Data protection

General Notes

1. Scope and Controller

This data protection declaration provides information on how and for what purposes icotec ag (hereinafter referred to as “we” or “icotec”) processes your personal data that you disclose to us, or which we collect from you. “Personal data” means all data and information relating to an identified or identifiable natural person.

We process personal data in accordance with the provisions of the Swiss Data Protection Act and, if and to the extent applicable, in accordance with the General Data Protection Regulation of the European Union. Where we deem it appropriate, we may provide you with additional privacy statements to supplement this data protection declaration.

The name and address of the controller are as follows:

icotec ag
Industriestrasse 12
9450 Altstätten
Switzerland

Phone:  +41 71 757 00 00
E-mail:    data.privacy@icotec.ch

The Data Protection Representative in accordance with Art. 27 of the European General Data Protection Regulation is:

icotec Medical GmbH
In der Au 25
61440 Oberursel
Germany

Please contact the above addresses if you have questions on the subject of data protection.

2. Data Origin and Data Categories

We primarily process personal data that we receive or collect from our customers, prospective customers, patients, website visitors, suppliers, distributors, and other business partners in the course of our business. In addition to this, we may also process personal data that we have obtained from publicly accessible sources (e.g., websites or public registries, such as the commercial registry). Finally, it is possible that we receive personal data from our business partners, from official bodies and authorities, or from other third parties.

The personal data we process includes, as the case may be, in particular, personal and contact details (e.g., name, academic title, address, gender, date of birth, telephone number, and e-mail address), delivery and home address, details of your occupation, health data, patient data, financial information for payment purposes (e.g., bank account details), details about the use of our website (e.g., IP address), and information of any manner from correspondence, contacts, and interactions with us.

3. Purpose of Processing and Legal Basis

3.1 General Processing in the Context of Our Business Activities

We process your personal data primarily for those purposes that are necessary in connection with our business operations and the provision of our services. In particular, we may process your personal data for the following purposes:

  • in order to communicate with you, particularly to provide you with information or to be able to process your requests; if you contact us by e-mail/contact form, you authorize us to reply to you via the same channel; please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be guaranteed that they aren’t viewed, accessed, or manipulated by third parties; we exclude, to the extent permitted by law, any liability for damages that you may incur as a result of faulty transmission, falsification of content, or disruption of the network (interruptions, overloading, illegal interventions, jamming)
  • in order to be able to answer medical queries
  • in order to provide you with our services and our website and to evaluate and improve them
  • in order to be able to deliver our products to you
  • in order to monitor the safety of medical devices, including the detection, assessment, follow-up, and prevention of adverse events and the reporting of adverse events to health authorities
  • in order to be able to hold events
  • in order to maintain and manage our business relationship with you (incl. invoicing)
  • in order to inform you about new developments or to send you other information about our services and products
  • for IT and building security measures (such as access controls, visitor lists, network and mail scanners, telephone recordings)
  • for the assertion of legal claims and defense in connection with legal disputes as well as proceedings by authorities
  • in order to comply with our legal obligations domestically and abroad

We process your personal data for the above purposes, depending on the situation, in particular based on the following legal bases:

  • the processing of personal data is necessary for the performance of a contract with you
  • you have given your consent to the processing of personal data pertaining to you
  • the processing of personal data is necessary for the fulfillment of a legal obligation
  • the processing is necessary to protect the vital interests of the data subject or another natural person
  • we have a legitimate interest in the processing of personal data

3.2 When Visiting Our Website

You do not have to disclose any personal data to visit our website. However, the server collects a range of user information with each call, which is temporarily stored in the server’s log files. The information collected includes, but is not limited to, the IP address, the date and time of access, the time zone relative to GMT, the name and URL of the file accessed, the website from which access was made, the browser used, and the operating system used.

When using this general information, no allocation to a specific person takes place. The collection of this information or data is technically necessary to display our website and to ensure its stability and security. This information is also collected to improve the website and analyze how it is used. The legal basis for the temporary storage of the information and the log files is our legitimate interest in being able to offer you our website at a sufficient quality, and to be able to improve it on an ongoing basis.

3.3 Contact Form

You can contact us via the contact forms provided on our website. The personal data you send us will be stored by us and processed for the purpose of dealing with your query. The legal basis for this personal data being processed is your consent (which you provide to us) and our legitimate interest in processing your request.

3.4 Contact by E-Mail and Telephone

You can contact us electronically or by telephone, using the e-mail addresses and telephone numbers provided on our website. In this case, the personal data you send us will be stored by us and processed for the purpose of dealing with your query. The legal basis for this personal data being processed is your consent (which you provide to us) and our legitimate interest in processing your request.

3.5 Cookies/Tools

Our website uses so-called cookies or other technologies/tools such as pixels, tags, or external services (hereinafter “cookies” or “tools”). Cookies are text files that are stored in an Internet browser or by the Internet browser on the computer system of the user or a mobile end device, or image files such as pixels. The cookie contains a sequence of characters enabling the browser or mobile end device to be clearly identified when visiting the website or mobile app again.

On one hand, the purpose of using cookies is to enable and simplify the use of our website for users. Some functions of our website cannot be offered without the use of cookies (so-called technically necessary cookies). On the other hand, we also use cookies/tools for the analysis of user behavior on our website, namely for reach measurement, and finally for marketing purposes.

3.5.1. Technically Necessary Cookies

Technically necessary cookies are required for our website to function. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, edits to your privacy settings, or the filling out of forms. Although you can block these cookies in your browser, some parts of our website will no longer function as a result.

3.5.2. Analytics and Marketing Cookies

Analytics cookies allow us to analyze visitor behavior and sources of traffic so that we can measure the performance of our website and improve the user experience. They help us to see how popular which pages are and show how visitors navigate our website.

Marketing cookies allow us to deliver advertising that is relevant to you. These cookies may remember that you have visited our website and share this information with other companies, including other advertisers.

Specifically, we use the following analytics and marketing cookies:

You can object to the use of cookies, for example (i) by selecting the appropriate settings in your browser, (ii) by using appropriate cookie blocker software (e.g., ghostery), or (iii) by downloading and installing the browser plug-in available at the following link about cookies from Google: https://tools.google.com/dlpage/gaoptout?hl=en

For more information about the use of third-party tools, please see the description of the tools used in this data protection declaration.

3.6 Google Tag Manager

We use the Google Tag Manager on our website. Google Tag Manager is a solution from Google with which website tags can be managed via an interface. The tool itself is a domain which does not use cookies and, according to Google, does not collect any personal data. The tool triggers other tags, which in turn may collect personal data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. You can prevent the placement of tags at any time.

The legal basis for this is your consent (which you provide to us) and our legitimate interests.

3.7 Google Search Console

Our website uses the web analytics service Google Search Console. This service is provided by Google and enables us to monitor and manage the presence of our website in Google search results and to carry out optimizations. When using Google Search Console, no personal user data is processed or transmitted to Google. You can find out more by following this link: https://support.google.com/webmasters/answer/9128668?hl=en

3.8 Job Applications

You can submit your application for a job with us by post or via the e-mail address given on our website. The application documents and all personal data transmitted to us with them will be treated as strictly confidential, will not be disclosed to any third party, and will only be processed for the purpose of handling your employment application with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal obligation to retain it. The legal basis for processing your data is your consent, the fulfillment of the contract with you, and our legitimate interests.

4. Disclosure of Personal Data to Recipients and Abroad

4.1 Disclosure of Personal Data to Recipients

In addition to the transfers of data to recipients expressly mentioned in this data protection declaration, we may disclose personal data to the following categories of recipients, where permitted:

  • other affiliated companies of icotec
  • providers, to whom we have outsourced certain services (IT and hosting providers, photographers, payment service providers, banks, insurance companies, etc.)
  • dealers, suppliers, subcontractors, and other business partners
  • auditors
  • members of the health-care industry
  • health authorities
  • domestic and foreign authorities, official agencies, or courts

4.2 Disclosure of Personal Data Abroad

In principle, we process your personal data in Switzerland. However, in certain cases (e.g., when using certain service providers or certain software applications), your personal data may also be transferred abroad, mainly to the member states of the European Union and EFTA, but sometimes also to other countries worldwide, in particular to the USA.

If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law, by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract performance, the establishment, exercise, or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law, and foreign laws as well as regulatory action may require the disclosure of this data to authorities and other third parties.

4.3 Retention Period

We process and store your personal data only for as long as is necessary in accordance with the processing purpose in question or for as long as there is another legal basis for doing so (e.g., statutory retention periods). We retain the personal data which we are holding on the basis of a contractual relationship with you for at least as long as the contractual relationship exists, limitation periods for possible claims by us run, or contractual retention obligations exist. As soon as your personal data is no longer required for these purposes, it is generally and, as far as possible, disabled, deleted, or made anonymous.

5. Your Rights

Within the framework of the data protection law applicable to you, you have the right to access, correction, and deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this), or require it for the assertion of claims. If there are any costs for you, we will inform you in advance.

If data processing is based on your consent, you can revoke this at any time after giving your consent with effect for the future. However, this shall not affect the lawfulness of the processing carried out on the basis of the consent until such a time as it is revoked.

The exercise of such rights usually requires that you clearly prove your identity (e.g., by a copy of your ID card) where your identity is otherwise not clear or cannot be verified. To exercise your rights, you can contact us at the address given in subparagraph 1 of this data protection declaration.

In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

6. Data Security

We take technological and organizational measures to protect your personal data from unauthorized access, misuse, loss, and destruction. In particular, we use firewalls, logging, and encryption, have authorization concepts, and have taken other protective measures to ensure the most comprehensive protection of personal data possible.

7. Adaptations to This Data Protection Declaration

We reserve the right to adapt this data protection declaration at any time. If any such adaptations are made, we will immediately publish the adapted data protection declaration on our website. The data protection declaration published on our website is always valid.

As of February 2023.