Berit Klinik AG, Privacy Policy

 

Privacy Policy

the

Berit Klinik AG, Speicher AR

1. What is this about?

In this privacy policy, we explain, Berit Klinik AG (hereinafter also Berit Klinikwe or us), how we collect and otherwise process personal data when you visit our websites beritklinik.ch visit us, use our treatment services, or purchase our products; when we enter into or conduct a business relationship with you as a business partner or with your employer; or when you otherwise have dealings with us.

Under certain circumstances, additional privacy policies or other legal documents—such as individual patient agreements, general terms and conditions, or terms of use or participation—may apply; therefore, this document does not constitute an exhaustive description of our data processing practices in all cases.

Under Personal Data "Personal data" refers to any information relating to an identified or identifiable individual. Edit covers all handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, collection, acquisition, deletion, storage, modification, destruction, and use of personal data.

If you provide us with personal data belonging to other individuals (e.g., data from employees or family members), we assume that you have ensured that these individuals are familiar with this Privacy Policy, that their personal data is accurate, and that you are only sharing their personal data with us if you are authorized to do so.

We are generally subject to Swiss data protection law, which is why this privacy policy is primarily based on the Swiss Data Protection Act (DSG) applies. However, whether the EU General Data Protection Regulation (GDPR) or other applicable data protection laws.

2. Who is responsible?

The entity responsible for the data processing described here is Berit Klinik AG, AR storage, unless otherwise specified in individual cases.

If you have any data protection concerns, please feel free to direct them to the following contact address:

Berit Klinik AG

Vögelinsegg 5

9042 Speicher AR

reto.mueller@klinik.ch

 

3. How do we collect your data?

In general, we process personal data that we receive from our clients and other business partners (in particular external physicians/medical practices, laboratories, health centers, hospitals, suppliers, etc.) from them and other involved parties (e.g., family members), or that we collect from users while operating our website and other applications—particularly when interacting with our profiles on social media platforms.

We may also obtain certain data from publicly available sources (e.g., debt collection or commercial registers, the press, the Internet) or receive such data from our business partners, government agencies, and other third parties (such as credit bureaus).

4. What data do we process?

We process the data that you provide to us directly in connection with the use of our offerings and services as well as our business relationship—for example, via a patient form (e.g., personal information, contact details, insurance information, details regarding contact persons, etc.), that you provide to us during treatment or in informational consultations (e.g., health data), or that arise from the treatment (e.g., additional health data such as medical histories, diagnoses, therapies, or findings) or in connection with the handling of other non-treatment-related business relationships (e.g., any contractual data). We also process data you provide to us in connection with a job application.

In addition to this data, the categories of personal data that we may collect from third parties

About you as Patient received, in particular

  • Information about your health that we may receive from your treating physicians, therapists, or other healthcare professionals, laboratories, or from other business partners of ours;
  • Information about you provided to us by people in your circle (family/relatives, employers, advisors, legal representatives, etc.) so that we can conclude or process the treatment agreement with you or with your involvement (e.g., important information about your health, references, contact information, powers of attorney, details from banks, insurance companies, etc.);
  • Information from public records and credit reports;
  • Information we may receive in connection with administrative or judicial proceedings;

About you as our Business Partners or contact persons at our business partners or Applicants collect or obtain, in particular

  • Information related to your professional roles and activities (so that we can, for example, conclude and process business transactions with your employer with your assistance);
  • Information about you in correspondence and meetings with third parties;
  • Information about you provided to us by people in your network (employers, consultants, legal representatives, etc.) so that we can conclude or fulfill a contract with you or involving you (e.g., references, shipping addresses, powers of attorney, information from banks, insurance companies, distributors, and other contractual partners of ours regarding your use of or provision of services (e.g., payments made, purchases made));
  • Information from public records and credit reports (to the extent that we conduct business with you personally);
  • Information we may receive in connection with administrative or judicial proceedings;
  • Personal information about you from media and the internet (to the extent this is appropriate in a specific case, e.g., in the context of a job application, press review, marketing/sales, etc.), your addresses, and, if applicable, interests and other sociodemographic data (for marketing);

About you as our Visitors to our websites

  • Information and data related to the use of the website or the social media platforms we use (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, features used, referring website, location data).

5. Why do we process your data, and on what legal basis?

When we process personal data, our primary focus is on entering into and fulfilling our contracts with our patients and business partners. This applies in particular to processing within the scope of the treatment agreement with our patients, but also to other contractual relationships with our business partners and the purchase of products and services from our suppliers and subcontractors (to the extent that the GDPR applies, this falls under Art. 6(1)(b) of the GDPR). In this context, we process your data in particular to,

  • to enter into our treatment agreement with you, to fulfill the associated obligations, and to handle the administrative aspects of the agreement (in particular, billing through health insurance and accident insurance);
  • to enter into and fulfill other contractual relationships (e.g., delivery contracts) with you;
  • to communicate with you;
  • [Description of additional primary purposes in fulfillment of a contract (secondary purposes are listed below)]

Your personal data may also be affected if you are a relative or contact person of one of our patients, or if you work on behalf of one of our patients or business partners (to the extent that the GDPR applies, this falls under Article 6(1)(f) of the GDPR). In these cases, our legitimate interest is to manage the treatment or other business relationship in the best possible and most efficient manner. We must also process certain data to comply with our legal obligations both domestically and abroad (where the GDPR applies, this falls under Article 6(1)(c) of the GDPR).

In addition, we process personal data, to the extent permitted and as we deem appropriate, for the following purposes, in which we (and in certain cases also third parties) have a legitimate interest commensurate with the purpose (to the extent that the GDPR applies, this concerns Art. 6(1)(f) GDPR):

  • Offering and further developing our treatments, services, or other offerings and websites, as well as other platforms on which we are present;
  • Communication with third parties and processing their inquiries (e.g., job applications, government agencies, insurance companies, media inquiries, etc.);
  • Review and optimization of procedures for needs analysis for the purpose of directly approaching patients, as well as the collection of personal data from publicly available sources for the purpose of acquisition;
  • Advertising and marketing (including the organization of events), provided you have not objected to the use of your data (if we send you advertising, you can object at any time; we will then place you on a block list to prevent further promotional communications);
  • Statistical purposes, market and opinion research, media monitoring;
  • Assertion of legal claims and defense in connection with legal disputes and regulatory proceedings;
  • Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention);
  • Guarantees regarding our operations, in particular our IT systems, websites, and other platforms;
  • Video surveillance to enforce property rights and other measures for IT, building, and facility security, as well as the protection of our employees, other individuals, and assets belonging to or entrusted to us (such as access controls);
  • The purchase and sale of business units, companies, or parts of companies, and other corporate transactions, as well as the associated transfer of personal data; measures for business management; and compliance with legal and regulatory obligations and internal policies of the Berit Klinik.

To the extent that you have given us consent to process your personal data for specific purposes (for example, when communicating with you via an unsecured email channel; sharing your patient data with other doctors, therapists, healthcare professionals, insurance companies, etc.; your subscription to newsletters), we process your personal data within the scope of and based on this consent, provided we have no other legal basis and such a basis is required (where the GDPR applies, this concerns Art. 6(1)(a) of the GDPR). Consent may be revoked at any time; however, this has no effect on data processing that has already taken place.

6. What happens to your data that is collected or processed in connection with the use of our website or social media platforms?

On our websites, we use “cookies” and similar technologies that can be used to identify your browser or device.

Cookies are text files that are stored on your device (PC, laptop, tablet, or smartphone). These text files are downloaded by your browser the first time you visit our website. When you visit a website again using the same device or browser, the cookie and the information stored in it are either sent back to the website that created it (so-called First-party cookie) or sent to another website to which it belongs (so-called Third-Party Cookies). As a result, the website recognizes that this pertains to the same user and adjusts the display of content on the website. In addition to cookies that are used only during a session and deleted after your visit to the website (so-called Session Cookies), cookies may also be used to store user settings and other information for a specific period of time (e.g., two years) (so-called Persistent cookies).

You generally have the option to configure your browser to reject cookies, store them only for a single session, or delete them early. Most browsers are set by default to accept cookies. We use persistent cookies to save your user settings (e.g., language, auto-login) so that we can better understand how you use our services and content. Some of these cookies are set by us, while others are set by business partners with whom we collaborate. If you block cookies, certain features (such as language selection) may no longer function.

We occasionally use on our websites Google Analytics or comparable services. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland); Google Ireland relies on Google LLC (based in the U.S.) as a data processor (both “Google”), www.google.com), which allows us to measure and analyze website usage (non-personally identifiable). For this purpose, persistent cookies set by the service provider are also used. We have configured the service so that visitors’ IP addresses are truncated by Google in Europe before being forwarded to the U.S., thereby preventing them from being traced. We have disabled the “Data Sharing” and “Signal” settings. Although we can assume that the information we share with Google does not constitute personal data for Google, it is possible that Google may use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles, and link this data to these individuals’ Google accounts. If you have registered with the service provider yourself, the service provider also knows who you are. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its privacy policy. The service provider merely informs us about how our respective website is used (no information about you personally).

On our website, we also have so-called Plug-ins from social networks such as Instagram. This is indicated by the corresponding icons. We have configured these elements so that they are disabled by default. By clicking on them, you activate them, and the operators of the respective social networks can record that you are on our website and, under certain circumstances, from where it is being accessed. The operators of the respective social networks may record that you are on our website and, under certain circumstances, from where it is being accessed. This information may be used by the network operators for their own purposes. The processing of your personal data is then the responsibility of that network operator, and its privacy policy applies. We generally do not receive any information about you from the network operators.

In addition to the plug-ins on the website, we are also active on these social networks to inform interested parties about our offerings and, if necessary, to communicate with them. If you interact with our profiles on these social networks, we may process certain personal data about you. However, when using these social networks, the respective general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the individual network operators also apply.

7. To whom do we disclose your data?

As part of our business operations and for the purposes specified in Section 5, we may also disclose your data to third parties to the extent permitted and as we deem appropriate. This disclosure occurs either because these recipients process the data on our behalf (so-called Data Processor) or because they wish to use them for their own purposes. This refers to

at Patients specifically the following categories of recipients:

  • Your treating affiliated physicians and other external healthcare professionals
  • Laboratories, institutes such as radiology departments or hospitals, clinics
  • Your relatives or family members;
  • Your insurance policies, such as health insurance or accident insurance;
  • other service providers we use (such as banks or payment service providers, insurance companies, legal advisors, etc.), including data processors (such as IT and storage providers);
  • domestic and foreign authorities (e.g., cantonal medical services, health departments), government agencies, or courts;
  • Purchasers or parties interested in acquiring business units, companies, or other parts of the company;
  • other parties in potential or actual legal proceedings.

at Business partners, applicants, website visitors and other individuals associated with us, in particular the following categories of recipients:

  • other service providers we use (such as trustees, printing companies, banks, payment service providers, insurance companies, legal advisors, etc.), including data processors (such as IT and storage providers);
  • Laboratories, health centers, retailers, suppliers, subcontractors, and other business partners;
  • Patients;
  • domestic and foreign authorities, government agencies, or courts;
  • Media;
  • The general public, including visitors to websites and social media;
  • Competitors, industry organizations, associations, organizations, and other bodies;
  • Purchasers or parties interested in acquiring business units, companies, or other parts of the company;
  • other parties in potential or actual legal proceedings;

These recipients are generally located in Switzerland and the European Economic Area (EEA), but may also be located anywhere in the world. With the exception of your health data, you should expect your data to be transferred to all countries where the service providers we use are located (such as Microsoft and Google).

If a recipient is located in a country without adequate legal data protection, we will contractually oblige the recipient to comply with applicable data protection laws (for this purpose, we use the European Commission’s revised Standard Contractual Clauses, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? are available), unless it is already subject to a legally recognized framework for ensuring data protection and we cannot rely on an exception provision. An exception may apply, in particular, in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent, or if the data in question has been made publicly available by you and you have not objected to its processing.

8. Data sharing in connection with the use of AI-powered documentation tools?

To support medical documentation, our treating physicians and therapists may use AI-powered documentation tools. These tools transcribe clinical conversations in real time and use them to generate drafts for medical documentation. Medical responsibility and control over the content of the documentation remain entirely with the treating professional.

When using the “Heidi” documentation tool (“Heidi,” operated by Heidi Health Ltd, United Kingdom (UK)), the following personal data is processed: spoken content from the consultation (including health data pursuant to Art. 5(c) of the Swiss Data Protection Act), name, date of birth, and other personal information mentioned during the conversation. The audio data is processed in real time and is not permanently stored. The transcripts and clinical notes generated are pseudonymized and de-identified and stored on servers within the European Economic Area (Frankfurt, Germany). Heidi Health Ltd is ISO 27001- and SOC 2-certified and uses encryption during transmission (TLS 1.2) and at rest (AES-256).

Use of Heidi requires your prior, explicit consent. You may revoke this consent at any time and without providing a reason, without this affecting your medical care. The legal basis for the processing of your personal data by this tool is your explicit consent (Art. 6, paras. 6 and 7 of the Swiss Data Protection Act [DSG]; where the GDPR applies: Art. 9, para. 2(a) of the GDPR). For more information on data protection at Heidi, please visit www.heidihealth.com/de-de/legal/privacy-policy .

9. How long do we retain your data?

We will process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or for the purposes otherwise pursued by the processing (e.g., as long as you are interested in our newsletters and have not unsubscribed). For example, we process your personal data for the duration of the entire business relationship (from the initiation and execution of a contract through to its termination) and beyond, in accordance with statutory retention and documentation requirements. In this context, personal data may be retained for the period during which claims can be asserted against our company and to the extent that we are otherwise legally obligated to do so or legitimate business interests require it (e.g., for evidentiary and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized, to the extent possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less generally apply.

10. How do we protect your data?

We take appropriate technical and organizational measures to protect your personal data. This includes, in particular, protection against unauthorized access and misuse, such as the issuance of guidelines, training, IT and network security solutions, access controls and restrictions, encryption of data storage media and transmissions, pseudonymization, audits, etc.

Despite these security measures we have taken, the processing of personal data—especially when using the Internet—always involves certain risks and security vulnerabilities; therefore, absolute data security cannot be guaranteed.

11. Why do you need to provide us with certain data?

Without certain personal data, it is generally not possible for us to enter into or fulfill the contractual relationship with you or the entity or person you represent, nor to fulfill our contractual or, in some cases, legal obligations. Therefore, we rely on you to provide us with certain personal data necessary for establishing and carrying out our contractual relationship and fulfilling the associated contractual obligations. Furthermore, the website cannot be used if certain information required to ensure data transmission (such as an IP address) is not disclosed.

12. What rights do you have regarding your data?

Under the data protection law applicable to you and to the extent provided for therein (such as under the GDPR), you have the right to InformationCorrectionDeletion, the right to Restriction data processing as well as the Objection object to our data processing. Further legitimate interests in the processing as well as Publication of certain personal data for the purpose of transferring it to another entity.

Please note, however, that we subject to changeWe reserve the right to invoke the restrictions provided for by law, for example, if we are obligated to retain or process certain data, have an overriding interest in doing so (to the extent we are permitted to invoke such an interest), or require it to assert claims.

If you incur any costs, we will inform you in advance. We have already provided information regarding the option to revoke your consent in Section 5. Please note that exercising these rights may conflict with contractual agreements and may result in consequences such as early termination of the contract or financial penalties. In such cases, we will inform you in advance, unless this is already regulated by contract.

If you wish to exercise such rights, we must verify your identity—for example, by requesting a copy of your ID—unless your identity can be clearly established by other means.

To exercise your rights, you may contact us at the address provided in Section 1.

In addition to exercising these rights directly with us, every data subject generally has the right to enforce their claims in court or to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (abbreviated as FDPIC): http://www.edoeb.admin.ch.

13. What else you should know…

We may amend and supplement this Privacy Policy at any time without prior notice. The most current version published on our website applies. To the extent that the Privacy Policy is part of an agreement with you, we will notify you of any changes via email or by other appropriate means, in particular by publishing the update on our website.

As of March 24, 2026

Terms and Conditions for Instagram Contests


Participation: Eligible to participate are individuals aged 16 and older who reside in Switzerland or Liechtenstein. Participants must have an Instagram profile and follow the relevant accounts.

Prize: Tickets to an FC St. Gallen 1879 home game at the Berit Sitterstadion. The prize is non-transferable and cannot be redeemed for cash.

Entry deadline: As per the respective post

Drawing: The winner will be selected at random after the entry deadline and contacted via Instagram Direct Message. If the winner does not respond within 24 hours, a new winner will be selected.

Legal recourse: Legal recourse is excluded. There is no entitlement to a cash payout or exchange of the prize.

Note: This promotion is not affiliated with Instagram/Meta and is in no way sponsored, endorsed, or organized by Instagram/Meta.

Privacy Policy: The data collected as part of the giveaway (Instagram username, contact information for ticket delivery if applicable) will be used exclusively for the purpose of conducting the giveaway and will not be shared with third parties. The winner is available for photos.