Privacy Policy of DoryHealth AG

Status: 17.12.2021

1. general

In this privacy policy, we, DoryHealth AG (hereinafter DoryHealth, we or us), explain how we collect and otherwise process personal data. We take the protection of personal data very seriously.

This privacy policy is aligned with the EU General Data Protection Regulation (DSGVO). Although the DSGVO is a regulation of the European Union, it is relevant to us. The Swiss Data Protection Act (DPA) is heavily influenced by EU law and companies outside the European Union or EEA must comply with the DPA in certain circumstances.

2. data controller, data protection officer and representative in the EU

The responsible party for the collection, processing and use of your personal data pursuant to Art. 4 No. 7 DSGVO is:
DoryHealth AG
Hagenholzstrasse 81A

You can reach DoryHealth's data protection officer at the following email address:

We have the following data protection representative pursuant to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional contact point for supervisory authorities and data subjects for enquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg

3. definitions

Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the GDPR are generally used. The official definitions are explained in Art. 4 of the GDPR.

4. collection of personal data

We only process personal data of customers that (a) are entered into the DoryHealth app by customers themselves or are collected through medication orders and the use of the medication box, and (b) are disclosed by the pharmacy for the provision of services. Furthermore, we process various personal data received from involved natural persons in the course of our business relationships (e.g. employees, representatives of partner pharmacies, contract data processors). We also collect personal data from users of our websites, details of which are set out below in this privacy policy.

5. purposes of the data processing

We use the personal data collected primarily to provide our services and to process the contracts with our customers and business partners, so in particular to provide an IT solution for a better overview of the medications to be taken, the timely and sorted delivery of medications by partner pharmacies and reminder messages for timely intake.

Then, to the extent permitted by law and deemed appropriate by us, we may also use your Personal Data and Personal Data of third parties for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Selling our products and services;
  • Correspondence and processing of enquiries;
  • Advertising and marketing by means of regular newsletters, unless you have raised an objection to this. Of course, you will find an unsubscribe link in every issue of our newsletter with which you can object to receiving future newsletters;
  • Market research and monitoring;
  • Assertion of legal claims and defence in connection with legal disputes and official proceedings;
  • Prevention and investigation of criminal offences and other misconduct;
  • Ensuring and developing our operations, including our IT and websites;
  • Compliance with legal and regulatory obligations.

Insofar as you have given us consent to process your personal data for certain purposes (for example, when registering to receive newsletters or when concluding a contract with us), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. The consent given can be revoked at any time, but this does not apply to personal data that was processed before the revocation.

6. data transfer and recipients

We share your personal data with our partner pharmacies and service providers, but only to the extent necessary to provide the service. No personal data is shared for marketing purposes.

A transfer of your personal data to third parties therefore only takes place, provided:

  • necessary for the provision of the agreed service;
  • we explicitly point this out in this privacy policy,
  • You have given your express consent to this,
  • the disclosure is necessary for the assertion, exercise or defence of legal claims or is in our legitimate interest for other reasons and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • there is a legal obligation for the disclosure.

We use external service providers for the provision of our services and the processing of our services, which we carefully select and commission. These are bound by our instructions.In addition, we have concluded order processing contracts with them as necessary in accordance with Art. 28 DSGVO. We use service providers for web hosting, sending e-mails, operation, development, maintenance and care of our IT systems and payment management. 

The health data is stored and processed exclusively in Switzerland.

7. processing of personal data when visiting our website

When you use our website or or or or or for purely informational purposes, we collect the personal data that your browser transmits to our server.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.
  • Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. The data may also be processed anonymously for statistical purposes. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.

In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations in this data protection declaration below.

8. processing of personal data in the context of contacting us

You can contact DoryHealth or our partner pharmacies by email using the email address published on our website or app or the contact form provided.

Insofar as you use one of the aforementioned contact channels, the personal data you provide (e.g. last name, first name, address), but at least the e-mail address, as well as the information contained in the e-mail or in the contact form will be stored for the purpose of contacting you and processing your request. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

9. processing of personal data within the scope of our service and mobile app

We offer a mobile app and services. The service is provided together with partner pharmacies registered with us. This requires the collection of further personal data, such as health data or payment information. DoryHealth is jointly responsible with the relevant partner pharmacy for the personal data transferred.

For the use of our service, health data is processed. These belong to the special category of personal data within the meaning of Art. 9 (1) DSGVO. We will only process this special category of personal data if you have concluded a contract with us for the use of the service and have thus expressly given your consent to its use.


When you use our service or the mobile app, the following personal data is processed.

  • First name and surname
  • Address
  • Gender
  • Date of birth
  • Telephone/mobile number
  • E-mail
  • Data from medication prescriptions (e.g. medication, prescribing doctor)
  • Details of the medicines dispatched incl. the responsible pharmacy
  • Pictures of the medication prescriptions (if uploaded by you)
  • Other health data possibly provided by the user or pharmacy
  • Health insurance details
  • Data on the time of taking the medication

The data collection, processing and use takes place for the following purposes:

  • Provision of the app, service functions and medication deliveries
  • Improving our app and service
  • Processing for anonymised evaluations for scientific, statistical and analytical purposes, including the development of new data-based diagnostic procedures - in each case if and to the extent permitted by law
  • Processing for billing purposes

Our service is billed by external payment service provider Stripe Payments Europe Limited("Stripe"). DoryHealth AG and Stripe have concluded an order data processing agreement.

For payment processing or subscription adjustment, DoryHealth AG transmits the followingTransaction Data to Stripe:

  • First and last name
  • E-mail
  • Customer number
  • The selected service
  • Amount of the transaction
  • Desired start date

Stripe will not have access to your health data at any time.

10. processing of personal data in the context of the use of our web app

When using the webapp (for example, the pharmacy system), the following data is collected.

  • First name and surname of the user
  • E-mail address
  • When to use the app
  • Information on data access or data modification incl. the time stamp
  • IP address
  • Contact details of the prescribing doctor


In addition, data and cookies are used analogous to our website, if applicable. 


11. data security

In accordance with Art. 32 DS-GVO, we use the widely used SSL procedure (Secure Socket Layer) within the website in conjunction with the highest encryption level supported by your web browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


12. duration of the storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and to the extent possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply in principle.


13. web analytics and advertising tracking on our website

We use some services and technologies of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,Ireland ("Google"). Google uses so-called cookies. These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. A transfer of personal data to the USA will only take place in compliance with appropriate guarantees within the meaning of Art. 46ff. DS-GVO.

We use Google Analytics, Google Tag Manager, Google AdWords conversion tracking, Microsoft Clarity, and Facebook Pixel on our website to analyze the use of our website and the success of our advertising efforts.

With Google AdWords conversion tracking, Google records the achievement of certain goals, e.g. the conclusion of a subscription, on our website and can assign which advertisements were clicked on beforehand on the basis of the cookie set beforehand.

We only use Google Analytics with IP anonymisation activated. In this case, the IP address of the user is shortened, which excludes the possibility of personal references.

Use of cookies

In addition to the above, cookies are stored on your computer when you use our website.

We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

In part, the cookies serve to simplify website processes by storing settings (e.g. providing already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out to implement the contract or to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at URL: download and install the browser plug-in.

14. services used in our mobile app and webapp


Google Firebase

Our app and webapp use Google Firebase technology provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Firebase").

We have concluded an order processing agreement with Google with so-called standard contractual clauses of the European Commission, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection.

We use Firebase Cloud Firestore and Firebase Cloud Functions from Google to store or process the data collected in the mobile app and webapp. Health data is stored and processed only in the European Union or Switzerland.

We use Google Firebase Authentication for the login or authentication of authorized users. For this purpose, some data such as the email address or their internal customer number are processed by Google. This processing may take place in the USA, among other places. No health data is transmitted in the process.

Google Analytics for Firebase enables anonymised analysis of the use of our services. This allows us to understand, for example, how often functions are used and how long it takes to submit a new recipe. This enables us to discover and improve weaknesses in the app.

We use Google Firebase Crashlytics / Firebase Crash Reporting to collect and analyse data about mobile app crashes. This allows us to quickly detect and fix errors. This allows us to improve the stability of our mobile app.


Search function of the web app

In the webapp for pharmacists we use services of Algolia inc, 301 Howard St, San Francisco, CA 94105 (USA) to search for patients and doctors. The processing of the data takes place in the European Union.

We have concluded an order processing contract with Algolia with so-called standard contractual clauses of the European Commission, in which Algolia undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.



15. your rights

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO;
  • demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
  • in accordance with Art. 17 DSGVO to demand the deletion of your personal data stored by us, insofar as the storage is no longer necessary for the fulfilment of our contractual and legal obligations, for the fulfilment of legal obligations, for the exercise or defence of legal claims or otherwise the purposes pursued with the processing;
  • in accordance with Art. 18 DS-GVO to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful and we no longer need the data;
  • pursuant to Art. 20 DS-GVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • in accordance with Art. 7 (3) DS-GVO to revoke your consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation, and
  • complain to a supervisory authority in accordance with Article 77 of the GDPR.


Please note, however, that we reserve the right to enforce legal restrictions on our part, for example if we are obliged to retain or process certain personal data, have an overriding interest, or require the personal data for the assertion of claims. If costs are incurred for the exercise of certain rights, we will inform you in advance.

The exercise of the aforementioned rights generally requires that you can prove your identity (e.g., by means of a copy of your ID card). To enforce these rights, please contact us via our data protection officer.


16. changesto our privacy policy

We reserve the right to change this privacy policy. The current version published on our website will apply. If the Privacy Policy is part of an ongoing agreement with you, we will notify you by email or other appropriate means in the event of a change.