Version dated 1 March 2019
2 Scope of application
- the use of Klenico’s website (website) by visitors to the website, as well as
- the use of Klenico’s database software (software) by Klenico’s clients, such as clinics, doctors’ offices, resident physicians or psychotherapists, in particular (collectively referred to as clinics).
The controller for the collection, processing and use of your personal data, within the meaning of Article 4 (7) GDPR, is either Klenico or the clinic handling the case. In detail, reference is made to item 6 in conjunction with item 4, where the individual data processing procedures are described and the controller in question is stated.
4 Individual instances of data processing
Klenico processes data within the following data processing procedures:
- User data when the software is used: item 4.1;
- Patient data when the software is used: item 4.2;
- Anonymised patient data: item 4.3;
- Data during hosting: item 4.4;
- Contact data in email correspondence: item 4.5;
- Access data when the website is used: see item 4.6;
- Cookie data: item 4.7;
- Google Analytics data: item 4.8.
4.1 Individual instances of data processing
The software records when a clinic employee sets up new patient files using our software, after logging into our system via ‘Login myKlenico’. This information is used for handling the billing of licence fees (billing) between us and the clinic. This data processing is justified by our overriding legitimate interest in carrying out our contract with the clinic.
In addition, the software records the manner in which the Klenico system is used (user analysis, optimisation) and passes this information on to Klenico; for example, how frequently a particular function is accessed and in what sequence this occurs. This information is anonymised within the system by being stored without reference to a particular user and by being aggregated to form frequency data. We use this data to study behavioural patterns, which enables us to make improvements to the software (e.g. to user navigation). This means that clinic staff are assisting with the ongoing improvement of our system, which also benefits their work. In terms of the data processing relevant to this, we rely on the justification of our overriding legitimate interest in reviewing and improving our software systems.
4.2 Patient data when the software is used by the clinic
Klenico does not receive access to patients’ personal data and is not aware of their identity. This data is stored in the patient database and can only be accessed with a security key that is solely held by the clinic: see the description of data security measures under item 7 below.
As a result, this means that patient data is solely collected and processed by the clinic, using the system provided, hosted and run by Klenico; neither Klenico nor the server operator, nor anyone else outside the clinic handling the case in question, sees the name of any patient (unless the patient themselves contacts Klenico to assert their rights as a data subject, for example: see item 6).
The following description aims to create transparency as to how the software is actually used by clinics and what data processing procedures occur as part of this:
- In general, the data is collected by specialist medical staff (the doctor handling the case in question or their assistant) as part of the patient’s self-disclosure (symptom information) or as part of diagnostic interviews.
- The patient can be given a tablet with the software for the self-disclosure; in this case, the doctor is automatically logged out when they access it so the patient can only provide information about their symptoms and not see or use other areas of the software.
- Otherwise, the patient can receive an email from the Klenico system with a link to an online survey that they can use to provide symptom information on their own end device. The doctor sending the invitation will be kept up-to-date with the response status on an ongoing basis in their part of the software. As soon as the symptom information has been completed, the doctor is able to see the result. The link sent out in the email is automatically deactivated once the symptom information has been provided.
- Klenico has no control over the emails sent out; it does not know the addresses they are sent to and cannot view them. Klenico solely provides clinics with sample texts for these emails.
- The automated documentation that is a technical necessity for any email communication is handled by the globally established web service Amazon SES, which keeps appropriate logs. The entire communication process occurs via an SSL-secured connection.
4.3 Anonymous patient data used secondarily by Klenico
Klenico only receives access to anonymised data from the symptom database (see more on this point under item 7 below) for those patients who have expressly consented to the anonymised use of their symptom data. Statistical methods are used to evaluate these data strings for scientific purposes and to improve the quality of diagnostics. To this end, data is automatically anonymised when being exported from the symptom database so that Klenico is prevented from having any opportunity to access it without prior approval from the patient for this usage.
The clinic collects the above-mentioned consent from the patient in advance. This means that the patient is free to decide whether to provide their health-related data to Klenico in anonymised form. The patient can revoke their consent for the anonymised use of their health-related data by the clinic or Klenico at any time.
All the data is hosted in Switzerland by a specialist server hosting company. The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services that we use for the purpose of operating the website and the Klenico system.
To this end, we or our hosting provider process the data listed under items 4 and 7 on the basis of our legitimate interest in providing our software and website efficiently and securely pursuant to Article 6 (1) (1) (f) GDPR in conjunction with 28 GDPR and any other grounds for justification listed under item 4.
4.5 Email contact
If you contact us (e.g. via email), we process your details so that we can handle your enquiry and in the event that follow-up questions arise.
If the data is processed so that steps can be taken prior to entering into a contract as a result of your enquiry or to execute the contract (if your employer is already a client), the legal basis for this processing is Article 6 (1) (1) (b) GDPR.
We only process additional personal data if you give your consent for this (Article 6 (1) (1) (a) GDPR) or if we have a legitimate interest in processing your data (Article 6 (1) (1) (f) GDPR). We have a legitimate interest in answering your email, for example.
4.6 Users’ access data when the website is used
Klenico collects certain pieces of information when visitors use Klenico’s website: we automatically collect information about usage behaviour and your interaction with us, and we record data about your computer or mobile device. We collect, store and use data about every time our website is accessed (known as server log files).
Access data includes: the name/URL of the file accessed and the date/time it was accessed; the quantity of data transferred; the browser version; the operating system; the internet service provider; the referrer URL; the IP address.
We use this log data for statistical evaluations, without allocating it to you as an individual or other kinds of profile generation, for the purpose of operating our website and keeping it secure, and for anonymously recording the number of visitors (traffic) and the way in which our website and services are used. This enables us to analyse data traffic, identify and resolve faults and improve our services. This also represents our legitimate interest pursuant to Article 6 (1) (1) (f) GDPR.
We reserve the right to retrospectively review the log data if there are concrete indications that give rise to the justified suspicion of illegal use. We store IP addresses for a limited period of time in the log files if this is necessary for security purposes or for providing services.
Most websites use ‘session cookies’ for optimisation purposes. A session cookie is a small text file sent from the servers in question when a website is visited and cached locally on the hard drive. This file itself contains a ‘session ID’ which enables the browser’s various enquiries to be assigned to the entire session. For example, the session cookie helps ensure that a user remains logged on for multiple sessions. These cookies are deleted when the browser is closed. Alongside session cookies, there are also ‘persistent cookies’ which remain stored on the end device and make it possible for the browser to be recognised during the next visit.
The cookies store the following data and information: language settings; search terms entered; information about the number of times our website was accessed and the use of individual functions of our online presence and the Klenico system. We only receive pseudonymised information on the basis of the cookie technology, not your name or IP address.
Klenico also deploys this global standard, with persistent cookies only being used to a limited extent. Our legitimate interest in using cookies pursuant to Article 6 (1) (1) (f) GDPR lies in making our website and the Klenico system more user-friendly, effective and secure.
You can adjust your browser settings so that you are informed in advance of cookies being stored and can decide in each individual case whether you would like to exclude cookies from being accepted in particular circumstances or generally, or prevent cookies from being stored entirely. This can limit the functionality of the website.
4.8 Google Analytics
Google is subject to and has been certified by the Privacy Shield Agreement concluded between the European Union and the USA. This means that Google is obliged to comply with the standards and requirements of European data protection law. Further details can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymisation (anonymizeIp). This means that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area beforehand. The full IP address is only transferred to a Google server in the USA, and truncated there, in exceptional circumstances. Google will use this information on our behalf to evaluate your use of the website and software.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data held by Google. In addition, you can prevent cookies from being stored by adjusting the settings of your browser software accordingly; in this instance, you may not be able to use all the functions of this website. There is also the option of using a browser plugin (e.g. http://tools.google.com/dlpage/gaoptout?hl=de) and storing an opt-out cookie to prevent Google Analytics from collecting data within this website in the future.
5 Storage period
Unless specifically stated, we only store personal data for as long as it is needed to fulfil the purpose being pursued.
Legislators require personal data to be retained in particular cases, such as in accounting law. In these cases, we only continue to store the data for these statutory purposes; it is not processed in other ways and is deleted once the statutory retention period has expired. Data linked to a user account (myKlenico) is always kept for the duration that this account is managed.
6 Your rights as a data subject affected by data processing
The applicable laws give you various rights relating to your personal data. If you would like to assert these rights, please send your enquiry via email or post (see contact details under item 9), identifying yourself clearly, to the controller within the meaning of Article 4 (7) GDPR:
- The controller for data processing pursuant to items 4.1, 4.4, 4.5, 4.6, 4.7 and 4.8 is Klenico;
- The controller for data processing pursuant to item 4.2 and item 4.3 is the clinic handling the case in question.
An overview of your rights is below. More detailed information can be found in Annex 1: Rights of the Data Subject.
6.1 Right of access and confirmation
You have the right to access an overview of the processing of your personal data.
6.2 Right to rectification
You have the right to request the rectification and, if necessary, completion of personal data concerning you.
6.3 Right to erasure (‘right to be forgotten’)
The controller is obliged to delete personal data concerning you in an array of cases.
6.4 Right to restriction of processing
In certain cases, you are entitled to request that the processing of your personal data be restricted.
6.5 Right to data portability
You have the right to receive the personal data concerning you from the clinic handling the case in a machine-readable format, as well as the right to transmit it or have it transmitted in such a format.
6.6 Right to object
You have the right to object even to the legally compliant processing of your personal data if this is due to grounds relating to your particular situation and our interests in processing do not override this.
6.7 Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time (see the consent for anonymised use of health-related data under item 4.3). The withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.
7 Data security
The security of the personal data we process is of the utmost importance to Klenico. We are aware that the applicable data protection laws require health-related data, in particular, to be subject to a higher standard of protection. To protect your personal data, we implement technical and organisational security measures (see Article 32 GDPR) that we update on an ongoing basis to keep them at a state-of-the-art level. The servers we use are carefully secured at regular intervals.
To satisfy the highest security standards, Klenico stores particularly sensitive health-related data in two different databases with different access rights (also see item 1 of Klenico AG’s Ts & Cs):
- Patient database: contains the patient’s contact details recorded by the clinic (first name, last name, date of birth, gender, email address, patient number at the clinic).
- Symptom database: contains the data recorded by the clinic relating to symptoms and illness progression (particularly symptoms that are and are not present and ICD diagnostic code, the severity according to self-disclosure and diagnostic interview if necessary; medical history; further progression of the illness if necessary).
The patient database is secured using a security key. This key is solely held by the clinic in question. This means that Klenico has no access to the data stored in the patient database.
The data in the symptom database is stored in pseudonymised form and cannot enable conclusions to be drawn about an individual. For conclusions to be drawn, the data needs to be merged with the patient database, which can only be achieved using the security key. Only authorised users (see item 2.1 of Klenico AG’s Ts & Cs), i.e. normally the doctor handling the case at the clinic, have access to this key.
We transfer your personal data in encrypted form. We use the SSL (Secure Socket Layer) coding system, but would like to point out that any transfer of data online (e.g. via email communication) may give rise to security vulnerabilities.
8 Disclosure of data to third parties, no data transfer to non-EU foreign countries
All the personal data processed by Klenico or the clinics remains in Switzerland. Even the hosting provider used by Klenico (see 4.4) stores all the data on servers in Switzerland. In principle, data is not transferred to bodies or individuals outside the EU (see, however, tracking technologies such as cookies or Google Analytics: items 4.6 and 4.8).
In principle, your personal data is only processed within our company or the clinic handling the case in question. If and to the extent that we include third parties within data processing (such as our hosting provider, currently, see item 4.4), personal data is only transferred to them to the extent necessary for the service in question. Additional security measures are undertaken to protect health-related data: in particular, we operate two separate databases with different access rights to ensure that the hosting provider (and Klenico itself) cannot find out patients’ identities under any circumstances: also see item 4.2 and item 7.
In exceptional cases, we are also permitted to disclose your data to the following third parties: government agencies and supervisory authorities or other individuals in compliance with the applicable laws, provisions, judicial decisions or official requests provided they are stipulated or permitted under the applicable law.
9 Contact details
If you have any questions and/or would like to assert your rights vis-à-vis Klenico as a controller (see item 6) you can contact us via email or post as follows:
If the clinic handling the case is the controller of the data processing in question (see item 6), please contact them.
Annex 1: Rights of the data subject
(see items 6.1 – 6.6 of the Policy)
-Right of access and confirmation (Art. 15 GDPR)
You have the right to obtain from the controller, at any time, confirmation as to whether or not personal data concerning you are being processed and, where that is the case, you have the right to request from the controller information about the personal data stored about you, free of charge, along with a copy of this data. You also have a right to the following information:
- The purposes of the processing;
- The categories of personal data being processed;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the controller rectification or erasure of personal data concerning you, or restriction of processing, or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from you, any available information as to their source;
- The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
-Right to rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
-Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)
Pursuant to Article 17 (1) GDPR, you have the right to request the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to point (a) of Article 6 (1) (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2).
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Where we have made the personal data public and are obliged pursuant to Article 17 (1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
-Right to restriction of processing (Art. 18 GDPR)
You have the right to request from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- We no longer need the personal data for the purposes of the processing, but you require the personal data for the establishment, exercise or defence of legal claims;
- You have objected to processing pursuant to Article 21 (1) GDPR pending the verification as to whether our company’s legitimate grounds override yours.
-Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where:
- The processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
- The processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
-Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) (1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, you, on grounds relating to your particular situation, have the right to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.