Swiss
Privacy Policy

Learn how we safeguard your personal information and ensure data security.

1. We're here to help. Get in touch.

You can get in touch with us at any time about the way we handle and safeguard your information.

If you want to:

  1. ask questions
  2. update your information
  3. update or delete your Heidi Platform account
  4. change your user preferences
  5. register a concern
  6. opt out of marketing
  7. anything else…
  8. We're just a call or a few clicks away.

If you have any questions or complaints about how we handle your information you can get in touch with us at support@heidihealth.com

2. About us

This policy applies to Heidi Health Ltd, a company registered in England (Company No. 15878893), with its registered office at 49 Greek St, London, UK, W1D 4EG, and its related companies (see section 14). The entity responsible for processing your data is the controller.

Definitions:

FADP: Swiss Federal Act on Data Protection (revFADP, 2023), the primary data protection law applicable to individuals in Switzerland.

  • we, our, us: Heidi Health Ltd and its affiliates
  • you: the reader of this policy
  • your information: personal information you provide
  • privacy laws: applicable privacy and data protection laws, including Swiss FADP and UK GDPR

Swiss Users: Swiss Users: We do not currently appoint a Swiss representative under Article 14 FADP, as our processing does not meet all cumulative criteria: (a) regular offering of goods/services or monitoring in Switzerland, (b) large-scale processing, (c) regularity, and (d) high risk to personality rights. Additionally, our processing is conducted as a processor on behalf of healthcare providers, and therefore not subject to Article 14’s controller-only obligations. However, we continuously monitor our operations and legal obligations and will reassess this requirement as our services expand or change. We also ensure transparency and facilitate the exercise of your rights under Swiss law directly through our privacy support team..

3. What information do we collect?

We collect and hold the following categories of information, including personal information, health information, payment information, device information, and general information to help us improve our services.

When you access and use our website, Platform, or other services, we collect and hold the following main categories of information as detailed in the table below. The collection of extensive data sets, including device information, is crucial for enhancing user experience, optimising service functionality, and ensuring robust security measures. We process such information based on legitimate interests—improving our services and maintaining security—and where applicable, through explicit consent, which is transparently obtained at the point of data collection. If you choose not to provide the requested information, it may impact our ability to deliver these services to you fully.

Additionally, we may collect other types of information from you to further tailor and secure our offerings, adhering to all requirements under all relevant regulations, ensuring transparency and giving you control over your personal data.

Your general personal information

This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, gender, contact number and email address. Where you are a Practitioner, we may also collect information relating to your qualifications, registrations, training and educational background.

Payment and claim information

We may collect information from you in order to pay for services, or for us to make claims on your behalf. This may include credit card information, bank account details and Medicare card and claim details.

Sensitive Health information

This includes any health information that Practitioners provide when accessing or using our website, platform, or other services. We may collect health information from you for the purposes of facilitating the delivery of the Platform. Additionally, we may collect health information about patients from Practitioners, including information arising out of or in connection with the use of the Platform. This may include information that a Practitioner provides directly to us or otherwise makes available. Types of health information we may collect include medical history, clinical notes, test results, disease status, and prescribed medications, among others. For the sake of clarity, all sensitive health information undergoes a pseudonymization process where all personal identifiers that can reasonably identify an individual are removed, ensuring there is no reasonable likelihood of re-identification by malicious actors. For the avoidance of any doubt, no patient data from users is used to train, develop, or improve any of our AI models.

Device information

This includes your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.

Additional information you provide

This includes information you provide to us through customer surveys, directly through our website or indirectly through your use of our website or Platform or online presence or through other websites or accounts from which you permit us to collect information.

Information collected for our own business improvement

We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our website, Platform and other services are being used to help us improve our services and provide benefits back to our users. When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you so that there is no reasonable likelihood of re-identification occurring. When we use this information for the purposes of business improvement, it is always in de-identified form.

Information collected by cookies

We may collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited. We may also collect some personal information when using cookies, such as where a cookie is linked to your account. There are more details about cookies in section 9.

Information collected for recruitment purposes

When you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

4. How do we collect your information?

We collect your personal information when you engage with us or from third parties.

In many instances, we collect personal information directly from you. Here are some of the main ways.

Registration

When you register on our website or Platform.

Communication

Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform.

Interaction

When you interact with our sites, Platform, services, content and advertising or use our Platform or services.

We may also collect information about you from our related companies, third party service providers and other organizations that we partner with. For example:

  1. when you apply for a job or position with us, we may collect information about you from any recruitment consultant, your previous employers, referees, CV checking agencies or others who may be able to provide information to assist us with our decision; and
  2. where you are a Practitioner, we may collect information about your qualifications, registrations, training and education background from third party sources, for purposes which include verifying your status as a qualified medical practitioner.

5. How do we use your information?

We use your personal information to enable us to deliver and improve our products and services.

We adhere to privacy by design principles by integrating data protection from the outset of designing our systems and business practices. Our measures include robust encryption, stringent access controls, and continuous threat monitoring. Privacy impact assessments are conducted regularly to ensure potential risks are identified and mitigated, ensuring data protection is a foundational aspect of our operations.

Where we process data worthy of particular protection, we do so with your explicit consent, unless otherwise permitted under Swiss law (e.g., for overriding public interest, legal obligations, or for the performance of a contract initiated by you).

We implement rigorous de-identification techniques to ensure personal and health data are psuedonymised, stripping identifiable markers to prevent re-identification by malicious actors. These processes are reinforced by stringent security protocols, including multi-layered encryption and access controls, to safeguard the integrity and confidentiality of the de-identified data.

If we use personal information already collected in a manner different from that stated within this Privacy Policy, we will notify users via an updated information notice. This notice will inform you of the new use of the data and provide you with choices regarding its use.

We mainly process your personal information, to the extent permitted and deemed appropriate, for the following purposes (see also sections 3, 6 and 9): 

Access

To enable you to access and use our website, Platform and other services.

Improvement

To design, provide, improve and manage our website, Platform and other services, business and your experience, such as to perform analytics and marketing.

Health care services

To facilitate the delivery of healthcare services to Patients. For example, information relating to Patients' medical history, complaints or symptoms may be collected and used by the Platform so that Practitioners can make treatment decisions.

De-identified information for Platform functions and improvement

We may de-identify and/or aggregate your personal information, for the purposes of using that de-identified information to provide certain functionality and develop and improve the Platform.

For the avoidance of doubt, this purpose does not include the use of any sensitive health information and no patient data is used to train, develop, or improve any of our AI models​.

Support

To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.

Contact

To contact you when we need to tell you something important about the website, Platform and other services, or your information.

Marketing

To send you marketing and promotional messages and other information that may be of interest to you.

Law

To comply with laws, and assist government or law enforcement agencies where we are required and authorized to do so.

Employment

To consider your employment application.

Unless permitted or required by law, we won't use your health information without your consent.

6. How do we use your personal information for marketing, and how do you opt out?

You can opt-out at any time from our marketing communications.

We may send you direct marketing communications and information about our services or products. This may take the form of emails or other forms of communication. We'll always conduct our marketing practices in accordance with privacy laws and other applicable laws.

If we do send you marketing messages using your information, you'll be able to opt out at any time – either by using the unsubscribe facility in the relevant message or by contacting us (it's easy – see section 1).

We may also market our services to you generally – including via social media, advertising through our website and other digital or non-digital platforms. We'll always do this in accordance with our legal requirements.

Without your consent, we will not:

  1. use any of your health information to send you marketing communications; or
  2. disclose any of your information to a third party in order for them to market to you.

7. Do we store or share information outside of your country?

Your personal information is stored in your local jurisdiction

We understand the importance of data security and privacy and we're committed to safeguarding your information. We have implemented data localization solutions for customers located in Australia, Canada, US, UK and EU. Please note that some functionalities of our Platform depend on third-party services, whose servers may be located internationally, potentially worldwide. Whenever these third-party services are utilised, we ensure that data processing agreements are entered into (in particular the standard contractual clauses of the European Commission, which are available here), as not all of the relevant countries provide an adequate level of data protection. 

These agreements are crucial as they enforce compliance with data protection standards and legal requirements, safeguarding your personal information from unauthorised use or disclosure. This contractual measure helps maintain the integrity and confidentiality of your data while enabling us to provide enhanced functionality through external services. In certain cases, we may transfer personal data in accordance with applicable law without such agreements, for example if you have consented to the transfer or if the transfer is necessary for the execution of the agreement, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

If we disclose personal data of individuals located in Switzerland to countries that do not provide an adequate level of data protection as determined by the Swiss Federal Data Protection and Information Commissioner (FDPIC), we rely on safeguards such as standard contractual clauses, binding corporate rules, or explicit consent, in line with Articles 16 and 17 of the FADP. You may request a copy of these safeguards by contacting us at support@heidihealth.com

8. Who do we share your information with?

We may share your personal information with our other partners and for other reasons we tell you about in this policy, on our website, on our Platform or where we otherwise communicate this to you.

We may share your personal information with:

  1. our employees and related companies;
  2. third party suppliers and service providers (including providers for the operation of our Platform, websites and/or our business);
  3. professional advisers, dealers and agents;
  4. payment systems operators (eg, merchants receiving card payments);
  5. anyone to whom our assets or businesses (or any part of them) are transferred;
  6. specific third parties authorised by you to receive information held by us, and other parties involved in the delivery of healthcare services; and/or
  7. other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorized or permitted by law.

9. Using our website and Platform

We use cookies on our website to track your website usage and remember your preferences.

Our website includes pages that use cookies which are small files that store information on your computer, mobile phone or other device. We may use them to recognize you across devices and browsing sessions.

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. If you refuse the use of cookies in this way you may not be able to access the full functionality of our website. Please refer to your internet browser’s instructions or help screens to learn more about these functions.

We may also use third-party analytics tools to help us gather and analyze information about your use of our website and Platform. These tools assist us in understanding usage patterns, improving user experience, and optimizing the performance of our services. For the avoidance of doubt, no Protected Health Information (PHI) or data worthy of particular protection is shared with or transmitted to third-party analytics tools for these purposes. Any information collected through these tools is limited to non-sensitive data and does not include any details that could identify patients or relate to their health conditions, treatment, or care.

10. How do we protect your information?

We take a number of measures to keep your information safe.

We generally hold personal information in our electronic databases. Our website and Platform and our working environment are built with integrated physical, electronic and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorized access, modification or disclosure. Here are some of the key things we do to protect your information.

Staff training

We put our staff through training about how to keep your information safe and secure at all times.

Encryption

We employ bank industry encryption on all data both at rest and in transit.

De-identification tools

We use a range of tools designed to de-identify your information before it is used or disclosed for certain purposes, as described in this policy.

Secure storage and handling

We use a combination of techniques and measures to maintain the security of our website and Platform and to protect your account and your information.

Destroying or de-identifying your information

We only keep your information for as long as you want it or are lawfully required to keep it.

11. What are your rights in relation to your information?

If you are a Swiss resident, you have rights under the revised FADP that are substantially aligned with those under the GDPR. These include the right to access your personal data, correct inaccuracies, request deletion, object to processing, and receive data in a portable format. You may also withdraw any consent you have previously given at any time. Where we rely on consent or legitimate interest as a basis for processing, you have the right to object or revoke that consent without affecting the lawfulness of processing conducted prior to withdrawal.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) if you believe your rights have been infringed. More information is available at: https://www.edoeb.admin.ch.

12. Changes to this policy

If we need to change this policy in a way that affects the way we handle your information, if you use our Platform, you'll receive an alert from us. We will also publish the changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

13. Related companies

Heidi Health Ltd (15878893) is located at 49 Greek St London United Kingdom W1D 4EG. You can contact us via email at hello@heidihealth.com. If you have any questions regarding privacy or security, please contact us via email at support@heidihealth.com. We are related to Oscer Enterprises Pty Limited (Incorporated in Australia), Heidi Health Trading Pty Ltd (Incorporated in Australia), Heidi Health Corp (Incorporated in the State of Delaware, United States) and Heidi Health Canada Inc (Incorporated in the Province of Ontario, Canada).

We may disclose your personal information to our related companies, including as set out in this policy. If we do disclose your personal information to our related companies they may use your information in accordance with this policy. If you access the services of our related companies, you should also consider their privacy policy as it may be different to this policy.

14. Swiss-specific provisions

This section applies to Swiss residents and supplements the rest of this Privacy Policy where applicable.

Legal basis for processing: We process your personal data only where we have a valid legal basis under the FADP. This may include your consent, performance of a contract, legal obligation, or our legitimate interest in operating and improving Heidi.

Data subjects under Swiss law: Where we process personal data about individuals located in Switzerland, we comply with the principles of data minimisation, purpose limitation, and proportionality in accordance with Swiss privacy law.

Processor role clarification: When acting on behalf of healthcare providers (such as clinics or practitioners), Heidi Health acts as a data processor. In such cases, the healthcare provider remains the data controller responsible for compliance, and Heidi Health processes data strictly in accordance with their instructions.

Profiling and automated decision-making: Heidi does not use personal data for profiling or automated decisions that produce legal or similarly significant effects on Swiss users.

Effective: April 2025

Category

Details

Registration
When you register on our website or Platform. 
Communication
Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform.
Interaction
When you interact with our sites, Platform, services, content and advertising or use our Platform or services.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information. Cookie preferences
DenyAccept All Cookies

Designed by clinicians, for clinicians

Use Cases
Psychologists
Dietitian
Vets
Medical Doctors
Nurses
Allied Health
Podiatrists
Compliance
SafetyTrust CentreGDPRHIPAAUKCanadaAU/NZ
Company
Contact usBlogCustomersOur Story
Open Roles
10+
Product
PricingChangelogDownloadsSystem StatusResource CentreHeidi Guides
Resources
DevelopersReferralsHelp CentreCookie SettingsFAQs
Legal
Privacy PolicyPrivacy Policy (Swiss)Terms of ServiceUsage PolicyUKGDPR PolicyAccessibility
© 2025 Heidi. All rights reserved.