Data protection notice
The following data protection information only gives a brief overview of the collection and processing of your data. The complete information can be found in the data protection declaration.
A. OUR SERVICES
Privacy and security principles. Since the launch of Sanasoft, we have been striving to build our services in compliance with strict data protection and security principles.
We connect doctors and patients. We provide doctors and patients with opportunities to communicate with each other, e.g. by exchanging messages, sending pictures and documents. We also offer doctors and patients the opportunity to make appointments.
Safety. All data is encrypted, saved and transmitted in accordance with the state of the art.
B. WHAT DATA DO WE COLLECT FROM YOU?
1. When accessing and using our website:
If you use our website, we automatically collect log data, even if you have not created a Sanasoft account or have not logged in.
- IP address
- access times
- Query resource
- the amount of data transferred
- the duration of data transfer
- information about the hardware and software used
- device information
- device event data (e.g. crashes, browser type)
- the origin of your pageview
The log data (with the exception of your IP address) is saved for 90 days and then deleted. Your IP address is only saved for the duration of your website visit.
2. Based on your entries on our website:
If you subscribe to our newsletter:
- First and Last Name
- E-mail address
If you register a user account on our website:
- First and Last Name
- if applicable (if you register a user account as a doctor): specialization
- date of birth
- postal address
- E-mail address
- phone number
- location data (e.g. your location via the geolocation of your IP address)
- profile picture
When using your user account and the functions of the Sanasoft platform:
- the pages or other content you called up
- appointments made by you
- other actions on the Sanasoft platform
- information about your appointment bookings
- information about the transmission of documents between doctor and patient, such as date and time and other related metadata (but not the content of the transmitted documents)
- If you communicate with us or use the platform for communication between doctor and patient
- location data (e.g. your precise location via the GPS of your mobile device)
3. In addition:
We use Google Analytics to measure our website visits. Your IP address is only processed and transmitted anonymously.
We also use a cookie to save your login information.
How do we collect your data?
What do we use your data for?
To provide our products and services and to optimize and protect our website.
We also use your data for contract processing. In this context, we use and share your data as follows:
As a matter of principle, we do not use your data to pass it on to third parties, except on your behalf to pass it on to doctors, if this is necessary for the successful exchange of data between doctor and patient.
In particular, we also use your data to pursue legal interests.
Your rights include:
You have the standardized right to information about the personal data stored about you.
You have the right to the deletion of your data if it is no longer allowed to be saved.
You have the right to have your personal data corrected if we have stored it incorrectly.
You have the right to object and you can contact us.
Notes on web analysis
Bottom of form
Here you can decide whether we can record your use of the website through Google Analytics. You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie is set which prevents the future collection of your data when you visit this website. This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again.
Your visit to this website is currently recorded by Google Analytics. Click here so that your visit is no longer recorded.
At Sanasoft, we take the protection of your personal data very seriously. We want you to know when we collect which data and how we use it. In the course of the further development of our website and the implementation of new technologies to improve our services for you, changes to this data protection declaration may also be necessary. We therefore recommend that you read this data protection declaration again from time to time.
The Sanasoft platform is operated by […]. When calling and using the Sanasoft platform (especially when using the associated mobile application and the website www.sanasoft.com), data is collected and used which, as described in more detail below, may be personal or affect your privacy.
Sanasoft’s data is always collected, processed and used in accordance with the statutory provisions, in particular in accordance with the Data Protection Act, the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG) 2003.
The customer for the use of your personal data in the sense of the data protection law is […].
- DATA COLLECTED BY US
The data we collect is divided into three general categories.
1.1 Data that you transmit to us.
We collect data that you transmit to us when using the Sanasoft platform.
- Account details. To be able to use certain essential functions of the Sanasoft platform, you must create a Sanasoft account. When you set up a Sanasoft account, we need certain information such as your name, e-mail address and date of birth.
- Profile data. In order to use certain functions of the Sanasoft platform, we can also ask you to complete your profile. This can include your address, phone number and gender.
- Other verification data. In the interest of creating and maintaining a secure environment, we can collect identification data (such as a photo of an official photo ID) and other authentication data before we activate certain essential functions of the Sanasoft platform for you. After verification, you can remove the ID photo again.
- Proof of registration and the associated professional qualification as a doctor. As a doctor, we can make the full use of your Sanasoft account, and in particular the possibility of receiving patient data, dependent on you at all times providing us with proof of registration and the associated professional qualification as a doctor (e.g. in the form of a doctor’s card). After checking, you can remove the submitted evidence.
- Communication with Sanasoft. If you communicate with Sanasoft via your Sanasoft account, we collect information about your communication, as well as any information you choose to provide.
- Backup. Both doctors and patients can create a backup of their locally stored data, which is stored centrally and encrypted in a server at Sanasoft. If such a backup is created, all locally stored data is encrypted and saved on a Sanasoft server.
- Contact form. If you communicate with Sanasoft via the contact form, we need your e-mail address and we ask you to tell us your name. When contacting us via the contact form, the personal data will only be stored and used for answering your request or for contacting you and the associated technical administration.
- Newsletter. If you subscribe to our newsletter, we need your e-mail address and we ask you to tell us your name. We use this data for our own advertising purposes in the form of our e-mailed newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending us a message. After unsubscribing, your e-mail address will be deleted from our newsletter mailing list.
Further information. In other cases, you can decide to provide us with information, e.g. when you fill out a form, do a search, update or add data to your Sanasoft account or use other functions of the Sanasoft platform.
1.2 Data that we collect automatically when you use the Sanasoft platform.
When you use the Sanasoft platform, we collect information about the services you use and how you use them.
- Usage data. We collect information about your activities on the Sanasoft platform, such as the pages you have visited or other content.
- Location data. If you use certain functions of the Sanasoft platform, we can collect specific location data (e.g. your precise location via the GPS of your mobile device). Most mobile devices give you the option to control or deactivate the use of location services for applications in the settings menu of the device.
- Log data. If you use the Sanasoft platform, we automatically collect log data, even if you have not created a Sanasoft account or have not logged in. This data includes, among other things: information about how you have used the Sanasoft platform (including any links to third-party applications), IP address, access times, Query resource, the amount of data transferred and the duration of data transmission, information about the hardware and software used, device information, data on device events (e.g. crashes, browser type), as well as the origin of your page view. We only save your IP address for the duration of your visit to the website. We store all other log data for a maximum of 90 days.
- Cookies. In order to make the visit to our website attractive and to enable the use of certain functions, we use – if you have consented to this – so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser the next time you visit (persistent cookies). If cookies are not accepted, the functionality of our website may be restricted.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain; if you delete your cookies in this browser, you have to click this link again).
Your visit to this website is currently recorded by Google Analytics. Click here so that your visit is no longer recorded.
1.3 Data that we collect from third parties.
We may collect relevant information that others transmit when you use the Sanasoft platform or collect information from other sources and combine it with the data that we collect through the Sanasoft platform.
- Third party services. If you access your Sanasoft account, connect to your Sanasoft account or log in to your Sanasoft account via third-party services (e.g. Facebook, Google or LinkedIn), these services can provide us with information such as your registration and profile data of the service concerned. The type and scope of this information vary and are controlled by the service provider concerned or depend on your privacy settings for the service concerned.
- HOW WE USE THE DATA WE COLLECT
We use, store and process information about you to provide, analyze, improve and develop the Sanasoft platform and to create and maintain a trustworthy and secure environment.
2.1 Provision, improvement and further development of the Sanasoft platform.
- To enable you to access and use the Sanasoft platform.
- To enable communication between doctor and patient.
- To operate, protect, improve and optimize the Sanasoft platform, e.g. by carrying out analyzes and investigations.
- To personalize or otherwise adapt your user experience, including by arranging search results or displaying advertising messages based on your search queries, your booking history and your preferences.
- To enable you as a patient to transmit documents and to enable you as a doctor to receive documents.
- To provide our customer service.
- To send you service or support communications such as updates, security alerts, and account notifications.
2.2 Creating and maintaining a trustworthy and safe environment.
- To identify and prevent fraud, spam, abuse, security incidents and other harmful activities.
- To carry out investigations and risk assessments.
- To verify or authenticate the information or proof of identity you have provided (e.g. comparing your ID photo with another photo you have sent).
- To comply with our legal obligations.
- To settle any disputes with our users and to enforce our agreements with third parties.
3.DISTRIBUTION & DISCLOSURE
3.1 With your consent.
We may share your information with others based on your instructions or as provided at the time of disclosure, such as if you allow a third party application or website to access your Sanasoft account.
3.2 Data exchange between doctors and patients.
Doctors and patients can exchange data with each other via Sanasoft. The prerequisite for this is that the user accounts of the respective doctor and patient have been linked to one another. This is done using a QR code with which each doctor can be individually identified. The patient scans the doctor’s QR code, whereupon the doctor receives a request to link the user accounts and can accept them.
As soon as the user accounts of the respective doctor and patient are linked to each other, they will see their profile data mutually.
In addition, the doctor and patient can mutually exchange the following data with each other, whereby the transmission of this data must be released or instructed in each case and is not already done automatically when the profiles are linked:
- patient documentation (e.g. reports of findings, laboratory reports, X-rays)
- text messages
- video telephony
- information related to making appointments
In the course of the data exchange, the name of the doctor and of the patient are also displayed alternately.
3.3 Profiles and other publicly available data.
Doctors can publish their data on the Sanasoft platform in such a way that other members can see them.
3.4 Disclosure to other third parties
In addition, we leave your data to the extent necessary to IT service providers, providers of data hosting solutions and other providers of tools and software solutions who support us in the provision of our services. All of these processors only process your data on our behalf and on the basis of our instructions so that we can make the Sanasoft platform available to you.
We also transfer your personal data to the following recipients (persons responsible) as required:
- External third parties to the necessary extent based on our legitimate interests (e.g. auditors and tax consultants, insurance in the event of insurance, legal representatives in case of a certain event);
- Authorities and other public institutions to the extent required by law (e.g. tax authorities).
4.OTHER IMPORTANT NOTES
4.1 Data security and encryption.
The data is collected and used, stored and processed in accordance with the state of the art.
- Exchange of text messages, video telephony and appointments between doctor and patient
When doctors and patients exchange text messages, communicate via video telephony or make appointments, this data exchange is encrypted via our servers. We use SSL encryption and the OAuth2.0 authorization standard for this data exchange.
- Exchange of documents between patient and doctor
If documents are exchanged between patient and doctor, they are transmitted directly between the doctor and patient via an encrypted connection. Communication between doctor and patient is encrypted using end-to-end encryption. Sanasoft thus provides increased protection against espionage and data theft. We use a combination of AES-256 encryption and RSA encryption in this regard. These are encryption mechanisms that meet the highest security standards and the latest technology. At no time is the encrypted data stored on the Sanasoft server and Sanasoft cannot access it either.
The data exchange between patient and doctor in connection with the appointment is done via Sanasoft. For this data exchange, we use SSL encryption and the OAuth2.0 authorization standard, which are among the safest and most widely used encryption and authorization standards.
- Data exchange between user and Sanasoft
We use SSL encryption and the OAuth2.0 authorization standard for data exchange between users and Sanasoft.
4.2 Linking to third party accounts.
You can link your Sanasoft account to your account with a social network provider. Your contacts on these third party services are called “friends”. When you create this link,
- some of the data that you provide to us by linking your accounts may be published in your Sanasoft account profile;
- a link to this third-party social network can be included in your public Sanasoft profile;
- Sanasoft users may be able to see friends whom you share with them or with whom you may be friends;
- the data you provide to us by linking your accounts may be stored, processed and transferred for fraud prevention and risk assessment purposes;
- The publication and display of data that you transmit to Sanasoft through this link is based on your settings and approvals on the Sanasoft platform and the third-party website.
5.EXTERNAL PARTNERS & INTEGRATIONS
The Sanasoft platform may contain links to external websites or services, such as external integrations, co-branded services or services branded by third parties (“external partners“). Sanasoft is neither the owner of these external partners nor able to control them. If you interact with them, you can transfer data directly to the external partner, to Sanasoft or to both. These external partners have their own rules on the collection, use and transfer of data. We recommend that you consult the privacy statements of the other websites you visit. We have no influence on whether external partners comply with data protection regulations.
6.1 Access and update.
You can view, update or delete the data in your Sanasoft account by logging into your Sanasoft account and checking your account settings and profile. You are responsible for the accuracy and timeliness of the data.
6.2 Deletion of the account.
Deleting your user account is possible at any time and can be done by emailing firstname.lastname@example.org or email@example.com. After deleting your user account, your data will be deleted after any statutory retention periods have expired, unless you have expressly consented to further use of your data or a legally permitted further data use on our part has been reserved, about which we inform you accordingly in this data protection declaration.
6.3 Right to information, deletion, correction and objection.
You have the right to information about your personal data. For this purpose, copies of your personal data stored by us can be requested in writing. We will send you a copy of the personal data stored by us as soon as possible. We can request proof of identity to verify your access request.
If your personal data stored by us is incorrect, please let us know. We will then correct the information in question.
You also have the right to request the deletion of your personal data.
Finally, you also have the right to object to the processing of your data.
You can e-mail requests under this section to firstname.lastname@example.org.
7.LOCATION OF YOUR DATA
We store your information on specially protected servers in Austria. Access is only possible for a few specially authorized persons who are responsible for the technical, commercial or editorial support of the servers.
In order to protect your data against unauthorized access, as well as against loss, destruction or change, we continuously take and improve administrative, technical and physical security measures. However, the Internet is not a 100% secure environment, which is why we cannot guarantee the security of the transmission or storage of your data.
Sanasoft reserves the right to change this data protection declaration at any time in accordance with the present provision. If we make changes to the data protection declaration, we will publish the changed data protection declaration on the Sanasoft platform and update the date of the “last update” at the beginning of the data protection declaration. We will also notify you of the changes at least thirty days before they take effect. If you do not agree with the changed data protection declaration, you can terminate your Sanasoft account without notice and free of charge. If you do not cancel your Sanasoft account before the date on which the changed data protection declaration comes into force, your continued use of the Sanasoft platform is deemed to be your consent to the changed data protection declaration.