Medi24 AG (Medi24) gives special priority to data protection and we attach great importance to the protection of personal data. For this reason, Medi24 always processes personal data in compliance with this Data Protection Policy (Privacy Notice) and the applicable data protection legislation for the protection of personal data, including but not limited to the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP) and other relevant data protection legislation.
This Data Protection Policy explains how Medi24 as controller as defined by the GDPR processes your personal data (e.g. collects, uses or processes it in any other way).
The Data Protection Policy also describes how you can exercise your rights in relation to instances of data processing performed by us. More information on this can be found in Item 8 of this Declaration.
Please note that, with regard to the processing of your data by Medi24, Switzerland is what is known as a safe third country and the European Commission acknowledges that Swiss data protection law affords an appropriate level of data protection.
1. Name and address of the controller responsible for the processing
Data controller as defined by the GDPR:
Contact details of data protection officer:
If you have any remarks, questions or complaints relating to the processing of your personal data by Medi24, please contact our data protection officer, either at email@example.com or in writing at the address given above, adding “Attn: Data Protection Officer”.
Data Protection Representative in the European Economic Area (EEA):
AWP P&C S.A., Branch Office for Germany
2. What personal data relating to you do we process?
We process only the personal data listed below and only to the extent necessary for the specific purposes stated in Section 3. In general, we process the following personal data:
- First name
- Last name
- Email address
3. For what purpose do we process your personal data and what is legal basis for this?
We process the personal data you provide for the purposes listed below.
- Interested parties are contacted via email by Medi24’s sales colleagues.
3.2. Compliance with a legal obligation (Art. 6 (1) c GDPR)
- Disclosure of personal data to law enforcement agencies or in connection with court proceedings or legal disputes to the extent that we are legally obliged.
- Compliance with legal requirements (e.g. compliance with specific duties to provide evidence, or documentation or retention obligations).
- Furthermore, we process your personal data in order to comply with legal obligations, such as supervisory and professional standards or our duty to provide consultation services.
3.3. Safeguarding our legitimate interests (Art. 6 (1) f GDPR)
- Protection of our legitimate business interests, e.g. in connection with legal entitlements (settlement of legal disputes, enforcing existing agreements and for the assertion, exercise and defense of legal rights including the disclosures of such information in connection with court proceedings or legal disputes), compliance requirements and for the prevention of fraud.
- The maintenance and protection of the security of our systems and services as well as our websites, the prevention and detection of security risks, fraudulent conduct or other acts of a criminal or malicious nature; for guaranteeing IT security and IT operations.
4. Which data is collected during the use of our website?
You can visit our website without providing any personal details. Our website serves information purposes only and to make contact with us.
Every time a website is accessed our webserver automatically saves what is known as a server logfile that saves, for example, the name of the file requested, your IP address (but only the first digits), the date and time of the request, data volume transferred, the browser type and version used, the operating system used by the accessing system, the internet page from which you came to our internet page (known as referrers), the subsites that are accessed and the requesting provider. If you wish to view our website, we collect the specified data that we need for technical reasons to display our website and to ensure stability and security. The legal basis for this stems from our legitimate interest, Art. 6 (1) Sentence 1 f GDPR.
This access data is also analyzed for the purpose of ensuring smooth operation of the website and improving our offering. Such analyses serve the safeguarding of our overriding legitimate interests in correct presentation of our offering within the scope of a balancing of legitimate interests pursuant to Art. 6 (1) Sentence 1 f GDPR.
This website uses the following types of cookies, the scope and functions of which are described in the following:
- Transient cookies are automatically deleted when you close the browser. These specifically includes session cookies. They save what is known as a session ID which allows various inquiries by your browser to be assigned to the common session. This makes it possible to recognize your computer when you return to our website. The session cookies are deleted when you log off or close the browser.
- Persistent cookies are automatically deleted upon expiry of a specified period of time that may vary between different cookies. You can delete the cookies in your browserʼs security settings at any time.
- You can configure your browserʼs settings as you wish and, for example, refuse to accept certain cookies or all of them. We point out that, as a consequence, you may not be able to use all functions of this website.
5. Who do we share your personal with?
Medi24 passes on your personal data and health data only if this is permitted under German and/or European data protection legislation, you have given your consent to doing so or this is necessary to fulfil your contractual and statutory duties. The service providers employed by Medi24 are granted access to your data to the extent and for the period of time necessary for providing the respective service.
Under certain circumstances, Medi24 will share your personal data with the following:
- Service providers (technical service providers, website hosting service providers, IT consultants, legal advisers, etc.) that provide support services on behalf of Medi24.
To the extent relevant on a case-by-case basis, we may share your data with the following:
- Courts, supervisory bodies or law firms to the extent this is legally permissible and necessary to comply with current law or to assert, exercise or defend legal entitlements.
- Authorities to the extent we are obliged to do so under a ruling by an authority or court.
- Law enforcement agencies for the purpose of prosecution or criminal proceedings to the extent we are obliged to do so.
Medi24 works together with service providers (processors), such as providers of IT maintenance services. Such service providers act only on the instructions of Medi24 and are contractually obliged to comply with the requirements of data protection legislation in force.
6. Is your data processed by entities outside of the EU or the European Economic Area or transmitted to such entities?
Medi24 AG processes your personal data and health data for the aforementioned purposes in Switzerland. Please note in this context that Switzerland is a “safe third country” as the European Commission has confirmed in an adequacy decision that the country has an adequate level of data protection in place that is comparable with EU law (GDPR).
To the extent that Medi24 transmits personal data to countries outside of EU or the European Economic Area (referred to as ‘third countries’), Medi24 takes measures to ensure suitable guarantees for the protection of personal data are in place (e.g., the use of EU standard contractual terms or binding corporate rules (‘BCR’)). The transmission to third countries is performed only for the aforementioned specific purposes or to the aforementioned recipients or categories of recipients.
For this reason, personal data is only transmitted to external recipients in third countries if they have entered into EU standard contractual terms agreements with Medi24 or other appropriate data protection guarantees according to the GDPR are in place that safeguard an appropriate data protection level at the recipients.
7. How long is your data stored?
We will store your personal data and health data only as long as necessary for the purposes stated in this Privacy Notice and specifically for the fulfilment of our contractual and statutory obligations. Afterwards, your data is deleted. Under certain circumstances, however, we will continue to store specific data if the law allows us to continue storing such data for specific purposes, e.g. for the duration of the statutory limitation period or the period in which (civil law) claims can be asserted against our company for the purpose of defending legal entitlements.
Furthermore, we store your data (also after completion of our services) to the extent we are obliged by law to do so. The corresponding duties to provide evidence and retention obligations arise from the Swiss Code of Obligations (OR) and from professional standards or specific regulations governing the healthcare sector (e.g. retention of medical documents). The processing of such data is, however, limited and the data will be deleted on expiry of the respective statutory retention periods in place or on expiry of statutory warranty or other contractual rights or duties.
To the extent we have stored your data also for the purpose of advertising or on the basis of a legitimate interest, we will delete such data as of the date on which you revoke your consent to receive advertising. This will not apply as long as such data are subject to a statutory retention period. In such a case, the data will, however, be blocked for advertising purposes.
8. What are your rights?
Under the relevant statutory provisions, you have the following statutory data protection rights with regard to the processing of your data:
- Right of access (Article 15 GDPR),
- Right to erasure (Article 17 GDPR),
- Right to rectification (Article 16 GDPR),
- Right to restriction of processing (Article 18 GDPR),
- Right to data portability (Article 20 GDPR),
- Right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR),
- Right to withdraw consent (Article 7 (3) GDPR) and
- The right to object to certain data processing measures (Article 21 GDPR).
You may, under certain circumstances object to the processing of your personal data (especially when we do not have to process the data to fulfil contractual or other legal requirements or when we use the data for direct marketing) pursuant to Article 21 GDPR. You can object to the processing of your data for the purposes of advertising, including direct marketing (also in the form of data analyses), at any time without stating reasons.
To the extent that we have requested your consent, you may revoke such consent at any time. Revocation does not have any effect on the admissibility of any processing of your data performed prior to your revocation.
Your rights may be restricted under the GDPR, for example if fulfilment of your inquiry would disclose the personal data of another person or if you request us to erase data that we are obliged by law to store or we have a legitimate interest is the storage of such data.
You may contact us using the contact details given above in order to exercise the aforementioned rights. In such a case, please provide us with your name, your address and/or your email address or other suitable information to allow us to clearly identify you.
If you have any concerns about the manner in which we handle your personal data, you have the right to complain to a data protection authority at your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).
9. Updates of the Privacy Notice
This Privacy Notice is updated on a regular basis, please refer to our website for the most recent version. Whenever necessary, we will proactively inform you of any special or substantial changes to this Privacy Notice.
Most recent update: Nov. 1, 2021