1. Data Controller

Patrick Lafdhiya Pte. Ltd.

UEN : 201900240R
Registered in Singapore
Registered Address: 1 Scott Rd, 24-10 Shaw Centre, 228208 Singapore

Trading as: ALPENREICH

Contact :
privacy@alpenreich.ch

ALPENREICH provides medical and longevity access advisory and coordination services.
We do not provide medical treatment.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website
  • Individuals contacting us by email, form, phone, or messaging
  • Clients and prospective clients seeking medical or longevity access coordination

3. Applicable Legal Framework

Depending on your location and the nature of our engagement, processing may be governed by:

    • EU General Data Protection Regulation (GDPR)
    • UK GDPR
    • Swiss Federal Act on Data Protection (revFADP, in force 1 September 2023)
    • Singapore Personal Data Protection Act (PDPA)

    Where multiple regimes apply, we apply a high and consistent standard of confidentiality and data security.

    Swiss Law Clarification

    Where Swiss law applies, we process personal data in accordance with principles of lawfulness, proportionality, purpose limitation, transparency, and data security. Health data qualifies as sensitive personal data under Swiss law and is subject to enhanced protection.

    4. Personal Data We Collect

    A. Identity and Contact Data

    • Name
    • Email address
    • Telephone / WhatsApp number
    • Contextual information relevant to your request

    B. Health Data (Special Category Data)

    Where you request medical access advisory support, we may process:

    • Medical history summaries
    • Reports, lab results, diagnostic summaries
    • Treatment or physician correspondence

    Health data is processed only where necessary and subject to explicit safeguards.

    C. Identity Documentation (Where Required)

    In limited cases, we may request:

    • Date of birth
    • Passport details or copy

    Such data is requested only when operationally necessary.

    D. Website Usage Data

    We may collect:

    • IP address (or partial IP)
    • Device and browser information
    • Pages visited
    • Date and time of access
    • Cookie identifiers

    5. Purposes of Processing

    We process personal data to:

    • Respond to inquiries
    • Coordinate access with selected medical or longevity institutions
    • Manage scheduling and communications
    • Maintain security and operational integrity
    • Comply with legal obligations
    • Protect legal rights

      We do not sell personal data.

      6. Legal Bases for Processing (GDPR)

      Where GDPR applies:

      General Processing

      We rely on:

      • Art. 6(1)(a) – Consent
      • Art. 6(1)(b) – Contract or pre-contractual measures
      • Art. 6(1)(c) – Legal obligation
      • Art. 6(1)(f) – Legitimate interests (e.g., service security, fraud prevention, operational continuity)

      Where we rely on legitimate interests, we conduct and document a balancing assessment to ensure our interests are not overridden by your fundamental rights and freedoms. You may object where applicable.

      Health Data (Special Category Data)

      Where GDPR applies and we process health data, we rely on:

      • Explicit consent under Art. 9(2)(a)
        together with
      • A lawful basis under Art. 6 (typically Art. 6(1)(a))

      Explicit consent is obtained in a granular, informed, and freely given manner and may be withdrawn at any time.

      Additional safeguards are described in Section 10.

      7. Cookies, Analytics and Tracking

      Legal Framework

      Where required under applicable law, including the EU ePrivacy Directive (Art. 5(3)), we obtain consent before placing or accessing non-essential cookies or similar tracking technologies. Strictly necessary cookies are used without consent.

      Google Analytics 4 (GA4)

      We use Google Analytics 4 to analyse website usage and improve performance. GA4 may process device and usage data and may involve transfers outside your jurisdiction, including to the United States.

      Google Ads and Conversion Tracking

      We use Google Ads and related conversion tracking tools to measure campaign effectiveness. These technologies may involve cookies or similar tracking mechanisms.

      Where required, analytics and advertising tracking operate only after user consent.

      8. Data Sharing

      Partner Clinics and Physicians

      Where requested, we share relevant personal data — including health data where explicitly consented — with selected institutions, primarily in:

      • Switzerland
      • Austria
      • Germany
      • Spain

      Clinics and physicians act as independent data controllers for medical services they provide.

      Service Providers

      We engage selected providers for:

      • Website hosting: NOVATREND Services GmbH, Baar, Switzerland
      • Email and collaboration tools: Google Workspace

      Service providers operate under contractual safeguards.

      Legal and Compliance

      We may disclose personal data where required by law or to protect legal rights and security.

      9. Retention Periods

      We retain personal data only as long as necessary:

      • General inquiries: up to 3 months
      • Health data: up to 3 months after case closure
      • Passport copies and identity documentation: up to 3 months after coordination completion
      • Business correspondence: duration of the relationship and up to 24 months thereafter

      Longer retention may apply if required for legal claims or compliance obligations.

      10. Security Measures

      We implement technical and organisational measures appropriate to the sensitivity of the data, including:

      • Access controls (need-to-know basis)
      • Device encryption
      • Data minimisation
      • Limited retention
      • Operational safeguards

      While we apply strong protections, no transmission over the internet can be guaranteed fully secure.

      10A. Secure Transmission of Medical Documents

      Where you intend to provide medical records or other sensitive information, we recommend using secure transmission methods.

      Upon request, we may provide guidance on secure file transfer. While standard email communication may be used for coordination purposes, unencrypted email carries inherent transmission risks.

      We encourage clients not to transmit highly sensitive documents unless necessary and to use secure methods where available. Medical documents stored locally are deleted once coordination is completed in accordance with our retention policy.

      11. International Data Transfers

      Due to the international nature of our services, personal data may be transferred to jurisdictions outside your country, including:

      • Switzerland
      • EU Member States
      • The United States (e.g., via Google services)

      Where required, we rely on appropriate safeguards, including:

      • Standard Contractual Clauses (SCCs)
      • Vendor data protection agreements
      • Additional technical measures where appropriate

      12. Your Rights

      Depending on applicable law, you may have rights including:

      • Access to your data
      • Rectification of inaccurate data
      • Erasure
      • Restriction of processing
      • Objection to processing
      • Data portability (GDPR)
      • Withdrawal of consent

      Requests may be directed to:
      privacy@alpenreich.ch

      You may lodge a complaint with your competent supervisory authority where applicable.

      13. Children

      Our services are not directed to minors. We do not knowingly collect personal data from children without appropriate authorisation.

      14. Updates to This Policy

      We may update this Privacy Policy from time to time. The latest version published on our website applies.