§ 1 Introduction
The protection of your privacy is of utmost importance to us. Compliance with the legal provisions of data protection is a matter of course for us. We guarantee that all data collected will be handled in accordance with the applicable data protection regulations.
§ 2 Security and confidentiality
We store all personal data exclusively on servers in Switzerland. When handling your personal data, we take appropriate technical and organisational measures to protect your data from unauthorised and/or unlawful access.
§ 3 Anonymous access data collection – logs
Each time a user accesses our website, access data relating to this process is stored anonymously in a log file. Each data record consists of:
the page from which the file was requested
the date and time of the request
the amount of data transferred
a description of the operating system and browser used.
These log files, which do not identify users, are used to optimise the service and improve our websites.
§ 4 Collection of self-provided data
We collect personal data provided by a user himself/herself, whether in the course of registration, booking an appointment, actively contacting us (e.g. by e-mail), entering a rating and/or comment on our website, booking an appointment on behalf of a third party or using another service in accordance with § 8.
We expressly draw your attention to the fact that the data provided independently may include particularly sensitive data. This includes, in particular, information on the state of health as well as the disclosure of the doctor-patient relationship in principle.
§ 5 Duration of data storage
As a matter of principle, we irrevocably delete all data, in particular also the doctor-patient relationship as well as all appointment booking data, 30 days after the appointment has taken place. Exceptionally, data may be stored for up to 5 years if this is necessary due to the medical service provider’s legal documentation obligation.
The user’s login data as well as the data contained in the directory of Swiss medical service providers will only be deleted if the user or the medical service provider exercises the right of deletion and revocation pursuant to § 8.
§ 6 Legal basis of data collection
By registering and accepting these data protection provisions, a user expressly authorises us to process the data pursuant to § 4 for the purposes pursuant to § 8. The legal basis for the collection and processing of the data is the express consent of the user pursuant to Art. 6 Para. 1 lit. a EU Data Protection Regulation (DSGVO). A person who has an appointment booked on behalf of a third party is obliged to obtain the corresponding express consent of the person concerned.
For the purpose of providing and carrying out video offers, we intend, in addition to the points listed under “Administration of online appointment booking”:
to record the personal mobile telephone number of the person making the booking during the booking process. An SMS will be sent to the phone number provided immediately prior to each video session to ensure that the booker’s device is ready.
Identify and store the user’s device type.
collect credit card information and personal data necessary for payment (e.g. surname, first name, address, etc.).
Apart from the data listed above, we do not store any other data in connection with video sessions. In particular, it should be noted that no conversations, messages or the like between doctor and patient are recorded or stored.
For the purpose of managing the patient file, we intend to:
to collect further personal and health data of the patient (such as insurance details, vaccination details, etc.) after or during a booking in accordance with the individual specifications of the corresponding medical service provider.
to allow the user to make his/her data available to third parties (such as doctors, medical organisations, etc.) (only after express consent has been given).
to irrevocably delete all of the user’s data if the user does not consent to the processing of his/her data by us within 48 hours.
§ 7 Right to information, revocation and deletion
If personal data is processed by you, you are a data subject in the sense of the GDPR and you are entitled to the following rights:
Right of access: any person may, after sufficient identification, request access to all personal data relating to him or her free of charge at firstname.lastname@example.org.
Right to rectification: You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.
Right to restriction of processing: You have the right, under certain conditions, to request that the processing of your personal data be restricted.
Right to be informed: if you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
Right to data portability: You have the right to obtain the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.
Right to object: Insofar as we process your personal data on the basis of consent, you have the right to revoke your consent at any time. The revocation only applies to the future; however, processing activities based on your consent in the past do not become unlawful as a result of your revocation.
Right to complain to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes applicable law.
§ 8 Disclosure of data to third parties
We do not disclose any data to third parties except within the framework of the permission granted by the user when accepting this document or in cases provided for by law.
We reserve the right to disclose your personal data in accordance with § 4 and § 5 exclusively to third parties within and outside Switzerland who are contractually bound to us to comply with the same data protection standards to which we are bound. In particular, these third parties are obliged to use data only for the purposes set out in § 4 or for other legally permissible purposes, such as in particular technical support, and not to disclose data to other third parties unless this is permitted by us or required by law.
§ 9 Cookies and analysis tools
We use session cookies. Cookies are small data sets such as those used by most websites. The cookies do not contain any personalised information, but only identification numbers that are meaningless outside of our website. In addition, we use Google Analytics to analyse the usage behaviour of our website. Google Analytics also uses so-called “cookies”. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We also use integrated services on this website in addition to the standard functions, for which data is collected in Google Analytics for advertising purposes, including the collection of data via cookies for ad specifications and anonymous identifiers. For this purpose, in addition to the data collected by the Google Analytics analysis tool, further data is collected via Google cookies for ad preferences and anonymous identifiers on accesses. We use this information to improve our web services.
These tools are used to ensure the security of our website and systems. In addition, this data is used to record user behaviour in order to improve our services and to carry out statistical analyses. This enables us to tailor the content of our websites to the specific needs of our visitors. These uses are completely anonymised. We do not disclose this information to third parties unless required to do so by the relevant authorities. We reserve the right to identify users (in particular by comparing their IP address, but only in the event of justified suspicion of misuse of the website and/or the existence of a serious breach of the General Terms and Conditions.
Of course, you can also use our websites without cookies. You can refuse to accept cookies by setting your browser accordingly, by deactivating the option to save cookies or by instructing the browser (usually under “Internet options” or “Settings”) to inform you each time a website wants to install a cookie. If you wish, you can also prevent the functionality of Google Analytics by downloading and installing the browser plugin available under the following link: “http://tools.google.com/dlpage/gaoptout?hl=de”. We would like to point out that if you deactivate cookies or Google Analytics, the functions of our website may not be fully available to you.
§ 10 Changes to this data protection declaration
§ 11 Responsible
Dr. Laser Health AG
+41 44 552 0052
§ 12 Right of complaint to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes applicable data protection laws.
Federal Data Protection and Information Commissioner
CH – 3003 Bern
+41 (0)58 462 43 95