In this privacy policy, we, DoryHealth AG (hereinafter DoryHealth, we or us), explain how we collect and otherwise process personal data. We take the protection of personal data very seriously.
This privacy policy is aligned with the EU General Data Protection Regulation (DSGVO). Although the DSGVO is a regulation of the European Union, it is relevant to us. The Swiss Data Protection Act (DPA) is heavily influenced by EU law and companies outside the European Union or EEA must comply with the DPA in certain circumstances.
The responsible party for the collection, processing and use of your personal data pursuant to Art. 4 No. 7 DSGVO is:
DoryHealth AG
Hagenholzstrasse 81A
8050
Zurich
hello@doryhealth.com
You can reach DoryHealth's data protection officer at the following email address: datenschutz@doryhealth.com
We have the following data protection representative pursuant to Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional contact point for supervisory authorities and data subjects for enquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu
Our privacy policy is intended to be simple and understandable for everyone. In this privacy policy, the official terms of the GDPR are generally used. The official definitions are explained in Art. 4 of the GDPR.
We only process personal data of customers that (a) are entered into the DoryHealth app by customers themselves or are collected through medication orders and the use of the medication box, and (b) are disclosed by the pharmacy for the provision of services. Furthermore, we process various personal data received from involved natural persons in the course of our business relationships (e.g. employees, representatives of partner pharmacies, contract data processors). We also collect personal data from users of our websites, details of which are set out below in this privacy policy.
We use the personal data collected primarily to provide our services and to process the contracts with our customers and business partners, so in particular to provide an IT solution for a better overview of the medications to be taken, the timely and sorted delivery of medications by partner pharmacies and reminder messages for timely intake.
Then, to the extent permitted by law and deemed appropriate by us, we may also use your Personal Data and Personal Data of third parties for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
Insofar as you have given us consent to process your personal data for certain purposes (for example, when registering to receive newsletters or when concluding a contract with us), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. The consent given can be revoked at any time, but this does not apply to personal data that was processed before the revocation.
We share your personal data with our partner pharmacies and service providers, but only to the extent necessary to provide the service. No personal data is shared for marketing purposes.
A transfer of your personal data to third parties therefore only takes place, provided:
We use external service providers for the provision of our services and the processing of our services, which we carefully select and commission. These are bound by our instructions.In addition, we have concluded order processing contracts with them as necessary in accordance with Art. 28 DSGVO. We use service providers for web hosting, sending e-mails, operation, development, maintenance and care of our IT systems and payment management.
The health data is stored and processed exclusively in Switzerland.
When you use our website www.doryhealth.com or www.doryhealth.ch or www.doryhealth.de or www.dorygo.com or www.dorygo.ch or www.dorygo.de for purely informational purposes, we collect the personal data that your browser transmits to our server.
The above data will be processed by us for the following purposes:
In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations in this data protection declaration below.
You can contact DoryHealth or our partner pharmacies by email using the email address published on our website or app or the contact form provided.
Insofar as you use one of the aforementioned contact channels, the personal data you provide (e.g. last name, first name, address), but at least the e-mail address, as well as the information contained in the e-mail or in the contact form will be stored for the purpose of contacting you and processing your request. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
We offer a mobile app and services. The service is provided together with partner pharmacies registered with us. This requires the collection of further personal data, such as health data or payment information. DoryHealth is jointly responsible with the relevant partner pharmacy for the personal data transferred.
For the use of our service, health data is processed. These belong to the special category of personal data within the meaning of Art. 9 (1) DSGVO. We will only process this special category of personal data if you have concluded a contract with us for the use of the service and have thus expressly given your consent to its use.
When you use our service or the mobile app, the following personal data is processed.
The data collection, processing and use takes place for the following purposes:
Our service is billed by external payment service provider Stripe Payments Europe Limited("Stripe"). DoryHealth AG and Stripe have concluded an order data processing agreement.
For payment processing or subscription adjustment, DoryHealth AG transmits the followingTransaction Data to Stripe:
Stripe will not have access to your health data at any time.
When using the webapp (for example, the pharmacy system), the following data is collected.
In addition, data and cookies are used analogous to our website, if applicable.
In accordance with Art. 32 DS-GVO, we use the widely used SSL procedure (Secure Socket Layer) within the website in conjunction with the highest encryption level supported by your web browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and to the extent possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply in principle.
We use some services and technologies of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,Ireland ("Google"). Google uses so-called cookies. These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. A transfer of personal data to the USA will only take place in compliance with appropriate guarantees within the meaning of Art. 46ff. DS-GVO.
We use Google Analytics, Google Tag Manager, Google AdWords conversion tracking, Microsoft Clarity, and Facebook Pixel on our website to analyze the use of our website and the success of our advertising efforts.
With Google AdWords conversion tracking, Google records the achievement of certain goals, e.g. the conclusion of a subscription, on our website and can assign which advertisements were clicked on beforehand on the basis of the cookie set beforehand.
We only use Google Analytics with IP anonymisation activated. In this case, the IP address of the user is shortened, which excludes the possibility of personal references.
Use of cookies
In addition to the above, cookies are stored on your computer when you use our website.
We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.
In part, the cookies serve to simplify website processes by storing settings (e.g. providing already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out to implement the contract or to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at URL: http://tools.google.com/dlpage/gaoptout?hl=de download and install the browser plug-in.
Google Firebase
Our app and webapp use Google Firebase technology provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Firebase").
We have concluded an order processing agreement with Google with so-called standard contractual clauses of the European Commission, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection.
We use Firebase Cloud Firestore and Firebase Cloud Functions from Google to store or process the data collected in the mobile app and webapp. Health data is stored and processed only in the European Union or Switzerland.
We use Google Firebase Authentication for the login or authentication of authorized users. For this purpose, some data such as the email address or their internal customer number are processed by Google. This processing may take place in the USA, among other places. No health data is transmitted in the process.
Google Analytics for Firebase enables anonymised analysis of the use of our services. This allows us to understand, for example, how often functions are used and how long it takes to submit a new recipe. This enables us to discover and improve weaknesses in the app.
We use Google Firebase Crashlytics / Firebase Crash Reporting to collect and analyse data about mobile app crashes. This allows us to quickly detect and fix errors. This allows us to improve the stability of our mobile app.
Search function of the web app
In the webapp for pharmacists we use services of Algolia inc, 301 Howard St, San Francisco, CA 94105 (USA) to search for patients and doctors. The processing of the data takes place in the European Union.
We have concluded an order processing contract with Algolia with so-called standard contractual clauses of the European Commission, in which Algolia undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.
You have the right:
Please note, however, that we reserve the right to enforce legal restrictions on our part, for example if we are obliged to retain or process certain personal data, have an overriding interest, or require the personal data for the assertion of claims. If costs are incurred for the exercise of certain rights, we will inform you in advance.
The exercise of the aforementioned rights generally requires that you can prove your identity (e.g., by means of a copy of your ID card). To enforce these rights, please contact us via our data protection officer.
We reserve the right to change this privacy policy. The current version published on our website will apply. If the Privacy Policy is part of an ongoing agreement with you, we will notify you by email or other appropriate means in the event of a change.