Effective date: 02/28/2020
Why is it important?
Your data is yours. If we pass your data on to third parties, we will only do so with your consent.
This data protection declaration explains how we collect, use, share and protect personal data about you.
The heyPatient app was developed by heyPatient AG and is operated by this company. HeyPatient AG is the owner and person responsible for the personal data processed via the app in accordance with the Swiss federal law on data protection.
Please read this data protection declaration before you register with heyPatient and consent to the uploading of your personal data (including health data).
By registering with heyPatient and accepting this data protection declaration, you consent to the processing of your personal data (including sensitive health data) as described in this data protection declaration.
1 Use of the heyPatient App
When you register, your personal data is saved in the cloud. You will be able to access the data stored in your heyPatient profile from several devices.
You can revoke your consent to this data protection declaration at any time by deleting the app. Please do not register if you do not want us to process your personal and health data.
Transmission and collection of personal data
heyPatient processes your personal data if you transmit it in the following ways:
Download the app and register
When you register with heyPatient, the following information is required and stored as a minimum: Your surname and first name, as well as your email address and the information during the registration process via SwissSign, such as the password you have chosen.
People under the age of 18 are not allowed to use the app.
The app can be used to manage health appointments and document health information. This information can contain information on diseases, allergies and medication, addresses of your hospital, dates of your hospital visits, doctor reports and much more.
If you contact us in connection with the use of the app or other customer service concerns, we will record this contact.
You can also provide us with personal data when you fill out forms, send e-mails, if you have questions or concerns, if you report a problem with the app, or in other similar situations in which you give us information about you.
Information about your device
We do not collect location data about your device. When you use the app, we will automatically receive technical information such as the type of mobile device you are using, a specific device identifier (for example the IMEI number of your device, the MAC address of the wireless network interface of your device or the mobile phone number used by the device ), Information about the mobile network, your mobile operating system and the software version number, IP address, the type of mobile browser you are using, country and language code and time zone settings. We also collect information in connection with your use of the app, such as log files and administration data, so that we can ensure that the app runs smoothly.
2 The Reasons for Processing Your Personal Data
We process your personal data, including health data, for the following purposes:
To make the app with its services and functionalities available to you and to inform you of any changes;
to respond to inquiries received from you, such as support inquiries for the app or profile;
to further develop, test and improve the app, which includes the offer of new functionalities and features;
to better understand how you use the app, including its functionalities and features, and to ensure that content is presented in the most effective way possible;
for support, maintenance, troubleshooting and troubleshooting of the app in order to ensure the protection and security of the app - among other measures;
to carry out data analysis and tests, for statistical purposes, for the protection and security of the app, to test and validate app upgrades or for the further development of the app;
to enable you to use interactive functions of the app if you wish;
to invite you to participate in opinion groups in connection with the operation and your use of the app or to inform you about heyPatient community activities;
if necessary, if we need to issue a security warning or troubleshooting measure for the app or your heyPatient profile.
3 Retention Period
heyPatient will keep your data for as long as we are legally obliged to do so. Where there is no corresponding legal obligation, we will only keep your data for as long as we need it as described in this data protection declaration.
4 Disclosure of Personal Data
heyPatient can pass on your personal data to our service providers and contractors who are involved in the development, troubleshooting, support, testing, provision and maintenance of the app.
In any case, we will only pass on your personal data to third parties so that we can provide, maintain and host the app functionality and provide support.
We can disclose your personal data if we are legitimately asked to do so by authorities or if we are obliged to do so due to a legal provision, including for national security interests.
Your personal data may be subject to foreign laws and accessed by foreign governments, courts, law enforcement and enforcement agencies, and supervisory authorities.
Personal data release (s) granted by you
We pass on your personal data if you have chosen this accordingly in the app (e.g. through the "heyFamily" feature or the data release to service providers).
5. Use of the App to provide Information to Third Parties
The app enables you to inform third parties about information and content saved in your heyPatient profile (“Share”, “heyFamily” or “Release” functionality).
You can use these functions to send data, images and information including personal data by email to third parties, such as a doctor, a medical service provider or another person of your choice. Or you can give other people access to data (e.g. on your timeline, allergies or medication taken).
If you decide to disclose your personal data to someone, please proceed carefully and make sure that the information only gets to the people you want to reach.
Please note that the transfer of your personal data is at your own risk and heyPatient is not responsible for protecting or securing the information that you transmit to others using the app. You must be aware that there are risks associated with the transmission of data over the Internet, including the possibility of the data being intercepted by unauthorized third parties. We recommend that you exercise caution when using the option of disclosing your data to someone.
6 Storage of Personal Data
The personal data in your heyPatient profile are stored on servers in Switzerland. Microsoft Azure hosts the heyPatient cloud accounts and processes the data on our behalf. The SwissSign Group processes your personal data for secure app registration and authentication of app access.
Your personal data can also be processed by employees of Deep Impact AG in Switzerland who helped us develop the app in order to provide support, troubleshooting and maintenance of the app or services for your heyPatient profile.
We have taken the legally required security precautions to protect your personal data, including the conclusion of data transfer agreements with recipients of the data.
7 The Security of your Personal Data
heyPatient takes appropriate administrative, technical and physical security precautions to protect the confidentiality, integrity and availability of your personal data. We use strict procedures and security functions, including encryption techniques, and take all reasonably necessary steps to ensure that your personal data is processed securely and in accordance with this data protection declaration.
For the highest possible security against unauthorized access, heyPatient uses the registration and authentication of the SwissID.
You are responsible for protecting against unauthorized access to the app and your personal data stored in it. heyPatient recommends that you use a secure password protection by using a password consisting of a combination of letters, numbers and symbols, and that you use a different password for access to heyPatient than for other apps.
Keep your access data secret and do not disclose them to anyone. heyPatient or SwissSign as the provider of SwissID are not responsible for lost, stolen or compromised passwords or for access to your heyPatient profile by an unauthorized user if this was caused by you.
If you think that your profile has been compromised, please contact us as soon as possible at email@example.com or +41 44 586 02 01.
When transmitting information about heyPatient, we encrypt the data.
Even if we and our technical partners do our best to protect your personal data, we cannot guarantee the security of the information transmitted to the app. Any transmission is at your own risk.
8 Exercising Your Rights
You may have the right to have access to your personal data, to have the data corrected or deleted, to object to its processing or to restrict access to it.
You can also have the right to receive a copy of your personal data in a machine-readable format or to send your personal data to another responsible body. Before we disclose the information you have requested, we may, for security reasons, request additional information from you to verify your identity.
In order to exercise your rights in connection with your personal data, please contact heyPatient by email at firstname.lastname@example.org or by post, as stated in section 12, Contact.
We process these requests in accordance with local law and our policies and procedures.
9 "Do Not Track"
We do not allow third parties to collect personal data when you use the app.
The collection of personal data from persons under the age of 18 is only possible through their legal representatives.
11 Changes to this Data Protection Declaration
You will be notified of future changes to this data protection declaration by email or by means of a push message in the app.
Questions, comments and requests regarding this data protection declaration are welcome and should be addressed to the contact addresses below:
heyPatient AG, Tösstalstrasse 234,
CH-8405 Winterthur, Switzerland
If you contact us, we will do our best to address your concerns about the processing of your personal data.
Further contact details can be found in the imprint on www.heyPatient.com.