Privacy

Privacy Policy

What we collect, why, for how long, and the rights you have over your personal data. Written for patients, healthcare professionals and visitors to any Doctena surface.

Last reviewed
Next review
Owner
Data Protection Officer
Version
3.3.0
On this page

Introduction and scope

This Privacy Policy describes how Doctena collects, uses, shares, retains and protects personal data when you use one of our services or visit one of our websites. It applies to:

  • Patients who book appointments, receive reminders, attend video consultations, or interact with their healthcare professional through Doctena.
  • Healthcare professionals (and the practices that employ them) who use Doctena to manage their availability, patient communications and billing.
  • Visitors to doctena.com, trust.doctena.com, and the country product domains.
  • Customers' employees who interact with us through commercial, legal or support channels.

The policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the revised Swiss Federal Act on Data Protection ("FADP", in force since 1 September 2023), and the national implementing laws of every country in which a Doctena entity is established.

Who is responsible

The Doctena entity responsible for your data depends on the country in which your service is offered. The applicable controller is listed on the Imprint page.

When you book an appointment from your Doctena patient account, the details needed for that appointment are copied into the healthcare professional's own space. From that point the healthcare professional is the controller of that copy, and Doctena acts as their processor for the appointment. Your underlying patient account stays under Doctena's responsibility as controller. The role model is explained in detail on the GDPR page.

Group-level Data Protection Officer:

Country-specific privacy inboxes:

Data we collect

Account and profile data

  • Name, email address, telephone number, password (stored only as salted hashes).
  • For practitioners: professional title, practice address, registration number with the national medical council, languages, services and fee schedule.
  • For patients: date of birth, address (when required for paediatric or home-visit appointments), insurance details (only when explicitly entered).

Appointment and clinical data

  • Reason for visit, free-text notes you choose to write, appointment date and time, status.
  • Documents you upload (lab results, referrals, prescriptions) when the practitioner has enabled this feature.
  • Teleconsultation streams. These are encrypted in transit by our video sub-processor and not recorded by Doctena. See Teleconsultation below.

Technical and usage data

  • IP address, user agent, device type, timestamps, pages viewed.
  • Crash and error logs (collected by Datadog under tight redaction rules).
  • Audit logs of authentication events, permission changes and data exports.

Communication data

  • Support tickets you submit (handled by Zendesk).
  • SMS metadata sent on your behalf (Spryng).
  • Email notifications, sent through Postmark for patient-facing messages (booking confirmations, reminders, password resets) and through Brevo for practitioner-facing messages.
  • In-app messages from Doctena (Beamer).

Marketing and analytics data (with consent)

  • Cookies set by Matomo (analytics) and Beamer when you opt in via the CookieFirst banner.
  • Email engagement (open, click) on marketing campaigns sent by Brevo (practitioner audience only).
  • CRM signals captured in HubSpot when you contact our sales team.

Why we process it

  • To deliver the service. Operate the booking platform, send appointment reminders, host video consultations, sync practitioner calendars, process payments.
  • To secure the service. Protect against fraud, abuse, account takeover, and security incidents.
  • To support our users. Answer questions, resolve incidents, perform requested operations.
  • To meet our legal obligations. Invoicing, accounting, response to lawful access requests, retention of medical records as required by national law.
  • To improve the service. Privacy-friendly analytics with opt-in, A/B testing of UI changes on aggregated data, customer surveys.
  • To communicate. Service announcements, security advisories, optional marketing (with opt-in).
PurposeArticle 6 basisArticle 9 basis (health data)
Operate the booking platform6(1)(b), performance of contract9(2)(h), provision of healthcare, by or under the responsibility of a health professional bound by secrecy
Security, fraud prevention, audit logging6(1)(f), legitimate interest in keeping the service secure9(2)(h) and 9(2)(i) (public health)
Legal and accounting retention6(1)(c), legal obligation9(2)(h)
Marketing emails to practitioners6(1)(f), legitimate interest (B2B), or 6(1)(a), consentnot applicable
Analytics cookies (Matomo)6(1)(a), consent via CookieFirstnot applicable
Improvement, anonymous research6(1)(f), legitimate interest in continual improvementData anonymised before research; falls outside Article 9

How long we keep it

Doctena retains personal data only for as long as necessary to fulfil our contractual obligations, meet legal and regulatory requirements, support ongoing business operations (invoicing, compliance audits), and protect our rights and interests in case of disputes or litigation. Where laws differ between jurisdictions, we apply the strictest applicable retention duration. When data is no longer required, we delete it securely or anonymise it when retention is still needed for statistical purposes. Healthcare professionals, as controllers of the appointment record, may instruct us to apply a shorter retention period in writing, except where law mandates a longer one. Cookies are governed separately on the Cookies page.

The full schedule, including the retention period and legal basis for each category of data (account, appointment, support, logs, backups and more), is published on the Data Retention page.

Who we share it with

Personal data is shared only with sub-processors acting on Doctena's documented instructions, and with the healthcare professional that you booked. We do not sell personal data and do not use it to train third-party AI models.

The full register of sub-processors, including their role, residency and what data each one sees, is published at trust.doctena.com/sub-processors and kept current as our suppliers change.

We may also disclose personal data when required by law (a court order, a regulatory request, a lawful interception order from an EU/EEA authority). Every such request is reviewed by the DPO before disclosure.

International transfers

Patient and practitioner records are hosted in the European Union. The primary region is AWS Frankfurt (eu-central-1), with encrypted disaster-recovery copies in AWS Ireland (eu-west-1), both inside the EU. Some sub-processors provide functionality that involves transfers of personal data to a third country, most often the United States. Each such transfer is protected by layered safeguards:

  • Standard Contractual Clauses (contractual baseline). Every transfer outside the EU/EEA is covered by the European Commission's Standard Contractual Clauses (2021/914) together with a documented Transfer Impact Assessment.
  • EU-US Data Privacy Framework (where certified). Where the recipient is additionally certified under the DPF, the transfer also rests on the European Commission's adequacy decision of 10 July 2023, upheld by the General Court in Case T-553/23; a pending appeal (C-703/25 P) does not suspend the decision.

See the sub-processors page for the per-supplier residency and transfer detail.

Teleconsultation (video consultation)

Where your healthcare professional has enabled it, you can hold your appointment as a video consultation directly inside Doctena. The video infrastructure is provided by our sub-processor Whereby A.S., hosted in Ireland inside the EU. The audio and video stream is encrypted in transit using WebRTC (DTLS-SRTP), and Doctena does not record the consultation.

We process this data to perform your appointment (Article 6(1)(b) GDPR) and to provide healthcare under the responsibility of a health professional bound by professional secrecy (Article 9(2)(h) GDPR). For the teleconsultation, the healthcare professional is the controller of the appointment record and Doctena acts as a processor on their instructions. The same model applies to companion features such as the Online Medical Consult and Online Prescription, where offered.

How we protect it

Encryption at rest with AES-256, encryption in transit with TLS 1.3, ISO 27001:2022 certified information security management system, annual third-party penetration tests, four isolated environments, principle of least privilege on every access path, mandatory MFA on every Doctena employee account.

The full set of technical and organisational measures is documented on the Security page.

Bot and abuse prevention

Some Doctena web forms are protected by Cloudflare Turnstile running in invisible mode. Turnstile confirms that a submission comes from a genuine browser rather than an automated script, without ever showing you a puzzle or a checkbox and without the cross-site tracking that traditional CAPTCHAs rely on.

To make that determination Turnstile processes technical signals from your browser and device (including your IP address, user agent and non-identifying browser characteristics) and may set the strictly necessary __cf_bm and cf_clearance cookies described on the Cookies page. We rely on our legitimate interest in keeping the service secure and free of abuse (Article 6(1)(f) GDPR). Cloudflare acts as a processor on Doctena's behalf, is listed in our sub-processors register, and any transfer is covered as described under International transfers above.

Cookies and tracking

Only the marketing website (www.doctena.com) sets optional cookies: a small set of strictly necessary ones and, with your consent, analytics cookies, managed by the CookieFirst consent banner. The per-cookie register, the retention period of each cookie, and how to change your choices at any time are published on the Cookies page.

This Trust Center (trust.doctena.com) sets no optional cookies: it uses only the strictly necessary security cookies set by Cloudflare, and runs no analytics and no consent banner.

Your rights

Under Articles 15 to 22 of the GDPR you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Have inaccurate data corrected (Art. 16).
  • Have your data deleted, subject to overriding legal obligations like the 10-year medical record retention (Art. 17).
  • Restrict the processing of your data while a dispute is resolved (Art. 18).
  • Receive a portable copy of your data in a structured machine-readable format (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw your consent to processing that was based on consent (Art. 7(3)).
  • Lodge a complaint with the competent supervisory authority (Art. 77); see Contact and complaints below.

To exercise these rights, see /data-subject-rights. We answer within one month per Article 12(3) and at no cost, unless your request is manifestly unfounded or excessive (Art. 12(5)).

Minors and paediatric care

Paediatric appointments are part of the Doctena service. Where a booking is made for a minor:

  • The booking account belongs to the legal guardian, who is the controller of the data subject's record together with the practitioner.
  • The minor's data is treated with the same Article 9 protections as adult clinical data.
  • We do not target marketing communications to anyone under 18.
  • Practitioners are responsible for managing the transition to an independent account when a minor reaches the age of majority in their country.

Changes to this policy

We update this policy when a material change to our processing warrants it, for example when we add a sub-processor, change a retention period, or modify the legal basis for a processing activity. The version, last-reviewed date and next-review date are always shown at the top of the page.

We notify practitioners by email when a material change affects them, and we summarise every change in the site changelog.

Contact and complaints

For any privacy question, contact us at privacy@doctena.com. This inbox reaches our Data Protection Officer, whose firm details are listed under Who is responsible above.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority, typically the authority of your country of residence or place of work. Doctena's lead supervisory authority is the Commission nationale pour la protection des données (CNPD) in Luxembourg. A full list of national supervisory authorities is available on the GDPR page.

Version 3.3.0 · Updated 2026-06-14 · Replaces the previous version published at doctena.com/<locale>/privacy-policy/