Our commitment

for the protection of your data

This document aims to clarify our commitment and responsibility in the area of ​​data protection.

Value and Ethics

At agenda.ch, respect for our values ​​is one of our reasons for being and we are proud of it. Our values ​​also include integrity and honesty.

Ownership of data and responsibility for their processing

The data on agenda.ch as well as the final responsibility for processing belong to our customers who use our software.

Agenda.ch will therefore never use this data for its own account.

Making an appointment on agenda.ch does not require a patient to open an account.

Regarding data, the data of each customer account is separated from other customer accounts. No data is shared between two customer accounts.

Responsibility of agenda.ch

Agenda.ch's responsibility is to provide the best possible service to its customers.

We are fully aware that our customers sometimes process sensitive and confidential information on our platform. We therefore understand the reason for data protection laws, since their main objective is to avoid causing harm and damage to individuals through misprocessing of data or negligence.

We take medical confidentiality very seriously since it aims to protect the medical and private data of patients (results, medical records, diagnoses, imaging data, documents, etc. data on the private sphere, etc.)

Physical location of data

All data on agenda.ch is hosted on servers in Switzerland in robust and secure data centers.

Traceability

All actions on the data, the name of the action and the name of the user are historicized (logged).

Team

Agenda.ch employees were hired based on the criteria of their skills, integrity, sense of responsibility and rigor. They share our values ​​and are employees in Geneva. We do not use “outsourcing” collaborators from outside Switzerland.

All our employees are contractually bound to respect professional secrecy, which means that they cannot disclose any information to third parties, whether concerning agenda.ch customers or customer account data.

The agenda.ch offices are not shared with other companies.

At the request of our customers, our employees can access their account in order to help them use the platform. All actions of agenda.ch employees are also recorded (“logged”).

Data processing at customer request

Agenda.ch only processes personal data within the agreed framework and according to the customer's instructions. The only situation that could force agenda.ch to process information or data would be that emerging within a strictly legal framework (this has never happened in 12 years of existence). Where applicable, agenda.ch will inform the customer, to the extent permitted, of the corresponding legal requirements before the start of processing.

If the customer explicitly requests it, agenda.ch can delete specific data from an account or merge data from two accounts.

Specific technical measures

To guarantee confidentiality:

  1. Authorized employees only have access to the personal data they need to perform their tasks. Access is via an individual password. Each employee access is logged.
  2. Only employees and authorized persons have access to agenda.ch premises. No employee has physical access to the servers which are hosted in a Swiss data center.
  3. Unauthorized persons may not use automated data processing systems by means of data transmission facilities.

To ensure availability and integrity:

  1. Encrypted backups are made every hour to external secure servers.
  2. Unauthorized persons may not read, copy, modify, move, delete or destroy backups (data carrier control).
  3. The availability of and access to personal data can be quickly restored in the event of a physical or technical incident.
  4. We ensure that all functions of the automated data processing system are available (availability), malfunctions reported (reliability) and that recorded personal data are not, a priori, damaged by system malfunctions ( data integrity);
  5. Where possible, we ensure that operating systems and application software are always maintained at the latest security level and that known critical gaps are closed (system security).

To guarantee traceability:

  1. Each action is recorded (“logged”): the personal data entered or modified in the automated data processing system, the time of these actions and their author (entry control).
  2. We can trace personal data and thus trace to whom it is communicated using data transmission facilities (communication monitoring);
  3. We can quickly detect data security breaches (detection) and therefore be responsive to take measures to reduce or eliminate the consequences (elimination).

We are committed to doing our utmost to respect the confidentiality of our customers' data.


Done in Geneva, October 18, 2023,




Wouter
Wouter van der Lelij
Founder and manager
Bono
Bono Stebler
Technical manager and manager