Data privacy policy 

medidux™ App

This Privacy Policy was last updated on March 25, 2026.

With the following privacy notices, we inform you about the nature, scope, and purposes of the collection, use, and other processing of personal data when using our mobile app “medidux™” (hereinafter referred to as the “medidux™ App”). This is done in compliance with the applicable legal provisions, in particular the Swiss Federal Act on Data Protection (hereinafter referred to as the “FADP”) and the General Data Protection Regulation of the European Union (hereinafter referred to as the “GDPR”). Definitions of the terms used in this Privacy Policy (e.g., “health data,” “health-related data,” or “processing”) can be found in Art. 5 FADP and Art. 4 GDPR.

1. Data Controller

The data controller responsible for the processing of your data when using the medidux™ App is:

mobile Health AG
Mühlebachstrasse 43
8008 Zurich
Switzerland
Tel.: +41 43 243 76 22
Email: contact@mobilehealth.ch
Website: www.mobilehealth.ch

2. Data Protection Officer

You can reach the Data Protection Officer of the data controller at:

datenschutz@medidux.com

3. Downloading the medidux™ App

You can download the medidux™ App from the Google Play Store or the Apple App Store.

When downloading apps from the Google Play Store or the Apple App Store, the necessary information is transmitted to Google Ireland Limited or Apple Distribution International in Ireland, including in particular your username, email address, and customer number of your Google or Apple account, the time of download, payment information, and the individual device identifier.

We have no influence on this data collection and subsequent data processing and are not responsible for it.

For further information, please refer to the respective privacy notices of Google (policies.google.com/privacy) and Apple (apple.com/legal/privacy/de-ww).

4. Processed Data

4.1 Personal and Health Data

When using the medidux™ App, we process both ordinary personal data and health data. The personal data processed includes, for example:

• First name
• Last name
• Username
• Email address
• Phone number
• Gender
• Date of birth

In addition, the following health data is processed when using the medidux™ App:

Information on body measurements and vital parameters, including:

• Recording of body weight for weight control
• Recording of blood glucose levels for trend monitoring
• Recording of pulse rates for trend monitoring
• Recording of blood pressure for circulatory monitoring
• Recording of body temperature for trend monitoring
• Recording of oxygen saturation for circulatory monitoring
• Recording of ECG for circulatory monitoring

Information on possible forms of therapy, including:

• General medication
• Information on imaging diagnostics
• Other therapeutic measures taken, e.g., physiotherapy
• Information on radiation exposure experienced

Information on overall status, including:

• Evaluations of cognitive tests
• Structured, dynamic, standardized recording of symptoms (complaints)
• Structured, dynamic, standardized recording of well-being
• Recording of the development of health status

Information on doctor consultations, emergencies, and hospital stays, including:

• Information on the incidence of doctor consultations
• Information on the incidence of emergency consultations
• Information on the incidence of hospital stays
• Information on telephone inquiries
• Information on unplanned consultations

The health data you enter is stored and processed on your device. The data (your entries) is then transmitted to our server for the purpose of individual, user-specific data backup. This allows you to restore the medidux™ App after changing devices.

Before collecting health data, the medidux™ App requests your consent, as required by law. You may revoke this consent at any time. Upon successful revocation, your personal account data and all data entered in the app during treatment will be irrevocably deleted.

4.2 Processing of Usage Data in the medidux™ App

When you use the medidux™ App, we process so-called usage data. For example, we log the connection of the medidux™ App to our servers. This includes, among other things, your email address (if you are logged in), the date and time of access, duration of use, the functions accessed, the amount of data transmitted, and the successful retrieval, which are stored in log files.

4.3 Use of Content in the medidux™ App

When you use the content of the medidux™ App, we additionally process the personal data you enter in response to questions. Some of this data relates to your physical and mental health (e.g., answering questions about your current mood and how you deal with it) and may therefore also constitute health data.

5. Purposes and Legal Bases for Processing

5.1 Data Processing in the medidux™ App as a Medical Device

When using the medidux™ App as a medical device, we primarily process the health data specified above so that the app can perform its functions in accordance with its medical purpose. The specific purposes include, in particular:

• Structured documentation of well-being and symptoms during your therapy to enable you to make a more targeted self-assessment;
• Structured documentation of vital parameters to enable you and healthcare professionals to conduct a well-founded trend analysis;
• Support for your activities of daily living to improve your well-being;
• Tips for dealing with side effects and symptoms to provide you with self-management assistance;
• Automated alerts when a symptom you have entered exceeds a certain severity;
• Enabling healthcare professionals and, if applicable, authorized third parties to review the data and contact you if necessary;
• Transmission of data to healthcare payers if a review of cost coverage in a specific individual case requires it.

5.2 Registration in the medidux™ App

When you register in the medidux™ App, we collect and process the personal data mentioned above. Some of this information (e.g., name and email address) is mandatory for successful registration.

5.3 Processing of Usage Data in the medidux™ App

Usage data is logged for statistical purposes, for backup purposes, for troubleshooting, and, for example, for the further development or improvement of the app.

For this purpose, your data is stored and processed on our servers. If you use the medidux™ App on multiple devices, we synchronize your data between your devices via our servers.

5.4 Contact and Support

Our service allows you to contact us, for example, via the provided phone number or by sending us an email. The information you provide when contacting us, such as your name, address, email address, and phone number, is stored to process your inquiry and any subsequent correspondence.

5.5 Legal Bases for Data Processing

The data processing processes described in Sections 5.1 to 5.4 are based on the following legal bases:

• Art. 6 and 30 et seq. FADP and Art. 6(1)(a) and Art. 9(2)(a) GDPR, each in conjunction with your corresponding consent;
• Art. 6 and 30 et seq. FADP and Art. 6(1)(b) GDPR (implementation of pre-contractual measures taken at your request or fulfillment of our contractual obligations to you);
• Art. 6 and 30 et seq. FADP and Art. 6(1)(f) GDPR (legitimate private interest).

5.6 Anonymization and Pseudonymization of Personal Data

We use collected data for purposes other than those described in Sections 5.1 to 5.4 (e.g., scientific evaluation [research, particularly health services research], improvement of the medidux™ App, and its stability) only after we have anonymized or pseudonymized this data, i.e., when this data no longer allows the identification of natural persons.

6. Recipients of Personal Data

We do not disclose personal data to third parties without consent unless such disclosure is legally permitted or required, necessary for the provision of our services within the medidux™ App, and/or there is a legitimate interest in doing so.

If we use commissioned data processing, such as hosting and other services, and disclose personal data to third parties for this purpose, we select them carefully, agree on data protection in data processing agreements, and instruct and monitor them in accordance with the applicable regulations. If the third parties in question are located abroad, the countries in question are those that have an adequate level of data protection and/or we have concluded standard data processing agreements with the third parties in question.

We use Microsoft Azure, a cloud computing platform, to provide the service, where your data is stored. Where this Privacy Policy refers to the “medidux™ servers” or “our servers,” these are always servers used as part of this solution. The servers are located in Switzerland.

For sending emails as part of app usage, we use the services of rapidmail (rapidmail GmbH, Wentzingerstrasse 21, 79106 Freiburg, Germany) via servers in Germany.

For sending SMS as part of using the medidux™ App, we use the services of pitcom (pitcom GmbH, Bahnhofstrasse 61, 08523 Plauen, Germany) via servers in Germany.

7. Storage Period and Deletion

Your data will only be stored for as long as it is necessary to fulfill the purpose or purposes for which it was collected.

In some cases, we may store your data even after the original purpose of collection has ceased to apply; however, this will only be done if we are required to retain the data for specific reasons, such as for archiving purposes (e.g., under commercial or tax law).

This results in the following deletion periods:

• Health data (until revocation), at the latest with the termination of the provision of medidux™.
• Registration data (until deletion of the account—which is to be understood as revocation of consent in this case), alternatively at the latest with the termination of the provision of medidux™.

Your data on the device is only available until the app is deleted from the device. Alternatively, local data is also deleted when you successfully log in using other usage data or optionally actively log out of the device. Due to the device-side data deletion, the data for restoration remains available on the medidux™ server.

8. Rights of Data Subjects

8.1 Right to Revoke Data Protection Consent

You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8.2 Further Rights

If we process personal and/or health data about you, you have the following rights in addition to the right to revoke your consent to data processing:

• The right to information about your personal data stored by us (Art. 25 FADP or Art. 15 GDPR), in particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it was not collected directly from you;
• The right to rectification of inaccurate data or to completion of incomplete data (Art. 32 FADP or Art. 16 GDPR);
• The right to erasure of your data stored by us (Art. 32 FADP or Art. 17 GDPR), unless legal or contractual retention periods or other legal obligations or rights require further storage by us;
• The right to restriction of processing of your data (Art. 32 FADP or Art. 18 GDPR), if you dispute the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
• The right to data portability pursuant to Art. 28 FADP or Art. 20 GDPR, i.e., the right to receive selected data stored about you in a commonly used, machine-readable format or to request its transmission to another controller;
• The right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, place of work, or our company headquarters. The competent authority at our company headquarters is the Federal Data Protection and Information Commissioner (FDPIC).

8.3 Right to Object

You have the right to object at any time to the processing of your personal or health data.

As a result, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

9. No Obligation to Provide Your Data

We do not make the conclusion of contracts with us dependent on you providing us with your personal or health data. There is no legal or contractual obligation for you as a user to provide us with your data. However, in some cases, we may only be able to provide the services of the medidux™ product to a limited extent or not at all if you do not provide the necessary data. If the functionality of the medidux™ application is limited due to missing data, you will generally be informed of this.