Data protection

Valid from 31 August 2023

We, Swiss Medical Network SA, based in Genolier, Switzerland, are committed to protecting your privacy and continuously improving the services we offer you. This Information Security and Privacy Statement applies to the websites of Swiss Medical Network SA and its clinics and the online portals contained therein (hereinafter portal, website, we or us).

Introduction

We are subject to Swiss and, where applicable, international regulations. Accordingly, we observe internationally recognised principles to ensure data protection and data security. In particular, this declaration informs you about how we collect personal data that becomes available to us via the website, for what purposes it is used, to whom it may be disclosed and what your rights are in connection with the use of your personal data by us.

This privacy policy is an integral part of the Swiss Medical Network SA policy.

Consent

By accessing the website and using the services and products we offer, you declare that you have read this privacy policy carefully and agree to the data processing described. Any questions in connection with this data protection declaration can be sent by e-mail to dataprotection@swissmedical.net at any time. If you do not agree with this declaration, you must refrain from accessing the portal and using our services and products.

Who is responsible for your personal data

Personal data is any information relating to an identified or identifiable natural or legal person, e.g. surname, first name, address, e-mail, date of birth in combination with postcode or telephone number. The responsible party within the meaning of data protection legislation is Swiss Medical Network SA, Route du Muids 3. 1272 Genolier, e-mail: dataprotection@swissmedical.net.

Swiss Medical Network SA determines the purposes and means of the processing of your personal data and is therefore responsible for the processing and use of your personal data in accordance with this Privacy Policy. If you have any questions or concerns about this Privacy Policy or the processing of your personal data, please contact us at any time by sending an email to dataprotection@swissmedical.net.

How we process personal data

We collect and process personal data carefully and for the purposes described in this Privacy Policy. In accordance with applicable law, we may also use your personal data in ways other than those described in this Privacy Policy. In this case, we will provide you with specific privacy notices or communications at the time of collection and may seek your consent. We will always endeavour, as far as is reasonable, to collect information in anonymised or pseudonymised form so that we cannot identify you.

Which personal data do we collect for which processing purposes?

Personal data automatically transmitted via the use of the portal

Swiss Medical Network SA collects and stores information that your browser automatically transmits to us in «server log files» when you visit our website. The data collection is based on your will and interest to visit our website and our legitimate interests to operate the website. This may include the following data:

  • Browser type and version;
  • Operating systems used;
  • Referrer URL (the previously visited website);
  • Host name of the accessing computer;
  • Date and time of the server request;
  • Internet Protocol address (IP address);
  • Amount of data transferred;
  • Other similar data and information that serve to avert danger in the event of attacks on our IT systems.
     

This personal data is not merged with other personal data and is stored separately from any other personal data transmitted by the user. They are deleted by us after three months at the latest.

Swiss Medical Network SA uses the personal data collected automatically to fulfil the following purposes:

  • Enable the display, operation and functionality of the portal;
  • Ensure the stability and security of the system;
  • To improve and protect our services;
  • For statistical purposes in the event of attacks on the network infrastructure on which the website is provided
     

Personal data that the user transmits to us

Swiss Medical Network SA collects and processes personal data that the user voluntarily transmits to us by means of an online form directly on the portal, via our contact e-mail address, via any other applications linked to the portal, by telephone or in any other way. This information includes, for example, the following personal data:

  • Surnames, first names, postal addresses, e-mail address, telephone number, date of birth, gender;
  • Your message or your request.
     

The provision of this personal data is solely on a voluntary basis. Without this personal data, however, we will not be able to provide the services requested by the user in the desired quality or at all.

Swiss Medical Network SA uses the personal data provided by the user to fulfil the following purposes:

  • provide, maintain, protect and optimise the services and information offered,
  • communicate with you and provide you with the best possible and personalised information you need from us (e.g. about our products and services),
  • to offer you new services and information and, based on your profile, to suggest services and information tailored to you that may be of interest to you,
  • to comply with legal or other regulatory requirements and internal regulations,
  • for the establishment, exercise and/or defence of actual or potential legal claims, investigations or similar proceedings,
  • for other legitimate purposes, if this processing results from the circumstances or was indicated at the time of collection.

On what legal basis do we process personal data about you

The processing of this personal data is based on the following legal bases:

  • your consent, only if it can be revoked at any time (e.g. when you sign up for our newsletter and other marketing communications),
  • for the performance of a contract with you or for the intention to conclude a contract with you (e.g. when applying on our application portal, when booking an appointment),
  • to comply with a legal obligation (e.g. for tax reasons or for the purpose of judicial investigations or proceedings) or
  • to protect our legitimate interests (e.g. protection and security of our services, systems, and assets; compliance with legal, regulatory and contractual obligations; assertion, exercise or defence of legal claims; maintenance and efficient organisation of business operations; improvement and development of our services; and sale and marketing of our services).
     

If the processing is based on your consent or our legitimate interests, you can withdraw consent or object to this processing at any time by contacting us directly at dataprotection@swissmedical.net. Please note, however, that the withdrawal of your consent does not affect the lawfulness of the processing based on the consent prior to its withdrawal.

Whom do we share your personal data with

Swiss Medical Network SA takes the necessary measures to ensure that only our authorised personnel and auxiliaries who have the necessary knowledge have access to your personal data in order to fulfil the purposes for which your personal data was collected.

We may disclose your personal data to the following possible categories of recipients in accordance with the purposes and legal bases of processing described above, to the extent necessary for the intended data processing:

  • Other companies in the group.
  • Service providers who process personal data on behalf of and on the instructions of Swiss Medical Network SA (so-called order processors, such as in the area of IT, hosting and support).
  • Customers, partners, suppliers, insurers and other business partners.
  • Marketing agencies, the public, including visitors to Group websites and social media.
  • Industry organisations, associations and other bodies.
  • Acquirers or parties interested in acquiring business units, companies or other parts of the Group.
  • Courts, arbitration bodies, law enforcement agencies, regulatory authorities, lawyers and other parties in potential or actual legal proceedings, where necessary to comply with the law or to establish, exercise or defend rights or legal claims.
     

We select our partners and order processors carefully and only with sufficient assurance that they have appropriate technical and organisational measures in place in accordance with legal requirements. Our order processors can only process personal data on documented instructions from us. They are all subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected, unless otherwise required by law.

Transfer of personal data to countries outside the EEA


Personal data collected through our website is stored in Switzerland. In addition, we may transfer, store and process your personal data at data locations around the world, e.g. where our third-party providers or partners are located. Therefore, we may transfer your personal data outside the European Economic Area (EEA) if this is necessary for the data processing described in this Privacy Policy in accordance with applicable law.
If data is transferred to countries that do not ensure an adequate level of protection, we ensure adequate data protection by taking appropriate safeguards, such as 
contractual safeguards (e.g. based on EU standard clauses):

  • based on binding corporate rules, 
  • transferring data in accordance with your explicit consent, 
  • for the conclusion or performance of a contract with you, or 
  • in connection with the establishment, exercise or enforcement of legal claims. 

For more information about our reasonable security measures, please contact us by email at dataprotection@swissmedical.net.

How long do we keep information about you

In principle, personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, unless longer retention is necessary to fulfil legal obligations (e.g. retention and documentation obligations), contractual or pre-contractual obligations or justified business interests of us (e.g. to assert, exercise or defend legal claims).

On this basis, we generally process personal data in compliance with the following rules and obligations:

  • The personal data automatically transmitted by you through the use of our portal for the purpose of displaying, operating and ensuring the functionality of the portal will be deleted within three months.
  • The personal data you provide to us in connection with the use of our services and products offered on our portal or which you otherwise provide to us via the e-mail contact address will generally be stored by us until you request us to delete it, revoke your consent to its storage or the purpose for storing the data has ceased to exist (e.g. after processing your enquiry has been completed).
  • For contract-related personal data (including business records and communications), we store personal data for as long as the contractual relationship exists and thereafter for a further ten years after termination of the contractual relationship, unless (i) a shorter or longer statutory retention obligation applies in the individual case, (ii) retention is required for reasons of evidence or for another valid reason under applicable law, or (iii) deletion of the data is required earlier (e.g. because the data is no longer required or we have to delete the relevant data).

Cookies

When you access or use the website, we may place so-called cookies – small text files – or similar tools on your computer. We use these cookies to recognise you as a user of the website, to customise content, to improve the performance of the website and to enhance its usability.

Categories of cookies we use

Depending on their function and purpose, the cookies we use can be divided into the following categories: functional cookies, performance cookies and advertising cookies.

  • Functional cookies: These cookies serve a variety of purposes for the presentation, functionality and performance of a website, and in particular to improve visitors' experience and enjoyment of the website. They allow a website to remember information already provided (e.g. username, location or language selection) and provide visitors with enhanced, more personalised functionality. Functional cookies are used, for example, to remember things like your login details. These cookies cannot track your movement on other websites.
  • Performance cookies: These cookies are used to collect information about how a website is used - for example, how visitors came to our website, which pages a visitor opens most often, how you navigated our website during your visit and whether you receive error messages from a page. We may also use these cookies to provide us with certain statistical and analytical information, such as how many visitors have come to our website. These cookies are used to monitor the level of activity on the website and to improve the performance of the website.
  • Advertising cookies allow us or a third party vendor to serve ads on our website or on third party websites with products that the user likes, so that the ads the user sees may be more relevant to the user's preferences or interests (sometimes called «targeting cookies»). They can also be used to evaluate the effectiveness of advertising and sales promotions.

These cookies may be placed by us or a third party on our behalf. For more information about cookies and their use, please visit: http://www.allaboutcookies.org/.

The legal basis for the data processing results from your consent (Art. 6 para. 1 lit. a DSGVO).

You can configure your browser settings so that no cookies are stored on your computer. Complete deactivation of cookies may mean that you cannot use all the functions of our website.

By continuing to use our website and/or agreeing to this privacy policy, you consent to cookies being set by us and thus to personal usage data being collected, stored and used, even beyond the end of the browser session. You can revoke this consent at any time by activating the browser setting to refuse third-party cookies.

Tracking with fusedeck

The tracking solution fusedeck of Capture Media AG (hereinafter «Capture Media») is integrated on this website. Capture Media is a Swiss company based in Zurich that measures the use of this website on behalf of engagements and events. The tracking is anonymous, so that no reference to specific or identifiable persons can be made.

Further information on data protection as well as on the rights of data subjects in connection with fusedeck including the «opt-out» option (possibility to object) can be found in this supplementary data protection declaration and objection policy of Capture Media AG.

 

Meta Pixel

This website uses the Meta visitor action pixel for conversion measurement. The provider of this service is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.

In this way, the behaviour of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook or Instagram ad. This allows the effectiveness of the meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta data usage policy. This allows Meta to enable the placement of advertisements on pages of Meta as well as outside of Meta. This use of the data cannot be influenced by us as site operator.

The use of meta pixels is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. In Meta's data protection information, you will find further information on protecting your privacy: https://de-de.facebook.com/about/privacy/. You can also deactivate the «Custom Audiences» remarketing function in the Ad Settings section at https://accountscenter.facebook.com/ad_preferences. You must be logged in to Facebook to do this. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook and Instagram on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Social media networks

On our website you will find links to social media networks. These are not plugins provided by the social media network, which already transmit data to the provider when the page is loaded, without the user having any influence. The buttons to the social media networks merely provide a link to our presence on the social media network. No user data is transmitted from the website to the social media network.

When you call up a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network concerned. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you call up a link to a network while you are logged into your account with the network in question, the content of our site may be linked to your profile with the network, which means that the network can assign your visit to our website directly to your user account. If you would like to prevent this, you should log out before clicking on the corresponding links. An assignment will take place in any case if you log in to the relevant network after clicking on the link.

Use of the contact form

You have the option of using a contact form for general enquiries in order to get in touch with us. For this purpose, we usually require the following information (mandatory *):

  • First name*
  • Surname*
  • Email*
  • Phone number*
  • Country*
  • Message*
     

You also have the option of using a contact form for event enquiries in order to get in touch with us and find out about the organisation of events. For this purpose, we usually require the following information (mandatory *):

  • Salutation*
  • Title
  • First name*
  • Surname*
  • Email*
  • Further data required depending on the event (hotel, parking, number of guests, date, address, telephone number)
  • Comments
     

We only use this data to be able to answer your contact request in the best possible and personalised way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 lit. b DSGVO for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO. The data will be deleted up to a maximum of 60 days after the event.

Online appointment booking

In order to make appointments with one of our doctors via our website, you have the possibility to use the booking system of the company Medicosearch, Gerberngasse 27-31, 3011 Bern, Switzerland. Appointments can be made online. The booking system of the company Medicosearch is a software application integrated into our website which displays available resources (such as free appointments) and through which you can book directly online. In the process, personal data is usually also collected from you and stored. As we have no visibility of who uses Medicosearch's services, there is no order processing agreement between us and Medicosearch. If you use the services of Medicosearch, Medicosearch is responsible for compliance with the data protection regulations vis-à-vis you. For more information about Medicosearch, please refer to their privacy policy.

Online map service

On our website we use the «SmartMaps» service of YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe.

This allows us to show you maps directly on the website and enables you to use the map function conveniently.

In order to be able to show you the maps, SmartMaps uses your IP address when the SmartMaps components are called up by the browser. This is kept in the memory of the web server for approx. 5 minutes to prevent DoS attacks. After that, it expires and is neither processed nor stored in any other way. YellowMap AG is therefore the recipient of data. However, it does not process the data for its own purposes, but exclusively on behalf of and on the instructions of the responsible body.

For more information about YellowMap AG, please refer to the privacy policy of this provider.

Videos from YouTube

We use the YouTube embedding function on our website, which enables us to display and play videos on our website. YouTube is a streaming service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter «Google»).

To protect your data, we use a so-called consent banner in connection with our embedded YouTube videos. With the help of this banner, we can prevent your data from being processed by YouTube not when you access the page on which the YouTube video is embedded, but only with your consent. In addition, we use the extended data protection mode on our website, which means that your viewed videos are neither used for personalising your surfing on YouTube nor for personalising advertising. When playing a video on our website, YouTube uses Local Storages. As part of this service, Google processes the IP address, browser and device information (e.g. the operating system), the referrer URL, as well as information about the videos viewed.

Google itself is responsible for the data processing described above. Please note that Google transmits the above information to Google servers in the USA (see chapter Data transmission to third countries). The data collection is carried out in accordance with § 25 para. 1 TTDSG, the downstream data processing in accordance with Art. 6 para. 1 lit. a DSGVO based on your express consent. You can revoke your consent at any time with effect for the future under the item «Cookies» at the end of our website.

For more information on Google's privacy policy, please visit https://policies.google.com/privacy?hl=de.

Newsletter

You have the option of subscribing to our newsletter via our website. For this we need your e-mail address and your declaration that you agree to receive the newsletter. For verification purposes, the invitation to receive the newsletter will be sent to the e-mail you have provided. When you receive this e-mail, you have the option of finally agreeing to the terms and conditions and the newsletter provider and registering yourself via the sign-up form. For internal and external communication, we use the newsletter provider Mailchimp, a US company whose servers are located there. Mailchimp is certified by the EU-US Privacy Shield. This guarantees special protection rights for your data. However, we must point out that the protection of your data cannot be guaranteed according to the latest European data protection laws. Upon completion of the process, you will receive the newsletter. You can withdraw your given consent for the newsletter subscription at any time through the unsubscribe link in the newsletter or via the email address dataprotection@swissmedical.net. Your data related to the newsletter distribution will be subsequently deleted as soon as possible, unless we are required to retain it for longer due to legal requirements. You generally have the rights to information, correction, restriction, data portability, objection, deletion, and, in certain cases, the right to lodge a complaint with a competent supervisory authority.

For newsletter registration, we usually collect your email address and optionally your name to address you personally. Further details such as first name, last name, and interests can also be collected to better tailor the newsletter content to your needs.

Chatbot

You can use a chatbot from the supplier aiaibot on our website. Aiaibot is a subsidiary of the Swiss company «swiss moonshot AG» based in Dübendorf. This company itself complies with the Data Protection Act. When using the chatbot, the following data is only stored for the time of use: messages entered, browser and operating system data, URLs and cookies. The data is deleted after each use. The data is stored exclusively in Switzerland by Google's Swiss cloud provider cloud.google.com, which is ISO27001 and FINMA certified.

No automated decisions including profiling with legal effect

We will not make any decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Security

Swiss Medical Network SA has implemented organisational and technical measures to maintain the security of personal data and to protect it against unauthorised or unlawful processing, accidental loss, alteration, disclosure or access.

Swiss Medical Network SA may use third parties as data processors to collect and process your personal data. The data processors we use will only process your personal data in accordance with our instructions and are required by law to take strict security precautions when handling personal data.

Unfortunately, the transmission of information over the Internet is not completely secure. Although we do our utmost to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. For this reason, you are always free to submit your personal data to us by other means, e.g. by telephone or by post. Once we have received your data, we apply strict procedures and stringent security measures to prevent unauthorised access.

Third-party privacy statements

Please note that if you click on the link to a third party website (e.g. social media or other websites), you will be redirected to a website that we do not control and our privacy policy will no longer apply. Your browsing and interaction on another website is subject to the terms of use and privacy statements and notices of those third party websites. In addition, we cannot guarantee the accuracy or timeliness of these links.

We encourage you to carefully read the terms of use and privacy statements and notices of other websites before submitting any personal data through this website. We are not responsible or liable for the information content and data processing of such third party websites.

Children

Our website is not intended for children and we do not knowingly collect personal data from children under the age of 16 unless we have the express consent of their parents. If we are notified or otherwise learn that personal data of a child under 16 has been improperly collected, we will take all reasonable steps to delete that personal data.

What are your rights

You can request information from Swiss Medical Network SA, with proof of your identity, as to whether personal data about you is being processed. In addition, you have the right to request the correction, destruction or restriction of personal data about yourself and to object to the processing of your personal data.  Where processing is based on your consent or our legitimate interests, you may withdraw consent or object to such processing at any time by contacting us directly by email at dataprotection@swissmedical.net. In certain cases, you have the right to receive personal data generated by the use of online services in a structured, common and machine-readable format so that further use and transfer to any third party provider is possible.

Requests in this regard should be addressed to Swiss Medical Network SA via the following e-mail address: dataprotection@swissmedical.net. Swiss Medical Network SA reserves the right to limit your rights under applicable law and, for example, not to disclose comprehensive information or to delete personal data. Please note that even after a request to delete your personal data, we must retain it in whole or in part within the framework of legal and contractual retention obligations. Deletion of your personal data may result in you no longer being able to use our services.

If we reject your request or you are not satisfied with our processing, you are also entitled to lodge a complaint and appeal with the competent supervisory authority. The competent authority is the Federal Data Protection and Information Commissioner (FDPIC) in Bern (http://www.edoeb.admin.ch).

 

Contact


 If you wish to exercise any of your rights described in this Privacy Policy or if you have any questions or concerns about it, please contact our Data Protection Officer.

Swiss Medical Network SA
Route du Muids 3
1272 Genolier
dataprotection@swissmedical.net

 

Changes to our privacy policy

Swiss Medical Network SA reserves the right to adapt, supplement or otherwise change this personal data protection declaration at any time and without stating reasons. The current personal data protection statement as published on the portal shall apply.

Version: 31 August 2023