Privacy at BodyLab GmbH

Here you will find everything about what we know about you, or need to know, namely when, where and which data we record from you, what we do with this data, how we process it, to whom we must disclose it, when we delete it again, and what you can do about it. We, BodyLab GmbH, any affiliated companies and any subsidiaries (hereinafter also 'we' or 'us') take data protection very seriously. We strive to collect as little personal data as possible, meaning only data that can actually be used to provide our services and carry out our business activities, and to refrain from everything unnecessary.

1. What this is about

We, BodyLab GmbH, based in Zurich, Switzerland,

• respect the applicable statutory data protection provisions;

• collect and process personal data (hereinafter also 'data') in accordance with this privacy policy;

• generally observe the principle of necessity, according to which we only collect and process as much data as is necessary for the intended purpose.

In the course of our business activities, we obtain and process data, in particular personal data about persons interested in our activities, our customers, related persons, visitors to our websites, participants in events, job applicants, any recipients of newsletters or other publications, and other third parties (hereinafter also 'you').

In addition to this privacy policy, we may inform you separately about the processing of your data (e.g. in forms or contractual terms).

If you disclose data about other persons to us, we assume that you are authorised to do so, that this data is correct, and that you have ensured that those persons have been informed of this disclosure, insofar as a legal duty to inform applies (e.g. by having provided them with this privacy policy in advance).

Please obtain information about the offers, terms and conditions, and handling of personal data of other offers and services (such as third-party websites and social media), even if they are linked here, directly from those providers.

2. Who is responsible

The controller responsible under data protection law for the processing described in this privacy policy is:

BodyLab GmbH
Alex Schück, Albulastrasse 50, CH-8048 Zurich

E-mail datenschutz@bodylab.ch  

3. Which law applies

Our data processing is subject to Swiss data protection law.

For visitors staying in the European Union ('EU') and the European Economic Area ('EEA'): Switzerland and the EU, including the EEA, mutually recognise their data protection laws as equivalent. In certain cross-border cases, a specific data processing activity may also be subject to EU law, in particular the EU General Data Protection Regulation ('GDPR').

We do not assume that the GDPR generally applies to our data processing. However, if the GDPR should exceptionally apply to certain processing activities, then the following provisions apply additionally, exclusively for the purposes of the GDPR and the processing activities subject to it:

3.1. Further details on the scope and applicability of the GDPR

If the GDPR applies, we base the processing of your personal data in particular on the following grounds:

• necessity for the initiation, conclusion and performance of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR),

• necessity for safeguarding our legitimate interests or those of third parties, e.g. for communication with you or third parties, to operate our websites, to improve our electronic offers and services and the registration for certain offers and services, for security purposes, to comply with the law and internal regulations, for our risk management and corporate governance, and for further purposes such as training and education, administration, evidence and quality assurance, organisation, carrying out and follow-up of events, and for safeguarding other legitimate interests (Art. 6 para. 1 lit. f GDPR),

• legal requirement or legal permission due to our mandate or our position under the law of the EU, the EEA or an EU member state (Art. 6 para. 1 lit. c GDPR), or necessity to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

• your consent to processing, e.g. via an შესაბამის declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

You also then have all the rights granted to you by the GDPR in this regard (in addition to the practically corresponding rights under Swiss data protection law): with regard to your personal data that we store and process, you may request the following actions from us:

• information about such data, pursuant to Art. 15 GDPR;

• rectification, insofar as the data is incorrect, pursuant to Art. 16 GDPR;

• erasure, under Art. 17 GDPR; or restriction thereof, if it may not be erased, under Art. 18 GDPR (in which case it will be marked for restriction of future processing); both subject to overriding legitimate interests on our part or based on statutory provisions to retain and use the data further;

• the right to object to the use of your data, subject to the proviso that there are no compelling grounds against such objection or that we need the data to safeguard our rights;

• the release of the data you have provided to us on the basis of your consent, pursuant to Art. 20 GDPR.

The right stated above to object to the processing of your data applies in particular to processing for direct marketing purposes.

If you do not agree with our handling of your rights or with data protection, please let us know (see contact details above). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of EEA authorities can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de#member-de. 

4. Which data do we store

We primarily process personal data that we receive directly from you in the context of our contractual relationships with our customers and our activities with third parties, including you as users. We may also receive, collect or process data from business partners or other involved persons. Where permitted and necessary, we also obtain data from publicly accessible sources (such as public registers, media, the internet) or receive such data from our customers and their employees, from authorities and third parties (such as business and contractual partners of our customers, medical institutions, doctors, healthcare professionals, health insurers, etc.).

In addition to the data we receive directly from you, the categories of personal data we receive from third parties include, in particular but not limited to:

• master data (e.g. names, addresses, functions, date of birth, organisational affiliation, etc.)

• contact data (e.g. e-mail address, telephone number, etc.)

• content data (e.g. text and image files, videos, etc.)

• usage data (e.g. access data)

• health data relevant to treatment (illnesses, accidents, insurance information, health-insurance and insurance/claims numbers, biological sex, etc.)

• meta/communication data (e.g. IP addresses)

• information you disclose to us yourself on the basis of the contractual relationships between us

• information related to your professional functions and activities

• information about you in correspondence and meetings between us or with third parties (e.g. via communication by telephone, mail or other means)

• information via the configuration of your user settings, access permissions for data or other interaction with us

• information from public registers (debt enforcement register, commercial register, land register)

• registration for or participation in an event

• information about you from media and the internet (insofar as this is relevant in the specific case), as well as references in job applications.

• completion of questionnaires, support tickets or other forms for information requests

If you do not disclose certain personal data to us, this may mean that the corresponding services cannot be provided or that a contract cannot be concluded. We indicate the personal data that must be provided on a case-by-case basis.

Information about you that persons from your environment (family, advisers, legal representatives, etc.) provide to us so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney)

5. Where do the data come from

Data from you

Many of the data we process are disclosed to us by you yourself (e.g. when using our website, in connection with our services for you, or when communicating with us). In some cases, this data is also transmitted to us automatically by your device. You are only obliged to disclose your data in exceptional cases. However, if you want to conclude contracts with us or use our services, for example, you must provide us with certain data. Using our website is also not possible without a minimum amount of data collection and processing.

Data from third parties

We may also obtain data from publicly accessible sources (e.g. media or the internet, including social media platforms, public registers, online research, etc.) or receive it from your treating doctor, the competent authorities, your employer or client who has a business relationship with us or otherwise dealings with us, as well as from other third parties (e.g. associations, contractual partners, health insurers, internet analytics services). This includes in particular the data we process in connection with patient treatment and care, as well as data from correspondence and other communication with third parties, but also all other data categories according to section 4 'Which data do we store'.

Data in communication with you and for you

In addition to in-person meetings, telephone consultations, postal mail and e-mail, we use a variety of other communication channels with you. And for communication needed for you or for your treatment, both internally and with third parties, we use software and tools (SaaS) from third parties.

Use of AI services

To support internal administrative, organisational and professional processes, we may use AI-powered services, such as Claude from Anthropic. The services currently used are listed below.

The use of AI-powered services is exclusively for supporting purposes, such as drafting and revising texts, structuring content, general professional research without reference to persons, and administrative support.

We do not enter any personal data, in particular no health data or other especially sensitive personal data of our patients, into the service.

If data is processed in the course of using AI-powered services, it is limited to anonymised or abstracted content, general professional questions without clear personal reference, and technical inputs required to use the service.

The use is carried out in compliance with the applicable data protection provisions and internal guidelines on data security and confidentiality. Content generated by the service is used exclusively as support and is reviewed by qualified specialist personnel before any further use.

Further information on the handling of data by the provider can be found in the privacy policy of the AI-powered services used.

Below you will find the services we mainly use: 

1. Maintenance of patient files: Medionline

We use the Ärztekasse Medionline tool for entries related to patient visits. This concerns all administrative matters (appointments, agenda, scheduling, patient visits themselves, patient file etc.) and generally all purposes as practice software. All necessary documents are stored online and notes are recorded.

Provider: Ärztekasse Genossenschaft, In der Luberzen 1, 8902 Urdorf

Privacy: https://www.medionline.ch

Legal basis: Legitimate interest

2. Video calls

Service: Zoom

Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, San Jose, CA 95113, USA

Privacy: https://www.zoom.com/en/trust/privacy/

Legal basis: Legitimate interest

Service: Microsoft Teams

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy: https://www.microsoft.com/de-de/privacy/privacystatement

Legal basis: Legitimate interest

Service: Apple FaceTime

Provider: Apple Inc., Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA

Privacy: https://www.apple.com/chde/legal/privacy/

Legal basis: Legitimate interest

3. Microsoft Office365

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy: https://www.microsoft.com/de-de/privacy/privacystatement

Legal basis: Legitimate interest

4. Cloud Data Services: Google Drive Services

Provider: Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: https://policies.google.com/privacy?hl=ch-DE

Legal basis: Legitimate interest

5. Cloud Data Services: Apple iCloud

Provider: Apple Inc., One Apple Park Way, Cupertino, CA, USA (headquarters); Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland (European branch, subsidiary)

Privacy: https://www.apple.com/chde/legal/privacy/

Legal basis: Legitimate interest

6. Newsletter: Brevo

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, DE

Privacy: https://www.brevo.com/de/legal/privacypolicy/

Legal basis: Legitimate interest, including your right to unsubscribe at any time 

7. Telephony: CTI Client

Provider: WWCOM, Schöngrund 26, 6343 Rotkreuz

Privacy: https://wwcom.ch/home/disclaimer

Legal basis: Legitimate interest

8. Telephone system: Nexphone

Provider: Nexphone AG, Alpenstrasse 1, 8803 Rüschlikon

Privacy: https://www.nexphone.ch/datenschutzerklaerung.html

Legal basis: Legitimate interest 

9. Individual training app for patients: PhysiApp

Provider: Physitrack PLC, 140 Aldersgate Street, London, EC1A 4HY, United Kingdom

Privacy: https://www.physitrack.com/de/legal/privacy

Privacy and handling of app users: https://www.physitrack.com/de/legal/physiapp

Legal basis: Legitimate interest, or your consent, which you can revoke at any time, but then you will no longer be able to continue using PhysiApp.

Note: The extent of the data collected by Physitrack and the sub-processors commissioned by Physitrack when using the app cannot be influenced by BodyLab. Further information can be found directly on the Physitrack website at https://www.physitrack.com/de/legal/physiapp and https://www.physitrack.com/de/legal/data-processing-agreement as well as https://www.physitrack.com/de/legal/data-retention.

10. AI-powered services: Claude

Provider: Anthropic, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA

Privacy: https://www.anthropic.com/privacy

Legal basis: Legitimate interest in the efficient design of internal work processes and in the use of modern technologies to support administrative and professional activities.

Note: Claude is used in the Pro version and exclusively to support internal processes (e.g. drafting texts, structuring content, general research without personal reference). No personal data, in particular no health data or other especially sensitive personal data, are entered into Claude.

For the use of the AI service Claude, it is technically necessary that data be transmitted to servers of the provider Anthropic. Anthropic is a company based in the United States. A transfer of data to a third country without an adequate level of data protection therefore cannot be ruled out.

The extent of the data collected and processed by Anthropic and any commissioned sub-processors cannot be influenced by us. A transfer of data to the United States cannot be ruled out and is highly likely. We ensure through appropriate internal policies that no sensitive or personal data is transmitted.

6. How are the data processed and used

In the course of our operations, we may process various categories of personal data for different purposes. In particular, we process the personal data about you mentioned in section 4 for the following purposes:

Communication

We process personal data so that we can communicate with you and with third parties by e-mail, telephone, letter or other means. This may also take place, for example, in the form of newsletters and other regular contacts (e.g. electronically, by post, by telephone). You may refuse this communication at any time or refuse or revoke your consent to it. In the course of communication, we process in particular the content and metadata of the communication as well as your contact data, but also image and audio recordings of (video) telephone calls. In the event of an audio or video recording of the communication, we will inform you separately at the beginning, and you are free to tell us if you do not wish a recording to be made, or to end the communication or leave the call. If we need or want to establish your identity, we may collect additional data.

Activities related to contracts, services, treatments

With a view to concluding a contract with you or your client or employer, we may in particular process your name, contact details, declarations of consent, information about third parties (e.g. contact persons, third parties, project participants, etc.), contract content, as well as all other data you provide to us or that we lawfully collect from public sources or from third parties.

Contract administration and patient treatment

We process personal data so that we can fulfil our contractual obligations towards our contractual partners (e.g. suppliers, service providers, patients) and in particular provide and demand contractual services. This also includes data processing for maintaining the patient file, as well as data processing for enforcing contracts, accounting, and communication, both with our patients and with third parties and publicly. For this purpose, we process in particular the data that we have received or collected in the course of acquisition and contract conclusion, as well as data that we create in the course of our contractual services or that we collect or receive from public sources or other third parties. This data includes in particular interview notes, notes, internal and external correspondence, contractual documents, patient records from third parties, notifications from health institutions and doctors, documents we create and receive in connection with patient treatment, background information about you or other persons, image and sound recordings, as well as other patient-related information, documents, service records, invoices, and financial and payment information. If necessary for treatment, we may also collect and process especially sensitive personal data in the course of these activities. Otherwise, in particular with regard to the collection of patient master data, we follow the recommendation of the Swiss associations of osteopaths and physiotherapists. Where these associations make no recommendations, we usually follow the recommendations of FMH, the Swiss Medical Association.

Security purposes, access controls, video surveillance

We process personal data to ensure and continuously improve the appropriate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems and access to our premises, analyses and tests of our IT infrastructure, system and fault checks, and the creation of backups.

For documentation and security purposes (preventive and for clarifying incidents), we also use surveillance systems ('system') in our premises, in particular for our own security. We indicate the presence of surveillance systems at the relevant locations with corresponding signs.

Although we use a video surveillance system in the generally accessible practice rooms, no recordings are made in the respective individual treatment rooms. This means that no compromising recordings of our patients are created. 

The personal data created by the system in the recordings of our premises is processed in order to ensure the protection of persons and property against possible attacks, theft, robbery, damage, vandalism and similar offences, and also serves the purposes of fire protection, workplace safety, and the pursuit of our legitimate interests through the collection of evidence and for further organisational requirements.

The collected recordings are not used for the purpose of monitoring the activities of employees, except to uncover unlawful or fraudulent behaviour punishable by criminal consequences. In general, we have configured the system so that data collection and processing are minimised as much as possible and potential risks to data subjects are therefore as low as possible. For example, by using the system, we do not collect any statistical data from visitors, not even in anonymised form.

The recordings are made both during normal opening hours and after business hours and while the premises are empty, for the reasons mentioned above.

The data is viewed exclusively electronically by BodyLab management and processed if necessary. 

For video surveillance, we use software from the service provider Ubiquiti Networks . The data is physically stored on internal servers of BodyLab, which are accessible only via VPN or app using two-factor authentication.

The recordings of the video surveillance are stored for a maximum of 7 days and then deleted, unless they are needed for special requirements in connection with investigative activities or other legally required or permitted activities, such as the work of the police or the judiciary. Personal data is not disclosed or communicated to third parties, except for the necessities mentioned above.

Risk management and corporate governance

We process personal data as part of risk management and corporate governance. This includes, among other things, our operational organisation (e.g. resource planning, employee data) and corporate development.

Job applications

If you apply to us for a position, we process the relevant data for the purpose of reviewing and assessing the application, conducting the application process and, in the case of successful applications, preparing and concluding the corresponding contract. In addition to your contact details and the information from the relevant communication, we process in particular the data contained in your application documents, potentially also criminal record extracts, and data that we may additionally obtain about you, for example from job-related social networks, the internet, the media and references (if you consent to obtaining references). Data processing in connection with the employment relationship is regulated separately.

Operation of our websites

In order to operate our website securely and stably, we collect technical data such as IP address, information about the operating system and settings of your device, the region, the time and the type of use. We also use cookies and similar technologies in some cases. Further information can be found below in the relevant section.

Improvement of our electronic offers

In order to continuously improve our website and electronic offers (e.g. newsletters), we collect data about your behaviour and preferences by, for example, analysing how you navigate through our websites and how you interact with our social media profiles and other electronic offers (e.g. newsletters).

Registration

In order to use certain offers and services (e.g. newsletters), you must register. For this purpose, we process the data disclosed in the course of the respective registration. We may also collect personal data about you while you are using the offer or service. If necessary, we will provide you with further information about the processing of this data.

Further purposes

Other purposes include, for example, training and education purposes as well as administrative purposes (e.g. accounting). In addition, we may process personal data for the organisation, execution and follow-up of events, in particular participant lists and the content of presentations and discussions, but also image and audio recordings made during such events. Safeguarding other legitimate interests is also among the further purposes, which cannot be exhaustively listed.

7. Which data is collected and processed when visiting our website

General settings and internal guidelines

Type and depth of data, links to service providers

The terms of use and privacy policies of the services we use may change continuously, and with them the type and depth of data collected by the service provider. For this reason, we do not list in detail the data that may be collected by each service. However, we provide the corresponding link to each referenced service's privacy policy. We periodically review the links to the respective services and their privacy policies and endeavour to keep the links up to date. Nevertheless, it may happen that individual links are no longer current. If you come across such an outdated link, please inform us immediately.

Selection of service providers, server locations, Data Privacy Framework

As a general rule, we use service providers where possible who store the data on data centres in Switzerland or the EU, where this can be chosen. Where data is stored in the USA, on CDN servers (and thus globally), or in other countries, we select service providers from countries with an adequate level of data protection, such as Switzerland (for US providers, for example, those covered by the data protection framework between Switzerland and the USA ['Swiss-U.S. Data Privacy Framework', 'SDPF', https://www.dataprivacyframework.gov/]). For the US service providers we use, we almost exclusively use those that fall under the SDPF. Their compliance with the Privacy Framework or with Swiss data protection law can be viewed via the search function at https://www.dataprivacyframework.gov/list, and the details of the accessible individual entries can be checked at any time.

Processors, DPA, SCC, level of protection

If necessary, we have concluded a data processing agreement, usually based on EU standard contractual clauses (Standard Contractual Clauses of the European Commission, 'SCC'), or a Data Privacy Addendum ('DPA') with the external data processors (or the latter is often already incorporated as a legally valid contractual component through the third party's general terms and conditions), in order to ensure appropriate security. The provider generally guarantees therein to process personal data in accordance with the requirements and levels of protection of Swiss and European data protection laws, even outside Switzerland and the EU.

Within our company, only selected employees have access to such data on a need-to-know basis. All employees who access personal data must comply with the internal rules and processes and, where applicable, regulations regarding the processing of personal data in order to protect it and ensure its confidentiality.

Security, encryption (external)

We have taken appropriate technical and organisational security measures to protect the personal data we collect when you visit the website from unauthorised, accidental or unlawful use.

‍To protect the security of data transmission, we use customary encryption (e.g. SSL) over HTTPS.

Administration

We administer our website ourselves. CarigietSolutions, Männedorf, is responsible as webmaster of our website on our behalf (www.carigiet-solution.ch).

Cookies

When using our websites (including newsletters), data is generated and stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors, analyse their behaviour and identify preferences. A cookie is a small file that is transmitted between your system and the server and enables recognition of a specific device or browser.

You can usually set your browser to automatically reject, accept or delete cookies. You can also deactivate or delete cookies on a case-by-case basis or generally refuse the setting of cookies for our website. You can find out how to manage cookies in your browser in your browser's help menu.

Neither the technical data we collect nor the cookies usually contain personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have an account with those providers or are still logged in to the third party's service during your visit to our website) may be linked with the technical data or with the information stored in cookies and derived from them, and thus possibly with you personally.

Social networks

We currently do not use social media plug-ins (small software components) that create a connection between your visit to our websites and a third-party provider; instead, we merely link to content on social media platforms.

The social media plug-in informs the third party provider that you have visited our websites and may transmit cookies to the third party provider that the latter previously placed on your web browser. Further information on how these third party providers use your personal data collected via their social media plug-ins can be found in their respective privacy policies.

In addition, we use our own tools and third-party services (which may themselves use cookies) on our websites, in particular to improve the functionality or content of our websites (e.g. integration of videos or maps), to create statistics and to display advertisements.

Personal data on our social network pages

We maintain online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The platform providers may analyse your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms), and act as independent controllers for this purpose. Further information on processing by the platform operators can be found in the privacy policies of the respective platforms.

Third-party services used when using our website

1. Hosting, CMS, web design, search function, cookies

Provider: Framer B.V., Rozengracht, 1016 LZ Amsterdam, Netherlands ('Framer')

Privacy: https://www.framer.com/legal/privacy-statement/

Legal basis: Legitimate interest; you can adjust your consent to the various cookie categories in advance and during your visit to our website. Cookie Script is provided by the CMS Framer for use on websites created with Framer.

2. Calendar functions, appointment entries, booking functions 

We use OneDoc as an integrated tool for finding and booking appointments. Data exchanged via OneDoc is encrypted both during transmission and at rest and is decrypted upon retrieval. The terms and conditions of OneDoc apply to access rights, over which we have no influence. No data other than patient data, address data and the data entered by the therapist are stored; in particular, our internally recorded patient data concerning especially sensitive personal data and medical history is not transmitted to OneDoc. For the automatic messages from OneDoc to the patient, name and mobile number as well as e-mail are always stored, if known.

Service: OneDoc

Provider: OneDoc SA, Chemin des Mines 15 bis, CH-1202 Geneva

Privacy: https://privacy.onedoc.ch/de/privacy-policy

Legal basis: Your consent, which you give by using the booking function.

3. Google services

Our website uses various services from subsidiaries of the US company Alphabet Inc. (see table). These services generally all refer to the same privacy policy, which can be found at https://policies.google.com/privacy.

If the IP anonymisation function is activated, your IP address is shortened by Google before being transmitted to the USA. The full IP address is transmitted to a Google server in the USA only in exceptional cases and is shortened there. Google uses this transmitted information to evaluate your use, to create analytics services about these activities and to provide further services for us, such as map services.

Provider/headquarters: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (unless otherwise and separately noted)

General privacy notices for Google services: https://policies.google.com/privacy 

(if further relevant privacy notices are provided for the specific service, these are listed separately. Otherwise, Google's general privacy policy applies)

Service: Google Analytics

Privacy notice: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008&sjid=11159380926726341526-EU

Information for Google accounts: https://policies.google.com/technologies/partner-sites?hl=de

Legal basis: Your consent, which you provide in advance and can also revoke later. 

Service: Google Maps

Legal basis: Legitimate interest or your consent, which you provide in advance and can also revoke later. 

Service: Google Looker Studio

Legal basis: Your consent, which you provide in advance and can also revoke later. 

Service: Google Tag Manager

Legal basis: Your consent, which you provide in advance and can also revoke later. 

Service: Google Ads 

Legal basis: Your consent, which you provide in advance and can also revoke later. 

Service: Google Marketing Platform 

Legal basis: Your consent, which you provide in advance and can also revoke later. 

Service: Google MyBusiness

Legal basis: Legitimate interest.. 

Service: YouTube

Provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

Legal basis: Legitimate interest

4. Social network links

We merely enable access to linked entries in various social networks. Links to our own presences on social media platforms are also designed in this way. These links are stored on our website and actively link to the corresponding platforms. However, we do not use active cookies from the platform operators or, for example, the Facebook Pixel. We cannot, however, guarantee that the platform operators will not be able to draw certain conclusions about you or your user/browsing behaviour through you clicking the link.

We are entitled, but not obliged, to review content before or after publication on our online presences, to delete content without notice and, where appropriate, to report it to the provider of the relevant platform.

Service: LinkedIn

Provider: LinkedIn Ireland Unlimited Company or LinkedIn Corporation

Privacy notices: https://www.linkedin.com/legal/privacy-policy

Legal basis: Your consent, which you provide in advance and can also revoke later.

Service: Facebook

Provider: Meta Inc., 1 Meta Way, Menlo Park, CA 94025, USA

Privacy notices: https://www.facebook.com/privacy/policy

Legal basis: Your consent, which you provide in advance and can also revoke later.

Service: Instagram

Provider: Meta Inc., Menlo Park, CA 94025, USA

Privacy notices: https://privacycenter.instagram.com/policy

Legal basis: Your consent, which you provide in advance and can also revoke later.

5. Fonts

Provider: Google Fonts, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Provided by: Framer (see section 1)

Privacy: https://developers.google.com/fonts/faq/privacy?hl=de

Legal basis: Legitimate interest

8. To whom are the data disclosed

In the course of our business activities, we may disclose your personal data to third parties (such as affiliated companies, authorities, medical professionals, suppliers, assistants, in particular self-employed specialists and other business partners as well as other persons) and to service providers who process data on our behalf (e.g. IT providers), in accordance with the principle of necessity or your explicit consent, for the purposes described and where appropriate. We may also be required to disclose your personal data in order to comply with legal or official requirements. The recipients may be located in Switzerland, the EU or any other country in the world.

If we transfer data to a country without an adequate statutory level of data protection, we ensure an appropriate level of protection as required by law (in particular on the basis of SCC or DPA) or rely on the statutory exceptions of consent, contract performance, establishment, exercise or enforcement of project-related claims, or overriding public interests. 

9. How and for how long do we store the data

The personal data we collect is stored only for as long as is necessary for the processing of the contractual relationship (from the initiation of the business relationship to the termination of a contract or the duration of treatment) or for the other purposes pursued with the processing, or where there is a statutory retention and documentation obligation or an overriding private or public interest, or where storage is technically required (e.g. in the case of backups or document management systems). As soon as the personal data we collect is no longer required for the above-mentioned purposes, it is deleted or anonymised in accordance with our usual procedures and in line with our retention practices and applicable law.

10. Where is the data stored

General information on the storage location of data

Depending on the extent of your interactions with our offerings, your personal data may be stored or accessed in several countries. Whenever we transfer personal data to other countries, we make every effort to ensure that the data is transferred in accordance with this privacy policy and the applicable data protection laws.

For visitors to our website

Your data is stored, in accordance with the services used and the configurations applied, and based on the principle of necessity, at the locations of our external data processors mentioned above.

For business partners, third parties

Your data is partly stored at the locations of our external data processors mentioned above and, in particular, internally by us. 

11. What personal rights do you have

Under Swiss law, you have the following rights:

• Right of access
  To request information on whether we have stored personal data about you, and to request copies of that personal data as well as information on how it is processed;

• Right to rectification
  Right to have inaccurate personal data about you corrected;

• Right to erasure
  Right to request the deletion of personal data about you that is no longer necessary for the purposes underlying the processing and that is processed on the basis of a revoked consent or in violation of applicable legal provisions;

• Restriction of processing
  Right to ask us to restrict the processing of your personal data if the processing is inappropriate, and to object to the processing of personal data;

• Right to data portability
  Right to request the transferability of personal data you have provided to us;

If you wish, you can contact the contact address we have communicated at any time. It may take up to 30 days for us to respond to your request.

If you have consented to the processing of your personal data for a specific purpose, you can withdraw your consent at any time, and we will cease further processing of your data for that purpose.

Complaints and supervisory authority

If you believe that we have not responded to your complaints or concerns, you have the right to lodge a complaint with the competent data protection authority.

12. Additional provisions

Reservation of the right to amend

This privacy policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the currently valid version.

Legal validity, applicable language

If we also provide data protection provisions in languages other than German, these are generally machine-translated; these non-German versions of the privacy policy are made available to our users for information purposes only and for better understanding. Only the German-language privacy policy is legally valid.