LEGAL

Data Protection & Security Overview

Last updated: October 2025

SwissDTx – Data Protection & Security Overview

At SwissDTx, data protection and information security are fundamental design principles. Our platform is built to support healthcare and academic institutions in delivering blended care while complying with European and Swiss data protection regulations. This page provides transparent, non-contractual information about how personal data is processed when using the SwissDTx platform.

Types of Data Processed
When used in a therapeutic, clinical, educational, or research context, the SwissDTx platform may process the following categories of data on behalf of the controller:
• identification and contact data
• account and usage data
• communication content within the platform
• health-related and clinical data (special categories of personal data under Article 9 GDPR)

Health data is processed only as required to enable the services configured by the controller.

Purpose of Processing
Personal data is processed exclusively to enable the controller to:
• deliver blended psychological or therapeutic care
• conduct assessments, interventions, and follow-up
• facilitate secure communication between professionals and participants
• document and monitor treatment or study progress
• improve therapy workflows and user experience within the scope defined by the controller

SwissDTx does not analyze, sell, or distribute personal data to third parties for independent purposes.

Data Access & Confidentiality
Access to personal data is strictly limited to:
• authorized professionals involved in treatment, supervision, or research
• authorized staff of the controller
• technical access by SwissDTx personnel only where necessary for support and maintenance, subject to strict confidentiality obligations
All persons with access to data are bound by confidentiality and professional secrecy obligations.

Data Security & Hosting
SwissDTx implements state-of-the-art technical and organizational measures, including:
• encryption of data in transit and at rest
• role-based access control
• secure authentication mechanisms
• logging and monitoring of system access
• regular security and integrity reviews

All customer data is hosted exclusively in Switzerland, unless explicitly agreed otherwise.

Sub-Processors & Transfers
Where necessary to provide the service, SwissDTx may engage carefully selected sub-processors under strict contractual data protection obligations.
Data processing primarily takes place in Switzerland and/or the European Economic Area. Where international data transfers are required, appropriate safeguards under GDPR are applied.

Data Processing Agreement (DPA)
SwissDTx provides a European Data Processing Agreement (DPA) pursuant to Article 28 GDPR and the Swiss revFADP as part of its contractual documentation.
The DPA is a binding contractual document and is provided to customers upon request or as part of the Software License Agreement.
This website does not constitute a DPA.

Questions & Contact
If you are a Data Protection Officer, legal representative, or institutional customer and require further documentation (e.g. DPA, TOMs, sub-processor list), please contact us:

SwissDTx GmbH
Recheraulaz 10
3280 Meyriez, Switzerland

© SwissDTx GmbH, Meyriez, Switzerland