V. GENERAL PRIVACY POLICY

Responsible Office

Responsible for collection, processing and utilisation of your personal data is according to the respective data protection laws the priaid AG, Sonnenbergstrasse 17, 8835 Feusisberg, Switzerland.

If you wish to object to priaid AG’s collection, processing and utilisation of your personal data under this privacy policy in total or for separate measures, please send your objection in writing to:

priaid AG

Sonnenbergstrasse 17
8835 Feusisberg

Switzerland
E-Mail: datenschutz@priaid.ch

The presented privacy policy is an integral part of the terms and conditions of priaid AG. They apply between you, the user („you“ or „user“) of the „priaid-platform” (products and services offered via the priaid-platform) and the priaid AG (“operator” or “priaid”).

To provide products and services user-oriented and appropriately, priaid depends on collection and utilisation of user data. Especially personal medical data that are stored on the priaid-platform are sensitive; therefore priaid protects them most efficient and secure. The operator treats user data confidentially and keeps in line with Swiss and European data protection laws. The respective law ensures that self-determination is pertained and each individual’s privacy is secured when utilising user data. Therefore, priaid set up a data protection concept. Is consists of three parts:

(1)Collection, processing and utilisation, (2) transfer and security, and (3) access.

In the following you will find information about how we deal with your data and information. Some parts are referred to as user (“user”, e.g. end-consumer, potential patient of a healthcare service) or corporate customer (“customer”, e.g. medical service-provider, healthcare professional). Please refer to the terms and conditions of priaid AG for more detailed information.

1. Collection, processing and utilisation of personal data

1. Personal data

Personal data are data on the personal circumstances of an identified or identifiable individual. These include for example your name, your telephone-number, your address as well as all inventory data you provide to us when creating and logging into your account.

2. Collection, processing and utilisation of your personal data

priaid creates for every user upon registration a password-protected direct access to their inventory data saved with priaid. An email address and password are required to activate the account. More personal data can be added additionally. The details therefore are listed below under paragraph 1.3. If the user acquires a product subject to a charge, we will save first name and surname, bank account or credit card details, as well as the residential address during the purchasing process.

You are obliged to treat your personal access data confidentially and not to make it available to unauthorized third parties. Priaid shall not be liable for unauthorised use of passwords, unless priaid were responsible for such misuse.

When collecting, processing and using your personal data, priaid is strictly following legal requirements. Priaid collects, processes and uses your data for the complete handling of your usage, for services, technical administration as well as their own marketing-purposes as well as for administration of your data. Your personal data will only be disclosed to third parties or otherwise submitted, if it is necessary for operations, contract processing or invoicing (see also paragraph 1.7) or if you have previously given your consent.

Your personal data will be deleted after the expiration of the storage period required by law and you have a claim for cancellation, when the data is no longer necessary for the performance of the contract or when it’s saving is illegitimate for any other legal reasons.

3. Which personal data are generally collected?

priaid collects data in various ways. Upon registration you will be asked your name, email-address and other personal information.

Additionally, the operator will ask for personal information on different occasions, e.g. when you are using additional products/services (e.g. booking of an appointment by the user or usage of the appointment-module by the customer) or when you report a problem with the service to priaid.

When using the products and services, e.g. online-booking of appointments with a doctor, or when entering symptoms, the user will be asked to submit the following personal and health data:

  1. Contact information (name, address, email-address, telephone-number)

  2. Date of birth

  3. Year of birth and gender

  4. General health data (body height, weight, smoker/non-smoker, medication, allergies, medical history)

  5. Specific health-data (information about existing complaints that are the reason for planning a doctor’s consultation)

  6. Additional information: doctor in charge, insurance-number (optional)

Disclosure of these data by the user is optional. Certain functionalities of products and services (e.g. booking of appointments) may only be possible, when the user enters certain data.

When you contact priaid, they keep a copy of this correspondence. The operator may ask their users occasionally to participate in surveys that are used for internal statistics.

The operator performs internal assessments regarding their users’ interests and behaviour based on information provided upon registration and via log-files. This is being done to provide the users with improved products and services. These information are collected and analysed on a general basis.

Information practices by third parties who have a link to the priaid-platform or who are accessible via a link on the priaid-platform are not subject to this privacy statement. Please refer to the privacy policies of our third-party-providers.

4. Right of Objection

You can object anytime to the promotional use of your personal data entirely, or to individual measures, without incurring any costs other than the transmission costs in accordance with the basic tariffs. A written notice to the contact address mentioned in paragraph 4.1 (e.g. email, mail) is sufficient. This also applies if you don’t wish to receive any newsletter or personalised promotions, be it now or in future. You will also find an unsubscribe-link in each newsletter.

5. For which purposes are personal data generally collected?

priaid collects and utilises user data to provide user-oriented and appropriate products and services and to improve them. The operator collects personal data especially for the purpose of identification, invoicing and marketing. Additionally, the data is utilised to provide products or services requested by you.

Personal data is used especially for the following purposes:

The personal data provided to priaid (e.g. gender, date of birth) makes it possible to promote and deliver products, services and contents matching your interests. The operator aims to achieve a better, user-oriented service and hopes for satisfaction and long-term commitment of users.

6. Utilisation of data for marketing purposes/newsletter

With registering for the usage of products and services, the user also agrees that priaid AG utilises their personal data for marketing purposes.

This affects especially the email address, which will be used by priaid to contact the customer occasionally. The operator will keep the contact to a moderate level. Priaid also uses your data to communicate with you about certain products or marketing activities and to recommend you products or services that might be of interest for you (personalised marketing). The data can be used especially for the announcement of events, competitions, surveys as well as information about services and products of priaid AG and their partners. The operator informs the customer about new offers regarding products and services via email.

For sending a newsletter, priaid uses the so-called Double Opt-In process; that means that you receive a newsletter only after you confirmed explicitly with priaid, that the newsletter-service shall be activated. Priaid will then send you a confirmation email and ask you to click on a link in this email to confirm, that you wish to receive the newsletter.

I agree that the data provided by me and additional information saved in my account will be used by priaid to send me personalised promotions and/or keep me informed about special offers and services.

7. To which purpose are my personal and health data submitted?

Priaid submits personal data only to third parties if it is necessary for the provision of services requested by you. Additionally, personal data may be submitted to partners for marketing purposes (see paragraph 1.5, last section). Priaid will submit personal health data only to third parties when the user explicitly agrees and has been informed about this step.

If personal data will be submitted to third parties to provide services requested by you, priaid ensures that the personal data will be processed according to applicable Swiss and European law, as well as this privacy policy.

Priaid will submit the data entered by the user to third parties especially for the following purposes:

priaid ensures that all personal data will be treated confidentially and is stored to servers located in Switzerland; they will not be transferred abroad. However, the transfer of anonymised (health) data to third parties or abroad is permitted, because data cannot be related to individuals due to the anonymisation.

8. Usage of priaid’s statistical system and cookies

Due to the sensitive data processed on the priaid-platform, and for better protection of privacy, priaid is using their own statistics-tool (and no external service, e.g. Google Analytics). Priaid’s statistical system uses so-called “cookies”; text files which are stored on your computer and enable your use of the website to be analysed. The information about your usage of the priaid-platform generated by the cookie will be saved on one of priaid’s servers.

The operator uses this information to analyse the usage of their website, to create reports about the website-activities for our products and services, and to provide other services connected to the website-usage.

Accepting cookies is no requirement for visiting our website. However, we wish to point out that usage may be limited when deactivating the cookie function. Cookies are small files that are stored on your hard disk and save the specific settings and data exchange with our system via your browser. Most cookies used by priaid AG will be deleted from your hard disk at the end of the browser session (session-cookies). For example, session cookies are necessary to provide you with your login data across multiple pages. Other cookies remain on your computer and allow priaid to recognise your computer upon your next visit (permanent cookies). This storage helps priaid to appropriately structure website and offers for you and to make usage easier, for example by storing certain entries from you in such a way that you don't have to continually repeat them. These temporary or permanent cookies (life-span 14 days up to 10 years) will be stored to your hard disk and delete themselves after the defined time.

No personal data will be stored in the cookies used by priaid. The cookies used by priaid can therefore not be related to individuals, including you. When activating a cookie it will be assigned an identification number. Relating your personal data to this identification number is not possible. Your name, your IP-address or similar data that would enable relating the cookie to you, will not be stored at any given time. Based on the cookie technology priaid only receives anonymised information, e.g. which pages have been visited and which product have been viewed.

priaid works with view partners who help to make the online-offers and the priaid-website more interesting for you. Therefore, cookies from our partners will be stored on your hard drive as well, when visiting the priaid-website. These are temporary/permanent cookies that delete automatically after the defined time (please see above). Cookies of our partners contain no personal data as well. They only collect anonymous data using a user-ID. For example, they store data about which products you viewed, if you bought something, etc.

By using the priaid-platform you agree that priaid processes data collected about you as described above for the purpose mentioned before. Analysis and evaluation of such data enables us to improve our website and our online-offers.

I agree to the usage of so-called cookies to collect, store and use data about me. I further agree that my data will be stored in cookies even when the browser-session has ended so that they can be reactivated during my next visit. I can revoke my permission at any time with effect to the future by refusing the acceptance of cookies in my browser settings.

2. Transfer and Security

1. What are the security measurements applied to protect personal data?

priaid adopts suitable safety measures to prevent data loss, misuse or alteration of information and personal data. priaid further took all suitable technical and organisational measures to protect user data against unauthorised processing and knowledge by third parties. priaid will store user data during the usage of service and after that as long as necessary to provide the service.

The operator offers you password-protected access to respective parts of the priaid-platform via the internet. To ensure security of user-information during transmission, the operator uses secured protocols to encrypt the information transmitted by the user (e.g. Secure Sockets Layer, SSL).

Your bank-account details are password-protected, so that only you have access to those personal data and information. Never disclose your access data (password, username, public and private key for health data) and keep them safe as you would keep any valuables safe from unauthorised access of third parties. It is strongly recommended to key in the personal access data only in the official website or tools (e.g. interface, app) provided by priaid. Log-out completely from your account when you finished your work. Make sure that others cannot access your personal information. Internet transmissions are never completely secure, but priaid aims at providing a transmission as secure as possible by using latest protection technologies. Upon receiving transmissions, priaid secures the information appropriately in their own systems.

Personal health data are en- and decrypted in the browser or in the practice-management tools (doctors information system). Transfer of those data from the user’s computer to the operator’s servers as well as vice versa the download of these data to the user’s computer is therefore encrypted. priaid uses latest technology standards for this purpose.

Regulations for password-protection: appropriate passwords are to choose (no obvious or common words or numbers). According to data-protection recommendations the users are requested to choose a password as secure as possible (minimum of 6 characters, no word-combination, but a combination of numbers and letters). It is also recommended to change the password in regular intervals.

2. Are email communications secure?

When you communicate with priaid via email, the data transfer is not encrypted. This also applies when priaid sends you a reply via email. In those cases, confidentiality is not warranted. Emails – generally fast, reliable and inexpensive – are transmitted through several processors. Therefore there are numerous possibilities to save, analyse or to alter message. Unencrypted emails are not appropriate to send confidential information to priaid.

Communication with the user and the user-verification for appointment requests to the healthcare providers is done via email or SMS. Data transfer from the user account (and/or during the process of appointment-booking) to the recipient’s address and mobile phone number provided by the user is also provided unencrypted, due to lack of distribution of a key infrastructure.

3. Access to health data

1. Who has access to your health data?

Nobody can access the user’s personal health data without their explicit approval. This is technically ensured by encrypting these data by a key pair exclusively generated for the user. Therefore, neither employees of priaid AG nor third parties can decrypt and process health data if the user does not provide the key (see also paragraph 3.2).

    1. The health data the user enters into the priaid-platform are therefore stored encrypted in their user account. For this purpose the user needs to generate a key at the beginning, so he can encrypt and decrypt the data. Should the user enter health data without de/encrypting them, entries / changes of the health data (with their approval – see also paragraph 3.2.) will be submitted one-time to the healthcare provider, but not saved for the user.

Encryption rules out that personal health data can be seen, even in the unlikely case of unauthorised access by third parties. However, the user has to ensure that their computer and their password/key are protected.

The operator reserves the right to process information and personal data and to transfer the collected data to civil and criminal courts as well as to other governmental law enforcement bodies if it is required by law or required in the course of civil or criminal procedures. Please note that personal health data can only be transferred in encrypted form, as it is not possible for priaid to decrypt them.

2. Which health data will be transferred to third parties, and to which purpose?

priaid does not transfer personal information without explicit authorisation by the user.

When booking an appointment, which requires data-transfer to the respective doctor, the data visible in the web-form will be transferred when the user clicks on the declaration of consent.

4. Others

1. User rights

Every user has the right to modify their account according to paragraph 4.2 and to correct, if necessary.

Every user has the following rights by law:

The user has the right to request information from priaid at any time regarding the user data that are collected and processed by priaid. The user can further demand at any time access to, rectification and/or deletion of their data. Additionally the user can at any time revoke their consent to the processing of data. In this case the user cannot use the service anymore.

The user has to assert their right in writing to

priaid AG

Sonnenbergstrasse 17

8835 Feusisberg

Switzerland

For the purpose of clear identification, please add a copy of your identity card or your passport.

According to the data protection laws applicable in Switzerland and Europe and other statutory requirements, our users have the right to free-of-charge information about their saved data, as well as the right to rectification, blocking or deletion, if applicable. However, priaid AG reserves the right to charge an appropriate contribution to the processing costs incurred, if (1) the requested information has been provided to the applicant within 12 months preceding the request, and if no legitimate interest in a new provision of information could be detected; if (2) the provision of information entails an exceptionally large amount of work. The contribution can be a maximum of 300 Swiss Francs.

We take the protection of your data very serious. To ensure that personal data are not disclosed to third parties, please send your request per email or per mail including a clear identification of your identity to

priaid AG

Sonnenbergstrasse 17

8835 Feusisberg

Switzerland

datenschutz@priaid.ch

2. Which options regarding rectification, updating and deletion does the user have?

Every user can edit their information in the user-/customer-account at any time by using their login and password. The information provided must be truthful. For all other issues regarding registration and for deletion of the account, please contact datenschutz@priaid.ch.

5. Contact

If you have any questions regarding the privacy policy or priaid AG‘s data processing policy, please contact datenschutz@priaid.ch.

This privacy policy was last updated on 1st March 2015.