Why we retain data
Doctena retains personal data only for as long as necessary to fulfil our contractual obligations, meet legal and regulatory requirements, support ongoing business operations (invoicing, compliance audits), and protect our rights and interests in case of disputes or litigation. When data is no longer required, we delete it securely or anonymise it when retention is still needed for statistical purposes.
This page mirrors the canonical Doctena Public Data Retention Policy maintained in our Information Security Management System. The same schedule is summarised on the Privacy Policy and on the GDPR page.
General principles
Where laws differ between jurisdictions, we apply the strictest applicable retention duration. Several Doctena entities operate across Luxembourg, Germany, Belgium, the Netherlands, Austria and Switzerland, and medical, fiscal and employment laws set different minimum retention periods. To stay compliant everywhere we run a single platform, we align each category to the longest legally required period that can apply to it.
Healthcare professionals, as controllers of the appointment record, may instruct us in writing to apply a shorter retention period, except where the law mandates a longer one.
Retention schedule
The values below are taken from the Doctena Public Data Retention Policy. Each category carries the retention period we apply and the legal basis or business justification for it.
| Data category | Retention period | Legal basis / justification |
|---|---|---|
| Practitioner & patient data | 10 years from last interaction, or 1 month after termination | Medical and fiscal law (e.g., BGB § 630f, AO § 147) |
| Doctena account data | 3 years from last login, or anonymised earlier | Business continuity and fraud prevention (GDPR Art. 6(1)(b)) |
| HR data (employees) | 3 months to 30 years depending on data type | Employment and tax law (e.g., AO § 147, HGB § 257, AGG § 15) |
| Contractual data | 10 years from end of contract | Fiscal and audit obligations (AO § 147, HGB § 257) |
| Financial data | 10 years from fiscal year end | Required by tax law |
| CRM data | 6 years from last interaction | Customer relationship management and legal traceability |
| Support ticket data | 6 years from ticket closure | Audit trail and regulatory compliance |
| System logs | System logs 3 months; authentication and network logs a minimum of 90 days; security telemetry and audit logs may be retained longer where needed for security investigations, as documented on the Security page | GDPR Art. 6(1)(f), legitimate interest in security |
| Backup data | Rolling 30-day window (one month). Encrypted database snapshots are retained for one month, and data erased from production leaves all backups within that window | Operational need and disaster-recovery planning |
How we delete or anonymise
When the retention window closes we apply one of the following methods, depending on the system and the sensitivity of the records:
- Automated deletion configured directly in the system that holds the data.
- Anonymisation where the data retains statistical value but the link to an identifiable person is irreversibly removed.
- Manual deletion for systems that do not support automated lifecycle rules.
- Secure deletion for sensitive records, meaning irrecoverable destruction.
Cookies are governed separately on the Cookies page.
Your rights
Retention does not override your rights under the GDPR. You can ask to access, correct, delete, restrict or port your personal data, and you can object to processing based on legitimate interest. Where a legal retention obligation applies, for example the 10-year medical record retention, we keep only what the law requires and restrict further use until the period ends.
To exercise any of these rights, see Data subject rights. The role model that decides whether Doctena is a controller or a processor for a given record is explained on the GDPR page.
Annual review
This retention schedule is reviewed at least once a year, and whenever a change in law, a new processing activity or a new sub-processor warrants it. The version, last-reviewed date and next-review date are always shown at the top of this page.
Version 1.0.0 · Source: Doctena Public Data Retention Policy