Legal notice

eHealth Suisse
Swiss Competence and Coordination Centre of the Confederation and the Cantons
Schwarzenburgstrasse 157
CH-3003 Bern
+41 (0)58 462 93 59

Data Protection Statement

Version dated 5 October 2023

 1. Introduction

We respect your privacy. This means that any information which you provide will be handled carefully and responsibly at all times, in compliance with the relevant data protection regulations and in accordance with this Data Protection Statement.

In general, the offerings on our website (www.e-health-suisse.ch) are subject to the terms and conditions applicable for the use of Swiss Confederation websites, which are available here:

External link: https://www.admin.ch/gov/en/start/terms-and-conditions.html

In particular, these offerings are governed by Swiss data protection legislation, as well as any international data protection regulations which may be applicable, e.g. those of the European Union (General Data Protection Regulation).

2. Body responsible

The body responsible for the processing of personal data is:

 eHealth Suisse

Swiss Competence and Coordination Centre of the Confederation and the Cantons

Schwarzenburgstrasse 157

3003 Bern

 

If you have any queries concerning the protection of your personal data, you can contact the above body in writing or by e-mail.

3. Personal data

“Personal data” means any information concerning an identified or identifiable natural person. This includes all the basic data provided to us, such as, in particular, your name, address, e-mail, telephone number and IP address. It does not cover statistical data or anonymised data which cannot be directly associated with you as an individual.

“Data subject” means a natural person whose personal data is processed; “processing” means any operation involving personal data (for example by combining data with an identifier such as a name, an identification number or location data).

4. Legal basis and purposes of data collection/processing

We collect, process and store personal data in order to fulfil our legal responsibilities and to comply with
any contractual obligations. In addition to the above-mentioned legal basis for data processing, we process data in pursuit of overriding interests – in particular, economic and legal interests. Our overriding interest lies, in particular, in the optimisation of our online offerings and of our website. Data is collected and processed for the purpose of enabling use of our website (establishment of a connection), ensuring sustained system security and stability, and permitting optimisation of our online offerings, as well as for internal statistical purposes. The IP address and country are analysed only in the event of attacks on the network infrastructure of the website, or for statistical purposes.

5. Contact

For queries of any kind, we offer you the option of contacting us via an e-mail address or a form available on the website. This requires you to provide a valid e-mail address and contact data (e.g. surname, first name) so that we know who has submitted the query. Further details may be provided voluntarily. Data processing which enables you to make contact with us is undertaken on the basis of your voluntary consent. The data from the forms (e.g. contact or registration for an event) are sent directly to eHealth Suisse by email, without being stored on the web host’s server. An exception is the self-declaration form for primary system providers. The (business) data from this form are stored on the Google Cloud web host with a server in Zurich to assure performance of tasks related to the publication of data on the eHealth Suisse website and the validity periods. The data will be changed or deleted at the request of the companies concerned.

6. Transmission

We will only pass on your personal data if we are legally obliged to do so, if you have given your explicit consent, or if this is necessary to uphold our rights – in particular, to uphold claims arising from any contractual relationship. In addition, we will only pass on your data to third parties insofar as this is required to respond to your queries. For this purpose, we will transmit the requisite data to other federal bodies, cantonal bodies, or other service providers (e.g. EPR
communities). These service providers will use your data exclusively to respond to your query. It is ensured that these service providers will treat your data confidentially and in accordance with the applicable legal requirements, and that your data will only be used for the purpose of the service in question.

We are also authorised, in pursuit of our economic, legal and non-material interests (e.g. for marketing purposes or to improve our online offerings) to pass on your data to external service providers. With regard to the software tools, we use services provided by the companies listed below. The data collected in connection with the use of this software tool may be transmitted to servers in the following countries:. This function is only activated if the user accepts the corresponding cookie (under Statistics). Consent to statistics cookies can be revoked at any time. 

More detailed information on the data collected and transmitted is available at:

External link: Matomo - Privacy policy

7. Retention period

We will retain your personal data for as long as is necessary or appropriate to comply with the relevant legal requirements, or for as long as it is needed to fulfil the purposes for which it was collected. As far as possible, we will always anonymise or delete your personal data as soon as it is no longer required, or at the latest at the end of the legally specified maximum retention period.

You can yourself request erasure of your personal data at any time by sending an appropriate application to the body specified in Section 2. We will comply with your request immediately, provided that we are not required to retain the data further on other grounds (e.g. a legal data retention obligation).

8. Rights of the data subject

8.1. Information

On written request, we will inform you at any time as to what personal data is stored when you visit our website.

8.2. Rectification, erasure, restriction of processing, right to object

You may have personal data which is stored when you visit our website rectified, blocked or erased by us. In addition, you may object to the disclosure of certain personal data. Exempt from erasure is data which we require to complete outstanding tasks or to uphold existing rights and claims, as well as data which we are legally obliged to retain. 

8.3. Data disclosure and transfer

On written request, you have the right to receive personal data which is stored when you visit our website in a structured, commonly used and machine-readable format (e.g. PDF file). You also have the right to request the return of data provided to us when visiting our website. 

8.4. Right to withdraw consent

Insofar as, in using our website or availing yourself of our services, you have given consent to the collection, storage, use, etc., of personal data, you may withdraw this consent at any time. The withdrawal of consent can be sent, by e-mail or in writing, to the body specified in Section 2. The effects of the withdrawal of consent are restricted to the storage and use of personal data which may not already, on legal grounds, be stored and used even without your consent. In addition, the withdrawal of consent does not affect the lawfulness of previous processing based on your consent.

8.5. Supervisory authority

The supervisory authority responsible for data protection matters is the Federal Data Protection and Information Commissioner:

External link: https://www.edoeb.admin.ch/edoeb/en/home.html

8.6. Exercising these rights

To exercise your rights, please contact the body specified in Section 2, providing proof of your identity (copy of ID, passport or other official document). Please note that your rights may be restricted insofar as this is legally provided for or necessary on account of overriding public or private interests.

9. Data concerning children

Insofar as is ascertainable, we only collect, process and use personal data concerning children with the consent of their authorised representative. Persons under 16 years of age must obtain permission from their authorised representative before transmitting personal data to us. Accordingly, persons under 16 years of age require their parents’ consent to use our website.

10. Liability for links

We have no influence whatsoever on the current or future design or content of any sites linked or referred to. This applies to all links and references included on our own website. Liability for illegal, inaccurate or incomplete content – and in particular for damage arising from the use or non-use of such information – rests solely with the operator of the site to which reference is made, and not with the operator of the site merely making reference (via links) to the publication in question. To the extent legally permissible, any liability is excluded.

11. Use of cookies

On our website, we use so-called cookies and similar technologies to allow your browser or device to be identified. A cookie is a small text file which is sent to your computer when you visit our website. A cookie can only contain information which we send to your computer – it cannot be used to read out private data. If you accept cookies from our pages, we do not have any access to your personal information, but with the aid of these cookies we can identify your computer. No personal data is stored in the cookies used, so that, using the cookies technology, we cannot draw any conclusions as to your identity.

We use session-specific, temporary cookies. These cookies are required technically for the operation of the website, but they do not remain on your computer. When you leave our website, the temporary cookies are discarded. With the aid of the information gathered, we can analyse website usage patterns and structures, and optimise the site by improving content, personalisation and usability.

We also use permanent cookies: these remain on your computer to permit user-specific personalisation and registration services on subsequent visits. These cookies may record, for example, which brochure you have chosen to order, while you continue to browse in the online shop. In addition, for websites where a log-in is required, you will only have to enter your password once. Permanent cookies can be manually deleted by the user.  

Cookies are also used by some of our Internet service providers (so-called third-party cookies). These cookies help us to
tailor our site to the specific requirements of our users. Thanks to these cookies, we receive information about which content/products/campaign products you have viewed or searched for, or which pages you have previously visited. These cookies are stored on your hard disk. The cookies used by our Internet service providers also do not contain any personal data. Pseudonymisation is used so that no conclusions can be drawn as to your identity. 

Most browsers (e.g. Firefox, Chrome, Microsoft Edge, Safari, etc.) accept cookies by default. In the privacy/security settings, you can allow or block temporary and/or permanent cookies. The data stored in our cookies is not linked to your personal data (name, address, etc.) without your explicit consent.

Cookiebot Declaration

12. Framing

On our website, we use framing for the network YouTube (YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, US).

“Framing” essentially means embedding: we embed videos, photographs, texts, etc. from this network on our website, so that they can be directly viewed. However, the actual content originates from the platform of the network concerned. If the content is deleted there, it will also disappear from our website. 

Videos are embedded using the privacy-enhanced mode. A cookie will only be stored on your computer if the video is played. If you wish to ensure that no user data is stored with the network concerned, do not click on the embedded videos.

13. Data security

On our website, for security reasons and to protect the transmission of confidential information, we use SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and the padlock icon is displayed. Once SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

14. Amendments

We reserve the right to amend this Data Protection Statement at any time. The latest version published on our website is applicable. If you are directly affected by an amendment to the Data Protection Statement (for example, if you use a newsletter service), you will be informed about such an amendment in an appropriate manner. The Data Protection Statement does not establish any contractual or other formal legal relationship with or on behalf of any party.

Patientrecord.ch is the official information platform on the electronic patient record (EPR) by eHealth Suisse, the Confederation and the cantons.