What's new

Site changelog

Material changes to the Doctena Trust Center, in reverse chronological order. Email us to be notified of material changes.

Last reviewed
Owner
Information Security Office
Version
1.3.0

2026-06-14: New Trust Center website and full content review

v1.3.0

  • Launched the new Doctena Trust Center website and completed a full polish and review of all page content.

2026-06-12: Site-wide content accuracy review

v1.2.0

  • DPO firm published under its registered legal name, WS Digital Compliance GmbH (brand WS Compliance, formerly WS Datenschutz GmbH), across all pages.
  • Imprint: full Luxembourg identity block added (Doctena S.A., RCS Luxembourg B176487, VAT LU 26156987); Belgian entity legal form updated (SRL).
  • International transfers: every page now describes the layered safeguards, namely Standard Contractual Clauses (2021/914) with Transfer Impact Assessments as the contractual baseline, plus the EU-US Data Privacy Framework adequacy decision where the recipient is certified.
  • Retention reconciled: encrypted database snapshots kept for one month (a rolling 30-day window) stated consistently on the privacy policy, DPA, security and status pages; application-log vs security-telemetry retention split made explicit.
  • DSA page (v2.0.0): corrected the small-enterprise analysis so that Articles 11-12, 14 and 16-18 bind Doctena; Articles 15 and 19-28 are disapplied (Articles 15(2), 19(1) DSA, save Article 24(3)); the complaint-handling, dispute-settlement and trusted-flagger procedures are now correctly labelled voluntary commitments, and the Transparency-Database claim was removed.
  • AI page: internal AI tools reclassified as minimal risk for Doctena as deployer (Article 50 duties rest with the tool vendors); added the AI Act timeline note including the pending Digital Omnibus.
  • ISO 27001 page: certification history clarified (first certified in 2023 under the 2013 edition, transitioned to ISO/IEC 27001:2022); audit cadence attributed to ISO/IEC 17021-1; certificate now available on request instead of public download.
  • Accessibility: EAA framing corrected so that WCAG 2.2 AA is described as our voluntary target, not an EAA mandate.
  • Complaints: EU ODR platform reference removed (platform discontinued 20 July 2025 under Regulation (EU) 2024/3228); consumers are directed to national ADR bodies.
  • Home page restructured around evidence: proof points, security-posture summary for vendor reviews, two-tier document access, and this updates feed.

2026-06-05: Cookie policy: live-chat disclosure

v1.1.0

  • Cookie policy extended to cover the HubSpot live chat now offered on selected country/language pages of doctena.com.
  • Added a Functional cookie category and a live-chat cookie register (messagesUtk, hs-messages-* and the HubSpot analytics cookies the chat loads), all gated behind CookieFirst functional consent.
  • Documented that the chat keeps some state in browser local/session storage (__hmpl, hublytics_events), which are not cookies.
  • Sub-processor register: the HubSpot entry now covers website visitors via the live chat, alongside practitioner CRM data.

2026-05-15: Trust Center launch

v1.0.0

  • New trust.doctena.com replaces the locale-prefixed compliance pages on doctena.com.
  • Privacy policy updated to v3.0.0 with full retention table, Article 6 + Article 9 legal-bases matrix, sub-processor cross-link.
  • GDPR programme page (v2.0.0) with full role model, per-country supervisory authority routing, and DPO certificate renewal status.
  • ISO/IEC 27001:2022 page with scope, Statement of Applicability v1.0, Annex A controls and audit cadence.
  • Data Processing Agreement v2.0.0 (effective 1 February 2026): DPA hub published.
  • Sub-processor register reset against the Asana Suppliers Register (28 patient/customer-facing entries; 4 decommissioned removed).
  • New DPO page with canonical address Dircksenstraße 51, 10178 Berlin (the doctena.com /gdpr/ centre had the stale Meinekestraße 13).
  • New /cookies page with full register and live-banner re-open button.
  • New /security/responsible-disclosure with CVSS-based SLA table, security.txt and safe-harbour language.
  • New /complaints, /data-subject-rights, /legal/imprint, /legal/terms, /dsa, /ai, /accessibility, /status.
  • Imprint reconciled so that a single set of canonical addresses replaces the three Luxembourg and two Switzerland variants in the wild.