I. Scope

This privacy policy describes the applicable policies and procedures regarding the collection and processing of information that the user (hereinafter also “you”, “your”) provides when using the services on the AHTIDA platform (“platform”) provided by ahtida Clinic GmbH (“operator”, “we”, “us”, “our”) and informs users about their data protection rights.

The platform is aimed at users from Switzerland and was developed according to the principles of Swiss law. The use of the platform and the services offered on it are limited to Swiss territory unless explicitly stated otherwise. Use of the platform requires legal age.

The owner of the data collection and the responsible person (controller) within the meaning of the Swiss Data Protection Act (DPA) and, where applicable, the EU General Data Protection Regulation (GDPR), is:

ahtida Clinic GmbH (in process of incorporation)

CH-ID:

Every person has the right to protection of their privacy and protection against misuse of their personal data. The platform operator takes the protection of users’ personal data seriously and complies with all applicable data protection regulations as well as this privacy policy.

The operator uses users’ personal data exclusively to provide and improve services to the user. By using the services, users agree to the collection and processing of information in accordance with this privacy policy. If the user does not agree to these conditions, they should refrain from using the platform and the services offered on it.

This privacy policy forms an integral part of the general terms of use for the platform (Terms and Conditions) and must be accepted together with them before using the platform.

II. Definitions

 Within the framework of this privacy policy, the following words have the meanings defined below.

• Terms and Conditions refers to the operator’s general business terms for the use of the platform, which can be accessed in their current version at the following link: https://ahtidahealth.com/terms-conditions/
• Operator is the operator of the platform, namely ahtida Clinic GmbH, Zurich
• Services refers to the services provided by the operator on the platform and described in more detail in the Terms and Conditions.
• Service providers refers to companies or individuals who help the operator provide the services, perform services related to the services, or help the operator analyze the use of the services (e.g., IT service providers, software providers, partner doctors, partner pharmacies, payment service providers, etc.); service providers may process personal data on behalf of the operator and then fall under the so-called “processors” under applicable data protection laws.
• User account refers to a personal account created for each user upon registration for use of the platform to access the services or parts of the services.
• User (also referred to as “the users” or “you”) refers to the person accessing or using the services, or the company or other legal entity on whose behalf such person accesses or uses the services.
• Usage data refers to automatically collected data generated either by the use of the services or from the service infrastructure itself (e.g., the duration of a page visit).
• Personal data is all information and details that relate to a specific or identifiable natural person.
• Platform refers to the platform hosted athttps://www.ahtidahealth.com, which is provided by the operator and on which various services are offered, including the mediation of telemedicine services in the fields of mental health, sexual health, weight management, dermatology.
  

III. Collection and Use of Personal Data

We process personal data that you as a user and third parties (e.g., your treating physician) voluntarily provide to us – with your consent – for example, when you register on the platform, use our services, fill out forms or questionnaires, contact us via email or other communication means, sign up for our periodic newsletter, etc.

1.  Types of data collected Personal data:

Before using the services, the user must register so that a user account can be created. In this regard, the user must provide the following information:

• • First and last name
  • Address
  • Email address
  • Date of birth

Depending on the service the user wishes to use, additional personal data may be collected from the user. These may include questions about the user’s health status. By providing this sensitive data, the user agrees to the processing of this data by the operator and other service providers as described in this privacy policy.

Usage data:

When using the services, usage data is automatically collected. Usage data may include information such as the Internet Protocol address of the devices used by the users (e.g., IP address), browser type, browser version, the pages of the services that users visit, the time and date of users’ visits, the time spent on these pages, unique device identifiers, and other diagnostic data. The evaluation of usage data is carried out exclusively for internal purposes by the operator or by third parties exclusively in anonymized form and therefore does not include any processing of personal data.

Data collected by third parties and transmitted to the operator:

During the use of the services, users have the option to share data collected by a third party with the operator. If users choose to share personal data from third parties or otherwise sensitive information (including health data) with the operator (e.g., via the platform), the user guarantees that they have obtained the necessary permissions (consents) from this third party.

2. Use of personal data and processing purposes.

The use of the services and especially the platform is voluntary and all consents given can be revoked at any time without giving reasons.

Use by the operator:

The operator processes all personal data in accordance with applicable data protection laws, in particular the Swiss Data Protection Act (DPA) and, where applicable, the EU General Data Protection Regulation (GDPR).

“Processing” or “process” includes any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data.

The operator may process personal data for the following purposes:

• To provide and maintain the services, including monitoring the use of the services, as well as maintaining the secure and stable operation of the platform.
• For contract fulfillment: To provide the user with the requested services or to fulfill another contract that you have concluded with the operator: Currently, the services offered via the platform include, for example, the provision of infrastructure for remote treatment of users by our partner doctors (telemedicine), the transmission of prescriptions issued to the user by the partner doctor via the platform to the partner pharmacy, billing and collection of compensation for services provided by our partner doctors, and corresponding payment processing. The user account also contains the corresponding current payment information, which is used for payment of the paid services and for the enforcement of corresponding claims.
• To manage the user account, namely for registration for use of the platform: The personal data provided by users may enable users to access various functions of the services that are available to users as registered users.
• To contact users: To contact users via email, telephone, SMS or other equivalent forms of electronic communication, for example to answer/process user inquiries or to remind them of a booked appointment; to transmit information regarding updates, security updates or informative messages about the functions, products or commissioned services; to send newsletters or push notifications (if the user has consented to this).
• To provide users with messages, special offers and general information about other goods, services and events offered by the operator that are similar to those that users have already purchased or requested, unless you have objected to receiving such information.
• To fulfill legal and regulatory obligations to which we are subject.
• For other purposes: The operator may use users’ information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of advertising campaigns, and evaluating and improving the services, products, marketing and user experience.

Disclosure / Transfer to third parties:

The operator may disclose or share users’ personal data in the following situations:

• To service providers: The operator may share personal data with service providers to provide services to users or to contact users, to monitor and analyze the use of the services.
• To sub-processors: The operator may share information with sub-processors (e.g., IT suppliers).
• In the context of transactions / corporate transfers: The operator may disclose users’ information to evaluate or carry out a merger, sale, restructuring, reorganization, dissolution or other sale or transfer of some or all assets, whether as a going concern or as part of insolvency, liquidation or similar proceedings, in which personal data stored by the operator about users may be among the transferred assets.

In all these cases, the recipients are obliged to comply with this privacy policy as well as all applicable data protection laws and to treat personal data confidentially.

The operator may disclose or share personal data for any other purpose with the users’ consent.

Furthermore, the operator may disclose personal data if necessary to:

• fulfill a legal obligation;
• protect overriding own interests, e.g., to prevent or investigate possible misconduct in connection with the services;
• protect the interests of other users of the services or the public;
• protect against legal liability;
• cooperate with authorities based on official orders; or
• enforce users’ obligations.

However, your personal data will neither be sold nor otherwise passed on to third parties who do not process this personal data on our behalf and according to our specifications.

3. Release from medical confidentiality

 Insofar as the use of the services requires the transmission of information subject to medical confidentiality (e.g., service billing via the platform with reference to mediated medical services, transmission of a prescription via the platform, etc.), THE USER RELEASES THE RESPECTIVE DOCTOR, THE PHARMACIST AND THEIR ASSISTANTS WITH REGARD TO THE OPERATOR FROM MAINTAINING PROFESSIONAL SECRECY BY ACCEPTING THE TERMS AND CONDITIONS AND THIS PRIVACY POLICY.

IV. Storage and Retention of User Personal Data

 Users’ personal data is stored on servers located in Switzerland.

The operator retains personal data only as long as necessary for the purposes set out in this privacy policy. The operator retains and processes users’ personal data to the extent necessary to comply with legal obligations (for example, if data must be retained to comply with applicable law), resolve disputes, and enforce our legal agreements and policies.

The operator will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period unless this data is used to strengthen security or improve the functionality of the services, or the operator is legally obligated to retain this data for longer periods.

V. Transfer Abroad

Users’ personal data is stored on servers located in Switzerland and is generally processed by us exclusively in Switzerland. Our service providers are partly located in EU/EEA[1] countries, which is why there may also be a transmission/disclosure of data to EU/EEA countries and processing of personal data there. The operator has concluded written contracts with all recipients that obligate the recipient to maintain confidentiality and comply with this privacy policy as well as the requirements of the DPA and, where applicable, the GDPR.

A transfer to countries outside Switzerland or the EU/EEA does not take place without prior information to users.

The operator will take all reasonable steps to ensure that users’ data is treated securely and in accordance with this privacy policy. We generally do not transfer personal data outside Switzerland or the EU/EEA. If the transfer of personal data to a country outside the EU/EEA is required, this will only occur if contractual clauses or other guarantees that comply with data protection legislation (e.g., conclusion of EU standard contractual clauses, which are also recognized in Switzerland) are in place.

By contacting us at the address provided at the end of this privacy policy, you as a user can obtain information at any time about which countries and which categories of recipients we disclose and/or transfer your personal data to and what measures (guarantees) we have taken to protect it.

VI. User Rights

To exercise your rights as a user and generally for questions about the processing of personal data by the operator, you can contact us at the address provided at the end of this privacy policy.

1. Right to correction or deletion

As a user of the platform, you have the right to request the correction or deletion of your personal data. You can independently manage, correct and also delete certain information within your user account.

You are also obligated to always keep your personal information up to date and make corresponding changes/deletions by logging into your user account and making the corresponding corrections/deletions in the account settings area. Alternatively, you can send us a corresponding correction or deletion request (see contact details below).

Please note that we as the operator must retain certain information if there is a legal obligation or legitimate basis for doing so. If this is the case and if we cannot comply with your request for correction and/or deletion based on this, we will inform you of this with reasons.

2. Right to information

Users have the right to receive information free of charge at any time about the personal data we process about them, their origin and the categories of recipients as well as the purpose of data processing.

If you send us a corresponding request, please note that we must be able to identify you clearly, otherwise no information can be provided. Accordingly, we ask you to attach a copy of your identity card or passport to your request. Only with such proof are we able to ensure that the information and/or access is only provided to the authorized and affected person.

Please note that we may refuse, restrict or postpone the information for certain reasons (e.g., overriding interest of third parties, obviously unfounded or vexatious request, etc.). If such reasons exist, we will inform you.

3. Right to data portability/transfer

Upon request, users have the right to receive a copy of their personal data stored electronically by us for further use by another service or organization.

We may refuse, restrict or postpone the release or transfer of personal data for certain reasons (e.g., overriding interest of third parties, obviously unfounded or vexatious request, etc.). If such reasons exist, we will inform you.

4. Further rights and concerns

For further concerns or the wish to object to processing for certain purposes or to revoke consent given, please also contact us via the contact details below. We will do our best to accommodate your concern.

If we cannot help you further, you also have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC) and/or with a competent EU supervisory authority (depending on jurisdiction or applicability of the GDPR).

VII. Security of User Personal Data

We have implemented the necessary and appropriate technical and organizational measures to protect your personal data from loss, disclosure and unauthorized access. These include the issuance of instructions, training, IT and network security solutions, password protection, access controls and restrictions, as well as other controls, pseudonymization and encryption. We regularly review our security policies and processes together with our IT specialists to ensure the protection of your data.

However, users should note that no method of transmission over the Internet or electronic storage is 100% secure. Although the operator uses reasonable means to protect users’ personal data, absolute security cannot be guaranteed.

VIII. Changes to this Privacy Policy

The operator may update and/or change this privacy policy from time to time. The operator will inform users about material changes by publishing the new privacy policy on the website www.ahtidahealth.com/privacypolicy , notifying users within the application, or sending a corresponding notification to the contact details provided by the user.

Continued use of the operator’s services or the platform after such changes means users’ consent to the revised privacy policy.

Users are advised to regularly review this privacy policy for changes. Changes to this privacy policy are effective once they are published on the website https://ahtidahealth.com/privacy-policy/

IX. Applicable Law and Jurisdiction

This privacy policy is subject to the substantive law of Switzerland and is to be interpreted accordingly.

For all disputes arising from or in connection with this privacy policy, to the extent legally permissible, the courts at the operator’s registered office (currently: Zurich, Switzerland) have exclusive jurisdiction.

X. Cookie Settings

We use cookies to improve your experience on our website and to offer you personalized content and advertising. You have the option to change your cookie settings at any time and manage your consent. To adjust your cookie settings, please visit our cookie management page. Here you can find detailed information about the cookies we use and set your preferences.

XI. Contact

If you have questions about this privacy policy, for requests, concerns or complaints, you can reach us at the following contact details:

ahtida Clinic GmbH
Email: privacy@ahtidahealth.com
Website: https://www.ahtidahealth.com/
Last updated: July 2025

[1] European Economic Area.