1. Who is responsible for your personal data?
Hair and Skin Medical AG
CH - 8400 Winterthur
2. Which law is applicable?
Due to the geographical orientation of our offer, we assume that Swiss law is primarily applicable to our data processing activities. In particular, the Federal Data Protection Act (FADP, SR 235.1) and the associated Ordinance (SR 235.11) are relevant.
3. What personal data do we process, for what purpose and on what basis?
3.1 When you visit our website (without booking an appointment)
When you visit our website, the server automatically logs general technical visit information. This data includes, for example, the IP address and operating system of your device, the date and time of use, the website from which you visit us and the type of browser you use to access our website.
Cookies are information files that your web browser automatically stores on your device when you visit our website. You can independently manage your security settings in the browser and block cookies used by us or delete stored cookies. However, we draw your attention to the fact that our website may no longer function fully if you block cookies that are necessary for the functionality of the website. You can disable Google Analytics by installing this Browser Add-On. For more information about privacy and your choices regarding Google Analytics, please see here.
3.2 If you are interested in our services and products, or if you use or order them
When you book an appointment, inquire about our products and services, visit us for a suitability assessment or to create a treatment plan, or order or purchase products from us, we collect your contact information and other relevant personal data that you provide to us on these occasions.
We process this personal data in order to prepare, conclude and fulfill the treatment contract or the purchase contract with you, to comply with legal obligations (e.g. retention obligation for business records according to Art. 958f of the Swiss Code of Obligations), as well as on the basis of our interest to communicate with you about our products and services, to improve our products and services and to optimize your customer experience.
In connection with the treatment, we collect certain health data from you (in particular, data regarding hair growth and scalp, your general health condition and regarding medications you are taking). Health data is particularly sensitive personal data in the sense of data protection law. We therefore ask for your explicit consent before collecting this data.
Based on our interest in informing people who are interested in our offer about new developments, we may send you marketing information (e.g. via a newsletter). You have the option to opt out of receiving such information at any time.
4. In which cases and how do we pass on your personal data to third parties?
In order to fulfill a contract, to protect our interests or to comply with legal requirements, it may be necessary for us to pass on your personal data to third parties. This includes, for example, our IT service providers as well as third-party providers in the areas of payment transactions, billing, collection, consulting, sales and marketing.
If we transfer your personal data to organizations outside of Switzerland, the EU and the EEA, we comply with the provisions of the DPA and the GDPR on international data transfer, e.g. by selecting service providers that are subject to the Privacy Shield.
5. Data security
We protect your personal data by means of technical and organizational security measures against accidental, unlawful or unauthorized manipulation, deletion, alteration, access, disclosure, use or loss.
6. How long do we keep your personal data?
We store your personal data only as long as and to the extent that this is necessary for the purposes described or for legal reasons. For legal reasons, we keep data relating to treatment (patient files) for 20 years.
7. What rights do you have in connection with your personal data?
Subject to the conditions of the applicable data protection law, you have the following rights in connection with your personal data:
- Right of access to the personal data we process about you.
- the right to rectify inaccurate personal data
- the right to have your personal data deleted ("right to be forgotten")
- Right to restrict the processing of your personal data
- Right to data portability (transfer of your personal data to you or a third party)
- Right to object to the processing of your personal data.
We explicitly grant these rights contained in the GDPR to our Swiss customers and website visitors, to the extent that they are not already entitled to analogous rights under the GDPR.
Please note that exceptions apply to these rights. In particular, we may be obliged to further process your personal data in order to fulfill a contract with you, to protect our own legitimate interests such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. In these cases, we may or must therefore refuse certain requests or comply with them only to a limited extent.
Finally, you also have a right of appeal (see section 9).
8. Links to other websites
Our website links to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection laws.
9. Right of complaint
If you are not satisfied with the way we process your personal data, you have the right to complain to the Swiss Federal Data Protection and Information Commissioner or to your competent supervisory authority.
Please contact us first before submitting a complaint. This way we can try to resolve your concern directly. The easiest way is to contact us is by e-mail at firstname.lastname@example.org.