Loading Anamnesys...
Loading content...
Loading images...
Privacy policy
Warning
The following sections are orientation for help and documentation. What is binding is your practice’s actual privacy policy and agreements with your platform provider, plus legal review by qualified advisers.
Introduction
Anamnesys supports optometrists in structured capture of customer information for counselling. In the product configuration described here, there is no AI-based automatic evaluation of responses; professional assessment rests with the optometrist within screening and counselling.
Controller
Name the controller in your published privacy policy (e.g. your optometric practice with full address). If you use the platform as a service: include the platform operator where they are also a controller, or refer to a processing agreement where the platform only provides technical services.
Categories of data
Typical categories include master data (e.g. contact details), questionnaire responses, optionally usage and log data of the application, and authentication data for practice user accounts. Health-related questionnaire answers may constitute special categories under Art. 9(1) GDPR.
Purposes of processing
Purposes include preparing and conducting optometric counselling, documentation under your professional duties, and operating the software (hosting, security, support). Automated medical decision-making by the software is not intended.
Legal bases
For health data from the questionnaire, Art. 9(2)(a) GDPR (consent) is often relevant; depending on the setup, Art. 6(1)(b) (contract / steps prior to contract) or legitimate interests (Art. 6(1)(f)) for technical logs may also apply — confirm with legal counsel.
Recipients / sub-processors
Recipients may include IT and hosting providers, email delivery services, and other third parties named in a data processing agreement. Maintain an up-to-date list (see Sub-processors & processors).
Transfers to third countries
If providers outside the EEA are used, your privacy policy should state the legal basis for the transfer (e.g. adequacy decision, standard contractual clauses, assurances) — depending on your actual vendor chain.
Retention & erasure
Derive retention and erasure from statutory retention periods, professional requirements, and processing purposes. After periods expire or consent is withdrawn, implement deletion or anonymisation concepts (see Data storage & deletion).
Data subject rights
Refer to access, rectification, erasure, restriction, data portability, objection, and the right to lodge a complaint with a supervisory authority. Name a contact channel for data subject requests (see Data subject rights).
Security
Add information on access control, encryption, tenant separation, and further technical and organisational measures under Art. 32 GDPR (see Security (technical & organizational)).