DATA PRIVACY POLICY
Medisanté Group AG Privacy Policy
This Privacy Notice (“Notice”) describes how Medisanté Group AG, 6006 Lucerne Switzerland, collectively “Medisanté”, "we", "us", and "ours") is committed to protecting your privacy.
This policy describes how we processes personal data in our capacity as a processor (i.e. when we process data on behalf of a controller) and controller (i.e., when we determine the purposes and means of the processing of personal data). It also describes your choices and rights regarding use, access and correction of your personal data. It also describes your choices and rights regarding use, access and correction of your personal data when you use our website and Medisanté Hub cloud services.
Topics:
1. What is GDPR?
​
2. What data do we collect?
​
3. How do we collect your data?
​
3. How will we use your data?
​
4. How do we store your data?
​
5. Marketing
​
6. What are your data protection rights?
​
7. What are cookies?
​
8. Our cookie policy
​
11. Privacy policies of other websites and cloud services
​
12. Changes to our privacy policy
​
13. How to contact us
​
14. How to contact the appropriate authority
​
​
​
1. What is GDPR?
​
GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.
​
The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide. GDPR has taken effect from 25th May 2018.
What is personal data?
Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.
​
​
​
2. What data do we collect?
On our website, we use a contact form which allows visitors to opt-in to our newsletter and send us comments and questions via the email address info@medisante-group.com.
To send an email from the contact form, your name and email address are required. Any additional information that you provide is optional.
If you opt-in to receiving our newsletter, your contact information will be added to our mailing list. Any comments or questions that you send will be handled accordingly.
In Medisanté Hub we collect, as a processor with a data processing agreement in place, the following data from Users:
- Personal identification information (Name, email address)
​
​
3. How do we collect your data?
​
You directly provide Medisanté with most of the data we collect. We collect data and process data when you:
- Use or view our website via your browser’s cookies.
- Register online for our newsletter, downloads or to schedule a meeting
- Place an order for any of our products or services
-Our LinkedIn Insight Tag collects data about members' visits to Medisanté website, such as URL, referrer, IP address, device and browser characteristics (user agent) and timestamp.
- You are invited to register as a User, as part of a data processing agreement, in Medisanté Hub
​
​
3. How will we use your data?
​
Medisanté collects your data so that we can:
​
- Process your orders, manage your account.
- Email you with newsletter, information and updates on our services
- Medisanté will not share your data with other companies.
- When Medisanté processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
​
​
4. How do we store your data?
​
We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.
In Medisanté Hub a Users’ data (name and email) is stored encrypted (AES-256) at rest on a GDPR compliant AWS server based in Frankfurt, Germany.
Medisanté securely stores your data at
Zoho One
CRM, Newsletter and Billing System.
Currently hosted in US Datacenter. In the process of migration to EU Datacenter Amsterdam. Privacy Statement here.
Microsoft 365
Mails and Central File System (Sharepoint): Hosted in EU Datacenter. Privacy Statement here.
​
5. Marketing
​
Medisanté would like to send you information about products and services of ours that we think you might like If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop Medisanté from contacting you for marketing purposes or giving your data to other members of the Medisanté Group. If you no longer wish to be contacted for marketing purposes,
Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages.
​
​
6. What are your data protection rights?
Medisanté would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access, you have the right to request copies of your personal data from Medisanté. We may charge you a small fee for this service.
- The right to rectification
- You have the right to request that Medisanté correct any information you believe is inaccurate. You also have the right to request Medisanté to complete information you believe is incomplete.
- The right to erasure, you have the right to request that Medisanté erases your personal data, under certain conditions.
- The right to restrict processing, you have the right to request that Medisanté restricts the processing of your personal data, under certain conditions.
- The right to object to processing, you have the right to object to Medisanté’s processing of your personal data, under certain conditions.
- The right to data portability, you have the right to request that Medisanté transfers the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email the data protection officer dataprotection@medisante-group.com .
​
​
7. What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org.
​
​
8. Our cookie policy
​
Medisanté uses two different kinds of cookies on its corporate website.
​
For the internal technical functioning of the website
_PHPSESSID
Functionality to provide functions across pages.
Purpose Functional
Retention period session
For Google Analytics
_gid
Functionality to count and track pageviews.
Purpose: Statistics (anonymous)
Retention period 1 day
_ga
Functionality to store anonymized statistics.
Purpose Statistics (anonymous)
Retention period 1 year
_GAT
Functionality Used to throttle request rate.
Purpose Statistics (anonymous)
Retention period 1 minute
Disabling of cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the website properly.
​
​
11. Privacy policies of other websites and cloud services
​
The Medisanté website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
We use Google Analytics to provide us with data about the visitors to our site,
Our website is hosted by: Treestones, Funk Solutions GmbH, Pilatusstrasse 41,
CH-6003 Lucerne Treestones Data Privacy Policy
For the newsletter, we set up our mailing lists using Zoho Campaigns. This application helps us to provide you with a professional newsletter, Zoho Campaigns privacy Policy
For Customer Relationship Management, we use Zoho, Zoho privacy Policy:
For Customer Support, we use the Freshdesk ticketing system of Freshworks, Freshworks Data Privacy Policy
In Medisanté Hub we use AWS Lambda, DynamoDB, SQS, SNS and route53 services, AWS Privacy Policy
In Medisanté’s OEM devices connected to Medisanté Hub, we use Vodafone IoT services VodaFone Privacy Policy
​
​
12. Changes to our privacy policy
​
We may modify the Privacy Policy at any time, upon notifying you through a service announcement or by sending an email to your primary email address. If we make significant changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days' advance notice of the changes by email to your primary email address. If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the Privacy Policy will be deemed to be your agreement to the modified Privacy Policy. You will not receive email notification of minor changes to the Privacy Policy. If you are concerned about how your personal information is used, you should check back at https://www.medisante-group.com/privacy.html periodically.
​
13. How to contact us
If you have any questions about Medisanté’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: info@medisante-group.com
​
​
14. How to contact the appropriate authority
​
We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to: dataprotection@medisante-group.com