PRIVACY POLICY

With this privacy policy, we would like to inform you about the type, scope, and purpose of the processing of personal data that we receive through the treatment relationship as well as via the website.

We only process your personal data in compliance with the relevant data protection regulations (Swiss data protection law and, in cases where Article 3 of the EU GDPR applies, the EU GDPR).

1. Who is responsible for data processing and whom can I contact?

The data processing is the responsibility of:

PhysioTeam Uster
Bankstrasse 13
8610 Uster

Each affected person can contact us at any time with any questions or suggestions regarding data protection.

2. What sources and data are collected?

2.1. Patient Data

We process all your personal data that we receive from you as a patient and, if applicable, from the referring physician within the scope of the treatment relationship (from initial contact). We also collect data through examinations.

All data concerning your health are considered particularly sensitive personal data and are likewise protected by professional secrecy (Art. 321 Penal Code and cantonal health law).

2.2 Access Data and Log Files

With every visit to the website by a person or an automated system, we automatically collect a range of general data and information and store it in the server's log files:

• Page Names
• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• IP Address
• Server request date and time
• Search engines used
• Downloaded files

These data, and any comments or other contributions left by users, can only be attributed to your IP address. The data will not be linked to other information you have with us.

It is your free choice whether you wish to provide us with personal data via the contact form, appointment booking form, or email. We will only use your provided personal data for the stated purpose (e.g., for contact or appointment scheduling).

2.2 Cookies

Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional limitations.

You can opt out of the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/disagree.

3. Integration of third-party services and content

We use third-party content or service offerings within our online services to embed their content and services, such as videos or fonts (hereinafter collectively referred to as “content”). This always requires that the third parties of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic to the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit, as well as further details on the use of our online services, and can also be linked with such information from other sources.

The following overview lists third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases, opt-out options:

• Emails are sent via Postmark. Privacy Policy: https://wildbit.com/privacy-policy
• Online appointment bookings are handled through E-Physio. Privacy Policy: www.ephysio.pharmedsolutions.ch/en/physio/data-policy
• Google, Inc. External Fonts, https://www.google.com/fonts („Google Fonts“). Google Fonts are integrated by making a server call to Google (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
• Google Maps of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, provided. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
• External JavaScript framework code “jQuconery”, provided by the third-party vendor jQuery Foundation, https://jquery.org.

4. What do we process your data for (purpose of processing)?

4.1 Treatment Data

Your patient data is processed for the purpose of achieving the most successful treatment and in fulfillment of the legal obligations incumbent upon us under health law.

The purpose of data processing is primarily determined by the treatment.

4.2. Other Data

Log file information is stored for a maximum of 60 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data whose further retention is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.

In addition, the data will be analyzed for statistical purposes in order to make our internet services more attractive.

5. Who gets my data?

5.1. Patient Data

Within our practice, employees who require access to your data to fulfill their duties will be granted access. Service providers and vicarious agents employed by us may also receive data for these purposes. They are also obligated to maintain professional secrecy.

All employees of our practice are bound by professional secrecy and are obligated to confidentiality regarding all patient-related facts and evaluations that they have become aware of during their work. Information about you may only be disclosed if legal provisions require it, you have consented, or the supervisory authority has released a person from the treatment team.

There is a legal basis for the transfer of patient data to health and accident insurance companies.

When claiming benefits from the disability insurance, the persons and entities mentioned in the application are authorized to provide the disability insurance bodies with all information and documents required for the clarification of benefit and recourse claims.

Information will only be passed on to Spitex, external therapists, nursing homes, employers, and authorities with your consent. Consent is presumed for follow-up care by a doctor.

5.2. Other Data

Within our practice, those individuals will have access to your data who require it to fulfill their duties.

Data logged when accessing our internet service will only be passed on to third parties if we are legally, contractually, or by court order obliged to do so, or on the basis of legitimate interests.

In the case of transmitting personal data, we will only use the personal information you provide within our company.

We require subcontractors engaged to provide our services to implement appropriate technical and organizational measures to ensure the protection of personal data in accordance with relevant legal provisions.

6. Will data be transferred to a third country?

• Patient Data:
  Patient data will never be transferred to a third country without your explicit consent.

• Other data:
  If content, tools, or other resources from third-party providers are used within our online presence, and these providers are based in a third country, it is assumed that data transfer to the respective countries of the third-party providers will occur. Third countries are understood as countries outside of the EU and Switzerland, or the European Economic Area. Data is transferred to third countries if an adequate level of data protection is ensured, user consent has been obtained, or another legal permission exists.

7. How long will my data be stored?

7.1. Patient Data

In the area of patient care, we are obliged by the cantonal health law to retain your records for 10 years. Cantonal and national special regulations may also provide for a retention period of up to 20 years. After the statutory retention period, the treatment records will be offered to patients for collection or will be deleted or destroyed.

7.2. Other Data

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations. It should be noted that our relationship with you as a patient is long-term.

If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted.

8. What data protection rights do I have?

Right of Access

Each person has the right to request confirmation from us as to whether we are processing personal data concerning them.

Any data subject affected by the processing of personal data can request free of charge (a fee may be charged for repeated or abusive requests) information about the personal data stored about them by us at any time. We can provide the following information:

• the processing purposes
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
• the planned duration for which the personal data will be stored, or, if this is not possible, the criteria used to determine this duration
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• The existence of a right to complain to a supervisory authority.

Furthermore, the data subject has the right to receive information as to whether personal data have been transferred to a third country. If this is the case, the data subject also has the right to receive information about the appropriate safeguards relating to the transfer.

8.2. Correction of Data

Each data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Correction of medical judgments cannot be demanded. However, a remark of dispute can be included in the medical records.

8.3. Deleting Data

Each data subject has the right to demand that personal data relating to them be erased without delay, provided that there are legal grounds for erasure and that processing is not necessary.

Patient data cannot be demanded to be deleted because it must also be kept for public interest.

8.4. Restriction of data processing

Every data subject has the right to request from the controller restriction of processing if one of the following conditions applies:

• The accuracy of the personal data is contested by the data subject for a period that enables the controller to verify the accuracy of the personal data.
• The processing is unlawful, and the data subject objects to the erasure of the personal data and requests restriction of their use instead.
• The controller no longer needs the personal data for the purposes for which they were processed, but the data subject needs them for the establishment, exercise or defence of legal claims.
• The data subject has objected to the processing, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

Any data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them.

Any person affected by the processing of personal data has the right to withdraw consent for the processing of personal data at any time.

8.5. Assertion of data subject rights

You can contact us if you would like to exercise one or more of your data subject rights:

PhysioTeam Uster
Bankstrasse 13
8610 Uster

9. Data deletion

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.

10. To what extent does automated decision-making exist?

Based on the information available to us, no fully automated decisions are made.

11. Is profiling taking place?

No profiling is done with the data collected about you.

12. Security measures

We implement organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction, or unauthorized access.

13. Privacy Policy Changes

As we continue to develop our websites and implement new technologies, changes to this privacy policy may become necessary. Therefore, we recommend that you review this privacy policy from time to time.