General terms of use and privacy policy

(Status: 12 June 2022)

1.

General

«doctogo» is a programme or application (hereinafter referred to as «doctogo» app) for mobile electronic devices. These General Terms of Use and Privacy Policy apply to all users of the «doctogo» app and on the one hand regulate the general conditions of use of the app. On the other hand, these general terms of use and data protection statement provide an overview of what happens to personal data when someone uses the «doctogo» app. Personal data is any data by which a natural person can be personally identified.

The «doctogo» app offers users an independent electronic patient dossier with which they can have direct access to data from the individual medical history and other medical data (hereinafter referred to as «health and medical data») via a mobile electronic device. In particular, the app enables data to be requested, stored, managed or shared with third parties (e.g. doctors or other service providers; hereinafter referred to as «healthcare providers»). Which of the individual health and medical data is used via the app and in what form is decided solely by the respective users themselves.

An electronic patient file maintained via the «doctogo» app may in principle only contain the individual health and medical data of the registered person. By way of exception, the «doctogo» app may be used by a user for a third person. The «doctogo» app can only be used for one person per electronic device on which the «doctogo» app is installed, because multiple user profiles cannot be created in the «doctogo» app (see section 2 below). Users are obliged not to use the «doctogo» app for purposes other than those for which it is intended.

The aim of the «doctogo» app is to improve the quality of medical treatment and treatment processes, to increase patient safety and to contribute to increasing efficiency in the health care system, as well as to promote the health literacy of users.

The «doctogo» app complies with the Federal Act on Data Protection (FADP; SR 235.1) and the Ordinance to the Federal Act on Data Protection (FADP; SR 235.11). In contrast, the «doctogo» app is not subject to the Federal Act on the Electronic Patient File (EPDG; SR 816.1), the Ordinance on the Electronic Patient File (EPDV; SR 816.11) or the Ordinance of the FDHA on the Electronic Patient File (EPDV-EDI; SR 816.111).

The «doctogo» app can be used by all people resident in Switzerland; use is excluded for people not resident in Switzerland. Use is, of course, completely voluntary.

The «doctogo» app can be operated in German, English, French and Italian.

2.

Downloading the «doctogo» app and registration and profile

The latest version of the «doctogo» app can be downloaded free of charge from the Apple App Store and Google Play Store. Maintenance and updates are also offered via these platforms and do not entail any costs for the users.

Before potential users can even download the «doctogo» app via one of the aforementioned store platforms or install it on a mobile electronic device, they must have read these general terms of use and data protection statement and declared their consent to them. The downloading of the «doctogo» app already constitutes consent to these general terms of use and data protection declaration.

Before the downloaded «doctogo» app or the app installed on a mobile electronic device can be used, users must first register. A valid e-mail address is required for registration and later each time a user logs in or starts the «doctogo» app, and each user must set an individual password. The e-mail address and the password together form the so-called «registration data». Registration via social media platforms or other channels is not possible. As part of the registration process, the respective user will then receive a confirmation e-mail with a code for activating the «doctogo» app.

When registering, each user is required to enter personal details in a «profile», namely gender, first name, surname, date of birth, street and house number, postcode and place of residence in Switzerland as well as telephone number. This data is referred to here as «profile data». If the «doctogo» app is exceptionally used by a user for a third party (cf. point 1 above), the profile data of this third party must be entered in the «profile».

Users warrant that the registration and profile data they themselves have provided is correct. If, exceptionally, the «doctogo» app is used for a third party (cf. section 1 above), the respective user assures, by agreeing to these General Terms of Use and Privacy Policy, that he or she has been expressly authorised by the third party to use the «doctogo» app for the third party concerned and that the information provided by the third party is also correct. Any subsequent changes to the registration and profile data must be updated by the user immediately and without being requested via the app.

The registration and profile data are stored in the Microsoft Azure Cloud. As the operator of the «doctogo» app, doctogo GmbH has a corresponding contract with the provider of this cloud solution. Due to the two Microsoft Azure Cloud regions in Switzerland (Zurich and Geneva), the data is stored exclusively in Switzerland and is encrypted vis-à-vis Microsoft.

The contractual terms and data protection regulations between doctogo GmbH and the provider of the aforementioned cloud solution can be viewed via the following links:

-

https://download.microsoft.com/download/2/C/8/2C8CAC17-FCE7-4F51-9556-4D77C7022DF5/MCA2017Agr_EMEA_EU-EFTA_ENG_Sep20172_CR.pdf

-

https://privacy.microsoft.com/en-GB/data-privacy-notice

This registration and profile data is used for the sole purpose of identifying users of the «doctogo» app and offering them the services of the «doctogo» app. Each time the «doctogo» app is accessed, the registration data (e-mail address and password) must be entered, whereby automatic registration can also take place via other technologies used on the respective mobile electronic device (e.g. biometric registration via Apple Face-ID, Samsung Pass by fingerprint, etc.).

Users are obliged to keep the password forming part of the registration data confidential and to protect it from access by unauthorised third parties and not to pass it on to such unauthorised third parties. doctogo GmbH declines any liability for damages resulting from the disclosure of the registration data.

3.

Request, deposit and manage data for the electronic patient dossier

3.1 general right to information

Based on the DPA, every person has the right to receive their individual, complete medical history from their healthcare providers.

From the point of view of data protection law, it should be noted at the outset that health and medical data of this kind is personal data requiring special protection within the meaning of the DPA. Accordingly, each individual must be careful with his or her own data.

3.2 Request data

Every (natural) person has the above right to information. The data can be asserted with the respective health care providers as data processors in a variety of ways, for example by letter, e-mail or telephone enquiry.

The «doctogo» app offers the possibility to send such information requests with the help of the app. Via an email server of doctogo GmbH, a request for information is sent in the form of a no-reply email to the respective health care provider. This email is not stored.

The respective health care provider will then send the requested data to the user by post or by e-mail.

Data can also be delivered from the respective healthcare provider to the user via the «doctogo» app. For this, reference can be made to the «Onsite» variant explained below (section 4.2).

3.3 Deposit data

The «doctogo» app makes it possible to store health and medical data in the «doctogo» app. The main focus is on storing files (e.g. doctor's reports, expert opinions, laboratory results, X-rays, etc.). Files can be stored in the formats .pdf, .doc, .jpg, .png and .heic in the «doctogo» app.

In order for health and medical data to be deposited in the first place, the user must have the corresponding data. For information on how the data can be requested from the health care providers, please refer to section 3.2 above.

If the user of the «doctogo» app is in possession of his/her own health and medical data, he/she can decide independently and freely which data should be stored in the «doctogo» app. The user is completely free to decide which data is stored and which is not. The «doctogo» app offers various options and corresponding services.

If health and medical data are stored on the «doctogo» app, the individual files stored are saved in folders created by the app on the mobile electronic device. The health and medical data stored on the «doctogo» app are thus stored exclusively on the respective mobile electronic device on which the app is also installed. In this context, it is particularly important to emphasise from a data protection perspective that all of the health and medical data stored in the «doctogo» app are not stored at any other location, namely not on the aforementioned Microsoft Azure Cloud or on any other servers or data carriers. However, the corresponding files can also be stored by the users on the mobile electronic device outside and independently of the «doctogo» app in other places (e.g. in the photo gallery or with the e-mails) on the respective mobile electronic device.

In addition to storing files, the «doctogo» app offers various other functions and tools. For example, the respective user can also store data on medication intake or upcoming doctor's appointments in the self-explanatory tools of the app. This data - analogous to stored files - is also only saved in folders on the respective mobile electronic device.

The capacity for storing health and medical data - in particular files - in the «doctogo» app thus depends on the available (memory) capacity of the mobile electronic device used in each case.

Kommt das jeweilige mobile elektronische Gerät irgendwie abhanden oder wird es beschädigt oder zerstört, so teilen sämtliche der in der «doctogo»-App des jeweiligen mobilen elektronischen Geräts hinterlegten Gesundheits- und Medizinaldaten das Schicksal des mobilen elektronischen Geräts. Kommt also das mobile elektronische Gerät abhanden oder wird es beschädigt oder zerstört, so können dadurch auch die auf der «doctogo»-App hinterlegten Daten verloren gehen. Analog verhält es sich, wenn die jeweilige Nutzerin bzw. der jeweilige Nutzer das mobile elektronische Gerät auswechselt, ohne vorgängig ein Backup erstellt zu haben, welches daraufhin auf dem neuen mobilen elektronischen Gerät installiert werden könnte.

Apart from the respective user, no one has access to the health and medical data stored on the «doctogo» app.

3.4 Manage data

Users can access their health and medical data stored in the «doctogo» app independently and manage or delete them.

For stored files, the «doctogo» app creates a model system of folders whose names and structure cannot be changed by the respective user.

The data stored in the «doctogo» app for the other functions or tools (for example, the functions or tools for reminding users to take their medication or for upcoming doctor's appointments) can only be used in the respective functions or tools. The respective user can also change this data freely and at will.

If the user deletes data from the «doctogo» app, it will also be deleted from the mobile electronic device. Of course, this is without prejudice to the fact that the data was still stored in other places (e.g. in the photo gallery or in the e-mails) on the respective mobile electronic device.

4.

Share data from the electronic patient dossier

The health and medical data stored and managed on the «doctogo» app, namely the stored files, can be shared by the respective user with healthcare providers. There are two alternative variants for this. The two variants differ primarily in whether the user is currently «Onsite» with the healthcare provider with whom the data is to be shared or not («remote»).

4.1 «Remote» variant

In the «remote» variant, the user of the «doctogo» app is not on site with the respective healthcare provider. Nevertheless, the user wants to share health and medical data, namely files stored in the «doctogo» app, with the respective healthcare provider.

In a first step, the user must select the files to be shared. The selected files are then encrypted and temporarily uploaded (until the data has been downloaded, maximum 7 calendar days) to the Microsoft Azure Cloud mentioned above.

In a second step, the user is asked to enter the title, surname and first name as well as the e-mail address of the respective health care provider.

In a third step, an email is sent from the «doctogo» email server to the respective health care provider via the «doctogo» app based on the information provided in the second step, informing the respective health care provider that the specifically named user would like to share a document. In addition, this email contains a link to a subpage of the «doctogo» website.

In a fourth step, the respective health care provider has to click on the link of the e-mail received in the third step and request authorisation from the user to download the files.

In a fifth step, the user is then asked by the «doctogo» app to give permission to share the files with the respective healthcare provider.

Only when the user has given the approval mentioned in the fifth step, the respective health care provider automatically receives the approval to directly download the files selected by the user.

Additional information can be found in section 4.3 below, to which reference is made at this point.

4.2 «Onsite» variant

In the «onsite» variant, the user of the «doctogo» app is on site at the respective health care provider and wants to share health and medical data, namely files stored in the «doctogo» app, with the respective health care provider on site.

In addition to sharing health and medical data, the user can also have health and medical data delivered by the respective health care provider with the «Onsite» option.

In the «Onsite» variant, the user can therefore first choose between these two options, namely whether health and medical data would like to be shared with a healthcare provider or whether, alternatively, the user would like to receive specific health and medical data from the respective healthcare provider via the «doctogo» app.

Supplementary information, which applies to both «Onsite» options, can be found in section 4.3 below, to which reference is made at this point.

a)

«Onsite» variant Option A - Share health and medical data

If the user has selected the first option, i.e. sharing health and medical data, within the framework of the «Onsite» variant, the files to be shared must then first be selected by the user in a next step.

In a second step, the user is asked to enter the title, surname and first name as well as the e-mail address of the respective healthcare provider. Alternatively, if the respective healthcare provider independently goes to the subpage of the «doctogo» website accessible via the URL share.doctogo.ch, where there is a QR code that changes every few seconds, the user can jump directly to the fifth step below in the «doctogo» app (see the last paragraph of this chapter) by directly selecting the QR code scanner.

In a third step, the «doctogo» app sends an automatically generated email from the «doctogo» email server to the respective healthcare provider based on the data provided in the second step, informing the respective healthcare provider that the specifically named user would like to share health and medical data. In addition, this email contains a link to a subpage of the «doctogo» website.

In a fourth step, the respective healthcare provider has to click on the link of the e-mail received in the third step, which will take him/her to a subpage of the «doctogo» website (share.doctogo.ch).

On this (sub-)website (share.doctogo.ch), which can be accessed via the link mentioned in the fourth step, there is a QR code, which the user can then scan on site with the «doctogo» app in a fifth step, thereby giving permission to download the files.

If the release mentioned in the fifth step has been made by scanning the QR code on the part of the user, the respective health care provider receives access to download the files to be shared via a direct and secure connection to the user's device.

b)

«Onsite» variant Option B - Receive health and medical data

Within the framework of the «Onsite» variant, the user can alternatively also receive specific health and medical data from the respective healthcare provider via the «doctogo» app.

Here, the files to be shared must first be selected by the respective health care provider, whereby the user naturally specifies which specific health and medical data he or she would like to receive.

If the user selects option B for receiving health and medical data on site within the framework of the «Onsite» variant, the respective health care provider receives access to the folder structure of the «doctogo» app, whereupon files can be uploaded into the respective folders. The health care provider does not see which files are already stored in which folder on the user's «doctogo» app, as the folders are simply displayed as empty folders.

The health care provider only receives permission to upload health and medical data within the folder structure in the appropriate folder. He or she cannot view, change, delete or otherwise edit the existing data in the folders of the «doctogo» app.

4.3 Common information on the «Remote» and «Onsite» variants

The two variants for sharing data or files, «Remote» and «Onsite», have the following supplementary information in common:

  • The health and medical data of each user are stored locally on the mobile electronic device in encrypted form. The master key for the encryption is kept on the separate secure area of the respective mobile electronic device (key ring).
  • The master key always remains on the user's mobile electronic device and is never shared with other applications or persons.
  • In the «onsite» option, the files selected by the user to be shared are shared by the «doctogo» app on the mobile electronic device via direct (peer-to-peer) and secure communication with an electronic device of the respective healthcare provider (option A). In the alternative option (Option B), the transfer of data also takes place via such communication. In any case, the files are automatically and irrevocably deleted immediately after downloading or after 7 calendar days at the latest.
  • With the «Remote» variant, only the additionally generated key for decrypting the downloaded files is shared via the direct (peer-to-peer) and secure connection.
  • The only prerequisite for such a direct (peer-to-peer) and secure connection on the part of the physician's electronic device is the presence of an internet connection.

5.

Further information on the «doctogo» app

The «doctogo» app uses Matomo Analytics On-Premise, an analysis tool from a third-party service provider. This tool is used for so-called «event tracking» analyses. This involves analysing which functions of the «doctogo» app the users use and how long they spend in the respective function. The analysis is carried out for the sole purpose of improving the user-friendliness. According to the third-party provider, Matomo Analytics was developed in compliance with the strictest data protection regulations. The event tracking data is stored in Switzerland. More information about this service provider can be found here: https://matomo.org

Users of the «doctogo» app can be notified of any updates to the app. It is recommended that such updates be made so that the «doctogo» app is always up to date. Any changes to these general terms of use and privacy policy associated with an update will be explicitly pointed out in each case.

doctogo GmbH is present on various social media platforms (e.g. LinkedIn, Facebook, Twitter and Instagram). Icons of these social media platforms can be found in the «doctogo» app, although these are merely simple links to the respective accounts of doctogo GmbH.

6.

Revocation of consent to use the app and deletion of data

Users of the «doctogo» app can revoke their consent to use the «doctogo» app at any time without giving reasons and delete or uninstall the «doctogo» app on their mobile electronic device.

The revocation must be communicated to the operator of the «doctogo» app, namely doctogo GmbH, in writing (address: doctogo GmbH, Poststrasse 1, 8303 Bassersdorf), by e-mail (info@doctogo.ch) or as a message via the «Contact» section on the «doctogo» app. Upon receipt of a revocation, all data of the respective user, i.e. both registration and profile data, will be deleted from the Microsoft Azure Cloud within 10 working days.

After revocation, the «doctogo» app can no longer be used by the user concerned.

7.

Warranty and liability

As the operator of the «doctogo» app, doctogo GmbH endeavours to ensure the proper operation of the app. Malfunctions of the «doctogo» app cannot be ruled out. As the operator of the «doctogo» app, doctogo GmbH makes every effort to restore availability as quickly as possible in the event of a malfunction.

As the operator of the «doctogo» app, doctogo GmbH is not liable for the loss of data or for the illegal actions of third parties.

doctogo GmbH accepts no liability whatsoever for the accuracy, completeness and up-to-dateness of the health and medical data requested via the «doctogo» app and received from the respective healthcare providers and subsequently stored on their individual mobile electronic device. The users themselves and, if applicable, the respective healthcare providers are exclusively responsible for the accuracy, completeness and up-to-dateness of the data.

Only the users themselves decide with which health care providers the users share which data from the electronic patient dossier. The options available via the «doctogo» app are described in section 4 above. doctogo GmbH is not liable for data shared with or made accessible to third parties in this way.

8.

Applicable law and place of jurisdiction

Swiss law shall apply exclusively.

The place of jurisdiction is Bassersdorf, Canton of Zurich, Switzerland.

9.

Changes to these «General Terms of Use and Privacy Policy»

These General Terms of Use and Privacy Policy may be amended by doctogo GmbH at any time. All registered users will be informed of any changes by e-mail at least 10 days before a change comes into effect. If you then continue to use the «doctogo» app without expressly revoking your consent, this will be deemed to be tacit approval of the specific changes. If you have any questions, you can contact the operator of the «doctogo» app at any time, namely doctogo GmbH (doctogo GmbH, Poststrasse 1, 8303 Bassersdorf; info@doctogo.ch).

-----

Bassersdorf, 12 June 2022