Schulthess Klinik respects the need to protect its clients' personal data and therefore complies with data protection rules, particularly the provisions of the Swiss Federal Data Protection Act (FDPA) and the EU General Data Protection Regulation (GDPR). Personal data is only processed if i) the data subject has given their approval, ii) this is necessary for the fulfilment of a contract, or iii) the FDPA, the GDPR, or some other law permits or stipulates processing.
The explanations below describe how we deal with any personal data we gather in relation to you.
Information regarding the controller
The controller in respect of your personal data and the operator of this website is the Wilhelm Schulthess-Stiftung, Lengghalde 2, CH-8008 Zurich, as the body responsible for Schulthess Klinik ('Schulthess Klinik').
If you have any questions or comments regarding our compliance with this data privacy statement or have any recommendations or observations on how we might improve data protection, please send us an email to email@example.com.
Principles of data processing
Purposes of data processing
We collect and process personal data provided to us voluntarily via our web services (e.g. contact forms) using technological means (including cookies and in the browser’s local memory) and store it. Such data also includes information about your health. Schulthess Klinik also automatically collects personal data every time contact is made with you via our web services. Every time you access and use one of our web services, certain personal data such as the IP address, the device’s MAC address, information about your device, browser, and operating system, the Internet provider, cookies, date and time of use, sites and content accessed, functions used, referring websites, location information, and language and country settings is collected. Personal data is only ever saved and processed to provide you with individual care or to help us deliver the services we offer. The explanations below provide you with an overview of how Schulthess Klinik ensures this protection as well as what kind of data is gathered, processed, or used and for what purpose. Possible purposes include the following:
- Communication: Schulthess Klinik processes your personal data (first name, surname, address, contact details, age) in order to communicate with you by phone, post, or electronic channels.
- Services: Schulthess Klinik processes your personal data (including other personal information such as your profession and nationality as well as information about your health) in order to provide you with individual care and for other purposes for which you have given your consent (such as for research purposes).
- Analysis of user behaviour in relation to the website: Schulthess Klinik also studies users' behaviour in relation to this website with a view to improving our Internet-based offerings or tailoring them to your individual requirements.
The data gathered is retained by Schulthess Klinik in accordance with the statutory provisions relating to retention. This means data is stored in principle for 10 years or for 30 years for research purposes. This period may be extended in exceptional cases (if justified on statutory grounds) or with your consent.
Schulthess Klinik automatically gathers and saves in its server log files some of the information typically transmitted by the browser and makes this available to your browser too. There is no way Schulthess Klinik can link this data to any specific individuals. This data is not merged with any other data sources either.
Cookies and the browser’s local memory (local storage)
When using Google Analytics (see below), Schulthess Klinik does not collect any personal data. Your IP address is also anonymised.
In certain cases, your personal data is encrypted during transmission by the protocol known as Transport Layer Security (TLS). This means communication between your computer and our servers uses a recognised encryption process if your browser supports TLS.
On our website, we use Google Analytics or similar services. Google Analytics is a service offered by Google LLC in the US (www.google.com), which we can use to measure and evaluate the use of the website (in a way that cannot be traced back to individuals). Google Analytics also places permanent cookies for this purpose. Although Google Analytics does not receive any personal data from us (nor does it store any IP addresses), it can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by Google Analytics, and use these findings for its own purposes (e.g. for controlling advertising). If you have registered with Google Analytics itself, it will also recognise you. In this case, Google Analytics is responsible for the processing of your personal data, which it does in line with its data protection provisions. Google Analytics only tells us how our website is used (and does not provide us with personal information about you).
Google Analytics stores the client ID in a cookie. It is also stored in your browser’s local memory so that the relevant Google Analytics cookie can be rewritten with the same client ID after it has been automatically or manually deleted (by you) after the 7 days mentioned above. If you would like your client ID to be deleted, you also need to delete your browser’s local memory. You can do this in your browser’s settings (e.g. under 'Delete browser data').
For more detailed information on Google's terms of service and on data protection at Google, please see www.google.com/analytics/terms/de.html and www.google.com/intl/de/analytics/privacyoverview.html.
When you use web-based services, you agree to Google processing the data gathered about you in the manner described above and for the purpose stated above.
For information on how you can prevent the web analysis service processing your data, please see: http://tools.google.com/dlpage/gaoptout
Right to information
You have the right to information about the data saved in relation to you as a person, about those receiving it, and about the purpose of data processing. We can also answer any questions you may have about the gathering, processing, and use of your personal data. We make this information available to you free of charge in accordance with the relevant legislation and in a suitable form.
Passing on personal data
Data gathered is only passed on to third parties if there is a statutory basis to do so or you have given your consent. Data is not passed to third parties for any other purposes such as market research or other marketing activities. Schulthess Klinik reserves the right, however, to use or pass on data where this is required in order to comply with laws, provisions, or legal requirements, particularly in order to protect the integrity of the website or support investigations by enforcement authorities or investigations into matters concerning public security.
All data gathered via this website is protected through suitable technical and organisational measures against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons. Safety precautions are constantly improved to reflect developments in technology. Our employees must comply with specific confidentiality requirements as per the GDPR. Care is taken to ensure the security of data saved by Schulthess Klinik.
You have the right at any time to assert your data protection rights and ask whether we process any personal data about you (and which data might be involved). You can ask for inaccurate information to be corrected, supplemented, or erased and – depending on the legal basis involved – you can even ask for your personal data saved with us to be erased and/or to restrict the processing of it. You may also have the right to data portability and a right to complain. In addition, you have the right to withdraw your consent in relation to personal data you have actively disclosed or whose use you have actively agreed to by, say, completing a registration or contact form.
Please note that erasure of data may make medical care more difficult or undermine its provision.
Without prejudice to any other administrative or judicial remedy, you may have the right to complain to a supervisory body, particularly in the member state where you are domiciled, where you work, or where the suspected infringement took place, if you believe that any processing of personal data relating to you infringes the GDPR.
Changes to our data privacy statement and provision of information
From time to time, it may prove necessary to make changes to this data privacy statement. Schulthess Klinik recommends therefore that you read this statement at regular intervals. However, no changes to the data privacy statement are ever retroactive, so do not affect the way any data gathered before the change in question is processed.
If you have any questions about this data privacy statement or any other questions about data processing at Schulthess Klinik, please contact us at the above address.
Company data protection officer
Schulthess Klinik has appointed a company data protection officer to ensure and monitor data protection. This person can be contacted at the following address: firstname.lastname@example.org