Privacy Statement

This is an automatically generated translation. The German version is legally binding and takes precedence in the event of a conflict.

 

Date of effect: 12.12.2024

 

About This Privacy Policy
Altea Care has been developed for users in Switzerland. This Privacy Policy describes the collection, processing, and use of data generated by the Altea Care medPortal and complies with the requirements of the new Swiss Data Protection Act (nDSG). Additionally, it aligns with the European General Data Protection Regulation (GDPR), a worldwide standard for strong data protection.

All personal and health data are stored and processed using advanced encryption technologies and up-to-date data protection concepts in data centers located in the canton of Zurich (Switzerland).
Without your consent or legal obligation, your personal data will not be disclosed to third parties, as outlined in this Privacy Policy.
For further questions about data protection, please contact us at:
movos AG
Rennweg 57
8001 Zurich
support@movos.ch

 

1. What is Altea Care?

Altea Care enables safe and responsible management of health-related information.
The Altea Care medPortal and the Altea Care App are developed and operated by movos AG. Medical professionals can use the medPortal to manage patient data and document health data within the scope of treatment.

 

2. Purpose of This Privacy Policy

In this Privacy Policy, we inform you about how and why we collect, process, and use your personal data when you use the Altea Care medPortal. This policy meets the legal information requirements under Article 19 of the new Swiss Data Protection Act.

In this Privacy Policy, you will learn:

• who is responsible for processing your personal data;
• what personal data we collect and process;
• the purposes for which we use your personal data;
• to whom and why we may share your personal data with your permission;
• how long we process your personal data;
• your rights regarding your personal data; and
• how you can contact us.

This Privacy Policy can be viewed at any time on the Altea Long COVID Network website.
Please note that the Terms of Use and Privacy Policy on the Altea Long COVID Network website also apply to the use of that site.

 

How We Collect and Process Information

For certain features in the medPortal, users may be asked to provide specific personal data. movos collects and processes this data for the purposes outlined below. All data is treated as confidential and used only for the specified purposes, with data retention limited to the necessary period.

In accordance with your consent, we collect the necessary personal data you voluntarily provide to use our services. This may include:

• Contact information(e.g., your name, email address, date of birth, GLN number)
• Login information(e.g., usernames and passwords)
• We may collect non-personal data about your use of our applications and website, including:
• Device information(e.g., device type and operating system)
• Usage data(e.g., feature usage, preferences, and interactions with our services)

 

The information we collect may be used for the following purposes:

• Store user data for medPortal registration and authentication
• Facilitate access to and use of the medPortal
• Document and process medical data as entered by users
• Internal purposes at movos, such as data analysis and research to improve the platform and its use
• Fulfill legal obligations and enforce our rights

movos will not use personal data collected via this platform for marketing purposes. movos does not use external service providers to collect non-personal data.

 

3. What Does Data Processing Involve, and Who is Responsible?

Personal data refers to any information relating to an identified or identifiable natural person.
Processing involves any handling of personal data, regardless of the tools and methods used, including collecting, storing, retaining, using, altering, disclosing, archiving, deleting, or destroying data.

 

3.1 movos AG as the Data Controller

In principle, movos AG is responsible for data processing under this Privacy Policy.
We may share your personal data with third parties in the following situations:

• Service Providers and Sub-processors: movos may engage third parties to perform specific functions on our behalf, such as hosting services, medical services, and data analysis. These service providers only have access to your personal data to the extent necessary to perform their duties, always based on your explicit consent. The following table lists third parties acting as sub-processors of your data, which may change over time:

Third Party/Sub-processor	Location	Service/Processing Activity
movos AG	Zurich, Switzerland	Internal communication, data storage, encrypted data management
Perfect Art Ltd.	London, UK	Product development, consulting, technical back-end support
Oracle	Zurich, Switzerland	Hosting services
Keycloak	Email and password	Authentication service

• Compliance with Laws:We may disclose data when legally required, such as by court order or as part of legal or extrajudicial proceedings, to enforce or protect our rights.
• Business Transfers:In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred or disclosed as part of the transaction, subject to your explicit consent. We will inform you by email or with a prominent notice on the Altea Care App of any changes in ownership or use of your personal data.

movos may also share information, including anonymized data, with third parties if necessary to use and improve the medPortal and related services associated with the patient journey. Third parties involved in the medPortal are contractually obligated to protect users' data and comply with all applicable data protection laws. The data of users will only be provided to the extent necessary for the proper functioning and improvement of the medPortal.

If you wish to file a complaint about the processing of your personal data by movos, please contact the local data protection authority. Contact information for the Swiss Data Protection Authority (EDÖB) is available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

 

3.2 Data Processing with Your Consent

We generally process personal data based on the Terms of Use and this Privacy Policy.
Medical data is subject to a statutory retention period of ten years. Therefore, completed assessments, patient names, and birth dates will be retained for this period and then deleted.

 

3.3 Responsibility on the Altea Care Platform

You control the management and sharing of your personal and health data with third parties via your Altea Care user account.
You can revoke your consent later for each instance and contact us at any time with questions or to exercise your rights.
Please note that the general terms and data protection policies of the specific medical institution apply in addition to the use of Altea Care by each professional.

 

3.4 Security Measures

The personal and medical data of users are stored by movos' external hosting provider in Switzerland. movos has established a comprehensive data security architecture that exceeds current DSG and GDPR requirements, ensuring the highest standards as follows:

• Self-Sovereign Identity (SSI):The system architecture complies with SSI principles, where users are not dependent on a provider for data access, control, and usage transparency. No hidden metadata is generated, and no data restrictions are imposed.
• User Transparency:Users have full control over the system and can see how, when, and by whom their data is accessed. No health-related data is accessible without the explicit and revocable consent of the user.
• Data Anonymization:Data is stored in an anonymized form in a cloud environment, making it impossible to link or correlate recorded interactions or data points with individual users.
• Data Center Location:The cloud service and computing resources are located in Zurich, Switzerland.
• movos as a Service Provider:movos only stores data as the service provider.
• Staff Access:movos staff is neither involved in reviewing submitted health data nor facilitating data exchange between patients and doctors. However, general user profile data is accessible to movos staff to assist users.

Access to user data is limited to parties whose services require specific support or services based on the user’s individual consent.

 

3.5 Data Breaches

movos has implemented comprehensive security measures to prevent data breaches. Should personal data be compromised, movos will promptly notify relevant authorities and affected users within the legal framework if there is a risk to the rights of affected persons.

Affected professionals will be informed via the Altea Care medPortal about the nature of the breach, possible consequences, and recommended protection measures. If you suspect misuse of your data, please contact movos Support.

 

4. Privacy Policy Amendments

movos reserves the right to change this Privacy Policy at any time without providing reasons. movos will inform users of any changes. After a reasonable transition period of at least three months, the updated version of the Privacy Policy will apply, and without objection from users within this period, these changes will be considered accepted. Otherwise, movos may terminate the agreement. All other changes to this Privacy Policy or deviations from it require written form.

 

5. GDPR Data Protection Rights

We aim to ensure that you are fully informed of all your data protection rights. Every user has the following rights:

• Right of Access– You have the right to request copies of your personal data. We may charge a small fee for this service.
• Right to Rectification– You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
• Right to Erasure– You have the right to request the deletion of your personal data via email to support@movos.ch. Please note the legal retention period for medical data (see 3.2).
• Right to Restrict Processing– You have the right to request that we restrict the processing of your personal data.
• Right to Object to Processing– You have the right to object to the processing of your personal data.
• Right to Data Portability– You have the right to request that we transfer the data we have collected to another organization or directly to you.

If you wish to exercise any of these rights, please contact us. We will respond within one month.