Data Protection Statement
M.A. Med Alliance SA (“Controller” or “MedAlliance” or “we” or “us”) as the operator of the website www.medalliance.com (“our Website”) is happy that you visit our Website. Below, we will inform you about processing of personal data when you use our Website.
Our data protection statement uses terms defined in the EU General Data Protection Regulation (“GDPR”). In order to keep the data protection statement legible and comprehensible, we have explained these terms below:
(1) Personal data
According to the GDPR, personal data are any information relating to an identified or identifiable natural person. This means information such as your name, birth date, address, email address, IP address or phone number, as well as your user behaviour. By contrast, information that cannot be directly connected to your actual identity – such as websites generally preferred by all users or the number of users of a page – are not considered personal data.
(2) Data subject
Data subjects are all identified or identifiable natural persons whose personal data are processed by the Controller responsible for processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(4) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
(5) Controller or Controller responsible for processing
The Controller or Controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
(8) Third parties
Third parties are a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication by the data subject of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Controller for processing
(1) The Controller [Article 4(7) GDPR]
M.A. Med Alliance SA
Rue de Rive 5 - 1260 Nyon – Switzerland
phone: +41 (0) 22 363 7890
fax: +41 (0) 22 363 7899
III. Principles relating to processing of personal data
(1) Scope of processing of personal data
We generally only collect and use personal data of our users if this is required to provide a functional website or our contents and services. Collection and use of your personal data usually takes place only with your consent. However, an exception shall apply in such cases where collection of advance consent is not possible for factual reasons and where processing of the data is nevertheless permitted by the law.
(2) Legal basis relating to processing of personal data
The data transmitted by or collected from you are only collected, used, processed, stored and – if required by law or contractually required – passed on to third parties only within the context of the applicable data protection laws (GDPR, Federal Data Protection Act).
Article 6 GDPR leads to various legal bases for processing of your personal data that are referred to from case to case in this data protection statement:
1. Article 6(1)(a) GDPR is the legal basis for processing operations of personal data with consent of the data subject.
2. Article 6(1)(b) GDPR is the legal basis for processing of personal data that is necessary for the performance of a contract to which the data subject is party. This legal basis shall also refer to such processing operations that are necessary in order to take steps prior to entering into a contract.
3. If we need to process personal data for compliance with a legal obligation of our company, the legal basis for this shall be Article 6(1)(c) GDPR.
4. Article 6(1)(d) GDPR serves as the legal basis if vital interests of the data subject or any other natural person require processing of his or her personal data.
5. If processing of personal data is necessary for the purposes of a legitimate interest pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override this first interest of our company or a third party, this processing shall take place on the legal basis of Article 6(1)(f) GDPR.
(3) Data erasure and storage period
As soon as the purpose of storage of the respective personal data of the data subject no longer applies, they shall be deleted or blocked. However, storage may take place beyond this point of time if this was stipulated in European or national regulations, laws or other rules that we as Controller responsible for processing are subject to. Blocking or erasure of the data shall also take place if a storage period required by the standards named expires, except if further storage of such data is required for entering into a contract or performance of a contract.
IV. General processing activities in connection with the provision of our Website and compilation of log files
The scope and nature of collection and use of your data will differ depending on whether you only visit our Website in order to call up information or whether you use our offers – such as contact form or email contact:
(1) Visiting our Website
Purely informational use of our Website generally does not require you to provide us with any personal data. Instead, we collect, use and store information that is transmitted to us by the respective browser used by you during your visit of our Website automatically in the server log files.
(2) Collected data – not necessarily personal data
The following data will be collected in the course of this:
1. Content of the request (specific page)
2. Date and time of the access
3. The respective data volume transferred
4. Websites from which your system reaches our Website
5. Information on your browser
6. The operating system used by you
7. Your internet protocol address
We cannot assign the above data to specific persons. We will not combine these data with any other data sources, i.e. these data will not be stored together with other personal data such as your name, address, phone number or email address.
(3) Legal basis
The legal basis for this temporary storage of data and log files is Article 6(1)(f) GDPR, since our legitimate interests as presented below in this storage override your interests, fundamental rights and freedoms: The internet protocol address is considered personal data. The temporary storage of the internet protocol address by the system is necessary in order to permit transfer of our Website to your browser. For this purpose, the internet protocol address must remain stored for the duration of the session. Storage in log files shall take place in order to ensure the function of our Website. We also use the data for optimisation of our Website and to ensure the safety of our information-technical systems. The data are not evaluated for marketing purposes in this context.
(4) Storage period
The data are erased as soon as they are no longer required to achieve the purpose of their collection. If data are recorded for provision of our Website, this is the case when the respective session is ended.
(5) Right to object and removal option
Recording of the data for provision of our Website and storage of the data in log files is mandatory for operation of the website. Accordingly, you cannot object to this.
V. Web form and email contact
Our Website contains information in order to permit quick contact/communication.
(1) Description and scope of the processing
If you contact us by email or via contact form, the personal data transmitted by you (name, email address, any further voluntary information such as phone number, firm) will be stored automatically. At the time of dispatch of the message, your internet protocol address and the date and time will be stored as well.
These data will not be passed on to any third party. The data will solely be used for our communication.
Alternatively you can contact us via our email addresses. In this case your personal data transmitted to us in this email will be stored for the purpose of processing your concern or for contacting you. Please note that unencrypted emails sent via internet are not protected against unauthorized access by third parties while they are transmitted to us.
(2) Legal basis for the processing
The legal basis for processing of the data if and to the extent that you have given your consent is Article 6(1)(a) GDPR.
The legal basis for processing of the data transmitted in the scope of transmission of an email is also Article 6(1)(f) GDPR. If the email contact is targeted at entering into a contract, Article 6(1)(b) GDPR shall be an additional legal basis for processing.
(3) Purpose of data processing
Processing of the personal data from an email sent to us serves solely to process your contact. This is also where the legitimate interest of processing of the data lies if these are processed based on Article 6(1)(f) GDPR. Any other processing of the personal data during the dispatch of your message serves our interest to prevent misuse of our contact form and to ensure the safety of our information-technical system.
(4) Storage period
The personal data are erased as soon as the deletion is requested by you or as soon as you withdraw your consent or as soon as they are not longer required to achieve the purpose of their collection. This is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances show that the corresponding matter has been finally completed.
The additional data stored during dispatch of your message will be erased after a period of seven (7) days at the latest.
(5) Right to object and removal option
You have the option at any time to withdraw your consent to processing of the personal data. If you contact us by email or by our contact form, you may object to storage of your personal data at any time. In this case, however, the conversation cannot be continued. All personal data that were stored in the scope of contact by email or by contact form will be erased within a period of seven (7) days after receipt of the objection by us.
Exempt hereof is the deletion of personal data that is retained due to legal obligations, especially during a relevant safekeeping period.
(1) Scope of processing of personal data
We use “Google Analytics”, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files that are stored on your computer and that permit analysis of your use of the website.
The information produced by the cookie regarding your use of our Website (including your IP address) is usually transferred to a server of Google in the USA and stored there. However, we have activated IP anonymisation. Note that Google Analytics has been expanded by the code “gat._anonymizeIp();” on the website, in order to ensure anonymised recording of IP addresses (IP masking). On this website, your IP address will be abbreviated first by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptions will your full IP address be transferred to a server of Google in the USA and abbreviated there. On behalf of us, Google will use this information to evaluate your use of our Website, in order to compile reports on the website activities and to render further services connected to website use and internet use for us.
The IP address submitted by your browser in the scope of Google Analytics will not be combined with any other data of Google. Google will also transfer this information to third parties if this is required by law or to the extent that third parties process these data on behalf of Google.
(2) Legal basis relating to processing of personal data
The legal basis for processing of the personal data of the users is Article 6(1)(f) GDPR.
(3) Purpose of data processing
Processing of the personal data of the users enables us to analyse the surfing behaviour of our users. Evaluation of the data acquired enables us to compile information on use of the individual components of our Website. This helps us to continually improve our Website and its user friendliness. These purposes also reflect our legitimate interest in processing the data in accordance with Article 6(1)(f) GDPR. Anonymisation of the internet protocol address appropriately considers the interest of the users in protection of their personal data.
(4) Storage period
The data will be erased as soon as they are no longer needed for our recording purposes.
(5) Right to object and removal option
You may erase cookies once set again at any time on your own by calling up the corresponding menu item in your web browser or deleting the cookies from your hard disc. For details on this, see the help menu of your web browser.
You may also prevent saving of the cookies by making the corresponding settings in your browser software; however, note that you may be unable to fully use all functions of our Website in such a case. Moreover, you can prevent the cookie from recording data it generates and which pertains to your use of the website (including the IP address) at Google as well as the processing of this data by Google, by downloading and installing the available browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more details on this, see http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).
VII. Your rights as data subject
If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights towards us as the Controller:
(1) Right of access
You may obtain from us confirmation as to whether or not personal data concerning you are being processed by us.
In case of such processing, you may demand that we further provide access to the following information:
1. the purposes for which the personal data are processed;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data concerning you have been disclosed or will be disclosed;
4. the envisaged period for which the personal data concerning you will be stored or, if specific information on this cannot be provided, the criteria used to determine that period;
5. the existence of a right to request from the Controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning you or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. all available information as to the source of the data, where the personal data are not collected from you as the data subject.
You have the right to be informed on whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may demand to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
(2) Right to rectification
You have a right to rectification and/or completion towards us as the Controller, provided that the personal data processed by us concerning you are inaccurate or incomplete. We must perform the rectification without undue delay.
(3) Right to restriction of processing
You have the right to obtain restriction of processing of the personal data concerning you where one of the following conditions applies:
(a) if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(d) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds asserted by us override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction of processing is lifted.
(4) Right to erasure
(a) Erasure obligation
We have the obligation to erase the personal data concerning you without undue delay if one of the following grounds applies:
1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data concerning you have been unlawfully processed.
5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
(b) Information to third parties
Where we have made the personal data concerning you public and if we are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing your personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not exist if processing is necessary
1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. for the establishment, exercise or defence of legal claims.
(5) Right to provision of information
If you have asserted a right to rectification, erasure or restriction of processing towards us, we are obligated to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to provision of information about such recipients by us.
(6) Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition to this, you have the right to transmit those data to another controller without hindrance from us as the Controller to which the personal data have been provided, where
1. processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
2. the processing is carried out by automated means.
In exercising this right, you further have the right to have the personal data concerning you transmitted directly from us as one Controller to another controller, where technically feasible. Freedoms and rights of others must not be adversely affected by this.
That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Controller.
(7) Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
We shall no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the option to exercise your right to object in the context of the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.
If you want to exercise your right to object, simply send an email to: firstname.lastname@example.org.
(8) Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you want to exercise your withdrawal right, simply send an email to email@example.com.
(9) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which your complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Please direct any requests in connection with rights of data subjects to: firstname.lastname@example.org.
Please note that we may demand that you prove that you are actually the person to the personal data of which access is demanded if requests for access are not made in writing, in order to protect the persons concerning whom data are stored.
Please also consider that we cannot store or derive any personal data concerning visitors to our Website if you have not transmitted your personal data freely before, e.g. via contact form.
XI. Reservation of changes
We reserve the right to adjust this data protection statement in order to adjust it to the respective applicable provisions at all times, as well as our offers on the website.