healthcheckup.ch The independent health check comparison
DE EN

Privacy policy

Last updated: 22.04.2026

This privacy policy explains how personal data is processed on healthcheckup.ch. It follows the revised Swiss Federal Act on Data Protection (revDSG, in force since 1 September 2023) and takes the EU General Data Protection Regulation (GDPR) into account where applicable.

1. Controller

2. Definitions

"Personal data" is any information relating to an identified or identifiable person. "Processing" covers any operation on personal data, in particular collection, storage, use, modification, disclosure and destruction.

3. What data we process

3.1 When you visit the website (server logs)

When you access the site, we automatically collect technically required data: IP address, date and time, requested URL, referrer, user agent. These data are used to ensure operation, analyse errors and protect against attacks. Logs are generally deleted after 30 days.

3.2 When you click out to a provider (click measurement)

When you click a button on the platform to visit a provider's website, we route you through an internal redirect. During this we only log: the check-up the click relates to, the timestamp, a hashed value of your IP address (not reversible), your browser user agent, and the referrer URL. No direct personal identifier is created; no cookies are set and no external analytics services are involved. The purpose of this measurement is to evidence the visitors we send to providers, to support comparison metrics and future partnerships. These records are aggregated or deleted after at most 24 months.

3.3 When submitting an inquiry

When you request a check-up via the platform's inquiry form (available only for providers with whom healthcheckup.ch has an agreement), we collect the fields you enter in the form: name, email, phone, age, gender, preferred language, preferred insurer, and optional notes. We forward these data to the selected provider so they can contact you and confirm an appointment.

We never receive access to your medical data, test results or patient records. The treatment contract is formed directly between you and the provider.

For providers without an agreement with the platform, no inquiry form is offered. In that case, you are redirected directly to the provider's own website after clicking, and you contact the provider yourself.

3.4 Contact form

If you use the contact form, we process your name, email address, subject and message. These data are used only to answer your request and are deleted after the matter is resolved, no later than 12 months.

3.5 Reviews

If you submit a review, your first name, the star rating (1 to 5) and your comment are stored and, after moderation, shown publicly on the platform.

3.6 Cookies and local storage

We only use strictly necessary cookies and local browser storage:

  • Language cookie (hc_lang): stores your chosen language (DE/EN).
  • Session cookie: only while actively using the site, e.g. when submitting a form.
  • LocalStorage for the compare list: check-ups you select on the compare page are stored only locally in your browser, not on our servers.

We do not use advertising cookies or third-party analytics services such as Google Analytics. The only platform-side measurement is the cookie-free click logging described under section 3.2.

4. Purposes

We process personal data only for the following purposes:

  • Operating the comparison platform
  • Forwarding visitors to providers and evidencing referred clicks
  • Forwarding inquiries to providers with an agreement
  • Answering contact requests
  • Quality assurance, in particular moderating reviews
  • Meeting legal obligations

5. Legal basis

Processing is based, depending on the situation, on your consent (e.g. submitting a form), performance of a contract or pre-contractual measures (e.g. inquiry referral), or our overriding interest in the secure operation and verifiable referral performance of the platform (section 3.2).

6. Disclosure to third parties

Personal data is only disclosed where necessary to provide the service or required by law. Recipients include in particular:

  • Providers with an agreement: inquiry and appointment data for appointment confirmation.
  • Hosting and technical service providers: Laravel Cloud (AWS infrastructure, EU region). These process data on our behalf (processor agreement).
  • Email delivery: transactional emails are sent through a specialised service.
  • Authorities and courts: where legally required.

Once you click through to a provider's website, you leave our platform. From that point on, only the privacy policy of that provider applies.

7. International transfers

Some service providers (e.g. hosting, email) process data in data centres in the EU/EEA or in countries with an adequate level of data protection as recognised by the Federal Council or the EU Commission. Where data is transferred to countries without an adequate level, this happens exclusively on the basis of the EU Commission's standard contractual clauses.

8. Retention period

We only store data for as long as necessary for the purposes stated or as required by statutory retention periods. Inquiry data are kept for up to 10 years for documentation purposes (Swiss Code of Obligations Art. 958f). Contact requests are kept for a maximum of 12 months. Click logs are aggregated or deleted after at most 24 months.

9. Security

We apply appropriate technical and organisational measures to protect your data: encrypted transport (HTTPS/TLS), access control, backups, regular updates to all software used.

10. Your rights

Under the revDSG you have the right to:

  • Access the data we process
  • Rectify inaccurate data
  • Erase or block data
  • Receive or transfer data (portability)
  • Object to processing
  • Withdraw consent at any time (with effect for the future)

An informal note to hello@healthcheckup.ch is enough to exercise your rights. We may request additional information to verify your identity.

You can also lodge a complaint with the competent supervisory authority, the Federal Data Protection and Information Commissioner (edoeb.admin.ch).

11. Third-party services

Google Fonts

Fonts are loaded directly from Google Fonts. Your IP address is transmitted to Google during loading. We use this to optimise loading times. Details: policies.google.com/privacy.

Google Maps (if enabled)

Where map views are embedded, your browser loads resources directly from Google. IP address and technical data are transmitted to Google. Terms: policies.google.com.

12. Changes

This policy may be updated at any time. The version published on this page is always the current one.

to compare Compare →