Data Protection Statement for the Websites of VirtaMed AG
1.1. VirtaMed AG, a Swiss corporation with its place of business in Schlieren, Switzerland (“VirtaMed”, "we", "our" or "us"), is the provider of the website www.virtamed.com and other websites and mobile applications with similar contents (together the "Platform"). Data protection is important to us.
1.2. This data protection statement (the "Data Protection Statement") describes particularly how we handle personal data, namely concerning the collection, storage and usage thereof. Furthermore, it sets forth how collected personal data may be examined, corrected or deleted.
1.3. If you ("you", "your" or "yours") provide us with personal data of other persons (such as family members, work colleagues, friends or persons you do not know yet), please make sure the respective persons are aware of this Data Protection Statement and only provide us with their data if you are allowed to do so and such personal data is correct.
The "controller" of data processing as described in this data protection statement (i.e. the responsible person) is VirtaMed AG, Schlieren, Switzerland unless we have informed you differently in certain cases. You can notify us of any data protection related concerns using the following contact details: email ; phone +41 44 500 96 90.
3. Acceptance and Amendment of this Data Protection Statement
3.1. By either visiting our Platform or registering with us, you accept to be bound to and expressly consent to this Data Protection Statement.
3.2. We reserve the right to modify this Data Protection Statement at any time, in our free discretion, without giving reasons. We will give due notice of any modifications of the Data Protection Statement on our Platform.
3.3. If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters or carrying out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
4. Types of Personal Data we collect
4.1. We collect the following personal data of the users of our Platform:
- Information You Give Us:We receive and store any information you provide on our Platform or give us in any other way. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features or functions.
- Information Clearly Indicated: We may collect personal data which is clearly indicated on our Platform.
- Automatic Information: We receive and store certain types of information whenever you interact with us. For example, we use "cookies" and we obtain certain types of information when your web browser accesses our Platform. Moreover, we may use Google Analytics or similar services for purposes of web analytics as well as social media plugins. Further information about automatic information can be found under Section 6 ff. below.
- Email Communications: To help us make emails more useful and interesting, we often receive a confirmation when you open emails from us if your computer supports such capabilities. We may also compare our customer list to lists received from other companies in an effort to avoid sending unnecessary messages to our customers.
- Information from Other Sources: We might receive information about you from other sources and add it to our account information, if any.
4.2. Further types of personal data processed by us are set out in other Sections of this Data Protection Statement.
5. How we process your Data
5.1. We may process personal data collected according to this Data Protection Statement as follows:
- in order to create and manage user accounts;
- in order to improve our services;
- for marketing purposes, i.e. particularly in order to understand better the needs of the users;
- in order to confirm addresses that you provide on the Platform, and that may be shared with an address verification vendor for accuracy, and which the vendor may keep on file;
- in order to update your address information maintained in your online account;
- in order to perform the services on our Platform and the obligations to be performed by us according to our agreements with you;
- in order to comply with administrative, tax, investigative or other audit requirements or any other legal or regulatory disclosure requirements;
- in order to resolve disputes, collect fees and troubleshoot problems;
- If you have applied for employment with VirtaMed, the personal data submitted with your job application will be used for recruitment and other internal human resources purposes;
- for other purposes which are clearly indicated on our Platform.
5.2. Further purposes of data processing are set out in other Sections of this Data Protection Statement.
5.3. Under no circumstances we will sell or market your personal data to third parties unless otherwise provided in this Privacy Statement.
6.1. If you visit our Platform, small files may be saved automatically on your computer. This occurs by means of so-called "cookies" or similar files which help us in various aspects, e.g. in order to learn about the preferences of our users and to improve our Platform.
7. Website Analysis
7.1. We use third party service providers such as Google Inc. to assist us in better understanding the use of our Platform. We may e.g. use Google Analytics.
7.2. Our service providers will place cookies on your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Platform, what products are browsed and general purchasing information.
7.3. Our service providers analyses this information and provides us with aggregate reports. The information and analysis provided by our service providers will be used to assist us in better understanding our visitors’ interests in our Platform and how to better serve those interests.
7.4. The information collected by our service providers may be transferred to other countries such as the U.S. Moreover, we may link to and combine such information with information that we collect about you while you are visiting our Platform.
8. Direct Marketing
8.1. We may from time to time process your personal information to send you marketing email about our products. In this case your prior consent is required. These emails may contain features that help us make sure you received and were able to open the message.
8.2. You may opt out of receiving such marketing email messages at any time and free of charge.
We may partially process your personal data automatically with the aim of evaluating certain personal aspects by nurturing. In particular, nurturing allows us to inform and advise you about products possibly relevant for you more accurately. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as required, including market and opinion research.
10. Transfer of Data to Third Parties in Switzerland and Abroad
10.1. In the context of our business activities and in line with the purposes of the data processing set out in this Data Protection Statement, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may be concerned (together the “Recipients”):
- our service providers (such as e.g. banks, insurances), including processors (such as e.g. IT providers);
- dealers, suppliers, subcontractors and other business partners;
- domestic and foreign authorities or courts;
- the media;
- the public, including users of our websites and social media;
- competitors, industry organizations, associations, organizations and other bodies;
- acquirers or parties interested in the acquisition of us;
- other parties in possible or pending legal proceedings.
10.2. Certain Recipients may be within Switzerland, but they may also be located in any country worldwide. In particular, you must anticipate your data to be transmitted to the USA where some of our service providers may be located.
10.3. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission) or binding corporate rules or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.
10.4. You can obtain a copy of the mentioned contractual guarantees at any time from the contact person named under Section 2 above. However, we reserve the right to redact copies for data protection reasons or reasons of secrecy or to produces excerpts only.
11. Retention Periods for your Personal Data
11.1. We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations.
11.2. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes).
11.3. As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
12.1. We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.
12.2. You can be assured that your personal information and account information is reasonably secure on our Platform.
12.3. While we strive to protect your personally identifiable information, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we make reasonable efforts to ensure its security on our systems.
13. Your Rights
13.1. In accordance with and as far as provided by applicable law (as is the case where the General Data Protection Regulation is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
13.2. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above.
13.3. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
13.4. In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 2 above.
13.5. In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
14. Accessibility of this Data Protection Statement
This Data Protection Statement is accessible on our Platform. You can access, download save and print it out for your convenience.
Version dated 15/11/2018
Our contact details
Tel: +41 44 500 96 90