Compassana App Privacy Policy

The Compassana app enables you to handle your health-related activities safely and responsibly.

The Compassana platform and the Compassana app are developed and operated by Bluespace Ventures AG.

You can use the Compassana platform after registering and creating a Compassana user account. For example, you can search for doctors and other medical service providers within the Swiss healthcare system, make appointments, save documents and exchange information, find out about medicines and make use of other additional services.

Your Compassana user account is confidential – you are the only person with exclusive access.

You will remain in full control of your personal data and health information at all times and can give your consent in order to use certain services and withdraw it later. You can delete your Compassana account at any time if you decide later that you do not want to use it.

The Compassana app was developed for users in Switzerland. As such, this privacy policy meets the requirements of the new Swiss Data Protection Act (‘nDSG’).

It is also based on the European General Data Protection Regulation (‘GDPR’), which is the benchmark for strong data protection worldwide.

This privacy policy will inform you about how and why we process and use your personal data when you use the Compassana app.

In this privacy policy you will find out, among other things,

• what personal data we collect and process;
• for what purposes we use your personal data;
• with whom and why we share your personal data in certain cases with your permission;
• for how long we process your personal data;
• what rights you have in relation to your personal data and how 
• you can contact us.

A Compassana user account offers you basic functionality that you can supplement with other third-party services through the Compassana platform.

If you choose to use these services, the relevant terms of use and privacy policies of each provider will apply after you give your consent for this relationship.

Please also note that the terms of use and the privacy policy stored there are decisive with regard to the use of the Compassana website.

You can access and view this privacy policy at any time in the Compassana app.

Personal data is information that can be linked to a specific person.

Processing means any handling of that data, e.g. acquisition, storage, use, disclosure and deletion.

3.1 Bluespace Ventures AG’s responsibility as controller under data privacy law

In principle, Bluespace Ventures AG is responsible under data privacy law for data processing in accordance with this privacy policy.

Under data privacy law, the company responsible for certain data processing is the company that determines whether this processing should take place, for what purposes it is carried out and how it is arranged.

3.2 Data processing with your consent

In principle, we process personal data only on the basis of the terms of use, this privacy policy and within the scope of your explicitly provided consent (‘consent’).

The Compassana app provides you with an overview of the consents you have provided (‘consents’) and you can revoke them there at any time.

You can delete your user account at any time. Please note that this process is final and that even Compassana cannot restore your data.

3.3. Responsible parties on the Compassana platform

You can use your Compassana user account and the Compassana app to determine for yourself how to manage and disclose your personal data and your health data to third parties.

This means that you can use other third-party Compassana platform services at any time and share service-specific personal data and health information after you have given the necessary consent for the data processing in question.

These services are usually offered and operated by third parties who are responsible for their own data privacy.

We offer some services in direct cooperation with our partners. In these cases, your consent is required for data exchange between our partner and us in order for the processing to occur. In these cases, you can revoke your consent to either party at a later time and contact us or our partner at any time with questions or to exercise your rights when you choose to do so.

4.1. Master data

Master data refers to your basic data, e.g. salutation, name, contact details and date of birth.

We need master data in order to create a Compassana user account for you and then to be able to identify you securely each time you log in. 

Master data includes:

• First name
• Last name
• Address
• Date and place of birth
• Gender
• Nationality

Of this master data, which our service partner PXL Vision collects at the time of initial identification (see 5.1 below), we transfer only your first and last name and your date of birth to your Compassana user account.

4.2 Insurance data and single sign on

If you have purchased insurance from an insurance partner connected to Compassana, we are able to process your insurance data in order to offer you specific services based on your personal insurance situation.

These include:

• General information about your basic insurance
• The insurance model or the insurance product that the basic insurance relates to

Single Sign On

You have the option of registering with Compassana using the registration details of an insurance account that already exists (‘single sign on’ – SSO). In order to do this, the insurance partner must be connected with Compassana.

In this case, you can log into the Compassana account using the access data for your insurance account and we will receive confirmation that this has been successful. During the registration process, we will provide you with detailed information about the data that will be transferred if you give your consent.

4.3. Health data

Among other things, your Compassana user account enables you to store your personal documents and data containing information about you and your health in a central location.

On the one hand, you can store these documents and data yourself by uploading them to the Compassana app.

On the other hand, you can also have the information to be transmitted to your Compassana user account via third-party applications, insofar as this is technically supported by your healthcare professional. 

In the latter case, however, this data is only saved as a copy in your Compassana user account, i.e. the original documents will be retained by the service providers.

Health data includes, for example 

• relevant documents such as prescriptions, reports and certificates of incapacity for work;
• medical history and your patient file;
• laboratory results from a medical analysis, information from medical history or readings from an ECG that your doctors upload to the platform with your permission and 
• doctor’s prescriptions that you save on the platform yourself.

4.4. Communication data

If you contact our support team regarding a concern, we process the content of the communications that were exchanged and information about the type, time and location of the communication

In certain situations, we may also ask you for proof of identity in order to be able to identify you reliably.

Communication data includes, for example,

• name and contact information such as postal address, email address and telephone number;
• content of emails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences;
• information on the type, time and, under certain circumstances, location of the communication;
• proof of identity, such as copies of official ID;
• communications activity data (e.g. date and time of a call or email delivery).

4.5. Telemetric data

In order to ensure that ongoing operations continue, to achieve the high level of security we aim for and to enable us to design and further develop our services in the best possible manner, we automatically collect telemetric data that is generated through the use of the Compassana app and the network and server infrastructure required for this, as well as through the securing of the interfaces with partners.

We use this data for the purposes stated. It is recorded anonymously and is not used to create preferences or profiles.

This technical data includes 

• your device’s IP address and other device identifiers (e.g. MAC address);
• identifiers assigned to your device by cookies and similar technologies;
• information about your device and its configuration, e.g. operating system or language settings;
• information on the operating system or browser that you use to access the offering and its configuration;
• information about your movements and actions on our websites and in our app;
• information about your internet provider;
• your approximate location and the time of use; and
• system-side records of access and other processes.

This technical data does not, on its own, allow us to draw any direct conclusions about your identity. We delete the logs (log files) in which this data is recorded regularly in an automated manner.

4.6. Image and sound recordings

Photos, videos or sound recordings can be stored on Compassana if you upload them to Compassana yourself or allow third parties or third-party applications to do so.

5.1 Data processing by PXL Vision (identification)

In order to use Compassana, you must have a Compassana user account. In order to create a secure platform for the exchange of health information and to be able to protect your account in the best possible manner, we rely on a standardised identification process provided by the company PXL Vision:

PXL Vision AG
Mühlebachstrasse 164
8008 Zürich
Email: privacy@pxl-vision.com

This data is processed as part of the identification process:

5.1.1. Categories of personal data processed

1. When using the identification function, we collect and process the following data:

• The identification number of your end device (UDID)
• Device type
   
• Operating system of the end device
• Browser version
• Session cookie (for load balancing)

2. If you initiate and perform a verification process, the following personal data will be collected and processed (identification data):

• Master data Personal ID data – matching the data contained on the ID document: family name, maiden name, first names, doctoral degree, date of birth, place of birth, address, nationality, type of document, expiration date, service and card-specific identification code, country code, information on whether you are over or under a certain age, information on whether a place of residence corresponds to the requested place of residence, religious name, artist’s name, ID document number
• Image data: we collect a photo of both sides of your ID document, your personal photo from the ID or (if applicable and available) from the NFC data of your ID document and the selfie video of your face.
• Special categories of personal data:  biometric data such as facial data

5.1.2. Purposes for which the personal data is processed as part of the identification process:

1. Performance of the identification process as part of providing consent: identification data and biometric data such as the ID photo and selfie video to perform the identification and verification process
2. Provision of the contractually agreed service:

• Processing of identification data for comparison with the data you have provided
• Processing of the photos and the selfie video to perform the comparison between the ID photo and the person recorded during use and for comparison of this data with the user data available to us

5.1.3 Automated decision-making

If the identification and biometric data are compared successfully, an automatic decision is made about your identity using the documents you have scanned. This decision is not based on your personal characteristics such as age, gender, interests, or knowledge, but solely on the algorithmic comparison of the image files and the comparison of the identification data. No profiling takes place.

5.1.4. Further provisions

In the context of data processing for identification purposes, you are entitled to all rights as the data subject provided for by law, as set out in item 12 below.

This data is processed by PXL Vision exclusively on servers in Switzerland, which are protected by state-of-the-art technical and organisational measures.

This data is used only for the purposes of identification and is not transmitted to third parties. They will be deleted after one week, during which time they will be temporarily available for any support that is needed for your registration process in the event of any problems.

5.1.5 Data processing by PXL Vision AG as the responsible party

During the identification process, as an option, you can give PXL Vision AG consent to use the data collected via Compassana to improve its recognition processes. This consent is not necessary to continue or complete the identification process.

In this case, PXL Vision AG is responsible for this data processing.

We will obtain your express consent for the disclosure of particularly sensitive personal data to PXL Vision AG. PXL Vision AG uses the data in question exclusively to improve the processes described.

➔ Further information on data processing by PXL Vision AG can be found in the privacy policy of PXL Vision AG.

5.2 Data processing by SASIS AG (creation of a Compassana user account)

In order to complete the identification process, we require card and coverage information, which is provided to us by SASIS AG.

SASIS is responsible for this data processing:

SASIS AG
Römerstrasse 20 
4500 Solothurn

In order to keep your insurance data up to date, a query will be made to SASIS AG once or twice per year with your prior express consent to check whether the insurance data uploaded via SASIS AG is still up to date.

If SASIS AG detects a discrepancy, the stored insurance data will be automatically deleted and the Compassana app will prompt you to upload it again (no automatic upload will take place). Consent for repeated queries will be valid until the end of the period of validity of your current insurance card.

➔ Further information can be found in the corresponding privacy policy of SASIS AG.

5.3 Data processing by SAP Ireland (identity management)

We will share your email address and Compassana password with an identity management service provided by SAP Ireland.

Service provider:

SAP Ireland
1012/1014, Kingswood Ave, City West Business Campus 
Dublin, Ireland

Shared data:

• Your email address
• Your password

Reported data:

• Success of the registration process

In these cases, data is disclosed in another country in accordance with Swiss law, see 5.4 below.

5.4 Data processing by the Trifork Group (operations and support)

In order to assist you in support cases and to solve technical and operational problems and to improve our service, we share communications data, technical information and telemetry data with companies in the Trifork Group, which is our technical service provider:

Trifork AG, Neuhofstrasse 10, CH-8834 Schindellegi, Switzerland

netic A/S, Alfred Nobels Vej 25, DK-9220 Aalborg Ø, Denmark

Personal data will only be disclosed in individual cases, insofar as is necessary to resolve support cases and to guarantee technical and operational security and reliability.

Even in these cases, direct access or viewing of your Compassana user account and the health data stored there will only be possible with your express consent in order to be able to provide you with the desired assistance or to enable you to exercise the rights to which you are entitled in accordance with item 12.

In these cases, data is transferred to another country in accordance with Swiss law and the European General Data Protection Regulation on the basis of a ‘data processing contract’ to a state with an appropriate level of protection in accordance with the requirements of the FDPIC. The contract will include standardised processes, coordinated technical and organisational measures and staggered access rights.

6.1 Additional services on the Compassana platform

The Compassana platform offers you a variety of additional services from third parties, which are constantly being expanded.

Depending on the type of specialised service, various personal and health data can be exchanged between your user account and the service provided by the third-party provider or the healthcare professionals participating in the service.

In this case, the Compassana app will request your consent before using the service and, as a function of the system, offers you an overview of the services used and their status with regard to consent.

You will find concrete information on any access requirements in the terms and conditions of use of the third-party providers.

6.2 Third party identification

For individual service providers, further personal information must also be transmitted to their systems for the purposes of identification.

This applies in particular in the case of single sign-on with our insurance partners, in which case you must identify yourself as an insurance customer in order to be able to use certain services in the Compassana app.

6.3 Storage and sharing of medical documentation

You are able to store documents and health information in your Compassana user account for your own reference.

You can also share these documents with a healthcare professional via ‘secure messaging’.

Finally, with the help of the Compassana app, you can also allow a doctor or other service provider to send medical documents (e.g. treatment plans or test results) directly to your Compassana user account via ‘secure messaging’.

This provides you with direct access to your personal health information.

6.4 Secure communications

You can use the ‘secure messaging’ service to communicate with your preferred doctors and other medical service providers at a specific location directly within the Compassana app.

This communication will take place via a secure, encrypted email service that is suitable for the transmission of health information and is provided by Health Info Net AG (HIN) and meets the high level of requirements for a confidential exchange of information relating to health. Bluespace has no influence or insight at all over the content and progress of the communications. We also have no influence on the completeness of the list of locations, the specialists listed there so that they can be contacted or whether they can be reached and are available.

The arrangements regarding your chosen communication partner and their rules relating to possible charges, response times and further processing of the information you send are therefore the only rules that are decisive for you.

Please note:

• The Compassana app simply provides the communication channel. You are responsible for the concrete exchange of data and the communicated content.
• When using this service, you are dependent on the communication arrangements and regulations of your healthcare professional. This applies in particular with regard to the acceptance of this type of communication, the response time and any establishment of a paid contractual relationship.
• This communication channel is not suitable for urgent communications in the event of an emergency. In this case, please call 144.
• Bluespace will in no way be held liable for the initiation of communication, for any consequential costs resulting from the use of this service (such as the creation of a treatment order) or for it being unavailable or for its availability being delayed or restricted.
• The technical and legal framework conditions of the operating system manufacturer will be decisive and relevant regarding the use of the notification functions on your smartphone (Apple for iOS and Google for Android). 

Third-party providers:

HealthInfo Net AG
Seidenstrasse 4
8304 Wallisellen

Email: info@hin.ch

➔ HIN data privacy policy

Data shared by us with HIN:

• Your Compassana user ID

The communication partner reports back to your Compassana user account:

• Confirmation of the connection or creation of the communication channel

6.4 Doctor search and appointment booking (OneDoc)

OneDoc provides you with a booking platform for healthcare professionals and service providers (HPSPs). As a Compassana user, you can make an appointment directly.

Third-party providers:

OneDoc SA
Avenue de Secheron 15
1202 Geneva

Contact: https://help.onedoc.ch

• Privacy policy OneDoc SA

Data transmitted by you to OneDoc:

• Usage data (your search criteria, such as name of the professional or healthcare facility, specialisation, location/postcode)
• Master data (e.g. telephone number and address)
• Registration data (user ID)
• Additional information collected from you, such as comments, appointment requests

The third party will report back the following to your Compassana user account:

• Appointment availability
• Confirmation that appointment has been booked

6.5 Medication search

The medication search provides you with a list of prescription and non-prescription medications with information on their use and composition. The package insert can be accessed digitally.

Third-party providers:

HCI Solutions AG
Untermattweg 8
PO Box
3000 Bern I

Email: marketing@hcisolutions.ch

Data passed on to us by the third-party provider:

• None

The third party will report back the following to your Compassana user account:

• Bar codes for the identification of the medication

➔ AGB HCI Solutions AG ➔ Privacy policy of HCI Solutions AG

7.1 Other purposes

We process data for other purposes relating to the use of the Compassana app and the Compassana platform.

These other purposes include:

• Compliance with laws, guidelines and recommendations issued by authorities and internal regulations (‘compliance’).
• Processing of technical data to ensure and improve the system’s security and the stability of the Compassana platform and the Compassana app. This includes analysis, testing, error checking, troubleshooting and backup copies.
• We also process personal data in order to improve our functions and offerings. For example, on the basis of anonymous data, we analyse which functions are used by which groups of people and how they are used.
• We process your personal data for communication with you, e.g. to answer inquiries and to assert your rights and to inform you in case of queries. For this purpose, we use communications data in particular, if applicable also master data, registration data and, to resolve support cases in connection with the functions and offerings you use, also data that you have exchanged with third-party providers.
• We also process data for market research, marketing, and customer services. For example, we may send you information, advertising, and our product offerings, as well as those of third parties.
• Like most companies, we also personalise communications so that we can provide you with information and offerings that are of interest to you. For these purposes, we use master data in particular, as well as information on behaviour and preferences.
• We also process your data anonymously for other purposes. For example, for risk management, as part of prudent corporate management and for corporate development, as part of our internal processes and administration for training and education purposes, to enforce rights and to defend against claims, as well as to protect other legitimate interests.

If we are not obliged to process or disclose or even to maintain confidentiality under Swiss law, we will ensure that you are informed about the collection and its purposes, as well as any disclosure of personal data and you will be able to grant us your approval.

You can revoke your consent at any time by changing the settings in the Compassana app or by deleting your Compassana user account.

You can also object to the processing of your personal data for marketing purposes at any time by notifying us in writing, this also applies to individual communication channels (e.g. advertising by email only) or for individual advertising campaigns.

7.2 Notifications to authorities

We transmit data to departments, courts and authorities in Switzerland and other countries if we are legally obliged or entitled to do so under Swiss law or if this appears necessary to protect our interests and yours. In these cases, the authorities themselves are responsible for the processing of this data.

Use cases for example are criminal investigations, police measures (protection against violence, combating violence, etc.), supervisory requirements and court proceedings, reporting obligations, pre-judicial and extra-judicial proceedings, as well as statutory obligations to provide information and to cooperate.

Data may also be disclosed if we have to obtain information from third parties or public authorities in order to fulfil the legal claims you have asserted for information, for example to be able to clarify your identity reliably.

In order to be able to measure and improve technical and operational security, the availability and responsiveness and therefore the user-friendliness of the Compassana app and the Compassana platform, we collect technical status and process data in the form of telemetry data.

We use the services of the company DataDog based in New York, USA. Dashboards, automated warnings, visualisations, and specialised metrics are offered as part of an infrastructure monitoring service.

The technical data collected is anonymised and is processed in the European Union by DataDog Ireland in accordance with the European General Data Protection Regulation (‘GDPR’).

Datadog Ireland
13-18 City Quay 1st Floor
Dublin, D02 ED70 Ireland

Email: privacy@datadoghq.com

Data privacy information:
•    https://www.datadoghq.com/legal/privacy/#supplemental-notice-for-the-eea-uk-and-switzerland
•    https://www.datadoghq.com/gdpr/
•    https://www.datadoghq.com/legal/privacy/

We store and process personal data for as long as

1. this is necessary for the purpose of the processing;
2. we have a legitimate interest in the storage (e.g. to assert legal claims, for archiving purposes and to ensure IT and system security);
3. we are subject to a statutory retention obligation.

The following retention periods apply, although we may deviate from them in individual cases where there is justification:

• Compassana user account: The personal data is stored for the lifetime of your Compassana user account. If you request the deletion of your account, the account and the health data stored in it by you or by third parties will be deactivated immediately and marked for deletion. This will take place within 30 days at the latest. This deletion process cannot be revoked, the deletion is final. If the account is deactivated (e.g. in the event of inactivity or blocking as a result of misuse), the data will be deleted for a maximum period of 24 months.
• Master and contractual data: We generally retain master and contractual data for ten years from the time of the last contract activity or from the end of the contract. In individual cases, this period may be longer if this is advisable for reasons of evidence, as a result of legal or contractual requirements or for technical reasons. Transaction data relating to contracts are generally retained for ten years.
• Telemetry data: Depending on the purpose of the system, technical log data is automatically overwritten at certain intervals of time. We retain the data for a maximum of six months.
• Communication data: Emails, communications via the contact form and written correspondence are generally retained for ten years.
• Image and sound recordings: The retention period varies depending on the purpose. The storage period of health-related image and sound recordings depends on the customer account on which they are stored. If the corresponding customer account is deleted, the recordings will also be irretrievably deleted.
• Health protection concepts: Data for contact tracing is usually kept for a few weeks.

After these periods have expired and if there are no longer any legal or contractual obligations, your personal data will be automatically deleted or made anonymous as part of our usual procedures.

‘Profiling’ means the automated processing of personal data in order to analyse certain aspects or to make predictions, e.g. the analysis of interests, preferences, affinities and habits or to predict likely behaviour or to determine preference data.

For the purposes stated in this privacy policy, we only carry out profiling on the basis of anonymous data that cannot be personally assigned.

The most important areas of application are customer care and our marketing activities.

We implement comprehensive technical and organisational security measures to ensure the security of your personal data, to protect it against unauthorised or unlawful processing and to counter the risk of loss, unintentional modification, unwanted disclosure or unauthorised access.

• The security measures of a technical nature include, for example, the encryption and pseudonymisation of data, logging, access restrictions and the storing of backup copies.
• Security measures of an organisational nature include, for example, instructions to our employees, non-disclosure agreements, risk audits and monitoring.
• We also oblige our platform providers and processors to implement appropriate technical and organisational security measures.

We use modern technical concepts such as security and privacy by design and default, zero trust, encryption on transit & on rest and security in depth for this purpose.

We also have regular security tests performed by independent experts to ensure the actual effectiveness of our security requirements.
Unfortunately, we cannot completely rule out data privacy incidents, especially in the event of force majeure.

In case such incidents occur, we have taken precautions in order to be able to meet our reporting obligations to the authorities and to you quickly and comprehensively.

You have the following rights:

• The right to request information from us as to whether and what data belonging to you we are processing
• The right to have inaccurate personal data corrected
• The right to request the deletion of your personal data
• The right to request that we provide certain personal data in a current electronic format or transmit it to another responsible party
• The right to revoke consent with effect for the future, insofar as processing is based on consent
• The right to receive, upon request, further information that is helpful with regard to the exercising of these rights
• Please note that you must identify yourself to us adequately in order to exercise these rights. These rights must be applicable in each specific individual case. As an exception, we can refuse to allow you to exercise a right if this is necessary to protect other people, to protect interests worthy of protection or to comply with legal obligations.

You can deactivate the receiving of certain offers and information in your user account at any time. You can also unsubscribe from newsletters and other promotional emails by clicking on the relevant link at the end of the email.

Please contact us (➔ item 13) if you want to exercise one of your rights or if you have any questions about the processing of your personal data.

You can contact the supervisory authority responsible for us at any time with any questions and complaints:
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, CH-3003 Bern
https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.htm

If you have any questions about this privacy policy or the processing of your personal data, our support team will be happy to help:

datenschutz@compassana.ch

You can reach us by post at this address:

Bluespace Ventures AG
Am Stadtrand 11
8600 Dübendorf

We are continuously developing the Compassana platform and this app. For this reason, we also regularly revise this privacy policy. When this happens, we will inform you as a registered user about the changes. Please note that the current version of this privacy policy is applicable.