the information that you transmit to others using the app.

 

6 Storage of personal data

We have taken the security precautions required by law to protect the personal data stored in your heyPatient account, including the conclusion of agreements on order data processing with recipients of the data.  

 

If you are in the EU as a user of the app and the GDPR applies accordingly - in particular in accordance with Article 3 Paragraph 2 lit. 5 GDPR. Please note that there is an adequacy decision in favor of Switzerland and thus a sufficient guarantee within the meaning of Art. 45 Para. 1 S. 1 DSGVO.

7 The security of your personal data

heyPatient takes appropriate administrative, technical and physical security precautions to protect the confidentiality, integrity and availability of personal data. We employ strict procedures and security features, including encryption techniques, and take all steps reasonably necessary to ensure that personal data is processed securely and in accordance with this privacy policy.

 

For the highest possible security against unauthorized access, heyPatient uses identity providers for registration and authentication (in Switzerland: SwissID).

 

You are responsible for protecting against unauthorized access to the app and the personal data stored therein. heyPatient recommends that you use secure password protection using a combination of letters, numbers and symbols and that you use a different password to access heyPatient than for other apps.

 

Keep your access data secret and do not disclose them to anyone. heyPatient or SwissSign as the provider of the SwissID are not responsible for lost, stolen or compromised passwords or for access to your heyPatient account by an unauthorized user if this was caused by you.  

 

If you think your account or account has been compromised, please contact us as soon as possible at

 

support@heypatient.com or 

+41 44 586 02 01.

 

When transmitting information via heyPatient, we encrypt the data.  

 

Although we and our technical partners do our best to protect personal data, we cannot guarantee the security of information transmitted to the app.

 

 

8 Exercising Your Rights

You have the right to access your personal data or those stored in your heyPatient account, to have the data corrected or deleted, to object to its processing or to restrict access to it.  

 

You also have the right to revoke your consent to the processing of your personal data with effect for the future.

 

If you believe that the processing of your data by us violates these provisions or applicable data protection law, you can contact us or the supervisory authority responsible for you to complain here.

 

You have the right to receive a copy of the personal data or to send the personal data stored in your heyPatient account to another responsible body. For security reasons, before we provide any information requested from you, we may request additional information from you to verify your identity.  

 

The same rights are also granted to the affected persons capable of judgement, in whose name a proxy account was opened, with regard to the personal data concerning them.

 

In order to exercise these rights in connection with the personal data, please contact heyPatient by email at datenschutz@heypatient.com or by post as specified under paragraph 12, Contact.  

 

We process these requests in accordance with local laws and our policies and procedures.  

 

9 "Don't Track"

We do not allow third-parties to collect personal data when you use the app.

10 children

The collection of personal data from persons under the age of 18 is only possible through their legal representatives.

 

11 Changes to this Privacy Policy

You will be informed of future changes to this data protection declaration by e-mail or by means of a push message in the app.

12 contact

Questions, comments and requests in relation to this Privacy Policy are welcome and should be addressed to the contact addresses below:  

 

datenschutz@heypatient.com

 

Postal address: 

heyPatient AG

Toesstalstrasse 234

CH-8405 Winterthur, Switzerland

 

heyPatient AG

Schumannstrasse 27

60325 Frankfurt, Germany

 

Further contact details can be found in the imprint on www.heyPatient.com .