Privacy policy for appointment bookings

In this data protection declaration, we inform you about how we collect and process personal data when you book an appointment for a consultation or treatment at Bethesda Hospital via the appointment booking system we use.

we will inform you about our processing of your personal data in connection with your treatment at Bethesda Hospital or with our information activities in separate data protection declarations:

• Privacy policy for patients
• General data protection declaration

Bethesda Hospital is responsible for the data processing described in this privacy policy when booking appointments at Bethesda Hospital. If you have any questions or would like to exercise your rights as a data subject under data protection law, please contact us at datenschutz@bethesda-spital.notexisting@nodomain.comch or write to Bethesda Hospital, Management, Gellertstrasse 144, 4052 Basel.

Please note that the provider of the appointment booking system we use, Polypoint AG ("Polypoint"), is responsible for the collection and processing of your personal data when you register and access the appointment booking system. This includes the collection and processing of personal data provided by patients, clients, customers or referring physicians (hereinafter referred to as "users") when registering on the appointment booking system ("registration data") as well as technical data.Registration data") as well as technical data that the server on which Polypoint makes the appointment booking system available automatically collects when users access it ("access data"). This also concerns the use of cookies and third-party tools on the appointment booking system.

For information on the collection and processing of registration data and access data as well as the use of cookies and third-party tools on the appointment booking system, please refer to Polypoint's privacy policy regarding the appointment booking system. Please also address any enquiries regarding the processing of registration or access data by Polypoint directly to Polypoint.

Please note that Polypoint's privacy policy regarding the appointment booking system does not apply to the processing of appointment booking data on behalf of Bethesda Hospital. In this respect, Bethesda Hospital is responsible and only the following declarations of Bethesda Hospital on data protection for appointment bookings apply.

When you book an appointment at Bethesda Hospital via the appointment booking system as a patient or referring doctor, we collect the information you provide to us ("appointment booking data").

This appointment booking data regularly includes the following types of personal data

• Email address
• First name
• Surname
• Date of birth
• Home address
• (in case of medical referral) Referral letter
• Optional: further information relevant to the examination

After completing the appointment booking on the appointment booking system, the user receives a confirmation email. If the user so wishes, they will also receive a reminder message by SMS before the appointment.

Polypoint sends the appointment confirmation and (if requested) the reminder message on behalf of Bethesda Hospital. Polypoint is the order processor in this respect and Bethesda Hospital is responsible for processing. Polypoint is contractually bound to Bethesda Hospital to maintain medical confidentiality (as an auxiliary person).

We collect and process your personal data (appointment booking data) in order to arrange and prepare appointments for the provision of our healthcare services. This includes the following purposes:

• Processing appointment bookings
• Responding to enquiries from patients, customers or referring healthcare professionals
• Opening a dossier for the purpose of preparing the documentation and billing of our healthcare services
• Preparation of your hospitalisation
• Preparation of your consultation or treatment
• Protecting your safety and the safety of other patients and customers
• Fulfilment of legal obligations
• Enforcement of legal claims

The provisions of the Information and Data Protection Act (IDG) of the Canton of Basel-Stadt apply first and foremost to data processing that we process as the controller in connection with your appointment booking via the appointment booking system. In addition (e.g. for the hotel industry or for our information activities), the Swiss Data Protection Act (DSG) applies.

The legal basis for the processing of your personal data within the scope of application of the IDG is our legal obligations and duties as a regulated hospital with a cantonal service mandate (in particular treatment obligations, fulfilment of documentation obligations and granting of patient rights in accordance with the Health Act of the Canton of Basel-Stadt, or billing and accountability obligations in accordance with the Health or Accident Insurance Act). In addition, we will ask you separately for your consent with regard to the data exchange with participating healthcare professionals and insurance companies described below.

We only store your personal data to the extent and for as long as is necessary to fulfil the purposes described in this data protection declaration or (concerning treatment during appointments) in the data protection declaration for patients or to fulfil legal obligations.

In the interests of the integrity and confidentiality of personal data, we take appropriate technical and organisational measures. In particular, we implement access controls, access controls and procedures for regularly reviewing, assessing and evaluating the effectiveness of the measures in accordance with our risk assessment.

We pass on appointment booking data to the following categories of recipients:

to referring, treating or further treating doctors or other healthcare professionals and institutions involved in the treatment (e.g. pharmacies)

to your health, accident or supplementary insurance (insofar as this is necessary so that the insurance companies can understand and check our invoices)

These data transfers are necessary to process the appointment booking and to plan your consultation or treatment. As a rule, the data transfer is also necessary so that we can provide, document and invoice our healthcare services professionally and in accordance with our contractual and legal obligations. In addition, we will ask you separately for your consent to this data transfer when you attend the booked appointment.

We also disclose your personal data to the following categories of recipients based on legal or contractual obligations, for the provision and billing of our healthcare services or in your recognisable interest:

• External service providers (e.g. laboratories and providers of information, examination or treatment technologies, whereby contract processors may not process the personal data for their own purposes)
• Relatives or your other visitors, unless you object to this
• Legal representatives, authorities and courts, if applicable

We process your personal data in connection with the appointment booking only in Switzerland and the EU.

You have the following rights in relation to personal data concerning you:

• The right to obtain information about what personal data we hold about you and how we process it
• The right to receive or transfer a copy of your personal data in a commonly used format
• The right to rectification of your personal data
• The right to erasure of your personal data
• The right to object to the processing of your personal data

Please note that legal requirements and exceptions apply to these rights. To the extent permitted by law, we may refuse your request to exercise these rights. You also have the right to request mediation by the data protection officer of the Canton of Basel-Stadt.

We may amend this privacy policy at any time, in particular if we change our data processing or if new legislation becomes applicable. The version provided at www.bethesda-spital.ch/ueber-uns/datenschutz applies.

Last update: April 2022