Data protection
Introduction
Schulthess Klinik respects the need to protect its clients' personal data and therefore complies with data protection rules, particularly the provisions of the Swiss Federal Data Protection Act (FDPA) and the EU General Data Protection Regulation (GDPR). Personal data is only processed if i) the data subject has given their approval, ii) this is necessary for the fulfilment of a contract, or iii) the FDPA, the GDPR, or some other law permits or stipulates processing.
The explanations below describe how we deal with any personal data we gather in relation to you.
Information regarding the controller
The controller in respect of your personal data and the operator of this website is the Wilhelm Schulthess-Stiftung, Lengghalde 2, CH-8008 Zurich, as the body responsible for Schulthess Klinik ('Schulthess Klinik').
If you have any questions or comments regarding our compliance with this data privacy statement or have any recommendations or observations on how we might improve data protection, please send us an email to datenschutz@kws.ch.
Principles of data processing
Purposes of data processing
We collect and process personal data provided to us voluntarily via our web services (e.g. contact forms) using technological means (including cookies and in the browser’s local memory) and store it. Such data also includes information about your health. Schulthess Klinik also automatically collects personal data every time contact is made with you via our web services. Every time you access and use one of our web services, certain personal data such as the IP address, the device’s MAC address, information about your device, browser, and operating system, the Internet provider, cookies, date and time of use, sites and content accessed, functions used, referring websites, location information, and language and country settings is collected. Personal data is only ever saved and processed to provide you with individual care or to help us deliver the services we offer. The explanations below provide you with an overview of how Schulthess Klinik ensures this protection as well as what kind of data is gathered, processed, or used and for what purpose. Possible purposes include the following:
- Communication: Schulthess Klinik processes your personal data (first name, surname, address, contact details, age) in order to communicate with you by phone, post, or electronic channels.
- Services: Schulthess Klinik processes your personal data (including other personal information such as your profession and nationality as well as information about your health) in order to provide you with individual care and for other purposes for which you have given your consent (such as for research purposes).
- Analysis of user behaviour in relation to the website: Schulthess Klinik also studies users' behaviour in relation to this website with a view to improving our Internet-based offerings or tailoring them to your individual requirements.
Retention period
The data gathered is retained by Schulthess Klinik in accordance with the statutory provisions relating to retention. This means data is stored in principle for 10 years or for 30 years for research purposes. This period may be extended in exceptional cases (if justified on statutory grounds) or with your consent.
Web-based services
Logging
Schulthess Klinik automatically gathers and saves in its server log files some of the information typically transmitted by the browser and makes this available to your browser too. There is no way Schulthess Klinik can link this data to any specific individuals. This data is not merged with any other data sources either.
Cookies and the browser’s local memory (local storage)
To collect the data specified above, Schulthess Klinik uses cookies and similar technologies. A cookie is a small file sent to your computer when you visit our website. If you access the website again, this makes it easier for us to recognise you, even if we do not know who you are. The personal data collected about you is stored in the cookies and the browser’s local memory ('local storage'). This helps make our offer user-friendly, effective, and reliable. Passwords are not saved in cookies or in the local storage. Most of the cookies we use are known as session cookies. They are automatically reset at the end of your visit. When you end the session by closing your browser, the cookie remains saved for a certain time and is then overwritten or deleted by the client (e.g. your PC or your tablet).
If you use Apple and have installed the latest version of Safari (Safari 12.1) or the latest version of the iOS operating system (iOS 12.2), your protection against user tracking has been enhanced by so-called Intelligent Tracking Prevention (ITP). Tracking cookies have a limited lifetime of 7 days and are deleted 7 days after your last visit to the website. After this, you can no longer be identified as a returning user. To be recognised as a returning Safari user after these 7 days, the tracking cookie needs to be rewritten. In commonly used browsers, it is possible to block the use of cookies, receive a warning before they are created, or delete them at a later point in time. You can find out how to block the use of cookies in your browser on the website of the data protection officer of the Canton of Zurich, for example. If you no longer want to be tracked, you need to delete the cookies and the local storage (the browser’s local memory). You can do this in your browser’s settings (e.g. under 'Delete browser data'). Please be aware, however, that this may mean you are unable to make full use of all of the functions of this website.
When using Google Analytics (see below), Schulthess Klinik does not collect any personal data. Your IP address is also anonymised.
In certain cases, your personal data is encrypted during transmission by the protocol known as Transport Layer Security (TLS). This means communication between your computer and our servers uses a recognised encryption process if your browser supports TLS.
Google Analytics
On our website, we use Google Analytics or similar services. Google Analytics is a service offered by Google LLC in the US (www.google.com), which we can use to measure and evaluate the use of the website (in a way that cannot be traced back to individuals). Google Analytics also places permanent cookies for this purpose. Although Google Analytics does not receive any personal data from us (nor does it store any IP addresses), it can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by Google Analytics, and use these findings for its own purposes (e.g. for controlling advertising). If you have registered with Google Analytics itself, it will also recognise you. In this case, Google Analytics is responsible for the processing of your personal data, which it does in line with its data protection provisions. Google Analytics only tells us how our website is used (and does not provide us with personal information about you).
Google Analytics stores the client ID in a cookie. It is also stored in your browser’s local memory so that the relevant Google Analytics cookie can be rewritten with the same client ID after it has been automatically or manually deleted (by you) after the 7 days mentioned above. If you would like your client ID to be deleted, you also need to delete your browser’s local memory. You can do this in your browser’s settings (e.g. under 'Delete browser data').
For more detailed information on Google's terms of service and on data protection at Google, please see www.google.com/analytics/terms/de.html and www.google.com/intl/de/analytics/privacyoverview.html.
When you use web-based services, you agree to Google processing the data gathered about you in the manner described above and for the purpose stated above.
For information on how you can prevent the web analysis service processing your data, please see: http://tools.google.com/dlpage/gaoptout
Google Maps
Schulthess Klinik uses Google Maps from Google. User information is transmitted to Google when sites with integrated Google Maps are called up. Detailed information on the extent and purpose of data gathering and processing is available in the terms of service for Google Maps, to which there is a link on the section of map presented, and in Google's data privacy statement (see above under 'Google Analytics'). To deactivate Google Maps, you can disable the use of JavaScript in your browser. You can find the terms of service for Google Maps in 'Google Maps Terms of Service'.
Siteimprove Analytics
Schulthess Klinik uses Siteimprove Analytics, a web analysis service run by Siteimprove GmbH. Siteimprove Analytics uses cookies, which are saved to your computer and facilitate analysis of your use of the website. The information about your use of this website generated by cookies is transmitted to a Siteimprove server in Denmark and saved there. Siteimprove uses the information to assess use of the website and compile reports on website activity for website operators. Siteimprove will not pass this information on to third parties. For further information, please see https://siteimprove.com/en/privacy/.
Right to information
You have the right to information about the data saved in relation to you as a person, about those receiving it, and about the purpose of data processing. We can also answer any questions you may have about the gathering, processing, and use of your personal data. We make this information available to you free of charge in accordance with the relevant legislation and in a suitable form.
Passing on personal data
Data gathered is only passed on to third parties if there is a statutory basis to do so or you have given your consent. Data is not passed to third parties for any other purposes such as market research or other marketing activities. Schulthess Klinik reserves the right, however, to use or pass on data where this is required in order to comply with laws, provisions, or legal requirements, particularly in order to protect the integrity of the website or support investigations by enforcement authorities or investigations into matters concerning public security.
Data security
All data gathered via this website is protected through suitable technical and organisational measures against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons. Safety precautions are constantly improved to reflect developments in technology. Our employees must comply with specific confidentiality requirements as per the GDPR. Care is taken to ensure the security of data saved by Schulthess Klinik.
User rights
You have the right at any time to assert your data protection rights and ask whether we process any personal data about you (and which data might be involved). You can ask for inaccurate information to be corrected, supplemented, or erased and – depending on the legal basis involved – you can even ask for your personal data saved with us to be erased and/or to restrict the processing of it. You may also have the right to data portability and a right to complain. In addition, you have the right to withdraw your consent in relation to personal data you have actively disclosed or whose use you have actively agreed to by, say, completing a registration or contact form.
Please note that erasure of data may make medical care more difficult or undermine its provision.
Without prejudice to any other administrative or judicial remedy, you may have the right to complain to a supervisory body, particularly in the member state where you are domiciled, where you work, or where the suspected infringement took place, if you believe that any processing of personal data relating to you infringes the GDPR.
Changes to our data privacy statement and provision of information
From time to time, it may prove necessary to make changes to this data privacy statement. Schulthess Klinik recommends therefore that you read this statement at regular intervals. However, no changes to the data privacy statement are ever retroactive, so do not affect the way any data gathered before the change in question is processed.
If you have any questions about this data privacy statement or any other questions about data processing at Schulthess Klinik, please contact us at the above address.
Company data protection officer
Schulthess Klinik has appointed a company data protection officer to ensure and monitor data protection. This person can be contacted at the following address: datenschutz@kws.ch
We updated our privacy policy on 10 October 2019.