Privacy Policy Swiss Paraplegic Group

The entire Swiss Paraplegic Group (SPG) dedicates its utmost attention to data protection. The following organisations belong to the Swiss Paraplegic Group: the Swiss Paraplegic Foundation, the Swiss Paraplegic Centre, the Benefactors’ Association, Swiss Paraplegic Research, the Swiss Paraplegics Association, ParaHelp, Orthotec, Sirmed, Hotel Sempachersee, Active Communication.

This Privacy Policy is intended to inform you about the type, extent and purpose of processing personal data within the context of our website and about the websites, functions and content (hereinafter jointly referred to as “website”) linked to it.

The privacy policies of the respective organisations provide information on this use of other personal data which is not collected by the website paraplegie.ch. See the Swiss Paraplegic Foundation and the Benefactors’ Association, the Swiss Paraplegic Centre, Swiss Paraplegic Research, ParaHelp, Orthotec, Sirmed, Hotel Sempachersee or Active Communication.

We only process user personal data in compliance with the relevant data protection provisions (Swiss data protection law and, where applicable, Article 3 GDPR).

The following party is responsible for the processing of data collected by this website:

Swiss Paraplegic Centre
Guido A. Zäch Strasse 1
CH-6207 Nottwil

The company’s data protection officer can be contacted at:

Swiss Paraplegic Group
Information security and data protection officer
Guido A. Zäch Strasse 1
CH-6207 Nottwil
E-mail: datenschutz@paraplegie.ch

Data subjects can contact the information security and data protection officers directly with all questions and suggestions relating to data protection at any time.

2.1 Access data and log files

Every time a person or automated system accesses the website, our provider automatically records a set of general data and information and stores them in the server’s log files:

• Names of the retrieved pages
• Browser type/version
• Operating system used
• Referrer URL (the page previously visited)
• IP address
• Date and time of server query
• Search engines used
• Downloaded files

Es unterliegt I

For the SPF, this data and any comments left by users or other contributions can only be assigned to your IP address. The data will not be linked to any other information about you held by the SPF.

You are free to choose whether you want to tell us your personal data via the contact form or by e-mail. We use the personal data you provide for the specified purpose (e.g. for getting in contact).

2.2 Cookies

Cookies are pieces of information which are transferred from our web server or that of third parties to the user’s Internet browser and stored here for later retrieval. Cookies can be small files or other types of information storage.

If the users do not want cookies to be stored on their computers, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies may be deleted in the browser’s system settings. Excluding cookies may limit the functions of this website.

You can reject the placement of cookies used for reach measurement and advertising purposes via the deactivation page provided by the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/)

2.3 Google Analytics

On this website, we use Google Analytics (with the anonymisation function). Google Analytics is a web analytics service. Web analytics is the collection, compilation and analysis of data about the behaviour of visitors to websites. A web analytics service collects data on, among other things, the website from which a data subject accessed another website (so-called referrers), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analytics system is primarily used to optimise a website and to carry out a cost-benefit analysis of website advertising.

We use Google signals. In this way, Google Analytics collects additional information about users who have activated personalized ads (interests and demographics reports) and ads can be delivered to these users in Cross Device-eligible remarketing campaigns.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google is certified under the Privacy Shield agreement and guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offers by users, compile reports on activities on this website and provide us with further services associated with the use of this online offer and the use of the Internet. This allows for pseudonymous user profiles of the users to be created from the processed data.

We only use Google Analytics when the IP anonymisation function is activated. This means that Google will truncate the IP addresses of users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there.

The IP addresses transmitted by the user’s browser will not be consolidated with other data held by Google. Users can prevent cookies from being stored by changing the relevant settings in your browser; users can also prevent the recording of the data generated by the cookie concerning their use of the website and prevent the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

For further information on the use of data by Google, setting and objection options, please see Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use the websites or apps of our partners”), https://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), https://www.google.com/settings/ads (“Managing the information that Google uses to show you ads”).

You can find more information and Google’s valid privacy policy at https://www.google.com/intl/en/policies/privacy and www.google.com/analytics/terms/gb.html.
You can find more information about Google Analytics at this link: https://www.google.com/intl/en_en/analytics

On our website, we use content or service offerings of third-party providers in order to integrate their content and services such as videos or fonts (hereinafter jointly referred to as “content”). This always requires that the third- party providers of this content see the IP addresses of the users, as they would otherwise not be able to send the content to their browsers. The IP address is thus required in order to display this content. We do our best to only use content whose respective provider only uses the IP address to supply the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information such as visitor traffic on the website pages to be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, and it may also be linked to such information from other sources.

The following illustration offers an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on the data and, as partly mentioned here, objection options (so- called opt-outs):

• Maps provided by the “Google Maps” service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Privacy Policy: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
• Videos of the “YouTube” platform provided by the third-party provider YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Privacy Policy of YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA: https://www.google.com/policies/privacy/, opt out: https://www.google.com/settings/ads/.
• External code of the JavaScript framework “jQuconery” provided by the third-party provider jQuery Foundation, https://jquery.org.
• Videos from the Vimeo platform (https://vimeo.com/privacy)

We process your personal data in accordance with data protection law.

Log file information is stored for security reasons (e.g. for clarifying abuse or fraud).

The data is also evaluated for statistical purposes so that we can make our website more attractive.

Within the SPG, those bodies that need your data to fulfil their obligations will have access to it.

Data that is recorded when you access our website is only passed on to third parties if we are legally, contractually or jurisdictionally obliged to do so or we do so on the basis of legitimate interests.

If personal data is transmitted, we only use the personal information entered by you within our organisation.

Subcontractors that we use to provide our services are obliged to take appropriate technological and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

If, within the framework of this Privacy Policy, content, tools or other resources of other providers are used and these providers are based in a third country, it is to be assumed that data is transferred to the country where the third-party provider is based. Third countries refer to countries outside the EU, Switzerland and the European Economic Area. Data is transferred to third countries if there is an adequate level of data protection, the user has given their consent or other legal permission has been granted.

We process and store your personal data for as long as it is required for the fulfilment of our contractual and legal obligations. It is worth noting in this respect that our relationships to you as a patient, benefactor, customer or guest are a continuing obligation which are intended to last for years.

The provider will store log file information for up to 24 months in accordance with legal provisions. Data whose further retention is necessary for evidence purposes are excluded from erasure until the incident in question has been finally clarified.

If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be erased on a regular basis.

Any data subject shall have the right to request that we confirm whether we process personal data concerning them.

Any person subject to the processing of personal data may request from us information about the personal data we store about them for free (a fee may be requested in the event of repeat or abusive requests). We share with them the following information:

• the purposes of the processing
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• the right to lodge a complaint with a supervisory authority.

The data subject shall also have the right to receive information about whether personal data has been transferred to a third country. If this is the case, the data subject shall also have the right to receive information about relevant guarantees relating to the transfer.
Any person subject to the processing of personal data shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Any person subject to the processing of personal data shall also have the right to obtain without undue delay the erasure of personal data concerning them, provided that there are legal reasons for the erasure and processing is not necessary.

Any person subject to the processing of personal data shall have the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject for a period which enables the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
• The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
• The data subject has objected to processing pursuant to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Any person subject to the processing of personal data shall have the right to receive the personal data concerning them that they have provided to a controller in a structured, commonly used and machine-readable format or request that it is transmitted to another controller. The data is processed using automatic processes.

Any person subject to the processing of personal data shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them.

Any person subject to the processing of personal data shall have the right to revoke their consent to the processing of personal data at any time.

The rights of the data subject can be asserted in an informal manner. A request is to be addressed to:

Swiss Paraplegic Group
Information security and data protection officer
Guido A. Zäch Strasse 1
CH-6207 Nottwil
E-mail: datenschutz@paraplegie.ch

The data we store will be erased as soon as it is no longer required for its purpose and the erasure is not in conflict with any legal retention obligations. If the user’s data is not erased because it is necessary for other purposes permitted by law, its processing will be restricted. This means that the data is blocked and not used for other purposes. The applies, for example, to user data which must be stored for reasons under trade or tax law.

The SPG does not carry out any fully automated decision-making based on the information we have.

No profiling is carried out with the data collected via this website.

We take organisational, contractual and technical security measures according to the state of the art to ensure compliance with the provisions of data protection laws and thus protect any data we process from accidental or intentional manipulation, loss, destruction or access by third parties.

Im Zuge der Weiterentwicklung unserer Webseiten und der Implementierung neuer Technologien können Änderungen dieser Changes to this Privacy Policy may be necessary as part of the further development of our websites and the implementation of new technologies. We therefore recommend that you reread this Privacy Policy from time to time.

SPG, January 2019