top of page

Privacy policy
for web and mobile app

The protection of your data and your privacy is of utmost importance to Intonate GmbH. As part of this commitment, we would like to inform you in detail about the collection and processing of your data.

1. What is this privacy policy about?

Intonate GmbH (hereinafter also referred to as Intonate or we) has developed the Intonate App Basic (App), which can be used by treating physicians or their practice for recording medical consultations and similar conversations, transcribing them, and generating a medical report. Our services are aimed at companies and individuals in Switzerland.

In this privacy policy, you will find information on the processing of your personal data in connection with the App used by your treating physician or their practice for medical consultations and similar conversations.

We assume that, in the absence of any objection, you have no objections to the processing of personal data carried out via our App as described below. Otherwise, please feel free to contact your treating physician or their practice.

2. Who is responsible for processing your personal data?

From a data protection perspective, your treating physician — or their practice — bears primary responsibility for the processing of your personal data. For any related concerns, please contact your treating physician or practice directly.

We ourselves also process certain data for our own purposes, i.e. as a controller. This concerns the data of the treating physician upon registration for our App and generally within the scope of our contractual relationship with the physician or practice, the improvement of the App and the related processing activities, and the anonymization of patient data for research purposes. If you wish to contact us in connection with our App or this privacy policy, please reach out to us at the following address:

Intonate GmbH

Obstgartenweg 6

8645 Jona


support@intonate.ch

3. What personal data do we process in connection with the app?

On behalf of your treating physician — i.e. as their data processor — we process the following categories of personal data of treated individuals in connection with the use of our App:

  • Contact data such as first and last name

  • Master data such as age and social security number (AHV number)

  • Your voice and the content of conversations

  • Health data (i.e. particularly sensitive data) such as medical history (anamnesis)

The personal data is collected directly during consultations or similar conversations between you and your treating physician.

It is possible that you may transmit or provide personal data that also relates to other individuals (e.g. health information about family members). We assume that such personal data is accurate and that you are authorized to provide it. We kindly ask you to inform these individuals yourself about the data processing described in this privacy policy (e.g. by referring them to this privacy policy).

As a controller, we ourselves act as follows:

  • In order for a treating physician to use our App, registration is required. For this purpose, we process verification data of the physician, such as their email address.

  • When downloading the App from the App Store, the operator of the respective App Store may process personal data. Information on this can be found in the relevant privacy policy of the App Store operator. In order to further develop and improve the App, we process usage data such as the IP address, information about the mobile device and its operating system, usage time, and details of the App version used. This usage data does not contain any health data.

4. For what purposes are the personal data processed?

As data processor on behalf of your treating physician, we process your personal data in particular for the following purposes:

  • Generation of a medical report: We process your personal data to create a transcript of the medical consultation or similar conversations. On this basis, a medical report is generated using artificial intelligence.

  • Communication: We use data to communicate with you, for example if you have contacted us by email. For this purpose, we process the personal content of the communication as well as log data regarding the nature and timing of the communication.

  • Operation and improvement of the App: We use personal data to ensure the smooth operation of the App and to continuously improve it (e.g. by adapting or developing new content). For this purpose, we evaluate, among other things, statistics on the usage of the App or App content.

  • Compliance with legal and regulatory requirements: We may process personal data in order to comply with laws, directives, and recommendations issued by authorities. This includes the disclosure of personal data to domestic and foreign authorities.

  • Defence and enforcement of claims: We may use data for civil or criminal proceedings or for the defence in such proceedings.

Acting in our own capacity as controller, we process personal data in particular for the following purposes:

  • Administration of the App and our customer relationships

  • Further development and improvement of our App and internal processes

  • Compliance with legal and regulatory requirements

  • Defence and enforcement of claims

5. To whom do we disclose your personal data?

We disclose your personal data to your treating physician or their practice. To provide our services, we collaborate with or make use of external service providers in certain areas, such as Amazon Web Services (AWS) and Microsoft, including for the processing of health data. To fulfil their obligations, these service providers are granted access to personal data and process it on our behalf (e.g. for hosting, anonymization of personal data, creation of the transcript, and encrypted transmission of the medical report). These service providers are subject to contractual and/or statutory confidentiality and data protection obligations and implement appropriate technical and organizational measures to ensure data security.

In connection with the exercise of rights, the defence against claims, and the fulfilment of legal requirements, we may disclose personal data to authorities, offices, courts, and other public bodies, for example in the context of administrative, judicial, and pre-litigation or out-of-court proceedings, and in the context of statutory information and cooperation obligations.

For the analysis of the treating physician's user behaviour within the App, we also make use of the services AWS Bunny by Amazon Web Services (AWS) and Firebase by Google. These service providers may receive usage data from us and themselves employ technologies to collect usage data.

6. Do we disclose personal data abroad?

The processing of your personal data is not carried out exclusively by us, but also by external service providers within the scope of commissioned processing, and where applicable by authorities. In this context, certain personal data may also be transferred abroad, for example when transmitted to service providers. The server locations of our service providers are situated in Europe, which offers an adequate level of data protection. However, it cannot be ruled out that personal data may be processed worldwide, including outside the EU or the European Economic Area. Not all of these countries offer an adequate level of data protection. We compensate for the lower level of protection through appropriate contracts, in particular through the so-called Standard Contractual Clauses of the European Commission, which are available here, insofar as the recipient is not already subject to a legally recognized framework for ensuring data protection and we are unable to rely on an exemption provision. An exemption may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest, or where the execution of a contract requires such disclosure, where you have consented, or where the data in question has been made generally accessible by you and you have not objected to its processing.

7. How long do we process your data?

We store and process your personal data for as long as is necessary to fulfil our contractual obligations towards your treating physician or their practice, or for the purposes pursued by the processing. Where no legal or contractual obligations preclude this, we destroy or anonymize your personal data upon expiry of the storage or processing period in the course of our standard procedures.

Where we act on behalf of a physician or their practice, they retain your data in accordance with their own requirements. Applicable law may provide for retention periods of, for example, 10 or 20 years.

8. How do we protect your data?

We treat personal data confidentially and implement appropriate technical and organizational security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to guard against the risk of loss, unintentional alteration, unwanted disclosure, or unauthorized access. For example, we use two-factor authentication for login, medical reports are transmitted in encrypted form, and personal data is anonymized as soon as this is possible. Data is also encrypted in transit and at rest.

Your physician or their practice also implements security measures for their own systems. If you would like to know more about this, please contact them directly.

9. What rights do you have?

Subject to the conditions and within the scope of applicable data protection law, you have the following rights:

  • Access: You may request information as to whether we process personal data about you, and if so, which data, as well as further details about our data processing activities.

  • Rectification: You may have inaccurate personal data corrected and incomplete data completed, and request that the processing of your data be restricted.

  • Erasure and objection: You may request the deletion of personal data and object to the processing of your data with effect for the future.

  • Portability: You may receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, insofar as the relevant data processing is based on your consent or is necessary for the performance of a contract.

  • Withdrawal: Insofar as we process data on the basis of your consent, you may withdraw that consent at any time. The withdrawal applies only with effect for the future, and we reserve the right to continue processing data following a withdrawal on another legal basis.

If you wish to exercise any such right, please feel free to contact us (section 2). In most cases, we will need to verify your identity in order to do so.

10. Update of the privacy policy

The privacy policy is not part of any contract with you. It may be amended at any time, and we update it from time to time. The current version always applies.

intonate.

Intonate is a technology startup based in Zurich. We are convinced that the latest developments in generative AI offer the greatest opportunity to improve healthcare systems in Europe. Intonate contributes to reducing the overwhelming administrative burden in healthcare by simplifying the documentation of doctors' daily work.

  • LinkedIn

Intonate

Technoparkstrasse 1

8005 Zürich

+41 44 513 75 56

CHE-281.993.625

Legal

Legal Notice

Privacy policy

GTC

© intonate.ch

bottom of page