Data Protection

Last updated: [DATE]

This Data Protection Notice explains how QuickMed processes your personal data when you use our telemedicine application and website. We comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

1. Who is responsible (Data Controller)

[LEGAL ENTITY NAME], [REGISTERED ADDRESS], Switzerland.
Contact / Data Protection enquiries: [PRIVACY EMAIL].
[If appointed] Data Protection Officer: [DPO NAME / EMAIL].

2. What data we collect

• Account data: first and last name, email address, phone number, date of birth, country/region.
• Health data (special category): the medical problem you describe, consultation details, preferred language, and documents created by the doctor (medical report, prescription, referral, sick note).
• Insurance data (Switzerland): if you choose, the data read from your health-insurance card.
• Payment data: processed by our payment provider; we do not store full card numbers.
• Technical data: device identifiers and push-notification tokens, app/usage logs needed to run the service.

3. Why we process it and our legal basis

• Providing the consultation — performance of our contract with you (GDPR Art. 6(1)(b)).
• Processing your health data — for the purpose of medical care by health professionals, and/or your explicit consent (GDPR Art. 9(2)(h) and (a); corresponding FADP provisions for sensitive data).
• Payments and invoicing — contract performance and our legal/accounting obligations.
• Service security and improvement — our legitimate interests, balanced against your rights.

4. Who we share data with (processors)

We use carefully selected service providers who process data on our behalf under data-processing agreements. We do not sell your data. Our main processors are:

• Hosting: Hetzner Online GmbH — servers located in the EU (Germany).
• Secure clinical email: Health Info Net AG (HIN) — Switzerland — for sending medical documents.
• Payments: Stripe — card payment processing.
• Transactional email & insurance-card recognition: Scaleway — EU (France).
• Network, security & video-call connectivity: Cloudflare.
• Push notifications: Google (Firebase Cloud Messaging).
• App distribution: Apple and Google.

Where data is transferred outside Switzerland/the EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses and adequacy decisions.

5. How long we keep your data

We keep medical records for the period required by applicable Swiss healthcare law, and other data only as long as necessary for the purposes above or to meet legal obligations. After that, data is deleted or anonymised.

6. Your rights

You have the right to access, correct, delete, restrict or object to the processing of your data, to data portability, and to withdraw consent at any time (without affecting prior processing). To exercise these rights, contact [PRIVACY EMAIL]. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, in the EU, your local supervisory authority.

7. Security

We use encryption in transit, access controls, and EU/Swiss-based infrastructure to protect your data. Medical documents are sent through HIN, a secure Swiss healthcare messaging network.

8. Children

QuickMed may be used for children (from 2 years old) by a parent or legal guardian, who provides the relevant information and consent on the child's behalf.

9. Changes to this notice

We may update this notice; the current version is always available here, with the date of last update shown above.

10. Contact

[LEGAL ENTITY NAME], [REGISTERED ADDRESS] — [PRIVACY EMAIL].