Effective Date: 13-03-2025

1. Introduction

At Ahead Health AG ("Ahead", "we", "our" or "us") we value your privacy and are committed to protecting your personal information. This privacy policy explains how we collect, use and protect your information when you:

• our website (www.ahead.clinic) visit; 

• our reporting app;

• use one of our services;

• you apply for a job;

• We receive personal data from you for other purposes as part of our business activities. 

  
  

We use the term “data” here synonymously with “personal data” or “personal data”. 

We have designed this statement to be clear, understandable and compliant with the requirements of the EU General Data Protection Regulation (“GDPR”), and applicable Swiss data protection laws, including the Federal Data Protection Act (“DSG” and “revDSG”).

If you have any questions, concerns or inquiries about this Privacy Policy or our data practices, please contact us at:

Ahead Health AG

Spiegelhofstrasse 56

CH-8032 Zurich

Email: privacy@ahead.clinic

Telephone: +41 79 807 88 20

2. Information We Collect

2.1 Information You Provide to Us

If you use our services (such as booking an appointment), we may process the following personal data about you:

• Contact and information details (e.g. name, email, address, telephone number, etc.);

• Account details (such as login information and preferences);

• Health data (e.g. medical history, scan results and other health-related information);

• Payment details (e.g. credit card details and billing information (we only store tokenized versions of this data));

• Communication content (Information you provide to us when you contact us or participate in surveys);

• Other relevant personal data that you provide to us.

  
  

If you provide us with data about other people, such as family members, we will assume that you are authorized to do so and that this data is correct. By transmitting data via third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy policy.

Health data is personal data that is particularly worthy of protection within the meaning of data protection law and is subject to an increased standard of protection. Therefore, in the course of this data protection declaration, in addition to the general information about our data processing, you will find additional information about how we handle your health data and how we specifically protect it. 

2.2 Information Collected Automatically

When you visit our website or use our app, we automatically collect general technical information:

• Device information (e.g. browser type, operating system, device type and IP address)

• Usage Data (e.g. pages visited, length of stay, links clicked and interactions with our services)

• Location information (General location derived from your IP address)

  
  

2.3 Information When You Apply For A Job

If you apply for a position, we collect and process the necessary personal data to check the application and carry out the application process:

• Contact and information details (e.g. name, email, address, telephone number, etc.);

• Communication content (Information you provide to us when you contact us or participate in surveys);

• Other relevant personal data, which you provide to us as part of your application documents, which we may obtain about you (e.g. in professional social networks and the Internet), as well as information from references if you have consented to obtaining references.

  
  

After a successful application, we use the collected personal data and other data to prepare and conclude the contract. 

2.4 Information For Other Purposes As Part Of Our Business Activities

As part of our business activities, we process personal data from, for example, contact persons of our business partners, suppliers and service providers. This data includes, in particular, identification data, contact details and communication content, as well as other personal data necessary in this context.

2.5 Tracking Technologies

We use the following tracking tools to improve your user experience, ensure the functionality of our website, improve our offers and analyze for marketing purposes:

• Necessary and more Cookies (small text files stored on your device to remember your preferences and login status)

• Analyse-Tools (this includes Google Analytics and Microsoft Clarity to understand how visitors use our website)

• Pixel (In our emails to track open rates and engagement)

  
  

3. How We Use Your Information

3.1 Data Processing Roles

When processing your personal data, we may act as:

• Data controller for determining the purposes and means of processing your personal data or as;

• Processor in Fulfillment of a contract with third parties such as healthcare professionals (e.g. radiologists, general practitioners, etc.) and medical partners (e.g. Hirslanden, Unilabs, etc.), whose services you book via our platform, in which case the respective third parties (“Third Parties”) are responsible to you for your personal data.

  
  

3.2 Purposes for Processing

We use your personal data to:

• Prepare, conclude, fulfill and enforce contracts as part of our business activities. This includes in particular contracts with you: if we act as a data controller (e.g. contracts for our intermediary services); or the healthcare professionals whose treatment services you book via our platform and through whom we process your health data. In this case, we act as a processor and the processing purposes are determined by third parties; 

• Based on and subject to your consent, where relevant. Once you have given your consent, you can revoke it at any time;

• To comply with legal obligations (e.g. obligation to retain patient files)

• As part of our interests, to communicate with you and third parties (also outside of the preparation or conclusion of a contract), to make the website and the ahead reports available and to optimize your user experience, to maintain and, if necessary, expand our relationship with you, to improve, expand and market our offers, to ensure IT security and data protection, and to enforce, defend or ward off legal claims.
  
  

Whenever possible, your personal data will be anonymized or pseudonymized before evaluation.

Based on our interest in informing people who are interested in our offering about new developments, we may send you marketing information (e.g. via a newsletter). You have the option to opt out of receiving such information at any time. 

3.3 Research and Development

With your explicit consent, we may use de-identified health data (where all personal identifiers have been removed) for:

• Medical research purposes

• Development and improvement of diagnostic algorithms

• Training AI systems to enhance diagnostic capabilities

• Statistical analysis to improve health outcomes
  
  

All research activities are conducted in strict compliance with applicable regulations and ethical standards.

4. Sharing Your Information

4.1 With Your Consent

We share your health information with medical partners (such as Hirslanden and Unilabs) to provide you with the requested services. By booking a scan or requesting results, you consent to this necessary sharing.

4.2 Service Providers

We work with trusted third parties who help us operate our business:

• Medical facilities that perform your scans

• Payment processors for secure transactions

• Cloud storage and hosting providers

• Email and customer support services
  
  

All service providers are bound by strict confidentiality agreements and may only use your data for specific purposes.

4.3 Social Media Plugins

Our website may use social media plugins (such as Facebook, Instagram, LinkedIn) that allow you to connect with your social media accounts. These plugins may collect information about your browsing behavior and send it to the social media provider. When you interact with these plugins:

• The social media provider may receive information that you've visited our website

• If you're logged into your social media account while browsing our site, the provider may link this information to your profile
  
  

We encourage you to review the privacy policies of these social media platforms for more information about how they process your data.

4.4 Business Transfers

If Ahead undergoes a business transition such as a merger, acquisition, or sale of all or part of its assets, your personal data may be among the assets transferred. In such cases:

• We will notify you via email and/or prominent notice on our website

• The new controlling entity will be bound by the terms of this Privacy Policy

• Your personal data will continue to be protected to the same standard
  
  

4.5 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

4.6 What We Don't Do

We never sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Security

Protecting your information is a priority. We implement appropriate technical and organizational measures to safeguard your data, including:

• State-of-the-art technology infrastructure for storing and processing data

• End-to-end encryption of sensitive health information both in transit and at rest

• Regular security assessments, vulnerability testing, and system updates

• Strict role-based access controls and multi-factor authentication procedures

• Redundant and geographically distributed backup systems

• Comprehensive staff training on data protection practices and security protocols

• Detailed incident response plan for addressing potential data breaches
  
  

For health data, we implement additional safeguards in compliance with medical data protection standards, including audit trails of all access to your health information.

While we take these precautions, no method of transmission over the internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.

6. Your Rights

6.1 Data Subject Rights

Under Swiss data protection law, you have the right to:

• Access the personal data we hold about you

• Correct inaccurate or incomplete information

• Delete your personal data in certain circumstances

• Restrict how we use your information

• Data Portability - receive your data in a structured, machine-readable format

• Object to certain processing of your data

• Withdraw Consent at any time (where processing is based on consent)
  
  

If you would like to exercise the above rights against us, please contact us by email at get@ahead.clinic to us; Our contact details can be found in section 1. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, unless this is possible otherwise).

6.2 Complaint Rights

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Phone: +41 (0)58 462 43 95
Website: www.edoeb.admin.ch

If you have any concerns, we ask that you contact us first (get@ahead.clinic) so that we can try to resolve them directly.

In cases where we act as a processor, we will forward your request to the data controller (the respective healthcare professional).

7. Data Retention

We keep your personal data for as long as necessary to provide our services and comply with legal obligations. For health data, we follow medical records retention requirements as specified by Swiss law.

8. International Data Transfers

Your data is primarily stored and processed in Switzerland and the European Economic Area (EEA). However, some of our service providers may process your data in other countries.

For transfers to countries that the Swiss Federal Council has not recognized as providing an adequate level of data protection:

• We implement appropriate safeguards through standard contractual clauses approved by the Swiss Federal Data Protection and Information Commissioner

• We conduct data transfer impact assessments to evaluate the level of protection in the recipient country

• We implement additional technical measures (such as end-to-end encryption) where necessary to ensure the protection of your data

• We limit transfers to what is necessary for the provision of our services
  
  

You have the right to obtain a copy of these safeguards by contacting us at get@ahead.clinic.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The current version will always be posted on our website, and significant changes will be communicated to you.

11. Governing Law

This Privacy Policy is governed by Swiss law, particularly the Federal Act on Data Protection (FADP).