Privacy Policy
Last updated: June, 26th 2024
1. Who is responsible for your personal data?
In this Privacy Policy, we, MRI Health Holding AG and the companies affiliated with our corporate group ("we", "us"), describe how we collect and process your personal data when:
- you visit our website, use the booking platform available on it (the "Platform"), and/or use our mediation services;
- you use our app ("aeon App");
- you apply for a job with us;
- we receive personal data from you for other purposes within the scope of our business activities.
We process your personal data:
- either as a data controller, which means that we are responsible for your personal data; or
- as a data processor in the fulfillment of a contract with healthcare professionals (e.g., radiologists, hematologists, general practitioners) whose services you book through our Platform. In this case, the respective healthcare professionals are primarily responsible for your personal data.
Contact Information:
MRI Health Holding AG
Neuwiesenstrasse 15
CH-8400 Winterthur
[email protected]
2. What personal data do we process?
2.1 Website, Platform, Mediation Services
When you visit our website, the server automatically logs general technical visit information. This data includes, for example, the IP address and operating system of your device, the date and time of use, the website from which you visit us, and the type of browser you use to access our website.
When you use the Platform and take advantage of our mediation services (in particular, booking, modifying, or canceling consultations or treatment services), we process your contact and identification data (name, email, address, phone number, date of birth, etc.), the content of your booking, and other personal data you provide to us in the context of the booking or in the further course of the mediation services, your payment data, and certain technical data related to your booking.
If you contact us via the website (e.g., through a contact form, email, or another contact channel published on the website), download content from our website, or sign up for and receive our newsletter, we process your contact data and other personal data you provide to us on this occasion, as well as, if applicable, technical data used when utilizing the respective contact channel.
The emails you receive from us after using our Platform or contacting us (e.g., confirmation emails or our newsletter) may contain visible or invisible images/pixels. When you download these images from the server, we can see if and when you opened the email. This helps us better understand how you use our offers and tailor them to you. You can disable this function in your email program.
We use the following cookies and other tracking technologies (collectively referred to as "cookies" for simplicity) on our website:
- necessary and functional cookies to ensure the functionality and security of our website and make it more user-friendly;
- statistical cookies to evaluate the use of our website and collect information to improve our offers;
- marketing cookies.
We use third-party cookies, which may result in the respective third parties receiving personal data about you.
You can manage your browser settings to block the cookies we use or delete stored cookies. We point out that our website may no longer function properly if you block cookies necessary for its operation.
Furthermore, we use social media plugins and embedded media from external platforms like YouTube, among others, to offer you multimedia content. When you access a page on our website containing a plugin or embedded media, certain technical data is automatically transferred to the respective providers of these services. If you have an account with a provider and are logged in, this interaction may also be recorded. Please consult the privacy information of the respective providers for further information about their data collection and processing.
2.2 aeon App
In the aeon App, we process the following personal data:
- login data (email, password, etc.);
- contact data (name, email, address, phone number, etc.);
- health data (MRI images, blood values, anamnesis data such as gender, age, general health status, medical history, etc.);
- communication content and bookings;
- other relevant personal data you provide to us;
- technical data (logs, usage data, etc.).
2.3 Job Application
If you apply for a job with us, we collect and process the necessary personal data to review your application and conduct the application process. This includes, in particular:
- contact data (name, email, address, phone number, etc.);
- communication content;
- information about your career and qualifications;
- the content of your application documents;
- other data necessary to review your application.
Most of this personal data is provided directly by you in the context of your application. We also process information from other sources, in particular from references (if you have consented to obtaining references) and from publicly available sources (e.g., professional social networks, the internet).
2.4 Other Purposes within Our Business Activities
Within the scope of our business activities, we process personal data of other persons, such as our contact persons at business partners, suppliers, and service providers, or persons interested in our services and inquiring about them. The personal data processed usually primarily consists of contact data and communication content, as well as, if applicable, other personal data necessary in this context.
We obtain this data either directly from you or from other sources, such as other persons in your company, business partners, and other contacts, as well as from publicly available sources (e.g., social networks).
3. For what purposes do we process your personal data?
We process your personal data:
- to prepare, conclude, fulfill, and enforce contracts within the scope of our business activities. This includes, among other things, contracts with:
- you, when we act as a data controller (e.g., contracts for our mediation services); or
- the healthcare professionals whose treatment services you book through our Platform. This applies in particular to health data processed in the aeon App. In this case, we act as data processors, and the respective healthcare professionals, as data controllers, determine the processing purposes.
- based on and within the scope of your consent, if relevant. You can revoke your consent at any time.
- to comply with legal obligations.
- within the scope of our interests, to communicate with you and third parties (even outside the preparation or conclusion of a contract), provide the website and the aeon App and optimize your user experience, maintain and expand our relationship with you, improve, expand, and market our offers, ensure IT security and data protection, and assert, defend, or defend against legal claims.
4. In what cases do we share your personal data with third parties?
To fulfill contracts, protect our interests, or comply with legal regulations, it may be necessary for us to share your personal data with third parties. This includes, in particular:
- the exchange of your personal data with the healthcare professionals whose treatment services you book;
- the exchange of personal data between the companies affiliated with our corporate group (parent and sister companies) for mutual service provision;
- sharing with IT service providers and other third-party providers (e.g., in the area of payment transactions, billing, collection, consulting, sales, and marketing);
- sharing with third parties to whom we or our affiliated companies transfer the company or parts thereof or with whom we merge;
- cases where sharing is necessary to (i) fulfill a legal obligation, (ii) ensure IT security and data protection, or (iii) assert, defend, or defend against legal claims.
In doing so, we also transfer personal data abroad, in particular, we use IT service providers with data locations in the EU, the EEA, or the UK. We limit transfers of personal data outside Switzerland, the EU, the EEA, and the UK as much as possible, but they are not entirely avoidable. If the respective countries do not have a data protection level recognized by Switzerland, we use standard contractual clauses to ensure adequate protection, supplemented with additional security measures where necessary and possible.
We do not sell or rent personal data to third parties.
5. Data Security
We protect your personal data with appropriate technical and organizational security measures against unintentional, unlawful, or unauthorized manipulation, deletion, alteration, access, disclosure, use, or loss.
These security measures include:
- IT Infrastructure: We have a state-of-the-art IT infrastructure.
- Encrypted and Redundant Storage: Health data in the aeon App is encrypted and stored redundantly in Switzerland and the EU.
- Security and Compliance Audits: We ensure that our security practices meet legal and industry standards by conducting regular audits.
- Access Control: We use a role-based access concept, multi-factor authentication (where applicable), and the principle of least privilege to ensure that only necessary personnel have access to your personal data.
- Data Protection and Security Training: Our team receives ongoing training on data protection practices and our internal data protection and security policies.
- Software and Hardware Maintenance: We regularly update our systems to fix vulnerabilities and keep our infrastructure secure.
- Anonymization and Pseudonymization: Where possible, we use techniques to de-identify personal data.
- Secure Development Lifecycle: The aeon App is developed and maintained with a focus on security. This includes regular tests and code reviews to identify and mitigate risks.
6. How long do we retain your personal data?
We retain your personal data only as long and to the extent necessary for the purposes described or for legal reasons.
7. What rights do you have concerning your personal data?
Under the conditions of applicable data protection law and as provided therein, you have the following rights concerning your personal data:
- right to access the personal data we process about you;
- right to correct inaccurate personal data;
- right to delete your personal data ("right to be forgotten");
- right to restrict the processing of your personal data;
- right to data portability (transfer of your personal data to you or a third party);
- right to object to the processing of your personal data.
Please note that exceptions apply to these rights. In particular, we may be required or entitled to continue processing your personal data to fulfill a contract, protect our legitimate interests such as asserting, defending, or defending against legal claims, or comply with legal obligations. In these cases, we may have to refuse certain requests or comply with them only in a limited way.
To exercise your rights, please contact us via email at [email protected].
In cases where we act as a data processor, we will forward your request to the data controller (the respective healthcare professionals).
8. Right to Complain
If you are not satisfied with how we process your personal data, you have the right to complain to the competent supervisory authority (Federal Data Protection and Information Commissioner FDPIC).
Please contact us first before filing a complaint. This way, we can try to resolve your concern directly. The easiest way is to contact us via email at [email protected].
In cases where we act as a data processor, we will forward your request to the data controller (the respective healthcare professionals).
9. Links to Other Websites
Our website may contain links to third-party websites not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection regulations.
10. Changes to this Privacy Policy
We may change this Privacy Policy at any time. New versions will take effect for you once we have communicated them by publishing them on our website.