Privacy policy

1. What is this Privacy Policy about?

Medico Therapie processes personal data relating to you or other individuals in various ways and for different purposes. "Personal data" refers to any information that can be associated with a specific person, and "processing" means any handling of such data, such as collection, use, and disclosure.

This Privacy Policy explains how we process such data (hereinafter "personal data" or "data") when:

• You visit our website medico-therapie.ch,

• You use our services or purchase our products,

• You interact with us in the context of a contract,

• You contact us via email, letter, social media, SMS, or our contact form,

• You engage with us in connection with any other data processing activities related to our offerings.

For easier readability, we do not use gender-specific wording in this Privacy Policy, but it applies to persons of all genders.

Please take the time to read this Privacy Policy to understand how and why Medico Therapie processes your personal data, how we protect your personal data, and what rights you have in this regard. If you have any questions or require further information about our data processing, please do not hesitate to contact us (see Section 2).

We have aligned this Privacy Policy with both the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). When this Privacy Policy refers to "personal data," it also includes "personal information" as defined by the GDPR. However, whether and to what extent the GDPR applies depends on the individual case.

2. Who is responsible for processing your data?

The following company is responsible for the data processing described in this Privacy Policy (hereinafter referred to as the "Controller"), unless otherwise specified in individual cases:

Medico Therapie Kirchenstrasse 13 6300 Zug 041 543 70 21

If you have any questions regarding data protection, please contact us at the following address to ensure a prompt response to your inquiry: info@medico-therapie.ch

3. What personal data do we process?

We process various categories of personal data depending on the occasion and purpose. The most important categories are listed below, although this list is not exhaustive.

Much of the data mentioned in this section is provided directly by you (e.g., via the contact form, during communication with us, in connection with contracts, or through website use). You are generally not obliged to provide us with personal data, except in specific cases. If you wish to enter into contracts or use our services, you must provide us with data as part of your contractual obligations.

If you provide us with data about other individuals (e.g., colleagues), we assume you are authorized to do so and that the data is accurate. By transmitting data about third parties, you confirm these facts. Please also ensure that the individuals concerned are informed about this Privacy Policy (e.g., by directing them to this Privacy Policy).

3.1. Basic Data

We define basic data as the core information we need to manage our business relationships or for marketing and advertising purposes. Basic data includes:

• Title, first and last name, gender

• Address, contact details such as email address and phone number

• Additional information from identification documents

• Language preferences

• Information about your professional profile and employment (e.g., employer, position, employment start date) and education

• Relationship to the company for which you work (if applicable)

• Customer history

• Signatory powers and consent declarations

We typically receive this data from you directly but may also obtain it from third parties such as business partners, public registers, or publicly available sources (e.g., websites or social media).

3.2. Contract Data

Contract data includes information arising from the conclusion or execution of a contract. We process the following contract data:

• Date, application process, type and duration of the contract, and contractual conditions

• Contact and billing details

• Information about the use of our services

• Payment details, invoices, customer service contacts, complaints, and feedback

We receive this data from you or from partners with whom we work. This data may relate to your business if you act on its behalf or to you personally if you use our services.

3.3. Communication Data

Communication data refers to information related to our interactions with you. This includes:

• Content of correspondence (e.g., emails, letters, phone calls)

• Details about the nature, time, and, if applicable, location of the communication

3.4. Technical Data

When you use our website, technical data is collected, including:

• IP address and device ID

• Information about your device, operating system, and language settings

• Information about your internet provider

• Logs of system use

• Date and time of access and approximate location

3.5. Behavioral Data

We collect behavioral data to understand how you use our services and to improve our offerings. This includes:

• Information on how you interact with our website

• Data on your use of our electronic communications (e.g., whether you open our emails or click on links)

3.6. Preference Data

Preference data gives us insight into your needs and interests. We derive this information by combining behavioral data with other data.

3.7. Other Data

We may also collect other data in specific situations, such as:

• Information from legal or administrative proceedings

• Photos, videos, and audio recordings (e.g., at events)

4. For what purposes do we process your personal data?

We primarily use personal data to fulfill our contractual obligations. We also process data for other legitimate interests, including:

• Communication purposes, such as responding to inquiries

• Customer care and marketing, including personalized advertising

• Service improvement and product development

• Ensuring IT security and fraud prevention

• Asserting or defending legal claims

• Compliance with legal obligations

• Internal administration and operational efficiency

If we request your consent for specific data processing, we will inform you separately. You may revoke your consent at any time by contacting us via email.

5. Which Online Tracking and Online Advertising Techniques Do We Use?

On our website, we use various techniques that allow us and third parties we engage to recognize you during your use and, in some cases, track you across multiple visits. The use of such techniques is specifically regulated. In this section, we inform you about them.

5.1. How and Why Do We Use Cookies and Similar Technologies?

For our website, we use services from third parties to measure and improve the user-friendliness of the website and online advertising campaigns. To do this, we may integrate third-party components on our website that, in turn, may use cookies and similar technologies (see below). When we use such technologies, it is to distinguish your access (via your system) from the access of other users to ensure the functionality of the website and to conduct statistical evaluations. We do not intend to identify you personally. The technologies used are designed so that you are recognized as an individual visitor each time you access the site, for example, by our server (or the servers of third parties) assigning a specific identification number to you or your browser (e.g., a "cookie"), but you are not identified by name.

Cookies are files that your browser automatically stores on your device when you visit our website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, usually without identifying them. Depending on their purpose, cookies contain additional information, e.g., about pages visited and the duration of the visit. We use both session cookies, which are deleted when the browser is closed, and persistent cookies, which remain stored for a specific period after the browser is closed and serve to recognize visitors on a subsequent visit.

We may also use similar technologies, such as [LinkedIn Insight Tags, Pixel Tags, or Fingerprints] to store data in the browser. Pixel tags refer to small, usually invisible images or program code that are loaded from a server and provide the server operator with specific information, e.g., whether and when the website was visited. Fingerprints are information collected during your visit to our website about your device configuration or browser, which make your device distinguishable from others.

Similar to cookies, browser storage technologies such as Local Storage and Session Storage are used to store user data and make it available across multiple page views and sessions.

We use the following types of cookies and similar technologies:

Necessary Cookies: These cookies are required for the functionality of the website, e.g., to allow you to switch between pages without losing information entered in a form.

Functional Cookies: These cookies enable advanced functions and may display personalized content.

Performance Cookies: These cookies collect information about the use of a website and enable analysis, such as which pages are most popular. They help simplify the website visit and improve user-friendliness.

Marketing Cookies: These cookies help us and our advertising partners to target you with advertising for products or services that may be of interest to you, either on our websites or on third-party websites, or to display our advertisements to you after visiting our website (remarketing).

We use cookies, as well as Local Storage and Session Storage, in particular for the following purposes:

• Personalization of content

• Displaying personalized advertisements and offers

• Displaying advertisements on third-party websites and measuring their effectiveness (e.g., whether you respond to these advertisements)

• Storing settings between visits

• Determining whether and how we can improve our website

• Collecting statistical data on the number of users and their usage habits, as well as improving website speed and performance

We may process your contact data to target you with advertising on third-party platforms.

5.2. How Can Cookies and Similar Technologies Be Deactivated?

When accessing our website, you have the option to activate or deactivate specific categories of cookies (see checkboxes below). You can configure your browser settings to block certain cookies or similar technologies or to delete existing cookies and other data stored in the browser. You can also extend your browser with software (so-called "plug-ins") that blocks tracking by certain third parties. More information can be found on your browser's help pages (usually under the "privacy" section). Please note that our website may no longer function fully if you block cookies and similar technologies.

5.3. Cookies from Partners and Third Parties on Our Website

We use services from third parties to measure and improve the user-friendliness of the website and online advertising campaigns. These third parties may be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analytical services to optimize and personalize our website. These third parties may record the use of the website and combine their records with other information from other websites. This allows them to track user behavior across multiple websites and devices and provide us with statistical evaluations. These providers may also use this information for their own purposes, such as personalized advertising on their websites or others.

Google Analytics is an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland; together "Google," with Google Ireland Ltd. being responsible for data processing). Google uses cookies and similar technologies to collect information about individual user behavior on the website and the device used (tablet, PC, smartphone, etc.). Google collects information about user behavior on the website and the device and provides us with evaluations based on this information, while also processing certain data for its own purposes. We have configured Google Analytics to anonymize IP addresses before being transferred to the USA. You can find more information on Google Analytics' privacy policy here. You can deactivate Google Analytics by installing an appropriate Browser-Add-On . We do not record any personal data such as names, email addresses, etc., for custom events in Google Analytics. Custom events are solely used to capture website performance.

6. What applies to profiling and automated decisions?

We may process and evaluate your data as described in section 3 using automated means. This also includes so-called profiling, i.e., automated evaluations of data for analysis and forecasting purposes, and to determine preference data (section 3.6). The most common examples of this are profiling for customer care and marketing purposes.

To ensure the efficiency and consistency of our decision-making processes, we make certain decisions using computer-based rules and, where applicable, without review by one of our employees. If decisions are made exclusively in an automated manner and result in a negative legal consequence or otherwise significantly affect you ("automated individual decisions"), we will inform you accordingly. In such cases, you have the right to express your viewpoint and request that the decision be reviewed by a natural person.

7. How do we process data in connection with social media?

We offer you the option to use "social media plugins" from Facebook, Instagram, and LinkedIn on our website, allowing us to integrate functions from these providers. These plugins are deactivated by default. Once you activate them (e.g., by clicking a button), the respective providers can identify that you are on our website. If you have an account with the social media provider, they can associate this information with you and track your online activities.

We are generally jointly responsible with the respective providers for the exchange of data collected by these plugins or similar features (but not for any further processing carried out by the provider). Where possible, we have concluded Additional Agreements with these providers. You can direct any requests for information and other inquiries regarding joint responsibility directly to the relevant provider.

If you interact with us through social media platforms (e.g., on Facebook, Instagram, and LinkedIn) by communicating, commenting, or sharing content, we collect information primarily to communicate with you, for marketing purposes, and for statistical analyses. Please note that the platform provider also collects and uses data (e.g., user behaviour) when you visit our social media profiles, potentially combining this with other known data (e.g., for marketing or platform personalization purposes). Further information on how these social media providers process your data can be found in their respective privacy policies.

8. To whom do we disclose your personal data?

In connection with our data processing, we also disclose your personal data to other recipients.

This particularly applies to IT service providers, but also to consulting companies, analytics service providers, debt collection agencies, credit rating agencies, and marketing service providers. Where service providers process personal data as data processors, they are required to process the data exclusively according to our instructions (subject to analyses for non-personal purposes) and to implement security measures to protect the data.

Data may also be disclosed to other recipients, such as courts and authorities in the context of legal proceedings and statutory reporting obligations, buyers of companies and assets, financing companies involved in securitization, and debt collection agencies.

In some cases, we may also disclose personal data to other third parties for their own purposes, for instance, if you have given us your consent or if we are legally obliged or entitled to do so.

9. Do we disclose personal data abroad?

Recipients of data are not only located in Switzerland. This is especially the case with certain service providers, who may be located outside the European Economic Area (EEA) and Switzerland (in particular, the USA) or in other countries worldwide. For example, we may transmit data to authorities or other parties abroad if we are legally required to do so, or in the context of a corporate sale or legal proceedings. Not all of these countries currently provide a level of data protection equivalent to Swiss law. We compensate for the lower level of protection through appropriate contracts, especially the standard contractual clauses issued by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Further information and a copy of these clauses can be found at: www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html..

In certain cases, we may also transfer data without such contracts in compliance with data protection laws, for instance, if you have consented to the disclosure, if the disclosure is necessary for contract execution, the establishment, exercise, or enforcement of legal claims, or if there is an overriding public interest.

10. How long do we process personal data?

We store and process your personal data for as long as it is required for the purpose of processing (in the case of contracts, usually for the duration of the contractual relationship), for as long as we have a legitimate interest in storing it (e.g., to enforce legal claims, for archiving purposes, or to ensure IT security), and for as long as data is subject to statutory retention obligations (for certain data, for example, a ten-year retention period applies). If there are no legal or contractual obligations to the contrary, we delete or anonymise your data after the storage or processing period expires as part of our standard procedures.

We usually retain master data for 8 years from the last interaction with you, but at least from the end of the contract. This period may be longer if required for evidentiary reasons or to comply with legal or contractual obligations or for technical reasons. For purely marketing and promotional contacts, the retention period is usually much shorter—generally no more than 2 years from the last contact.

We generally retain contract data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be extended if necessary for evidentiary reasons or to comply with legal or contractual obligations or for technical reasons.

We anonymise or delete your behavioural and preference data when they are no longer meaningful for the intended purposes, which can range from 2-3 weeks (for movement profiles) to 24 months (for product and service preferences), depending on the nature of the data. This period may be extended if necessary for evidentiary reasons or to comply with legal or contractual obligations or for technical reasons.

11. What legal bases do we rely on for data processing?

In some cases, data processing is only permitted if the applicable law specifically allows it. This is not required under the Swiss Data Protection Act but applies under the GDPR where applicable. In such cases, we process your personal data based on the following legal grounds:

• Your consent (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR);

• The necessity for contract fulfilment or pre-contractual measures (e.g., reviewing a contract application; Art. 6 para. 1 lit. b GDPR);

• The necessity to assert or defend legal claims or civil proceedings (Art. 6 para. 1 lit. f and Art. 9 para. 2 lit. f GDPR);

• The necessity to comply with domestic or foreign legal obligations (Art. 6 para. 1 lit. c and lit. f; Art. 9 para. 2 lit. g GDPR);

• Legitimate interests in processing data, particularly the interests outlined in section 4 (Art. 6 para. 1 lit. f GDPR).

12. How do we protect your data?

We implement appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data. These measures protect your data from unauthorised or unlawful processing and guard against the risks of loss, accidental alteration, unintended disclosure, or unauthorised access. However, it is not possible to completely eliminate security risks, and residual risks are unavoidable.

13. What rights do you have?

Under applicable data protection laws, you have certain rights to obtain further information about our data processing and to influence it. These rights include, in particular:

• Right to information: You can request further details about our data processing. You may also submit an access request if you wish to receive more comprehensive information and a copy of your data.

• Objection and deletion: You can object to our data processing and request that we delete your personal data unless we are legally required to continue processing or retaining it, or if the data is necessary to manage the employment relationship.

• Correction: You can request the correction of inaccurate or incomplete personal data or ask to have them supplemented by a statement of dispute.

• Data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to a third party, provided the data processing is based on your consent or is necessary for the fulfilment of a contract.

• Withdrawal of consent: Where we process data based on your consent, you may withdraw your consent at any time. The withdrawal applies only to future processing, and we reserve the right to continue processing the data on another legal basis if applicable.

Please note that these rights are subject to legal conditions and limitations and may not be available in every case. We may need to continue processing and storing your personal data to fulfil a contract, protect our legitimate interests (such as asserting, exercising, or defending legal claims), or comply with legal obligations. Where legally permissible, especially to protect the rights and freedoms of other affected individuals and to safeguard legitimate interests, we may partially or fully reject a data subject request (e.g., by redacting information concerning third parties or our trade secrets).

If you wish to exercise your rights, please contact us by email. Our contact details can be found in section 2. We may need to verify your identity. Additionally, you have the right to file a complaint with the relevant supervisory authority regarding our data processing. In Switzerland, the competent supervisory authority is the E Federal Data Protection and Information Commissioner ( FDPIC)

Version of the Privacy Policy: October 16, 2024