Data protection

Berit Klinik AG, Privacy Policy

 

Privacy policy

der

Berit Klinik AG, Speicher AR

1. What is it about?

In this privacy policy, we explain Berit Klinik AG (hereinafter also Berit Clinicwe or us), how we collect and otherwise process personal data when you use our websites beritklinik.ch visit our website, use our treatment services, or purchase our products, if we enter into or conduct a business relationship with you as a business partner or your employer, or if you deal with us in any other way.

Under certain circumstances, additional privacy policies or other legal documents such as individual patient agreements, general terms and conditions, terms of use, or terms of participation may apply, which is why this is not a conclusive description of our data processing in all cases.

Under Personal data means all information relating to an identified or identifiable person. Edit covers all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, saving, modification, destruction, and use of personal data.

If you provide us with personal data of other persons (e.g., data of employees or family members), we assume that you have ensured that these persons are aware of this privacy policy, that this personal data is correct, and that you will only provide us with their personal data if you are authorized to do so.

We are generally subject to Swiss data protection law, which is why this privacy policy is primarily based on the Swiss Data Protection Act (DSG). However, it depends on the specific individual case whether the EU General Data Protection Regulation (GDPR) or other data protection laws would apply.

2. Who is responsible?

The company responsible for the data processing described here is Berit Klinik AG, Speicher AR, unless otherwise specified in individual cases.

If you have any concerns regarding data protection, please feel free to contact us at the following address:

Berit Klinik AG

Vögelinsegg 5

9042 Speicher AR

reto.mueller@klinik.ch

 

3. How do we collect your data?

We generally process personal data that we receive from our clients and other business partners (in particular external doctors/medical practices, laboratories, health centers, hospitals, suppliers, etc.) from them and other persons involved (e.g., relatives) or which we collect from users when operating our website and other applications, in particular when interacting with our profiles on social networks.

We may also obtain certain data from publicly available sources (e.g., debt collection or commercial registers, the press, the Internet) or receive such data from our business partners, authorities, and other third parties (such as credit agencies).

4. What data do we process?

We process the data that you provide to us directly in connection with the use of our offers and services as well as our business relationship, e.g., by means of a patient form (e.g., personal details, contact details, insurance details, contact person details, etc.) you provide to us in the course of treatment or in informational discussions (e.g., health data), or which result from treatment (e.g., further health data, such as medical histories, diagnoses, therapies, or findings) or in connection with the handling of other non-treatment-related business relationships (e.g., any contract data). We also process data that you provide to us in connection with a job application.

In addition to this data, the categories of personal data that we may collect from third parties include

about you as Patient receive, in particular

  • Information about your health, which we may receive from your treating physicians, therapists, or other healthcare professionals, laboratories, or other business partners;
  • Information about you that is provided to us by people in your environment (family/relatives, employers, advisors, legal representatives, etc.) so that we can conclude or process the treatment contract with you or with your involvement (e.g., important information about your health, references, contact details, powers of attorney, information from banks, insurance companies, etc.);
  • Information from public registers and credit reports;
  • Information that we may obtain in connection with official and legal proceedings;

about you as our Business partners or contact person of our business partners or Applicants receive or collect, in particular

  • Information related to your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help);
  • Information about you in correspondence and meetings with third parties;
  • Information about you provided to us by people in your environment (employers, consultants, legal representatives, etc.) so that we can conclude or execute the contract with you or with your involvement (e.g., references, delivery addresses, powers of attorney, information from banks, insurance companies, distributors, and other contractual partners of ours for the use or provision of services by you (e.g., payments made, purchases made));
  • Information from public registers and credit reports (if we do business with you personally);
  • Information that we may obtain in connection with official and legal proceedings;
  • Information about you from media and the internet (if appropriate in specific cases, e.g., in the context of a job application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other sociodemographic data (for marketing);

about you as our Visitors to our websites

  • Information and data in connection with the use of the website or the social media we use (e.g., IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content accessed, functions used, referring website, location information).

5. Why do we process your data and on what legal basis?

When we process personal data, our main concern is to conclude and execute our contracts with our patients and business partners. This applies in particular to processing within the framework of the treatment contract with our patients, but also to other contractual relationships with our business partners and the purchase of products and services from our suppliers and subcontractors (insofar as the GDPR is applicable, this concerns Art. 6 (1) (b) GDPR). In this context, we process your data in particular in order to

  • to conclude our treatment contract with you, to fulfill the associated obligations, and to process the contract administratively (in particular, billing via health insurance companies and accident insurance);
  • to conclude and execute other contractual relationships (e.g., delivery contracts) with you;
  • to communicate with you;
  • [Description of other main purposes in fulfillment of a contract (secondary purposes are listed below)]

Your personal data may also be affected if you are a relative or contact person of one of our patients or if you work for one of our patients or business partners (insofar as the GDPR is applicable, this concerns Art. 6 (1) (f) GDPR). In these cases, our legitimate interest is to handle the treatment or other business relationship in the best possible and most efficient way. We also have to process certain data in order to comply with our legal obligations at home and abroad (insofar as the GDPR applies, this concerns Art. 6 (1) (c) GDPR).

In addition, we process personal data, to the extent permitted and as we deem appropriate, for the following purposes in which we (and in certain cases also third parties) have a legitimate interest (insofar as the GDPR is applicable, this concerns Art. 6 (1) (f) GDPR):

  • Offer and further development of our treatments, services, or other offers and websites, as well as other platforms on which we are present;
  • Communication with third parties and processing of their inquiries (e.g., job applications, authorities, insurance companies, media inquiries, etc.);
  • Review and optimization of procedures for needs analysis for the purpose of direct patient contact and collection of personal data from publicly available sources for the purpose of acquisition;
  • Advertising and marketing (including the organization of events), provided you have not objected to the use of your data (if we send you advertising, you can object to this at any time, and we will then place you on a block list to prevent further advertising mailings);
  • Statistical purposes, market and opinion research, media monitoring;
  • Assertion of legal claims and defense in connection with legal disputes and official proceedings;
  • Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • Warranties of our operations, in particular IT, our websites, and other platforms;
  • Video surveillance to protect our property rights and other measures for IT, building, and facility security and the protection of our employees and other persons and assets belonging to us or entrusted to us (such as access controls);
  • Purchase and sale of business areas, companies or parts of companies and other corporate transactions and the associated transfer of personal data, as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of the Berit Clinic.

If you have given us your consent to process your personal data for specific purposes (for example, when communicating with you via an unprotected email channel; passing on your patient data to other doctors, therapists, healthcare professionals, insurance companies, etc.; your registration to receive newsletters), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we need one (insofar as the GDPR applies, this concerns Art. 6 (1) (a) GDPR). Consent that has been given can be revoked at any time, but this has no effect on data processing that has already taken place.

6. What happens to your data that is collected or processed in connection with the use of our website/social networks?

We use "cookies" and similar technologies on our websites to identify your browser or device.

Cookies Cookies are text files that are stored on your device (PC, laptop, tablet, or smartphone). These text files are downloaded by your browser when you first visit our website. When you visit a website again with the same device or browser, the cookie and the information stored in it are either sent back to the website that created it (so-called First-party cookie) or to another website to which it belongs (so-called Third-party cookies). As a result, the website recognizes that this concerns the same user and adjusts the display of content on the website. In addition to cookies that are only used during a session and are deleted after your visit to the website (so-called Session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g., two years) (so-called Permanent cookies).

You have the option of setting your browser to reject cookies, store them only for a session, or delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to save user settings (e.g., language, autologin) so that we can better understand how you use our offers and content. Some of the cookies are set by us, some by contractual partners with whom we work. If you block cookies, certain functions (such as language selection) may no longer work.

We sometimes use Google Analytics or comparable services. This is a service provided by third parties who may be located in any country in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland), Google Ireland relies on Google LLC (based in the USA) as a processor (both "Google"), www.google.com), which we use to measure and evaluate the use of the website (not personally identifiable). Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that the IP addresses of Google visitors in Europe are truncated before being forwarded to the US and cannot therefore be traced. We have disabled the "data sharing" and "signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google may use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles, and link this data to the Google accounts of these individuals. If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us how our respective website is used (no information about you personally).

We also have so-called Plug-ins from social networks such as Instagram. This can be recognized by the corresponding symbols. We have configured these elements so that they are deactivated by default. By clicking on them, they are activated and the operators of the respective social networks can register that you are on our website and, under certain circumstances, from where you are accessing it. The operators of the respective social networks can register that you are on our website and, under certain circumstances, where you are accessing it from. This information can be used by the network operators for their own purposes. The processing of your personal data is then the responsibility of this network operator and its data protection provisions apply. We do not receive any information about you from the network operators.

In addition to the plug-ins on the website, we are also present on these social networks in order to inform interested parties about our offerings and, if necessary, to communicate with them. If you interact with our profiles on these social networks, we may process certain personal data about you. However, when using these social networks, the general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual network operators also apply.

7. Who do we share your data with?

Within the scope of our business activities and the purposes specified in section 5, we may also disclose your data to third parties, insofar as this is permitted and appears appropriate to us. This disclosure takes place either because these recipients process the data for us (so-called Order processor) or because they want to use it for their own purposes. These are

at Patients in particular the following categories of recipients:

  • Your attending physicians, other external healthcare professionals
  • Laboratories, institutes such as radiology or hospitals, clinics
  • Your relatives or family members;
  • Your insurance policies, such as health insurance or accident insurance;
  • other service providers of ours (such as banks or payment service providers, insurance companies, legal advisors, etc.), including order processors (such as IT and storage providers);
  • domestic and foreign authorities (e.g., cantonal medical services, health departments), government agencies, or courts;
  • Purchasers or prospective purchasers of business areas, companies, or other parts of the company;
  • other parties in potential or actual legal proceedings.

at Business partners, applicants, website visitors and other persons who have dealings with us, in particular the following categories of recipients:

  • other service providers of ours (such as trustees, printers, banks or payment service providers, insurance companies, legal advisors, etc.), including order processors (such as IT and storage providers);
  • Laboratories, health centers, distributors, suppliers, subcontractors, and other business partners;
  • Patients;
  • Domestic and foreign authorities, official bodies, or courts;
  • Media;
  • The public, including visitors to websites and social media;
  • Competitors, industry organizations, associations, organizations, and other committees;
  • Purchasers or prospective purchasers of business areas, companies, or other parts of the company;
  • other parties in potential or actual legal proceedings;

These recipients are generally located in Switzerland and the European Economic Area (EEA), but may also be located anywhere in the world. With the exception of your health data, you must expect your data to be transferred to all countries in which the service providers we use are located (such as Microsoft, Google).

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection regulations (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? available), unless it is already subject to a legally recognized set of rules for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interest or if the execution of a contract requires such disclosure, if you have consented to it, or if it concerns data that you have made generally accessible and to the processing of which you have not objected.

8. How long do we store your data?

We process and store your personal data for as long as is necessary to fulfill our contractual and legal obligations or for other purposes pursued with the processing (e.g., as long as you are interested in our newsletters and do not unsubscribe from them). For example, we process your personal data for the duration of the entire business relationship (from the initiation and execution to the termination of a contract) and beyond, in accordance with the statutory storage and documentation obligations. In doing so, it is possible that personal data may be retained for the period during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and as far as possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less generally apply.

9. How do we protect your data?

We take appropriate technical and organizational measures to protect your personal data. This applies in particular to protection against unauthorized access and misuse, such as the issuance of instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls, etc.

Despite the security measures we have taken, the processing of personal data, especially when using the Internet, always involves certain risks and security gaps – absolute data security cannot therefore be guaranteed.

10. Why do you have to provide us with certain data?

Without certain personal data, it is generally not possible for us to establish or execute the contractual relationship with you or the entity or person you represent, or to fulfill our contractual or, in some cases, legal obligations. We therefore rely on you to provide us with certain personal data that is necessary for the establishment and execution of our contractual relationship and the fulfillment of the associated contractual obligations. The website cannot be used either if certain information required to ensure data traffic (such as your IP address) is not disclosed.

11. What rights do you have in relation to your data?

Within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to InformationCorrectionDeletion, the right to Restriction of data processing and the Objection against our data processing. Further legitimate interests in the processing as well as on Publication certain personal data for the purpose of transferring it to another location.

Please note, however, that we reserved, to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are permitted to invoke this) or need it to assert claims.

If you incur any costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in section 5. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost implications. In this case, we will inform you in advance if this is not already regulated in the contract.

If you wish to exercise such rights, we must identify you accordingly, for example by means of a copy of your ID, unless your identity can be clearly identified in another way.

To assert your rights, you can contact us at the address given in section 1.

In addition to asserting these rights directly with us, every data subject has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (abbreviated to EDÖB): http://www.edoeb.admin.ch.

12. What else you should know...

We may amend and supplement this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any changes by email or other suitable means, in particular by publishing them on our website.

As of September 1, 2023