We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the Swiss Data Protection Act (FADP) and, as far as applicable, the European Data Protection Basic Regulation (GDPR).
NAME AND ADDRESS OF THE CONTROLLER
The controller within the meaning of data protection law is::
Alpstein Clinic AG
Tel.: +41 71 791 81 00
2. Your rights
RIGHT TO INFORMATION
You have the right to request information from us about whether and if so, which of your personal data we process.
RIGHT TO RECTIFICATION
You have the right to request the rectification of your inaccurate personal data and, if necessary, the completion of incomplete personal data in our systems.
RIGHT TO RESTRICTION OF PROCESSING
You have the right to demand that we restrict the processing of your personal data.
RIGHT TO DATA PORTABILITY
You may have the right to receive your personal data, which we process automatically on the basis of your consent or to fulfil a contract, in a structured, common and machine-readable format or to request the transmission of this data to a third party. If you request the direct transfer of personal data to another controller, this will only take place if this is technically feasible.
RIGHT TO OBJECT
You have the right to object to the processing of your personal data at any time in accordance with the legal requirements. You have the right to object to the processing of your personal data for the purpose of direct marketing.
WITHDRAWAL OF CONSENT
You have the right to revoke your consent to the processing of your personal data at any time, in principle with effect for the future.
RIGHT TO COMPLAIN
If the GDPR is applicable, you have the right to complain to a competent supervisory authority if you are of the opinion that the processing of your personal data violates data protection regulations.
If you have any questions regarding our privacy practices or if you would like information about your rights and how to exercise them, please contact us at one of the above contact points. If necessary, we reserve the right to request your identification in an appropriate manner for the processing of requests.
3. Purpose of data processing
We process your personal data for the following purposes:
- To carry out your medical consultation and treatment in accordance with the respective contractual relationship between you and us, and generally to exercise the rights and obligations associated therewith;
- To keep your patient file;
- As part of the statutory accounting requirements and for archiving purposes;
- To communicate with you or health insurance companies in connection with insurance-related aspects;
- To communicate news, including promotional activities that may be of interest to you;
- To display and optimise the content of the website.
4. Types of personal data
We process the following types of personal data:
- Inventory data (e.g. names and addresses)
- Contact data (e.g. e-mail and telephone numbers)
- Content data (e.g. text input)
- Usage data (e.g. visited websites, access times)
- Meta/communication data (e.g. IP addresses, device information, etc)
5. Basis for data processing
The basis for the processing of your personal data depends in individual cases on the respective purpose of the data processing. These may be:
- As far as legally required, your express consent, which you can revoke at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing that has already taken place remains unaffected by the revocation;
- The conclusion or fulfilment of a contract with you or the implementation of pre-contractual measures, especially for medical advice and service provision;
- The protection of our legitimate interests, provided that your interests or fundamental rights and freedoms do not prevail;
- The fulfilment of legal obligations, especially from the health insurance legislation and the medical documentation obligation.
6. Transfer of personal data
We treat your personal data confidentially and only pass them on if you have expressly agreed to this, if we are obliged to do so by law or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your personal data to third parties insofar as this is necessary or expedient within the framework of the use of the website or for the possible provision of the services requested by you (also outside the website)
In doing so, it goes without saying that we comply with the legal regulations governing the disclosure of personal data to third parties. Where we use processors to provide our services, we take appropriate legal precautions and take appropriate technical and organisational measures to ensure the protection of your personal data in accordance with the relevant statutory provisions. Medical secrecy and data protection are always maintained
If the level of data protection in a country in which the data is processed does not comply with the applicable data protection provisions, we will contractually ensure that the protection of your personal data corresponds at all times to that in Switzerland or the European Economic Area (EEA).
7. Duration of data storage
In addition, we will delete your personal data if you request us to do so at email@example.com and we have no legal or contractual obligation to store or otherwise safeguard such data.
8. Data security
We take technical and organizational security precautions to protect your personal data against manipulation, loss, destruction or against access by unauthorized persons. The measures taken are intended to ensure the confidentiality and integrity of your personal data as well as the availability and resilience of our systems and services when processing your personal data in the long term. Furthermore, they also ensure the rapid restoration of the availability of your personal data and access to them in the event of a physical or technical incident.
Our security measures also include the encryption of your personal data. When transmitting your personal data, we use SSL encryption. All information that you enter online is transmitted via an encrypted transmission path. This means that this information cannot be viewed by unauthorised third parties at any time.
Our security measures are continuously improved in line with technological developments.
We also take our own internal data protection seriously. Our employees and the service companies commissioned by us are bound to secrecy and to compliance with data protection regulations. In addition, they will only be granted access to your personal data to the extent necessary.
Illegal contents were not recognizable at the time of linking. A permanent control and examination of the linked pages without concrete evidence of an infringement is not reasonable. As soon as we become aware of any infringements of the law, such links will be removed immediately.
10. Use of the website by minors
The website is directed at an adult audience. Minors, especially children below the age of 16 years, are prohibited from transmitting their data to us, or to register for a service. If we discover that such data has been transmitted to us, this data will be deleted from our database. The parents (or legal representative) of the child can contact us and apply for the deletion or cancellation/deregistration. For this we need a copy of an official document which identifies you as parents or guardian.
11. Server log files
When you visit our website, our servers automatically store information in so-called log files. This information is automatically transmitted by your browser. These are:
- Browser type
- Browser version
- Used operating system
- Referrer URL
- Hostname of the accessing computer
- Time of server request
This data is processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term, and enabling the optimisation of our website and for internal statistical purposes, thus based on our legitimate interests. A combination of these data with other data sources is not carried out. In addition, this data cannot be traced back to individual persons. We reserve the right to check this data if we become aware of concrete indications of illegal use.
If you contact us via e-mail or via a form, the information you provide will be transmitted and stored for the purpose of processing your enquiry and forwarding it to the recipient intended internally for processing. Which data is collected in the case of a contact form can be seen from the respective form.
The basis for the processing of your personal data is our legitimate interest in processing your inquiry. If the establishment of contact serves the fulfilment of a contract to which you are a contracting party or the implementation of pre-contractual measures, this is an additional basis for the processing of your personal data.
You can object to this data processing at any time. Please send your objection to the following e-mail address: firstname.lastname@example.org.
We do not require you to provide any personal data for downloading.
14. Provision of contractual services
If we store your personal data based on a contractual relationship, this data will be stored for at least as long as the contractual relationship exists and as long as limitation periods for possible claims by us or legal or contractual storage obligations exist.
We use so-called cookies based on the legitimate interests on our website. Cookies are small text files that are stored on your computer with the help of the browser. These do not cause any damage to your computer or execute programs or transmit viruses. Cookies serve to make our offer more user-friendly, more effective and safer.
Most of the cookies we use are so-called session cookies. These are automatically deleted when you log out or close your browser. Other cookies remain stored on your computer beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit and to “remember” any settings you may have made (e.g. language, font size and other display preferences) over a certain period of time. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.
Most Internet browsers are regularly set to accept cookies. If you do not wish to accept cookies, you can set your browser so that it informs you when cookies are set, and you only allow or generally exclude the acceptance of cookies for certain cases in individual cases. You can also activate the automatic deletion of cookies when you close your browser. You can also delete cookies that have already been set at any time via an Internet browser or other software programs. If you deactivate cookies, the functionality of this website may be restricted. You can control and/or delete cookies as you wish. How you can find out here: aboutcookies.org.
16. Google Analytics
Based on our legitimate interests in the analysis, optimisation and economic operation of our online offering, we use Google Analytics, a web analysis service provided by Google Inc. (“Google”),1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thus offers a guarantee of compliance with EU and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We only use Google Analytics with IP anonymization enabled. This will cause Google to shorten your IP address within the EU/EEA or Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google uses this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services to us relating to website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other Google data.
We use Google Analytics to display ads placed by Google and its partners within our advertising services only to users who have shown an interest in our online services or who have specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we would also like to ensure that our ads correspond to the potential interest of the users and do not appear annoying.
For more information about Google’s use of data and setting and opt-out options, please visit: https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of data when you use the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”) and http://www.google.com/settings/ads (“Manage information Google uses to display advertisements”).
17. Script libraries, Google Web Fonts
We use Google Web Fonts on our website to display fonts based on our legitimate interests to display our content correctly and graphically appealing across browsers. Google Web Fonts are transferred to the cache of your browser to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a standard font.
Running script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently unclear if and for what purposes – that the operator collects Google data in this case.
Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thus offers a guarantee that it will comply with EU and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We do not collect any personal data through the integration of Google Web Fonts.
On the basis of our legitimate interests, we use YouTube for the integration of videos. YouTube is a service of YouTube LLC (“YouTube”), 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thereby offers a guarantee to comply with EU and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When you visit one of our YouTube video-equipped websites, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you are allowing YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.
For further information on YouTube’s use of the data and on the possibilities for recruitment and opposition, please visit: https://www.youtube.com/t/terms and http://www.google.com/intl/en/policies/privacy.
19. Google Maps
On the basis of our legitimate interests in the analysis, optimisation and commercial operation of our online service, we use Google Maps to display maps of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google is certified under the EU-US and Swiss-US Privacy Shield agreements and thus offers a guarantee to comply with EU and Swiss data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Further information on the use of data by Google Maps, settings and objection options can be found at: http://www.google.com/intl/en_en/help/terms_maps.html and http://www.google.com/intl/en/policies/privacy/.
20. Changes to this privacy notice
The current status is March 2019.