Affidea Switzerland is part of the Affidea Group, the largest and most significant pan-European provider of medical services, specialising in diagnostic examinations, laboratory analyses and cancer treatment services. Further information about Affidea can be found in the “About us” section of our website.

The data controller for your personal information is Affidea SA.

The personal information we may collect about you mainly falls into the following categories:

Information you provide voluntarily

In certain areas of our website you may be asked to provide personal information voluntarily, for example:

• The type of medical service you require from our clinic and your contact details (online booking)
• Your feedback on our services (satisfaction survey form)
• If you wish to subscribe to our newsletter
• Submitting enquiries via a contact form
• Using our careers section if you wish to apply for a position at Affidea

The reasons why we collect and process your data will be explained at the time of collection.

Information we collect automatically

When you visit our website, we may automatically collect certain information from your device.

Specifically, the information we collect automatically may include details such as your IP address, device type, unique device identifiers, browser type, approximate geographic location (e.g. country or city), and other technical information. We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked.

Collecting this information helps us better understand website traffic, where our visitors come from, and which content interests them most. We use this information for internal analytics and to improve the quality and relevance of our website for visitors.

Some of this information may be collected using cookies and similar tracking technologies, as explained in our cookie policy.

In general, we will only use the personal data we collect from you for the purposes described in this privacy policy or for purposes explained to you at the time of collection. However, we may also use your personal data for other purposes that are not incompatible with those disclosed to you (such as archiving in the public interest, scientific or historical research purposes, or statistical purposes), where permitted by applicable data protection laws.

Please note that this website privacy notice does not apply to personal data collected outside this website when we provide medical services. For that, please refer to our patient data privacy notices. In other cases where we collect personal data, we will provide a specific privacy notice explaining why and how we process that data.

We may disclose your personal data to the following categories of recipients:

• To our group companies or third-party service providers and partners who provide data processing services (e.g. to support a service, provide functionality, or assist in improving the security of our website), or who otherwise process personal information for purposes described in this privacy policy or communicated to you when we collect your personal data. A list of our current suppliers and partners includes: Beetroot, Jenkinson and Associates.
• To any competent law enforcement body, regulatory authority, government agency, court or other third party where we believe disclosure is necessary to (i) comply with applicable law or regulation, (ii) exercise, establish or defend our legal rights, or (iii) protect your vital interests or those of another person.
• To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer that it may only use your personal data for the purposes disclosed in this privacy policy.
• To any other person with your consent to the disclosure.

If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

Typically, we will collect your personal data only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect your personal data, or need to collect it to protect your vital interests or those of another person.

Where we ask you to provide personal data to comply with a legal requirement or to contact you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide your personal data).

Where we collect and use your personal data in reliance on our legitimate interests (or those of a third party), we will make clear to you at the relevant time what those legitimate interests are.

We take technical and organisational measures to protect the personal data we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.

Your personal data may be transferred to and processed in countries other than the country in which you live. These countries may have data protection laws that differ from those of your country (and in some cases may not provide the same level of protection).

In particular, the servers of our website are located in the Netherlands and our group companies, service providers and third-party partners operate worldwide. This means that when we collect your personal data, we may process it in other countries.

However, we have implemented appropriate safeguards to require that your personal data remains protected in accordance with this privacy policy. We have also agreed similar safeguards with our service providers and third-party partners. Further details can be provided upon request.

We retain the personal data we collect where we have a legitimate business need to do so (for example, to provide you with a service or to comply with legal, tax or accounting obligations).

When we no longer have a legitimate need to process your personal data, we will delete or anonymise it, or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

Your data protection rights are as follows:

• If you wish to access, correct, update or delete your personal data, you can do so at any time.
• In addition, if you are resident in the European Union, you can object to the processing of your personal data, ask us to restrict processing, or request portability of your personal data.
• You have the right to opt out of receiving marketing communications we send you at any time. You can exercise this right by clicking the “unsubscribe” or “opt out” link in the marketing emails we send you. To disable other forms of marketing (such as postal or telephone marketing), please contact us using the details provided under “How to contact us” below.
• Likewise, if we have collected and processed your personal data with your consent, you may withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of any processing carried out prior to your withdrawal, nor will it affect processing of your personal data conducted on the basis of other lawful grounds for processing.

You can exercise these rights by contacting us using the details provided under “How to contact us”. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

You may also contact the Federal Data Protection and Information Commissioner (“FDPIC”), postal address: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH‑3003 Bern, or by telephone Monday to Friday from 10:00 to 12:00 at +41 (0) 58 462 43 95. You also have the right to lodge a complaint with a data protection authority regarding the collection and use of your personal data. Under Art. 28a of the Swiss Civil Code (ZGB) and Art. 32 para. 2 of the Data Protection Act (DSG), you also have the right to bring an action before a civil court for violation of personality rights. However, we hope you will first raise any concerns directly with us.

We may update this privacy policy from time to time in response to legal, technical or business developments. When we update our privacy policy, we will take appropriate measures to inform you in a manner consistent with the significance of the changes. We will obtain your consent to any material changes to this privacy notice where required by applicable data protection laws.

You can see when this privacy notice was last updated by checking the “last updated” date displayed at the top of this notice.