SAoO Swiss Academy Of Ophthalmology
 
   

Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you. Detailed information on the subject of data protection can be found in our data protection declaration, which is listed below this text.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the ’Information on the controller’ section of this privacy policy.

How do we collect your data?
Firstly, we collect your data when you provide it to us. For example, this may be data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website, or with your consent. This is primarily technical data, such as internet browser, operating system and time of page view. This data is collected as soon as you enter the website.

What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other enquiries relating to orders.

What rights do you have regarding your data?
You have the right to request information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can withdraw this consent at any time. Under certain circumstances, you also have the right to request the restriction of the processing of your personal data. You have the right to lodge a complaint with the relevant supervisory authority.
Please contact us if you have any further questions about data protection.

2. Hosting

We use the following provider to host the content of our website:

Strato

Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as ’Strato’). When you visit our website, Strato collects various log files, including your IP address.
Further information can be found in Strato’s privacy policy: https://www.strato.de/datenschutz/.

Strato is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(f) GDPR. 1 lit. 1 GDPR and § 25 para. 1 TDDDG, provided that the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting), as defined in the TDDDG. Consent can be withdrawn at any time.

Order processing
We have concluded an order processing contract (AVV) for the use of the aforementioned service. This contract is required by data protection law and ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data against access by third parties.

Information on the controller

The controller responsible for data processing on this website is:
Foundation SAoO
Siwss Academy of Ophthalmology
Auerstrasse 2
Postfach 48
CH-9435 Heerbrugg
Phone: +41 71 720 00 33
E-Mail: info@saoo.ch

The controller is the natural or legal person who determines the purposes and means of processing personal data (e.g. names and email addresses).

Storage period

Unless this privacy policy specifies a more specific storage period, your personal data will remain with us until the purpose for which it was processed no longer applies. If you make a valid request to delete your data or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing it (e.g. retention periods under tax or commercial law). In the latter case, your data will be deleted once these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we will process your personal data on the basis of Art. 6(1) a) GDPR or Art. 1 lit. a GDPR or Art. 9(2)(a) GDPR, provided that special categories of data are processed in accordance with Art. 9(1) GDPR. 1 GDPR. If express consent is given for the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1) GDPR. 1 lit. a GDPR. If you have consented to cookies being stored or to access being granted to information on your end device (e.g. via device fingerprinting), data processing will also be carried out on the basis of Section 25(1) of the TDDDG. Consent can be withdrawn at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we will process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6(1)(c) GDPR. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interests, in accordance with Art. 6(1)(f) GDPR. 1 lit. f GDPR. The relevant legal basis for each case is provided in the following paragraphs of this privacy policy.

Recipients of personal data

As part of our business activities, we collaborate with various external organisations. In some cases, it is necessary to transfer personal data to these organisations. We only pass on personal data to external bodies if this is necessary to fulfil a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities) or if we have a legitimate interest in the transfer in accordance with Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on our customers’ personal data on the basis of a valid order processing contract. In the case of joint processing, a joint processing agreement is concluded.

Revocation of consent for data processing

Many data processing operations can only be carried out with your express consent. You can withdraw your consent at any time. However, the legality of any data processing carried out prior to the revocation remains unaffected.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Art. 6(1)(f) or (f) GDPR, you have the right to object to this at any time for reasons arising from your particular situation. If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data, unless we can prove that there are compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

Data subjects have the right to lodge a complaint with a supervisory authority in the event of violations of the GDPR, particularly in the Member State of their habitual residence, place of work or place of the alleged violation. This right exists independently of any other administrative or judicial remedies.

Right to data portability

You have the right to receive any data that we process automatically on the basis of your consent or for the fulfilment of a contract, in a common, machine-readable format, either from us or from a third party. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to obtain free of charge at any time information about your stored personal data, its origin and recipients, and the purpose of data processing. You also have the right to request the correction or deletion of this data. Please contact us if you have any further questions on the subject of personal data or if you wish to exercise these rights.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data. You can contact us at any time to do so. The right to restrict processing applies in the following cases:

  • If you dispute the accuracy of the personal data that we hold about you, we usually need time to verify this. During the review period, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data is/was unlawful, you can request restriction of processing instead of deletion.
  • If we no longer need your personal data but you do, in order to exercise, defend or assert legal claims, you have the right to request the restriction of processing instead of deletion.
  • If you have lodged an objection pursuant to Art. 21(1) GDPR, we must strike a balance between our interests and yours. While it is unclear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, apart from storage, it may only be processed with your consent, or for the purpose of establishing, exercising or defending legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries sent to us, the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of the browser changing from ’http://’ to ’https://’, as well as by the lock symbol in the browser bar.
When SSL or TLS encryption is activated, any data you send us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and informational material. The website operators expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

4. Data collection on this website

Cookies

Our websites use cookies. These are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you or your web browser deletes them.
Cookies can originate from us (first-party cookies) or third-party companies (third-party cookies). Third-party cookies enable certain third-party services to be integrated within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are essential for the website to function properly (e.g. the shopping basket or video display functions). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Necessary cookies, which are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing these cookies to provide its services technically error-free and optimised. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). Consent can be withdrawn at any time.

You can configure your browser to receive notifications when cookies are set, to allow cookies only in specific cases, to exclude acceptance of cookies in certain cases or in general, and to activate the automatic deletion of cookies when you close your browser. Please note that deactivating cookies may restrict the functionality of this website.

This privacy policy provides information on the cookies and services used on this website:
No persistent or long-term cookies are set automatically on this site.

Server log files

The provider of these pages automatically collects and stores information in server log files. This information is transmitted to us automatically by your browser. These are:

  • browser type and version
  • the operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with data from other sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in presenting and optimising its website technically error-free – to this end, server log files must be collected.

Contact form

If you send us enquiries via the contact form, we will store the details you provided in the enquiry form, including your contact details, for the purpose of processing the enquiry and for follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6(1) lit. b GDPR if your enquiry relates to the performance of a contract or the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. Consent can be withdrawn at any time.

The data you enter into the contact form will be retained by us until you request its deletion, withdraw your consent for us to retain it, or the purpose for retaining it no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us using these methods, your enquiry and all personal data arising from it (e.g. name and enquiry details) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6(1) lit. b GDPR, provided your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. Consent can be withdrawn at any time.

Data sent to us via contact enquiries will be retained until you request its deletion, withdraw your consent for its storage, or the storage purpose no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

5. Newsletter

Newsletter data

To subscribe to the newsletter offered on the website, you need to provide your email address and information that allows us to verify that you own the email address provided and agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively to send you the requested information and will not pass it on to third parties.

We use Mailchimp (Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA) to send the newsletter. Your data (e.g. your email address) is stored on Mailchimp servers in the USA. Mailchimp enables us to analyse user behaviour, e.g. opening and click rates. This performance measurement helps us to optimise the newsletter. You can find the data processing agreement with Mailchimp at https://mailchimp.com/de/legal/data-processing-addendum/. Mailchimp is certified under the EU–US Data Privacy Framework. Further information on data protection at Mailchimp can be found at https://www.intuit.com/privacy/statement/.

The data you enter when registering for the newsletter is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent for us to store your data and email address, and for us to use your email address to send you the newsletter, at any time. You can do this, for example, via the ’Unsubscribe’ link in the newsletter. The legality of any data processing operations already carried out will not be affected by the revocation.

Any data that you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe, after which it will be deleted from the distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, in accordance with our legitimate interests under Art. 6 (1) lit. f GDPR.

Data that we store for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. Data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1) lit. f GDPR). There is no time limit for storage on the blacklist. You can object to storage if your interests outweigh our legitimate interests.

Newsletter dispatch to existing customersn

Newsletter dispatch to existing customers
If you order goods or services from us and provide your email address, we may use it to send you newsletters in the future, provided that we inform you of this beforehand. In this case, the newsletter will only be used to advertise similar goods or services from us. You can unsubscribe from the newsletter at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for sending the newsletter in this case is Art. 6(1) lit. f GDPR in conjunction with §7(3) UWG.

Once you have unsubscribed, your email address may be stored on a blacklist to prevent you from receiving any further mailings. Data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). There is no time limit for storage on the blacklist. However, you can object to storage if your interests outweigh our legitimate interest.

6. Plugins and tools

YouTube with enhanced data protection

This website embeds videos from YouTube. YouTube is operated by Google Ireland Limited (“Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a website with embedded YouTube videos, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, YouTube can associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos played in this mode are not used to personalise your YouTube browsing experience. Ads played in extended data protection mode are not personalised either. No cookies are set in extended data protection mode. However, local storage elements similar to cookies are stored in the user’s browser and can contain personal data and be used for recognition purposes. Details on enhanced data protection mode can be found here:
https://support.google.com/youtube/answer/171780.

Once a YouTube video has been activated, further data processing operations may be triggered that are beyond our control.

We use YouTube to present our online offerings in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6(1) f GDPR. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(f) GDPR. 1 lit. 1 GDPR and § 25 para. 1 TDDDG, provided that the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting), as defined in the TDDDG. Consent can be withdrawn at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States which aims to ensure that data is processed in accordance with European standards in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider via the following link: //www.dataprivacyframework.gov/participant/5780.

Facebook

We have a Facebook profile. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereafter referred to as ’Meta’). By using our page, Facebook may process personal data such as your age, gender, country, visit times and interactions. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). You are responsible for how Meta uses this data. According to Meta, this data is also transferred to the USA and other third countries. The company is certified under the EU-US Data Privacy Framework. Further information can be found in Facebook’s privacy policy. https://www.facebook.com/about/privacy/.

7. Payment services

We use a third-party payment service on our website. When you make a purchase from us, the payment service provider processes your payment details (e.g. name, payment amount, account details, credit card number) for the purpose of payment processing. The respective contractual and data protection provisions of the providers in question apply to these transactions. We use payment service providers based on Art. 6(1) lit. b GDPR (contract processing) and in the interest of ensuring a smooth, convenient and secure payment process (Art. 6(1) lit. f GDPR). If we request your consent for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing and consent can be withdrawn at any time with future effect.

We use Stripe (Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process payments. Stripe may also transfer data to the USA. You can find the data processing agreement with Stripe at https://stripe.com/de/legal/dpa. Stripe is certified under the EU–US Data Privacy Framework. Further information on data protection at Stripe can be found at https://stripe.com/de/privacy.

8. Additional information for users in Switzerland

This section applies to users in Switzerland and takes precedence over any other information in the privacy policy that differs from or conflicts with it for these users.

Users’ rights under the Swiss Federal Act on Data Protection

Users may exercise certain rights with regard to their data within the framework of the legal provisions, including the following:

  • the right of access to personal data;
  • the right to object to the processing of their personal data (which also allows users to request the restriction of the processing of personal data, the erasure or destruction of personal data, and the prohibition of the transfer of certain personal data to third parties).
  • the right to obtain their personal data and transfer it to another data controller (data portability);
  • the right to request the rectification of inaccurate personal data.

How to exercise these rights

All requests to exercise user rights should be addressed to the owner using the contact details provided in this document. Such requests are free of charge and will be answered by the owner as soon as possible, with users receiving the information required by law.

Source: https://www.e-recht24.de