Health Services Switzerland GmbH Privacy Notice

This Privacy Notice explains how we process personal data, primarily in relation with our business and with our website. If you would like more information about our data processing, please feel free to contact us (sec. 2). “Personal da-ta” means any information relating to an identified or identifiable natural per-son, and “processing” means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data.

2. Who is the controller for the data processing?

For each data processing activity, there is a party that is primarily responsible for ensuring compliance, the “controller”. For the processing described in this Privacy Notice, the controller (also referred to as “we”) is:

Health Services Switzerland GmbH
c/o Birgit Joana Pedimonte
Pilatusstrasse 13
CH 8712 Staefa

+41 79 224 02 80

jpedimonte@hin.ch

You may provide us with data about other individuals (for example contact de-tails of your emergency contact etc.). We assume this data is accurate and that you are authorized to share it with us. As we may not directly contact these individuals or inform them about our data processing, we ask you to do so (e.g., by referring them to this Privacy Notice).

3. How do we process data in relation with our products and services?

When you use our products and services (collectively, “services”), we process da-ta for onboarding, concluding service agreements, and their performance and management:

We may advertise our services, such as newsletters. More details are set out in sec. 4.

If we are in contact with you in view of an agreement, we process data, for example if you fill out the contact form, send us an email or submit infor-mation as part of a membership enquiry. This is mostly data you provide to us, e.g., your name, contact details, date of birth, the content of your mes-sage, information relevant to organizational coordination, administrative information in connection with medical services, medical records that you provide to us for organizational purposes, health data insofar as necessary for coordination, details of services requested and the date of agreement. In individual cases, we may collect publicly available information where necessary for contractual or legal purposes. We offer services in coopera-tion with partners and may pass on personal data to them. We only pass on data, when necessary, for example to healthcare professionals within Switzerland, to service providers such as transport or accommodation pro-viders (if commissioned by you) or to partners in the field of prevention or diagnostics. We assume that such transfers do not conflict with the confi-dentiality interests of the persons concerned.

If we enter into an agreement with you, we process the data from the onboarding and information on the agreement (e.g. the date and the con-tent of the agreement).

We process personal data during and after the agreement, including de-tails on service purchases, payments, customer service interactions, claims, complaints, agreement terminations, and any related disputes or proceedings. These data processing activities are necessary for agreement performance.

For corporate partners, we process limited personal data, as data protection law applies only to individuals. However, we handle data of individuals we interact with, such as names, contact details, professional information, communication details, and information about management personnel, as part of the general data on companies we work with.

4. How do we process data in relation with advertising?

We may process personal data to communicate information about our services, including newsletters or service-related updates.

Electronic marketing communications are sent only with your consent or where permitted by applicable law. You may object to or unsubscribe from such com-munications at any time.

5. How do we disclose personal data?

We may disclose personal data only to the extent necessary for the performance of our services or to comply with legal obligations. This may include:

– healthcare professionals and medical institutions within Switzerland, upon your instruction or consent;

– service providers engaged by us for technical or organizational support (e.g. IT hosting, secure communication services);

– authorities or courts, where required by applicable law.

6. Can we disclose data abroad?

We do generally not disclose data abroad, except if we are legally required to share data with foreign authorities or in connection with asset sales or legal proceedings (see sec. 10).

If we disclose data abroad in the above-mentioned cases, we implement appro-priate safeguards, particularly the EU standard contractual clauses, available here. In some cases, data may be shared abroad without such safeguards as al-lowed by applicable law  for instance, with your consent or if necessary to per-form a contract, assert or defend legal claims, or serve overriding public inter-ests.

7. How do we use artificial intelligence?

We may use artificial intelligence (AI) tools on a limited basis to support admin-istrative and organizational processes, such as drafting texts, structuring infor-mation, improving internal efficiency, or enhancing operational security.

Any use of AI is strictly limited to non-medical, non-decisional purposes. No au-tomated medical assessments, diagnoses, treatment recommendations, profil-ing, or decision-making affecting individuals take place.

Where AI systems interact directly with individuals or process personal data in a significant manner, appropriate transparency measures are applied, and human oversight is ensured.

8. How do we process data in relation with our website?

For technical reasons, each time you use our website, certain data is temporarily stored in log files. This may include your device’s IP address, information about your internet service provider, operating system, browser type, referring URL, date and time of access, and accessed content.

We use this data to operate the website, ensure its security and stability, opti-mize performance, and for statistical purposes.

Our website is hosted exclusively in Switzerland by Novatrend SA.

Our website uses cookies, which are small files stored by your browser on your device. Cookies help us recognize returning visitors and analyze website usage, usually without directly identifying individuals. Session cookies are deleted when you close your browser, while persistent cookies remain stored for a limited pe-riod.

Cookies and analytics tools are used in accordance with applicable consent re-quirements, including Google Consent Mode v2, where required.

You may configure your browser to block or delete cookies at any time. Further information can be found in your browser’s privacy or help settings.

We use Google Analytics, a web analytics service provided by Google LLC (USA) and Google Ireland Ltd (Ireland). Google Analytics processes usage data and provides aggregated statistics. IP addresses are anonymized before transmission outside Europe. Google may process certain data for its own purposes. Further information on Google’s data protection practices is available in Google’s priva-cy documentation.

9. How do we process data via social media?

We maintain presences on social networks and platforms (e.g., LinkedIn). If you communicate with us, comment on, or share content there, we collect infor-mation for communication, marketing, and statistical purposes (see sec. 4 and 10). Please note that platform providers also collect and use data (e.g., user be-havior) independently, potentially combining it with other data they hold (e.g., for marketing or content personalization). Where joint responsibility with the provider applies, we enter into an agreement, details of which can be obtained from the provider.

10. Are there other processing purposes

In addition to the purposes described above, we may process personal data for the following limited purposes:

– communicating with you and responding to inquiries;

– fulfilling legal, regulatory, or compliance obligations under applicable law;

– safeguarding the security, integrity, and proper functioning of our IT systems.

Any such processing is carried out in accordance with applicable data protection laws and is limited to what is necessary and proportionate for the respective purpose.

11. How do we protect your data?

We implement appropriate technical and organizational measures to ensure the security of your personal data is commensurate with the respective risk. Howev-er, absolute data security cannot be guaranteed, and some residual risks may remain.

12. How long do we process personal data?

We process your personal data as long as necessary for the relevant purpose (e.g., for personal health data, typically the duration of the organizational coor-dination), as long as we have a legitimate interest in its retention (e.g., to en-force legal claims, for archiving, or IT security), or as required by statutory reten-tion obligations (e.g., a ten-year retention period for certain data). Once these periods expire, we delete or anonymize your data.

13. Anything else to consider?

Depend-ing on the applicable law, data processing is permitted only if explicitly authorised. This restriction does not apply under the Swiss Data Protection Act but does apply under the European General Data Protection Regulation (GDPR), if applicable. In such cases, we rely on the following legal bases for processing your personal data:

– Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR for processing based on your separate consent (see para. 3).

– Art. 6 para. 1 lit. b GDPR for processing necessary to perform a contract with the data subject or to take pre-contractual measures (see para. 3).

– Art. 6 para. 1 lit. f GDPR (and Art. 9 para. 2 lit. f GDPR for special-category data, if applicable) for processing necessary to protect our or third parties’ legitimate interests, unless overridden by the da-ta subject’s fundamental rights and freedoms. This includes compliance with Swiss law, ensuring sustainable, user-friendly, secure, and reliable operations, and the purposes outlined in sec. 6.

– Art. 6 para. 1 lit. c GDPR for processing necessary to comply with a legal obligation under the laws of an EEA Member State. The EEA includes EU member states, Iceland, Norway, and Liechtenstein.

– Art. 6 para. 1 lit. a GDPR (and Art. 9 para. 2 lit. b GDPR for special-category data, if applicable) for processing based on your separate con-sent.

In general, you are not required to disclose data to us, except in specific cases (e.g., fulfilling contractual obligations that necessitate data disclosure). However, we may need to process data for legal or contractual purposes. The use of our website would also not be possible without some data processing (see sec. 8).

14. What are your rights?

You have certain rights, subject to conditions and restrictions under applicable law:

– You can request a copy of your personal data and further information about our data processing.

– You can object to our data processing and request a restriction of our data processing.

– You can have incorrect or incomplete personal data corrected or completed or supplemented by a note of dispute.

– You can request a permanent deletion of your personal data.

– You also have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract.

– To the extent that we process data based on your consent, you can with-draw your consent at any time. The withdrawal is only valid for the future, and we reserve the right to continue to process data based on another ba-sis in the event of a withdrawal.

If you wish to exercise such a right, please feel free to contact us (sec. 2). We will usually have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).

14. Contact