Privacy Policy of INNOVATION SUISSE SANTÉ Sàrl

1. Introduction

This privacy statement is issued by INNOVATION SUISSE SANTÉ Sàrl, located at Dorfmatte 609, 3113 Rubigen. As responsible for the website www.dispositifmedical.ch (hereinafter: the "Site"), INNOVATION SUISSE SANTÉ Sàrl undertakes to manage, use and process your personal information in compliance with current data protection regulations.

At INNOVATION SUISSE SANTÉ Sàrl, we consider the protection and proper handling of your personal data to be of paramount importance. We are committed to safeguarding your rights with regard to your personal data, whether you interact with us on our website, purchase our products, or participate in our programs and events. Our commitment is in line with established standards, including the Swiss Federal Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR).

The purpose of this Privacy Policy is to inform you about how INNOVATION SUISSE SANTÉ Sàrl collects, uses and processes personal data.

Please note that this Privacy Policy may be updated from time to time. Changes will be posted on our website. We recommend that you consult it regularly to stay informed of any updates.

2. Responsibility for Processing Your Data

INNOVATION SUISSE SANTÉ Sàrl, located at Dorfmatte 609, 3113 Rubigen, is the entity responsible for the management of personal data, in accordance with the provisions of this privacy policy, unless otherwise specified in specific cases.

If you have any questions regarding the protection of your data or if you wish to exercise your rights as defined in this privacy policy, please contact us at the following coordinates:

By post:

INNOVATION SUISSE SANTÉ Sàrl

Dorfmatte 609

3113 Rubigen

Switzerland

Or by e-mail to: info@dispositifmedical.ch

3. What data do we process?

At INNOVATION SUISSE SANTÉ Sàrl, we process various categories of data about you. Here are the main categories (by way of example):

Technical Data: When using our website or other online offers, we collect the IP address of your device as well as other technical data to ensure the functionality and security of these offers. This includes data on the use of our systems. We may also assign a unique identifier to you or your device (e.g. in the form of a cookie, see section 12). Although technical data does not directly reveal your identity, it can be associated with other categories of data and potentially with your person.

Registration Data: Some of our offers and services require the creation of a user account or registration. This data may include your name, e-mail address, and other necessary information. In some cases, we may share or receive your registration data with or from our contractual partners.

Communication Data: When you contact us via the contact form, e-mail, telephone, messaging, chat, or by post, we collect the data you share with us. This includes your contact details and communication metadata.

Basic Data: This is essential information such as your name, contact details, bank details, and other data necessary for the performance of our contractual relationship or for marketing purposes. This data may be supplied by you, by third parties, or extracted from public sources.

Other Data: This may include data collected in various situations such as health data, information collected at events, from security cameras, or when using our infrastructures and systems.

Contractual Data: This data is collected in connection with the conclusion or performance of a contract. It may include details of purchases, payment methods, and customer feedback.

Behavioral and Preference Data: To better understand your needs and tailor our offers, we collect data about your behaviors and preferences. This may include analysis of your interactions with our domain and information from third-party sources.

4. For what purposes do we process your data?

At INNOVATION SUISSE SANTÉ Sàrl, we process your data for various purposes detailed below, in accordance with the additional information presented in sections 12 and 13 for online services. These purposes correspond to our business interests and, potentially, to those of third parties. You will find further information on the legal basis for our processing in section 5.

Communication and responding to your requests: We use your data to communicate with you, in particular to respond to your requests and exercise your rights. This involves the use of communication data, master data and registration data related to the offers and services you use.

Management of Contractual Relationships: We process your data for the conclusion, administration and execution of our contractual relationships with you.

Marketing and Relationship Management: We use your data for marketing activities, such as sending personalized advertisements, organizing marketing campaigns, and offering free services. This may include sending newsletters and communicating via various channels.

Market Research and Business Development: Your data is used for market research and to improve or develop our commercial activities, products, services and other offers.

Security and access control: Your data may be processed as part of security and access control measures.

Compliance with Legal Requirements: We process personal data to comply with the laws, directives and recommendations of the authorities, as well as our internal regulations.

Risk management and corporate governance: Your data is also processed as part of our risk management and corporate governance activities, including the organization and development of the company.

Other purposes: We may process your data for other purposes, such as internal processes, administration, quality assurance and training.

5. On what basis do we process your data?

When we ask you for your consent to certain data processing operations, we will also inform you of the purposes involved. You can revoke your consent at any time with ex nunc effect by sending us a written message (by post) or, unless otherwise indicated or agreed, by e-mail; you will find our contact details in section 2 of this data protection declaration. In the case of revocation of your consent for online tracking, as described in section 11 of this data protection declaration, if you have a user account, revocation or contact with us may also be effected via the website or other service concerned. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of that consent until it is withdrawn.

Where we do not seek your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the preparation or performance of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest therein, in particular to fulfill the conditions set out in the previous point, the purposes described above and to take appropriate action. Compliance with legal provisions is also one of our legitimate interests, insofar as it is not already recognized as a legal basis by applicable data protection legislation.

In some cases, other legal grounds may apply, which we will inform you of separately if necessary.

6. What about profiling and automated individual decisions?

We may add some of your personal characteristics to those mentioned in point 1, using the data you have provided (ch. 3) in an automated way ("profiling"), when we want to determine preference data, but also to determine abuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we may also create profiles, i.e. we may combine behavioral and preference data, as well as master and contract data and technical data attributed to you, in order to better understand you as a person with your different interests and other characteristics.

In both cases, we ensure that the results are proportionate and reliable, and take measures to prevent misuse or profiling. If these measures are likely to have legal consequences or cause you significant inconvenience, we will normally carry out a manual check.

7. To whom do we disclose your data?

In the context of our contracts, the website, our services and products, our legal obligations or in order to protect our legitimate interests and the other interests mentioned in art. 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service providers: we work with service providers in Switzerland and abroad who process data about you on our behalf or jointly with us, or who receive data about you from us on their own responsibility.

Public authorities: We may pass on personal data to government departments, courts and other authorities in Switzerland and abroad if we are legally obliged or authorized to do so, or if it appears necessary to safeguard our interests.

Other persons: These are other cases in which the involvement and communication to third parties stem from the purposes described in section 4.

All these categories of recipient may in turn involve third parties, so that your data may also be accessible to them. We may restrict processing by certain third parties (e.g. IT service providers), but not others (e.g. authorities, banks, etc.).

8. Will your personal data be transmitted abroad?

As mentioned in section 7, we also pass on data to other organizations. These are not only located in Switzerland. Your data may therefore be processed in Europe as well as in other countries.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be consulted here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as it is not already subject to a set of rules recognized by law to guarantee data protection and we cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires such communication, if you have given your consent or if it concerns data that you have made generally accessible and whose processing you have not refused.

Please also note that data exchanged via the Internet often passes through third countries. Your data may therefore end up abroad, even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as required by our processing purposes, legal retention periods and our legitimate interests in documenting and preserving evidence, or if retention is a technical requirement. In the absence of legal or contractual obligations to the contrary, we will delete or anonymize your data once the retention period has expired or processing has ceased as part of our normal processes.

10. How do we protect your data?

We take appropriate security measures to ensure the necessary security of your personal data and to guarantee the confidentiality, integrity and availability of your data, to protect it from unauthorized or unlawful processing, and to minimize the risk of loss, accidental alteration, unauthorized disclosure or access.

11. What are your rights?

In order to make it easier for you to control the processing of your personal data, you also have the following rights in relation to our data processing, in accordance with the applicable data protection legislation:

- The right to ask us whether and what data we process about you;

- the right to ask us to correct inaccurate data;

- the right to request the deletion of data;

- the right to ask us to provide certain personal data in a current electronic format or to transfer them to another controller;

- the right to revoke consent, insofar as our processing is based on your consent;

- the right to obtain, on request, additional information required to exercise these rights;

- the right to object to automated individual decisions (ch. 6) to express your point of view and request that the decision be reviewed by a natural person.

If you wish to exercise the aforementioned rights, please contact us in writing, by visiting our offices or, unless otherwise indicated or agreed, by e-mail; you will find our contact details in section 2. In order for us to be able to exclude any misuse, we need to identify you (for example by means of a copy of your identity card, insofar as it is not possible to do otherwise).

Please note that these rights are subject to conditions, exceptions or limitations under applicable data protection legislation (e.g. to protect third parties or trade secrets). We will inform you accordingly.

If you are not satisfied with the way we exercise your rights or protect your data, please inform us in accordance with section 2 of this data protection declaration.

12. Do we use online tracking and online advertising?

Various techniques are used on our website, enabling us - and the third parties we engage - to recognize you when you use our website, and possibly to track you over several visits. This section provides information on this subject. Essentially, we wish to distinguish between your access (via your system) and access by other users, in order to ensure website functionality and carry out analyses and customization. In fact, we have no intention of determining your identity, although it may be possible for us or third parties we engage to identify you by linking to registration data. However, even in the absence of registration data, the technologies we use are designed to recognize you as an individual visitor each time you access the website, for example our server (or third-party servers) assigning a specific identification number to you or your browser (called a "cookie").

We use these technologies on our website and may authorize certain third parties to do so as well. You can configure your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser to block certain third-party tracking. Further information can be found on your browser's help pages (usually with the keyword "data protection") or on third-party websites (see below). We distinguish between the following categories of "cookies" (including technologies that work in a similar way, such as fingerprints):

  • Necessary cookies: Some cookies are necessary for the operation of the website or for certain functions. For example, they ensure that you can move from one page to another without losing the information you have entered in a form. They also ensure that you stay connected. These cookies exist only temporarily ("session cookies"). If you block them, the website may not function properly. Other cookies are needed by the server to store options or information (which you have entered) beyond one session (i.e. one visit to the website) if you use this function (e.g. language settings, auto-login functionality, shopping cart etc.).
  • Performance cookies: In order to optimize our website and related offers and better tailor them to users' needs, we use cookies to record and analyze the use of our website, potentially beyond a single session. We may use third-party analysis services for this purpose.
  • Marketing cookies: We and our contractual (advertising) partners have an interest in targeting advertising as precisely as possible, i.e. showing it only to the people we wish to address. To this end, we and our contractual partners may use cookies which may record content consulted or contracts concluded.

This enables us and our contractual partners to present advertisements that we think may be of interest to you, on our website and on other websites that display advertisements from us or our contractual partners. Without these cookies, you won't see fewer ads, just different ones. In addition to marketing cookies, we may use other technologies to control online advertising on other websites and thus reduce advertising waste. For example, we may pass on the e-mail addresses of our users, customers and others to whom we wish to display advertisements to operators of advertising platforms (e.g. social networks). If these people are registered with them with the same e-mail address (which the advertising platforms determine through a matching process), the providers display our advertisements specifically to these people. Providers do not receive personal e-mail addresses from people who are not already known to them. In the case of known e-mail addresses, however, they learn that these people are in contact with us and the content they have consulted. We may also integrate additional third-party offers on our website, in particular from social network providers. When these offers are activated, these providers can determine that you are using our website. If you have an account with the social network provider, it can allocate this information to you and thus track your use of online offers. These social network providers process this data as independent data controllers.

13. Can this privacy statement be modified?

This privacy statement does not form part of any contract entered into with you. We may amend this privacy statement at any time. The version published on our website is the current version.

Last update: 1st december 2023