Valid from 31 August 2023
We, SGBG Suisse General Biomedical Group SA, based in Lugano, Switzerland, are committed to protecting your privacy and continuously improving the services we offer you. This Information Security and Privacy Statement applies to the websites of SGBG Suisse General Biomedical Group SA and its clinics and the online portals contained therein (hereinafter portal, website, we or us).
We are subject to Swiss and, where applicable, international regulations. Accordingly, we observe internationally recognized principles to ensure data protection and data security. In particular, this declaration informs you about how we collect personal data that becomes available to us via the website, for what purposes it is used, to whom it may be disclosed and what your rights are in connection with the use of your personal data by us.
Who is responsible for your personal data
Personal data is any information relating to an identified or identifiable natural or legal person, e.g. surname, first name, address, e-mail, date of birth in combination with postcode or telephone number. The responsible party within the meaning of data protection legislation is SGBG Suisse General Biomedical Group SA, Piazza Dante n.7 – 6900 Lugano, e-mail: firstname.lastname@example.org.
How we process personal data
Which personal data do we collect for which processing purposes?
Personal data automatically transmitted via the use of the portal.
SGBG Suisse General Biomedical Group SA collects and stores information that your browser automatically transmits to us in «server log files» when you visit our website. The data collection is based on your will and interest to visit our website and our legitimate interests to operate the website.
This may include the following data:
- Browser type and version;
- Operating systems used;
- Referrer URL (the previously visited website);
- Host name of the accessing computer;
- Date and time of the server request;
- Internet Protocol address (IP address);
- Amount of data transferred;
- Other similar data and information that serve to avert danger in the event of attacks on our IT systems.
This personal data is not merged with other personal data and is stored separately from any other personal data transmitted by the user. They are deleted by us after three months at the latest.
SGBG Suisse General Biomedical Group SA uses the personal data collected automatically to fulfil the following purposes:
- Enable the display, operation and functionality of the portal;
- Ensure the stability and security of the system;
- To improve and protect our services;
- For statistical purposes in the event of attacks on the network infrastructure on which the website is provided
Personal data that the user transmits to us
SGBG Suisse General Biomedical Group SA collects and processes personal data that the user voluntarily transmits to us by means of an online form directly on the portal, via our contact e-mail address, via any other applications linked to the portal, by telephone or in any other way. This information includes, for example, the following personal data:
- Surnames, first names, postal addresses, e-mail address, telephone number, date of birth, gender;
- Your message or your request.
The provision of this personal data is solely on a voluntary basis. Without this personal data, however, we will not be able to provide the services requested by the user in the desired quality or at all.
SGBG Suisse General Biomedical Group SA uses the personal data provided by the user to fulfil the following purposes:
- provide, maintain, protect and optimize the services and information offered,
- communicate with you and provide you with the best possible and personalized information you need from us (e.g. about our products and services),
- to offer you new services and information and, based on your profile, to suggest services and information tailored to you that may be of interest to you,
- to comply with legal or other regulatory requirements and internal regulations,
- for the establishment, exercise and/or defense of actual or potential legal claims, investigations or similar proceedings,
- for other legitimate purposes, if this processing results from the circumstances or was indicated at the time of collection.
On what legal basis do we process personal data about you
The processing of this personal data is based on the following legal bases:
- your consent, only if it can be revoked at any time (e.g. when you sign up for our newsletter and other marketing communications),
- for the performance of a contract with you or for the intention to conclude a contract with you (e.g. when applying on our application portal, when booking an appointment),
- to comply with a legal obligation (e.g. for tax reasons or for the purpose of judicial investigations or proceedings) or
- to protect our legitimate interests (e.g. protection and security of our services, systems, and assets; compliance with legal, regulatory and contractual obligations; assertion, exercise or defense of legal claims; maintenance and efficient organization of business operations; improvement and development of our services; and sale and marketing of our services).
If the processing is based on your consent or our legitimate interests, you can withdraw consent or object to this processing at any time by contacting us directly at email@example.com. Please note, however, that the withdrawal of your consent does not affect the lawfulness of the processing based on the consent prior to its withdrawal.
Whom do we share your personal data with
SGBG Suisse General Biomedical Group SA takes the necessary measures to ensure that only our authorised personnel and auxiliaries who have the necessary knowledge have access to your personal data in order to fulfil the purposes for which your personal data was collected.
We may disclose your personal data to the following possible categories of recipients in accordance with the purposes and legal bases of processing described above, to the extent necessary for the intended data processing:
- Other companies in the group.
- Service providers who process personal data on behalf of and on the instructions of SGBG Suisse General Biomedical Group SA (so-called order processors, such as in the area of IT, hosting and support).
- Customers, partners, suppliers, insurers and other business partners.
- Marketing agencies, the public, including visitors to Group websites and social media.
- Industry organizations, associations and other bodies.
- Acquirers or parties interested in acquiring business units, companies or other parts of the Group.
- Courts, arbitration bodies, law enforcement agencies, regulatory authorities, lawyers and other parties in potential or actual legal proceedings, where necessary to comply with the law or to establish, exercise or defend rights or legal claims.
We select our partners and order processors carefully and only with sufficient assurance that they have appropriate technical and organizational measures in place in accordance with legal requirements. Our order processors can only process personal data on documented instructions from us. They are all subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected, unless otherwise required by law.
Transfer of personal data to countries outside the EEA
If data is transferred to countries that do not ensure an adequate level of protection, we ensure adequate data protection by taking appropriate safeguards, such as
contractual safeguards (e.g. based on EU standard clauses):
- based on binding corporate rules,
- transferring data in accordance with your explicit consent,
- for the conclusion or performance of a contract with you, or
- in connection with the establishment, exercise or enforcement of legal claims.
For more information about our reasonable security measures, please contact us by email at firstname.lastname@example.org.
How long do we keep information about you
In principle, personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, unless longer retention is necessary to fulfil legal obligations (e.g. retention and documentation obligations), contractual or pre-contractual obligations or justified business interests of us (e.g. to assert, exercise or defend legal claims).
On this basis, we generally process personal data in compliance with the following rules and obligations:
- The personal data automatically transmitted by you through the use of our portal for the purpose of displaying, operating and ensuring the functionality of the portal will be deleted within three months.
- The personal data you provide to us in connection with the use of our services and products offered on our portal or which you otherwise provide to us via the e-mail contact address will generally be stored by us until you request us to delete it, revoke your consent to its storage or the purpose for storing the data has ceased to exist (e.g. after processing your enquiry has been completed).
- For contract-related personal data (including business records and communications), we store personal data for as long as the contractual relationship exists and thereafter for a further ten years after termination of the contractual relationship, unless (i) a shorter or longer statutory retention obligation applies in the individual case, (ii) retention is required for reasons of evidence or for another valid reason under applicable law, or (iii) deletion of the data is required earlier (e.g. because the data is no longer required or we have to delete the relevant data).
When you access or use the website, we may place so-called cookies – small text files – or similar tools on your computer. We use these cookies to recognize you as a user of the website, to customize content, to improve the performance of the website and to enhance its usability.
Categories of cookies we use
Depending on their function and purpose, the cookies we use can be divided into the following categories: functional cookies, performance cookies and advertising cookies.
- Functional cookies: These cookies serve a variety of purposes for the presentation, functionality and performance of a website, and in particular to improve visitors’ experience and enjoyment of the website. They allow a website to remember information already provided (e.g. username, location or language selection) and provide visitors with enhanced, more personalized functionality. Functional cookies are used, for example, to remember things like your login details. These cookies cannot track your movement on other websites.
- Performance cookies: These cookies are used to collect information about how a website is used – for example, how visitors came to our website, which pages a visitor opens most often, how you navigated our website during your visit and whether you receive error messages from a page. We may also use these cookies to provide us with certain statistical and analytical information, such as how many visitors have come to our website. These cookies are used to monitor the level of activity on the website and to improve the performance of the website.
- Advertising cookies allow us or a third party vendor to serve ads on our website or on third party websites with products that the user likes, so that the ads the user sees may be more relevant to the user’s preferences or interests (sometimes called «targeting cookies»). They can also be used to evaluate the effectiveness of advertising and sales promotions.
These cookies may be placed by us or a third party on our behalf. For more information about cookies and their use, please visit: http://www.allaboutcookies.org/.
The legal basis for the data processing results from your consent (Art. 6 para. 1 lit. a DSGVO).
You can configure your browser settings so that no cookies are stored on your computer. Complete deactivation of cookies may mean that you cannot use all the functions of our website.
This website uses the Meta visitor action pixel for conversion measurement. The provider of this service is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.
In this way, the behaviour of page visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook or Instagram ad. This allows the effectiveness of the meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta data usage policy. This allows Meta to enable the placement of advertisements on pages of Meta as well as outside of Meta. This use of the data cannot be influenced by us as site operator.
The use of meta pixels is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. In Meta’s data protection information, you will find further information on protecting your privacy: https://de-de.facebook.com/about/privacy/. You can also deactivate the «Custom Audiences» remarketing function in the Ad Settings section at https://accountscenter.facebook.com/ad_preferences. You must be logged in to Facebook to do this. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook and Instagram on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
Social media networks
On our website you will find links to social media networks. These are not plugins provided by the social media network, which already transmit data to the provider when the page is loaded, without the user having any influence. The buttons to the social media networks merely provide a link to our presence on the social media network. No user data is transmitted from the website to the social media network.
When you call up a link to one of our social media profiles, a direct connection is established between your browser and the server of the social network concerned. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you call up a link to a network while you are logged into your account with the network in question, the content of our site may be linked to your profile with the network, which means that the network can assign your visit to our website directly to your user account. If you would like to prevent this, you should log out before clicking on the corresponding links. An assignment will take place in any case if you log in to the relevant network after clicking on the link.
Use of the contact form
You have the option of using a contact form for general enquiries in order to get in touch with us. For this purpose, we usually require the following information (mandatory *):
- First name*
- Phone number*
You also have the option of using a contact form for event enquiries in order to get in touch with us and find out about the organization of events. For this purpose, we usually require the following information (mandatory *):
- First name*
- Further data required depending on the event (hotel, parking, number of guests, date, address, telephone number)
We only use this data to be able to answer your contact request in the best possible and personalized way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 lit. b DSGVO for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO. The data will be deleted up to a maximum of 60 days after the event.
Online appointment booking
In order to make appointments with one of our doctors via our website, you have the possibility to use the booking system on the website. Appointments can be made online. The booking system is a software application integrated into our website which displays available resources (such as free appointments) and through which you can book directly online. In the process, personal data is usually also collected from you and stored.
Online map service
On our website we use the «Google Maps» service of Google LLC, 1600 Amphitheatre Parkway Mountain View California 94043 (USA).
This allows us to show you maps directly on the website and enables you to use the map function conveniently.
In order to be able to show you the maps, Google Maps uses your IP address when the Google Maps components are called up by the browser. This is kept in the memory of the web server for approx. 5 minutes to prevent DoS attacks. After that, it expires and is neither processed nor stored in any other way. Google LLC is therefore the recipient of data. However, it does not process the data for its own purposes, but exclusively on behalf of and on the instructions of the responsible body.
Videos from YouTube
We use the YouTube embedding function on our website, which enables us to display and play videos on our website. YouTube is a streaming service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter «Google»).
To protect your data, we use a so-called consent banner in connection with our embedded YouTube videos. With the help of this banner, we can prevent your data from being processed by YouTube not when you access the page on which the YouTube video is embedded, but only with your consent. In addition, we use the extended data protection mode on our website, which means that your viewed videos are neither used for personalizing your surfing on YouTube nor for personalizing advertising. When playing a video on our website, YouTube uses Local Storages. As part of this service, Google processes the IP address, browser and device information (e.g. the operating system), the referrer URL, as well as information about the videos viewed.
Google itself is responsible for the data processing described above. Please note that Google transmits the above information to Google servers in the USA (see chapter Data transmission to third countries). The data collection is carried out in accordance with § 25 para. 1 TTDSG, the downstream data processing in accordance with Art. 6 para. 1 lit. a DSGVO based on your express consent. You can revoke your consent at any time with effect for the future under the item «Cookies» at the end of our website.
You have the option of subscribing to our newsletter via our website. For this we need your e-mail address and your declaration that you agree to receive the newsletter. For verification purposes, the invitation to receive the newsletter will be sent to the e-mail you have provided. When you receive this e-mail, you have the option of finally agreeing to the terms and conditions and the newsletter provider and registering yourself via the sign-up form. For internal and external communication, we use the newsletter provider Mailchimp, a US company whose servers are located there. Mailchimp is certified by the EU-US Privacy Shield. This guarantees special protection rights for your data. However, we must point out that the protection of your data cannot be guaranteed according to the latest European data protection laws. Upon completion of the process, you will receive the newsletter. You can withdraw your given consent for the newsletter subscription at any time through the unsubscribe link in the newsletter or via the email address email@example.com. Your data related to the newsletter distribution will be subsequently deleted as soon as possible, unless we are required to retain it for longer due to legal requirements. You generally have the rights to information, correction, restriction, data portability, objection, deletion, and, in certain cases, the right to lodge a complaint with a competent supervisory authority.
For newsletter registration, we usually collect your email address and optionally your name to address you personally. Further details such as first name, last name, and interests can also be collected to better tailor the newsletter content to your needs.
No automated decisions including profiling with legal effect
We will not make any decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
SGBG Suisse General Biomedical Group SA has implemented organizational and technical measures to maintain the security of personal data and to protect it against unauthorized or unlawful processing, accidental loss, alteration, disclosure or access.
SGBG Suisse General Biomedical Group SA may use third parties as data processors to collect and process your personal data. The data processors we use will only process your personal data in accordance with our instructions and are required by law to take strict security precautions when handling personal data.
Unfortunately, the transmission of information over the Internet is not completely secure. Although we do our utmost to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. For this reason, you are always free to submit your personal data to us by other means, e.g. by telephone or by post. Once we have received your data, we apply strict procedures and stringent security measures to prevent unauthorized access.
Third-party privacy statements
Our website is not intended for children and we do not knowingly collect personal data from children under the age of 16 unless we have the express consent of their parents. If we are notified or otherwise learn that personal data of a child under 16 has been improperly collected, we will take all reasonable steps to delete that personal data.
What are your rights
You can request information from SGBG Suisse General Biomedical Group SA, with proof of your identity, as to whether personal data about you is being processed. In addition, you have the right to request the correction, destruction or restriction of personal data about yourself and to object to the processing of your personal data. Where processing is based on your consent or our legitimate interests, you may withdraw consent or object to such processing at any time by contacting us directly by email at firstname.lastname@example.org. In certain cases, you have the right to receive personal data generated by the use of online services in a structured, common and machine-readable format so that further use and transfer to any third party provider is possible.
Requests in this regard should be addressed to SGBG Suisse General Biomedical Group SA via the following e-mail address: email@example.com. SGBG Suisse General Biomedical Group SA reserves the right to limit your rights under applicable law and, for example, not to disclose comprehensive information or to delete personal data. Please note that even after a request to delete your personal data, we must retain it in whole or in part within the framework of legal and contractual retention obligations. Deletion of your personal data may result in you no longer being able to use our services.
If we reject your request or you are not satisfied with our processing, you are also entitled to lodge a complaint and appeal with the competent supervisory authority. The competent authority is the Federal Data Protection and Information Commissioner (FDPIC) in Bern (http://www.edoeb.admin.ch).
SGBG Suisse General Biomedical Group SA
Piazza Dante 7
SGBG Suisse General Biomedical Group SA reserves the right to adapt, supplement or otherwise change this personal data protection declaration at any time and without stating reasons. The current personal data protection statement as published on the portal shall apply.
Version: 31 August 2023