DATA PRIVACY POLICY

 

Medisanté Group AG Privacy Policy

                                 

This Privacy Notice (“Notice”) describes how Medisanté Group AG, 6006 Lucerne Switzerland, collectively “Medisanté”, "we", "us", and "ours") is committed to protecting your privacy. 

                                 

This policy describes how we processes personal data in our capacity as a processor (i.e. when we process data on behalf of a controller) and controller (i.e., when we determine the purposes and means of the processing of personal data). It also describes your choices and rights regarding use, access and correction of your personal data. It also describes your choices and rights regarding use, access and correction of your personal data when you use our website and Medisanté Hub cloud services.

   

                                                                                                                

Topics:                                  

 

1. What is GDPR?

2. What data do we collect?

3. How do we collect your data?

3. How will we use your data?

4. How do we store your data?

5. Marketing

6. What are your data protection rights?

7. What are cookies?

8. Our cookie policy

11. Privacy policies of other websites and cloud services

12. Changes to our privacy policy

13. How to contact us

14. How to contact the appropriate authority

1.   What is GDPR?

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.

The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide. GDPR has taken effect from 25th May 2018.

 

What is personal data?

Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.

2.   What data do we collect?

                               

On our website, we use a contact form which allows visitors to opt-in to our newsletter and send us comments and questions via the email address info@medisante-group.com.

 

To send an email from the contact form, your name and email address are required. Any additional information that you provide is optional.

 

If you opt-in to receiving our newsletter, your contact information will be added to our mailing list. Any comments or questions that you send will be handled accordingly.

                                      

In Medisanté Hub we collect, as a processor with a data processing agreement in place, the following data from Users:

 

- Personal identification information (Name, email address)

                               

3.   How do we collect your data?

You directly provide Medisanté with most of the data we collect. We collect data and process data when you:

 

- Use or view our website via your browser’s cookies.

- Register online for our newsletter

- Place an order for any of our products or services

 

- You are invited to register as a User, as part of a data processing agreement, in Medisanté Hub

                                  

3. How will we use your data?

Medisanté collects your data so that we can:

- Process your orders, manage your account.

- Email you with newsletter, information and updates on our services

- Medisanté will not share your data with other companies.

 

- When Medisanté processes your order, it may send your data to, and also use the resulting information from, credit      reference agencies to prevent fraudulent purchases.

                                         

4. How do we store your data?

We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

 

In Medisanté Hub a Users’ data (name and email) is stored encrypted (AES-256) at rest on a GDPR compliant AWS server based in Frankfurt, Germany.                                                          

                                                                                  

 

Medisanté securely stores your data at

 

Zoho One

 

CRM, Newsletter and Billing System.

 

Currently hosted in US Datacenter. In the process of migration to EU Datacenter Amsterdam. Privacy Statement here.

 

Microsoft 365

 

Mails and Central File System (Sharepoint): Hosted in EU Datacenter. Privacy Statement here.

 

                                    

5. Marketing

Medisanté would like to send you information about products and services of ours that we think you might like If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop Medisanté from contacting you for marketing purposes or giving your data to other members of the Medisanté Group. If you no longer wish to be contacted for marketing purposes,

 

Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages.                             

 

6. What are your data protection rights?

 

Medisanté would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

 

- The right to access, you have the right to request copies of your personal data from Medisanté. We may charge you a small fee for this service.

- The right to rectification

- You have the right to request that Medisanté correct any information you believe is inaccurate. You also have the right to request Medisanté to complete information you believe is incomplete.

 

- The right to erasure, you have the right to request that Medisanté erases your personal data, under certain conditions.

                                                

- The right to restrict processing, you have the right to request that Medisanté restricts the processing of your personal data, under certain conditions.

 

- The right to object to processing, you have the right to object to Medisanté’s processing of your personal data, under certain conditions.

 

- The right to data portability, you have the right to request that Medisanté transfers the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email the data protection officer dataprotection@medisante-group.com .                                     

 

7. What are cookies?

 

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org.

 

8. Our cookie policy

Medisanté uses two different kinds of cookies on its corporate website.

 

For the internal technical functioning of the website

 

_PHPSESSID

 

Functionality          to provide functions across pages.

Purpose                Functional

Retention period      session

 

For Google Analytics

 

_gid

Functionality          to count and track pageviews.

Purpose:               Statistics (anonymous)

Retention period      1 day

 

 

_ga

Functionality          to store anonymized statistics.

Purpose                Statistics (anonymous)

Retention period      1 year

 

 

_GAT

Functionality          Used to throttle request rate.

Purpose                Statistics (anonymous)

Retention period      1 minute

 

 

Disabling of cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the website properly.

 

11. Privacy policies of other websites and cloud services

The Medisanté website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

 

We use Google Analytics to provide us with data about the visitors to our site,                             

Google Data Privacy Policy

                                  

Our website is hosted by: Treestones, Funk Solutions GmbH, Pilatusstrasse 41,

CH-6003 Lucerne Treestones Data Privacy Policy                                                           

 

For the newsletter, we set up our mailing lists using Zoho Campaigns. This application helps us to provide you with a professional newsletter, Zoho Campaigns privacy Policy                                                           

 

For Customer Relationship Management, we use Zoho, Zoho privacy Policy:

                                                                

For Customer Support, we use the Freshdesk ticketing system of Freshworks, Freshworks Data Privacy Policy                                       

                                                                                    

In Medisanté Hub we use AWS Lambda, DynamoDB, SQS, SNS and route53 services, AWS Privacy Policy

 

In Medisanté’s OEM devices connected to Medisanté Hub, we use Vodafone IoT services VodaFone Privacy Policy

                                                                                                                             

12. Changes to our privacy policy

We may modify the Privacy Policy at any time, upon notifying you through a service announcement or by sending an email to your primary email address. If we make significant changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days' advance notice of the changes by email to your primary email address. If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the Privacy Policy will be deemed to be your agreement to the modified Privacy Policy. You will not receive email notification of minor changes to the Privacy Policy. If you are concerned about how your personal information is used, you should check back at https://www.medisante-group.com/privacy.html periodically.

 

 

13. How to contact us

 

If you have any questions about Medisanté’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

 

Email us at: info@medisante-group.com

 

14. How to contact the appropriate authority

We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to: dataprotection@medisante-group.com