Data security is important to us. Because the protection of patient data is critical, OnlineDoctor encrypts all data transfers with SSL/TLS. To guarantee the highest level of security, OnlineDoctor uses two-factor authentication, which is used in e-banking. With this additional layer of security, OnlineDoctor ensures that only you can access your Skin Check Report. The following data protection guidelines give a detailed description of how we handle your personal information.
We, OnlineDoctor, take the protection of the personal data of our customers as well as those interested in our offers very seriously. For this reason, it is our duty to protect the data of users who are entrusted to us when they visit our website. It is significant to us to protect the privacy of the users of our website at all times. If and to the extent that users voluntarily provide personal data, such data will be collected and stored in accordance with the legal data protection provisions of the Swiss Federal Act on Data Protection (FADP). All data will be treated confidentially. With the following data protection information, we would like to explain in more detail what data is collected, what happens with this data and what security precautions we have taken to protect this data from misuse… With this transparent and comprehensible information of our data protection regulations, we would like to ensure that visitors and customers are well and sufficiently informed about the collection, processing and use of personal data.
The responsible party for the collection, processing and use of your personal data is:
9000 St. Gallen
Personal data is any data information that relates to an identified or identifiable person. This includes the following categories of personal data:
- Inventory data (e.g. name, function, organisational affiliation).
- Contact data (e.g. address, e-mail address, telephone/fax number)
- Content data (e.g. text entries)
- Usage data (e.g. access data, IP address, date and time of access).
In general, the collection, processing and use of personal data for the use of our website is limited to the extent and data required. Your personal data will not be transferred to third parties when using our website or when contacting us by e-mail or via the contact form for purposes other than those listed below.
Data transfer and recipients
Your personal data will not be passed on to third parties unless
- we have explicitly pointed this out in the description of the respective data processing, and
- you have given your express consent, or
- the disclosure is necessary for the assertion, exercise or defence of legal claims or is in our legitimate interest for other reasons and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, or
- there is a legal obligation to disclose your data, or
- this disclosure is necessary for the processing of contractual relationships with you.
In addition, we use external service providers for the provision of our services and the processing of our services, which we carefully select and commission. These are bound by our instructions and are regularly monitored by us. In addition, we have concluded order processing contracts with them where necessary. The service providers are responsible for web hosting, sending e-mails, maintaining and servicing our IT systems and payment management.
Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer used in each case.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the respective offer used and about the guarantees we provide to protect your personal data.
Processing of personal data collected during visits to our website (personal data concerned and purpose of processing)
When you use our website www.onlinedoctor.ch for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- Operating system and its interface
- Language and version of the browser software.
The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection setup of the website,
- ensuring a comfortable use of our website,
- evaluating system security and stability, and
- for other administrative purposes.
Under no circumstances do we use the collected data to drawing conclusions about your person. In addition, the data may be processed in anonymous form for statistical purposes. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Processing of personal data in the context of contacting us (categories of personal data concerned and purpose of processing)
You can contact OnlineDoctor by e-mail using the e-mail address published on our website or the contact form provided.
To process your contact request, we use the ticket system Zendesk, a customer service platform of Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102.
If you use one of the aforementioned contact channels, the personal data you provide (e.g. surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail or in the contact form will be stored to contacting you and processing your request. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
Processing of personal data in the context of the newsletter subscription (categories of personal data concerned and purpose of the processing)
If you subscribe to theOnlineDoctor newsletter, the data in the respective input mask will be transmitted to the controller. We use rapidmail for sending newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail isused to organise and analyse the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. A transmission to third countries does not take place.
Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s email addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. You can cancel your subscription to the newsletter at any time. Likewise, you can revoke your consent to the storage of personal data at any time. For this purpose, you will find a corresponding link in every newsletter.
Via the provider rapidmail, we analyse whether and in what way you have opened the contents of the newsletter. For the purpose of analysis, theemails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, wecan determine whether and which links in the newsletter message are clicked on. All links in the e-mail are so-called tracking links, with which your clicks can be counted. Depending on the font used to design the respective newsletter, a connection to external servers such as Google Fonts takes place.
If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
Processing of personal data in the context of teledermatological counselling services (categories of personal data concerned and purpose of the processing)
In addition to the purely informational use of our website, we offer various specialist consultation services (hereinafter “teledermatological consultation services”) via the dermatologists registered with us, which you can use if you are interested. For this purpose, you usually have to provide further personal data (e.g. health data, payment data), which we and the dermatologist use to provide the respective service.
OnlineDoctor and the respective dermatologist are jointly responsible for the personal data transmitted in connection with the teledermatological consultation service. For this reason, OnlineDoctor and the dermatologist have reached an agreement on the respective obligations within the framework of joint data processing.
Health data is processed for the teledermatological consultation service. These belong to the special category of personal data. We will only process this special category of personal data with your explicit consent.
If you choose to make use of teledermatological counselling services via our website, the following personal data will be processed by us and forwarded to the dermatologist commissioned in each case to respond to your request:
- first name and surname
- date of birth
- your address
- telephone/mobile number
- e-mail address
- image data based on photographs of skin lesions uploaded by the user
- further health data provided by the user, if applicable, and recommendations for action by dermatologists based thereon (the “health data”)
- billing data, such as name, address, credit card information and/or bank details
- if applicable, health insurance information
Data is collected, processed and used for the following purposes:
- Mediation of treatment contracts
- Processing for anonymised evaluations for scientific, statistical and analytical purposes, including the development of new data-based diagnostic procedures – in each case to the extent permitted by law.
- Processing for billing purposes
The billing of the teledermatological consultation service is carried out via the external payment service provider Datatrans Ltd (“Datatrans”), which is based in Switzerland and integrated on our website. OnlineDoctor and Datatrans have concluded an order data processing agreement. If you use a teledermatology consultation service via our website, the payment is processed via Datatrans, which enables payment via credit card, SOFORT Überweisung and Apple Pay. For payment processing, OnlineDoctor transmits the following transaction data to Datatrans:
- first and last name of the card account holder
- e-mail address
- card information
- expiry date
- CVV/CVC code
- card date
- clock time
- amount of the transaction
Datatrans does not gain access to your health data at any time.
Within the website, we use the widespread SSL procedure (Secure-Socket Layer) in conjunction with the highest level of encryption supported by your web browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Duration of storage of personal data
The duration of the storage of personal data is measured by the relevant statutory retention obligations.
After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes, or you have exercised your right of revocation or objection.
In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
This website uses the following types of cookies, whose scope and mode of operation are explained below:
- Transient cookies, i.e. cookies that are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies, i.e. cookies that you can configure your browser settings according to your wishes. Here, for example, you can refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
In some cases, the cookies are used to simplify website processes by storing settings (e.g. providing options that have already been selected). If personal data is also processed by individual cookies implemented by us, the processing is carried out either to implement the contract or to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser so that you are
- informed about the setting of cookies,
- allow cookies only in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
- Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Safari: https://support.apple.com/kb/ph21411?locale=de_DE
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
You can also manage cookies of many companies and functions used for advertising individually. To manage them, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices. Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. “Clear Flash Cookies” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/clear-flash-cookies) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.
Web analytics and advertising tracking Google
We use some services and technologies provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses so-called cookies. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Personal data is only transferred to the USA in compliance with appropriate guarantees under data protection law.
We only use Google Analytics with IP anonymisation activated. In this case, the IP address of the user is shortened by Google within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area, which means that it cannot be traced back to a person.
You can prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by cookies and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at URL http://tools.google.com/dlpage/gaoptout?hl=de.
Clicking on the following link prevents the collection by Google Analytics by setting a so-called opt-out cookie: Deactivation of Google Analytics
The web analysis and optimisation service “Google Optimize” is used on our website. We use the Google Optimize service to increase the attractiveness, content and functionality of our website by offering new functions and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize is a sub-service of Google Analytics (see section Google Analytics).
Google Ads Conversion
We use the Google Ads Conversion service to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Ads). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your end device. These cookies usually lose their validity after 30 days and are not intended to identify you personally.
The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers.
We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server.
We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us.
If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
You can prevent participation in this tracking procedure in various ways:
(a) by adjusting the settings of your browser software accordingly; in particular, the suppression of third-party cookies will prevent you from receiving ads from third-party providers; (b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin; (c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; (d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin, and (e) utilizing the corresponding cookie setting. Please note that in this case you may not be able to use the full functionality of this website.
Google Ads Remarketing
We use the remarketing function within the Google Ads service. The remarketing function enables us to present users of our website with advertisements based on their interests on other websites within the Google advertising network. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, to be able to display targeted advertising to users on other sites even after they have visited our website.
For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.
Google Tag Manager
Our homepage uses the online map service provider Google Maps via an interface. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address. This information is transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of the Google Maps service is in the interest of an attractive presentation of our online offer and to make it easier to find the addresses we list on the website.
Linking to social media
Social networks (e.g. Facebook or LinkedIn) are only integrated on our website in the form of a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information will only be transmitted to the respective provider after you have been redirected. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers you use.
You are generally entitled to the following rights:
- To request information about your personal data processed by us;
- to request the correction of inaccurate or incomplete personal data stored by us;
- to request the deletion of your personal data stored by us;
- request the restriction of processing or disclosure to third parties or the prohibition of processing of your personal data;
- in some circumstances, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
- revoke your consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation; and
- depending on the applicable law, to lodge a complaint with a supervisory authority.
You may declare your rights to OnlineDoctor or the relevant dermatologist.
Status of this data protection declaration: May 2022