Privacy Policy and security

Privacy Policy

Data privacy statement

03.2022 Version

 

  1. General information

WELL Gesundheit AG, Bernstrasse 39, 8952 Schlieren (hereinafter referred to as “Well” or “we”) attaches great importance to the protection of your personal data and only collects, processes, stores and uses your personal data in compliance with the Federal Act on Data Protection (“FADP”) and – where applicable – the European General Data Protection Regulation (“GDPR”).

 

  1. What is this data privacy statement about?

 

1.

Well procures and processes personal data relating to you or other persons (known as “third parties”). In this document, the term “data” is equivalent to “personal data”.

 

“Personal data” is data relating to an identified or identifiable person, i.e. one who can be identified on the basis of the data provided or with the help of additional data. “Sensitive personal data” is a category of personal data that is particularly protected by current data privacy legislation. Sensitive personal data includes, for example, data that provides information on racial or ethnic origin, as well as data concerning health, information on religious or ideological convictions, biometric data used for identification purposes, and information on trade union membership. You can find information about the data that we process under this data privacy statement in [section III]. “Processing” means any operation performed on personal data, such as the collection, storage, use, amendment, disclosure and deletion of data.

 

2.

In this data privacy statement, we describe what we do with your data when you use our Well app, are in contact with us or communicate with us in other respects under a contract, or are otherwise involved with us. We may also inform you separately about the processing of your data, e.g. in declarations of consent.

 

3.

When you transmit or disclose data about other persons, for example family members, work colleagues, etc. to us, we assume that you are authorised to do so and that this data is correct. You confirm this assumption by transmitting third-party data. Please make sure that these third parties have been informed about this data privacy statement. The data privacy statement can be opened and read at any time on the Well app [by clicking “Terms and conditions” under “Profile”].

 

  1. Who is responsible for the processing of your data?

 

Well is responsible for the data processing described in this data privacy statement carried out by Well Gesundheit AG, Bernstrasse 39, 8952 Schlieren, unless stated otherwise in this document or with regard to individual cases, e.g. in forms or contracts with third-party providers that are concluded via our Well app.

 

2.

You can contact us regarding your data privacy concerns and your rights in this regard at:

 

WELL Gesundheit AG

Bernstrasse 39

8952 Schlieren

 

support@well.ch

We have also appointed the following additional post:

WELL Gesundheit AG

Data Protection Officer

Bernstrasse 39

8952 Schlieren

 

3.

The Well app contains certain functions that are made available by third-party providers (hereinafter referred to as a “Third-Party Offer”). These Third-Party Offers include the following:

 

  1. Symptom Checker (medical device)
  2. Booking a telemedicine appointment
  3. Find a doctor
  4. Receipt and ordering of E-prescriptions
  5. Uploading and saving of medical documents by authorised service providers
  6. Booking an appointment for flue vaccination at the pharmacy
  7. Booking a doctor’s appointment

 

The aforementioned functions, the third-party providers and the flow of data are explained in detail in section VIII.

If you wish to use a Third-Party Offer, before transmitting the data entered by you and required for the use of the Third-Party Offer you must explicitly consent to its disclosure to the third party.

To ensure that the third-party provider in question may in turn disclose to Well the data required to make use of the offer via the Well app, e.g. to display the result of the Symptom Checker in the Well app, the third-party provider likewise needs your consent to disclose your data to us. We also obtain this consent from you before transmission to the third party.

 

If you do not provide your consent, we will not disclose any data to third-party providers and you will be unable to make use of their offers via the Well app.

We draw your attention to the fact that the third-party provider alone is responsible for its Third-Party Offer and its processing of your data. In this regard, we refer you to the data privacy statements of the respective third-party providers (see section VIII “Functions of the Well app and Third-Party Offers”). If you contact us regarding such processing of your data, we will forward your enquiry to the party responsible for data processing without delay.

 

 

4.

In addition, Well provides links to Third-Party Offers. These offers cannot be used as a function in Well. Instead, the third-party websites/apps must be called up outside of Well. The third parties bear sole responsibility for these offers and data processing. This currently applies to the following links:

 

  1. Zur Rose Marketplace
  2. Online skin check
  3. Coronavirus check
  4. Training
  5. Psychological training
  6. Training for anxiety and panic attacks

iii. Sleep training

  1. Training for a balanced diet
  2. Training for pain and tension.

 

 

III. What data do we process?

 

We process different data about you, depending on the reason and purpose for processing. We generally receive this data directly from you, e.g. when you register for the Well app or call up functions that are made available by the Well app. If you make use of Third-Party Offers via the Well app and give your consent, we also receive the data about you from these third-party providers that are needed to offer our services (see also section VIII “Functions of the Well App and Third-Party Offers”). Specifically, this concerns the following data:

 

  1. Guest access data

You can use the Well app as a guest or as a registered user. For guest access, you must set up a guest profile by providing the following data in the Well app:

 

Insurance

You can also voluntarily provide further data, e.g. date of birth, weight, height, gender.

We then generate a guest ID (see section 3 “Technical data”).

 

  1. Registration data

If you decide to register with the Well app, you can set up a profile in the Well app by providing additional data. This includes, for example:

 

First name

Last name

Date of birth

Gender

Insurance

Email

Phone/mobile

Password

Height (optional)

Weight (optional)

Address (optional)

Prior illnesses (optional)

Medication (optional)

Allergies (optional)

We then generate a user ID (see section 3 “Technical data”).

You are personally responsible for entering the correct data, keeping the data up to date and keeping your password safe.

  1. Authentification of users (two-factor authentication, 2FA)

Users who not only create a guest account with Well, but also wish to register in order to use further functions within Well, must authenticate themselves with Well for security reasons. In this way, we want to ensure that only the respective user accesses his or her account. For this purpose, you will be asked to set a username, a password and to provide your mobile phone number as part of the registration process. We will then send you a code to your mobile number, which you must enter in the app to authenticate yourself. This authentication is required each time you (re-)access the app. However, you have the option to simplify the authentication process by providing biometrical data for authentication (currently your fingerprint or facial recognition). If you choose to do so, you can enter your fingerprint or your facial recognition as the desired means of identification at Well and simply open the app using your fingerprint or facial recognition.

  1. Identification of Users (“KYC-Process”)
  2. Data processing by Well as data controller

For certain functions within Well, we require identification from you in addition to authentification. During this identification process, an encrypted image of your ID document, your photo and a short video to be recorded by yourself are collected. In the process, all data from your ID card, including personal data requiring special protection (biometric data from your image data), are analysed.

Identity documents usually contain the following data

Official name

First name/s

Gender

Date of birth

Hometown

Nationality

Height

Photo

Issuing authority

Issue date

Expiration date

ID card number and type

Signature as per request

Official additions (if available in the request, only possible in the passport)

Machine Readable Zone (MRZ)

Data requiring special protection

The image data from your photo and your selfie video are processed using special technical means that allow your unique identification or authentication (biometric data).

This data is collected to verify the authenticity of your ID document and that the person visible on the video matches the image on the ID. Once the check is complete, Well deletes this data.

Well uses a provider of software and services for digital identification services for the KYC process, the company PXL Vision AG, Mühlebachstrasse 164, 8008 Zurich. The servers of PXL Vision AG are located exclusively in Switzerland; no data is passed on to third parties. If PXL Vision AG uses services providers abroad for order processing, they are obliged to comply with strict technical and organisational measures at the same level of protection as Switzerland in accordance with the provisions of the data protection laws.

  1. Data processing by PXL Vision AG as data controller

PXL Vision AG needs the data collected via Well to improve its recognition process and integrates it into its machine learning processes using artificial intelligence. In this way, PXL Vision AG is able to continuously improve the accuracy of document and face recognition based on a larger data pool. PXL Vision AG is the sole responsible party for data processing for the purpose of improving its services.

This data processing requires your explicit consent, which we obtain from you as part of the KYC process. Your data will only be released by Well to PXL Vision AG on separate servers, which are also located exclusively in Switzerland. They are then used exclusively for the described improvement of the processes and algorithms. The data are not accessible externally and are treated as strictly confidential by PXL Vision AG and are not passed on to third parties. The employees entrusted with the analysis of the data are separately committed to strict compliance with data protection and confidentiality. Further information on data processing by PXL Vision can be found here.

 

  1. Technical data

When you use our Well app, we record the IP address of your end device and other technical data required to ensure the functionality and security of the Well app. This data also includes logs recording the use of our systems. We usually store technical data for 6 months. Technical data proving that you have given your consent is stored at least for the duration of your account, or longer if required by statutory archiving requirements. To ensure the functionality of the Well app, we can also allocate an individual code to you or your end device (e.g. in the form of a cookie, see section XIII “Do we use online tracking and online advertising techniques?”). Technical data generally does not allow any conclusions to be drawn about your identity. However, it can be linked to other data categories (and therefore potentially to your person) in the context of user accounts, registrations or the performance of contracts.

 

  1. Communication data

When you establish contact with us via the contact form, by email, telephone, chat, letter or any other communication medium, we capture the data exchanged between you and us, including your contact data and the peripheral communication data. If required by the functions provided via our Well app, we also collect data needed to identify you, e.g. a copy of an identity document. You have the right to request the deletion of your data in writing at any time at:

WELL Gesundheit AG

Bernstrasse 39

8952 Schlieren

support@well.ch

 

 

  1. Master data

Master data is the basic data we need for the performance of our contractual and other business relationships or for marketing and advertising purposes. This includes, for example, the guest ID generated by us if you set up guest access, or the user ID generated by us if you register with the Well app. To allow you to use the functions and Third-Party Offers provided by the Well app and to display the results of the Symptom Checker in the Well app, for example, we also need the data of the third parties whose offers you use. This also includes health data. Here, you must provide your consent before making use of the Third-Party Offers (see section II.3). You can find a detailed overview of which data we disclose to third parties after obtaining your consent and which data we may receive back from them in section [VIII. “Functions of the Well app and Third-Party Offers”). We usually store this data for as long as you have an account with us. The storage period can be longer if required for documentation purposes, for compliance with statutory or contractual provisions, or for technical reasons.

 

  1. Insurance data

If you use the symptom checker and would like to be informed after receiving the result whether you have a free choice of the type according to your insurance model, you should contact your family doctor or use telemedicine (“triaging”), we need your insurance number, your insurance number in the basic insurance and, if applicable, the name of your family doctor. You can provide us with this data via SASIS AG, a legally and operationally independent company of santésuisse group, which is used by the health insurers to process data disclosure. SASIS AG requires your first and last name as well as your date of birth and gender in order to transmit the data.

  1. Management of medical documents and electronic prescriptions

One of the many advantages of the Well app lies in the fact that you can use the Well app to manage your medical documents yourself and to receive and submit doctors’ prescriptions.

 

 

  1. For what purposes do we process your data?

 

We process your data for the purposes described below. These purposes and their underlying objectives represent the legitimate interests of us or third parties. You can find more information about the lawful basis for our processing in [section V “On what basis do we process your data?”].

 

 

  1. Communication

We process your data for the purpose of and in connection with our communication with you, in particular, to answer enquiries and when you assert your rights, as well as to contact you if we have any questions. To this end, we make particular use of communication data and master data, as well as guest access data and registration data in connection with functions and offers used by you. We store this data to document our internal communications with you, for training purposes, for quality assurance and for answering further questions.

 

  1. Contract preparation and performance

We process data for the establishment, management and performance of contractual relationships.

 

  1. Marketing purposes

We process data for marketing purposes and to cultivate relations, e.g. to send our users and other contracting partners personalised advertising for products and services offered by us and by third parties (e.g. by advertising contracting partners). This can be done, for example, in the form of newsletters and other regular communications (electronic, by post, telephone), through other channels for which we have your contact information, or in the context of individual marketing campaigns, and may also include free benefits (e.g. invitations, vouchers, etc.). You can reject such communications at any time or refuse or revoke your consent to communication for advertising purposes. With your consent, we can tailor our advertising to your personal needs (see section XIII). Finally, we also want to enable our contracting partners to contact our users for advertising purposes (see section on disclosure of data).

 

 

  1. Market research, improvement of our functions and offers

We also process your data for the purpose of market research and to improve our functions and the offers on our Well app.

 

  1. Security purposes

We can also process your data for security purposes.

 

  1. Compliance

We additionally process your data in order to comply with laws, directives, recommendations from government authorities and internal regulations.

 

  1. Risk management and administration

We also process data for the purpose of risk management and in the context of good corporate governance, including operational organisation and corporate development, and as part of our internal procedures and administration.

 

 

  1. On what basis do we process your data?

 

If we ask you to consent to specific forms of processing (e.g. the processing of sensitive personal data, for marketing mailshots, for push messages), we will inform you separately about the purposes of the processing. You can view and print your consents at any time under “Profile” – “Consents”, and also revoke these with future effect at any time. You can also send us notice of revocation by post or by email. Our contact data is provided in [section II.2]. See [section XIII] for the revocation of your consent to online tracking. As soon as we receive your notice of revocation of consent, we will no longer process your data for the purposes originally approved by you, unless we have another lawful basis for processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of this consent before it was withdrawn.

Where we do not ask you to consent to process, we base the processing of your personal data on the fact that processing is required for the preparation and performance of a contract with you (or the party represented by you) or that we or third parties have a legitimate interest in the processing, in particular, to pursue the purposes set out in [section IV] above and related purposes and to implement suitable measures. This also includes compliance with statutory provisions where this compliance is not already recognised as a lawful basis under the applicable data protection legislation (e.g. for the GDPR, EEA and Swiss law). Furthermore, this includes the marketing of our products and services, our interest in understanding our markets better, and our ambition to securely and efficiently manage and develop our company and its business operations.

When we receive sensitive data (e.g. health data, information concerning political, religious or ideological views or biometric data for identification purposes), we can also process your data on another lawful basis, e.g. in the case of disputes, on the basis of the need to process the data in view of legal proceedings or in order to defend and enforce legal claims. In some cases another lawful basis may apply, about which we will inform you separately, if necessary.

 

 

  1. To whom do we disclose your data?

 

In connection with our contracts, functions and offers, our legal obligations or otherwise to protect our legitimate interests and for the other purposes listed in [section IV], we also transmit your personal data to third parties, and in particular to the following categories of recipients:

 

  1. Service providers

We work together with service providers in Switzerland and abroad who process data about you on our behalf or who share responsibility with us for doing so, or who receive data about you from us under their own responsibility (e.g. IT providers, shipping companies, providers of advertising services, banks, insurance companies, debt collection companies, credit reference agencies, or address validators). This may also include health data. See also [section XIII] for the service providers involved in the Well app. The central IT service provider for the Well app is Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.

To allow us to efficiently provide our products and services and concentrate on our core competencies, we obtain services from third parties in many areas. These services include, for example, IT services, information dispatching, marketing, distribution, communication or printing services, building management, security and cleaning, organisation and running of events and receptions, collection services, credit references, address validations (e.g. to update addresses of people who move), anti-fraud measures and services from consulting companies, lawyers, banks, insurance companies and telecommunications companies. We disclose to these service providers the data they require for their services, which may also include data relating to you. These service providers can also use such data for their own purposes, e.g. to obtain information about outstanding claims and your payment history in the case of credit reference agencies or anonymised information to improve their services. We also conclude contracts with these service providers that include provisions to protect the data where this is not already provided by law.

  1. Third-party providers

The recipients further include the third-party providers whose offers you use on our Well app. You are in charge of the disclosure of your data, and in particular your health data, to these third-party providers. We only disclose your data to third-party providers if you have given us your explicit consent to do so (see section II.3). You can find a detailed overview of the data which we disclose to third parties with your consent as well as the data we may receive back from them in [section VIII].

 

  1. Authorities

We can forward personal data to government offices, courts and other authorities in Switzerland and abroad if we are obliged or authorised to do so by law or it seems necessary in order to protect our interests. This may also include health data. The authorities process any data about you they receive from us under their own responsibility.

Applicable cases include, for example, criminal proceedings, measures implemented by the police (e.g. concepts to protect the health, combat violence, etc.), supervisory provisions and investigations, court proceedings, reporting obligations, pre-litigation and out-of-court proceedings and statutory obligations to provide information and to cooperate. Data can also be disclosed if we wish to obtain information from public authorities, e.g. to prove our interest in the information or because we have to identify the person about whom we need information (e.g. from a register).

 

 

  1. Other persons

This refers to other cases where a third party is involved for the purposes set out in [section IV “For what purposes do we process your data?”].

Other recipients include, for example, persons at different delivery addresses provided by you. In the context of corporate development, we can sell or acquire businesses, parts of businesses, assets or companies or enter into partnerships; this may also require the disclosure of data (including data about you, e.g. as a user or third-party provider or representative of a third-party provider) to the persons involved in these transactions.

All these categories of recipients may in turn involve third parties, which means that your data may also become accessible to these third parties. We can limit processing by certain third parties (e.g. IT providers), but cannot do so for other third parties (e.g. government offices, banks, etc.).

 

 

VII. Third-party functions in the Well app

The following provides a brief description of the different third-party functions and the flow of data. Some of these offers are not available to all users and require, among other things, specific insurance cover from certain companies. The conditions for access to the individual functions are set out below or in the applicable terms of use of the third-party providers and can be amended at any time.

 

  1. Symptom Checker

The Symptom Checker is a systematic, digital patient questionnaire for assessing the state of health and delivering a recommendation for the next steps of treatment. After completing the questionnaire, you receive an automated, summarised assessment of the symptoms and findings. In addition, possible underlying diseases are identified and listed (differential diagnosis as part of the Symptom Checker’s recommendation).

 

Third-party provider

in4medicine AG

Monbijoustrasse 23

CH-3011 Bern

info@in4medicine.ch

Disclosed data:

Date of birth

Gender

Symptoms (answers to follow-up questions)

Other technical data (e.g. guest ID, user ID, session ID, etc.)

 

Data which Well receives from the third party

Symptom Check ID

Symptom Checker results

GTC of In4medicine:

SMASS Legal Information

Data privacy statement of In4medicine:

SMASS Data Protection

 

  1. Booking a telemedicine appointment

You can book an appointment with the telemedicine provider (medi24) via Well. The appointment is booked either on the basis of the triage decision after using the Symptom Checker or independently of this, which is only possible for users who are customers of CSS / Visana (also a Group member) or whose insurance company uses the telemedicine services offered by medi24. Once an appointment has been arranged, a callback from the telemedicine centre is requested.

Third-party provider

Medi24 AG

Bolligenstrasse 54

CH-3006 Bern

Tel. +41 31 340 05 00

info@medi24.ch

Disclosed data

User ID

First name

Last name

Date of birth

Gender

I

nsurance

Phone/mobile

Other technical data (e.g. guest ID, user ID, session ID, etc.)

Symptom Checker results (only with your consent)

Comments (optional)

Additional documents / fotos (optional)

Requesting an appointment: availability for appointment (date, time slots)

Data which Well receives from the third party

Availability for appointment (date, time slots), appointments

Confirmation of request

 

Medi24 GTCs and data protection declaration

https://www.medi24.ch/en/privacy

 

 

  1. Find a doctor

You can search for a doctor that meets your requirements based on different search criteria (name, specialism, location). Well shows all possible results for your search. When you have found a suitable doctor, the Well app allows you to send a request for an appointment to this doctor. In addition to the dates that suit the patient, a contact form and other documents are submitted. The selected doctor contacts the patient after receiving the request.

Third-party provider

ZRMB Marketplace AG

Walzmühlestrasse 60

8500 Frauenfeld

team@zurrose.ch

Disclosed data

Find a doctor:

Name of doctor/practice

Specialism

Town/postcode

Other technical data (e.g. guest ID, user ID, session ID, etc.)

Data which Well receives from the third party:

None

 

GTC of Zur Rose

terms and conditions (only in DE or FR)

 

Data privacy statement of Zur Rose

privacy policy (only in DE, FR or IT)

 

  1. Submission of E-prescriptions

This function makes it possible to receive, verify and process digital E-prescriptions issued by doctors. The E-prescription is shown in Well and can be submitted online. The prescribed medicine can then be picked up from a pharmacy in the vicinity (1) or ordered from an online pharmacy for delivery to your home (2).

Third-party provider

Zur Rose Suisse AG (eRx wallet)

Walzmühlestrasse 60

CH-8500 Frauenfeld

team@zurrose.ch

 

Disclosed data  For case 1 (pick-up from local pharmacy):

First name

Last name

Date of birth

Phone/mobile

Email

Insurance

Other technical data (e.g. guest ID, user ID, session ID, etc.)

Name of pharmacy (for 1)

Town/postcode (for 1)

Delivery address (for 2)

Health questions (for 2):

– Height

– Weight

– Prior illnesses

– Medication

– Allergies

– Possible pregnancy (only for female users)

 

Data which Well receives from the third party:

In case 1 (pick-up from local pharmacy), no data is saved by Well, but the following data is called up via API:

E-prescription: medication/dosage, doctor, prescription ID, date, name and date of birth of recipient, status (dispensed/not dispensed)

In case 2 (online pharmacy), the following data are called up via API:

E-prescription: medication/dosage, doctor, prescription ID, date, name and date of birth of recipient, status. Well also saves the following data: height, weight, prior illnesses, medication, allergies

 

GTC of Zur Rose

terms and conditions (only in DE or FR)

 

Data privacy statement of Zur Rose

privacy policy (only in DE, FR or IT)

  1. Document delivery from a service provider (SP) into the Well App

In order for service providers such as doctors, telemedicine specialists or other medical professionals to be able to send you documents in the Well document repository, a connection must be established with them. This involves connecting your Well account to your SP account via a third-party provider and then securely sending documents from the respective SP to the user. This feature is open to all Well users who have created an account and are verified.

Third party:

 

Zur Rose Suisse AG

Walzmühlestrasse 60

8500 Frauenfeld

team@zurrose.ch

Commercial register CHE-101.583.964

Medi 24

Bollingenstrasse 54

CH-3006 Bern

info@medi24.ch

Commercial register CHE-101.216.589

Disclosed Data:

User-ID

Physician-ID

Data which Well receives from the third party:

User-ID

Physician-ID

Data that a Service Provider sends to your document repository

Zur Rose GTCs (only in DE, FR or IT):

https://www.zurrose.ch/de/nutzungsbedingungen

Zur Rose data protection declaration (only in DE, FR or IT):

https://www.zurrose.ch/de/datenschutz

Medi24 GTCs and data protection declaration:

https://www.medi24.ch/en/privacy/

  1. Uploading and saving of medical documents by service providers5.

Upon your instructions, service providers can upload medical documents (e.g. treatment plans, test results, etc.) to the Well application and save them in your mailbox.

 

Third party

Zur Rose Suisse AG

Walzmühlestrasse 60

8500 Frauenfeld

team@zurrose.ch

Medi 24

Bollingenstrasse 54

CH-3006 Bern

info@medi24.ch

Commercial register CHE-101.216.589

 

Disclosed data:

None

 

 

Data which Well receives from the third party:

Documents such as treatment plans, medication list, laboratory results, etc.

GTC of Zur Rose

terms and conditions (only in DE or FR)

Data privacy statement of Zur Rose

privacy policy (only in DE, FR or IT)

Medi24 GTCs and data protection declaration:

https://www.medi24.ch/en/privacy/

  1. Booking an appointment for a flu vaccination at the pharmacy

You can make an appointment for a flu vaccination at a pharmacy (of the Galenica Group) via Well. The appointment booking is done via a dedicated service in the Well app in collaboration with the appointment booking tool OneDoc. This function is open to all Well users who have registered (created an account).

Third party

Galenica AG

Untermattweg 8

CH-3027 Bern

info@galenica.com

Commercial register CH-036.3.069.575-9

GTCs and data protection declaration of Galenica pharmacies:

Amavita (only in DE, FR & IT)

Sun Store (only in DE, FR & IT)

Coop Vitality (only in DE, FR & IT)

OneDoc SA

Avenue de Sécheron

CH-1202 Genève

emma@onedoc.ch

Commercial register CH-660.3.460.016-9

AGB von OneDoc:

Terms of use

OneDoc data protection declaration:

Privacy policy

Disclosed data:

First name

Surname

Date of birth

Sex/Gender

Phone/Mobile

E-mail adress

Data which Well receives from the third party:

Pharmacies Name and adress of the appointment booking

Confirmation of appointment booking

Booking date

 

  1. DoctorChat

DoctorChat is a service of Medi24 AG (medi24), which is made available to persons entitled to service (hereinafter referred to as users) after registration. The effective service provider of the DoctorChat service of medi24 is Abi Global Health Limited, Dublin, Ireland (hereinafter ABI).

Third party

Medi24 AG

Bolligenstrasse 54

CH-3006 Bern

info@medi24.ch

Commercial register CHE-101.216.589

Abi Global Health Limited

Dublin

Ireland

Medi24 GTCs

Terms of use

Medi24 data protection declaration

Privacy policy

ABI GTCs

Terms of use

ABI data protection declaration

Privacy policy

Disclosed data Medi24:

Age, gender

 

The reason for your appointment

 

Country of residence, language preference, IP address

Disclosed data ABI:

Name, telephone number, insurance number, e-mail address, age or

date of birth, gender, country of residence, language preference, IP address.

 

Data that you provide to ABI, including but not limited to health data and possibly

Data about sexual orientation and sexual life

 

 

Data which Well receives from the third party:

None

 

9. Booking a doctor’s appointment
You can make a doctor’s appointment with selected care providers via Well. Appointment booking is done via an appointment booking tool provided by the provider Medicosearch in the Well app. This function is open to all users of Well who have registered (created an account).
Third party
MedicoSearch AG
Gerberngasse 27 – 31 CH-3011 Bern
Commercial register CHE-036.3.040.697-5
Disclosed data Medicosearch:
  • First name
  • Last name
  • Date of birth
  • Gender
  • Phone/Mobile
  • E-mail
  • Adress (street, house number, postcode, town)
  • Name of doctor
  • Other technical data (e.g. Guest ID, User ID, Session ID etc.)
Data which Well receives from the third party:
  • Name and adress of the doctor where the booking was made
  • Choice of treatment
  • Booking status
  • Confirmation of appointment booking
  • Booking date
Medicosearch’s GTCs Terms of use
Medicosearch data protection declaration Privacy policy

 

VIII. Links to third-party offers outside the Well app

The following is a description of the links provided to third-party offers outside the Well app:

 

  1. Zur Rose Marketplace

This service can be used to order beauty and personal care (BPC) products and over-the-counter (OTC) products from Zur Rose. The Well app provides a link to the Zur Rose Marketplace.

 

Third party

ZRMB Marketplace AG

Walzmühlestrasse 60

8500 Frauenfeld

team@zurrose.ch

 

Disclosed data:

None

 

 

Data which Well receives from the third party:

None

 

GTC of ZRMB Marketplace AG

terms and conditions (only in DE or FR)

Data privacy statement of ZRMB Marketplace AG

privacy policy (only in DE, FR or IT)

 

 

2.2. Online skin check

You can choose a dermatologist registered in Switzerland and have your skin or specific parts of your skin checked online by this doctor. This check is particularly useful for rashes, eczema and birthmarks. The service guarantees a response within 48 hours and is subject to a (one-off) fee.

 

 

Third Party

OnlineDoctor AG

Lerchenfeldstrasse 3

9014 St. Gallen

Schweiz

onlinedoctor.ch

 

Disclosed data:

None

 

 

Data which Well receives from the third party:

None

 

GTC of Online Doctor

terms and conditions

Data privacy statement of Online Doctor

privacy policy

 

 

  1. Corona-Check

This service is used to analyse coronavirus symptoms. You check your symptoms against a list and answer additional questions about (prior) illnesses, working conditions and social interactions. You then receive a result and a recommendation for the next steps. The recommendation differs from canton to canton.

 

Third-Party

Federal Office of Public Health (FOPH)

https://check.bag-coronavirus.ch/screening

Disclosed data:

None

 

 

Data which Well receives from the third party:

None

 

 

 

  1. Training courses outside of the Well app

 

Training provides links to Third-Party Offers outside of the Well app. These are only accessible to CSS clients and include the following modules:

  1. Online psychological training (Third-Party Offer):

The programme is called deprexis® and offers individual support in the treatment of psychological disorders. The programme includes visualisation and audio relaxation exercises as well as effective every day and motivational tips sent to the user by email or text message. This product is a medical device produced by GAIA AG that bears the CE marking.

  1. Training for anxiety and panic attacks (Third-Party Offer):

The velibra® programme produced by GAIA AG teaches exercises and techniques for handling anxiety and panic attacks for a time-limited period. Users learn to challenge their thought patterns and reduce their everyday anxiety. This product is a medical device produced by GAIA AG that bears the CE marking.

  1. Sleep training (Third-Party Offer):

The somnio® programme consists of several modules and helps users to apply effective relaxation techniques and find their best sleeping hours. The programme is based on a digital sleep diary. This product is a medical device produced by mementor DE GmbH that bears the CE marking.

  1. Training for a balanced diet (Third-Party Offer):

The nutrition programme uses recipes and shopping lists to help users change their everyday eating habits. The programme also offers individual support from nutrition specialists. Exercise tips round out the offer.

  1. Training for pain and tension (Third-Party Offer):

This offer comprises an app that is enabled for CSS clients (test weeks are free, then a fee is charged). The medicalmotion app is a certified medical app that can be used to combat pain and tension.

Third parties

  1. a) Psychological training (Third-Party Offer): GAIA AG

Disclosed data: None

  1. b) Training for anxiety and panic attacks (Third-Party Offer): GAIA AG

Disclosed data: None

  1. c) Sleep training (Third-Party Offer): mementor DE GmbH

Disclosed data: None

  1. d) Training for a balanced diet: CSS

Disclosed data: None

  1. e) Training for pain and tension (Third-Party Offer): medicalmotion

Disclosed data: None

Data which Well receives from the third party: None

  1. Is your data sent abroad?

 

As explained in section VI “To whom do we disclose your data?” and section VIII “Functions of third-party providers”, we also disclose data to other service providers and third-party providers. These have their registered office in Switzerland or in the European Economic Area.

Our cooperation and advertising contracting partners can be domiciled in Europe or anywhere else in the world. However, we only disclose data to this cooperation and advertising contracting partners with your consent and in anonymised form (see “Do we use online tracking and online advertising techniques?”).

Your guest access data or registration data is stored locally on the end device which you used to set up the guest access or registration. This and the other data about you which Well processes in the context of your use of the Well app is also stored on Google Cloud Healthcare API by Google Ireland Limited (Gordon House Barrow Street, Dublin 4, Ireland) on servers located exclusively in Switzerland. Google Cloud Healthcare API offers a very high level of security for the protection of your sensitive personal data. You can find more information about the security of your data on Google Cloud Healthcare API here.

 

 

 

 

  1. For how long do we process your data?

We process your data for as long as required by our purposes for processing, the statutory archiving periods and our legitimate interests in processing for documentation and evidentiary purposes, or as long as required for technical reasons. You can find more information about the relevant duration of storage and processing for the individual data categories in [section III] and the cookie categories in [section XIII “Do we use online tracking and online advertising techniques?”]. If there are no statutory or contractual obligations to the contrary, we destroy or anonymise your data at the end of the storage or processing period as part of our normal procedures.

  1. How do we protect your data?

We take suitable security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, involuntary disclosure or unauthorised access.

Technical and organisational security measures may include, for example, measures such as the encryption and pseudonymisation of data, logging, access restrictions, storing of backup copies, instructions to our employees, confidentiality agreements and controls. We apply suitable encryption mechanisms to protect your data during transmission via our Well app. However, we can only secure areas that we can control. We also require our order processors to implement adequate security measures.

You can find more information about our security measures here.

It must be remembered, however, that security risks cannot be wholly excluded, and residual risks are unavoidable.

XII. What rights do you have?

To make it easier for you to keep control over the processing of your personal data, you have the following rights in relation to our processing of your data, depending on the applicable data protection legislation:

The right to request information from us as to whether and which of your data we process;

The right to instruct us to rectify incorrect data;

The right to request the deletion of data;

The right to ask us to make certain personal data available in a standard electronic format or to transmit this data to another data controller;

The right to revoke the consent previously given if our processing is based on your consent;

The right to receive further information upon request that is useful for the exercise of these rights.

 

If you wish to exercise the aforementioned rights, please contact us in writing, by visiting us at our present address or, unless stated or agreed otherwise, by email; you can find our contact details in [section II.2]. To enable us to exclude misuse, we have to identify you (e.g. by requesting an identity document, if you cannot be identified in another manner).

You also have these rights vis-à-vis other parties that work with us under their own responsibility – please contact these parties directly if you wish to assert your rights pertaining to data processing. You can find information about these third parties in sections [VIII] and [XIII].

Please note that certain conditions, exceptions or restrictions apply to these rights under the applicable data protection legislation (e.g. to protect third parties or business secrets). We will inform you about any such restrictions.

 

We may in particular have to further process and store your personal data in order to perform a contract with you, protect our own legitimate interests such as the assertion, exercise or defence of legal claims, or comply with statutory obligations. Therefore, to the extent permitted by law, and in particular, to protect the rights and freedoms of other affected persons and legitimate interests, we can entirely or partly reject a request by an affected person (e.g. by blacking out certain contents relating to third parties or our business secrets).

 

 

XIII. Do we use online tracking and online advertising techniques?

 

For our Well app, we apply various techniques that we and third parties mandated by us can use to recognise you as a user and sometimes track you over several visits. This section provides information in this regard.

It essentially means that we can differentiate access initiated by you (via your system) from access initiated by other users so that we can ensure the functionality of the Well app and carry out analyses and personalised assessments. In doing so we do not want to find out your identity, even if this would be possible for us or mandated third parties to do so in combination with registration data. Even without using registration data, the techniques that are applied mean that you can be recognised as an individual visitor every time you call up a page, for example, because our server (or the third-party servers) allocate a specific identification number to your browser (known as a “cookie”).

Cookies are individual codes (e.g. a serial number) which our server or a server of our service provider or advertising contracting partner sends to your system when you connect to our Well app and which your system (browser, mobile phone) accepts and stores until a pre-programmed expiry date. Every time you access the app again, your system sends this code to our server or the third-party server. This is how you are recognised again, even though your identity is unknown.

Other techniques can also be used to ensure that you are recognised again with more or less probability (i.e. can be differentiated from other users), e.g. fingerprinting. With fingerprinting, your IP address, the browser used by you, the screen resolution, selected language and other information sent by your system to the server) are combined, which results in a more or less unique fingerprint. In this case, cookies are not needed.

Whenever you access a server (e.g. when using our Well app or when an image is visibly or invisibly integrated into an email), your visits can be tracked. When we integrate offers of an advertising contracting partner or the provider of an analysis tool into our website, these parties can track you in the same way, even if they cannot identify you.

We use such techniques in our Well app and allow certain third parties to do the same. You can programme your browser to block or deceive certain cookies or alternative techniques or to delete existing cookies. You can also add software to your browser to block tracking by certain third parties. You can find more information about this in the help pages for your browser (usually under “Data privacy”) or on the websites of the third parties listed below.

The following cookies (including other techniques) are used:

 

Necessary cookies: Some cookies are essential for the Well app or certain of its functions to work. They ensure, for example, that you can switch between pages without losing the information entered into a form. They also ensure that you remain logged in. These cookies are temporary (“session cookies”). If you block these cookies, the Well app may not work. Other cookies are needed for the server to store decisions or entries made by you after a session (i.e. a visit to the Well app) if you make use of this function (e.g. selected language, consent provided, automatic login function, etc.). These cookies have an expiry date of up to [24] months.

Performance cookies: To optimise our website and offers and better align them to the needs of the users, we use cookies to record and analyse the use of our Well app, sometimes even beyond the duration of the session itself. We do this by using analytics services provided by third parties. We have listed these below. In the Well app we do not additionally ask for cokkie consent. This is done with the privacy policy. Performance cookies also have an expiry date of up to 24 months. You can find more details on the websites of the third-party providers.

 

 

We currently use the offers of the following service providers and advertising contracting partners (insofar as they use your data or cookies filled on your system to manage the selection of advertisements):

Google Analytics (only for the website)

Google Analytics is only used by us when you visit our website: The provider of the “Google Analytics” service is Google LLC. For the purposes of the GDPR and the DSG, Google Ireland Ltd. is responsible (both “Google”). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have also set up the Google Analytics service so that Google does not use your data for its own purposes.  Information on the data protection of Google Analytics can be found here and if you have a Google account, you can find further details on processing by Google here.

Google Forms and Google Formfacade (for the app only).

Mix Panel (only for the app)

We use “Mixpanel”, a service of Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA (hereinafter referred to as: “Mixpanel”) for our WELL app. Mixpanel stores and processes information about your user behaviour on our WELL app. Mixpanel uses performance cookies (see above) for this purpose, which enable an analysis of your use of our WELL app and also processes the data in countries without an adequate level of protection, e.g. in the USA. To ensure adequate data protection, Mixpanel does not store the IP address, but only uses IPs to assign location properties to data when recording. In addition, we use the EU approved standard contractual clauses.

 

We use Mixpanel for marketing and optimisation purposes, in particular to analyse the use of our WELL app and to improve individual functions and offers as well as to continuously improve the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user.

 

Information of the third party provider: Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA. You can find more information about the data protection of the third party provider on the following website: https://mixpanel.com/privacy/

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our WELL app to their full extent.

You can find more information about cookies and similar technologies, including information on how to refuse or delete cookies, at the following addresses:

http://www.allaboutcookies.org/

http://www.youronlinechoices.eu/

 

XIV. Can this data privacy statement be amended?

This data privacy statement does not form part of a contract with you. We can amend this data privacy statement at any time. The version published on this website is the version that currently applies.

 

Last update: January 2022

 

***