Skip to content Skip to footer

Privacy policy

Close
Privacy policy

The personal data collected by Sana Suisse Med AG is collected and processed in accordance with the relevant data protection regulations in Switzerland, in particular the provisions of the Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR) and the principles described below.
The following privacy policy provides information about the type, scope and purpose of the collection of personal data via this website, the processing of this personal data and the rights of users in this regard. Personal data refers to all information relating to an identified or identifiable person.

Sana Suisse Med AG processes data that is generated in connection with the use of the website (www.sana-suisse-med.ch) or the data that is provided in this context (such as IP address, device details and settings, etc.). The data processing is carried out to analyze the Internet traffic on our website and to improve its functionality. When using the website, personal data may also be collected by means of cookies and Google Analytics.

I. Name and address of the controller

The controller within the meaning of the Swiss Data Protection Act (“DPA”) and, where applicable, the EU General Data Protection Regulation (“GDPR”) and other national data protection laws of the EU member states as well as other data protection regulations is

Sana Suisse Med AG
Guardian Angel Street 57
6340 Baar
Switzerland

II. Contact data protection officer

Data protection inquiries or claims as well as requests for information can be sent in writing to the following contact address, enclosing a copy of an official identity document:

Datenschutz@Sana-Suisse.ch

Insofar as Sana Suisse Med AG falls within the scope of the GDPR, the person listed below is its representative pursuant to Art. 27 GDPR and its data protection officer pursuant to Art. 37 GDPR. This representative and data protection officer can be contacted as follows:

Stefan Wunschel
Data protection and data security officer
Sana Kliniken AG
Oskar-Messter-Str. 24
85737 Ismaning
Germany

Datenschutz@Sana-Suisse.ch

III. General information on data processing
  1. Scope of the processing of personal data/personal data

We operate the website www.sana-suisse-med.ch (“Website”). We collect and use personal data of the users of our website (“user”, “you” or “data subject”) only insofar as this is necessary to provide a functional website and its content. The collection and use of personal data of our users only takes place with the consent of the user, except in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

In addition, the IP addresses of the requesting computers are logged.

In this context, data is passed on to third parties. Our partner company HOSTSTAR – Multimedia Networks AG [Switzerland] processes this data on our behalf.

  1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, this consent serves as the legal basis for the processing of personal data, unless we have another legal basis and require one. You can revoke your consent at any time. However, this has no effect on data processing that has already taken place.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, the purpose of the processing is the fulfillment of the contract or Art. 6 para. 1 lit. b GDPR, where applicable, as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, the fulfillment of a legal obligation of our company or Art. 6 para. 1 lit. c GDPR, where applicable, as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, this serves the purposes of Art. 6 para. 1 lit. a GDPR. 1 lit. d GDPR, where applicable, as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, the protection of the legitimate interests of our company or a third party or Art. 6 para. 1 lit. a GDPR serves as the legal basis. 1 lit. f GDPR, where applicable, as the legal basis for processing.

  1. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for in the applicable regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

  1. Data transfers abroad

As part of our business activities and for the purposes stated in this privacy policy, we may disclose the data to data processors and to our group companies that process the data on our behalf or for their own purposes, to the extent permitted by applicable data protection law. We may transfer users’ personal data to all countries worldwide in which Sana Einkauf & Logistik GmbH and Sana Kliniken AG and our service providers process this data (namely Germany and other European countries as well as the USA). If data is transferred to a country without adequate statutory data protection, we ensure adequate protection by using sufficient contractual guarantees (namely on the basis of the EU standard contractual clauses) or Binding Corporate Rules or we rely on the exceptions provided for by law (consent; contract performance; protection of an overriding public interest; establishment, exercise or enforcement of legal claims; data made publicly available by the user; necessity to protect the integrity of the data subjects). Users may at any time request in writing, enclosing a copy of an official identity document, to be informed of the appropriate guarantees. In particular, a copy of the contractual guarantees may be requested. However, we reserve the right to black out such copies for reasons of data protection or confidentiality or to supply only excerpts.

IV. Provision of the website and creation of log files
  1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • Operating system of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Name of the retrieved file
  • Duration of data transmission
  • Amount of data transferred

Contact forms are available on our website which can be used for electronic contact or data transmission. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are for example

  • Salutation
  • First name
  • Surname
  • E-mail address
  • Telephone
  • Your message

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

  1. Legal basis for data processing

The legal basis for the temporary storage of the data is our legitimate interests or Art. 6 para. 1 lit. f GDPR, where applicable.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

Our legitimate interest in data processing also lies in these purposes.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data collected when using the electronic contact forms is used exclusively for processing the conversation.

The data is used exclusively for processing the conversation.

  1. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If the data is stored in log files, this is the case after ninety days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

The additional personal data collected during the sending process will be deleted after a period of thirty days at the latest.

  1. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

The user has the option at any time to revoke their consent to the processing of the other personal data stored in the course of making contact. However, this has no effect on data processing that has already taken place. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. Please refer to the imprint for contact details. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

V. Use of cookies
  1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

We also use cookies on our website that enable an analysis of the user’s surfing behavior. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When accessing our website, users are informed by a consent banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.

  1. Legal basis for data processing

The legal basis for the processing of personal data using cookies is our legitimate interests or Art. 6 para. 1 lit. f GDPR, where applicable.

  1. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This requires the browser to be recognized even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

Our legitimate interest in the processing of personal data also lies in these purposes.

  1. Duration of storage, objection and removal options

Cookies are stored on the user’s computer and transmitted by it to our site. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI. Rights of the data subject

If your personal data is processed, you have the following rights vis-à-vis the controller:

  1. Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request the following information from the controller:

  • the purposes for which the personal data are processed;
  • the personal data that is processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • where applicable, the existence of automated individual decision-making and the logic on which the decision is based.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards in connection with the transfer (see Section III/4 above).

  1. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction immediately.

  1. Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • if you have objected to the processing and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. Right to erasure

a) Obligation to delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed and there is no other legal ground for the processing.
  • You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds or any other legal basis for the processing.
  • Your personal data has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under the applicable data protection law to which the controller is subject.
  • There is another legal ground for erasure under applicable data protection law and there is no other legal basis for the processing.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged pursuant to Art. Where the controller has made the personal data public and is obliged pursuant to applicable data protection law to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

  • for compliance with a legal obligation which requires processing by the applicable law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest, in particular in the area of public health;
  • for non-personal archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or
  • for the assertion, exercise or defense of legal claims.
  1. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

  1. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  • the processing is based on consent or on a contract and
  • the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures that use technical specifications.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority/data protection authority, in particular in the country of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.

The supervisory authority/data protection authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint in accordance with applicable law, including the possibility of judicial remedies.

VII. Analysis tools
  1. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on our legitimate interests or Art. 6 para. 1 lit. f GDPR, where applicable. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

  1. Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. They will then not be included in the conversion tracking statistics.

The storage of “conversion cookies” and the use of this tracking tool are based on our legitimate interests or Art. 6 para. 1 lit. f GDPR, where applicable. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of our legitimate interests or Art. 6 para. 1 lit. a GDPR, where applicable; consent can be withdrawn at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

  1. IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

  1. Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

  1. Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Deactivate Google Analytics.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

  1. Order data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

VIII. Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

IX. Plugins and tools

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest.

You can find more information on the handling of personal data by Google Maps in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

X. Protection of data transmission

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL-encrypted connection. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data protection   |   Imprint   |   Contact us

Growing together,
Cooperation for value – info@sana-suisse.ch

Sana Suisse Med AG © 2022