Legal
Privacy policy
Ahead Health AG — Effective from: 29-06-2026
This is an English courtesy translation. The Dutch-language version of this privacy statement is the authoritative and legally binding version.
1. Introduction
At Ahead Health AG ("Ahead", "we", "us" or "our") we attach great importance to your privacy and are fully committed to protecting your personal data.
Ahead acts as an intermediary between you as a client and providers of preventive health services, our partner clinics and partner hospitals. Ahead does not itself provide any medical treatment and therefore does not enter into a medical treatment agreement with you. You enter into that agreement with our partners.
For the purpose of this intermediation, your personal data is processed. Ahead acts as the data controller in this respect. Ahead strives to process your data as minimally as possible. We only process your data where necessary for our services.
In this privacy policy we explain which personal data we process, how we do so and why. We also explain which rights you have.
2. Categories of personal data
We collect and process your personal data when you:
visit our website (www.aheadhealth.com);
use one of our services (such as when you create an account or sign up for our waitlist and/or book an appointment);
sign up for our waitlist;
use our platform or app or contact our customer service;
apply for a vacancy with us; and/or
we otherwise receive personal data from you in the course of our business activities.
We process the following personal data:
Device information, usage data and location data (IP address) when you visit our website
Identification and contact details: name, address, email address, telephone number, date of birth, and gender.
Account and usage data: login details, preferences, communication settings and information about your use of the platform, such as which sections and features you use and how you interact with the app.
Booking and scheduling data: the desired examination or scan, your preferred location, your availability, the date and time of your appointments and information about cancellations or changes.
Payment data: payment information (Ahead does not store full credit card numbers)
Communication content: messages/documents you exchange with us
We also process your health data:
Insofar as this is necessary for our services, we may process health data about you, such as health information you provide, information about desired examinations, relevant medical history, medical examination results, laboratory results and imaging reports. We process this data only insofar as necessary to inform you about available preventive health services, to support your request or booking, to match you with a suitable partner clinic or partner hospital and, if you choose, to pass relevant data on to that partner or to you.
We only share your health data with partner clinics and partner hospitals insofar as this is necessary for the services you have requested and on the basis of your explicit consent. Before you give this consent, we clearly inform you which data is shared, with which partner, for which purpose and how you can withdraw your consent.
Ahead does not itself provide any medical treatment and does not enter into a medical treatment agreement. The partner clinic or partner hospital that provides the medical service processes your health data as an independent data controller for the performance of the medical treatment agreement with you.
The use of health data for scientific research, statistical analysis, the training or improvement of AI models or the development of diagnostic algorithms only takes place if you have given separate explicit consent for this. Before we request that consent, you will receive further information about the data concerned, the purposes of the processing, any pseudonymisation or anonymisation, the retention period and your rights.
3. Use of your data
We process your personal data on the basis of the following legal grounds for the following purposes:
| Legal ground | Purpose |
|---|---|
| Performance of a contract (Art. 6(1)(b) GDPR) | Providing our services (including informing about availability and matching/referring to providers of examinations), creating/managing your account, processing payments |
| (Explicit) consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR) | Processing health data to provide our services and processing (pseudonymised) health data for scientific research, training and improving our AI models, the development of diagnostic algorithms and statistical analysis. Before you give your consent for this, you will be further informed about exactly what will happen with your data. Sending marketing communications (newsletter), placing non-essential cookies. |
| Legal obligation (Art. 6(1)(c) GDPR) | Complying with tax obligations, fraud prevention or complying with requests from competent authorities |
| Legitimate interest (Art. 6(1)(f) GDPR) | Improving our services, complaint handling, ensuring security, preventing fraud |
4. Sharing your data with third parties
Partners and service providers
In order to provide our services to you, we share your data only where necessary and to the extent necessary with third parties.
We share your medical data only on the basis of your explicit consent with our partner clinics and partner hospitals. They process this data (and other data about you that may be required) themselves as independent data controllers for the purpose of our partners: the performance of the medical treatment agreement with you. We have concluded a cooperation agreement with our partners in which we have laid down the arrangements regarding confidentiality, information security and the manner in which your data is exchanged.
We also share your data with payment service providers, IT service providers (hosting, maintenance and security) and email and support service providers. With these processors we have concluded a processing agreement on the basis of Art. 28 GDPR.
Social media plugins
Our website may contain social media plugins. When you interact with these plugins, data may be shared with the relevant social media platform. The relevant platform is itself responsible for that processing; consult that platform's privacy policy for more information.
5. International transfer of data
Ahead is established in Switzerland. For this reason your personal data is mainly processed within Switzerland and the European Economic Area (EEA).
The European Commission has adopted an adequacy decision in respect of Switzerland, which means that Switzerland offers an adequate level of protection and that the transfer of personal data to Switzerland is permitted without additional safeguards. This is of course without prejudice to the other requirements of the GDPR.
Some of our service providers process data outside the EEA and Switzerland. For example, Klaviyo processes certain email marketing data in the United States. When data is transferred outside the EEA and Switzerland, we ensure appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Transfer impact assessments to assess the level of protection in the receiving country
Additional technical measures (such as end-to-end encryption) where necessary to safeguard the protection of your data
Limiting transfers to what is necessary for the provision of our services
You have the right to request a copy of these safeguards by contacting us at privacy@aheadhealth.com.
6. Data security
In accordance with Art. 32 GDPR we take appropriate technical and organisational measures to protect your personal data, among other things against loss, unauthorised access, misuse, alteration or unlawful processing, including:
Secure infrastructure for storing and processing data
End-to-end encryption of health data, both during transmission and in storage
Regular security assessments, vulnerability tests and system updates
Access controls: only authorised personnel have access to personal data on a need-to-know basis, with multi-factor authentication (MFA)
Redundant and geographically distributed backup systems
Staff training in the field of data protection and security protocols
Audit trails: logging of all access to and changes in personal data
Incident response plan: procedures for detecting, reporting and handling data breaches in accordance with Art. 33 GDPR
Please note, however, that no method of security is 100% reliable. We therefore cannot guarantee absolute security.
7. Your rights
As a data subject you have various rights regarding your personal data (Art. 15 to 22 GDPR). You have the right to access, rectification, erasure, portability, and you may object to processing based on a legitimate interest. You may also withdraw your (explicit) consent at any time, whereby the lawfulness of earlier processing based on that consent remains unaffected.
You can exercise your rights by contacting us at privacy@aheadhealth.com. We will respond as soon as possible, but no later than within one month of your request.
If you believe that we are not processing your personal data correctly, you may also lodge a complaint. For residents of the Netherlands: Autoriteit Persoonsgegevens (AP) (the Dutch Data Protection Authority), Postbus 93374, 2509 AJ The Hague, www.autoriteitpersoonsgegevens.nl. For Swiss processing: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), Feldeggweg 1, CH-3003 Bern, www.edoeb.admin.ch
We would appreciate it if you would contact us first so that we can discuss your concerns and try to resolve them.
8. Retention periods
We do not retain your personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required by law or a compelling legitimate interest requires a longer retention period. The following retention periods apply:
| Type of data | Retention period | Basis |
|---|---|---|
| Financial/tax data | 7 years | Statutory tax retention obligation |
| Account data | Duration of the customer relationship + 2 years | Legitimate interest |
| Booking and scheduling data | Duration of the customer relationship + 2 years, unless a longer retention period is necessary for dispute resolution or legal obligations | Performance of the contract / legitimate interest |
| Job application data | Maximum of 4 weeks after the end of the procedure, or 1 year with consent | GDPR / recruitment guidelines |
| Website data/cookies | Maximum of 12 months | Telecommunications Act / consent |
| Health data we process for our services | No longer than necessary for the intermediation and any aftercare, in principle a maximum of 2 years after completion of the service | Explicit consent |
| Communication content, including messages and documents you exchange with us | Duration of the customer relationship + 2 years, unless a longer retention period is necessary for dispute resolution or legal obligations | Legitimate interest |
| Data processed for scientific research, statistical analysis, AI model training or development of diagnostic algorithms | For the period communicated to you prior to your separate consent, or until you withdraw your consent, unless the data has been anonymised | Explicit consent |
9. Privacy of minors and third parties
Our services are not aimed at persons under the age of 18. We do not knowingly collect personal data of minors. If we discover that we have collected data of a minor, we will delete it without delay.
If you provide us with data about other persons, such as family members, we assume that you are authorised to do so and that this data is correct. By providing the data you confirm this. We ask you to inform these persons about this privacy policy.
10. Tracking and cookies
We use the following tracking technologies:
Cookies: necessary and other cookies (small text files on your device to remember your preferences and login status). You can manage your cookie preferences via the cookie banner on our website.
Analytics tools: tools such as Google Analytics and Microsoft Clarity, for analysing website usage and user behaviour
Email marketing platforms: we use tools such as Klaviyo and Brevo for sending newsletters and service-related communications; these platforms may place tracking pixels in our emails to measure open rates and engagement
Under the Dutch Telecommunications Act (Article 11.7a), your explicit prior consent is required for placing non-strictly-necessary cookies. We request this consent via our cookie banner. You can change your cookie preferences at any time via the cookie settings on our website.
11. Changes to this privacy policy
We may update this privacy policy from time to time. The most recent version is always available on our website. In the event of material changes we will inform you about this by email or a notice on our website.
12. Contact
Ahead Health AG
Uraniastrasse 31
CH-8001 Zürich
Switzerland
Email: privacy@aheadhealth.com
Telephone: +41 44 797 69 46
This privacy policy was last updated on 29-06-2026.
Do you have questions about this privacy policy or about the way we process your data? Please contact us at privacy@aheadhealth.com.