1. Scope and Controller
This data protection declaration provides information on how and for what purposes icotec ag (hereinafter referred to as “we” or “icotec”) processes your personal data that you disclose to us, or which we collect from you. “Personal data” means all data and information relating to an identified or identifiable natural person.
We process personal data in accordance with the provisions of the Swiss Data Protection Act and, if and to the extent applicable, in accordance with the General Data Protection Regulation of the European Union. Where we deem it appropriate, we may provide you with additional privacy statements to supplement this data protection declaration.
The name and address of the controller are as follows:
Phone: +41 71 757 00 00
The Data Protection Representative in accordance with Art. 27 of the European General Data Protection Regulation is:
icotec Medical GmbH
In der Au 25
Please contact the above addresses if you have questions on the subject of data protection.
2. Data Origin and Data Categories
We primarily process personal data that we receive or collect from our customers, prospective customers, patients, website visitors, suppliers, distributors, and other business partners in the course of our business. In addition to this, we may also process personal data that we have obtained from publicly accessible sources (e.g., websites or public registries, such as the commercial registry). Finally, it is possible that we receive personal data from our business partners, from official bodies and authorities, or from other third parties.
The personal data we process includes, as the case may be, in particular, personal and contact details (e.g., name, academic title, address, gender, date of birth, telephone number, and e-mail address), delivery and home address, details of your occupation, health data, patient data, financial information for payment purposes (e.g., bank account details), details about the use of our website (e.g., IP address), and information of any manner from correspondence, contacts, and interactions with us.
3. Purpose of Processing and Legal Basis
3.1 General Processing in the Context of Our Business Activities
We process your personal data primarily for those purposes that are necessary in connection with our business operations and the provision of our services. In particular, we may process your personal data for the following purposes:
- in order to communicate with you, particularly to provide you with information or to be able to process your requests; if you contact us by e-mail/contact form, you authorize us to reply to you via the same channel; please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be guaranteed that they aren’t viewed, accessed, or manipulated by third parties; we exclude, to the extent permitted by law, any liability for damages that you may incur as a result of faulty transmission, falsification of content, or disruption of the network (interruptions, overloading, illegal interventions, jamming)
- in order to be able to answer medical queries
- in order to provide you with our services and our website and to evaluate and improve them
- in order to be able to deliver our products to you
- in order to monitor the safety of medical devices, including the detection, assessment, follow-up, and prevention of adverse events and the reporting of adverse events to health authorities
- in order to be able to hold events
- in order to maintain and manage our business relationship with you (incl. invoicing)
- in order to inform you about new developments or to send you other information about our services and products
- for IT and building security measures (such as access controls, visitor lists, network and mail scanners, telephone recordings)
- for the assertion of legal claims and defense in connection with legal disputes as well as proceedings by authorities
- in order to comply with our legal obligations domestically and abroad
We process your personal data for the above purposes, depending on the situation, in particular based on the following legal bases:
- the processing of personal data is necessary for the performance of a contract with you
- you have given your consent to the processing of personal data pertaining to you
- the processing of personal data is necessary for the fulfillment of a legal obligation
- the processing is necessary to protect the vital interests of the data subject or another natural person
- we have a legitimate interest in the processing of personal data
3.2 When Visiting Our Website
You do not have to disclose any personal data to visit our website. However, the server collects a range of user information with each call, which is temporarily stored in the server’s log files. The information collected includes, but is not limited to, the IP address, the date and time of access, the time zone relative to GMT, the name and URL of the file accessed, the website from which access was made, the browser used, and the operating system used.
When using this general information, no allocation to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyze how it is used. The legal basis for the temporary storage of the information and the log files is our legitimate interest in being able to offer you our website at a sufficient quality, and to be able to improve it on an ongoing basis.
3.3 Contact Form
You can contact us via the contact forms provided on our website. The personal data you send us will be stored by us and processed for the purpose of dealing with your query. The legal basis for this personal data being processed is your consent (which you provide to us) and our legitimate interest in processing your request.
3.4 Contact by E-Mail and Telephone
You can contact us electronically or by telephone, using the e-mail addresses and telephone numbers provided on our website. In this case, the personal data you send us will be stored by us and processed for the purpose of dealing with your query. The legal basis for this personal data being processed is your consent (which you provide to us) and our legitimate interest in processing your request.
Our website uses so-called cookies or other technologies/tools such as pixels, tags, or external services (hereinafter “cookies” or “tools”). Cookies are text files that are stored in an Internet browser or by the Internet browser on the computer system of the user or a mobile end device, or image files such as pixels. The cookie contains a sequence of characters enabling the browser or mobile end device to be clearly identified when visiting the website or mobile app again.
3.5.1. Technically Necessary Cookies
Technically necessary cookies are required for our website to function. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, edits to your privacy settings, or the filling out of forms. Although you can block these cookies in your browser, some parts of our website will no longer function as a result.
3.5.2. Analytics and Marketing Cookies
Analytics cookies allow us to analyze visitor behavior and sources of traffic so that we can measure the performance of our website and improve the user experience. They help us to see how popular which pages are and show how visitors navigate our website.
Marketing cookies allow us to deliver advertising that is relevant to you. These cookies may remember that you have visited our website and share this information with other companies, including other advertisers.
Specifically, we use the following analytics and marketing cookies:
- Google Analytics of Google Ireland Ltd., Ireland (hereinafter “Google”). The data protection declaration for Google Analytics can be found here: https://policies.google.com/privacy?hl=en
For more information about the use of third-party tools, please see the description of the tools used in this data protection declaration.
3.6 Google Tag Manager
The legal basis for this is your consent (which you provide to us) and our legitimate interests.
3.7 Google Search Console
Our website uses the web analytics service Google Search Console. This service is provided by Google and enables us to monitor and manage the presence of our website in Google search results and to carry out optimizations. When using Google Search Console, no personal user data is processed or transmitted to Google. You can find out more by following this link: https://support.google.com/webmasters/answer/9128668?hl=en
3.8 Job Applications
You can submit your application for a job with us by post or via the e-mail address given on our website. The application documents and all personal data transmitted to us with them will be treated as strictly confidential, will not be disclosed to any third party, and will only be processed for the purpose of handling your employment application with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfillment of the contract with you, and our legitimate interests.
4. Disclosure of Personal Data to Recipients and Abroad
4.1 Disclosure of Personal Data to Recipients
In addition to the transfers of data to recipients expressly mentioned in this data protection declaration, we may disclose personal data to the following categories of recipients, where permitted:
- other affiliated companies of icotec
- providers, to whom we have outsourced certain services (IT and hosting providers, photographers, payment service providers, banks, insurance companies, etc.)
- dealers, suppliers, subcontractors, and other business partners
- members of the health-care industry
- health authorities
- domestic and foreign authorities, official agencies, or courts
4.2 Disclosure of Personal Data Abroad
In principle, we process your personal data in Switzerland. However, in certain cases (e.g., when using certain service providers or certain software applications), your personal data may also be transferred abroad, mainly to the member states of the European Union and EFTA, but sometimes also to other countries worldwide, in particular to the USA.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law, by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract performance, the establishment, exercise, or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law, and foreign laws as well as regulatory action may require the disclosure of this data to authorities and other third parties.
4.3 Retention Period
We process and store your personal data only for as long as is necessary in accordance with the processing purpose in question or for as long as there is another legal basis for doing so (e.g., statutory retention periods). We retain the personal data which we are holding on the basis of a contractual relationship with you for at least as long as the contractual relationship exists, limitation periods for possible claims by us run, or contractual retention obligations exist. As soon as your personal data is no longer required for these purposes, it is generally and, as far as possible, disabled, deleted, or made anonymous.
5. Your Rights
Within the framework of the data protection law applicable to you, you have the right to access, correction, and deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this), or require it for the assertion of claims. If there are any costs for you, we will inform you in advance.
If data processing is based on your consent, you can revoke this at any time after giving your consent with effect for the future. However, this shall not affect the lawfulness of the processing carried out on the basis of the consent until such a time as it is revoked.
The exercise of such rights usually requires that you clearly prove your identity (e.g., by a copy of your ID card) where your identity is otherwise not clear or cannot be verified. To exercise your rights, you can contact us at the address given in subparagraph 1 of this data protection declaration.
In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
6. Data Security
We take technological and organizational measures to protect your personal data from unauthorized access, misuse, loss, and destruction. In particular, we use firewalls, logging, and encryption, have authorization concepts, and have taken other protective measures to ensure the most comprehensive protection of personal data possible.
7. Adaptations to This Data Protection Declaration
We reserve the right to adapt this data protection declaration at any time. If any such adaptations are made, we will immediately publish the adapted data protection declaration on our website. The data protection declaration published on our website is always valid.
As of February 2023.