Our offer is subject to Swiss data protection law as well as any other applicable foreign data protection law, in particular of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that adequate data protection is guaranteed by Swiss data protection law.
Responsibility for personal data processing:
We point out if other controllers exist for personal data processing in a given case. We engaged the Swiss Arpage AG based in Küsnacht ZH to operate the myvaccinations.ch online platform.
We have the following data protection officer as point of contact for data subjects and as contact person for supervisory authorities for enquiries under data protection law:
We have the following data protection representation under Art. 27 GDPR in the European Economic Area (EEA) including European Union (EU) and Principality of Liechtenstein, Iceland and Norway as additional point of contact for supervisory authorities and data subjects for enquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
Personal data means any information relating to an identified or identifiable natural person. Data subject means a person whose personal data is processed. Processing comprises any handling of personal data, irrespective of the means and procedures applied, in particular the storage, disclosure, procurement, collection, erasure, retention, modification, destruction and use of personal data.
The European Economic Area (EEA) comprises the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. In the General Data Protection Regulation (GDPR), the handling of personal details is referred to as personal data processing.
Where and to the extent that the European General Data Protection Regulation (GDPR) is applicable, we process personal data under at least one of the following legal bases:
We process any personal data that is required in order to provide our offer in a permanent, user-friendly, secure and admissible manner. Such personal data may fall, in particular, into the categories of contact data, health data, contract data and access data.
We process personal data only after the data subject has given his or her consent, unless processing is exceptionally required or admissible for other legal reasons, for example for the performance of a contract with the data subject and in order to take relevant steps prior to entering into a contract.
In this context, we process, in particular, details a data subject transfers voluntarily and personally to us when establishing contact, for example by letter mail, e-mail, contact form, phone, or when registering for a user account or has transferred by entitled third parties, such as a physician, to us. We may retain such details, for example, in an electronic address book or with comparable aids. We may send notifications and communications in connection with our offer by e-mail, SMS and other communication channels.
We process personal data for any duration required for the respective purpose(s) or by law. Personal data which no longer needs to be processed will be anonymised or erased. Persons whose data we process have a right to erasure. The data of a deactivated dossier will be erased after 12 months by default, but may also be erased immediately at the data subject’s request.
We may have personal data processed by engaged third parties or process personal data jointly with as well as with the help of third parties or transfer personal data to third parties. Such third parties are, in particular, providers whose services we use. We guarantee a suitable level of data protection for such third parties as well. The personal data is exclusively retained in Switzerland.
Data subjects, whose personal data we process, may request a confirmation free of charge as to whether we process their personal data and, if yes, access to information concerning the processing of their personal data, may have the processing of their personal data restricted, may exercise their right to data portability and may have their personal data rectified, erased (“right to be forgotten”), blocked or completed.
Data subjects, whose personal data we process, may revoke a consent given at any time with effect for the future and may object to the processing of their personal data at any time.
Data subjects, whose personal data we process, have the right to lodge a complaint with a competent supervisory authority. Supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
We take reasonable and adequate technical and organisational measures to guarantee data protection and, in particular, data security. We develop and maintain our software in line with ISO 62304 for medical devices software life cycle processes. Our information security management system is governed by ISO 27001.
Health data is processed exclusively by or under the control of trained and informed professionals. We ensure data security, in particular, by the continuous monitoring and improvement of data processing processes and systems. To that end, we also cooperate with specialised companies, including, in particular, Netchange Informatik GmbH and Health Info Net AG (HIN) each based in Switzerland.
Our online offer can be accessed by transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption by a padlock in the address bar.
We may capture the following details for each access to our website, where these are transferred by the browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, opened individual subpage of our website including transferred data volume, last website opened in the same browser window (referer or referrer).
We retain such details, which may also be personal data, in server log files. The details are required to provide our online offer on a permanent, user-friendly and reliable basis as well as to ensure data security and thus, in particular, the protection of personal data.