Privacy Policy for MedicalDesktop (Nereida.swiss, Nereida.cloud, MedicalDesktop.ch)

 

Table of contents

 

1. WHAT IS THE PURPOSE OF THIS PRIVACY POLICY?

2. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

3. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

4. WHAT APPLIES IN THE CASE OF PROFILING AND AUTOMATED DECISIONS?

5. WHERE DOES THE DATA COME FROM?

6. WITH WHOM DO WE SHARE YOUR DATA?

7. IS YOUR PERSONAL DATA ALSO TRANSMITTED ABROAD?

8. HOW LONG DO WE PROCESS YOUR DATA?

9. WHAT RIGHTS DO YOU HAVE?

10. HOW DO WE PROCESS DATA IN CONNECTION WITH OUR WEBSITE AND OTHER DIGITAL SERVICES?

11. HOW DO WE PROCESS DATA ON OUR SOCIAL NETWORK PAGES?

12. WHAT ELSE NEEDS TO BE TAKEN INTO ACCOUNT?

13. CAN THIS PRIVACY POLICY BE CHANGED?

 

1. WHAT IS THE PURPOSE OF THIS PRIVACY POLICY?

 

MedicalDesktop AG, based in Olten (hereinafter also “we,” “us”), obtains and processes peronal data (hereinafter also “data,” in particular personal data of our customers, associated persons, contractual parties, visitors to our websites, users of Nereida, participants in our Events, recipients of newsletters and other bodies or their contact persons and employees (hereinafter also “you”). In this Privacy Policy we provide information about this data proessing. In addition, we can inform you separately about the processing of your data (e.g. in forms, contractual conditions or additional privacy policies).

 

If you provide us with information about other persons, we will assume that you are authorzed to do so, that the information is accurate, and that you have ensured that they are aware of this disclosure (e.g. by making them aware of this Privacy Policy in advance).

 

Please note that this Privacy Policy does not cover those cases in which our customers (e.g. the doctor’s office treating you) process your personal data in the hospital and practice softare solutions we operate. In these cases, we are the processor and our customer is the conroller under data protection law, with whom you must coordinate with regard to data protecion issues.

 

2. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

 

The following is responsible under data protection law for the processing described in this Privacy Policy:

 

MedicalDesktop AG Leberngasse 19 4600 Olten datenschutz@medicaldesktop.ch

 

3. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

 

If you use https://nereida.swiss, https://nereida.cloud and https://medicaldesktop.ch/ or our apps (hereinafter collectively referred to as “website”), obtain our services or products or otherwise deal with us, we process various categories of personal data about you. Specificaly, we process this data for the following purposes in particular:

 

  • Communication: In order to communicate with you and with third parties by email, telephone, letter, via the chat function on our website or otherwise (e.g. to answer inquiries, as part of advice on our products and contract processing), we process the content in particular the communication, your contact details, and the peripheral daa of the communication. This also includes image and audio recordings of (video) telephone calls. If we need or want to verify your identity, we will collect additional data (e.g. a copy of an ID card).
  • Initiation and conclusion of contracts: With a view to concluding a contract with you or your client or employer, we may process, in particular, your name, contact details, photos, powers of attorney, declarations of consent, information about third parties (e.g. contact persons), contract contents and conclusion date, creditworthiess data and all other data that you provide provide to us or that we collect from third parties (e.g. references).
  • Management and processing of contracts: We process personal data so that we can comply with our contractual obligations towards our customers and other conractual partners (e.g. suppliers, service providers, project partners) and, in particuar, to provide and demand the contractual services. This also includes data proessing for customer service, support, enforcing contracts (debt collection, legal proeedings, etc.), accounting and public communication. For this purpose, we process the data that we received or collected as part of the initiation and conclusion of the contract, such as data about contractual services and the provision of services, inormation about reactions (e.g. information about satisfaction) and financial and payment information.
  • Marketing purposes and relationship management: We also process your personal data for marketing purposes and to maintain relationships, for example to provide our customers, other contractual partners, and other interested parties with personalized advertising (e.g. in printed matter, by email or other electronic channels) about products, services and other news from us and from third parties (e.g. from product partners), in connection with free services (e.g. invitations, vouchers) or as part of individual marketing campaigns (e.g. events, competitions). For this purpose, we process in particular the names, email addresses, telephone numbers, or other contact details that we receive as part of the conclusion or processing of a contract or during any registration (e.g. for the newsletter). You can reject or revoke such contact at any time or give your consent to be contacted for advertising purposes by notifying us (no. 2).
  • Market research, improving our services and operations, and product develpment: In order to continually improve our products and services (including our website and other electronic offerings), we collect data about your behavior and preferences, for example by analyzing how you navigate through our website, how you interact with our social media profiles, or which products are used by which groups of people and in what way. If necessary, we may supplement this information with information from third parties (including from publicly available sources).
  • Website: In order to operate our website securely and stably, we collect technical data such as IP address, information about the operating system and settings of your device, the region, and the time of use. We also use cookies. For further information see no.10.
  • Registration: In order to use certain offers and services (e.g. the Nereida login area or our newsletter), you must register (directly with us or via our external login serice providers). For this purpose, we process the data provided during the respective registration. We may also collect personal data about you while using the offer or service; If necessary, we will provide you with further information about the proessing of this data.
  • Security purposes and access controls: We process personal data to ensure and continually improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, the monitoring and control of electronic access to our IT systems as well as physical access to our premises, analyzes and tests of our IT infrastructures, system and error checks, and the creation of backup copies.
  • Compliance with laws, instructions and recommendations from authorities and internal regulations (“Compliance”): We may process personal data in the context of compliance with domestic and foreign laws (e.g. to combat money launering or tax obligations), self-regulation, certifications, industry standards, our cororate governance or other personal data. . In addition, data processing can occur in both internal and external investigations (e.g. by a law enforcement or supervisory authority or a commissioned private body).
  • Risk management and corporate governance: We may process personal data as part of risk management (e.g. to protect against criminal activities) and corporate management, including our business organization (e.g. resource planning) and cororate development (e.g. purchase and sale of parts of the business or companies).
  • Job application: If you apply for a position with us, we process the relevant data for the purpose of examining the application, carrying out the application process and, if the application is successful, preparing and concluding a corresponding conract. For this purpose, in addition to your contact details and the information from the corresponding communication, we also process the data contained in your appliation documents and the data we can obtain about you, for example from work related social networks, the Internet, the media, and from references, if you agree that we may obtain references.
  • Other purposes: Other purposes include, for example, training and education purposes, administrative purposes (e.g. accounting), or the implementation of events. We may listen to or record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will inform you separately (e.g. through a display during the relevant video conference), and you are free to inform us if you do not want a recording or want to end the communication (if you simply do not want your image to be recorded, please turn off your camera). We can also process personal data for the organization, implementation, and follow-up of events, such as in particular lists of participants, content of presentations and discussions, but also image and audio recordings that are created during these events. The protection of other legitimate interests is also one of the other purposes that cannot be named exhaustively.

 

4. WHAT APPLIES IN THE CASE OF PROFILING AND AUTOMATED DECISIONS?

 

We may use your data to automatically evaluate certain of your personal characteristics for the purposes set out in no. 3 (“profiling”), if we want to determine preference data, but also to determine risks of misuse and security risks, to carry out statistical evaluations, or for operational planning purposes. We can also create profiles for the same purposes.

 

In certain situations, for reasons of efficiency and consistency of decision-making processes, it may be necessary for us to automate discretionary decisions affecting you that have legal effects or potentially significant disadvantages (“automated individual decisions”). In this case we will inform you accordingly.

 

5. WHERE DOES THE DATA COME FROM?

 

From you: You provide us with much of the data we process (e.g. in connection with your registration, use of our services or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if, for example, you want to conclude contracts with us or use our services, you must provide us with certain data.

 

From third parties: We may also collect data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) or from authorities, your employer or clients who have a business relationship with us or have other dealings with us, as well as data received from other third parties (e.g. credit reporting agencies, address dealers, associaions, contractual partners, internet analysis services, https://www.fmhservices.ch/home). This includes in particular the data that we proess in the context of initiating, concluding and processing contracts as well as data from correspondence and meetings with third parties, but also all other data categoies in accordance with no.3.

 

 

 

6. WITH WHOM DO WE SHARE YOUR DATA?

 

In connection with the purposes listed in no. 3, we may transfer your personal data to the following categories of recipients in particular:

 

Service providers: We work with service providers at home and abroad who (i) process daa on our behalf (e.g. IT providers), (ii) under joint responsibility with us or (iii) under their own responsibility, which they receive from us or was collected by us (e.g. IT providers, banks, insurance companies, debt collection companies, credit reporting agencies, address checkers, consulting firms or lawyers). For our cloud practice software Nereida (www.nereida.cloud) we use the cloud offering of the Swiss provider Flow Swiss AG, whose privacy policy is available at the following link: https://flow.swiss/privacy-policy.

 

Only at www.nereida.swiss and www.Medicaldesktop.ch

 

We use MailChimp to send our newsletter (the provider’s privacy policy can be found at: https://www.intuit.com/privacy/statement/). If you subscribe to our newsletter, your email address will be transmitted to the operator of MailChimp, Rocket Science Group LLC in the USA (a group company of Intuit Inc. in the USA) and your click and opening behavior can be evaluated on a personal basis and for statistical purposes. For the chat function on our webite, through which you can communicate with us, we use the service provider HubSpot, which processes your entries in the chat window on our behalf. HubSpot also evaluates how you use our chat function for its own purposes as the data controller (HubSpot Ireland Limted is the responsible data controller; further information can be found in HubSpot’s privacy policy at: https://legal.hubspot.com/de/privacy-policy).

 

  • Customers and other contractual partners: This primarily refers to customers and other contractual partners of ours where the transfer of your data results from the contract (e.g. because you work for a contractual partner or they provide serices for you). These recipients also include contractual partners with whom we coperate. The recipients generally process the data under their own responsibility.
  • Authorities: We can pass on personal data to authorities, courts and other authoriies at home and abroad if we are legally obliged or authorized to do so or if this apears necessary to protect our interests. These recipients process the data under their own responsibility.
  • Other persons: This refers to other cases in which the involvement of third parties arises for the purposes set out in no.3. This applies, for example, to payment recipints specified by you, third parties in the context of representation relationships (e.g. your lawyer or your bank), or persons involved in official or court proceedings. If we work with media and provide them with material (e.g. photos), you may also be affected. As part of our corporate development, we may sell or acquire businesss, parts of businesses, assets or companies or enter into partnerships, which may also result in the disclosure of data (including from you, e.g. as a customer or suplier or as their representative) to the persons involved in these transactions. As part of communication with our competitors, industry organizations, associations and othr committees, data that concerns you may also be exchanged.

 

All of these categories of recipients may in turn involve third parties so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).

 

7. IS YOUR PERSONAL DATA ALSO TRANSMITTED ABROAD?

 

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world in exceptional cases – for example via subrocessors of our service providers.

 

If a recipient is located in a country without adequate data protection, we contractually oblige the recipient to comply with an adequate level of data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj? ) unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests if the execution of a contract that is in your interest requires such disclosure (e.g. if we disclose data to our correspondent law firms), if you have consented, or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have made generally accessible and the processing of which you have not objected to.

 

8. HOW LONG DO WE PROCESS YOUR DATA?

 

We process your data for as long as our processing purposes, the legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require it or storage is required for technical reasons (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our usual processes.

 

9. WHAT RIGHTS DO YOU HAVE?

 

You have certain rights in connection with our data processing. In accordance with applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to other data controllers or revoke your consent if our processing is based on your consent.

 

If you want to exercise your rights against us, please contact us, you can find our contact details in no. 2. So that we can rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary).

 

Please note that these rights are subject to conditions, exceptions or restrictions (e.g. to proect third parties or trade secrets). We reserve the right to black out copies or only provide extracts for data protection reasons or reasons of confidentiality.

 

10. HOW DO WE PROCESS DATA IN CONNECTION WITH OUR WEBSITE AND OTHER DIGITAL SERVICES?

 

When you use our website (including the newsletter and other digital offers), data is generated that is stored in protocols (particularly technical data). We may also use cookies and similar techniques (e.g. pixel tags or fingerprints) to recognize website visitors, record their behavior, and recognize preferences. A cookie is a small file that is transmitted between the server and your system and allows a specific device or browser to be recognized.

 

You can set your browser to automatically reject, accept, or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

 

Both the technical data and cookies we collect generally do not contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your peron.

 

We also use social media plug-ins (only at www.medicaldesktop.ch), which are small software modules that establish a connection between your visit to our website and a third-party proider. The social media plug-in tells the third party that you have visited our website and may transmit to the third party cookies that the third party has previously placed on your web browser. For more information about how these third parties use your personal information collected through their social media plug-ins, please see their respective privacy notices.

 

We also use our own tools and third-party services (which may use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps) and to create statistics.

 

We currently use offers from the following service providers and advertising contract partners: (only at www.nereida.swiss and www.medicaldesktop.ch)

 

  • Matomo Provider: InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, Neuseeland Data protection information: https://matomo.org/matomo-cloud-privacy-policy/
  • Amazon S3 Webservices
  • https://www.cloudflare.com/de-de/ (only at nereida.cloud) Some of the third-party providers we use are located outside of Switzerland. Information on data disclosure abroad can be found under no. 7.

 

11. HOW DO WE PROCESS DATA ON OUR SOCIAL NETWORK PAGES?

 

We may operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platorms (e.g. statistics). The platform providers may analyze your use and process this data together with other data they have about you. They also process this data for their own puroses (e.g. marketing and market research purposes and to manage their platforms), and for this purpose they act as their own controllers. For further information on processing by the platform operators, please refer to the data protection information of the respective platorms.

 

We currently use the following platforms:

 

  • LinkedIn: https://www.linkedin.com/company/medical-desktop
  • Data protection information: www.linkedin.com/legal/privacy-policy

 

We are entitled, but not obliged, to check content before or after it is published on our online presence, to delete content without notice and, if necessary, to report it to the provider of the platform in question.

 

12. WHAT ELSE NEEDS TO BE TAKEN INTO ACCOUNT?

 

Depending on the applicable law, data processing is only permitted if the applicable law speifically allows it. This does not apply under the Swiss Data Protection Act, but, for example, under the European General Data Protection Regulation (GDPR), insofar as this applies. This can only be assessed on a case-by-case basis. In this case, we base the processing of your personal data on the fact that

 

  • it is necessary for the initiation and conclusion of contracts and their administration and enforcement (no.3),
  • it is necessary for our legitimate interests or those of third parties, e.g. for communication with you or third parties, to operate our website, to improve our electronic offers and register for certain offers and services, for security purposes, to comply with Swiss law and internal regulations (if we have not obtained consent for this), for our risk management and corporate governance (no. 3) and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation, and follow-up of events and other legitimate interests (no. 3),
  • it is legally required or permitted under the law of the EEA or a member state,
  • it is necessary to protect your vital interests or those of other natural persons,
  • it is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in us,
  • you have consented to the processing separately , for example via a corresponding query on our website.

 

You will find the relevant provisions in Art. 6 and 9 of the GDPR.

 

13. CAN THIS PRIVACY POLICY BE CHANGED?

 

This Privacy Policy does not form part of a contract with you. We can adapt this Privacy Policy at any time. The version published on this website is the current version.