Full Logo No Tagline Color
Donations
Donations

Privacy policy

The protection of your personal data (hereinafter also referred to as "data") and the protection of your privacy is important to us. Personal data is all information by which you are identified or identifiable, such as your surname, first name, address and e-mail address. We process this data from you as a data subject in connection with the purposes listed below (sections 4 and 6).

We are committed to handling your personal data responsibly.

Consequently, we consider it a matter of course to comply with the Swiss Federal Act on Data Protection (DSG; SR 235.1), the Ordinance on Data Protection (DSV; SR 235.11) and other applicable data protection provisions, such as the EU General Data Protection Regulation (GDPR), when processing your personal data (hereinafter: "applicable data protection law"). The terms according to the DPA are used below. Within the scope of application of the GDPR, they are to be understood in the sense of the GDPR.

When we refer to the processing of your personal data in this privacy policy, we mean any handling of your personal data. This includes in particular the storage, processing, use, deletion of data, etc.

We collect personal data in a transparent manner and in compliance with the principles of proportionality and purpose limitation. The data is only processed to the extent and for as long as is necessary for our tasks and obligations.

In this privacy policy, we inform you about the collection and further processing of your personal data. In addition, we may inform you separately about the processing of your data, for example in declarations of consent (e.g. in the context of clinical studies), contractual terms and conditions, additional data protection declarations, forms and notices.

We reserve the right to revise the privacy policy at any time. The most current version at the time of use will always apply.

1. responsible person

The controller for data processing within the meaning of the applicable data protection law is the

Swiss Cancer Institute

Effingerstrasse 33
3008 Berne
Switzerland

Tel: +41 31 389 91 91
E-mail: info@swisscancerinstitute.ch

We have the following data protection representation in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for inquiries in connection with the General Data Protection Regulation (GDPR):

VGS Data Protection Partner UG
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu

If you have any questions in connection with data protection and for information regarding your rights and how to assert them, you can contact us at data-protection@swisscancerinsitute.ch or via the contact details provided in our website imprint.
We have appointed a data protection officer:

Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Germany
email@iitr.de

2 What personal data do we process?

  • Contact details: This includes surname, first name, e-mail address, postal address and telephone numbers,
  • Data on online forms: This includes contact details and other details that are requested or that you forward to us,
  • Identification data: This includes user name and password in the online portal,
    Content data: This includes text entries,
  • Usage data: This includes websites visited, access times, click behavior, interest in content,
  • Payment data: This includes bank details, payment history,
    Meta/communication data: This includes IP address, date, time, pages visited, device details,
  • Meeting metadata: This includes participant IP addresses, device/hardware information,
  • Server log files: This includes browser type and browser version, operating system used, referrer URL, host name of the accessing computer and time of the server request,
  • Marketing data: This includes contact/sales opportunities, newsletter subscriptions and unsubscriptions, marketing messages sent,
  • Newsletter data: This includes personal details and e-mail address, subscription and unsubscription data and open rates,
  • Applicant data: In addition to your personal details, education, work experience, skills, comments on previous employment and availability, notice period, this includes the usual correspondence data such as postal address, e-mail address and telephone number.

We also process particularly sensitive data. Particularly sensitive data are

  • Data relating to religious, philosophical, political or trade union beliefs or activities,
  • data concerning health, privacy or racial or ethnic origin
  • genetic data,
  • biometric data that uniquely identifies a natural person,
  • Data relating to administrative and criminal prosecution or sanctions,
  • data on social assistance measures.


Finally, we also process the following data as part of our customer and business relationships:

  • Contract data: This includes in particular services used, payment information,
  • Customer data: This includes personal details, customer number, customer type, customer history,
  • Data on purchased goods or services, order data, payment data,
  • Personal data for course registration: This includes course selection, personal details and contact details.

3. from whom do we receive your personal data?

We primarily process personal data that we receive in connection with our activities from:

  • Doctors,
  • employees of the hospitals,
  • authorities,
  • patients,
  • organizations active in the field of cancer treatment, cancer research and prevention,
  • funding foundations,
  • sponsors,
  • collaboration partners
  • pharmaceutical representatives and service providers.

We also receive personal data from the following persons:

  • Event participants,
  • Newsletter subscribers,
  • potential and existing employees as well as members of the Patient Council and other committees of the Swiss Cancer Institute.

Insofar as this is permitted, we also obtain certain personal data from publicly accessible sources or from authorities and other third parties, in particular:

  • Information from public registers (e.g. debt collection registers, land registers, commercial registers),
  • Information in connection with your professional functions and activities,
  • Information about you in correspondence and meetings with third parties so that we can conclude or process contracts with you or with your involvement (e.g.
  • references, your address for deliveries, powers of attorney),
  • Information that we obtain in connection with official and legal proceedings,
  • Information on compliance with legal requirements such as anti-money laundering and export restrictions,
  • Information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made),
  • Personal data from the media and the Internet (insofar as this is appropriate in a specific case, e.g. as part of an application, press review, marketing/sales, etc.),
  • Your addresses and, if applicable, interests and other socio-demographic data (for marketing),
  • Data in connection with your visit to our website (e.g. IP address, MAC address of your smartphone or computer, details of your device and settings, cookies and other user and usage data).

4 For what purposes do we process your personal data?

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, to carry out scientific research projects and to comply with our legal obligations in Switzerland and abroad.

In addition, we also process personal data of you and other persons for the following purposes, to the extent permitted and deemed appropriate, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Visit our website,
  • making contact,
  • Processing of donations,
  • Use of collaboration tools,
  • recruitment of personnel,
  • Registration and participation in events,
  • conducting clinical studies,
  • Handling customer and business relationships,
  • newsletter distribution,
  • marketing measures,
  • security and access control.

If you have given us your consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and do not require one. You can withdraw your consent at any time, but this has no effect on data processing that has already taken place. If you wish to withdraw your consent, please contact the contact point under point 1 and inform us accordingly.

5 On what basis do we process your personal data?

We regularly use the following as the general legal basis for processing your personal data:

  • the conclusion or fulfillment of a contract with you or your request in advance,
  • your consent, which you can withdraw at any time
  • a legal obligation, which may also be taken into account as part of a balancing of interests.

Another legal basis for the processing of your personal data is our overriding interest in the processing of this data. Our overriding interests include, among other things

  • our customer service and the maintenance of our business relationships (e.g. maintaining contacts, communication with our business partners)
  • our advertising and marketing activities
  • Communication with you
  • the opportunity to get to know the users of our website and our online services better
  • the improvement and further development of our products and services (e.g. IT security in connection with the use of our website, improvement of our range of online services)

If you have given your consent electronically by activating a checkbox, the declaration of consent will be logged by us, whereby we store the user account name, the corresponding location on the website as well as the date and time.

You have the option of informally revoking your declaration of consent or objecting to the processing at any time. The revocation and/or objection should be sent to data-protection@swisscancerinstitute.ch.

6 Scope and purpose of the processing of your personal data in detail

6.1 Visiting our website

In principle, you can visit our website without having to provide any personal details. Our website is accessed using transport encryption (SSL), but some microsites can also be accessed without transport encryption.
When you visit our website, our servers automatically save the following data temporarily in a log file, the so-called server log file:

  • IP address of the requesting computer,
  • Entry page (website from which you came to our website),
  • Browser settings,
  • Language and version of the browser software,
  • Date and time of access/retrieval,
  • Name and URL of the data retrieved,
  • your computer's operating system and the browser you are using,
  • Country from which our website is accessed,
  • Name of your internet access provider,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status/HTTP status code,
  • amount of data transferred in each case,
  • activated browser plug-ins.

The purpose of processing this data is to be able to evaluate the use of our website (connection establishment) and to optimize our offers, as well as for internal statistical purposes. A personal user profile is not created.

The legal basis for the processing of your personal data is our overriding interest in the processing of this data.

We use cookies and similar technologies on our website and in the use of other digital services (hereinafter all these are summarized under the term "cookies"). A cookie is a small file that is transmitted between the server and your system and enables a specific device or browser to be recognized. Information on how we use cookies can be found in our cookie policy.

Our security measures also include the encryption of your data. When your data is transmitted to us via our website, it is encrypted using transport layer security (TLS). All information that you enter online is transmitted via an encrypted transmission path. This means that this information cannot be viewed by unauthorized third parties at any time.

6.2 Making contact

On our website, you have the option of contacting us by telephone, e-mail or online form. In order to process your request, it is necessary to provide your contact details.

The processing of this data is in our overriding interest for correspondence with you or for the purpose of processing your request and handling it.

6.3 Processing of donations

You have the option of making donations to us via our website. In order to process your donation correctly, we will process the following data:

  • Name,
  • e-mail address,
  • payment-related data (e.g. credit card details, details of the donation transaction),
  • all other data that may be required to process the donation, which you provide yourself when you decide to make a donation.

If you would like a donation receipt, we will also process your address.

The processing of this data is in our overriding interest for the processing of donations or for the purpose of the correct use of the donation you have made.

6.4 Use of collaboration tools

We use various collaboration tools for online meetings (telephone and video). When using these tools, different types of data are processed. The type and scope of the data depends on the data you provide before or during participation in an online meeting. These are, for example

  • First and last name, participant name if applicable, e-mail address,
  • Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location,
  • Audio, video or chat content,
  • Name of the meeting and, if applicable, password for meeting participation,
  • profile picture, if applicable,
  • any other personal data provided by the data subjects during the meeting.

If online meetings are recorded, this is communicated transparently in advance and, if necessary, consent is requested.

The processing of this data is in our overriding interest. Our overriding interest in these cases is the effective conduct of the meeting. Otherwise, the legal basis for data processing when conducting online meetings is the contract, insofar as the meeting is conducted as part of a contractual relationship.

6.5 Personnel recruitment

If you apply for a job with us, we will process the personal data that we receive from you as part of the application process. This includes information about your:

  • Person,
  • Education,
  • work experience,
  • skills,
  • Comments on previous employment, and
  • Availability/period of notice,
  • the usual correspondence details such as postal address, e-mail address and telephone number.

We also process all documents submitted by you in connection with the application, such as letters of motivation, CVs, references, certificates, diplomas and other documents provided by you. You can also voluntarily provide us with additional information.

This data is stored, evaluated and processed exclusively in the context of your application. We may also process your personal data for statistical purposes (e.g. reporting). In this case, however, it is not possible to draw conclusions about an individual person.

We keep your personal data for 4 months after the application for any queries. They will then be deleted.

Your applicant data is processed on the legal basis of our (pre-)contractual obligations as part of the application process and our overriding interest in processing your application. You can object to this data processing at any time and withdraw your application. Send your objection to data-protection@swisscancerinstitute.ch.

If you have given us your consent to store your data for further application procedures and to contact you again if necessary, we will only delete this data after one year. You have the option of withdrawing this consent from SAKK at any time. The revocation should be sent to data-protection@swisscancerinstitute.ch.

If you include personal data of other persons, for example your spouse or children, it is your responsibility to obtain the consent of these third parties in accordance with the applicable law.

If we conclude an employment contract with you, the data transmitted will be processed further for the purpose of handling the employment relationship in compliance with the statutory provisions.


6.6 Registration and organization of events

When organizing our events, we process the following personal data from you:

  • Contact details for registering for the event and professional title,
  • if associated with an overnight stay, your arrival and departure dates, any preferences and, if applicable, payment information,
  • if catering is provided, any data on intolerances and/or allergies and food choices, if necessary,
  • any data on disabilities and other physical limitations in order to make participation as pleasant as possible and to organize any necessary measures,
  • any other data that may be required for the organization of the event, which you provide yourself if you decide to participate in the event.


The legal basis for data processing for these purposes is the fulfillment of a (preliminary) contract. A further basis is our legitimate interest in processing your personal data as part of your registration.
Pictures and/or videos are taken of participants at our events and may be published in the following places:

  • on our website,
  • in web presences, e.g. in social media.

When you register, we obtain your consent in principle. Consent is voluntary and can be revoked at any time with effect for the future. If the recordings are available on the Internet, they will be removed as far as possible. The revocation or objection should be sent to the contact point mentioned under point 1 or to the following e-mail address data-protection@swisscancerinstitute.ch. The provision of personal information is voluntary. Please note, however, that your participation may not be possible if you provide incomplete information or no information at all.

6.7 Implementation of clinical studies

In the context of conducting clinical studies, we process your pseudonymized health data if you participate in a study as a patient. The legal basis for the processing of patient data is the consent that you have given to your treating hospital. You have the option of revoking your declaration of consent at any time for the future. The revocation must be sent to your treating hospital. Further information on how the hospital processes your personal data can be found on their website.

If you participate in a study as a healthcare professional, we will process your personal data to the extent necessary to conduct the study (e.g. contact details, information about your professional activity and training). The legal basis for processing the data of healthcare professionals is our legitimate interest in processing your personal data.

6.8 Customer and business relationships

We process personal data to the extent necessary in order to provide you with our contractual or pre-contractual services and to carry out other services requested by you. The data processed in this context and the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship.

The personal data processed includes

  • the master data: This includes, for example, name, address,
  • the contact data: This includes, for example, mail address, telephone number,
  • the contract data: This includes, for example, services used,
  • subject matter of the contract, contractual communication, names of contact persons.
  • the payment data: This includes, for example, bank details, payment history.

The data is processed in particular for the following purposes:

  • Contract negotiations, contract conclusion and contract implementation,
  • Customer and business partner management,
  • processing of payments.

The legal basis for data processing for these purposes is the fulfillment of a (preliminary) contract and our overriding interests

6.9 Newsletter dispatch

You have the option of subscribing to a newsletter on our website. In our newsletter you will receive information about our offers and our company.

If you have subscribed to our newsletter, we will use your e-mail address to inform you about us and our offers. The provision of further data is voluntary.

Registration for the newsletter takes place in a so-called double opt-in procedure. This means that after registering and clicking on the corresponding checkbox, you will receive an e-mail in which you must click on a link to confirm your registration.

The newsletter contains images that are retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about your browser and your system as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the retrieval locations (which can be determined using the IP address) or the access times. The surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked on. Although this information can be assigned to individual newsletter recipients for technical reasons, it is neither our intention nor that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The legal basis for the processing of this data is your consent.

You can unsubscribe from the newsletter at any time and revoke your consent. To do this, click on the corresponding link in the newsletter sent to you. You will find this link to unsubscribe from the newsletter at the end of each newsletter. You can also send your revocation to the contact point mentioned under point 1 or to the following e-mail address: data-protection@swisscancerinstitute.ch.

6.10 Marketing measures

We also use your contact details for the following purposes:

  • to maintain contact with you;
  • to inform you about certain services; and
  • to recommend services that may be of interest to you;
  • for statistical purposes.

The legal basis for the processing of this data is our overriding interest.

6.11 Security and access controls

We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, system and error checks and creating backup copies. We also keep access logs and visitor lists in relation to our premises for documentation and security purposes (preventive and to investigate incidents).

The processing of your personal data is in our overriding interest.

7 How do we integrate social networks?

We operate social networks and other online presences and process data about you in this context. We receive the data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics).

We use social plugins (plugins) from various social networks on our website. You can use these plugins to share content or recommend products, for example.

These are as follows:

  • YouTube
    We integrate the videos of the platform "YouTube". Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: policies.google.com/privacy?hl=en
  • X
    Functions and content of the X Corp. service may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within Twitter. If the users are members of the X Corp. platform, X CORP. can assign the access to the above-mentioned content and functions to the users' profiles there. If you live in the USA or another country outside the European Union, the EFTA states or the United Kingdom, the controller of your personal data is X Corp. with the following address: X Corp, Attn: Privacy Policy Inquiry, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you live in the European Union, EFTA States or the United Kingdom, the controller of your personal data is X International Unlimited Company, with the following address, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Privacy policy: twitter.com/en/privacy. You can contact Twitter's Data Protection Officer in confidence via their privacy inquiry form
  • LinkedIn
    Functions and content of the LinkedIn service may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned content and functions to the users' profiles there. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, parent company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA, Privacy Policy: LinkedIn Privacy Policy, Cookie Policy: de.linkedin.com/legal/cookie-policy,

Our website only integrates these plug-ins as external links. Your personal data is therefore only processed when you click on the integrated plug-ins. You will then be redirected to the page of the respective provider. We have no influence on the type and scope of data collected by the social networks. If you do not want the providers mentioned to receive your data, please do not click on the plug-ins.

When you visit our website and one of the social plug-ins listed on the website is activated, a direct connection is established between your browser and the server of the social network in question. The content of the plug-in is transmitted by the social network directly to your browser and integrated into the website. This provides the network with the information that you have visited our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plug-ins, the corresponding information is transmitted directly from the browser to the social network and stored there.

Even if you are not logged in to the social networks when you visit our website, websites with active social plug-ins can send data to the networks. An active plug-in sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie every time you connect to a server of the respective networks without being asked, the social networks could in principle use it to create a profile of which websites the user belonging to the identifier has visited.

If necessary, it would then be possible to assign this identifier to a person again later - for example when logging into the social network at a later date.

8. will my personal data be passed on?

As part of our business activities, we also disclose your personal data to third parties where permitted and where we deem it appropriate, either because they process it for us or because they wish to use it for their own purposes. This applies in particular to the following parties:

  • Service providers of ours (e.g. banks, insurance companies), including processors (such as IT providers or service providers that we have commissioned to host our websites),
  • Partner organizations such as hospitals,
  • dealers, suppliers, subcontractors and other business partners,
  • customers,
  • domestic and foreign authorities, official bodies or courts,
  • the media,
  • The public, including visitors to websites and social media,
  • competitors, industry organizations, associations, organizations and other bodies,
  • other parties in potential or actual legal proceedings.

We select our partners and processors carefully and only entrust them with data processing if we can sufficiently guarantee that they have suitable technical and organizational measures in place in accordance with the legal requirements.

Our processors may only process personal data on our documented instructions. They are all subject to confidentiality obligations and may only use your personal data to the extent necessary to fulfill the purpose for which your personal data was collected and unless otherwise required by law.

9. is personal data disclosed abroad?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but potentially in any country in the world, depending on the case - for example via subcontractors of our service providers or in proceedings before foreign courts or authorities.

If we also disclose your personal data to third parties abroad (i.e. outside Switzerland or the European Economic Area (EEA)), third parties are obliged to comply with data protection to the same extent as we are. If the level of data protection in the country concerned is not adequate, but there is no suitable alternative for us, we will ensure that your personal data is protected to this level. We ensure this in particular by concluding so-called standard data protection clauses of the EU Commission (available here) with the companies concerned and/or by the existence of other guarantees that comply with the applicable data protection law. Where this is not possible, we base the disclosure of the data on the necessity of the disclosure for the fulfillment of the contract.

10. how long will your personal data be stored?

We process and store your personal data only for the period required to achieve the stated purpose or if this is provided for in laws or regulations to which we are subject. If the storage purpose no longer applies or if a prescribed retention period expires, your data will be routinely blocked or deleted in accordance with the statutory provisions.

We will also delete your data if you request us to do so and we have no legal or other obligation to retain or back up this personal data. In this case, we guarantee that the confidentiality of the personal data transmitted is guaranteed for an indefinite period and that the personal data will no longer be actively processed.

If we store the data on the basis of a contractual relationship with you, this data will be stored for at least as long as the contractual relationship exists and at most as long as limitation periods for possible claims run or statutory or contractual retention obligations exist.

11. how is your personal data secured?

We take technical and organizational security precautions to protect your personal data against manipulation, loss, destruction, disclosure or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services when processing your data in the long term. They are also intended to ensure the rapid restoration of the availability of your data and access to it in the event of a physical or technical incident.

Our data processing and security measures are continuously adapted in line with technological developments.

We also take our own internal data protection very seriously. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations. Furthermore, they are only granted access to personal data to the extent necessary.

12 What are your rights?

You have the following rights in relation to your personal data:

Right of access: You have the right to know what personal data we process, what happens to it and how long it is stored,
Right to rectification: You have the right to supplement, correct or block your personal data at any time,
Right to erasure: You have the right to request the erasure of your personal data at any time,
Right to disclosure and transfer: You have the right to request all your personal data from the controller and to transfer it in full to another controller,
Right to object: You have the right to object to the processing of your data. We will comply with this unless there are legitimate grounds for the processing,
Right to withdraw consent: If you give us your consent to process your personal data, you have the right to withdraw this consent. The data processing carried out up to the time of revocation does not lose its legality as a result of the revocation.
Right to cease the unlawful processing of data,
Right to establish the unlawfulness of processing,
Right to rectification of the consequences of unlawful processing.
So that we can rule out any unlawful use of data, we must identify you (e.g. with a copy of your ID, if necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets or our professional duty of confidentiality).

You can contact us in writing regarding your rights at the contact point specified in section 1. We will comply with your requests in this regard, unless there is an exception or restriction provided for by law.

You can also lodge a complaint with a local supervisory authority - in Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC) - if you are of the opinion that the processing of your personal data violates data protection law.