Privacy policy

Personal data that we collect on our website can be found in the section Website, social media and cookie information.

Version 2.1 from 23/07/2024

In this privacy policy, we, the Cardiance Clinic, provide information about the collection and processing of personal data. Personal data is any information relating to an identified or identifiable natural person. Please note that other data protection declarations, general terms and conditions, conditions of participation and similar documents regulate specific circumstances.

We take measures to ensure comprehensive data protection. These include commissioning a data protection officer, creating a processing directory, regularly training our employees in data protection and committing them to data protection. We also check our service providers carefully and conclude order processing contracts with them, carry out annual data security assessments, check data transfers abroad and obtain the necessary assurances.

 

1. Person responsible

The controller within the meaning of the Swiss Federal Act on Data Protection (FADP) for the data processing described here is

Cardiance Clinic
Zentrum Staldenbach 5/7
8808 Pfäffikon SZ

Our data protection officer is:

impunix AG – Data protection full service
Lagerhausstrasse 18, CH-8400 Winterthur
privacy@impunix.ch
www.impunix.ch

If you have any questions or concerns regarding data protection and the exercise of your rights, please contact this office.

 

2. Purpose of processing in the context of our services and offers

We obtain and process the personal data that we receive as part of our services, in particular from patients, relatives, visitors, interested parties, applicants, business partners and other persons involved, or that is collected during the operation of our website. The last section contains an overview of the categories of personal data used. If you provide us with information about other persons, please ensure that these persons have been informed in advance and that the data provided is correct.

The personal data collected is used to provide our services and offers. This includes, in particular, the care and treatment of patients with cardiovascular diseases who require comprehensive diagnostic and therapeutic care. External service providers may also be used to provide these services. Further information on data processing and its purposes can be found in the following sections.

2.1 Contact and communication

We process your data to process enquiries via the contact form, to provide information about our services and to arrange appointments and consultations.

2.2 Patient admission (incl. medical history)

During patient admission, we collect and store your master data and your medical history. This includes information such as name, address, date of birth, contact information and relevant health data. This data is necessary in order to be able to make an informed diagnosis and plan individualised treatment.

2.3 Patient care and medical services

We process your health data in order to carry out diagnostic examinations and therapeutic treatments. This includes the use of medical technologies and methods to effectively diagnose and treat your cardiovascular conditions. Your data is used to carry out individual preventive heart health programmes, make comprehensive diagnoses, offer consultations, carry out minimally invasive treatments and operations and facilitate rehabilitation programmes for longterm health.

2.4 Patient care and monitoring

Your data is used to carry out examinations and monitor vital parameters. It is also used to provide training and therapy rooms as well as recovery rooms for patients after operations.

2.5 Counselling and information events

We use your data to give talks, offer nutritional advice, organise activities such as cooking together and to offer advice and support in stopping smoking and stress management.

2.6 Emergency care

Your data will be processed in order to treat cardiac emergencies during regular opening hours and to organise transfer to partner hospitals for further inpatient treatment in such cases.

2.7 Management and administration of patient dossiers

The management of your patient dossiers includes the recording and storage of anamnesis, diagnosis, findings and documentation of your care. The dossiers also contain correspondence, invoices, appointment schedules and relevant photos, which are necessary for complete documentation of the medical history.

2.8 Management of data for billing

We manage your master and care data in order to invoice our services. This includes communication with social insurance companies, health insurers and accident insurers, as well as obtaining and managing cost approval and occasionally liaising with the authorities.

2.9 Supplier management

As part of our business relationship with our partners or suppliers, we receive your professional contact details, which we may store in our systems. This may also include your interests or preferences in order to maintain a personalised business relationship.

2.10 Websites and online offers

We use websites and other online offerings to provide our services and to market our offers. When you access our website, we collect usage data. Further information about the website can be found in the relevant section.

2.11 Print media

We sometimes send out personalised print media, for which your contact details or professional contact details are processed. We reserve the right to work with third parties for the dispatch of print media and to pass on your contact details for this purpose.

2.12 Job application

In order to determine your suitability for an employment relationship, we process the personal data that we have received from you as part of the application process. This may also include criminal records and debt enforcement extracts or similar documents.

If you have provided references, we can obtain information about you from these references. You have the right to know what we have been told. Tests to objectively determine your suitability for the position in question may form part of the application process. Insofar as it is a question of determining suitability as a manager, the test may also relate to your personality.

If the documents submitted do not yet provide a complete and reliable picture, we take the liberty of using publicly accessible sources that are suitable for clarifying the specific professional suitability, such as Xing or LinkedIn, but also Google in general, for the research. Research in private networks such as Facebook or Instagram is not relevant for us.

If there are objective reasons in your person that restrict or disqualify you for the relevant employment relationship, you are obliged to disclose these to us. This may also include an examination of your state of health. The information is provided to us within the legal framework.

 

3. Website and cookie information

The privacy policy applies to all websites operated, including:

Usage data is collected via the website and automatically stored in socalled server log files, which your browser automatically transmits to us. This data cannot be assigned by us to specific persons. This data is not merged with other data sources. However, we reserve the right to check this data retrospectively if we receive specific indications of unlawful use of the website.

For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator, this website uses SSL/TLS encryption.
The website may contain links to other websites that are beyond our control and are therefore not covered by this privacy policy. If you use these links and access other websites, the operators of these websites may collect information about you.

3.1 Permanent cookies or other tracking technologies

On our websites, we generally use cookies and similar technologies to identify your browser or device. A cookie is a small file that is automatically sent to your computer or stored on your computer or mobile device by the web browser you use when you visit our website. If you visit this website again, we can recognise you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after visiting the website (“session cookies”), cookies can also be used to store user settings and other information for a certain period of time (“permanent cookies”). However, you can set your browser to reject cookies, store them for one session only or otherwise delete them prematurely. Most browsers are set to accept cookies. We use permanent cookies to save user settings (e.g. language, auto-login), to better understand how you use our offers and content, and to be able to show you customised offers and advertising (which may also be the case on websites of other companies). Some cookies are set by us, others by contractual partners with whom we work. If you block cookies, some functions (e.g. language selection, shopping basket, order process) may no longer work. If you do not wish this to happen, you must set your browser or e-mail programme accordingly.

3.2 Google Analytics or other statistics services

We use Google Analytics or similar services on our websites. These are third-party services that may be located in any country in the world. In the case of Google Analytics, this is Google Ireland (based in Ireland), which uses Google LLC (based in the USA) as a processor (together “Google”) (http://www.google.com). These services enable us to measure and analyse the use of the website (not on a personal basis). Permanent cookies are also used for this purpose, which are set by the service providers. They use Google Analytics with activated IP anonymisation, which shortens the IP address before it is transmitted to the USA to prevent it from being traced.

Although the information we share with Google is not personal data for us, it is possible that Google can use this data to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons.

3.3 MyFonts or other web fonts

This website uses fonts from MyFonts or other providers to ensure a standardised display of fonts. When you access the page, your browser loads the required fonts into the browser cache in order to display the texts and fonts correctly. To protect your privacy, we have installed the fonts on our own web server as far as possible so that your IP address is not passed on to other service providers when the fonts are loaded. However, please note that when using certain services, such as Maps or Captcha, fonts from these service providers may be used. If your browser does not support external fonts, a standard font from your computer will be used automatically. Further information on MyFonts and their data protection provisions can be found on their website or the respective provider’s website.

3.4 Use of the contact form

A contact form is available on our website, which can be used to obtain a non-binding and free expert opinion. Your personal data will be processed in order to deal with your enquiry and provide you with a qualified assessment. This includes the collection and storage of your contact details and the relevant medical information that you send us via the contact form.

 

4. Origin of personal data

In most cases, the data that we process originates from you, e.g. in connection with the provision of our services, the use of our website or communication with us. If you wish to conclude contracts with us or utilise our services, you must provide us with certain data. This also applies to the use of our website. In addition, you are obliged to disclose data in order to fulfil legal obligations. Otherwise, you are free to decide whether you wish to provide us with data about yourself.

We may also receive data from third parties, in particular from our external service providers or contractual partners, financial service providers and insurance companies. In addition, we may receive data from publicly accessible sources such as websites, company registers, land registers, commercial registers, credit agencies, address dealers, associations, telephone directories and internet analysis services.

 

5. Data transfer and data transmission abroad

As part of our business activities and in accordance with the purposes mentioned, we may share information with third parties, in particular with the following categories of recipients:

  • Specialists: We work together with doctors with whom data is also exchanged in some cases;
  • Service providers: We work with service providers who process data on our behalf or under joint responsibility, such as dental laboratories, providers of practice software, marketing agencies or IT service providers, other suppliers, business partners;
  • Authorities: We may also disclose data to authorities in Switzerland and abroad, official bodies or courts if we are legally obliged to do so;
  • Financial service providers and insurance companies: In connection with creditworthiness and insurance services, we work with credit agencies, banks and insurance companies;
  • Other third parties: All other third parties with whom we cooperate in order to fulfil the aforementioned purposes. This may include, for example, the media, the public, including visitors to websites, competitors, industry organisations, associations, organisations and other bodies. In addition, they may also be parties in connection with a corporate transaction such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or part of our company.

These categories of recipients may include third parties to whom personal data is disclosed. We may contractually oblige service providers and certain contractual partners who work on our behalf not to use the data for their own purposes. Other third parties such as financial service providers, insurance companies or authorities use the data for their own purposes, e.g. to fulfil legal requirements, which is why we cannot restrict this processing.

We process your personal data primarily in Switzerland. However, the personal data may also be disclosed to recipients abroad. In addition, the data may be transferred to other countries in the European Economic Area. As a result of today’s global networking and internationally active groups, it is also possible for data to be processed anywhere in the world. If a recipient is located in a country without an adequate legal level of data protection, we will contractually oblige our supplier or partner to comply with the applicable level of data protection, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot invoke an exemption clause.

 

6. Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire patient relationship, for example, and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

 

7. Data security

We take appropriate technical and organisational security precautions to protect your personal data. In doing so, we take into account the state of the art, the risk of processing, the investment costs and, in addition to the Swiss Data Protection Act, we are guided by the Data Protection Ordinance. The measures are intended to prevent data protection violations, such as unauthorised access and misuse of data. We also instruct the processors to whom we pass on data to take appropriate technical and organisational security precautions.

Contact by e-mail
We offer you the option of communicating with us in encrypted form by e-mail using HIN Mail technology. Communication by e-mail is generally not encrypted. There is a possibility that data may be lost or intercepted and/or manipulated by third parties, for example in order to feign authenticity. We take suitable technical and organisational security measures to prevent this within the system. Nevertheless, the confidentiality of data cannot be guaranteed when transmitting any data by e-mail. This note applies in particular to the transmission of particularly sensitive personal data; please do not send us this data by e-mail, but contact us in advance to arrange a secure channel. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and recipient are outside the area under our control. We are not liable for consequences and damages that may result from the electronic exchange of information and in particular from misuse of the e-mail system. We reserve the right to indemnify ourselves for any wilful damage arising from business transactions with the person concerned via the electronic exchange of information. Furthermore, we reserve the right not to reply by e-mail in individual cases or to require another form for the order or information received by e-mail, e.g. a form with a signature.

 

8. Preferences and automated individual decisions

As a matter of principle, we do not use fully automated decision-making to establish and implement the relationship with the young people or in any other way. Should we use such procedures in individual cases, we will inform you of this separately if this is required by law and inform you of the associated rights.

 

9. Rights of the data subjects

As a data subject, you have the rights provided for by law in connection with data processing. In particular, you have the right to request information about your stored personal data. You can also request that your personal data be corrected, supplemented, blocked or deleted. Furthermore, you are free to object to the use of your data for marketing purposes. You can revoke your consent at any time with effect for the future. You also have the right to request the transfer of your data to another controller.

However, we would like to point out that we reserve the right to assert legal restrictions, for example if we are obliged to store or process certain data, have a legitimate interest in doing so or need the data to assert legal claims. Blocking takes the place of erasure if there are legal obstacles to erasure. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as premature cancellation of the contract or cost consequences. In such a case, we will inform you in advance unless this has already been contractually agreed.

The exercise of these rights generally requires that you clearly prove your identity (e.g. by providing a copy of your identity document if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact the data protection advisor named in section 1.

Every data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

 

10. Changes to this privacy policy

We may change this privacy policy at any time without prior notice. This privacy policy is not part of any contract with you. In principle, the current version published on our website applies.

 

11. Copyright and licence

This privacy policy was created as part of the full data protection service provided by impunix AG. If you have any questions or comments, please feel free to contact us using the contact details in section 1. The use of this privacy policy is reserved exclusively for customers of our full data protection service.

 

12. Categories of personal data

Depending on the business transaction, we process one or more of the following categories of personal data in the table below.

  • Master data: Data for allocation, treatment and billing, such as name, date of birth, address, insurance number, patient number and contact details, etc;
  • Creditworthiness and bank data: Salary, housing costs, disposable income, payment behaviour, balance sheets, data from credit agencies, score values, financial circumstances, account details, credit card number, etc.;
  • Health and medical data: Medical assessments, medical certificates, diagnoses, treatment histories, therapy plans, results of examinations and laboratory reports, etc.;
  • Identity details: Data to establish your identity, e.g. ID, etc.
  • Interests and preferences: Information provided or collected by you about your areas of interest, such as the products you are interested in, hobbies and other personal preferences;
  • Contact details: Name, address, telephone number, e-mail address;
  • Extended contact data: Data on spouse or children, marital status, portrait photo, honorary position, job title, professional career, length of service, tasks, activities, qualifications, evaluations/assessments, certificates, date of birth, etc;
  • Professional contact details: surname, first name, title, address, e-mail address, telephone number, mobile phone number, employer, function, department, responsibilities, etc.;
  • Usage data of the website: The IP address, browser type and version, operating system and device type used, referrer URL (the previous website from which you arrived at our site), the internet service provider, host name of the accessing computer, time of the server request, etc. You also provide us with information about how you use the website. We explain data processing when using the website and the app, including tracking with cookies, in the information on the website;
  • Technical data: Data on the technical features of the systems, such as configurations, IP addresses, serial numbers, product information, licences, documentation, etc.
  • Contract data: Data on the business relationship, customer number, offers and purchased products, services or services (incl. online services, date of contract, purchase price, special requests, warranties, goodwill, etc.);
  • Access data: Access data for authentication in systems;
Tim PortnerPrivacy policy of the Cardiance Clinic