Privacy Policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and services, including our augenpraxisodeon.ch website. In particular, we explain what personal data we process, for what purposes, how, and where. We also inform you about the rights of individuals whose personal data we process.

For specific or additional activities and services, separate privacy policies or other data protection information may apply.

Contact details

Responsibility for the processing of personal data

Dr. Rebecca Kästle
SEHfeld Augenpraxis AG
Limmatquai 2
8001 Zurich
info@augenpraxisodeon.ch

In individual cases, third parties may be responsible for the processing of personal data, or joint responsibility with third parties may exist.

Terms and Legal Bases

Definitions

Data subject: A natural person whose personal data we process.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: Personal data relating to trade union membership, political, religious or philosophical beliefs or activities; data concerning health, a person’s intimate sphere or racial or ethnic origin; genetic data; biometric data that uniquely identify a natural person; data relating to criminal convictions, administrative or criminal sanctions or proceedings; and data concerning social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures applied, such as collecting, recording, obtaining, consulting, reading, storing, retaining, archiving, organising, arranging, adapting, altering, matching, linking, disclosing, making available, transmitting, disseminating, erasing, deleting, destroying or otherwise using personal data.

Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Bundesgesetz über den Datenschutz (Datenschutzgesetz, DSG) and the Verordnung über den Datenschutz (Datenschutzverordnung, DSV).

Type, Scope and Purpose of the Processing of Personal Data

We process the personal data that are necessary in order to carry out our activities and operations on a sustainable, people-centered, secure and reliable basis. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of carrying out our activities and operations, insofar as such processing is legally permissible.

We process personal data to the extent necessary with the consent of the data subjects. In many cases, we may process personal data without consent, for example in order to fulfil legal obligations or to safeguard overriding interests. We may also request the consent of data subjects even where their consent is not required.

We process personal data for the period required for the respective purpose. In particular, we anonymise or delete personal data in accordance with statutory retention and limitation periods.

Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include, in particular, specialised service providers whose services we use.

We may, for example, disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit agencies and business information services, logistics and shipping companies, marketing and advertising agencies, media organisations, associations and organisations, social institutions, telecommunications companies and insurance companies.

Communication

We process personal data in order to communicate with individuals as well as with authorities, organisations and companies. In doing so, we process in particular the data that a data subject provides to us when making contact, for example by letter post or email. We may store such data in an address book or using comparable tools.
Third parties who transmit data to us about other persons are obliged to independently ensure the data protection of those data subjects. In particular, they must ensure that such data is accurate and that it may be lawfully transmitted.

Applications

We process personal data relating to applicants insofar as this is necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required result in particular from the information requested, for example in the context of a job advertisement. We may publish job advertisements with the assistance of suitable third parties, for example in electronic and printed media or on job portals and recruitment platforms.

We also process personal data that applicants voluntarily disclose or publish, in particular as part of cover letters, CVs and other application documents, as well as online profiles.

Data Security

We take appropriate technical and organisational measures to ensure a level of data security appropriate to the respective risk. With these measures, we aim in particular to ensure the confidentiality, availability, traceability and integrity of the personal data processed, without however being able to guarantee absolute data security.

Access to our website and our other online presence is provided using transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn users when visiting websites without transport encryption.

Our digital communication is subject – like all digital communication in principle – to indiscriminate mass surveillance without specific cause or suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, law enforcement agencies and other security authorities. We also cannot rule out that an individual data subject may be specifically monitored.

Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or transfer personal data to other countries, in particular for the purpose of processing such data there or having it processed there.

We may disclose personal data to all states and territories worldwide, provided that the applicable law in the respective country ensures an adequate level of data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data to countries whose laws do not ensure an adequate level of data protection, provided that appropriate data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other suitable safeguards. In exceptional cases, we may transfer personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example with the explicit consent of the data subjects or where there is a direct connection with the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards in place or to supply a copy of such safeguards.

Rights of Data Subjects

Data Protection Claims

We grant data subjects all rights in accordance with the applicable data protection law. In particular, data subjects have the following rights:

Right of access: Data subjects may request information as to whether we process personal data relating to them and, if so, which personal data is concerned. Data subjects also receive the information required to assert their data protection claims and to ensure transparency. This includes the personal data being processed as such, as well as, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
Rectification and restriction: Data subjects may request the correction of inaccurate personal data, the completion of incomplete data, and the restriction of the processing of their personal data.
Erasure and objection: Data subjects may request the deletion of personal data (“right to be forgotten”) and object to the processing of their personal data with effect for the future.
Data disclosure and data portability: Data subjects may request the disclosure of their personal data or the transfer of their data to another controller.

We may defer, restrict or refuse the exercise of data subjects’ rights to the extent permitted by law. We may inform data subjects of any requirements that must be met in order to exercise their data protection claims. For example, we may wholly or partially refuse to provide information by referring to trade secrets or the protection of other persons. We may also wholly or partially refuse the deletion of personal data by referring to statutory retention obligations.

We may, in exceptional cases, provide for costs to be charged for the exercise of rights. We will inform data subjects in advance of any such costs.

We are obliged to identify data subjects who request information or assert other rights by means of appropriate measures. Data subjects are required to cooperate.

Legal remedies

Data subjects have the right to enforce their data protection claims through legal proceedings or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Use of the Website

Cookies

We may use cookies. Cookies — both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) — are small data files stored in the browser. Such stored data are not limited to traditional text-based cookies.

Cookies may be stored in the browser temporarily as “session cookies” or for a specific period as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a defined storage duration. Cookies make it possible, in particular, to recognise a browser on a subsequent visit to our website and thereby, for example, measure the reach of our website. Persistent cookies may also be used, for example, for online marketing purposes.

Cookies can be disabled and deleted at any time, in whole or in part, via the browser settings. Without cookies, our website may no longer be fully available. We actively request explicit consent for the use of cookies, at least where and insofar as this is required.

For cookies used for performance and reach measurement or for advertising purposes, a general opt-out is available for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Logging

We may log at least the following information for each access to our website and our other online presence, provided that such information is transmitted to our digital infrastructure during these accesses: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including the amount of data transferred, and the website last visited in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is required in order to provide our online presence on a permanent, user-friendly and reliable basis. The information is also required to ensure data security, including by third parties or with the assistance of third parties.

Tracking pixels

We may integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those provided by third parties whose services we use – are typically small, invisible images or scripts written in JavaScript that are automatically retrieved when our online presence is accessed. Tracking pixels can be used to collect at least the same information as is recorded in log files.

Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and services. In connection with such platforms, personal data may also be processed outside Switzerland.

The respective general terms and conditions (GTC) and terms of use, as well as the privacy policies and other provisions of the individual platform operators, also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

Third-party services

We use services from specialised third parties to ensure that we can carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Such services allow us, among other things, to embed functions and content into our website. When such content is embedded, the services used necessarily collect, at least temporarily, the IP addresses of users for technical reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised form. This includes, for example, performance or usage data required to provide the respective services.

Digital infrastructure

We use services provided by specialised third parties in order to access the digital infrastructure required for our activities and operations. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

Cyon: Hosting; provider: cyon AG (Switzerland); data protection information: “Data protection”, Privacy policy.
ManageWP: Backups; provider: GoDaddy.com WP Europe; data protection information: Privacy policy. The backups are stored on a European server.

Social media features and social media content

We use third-party services and plugins to embed functions and content from social media platforms and to enable the sharing of content on social media platforms and via other channels.

In particular, we use:

LinkedIn Consumer Solutions Platform: Embedding of LinkedIn features and content, for example via plugins such as the “Share Plugin”; provider: Microsoft; LinkedIn-specific information: “Privacy”, Privacy Policy, Cookie Policy, Cookie management / opt-out of LinkedIn email and SMS communications, opt-out of interest-based advertising.

Maps and mapping services

We use services provided by third parties to embed maps into our website.

In particular, we use:

Mapbox: map service; providers: Mapbox Inc. (USA) / Mapbox International Inc. (USA); data protection information: Privacy Policies, Cookie Policy, “Security”.

Advertising

We make use of the option to display targeted advertising with third parties, such as social media platforms and search engines, for our activities and services.

With such advertising, we aim in particular to reach individuals who are already interested in our activities and services or who may be interested in them (remarketing and targeting). For this purpose, we may transmit relevant information – potentially including personal data – to third parties that enable such advertising. We may also determine whether our advertising is successful, meaning in particular whether it leads to visits to our website (conversion tracking).

Third parties with whom we place advertising and with whom you are registered as a user may, where applicable, associate the use of our website with your profile on their platform.

In particular, we use:

Google Ads: search engine advertising; provider: Google; Google Ads-specific information: advertising based, among other things, on search queries, whereby various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – are used for Google Ads, Advertising Privacy Policy, “Manage ads shown directly via Ads”.

LinkedIn Ads: social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting, in particular using the LinkedIn Insight Tag, “Privacy”, Privacy Policy, Cookie Policy, Opt-out of personalised advertising.

Performance and reach measurement

We aim to measure the success and reach of our activities and operations. In this context, we may also measure the effectiveness of third-party referrals or analyse how different parts or versions of our online offering are used (the “A/B testing” method). Based on the results of performance and reach measurement, we may in particular rectify errors, strengthen popular content, or implement improvements.

For the purpose of performance and reach measurement, the IP addresses of individual users are collected in most cases. In such cases, IP addresses are generally shortened (“IP masking”) in order to comply with the principle of data minimisation through appropriate pseudonymisation.

For performance and reach measurement, cookies may be used and user profiles may be created. Any user profiles that are created may include, for example, the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the — at least approximate — location. In principle, any user profiles are created exclusively in a pseudonymised form and are not used to identify individual users. Certain third-party services with which users are logged in may be able to associate the use of our online offering with the user account or user profile of the respective service.

In particular, we use:

Matomo: performance and reach measurement; provider: InnoCraft Ltd. (New Zealand, free
open-source software); data protection information: use on own digital infrastructure and with pseudonymised IP addresses, “List of all Matomo Features”.

Final provisions

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website.