Skip to main content

Privacy Policy

Disclosure of personal data processing


Intro

This document describes the policy regarding the processing of personal data of Samsara Medical Center Sagl, a company under Swiss law based in Lugano (CH), in relation to the user's use of the site www.samsaramedical.ch and related resources (hereinafter the “Site”).

This document informs the user, pursuant to and for the purposes of Articles 4 para. 5 of the Federal Data Protection Act (DPA) and, where applicable, Articles 13 and 14 of the European Regulation (EU) 679/2016 (GDPR), that personal data provided or otherwise acquired in the context of the Site's activities will be processed, in accordance with the principles set forth in the above regulations.

It should be noted that the GDPR, in accordance with Article 3, applies only in the case of:

  1. Offering goods or services to individuals in the EU;
  2. Behavior monitoring of individuals in the EU.

Paragraphs A and B specify ownership of the Site, contact details for communications, and describe the mechanism for acceptance and review of this document. Paragraphs C and D describe the Site's policy regarding the processing of users' personal data. Finally, paragraph E governs the substantive law applicable to the legal relationship between the parties and establishes the competent forum in the event of a dispute related to that relationship.

The conditions governing the use of the Site are described in a separate document, accessible at this link. The same is understood to be reproduced and supplemented in full here.

A. Site ownership and communications

The Site is the property of Samsara Medical Center Sagl, Lugano (CH).

All communications shall be in writing and shall be deemed validly and effectively executed upon receipt thereof, if made by regular mail, respectively upon receipt of read confirmation, if made by electronic mail.

Contact:

B. ACCEPTANCE AND MODIFICATION OF TERMS AND CONDITIONS

By using the Site, the user accepts the terms and conditions in force at the time of access. It is your responsibility to carefully check the status of the terms and conditions before accessing the Site, being reserved the right of the owner to update this document at any time and at its own discretion, notably according to the evolution of the applicable law.

C. DATA PROTECTION POLICY

Data controller

The data controller is Samsara Medical Center Sagl, Via Dufour, 4 - CH-6900 Lugano. The owner can be contacted using the contact details specified in par. A above.

Data protection officer

The Data Protection Officer can be contacted in writing by regular mail at the following address: c/o Samsara Medical Center Sagl, Via Dufour, 4 - CH-6900 Lugano.

Any communication regarding the protection of personal data can be sent to the following e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Legal regime applicable to data processing

The owner, as a legal entity under Swiss law based in Switzerland active in the private sector, processes personal data of users in accordance with the Federal Data Protection Act (“LPD”, RS 235.1).

WHEREAS, Samsara Medical Center Sagl in principle does not process personal data that fall under the scope of the GDPR (see par. A above), should the Regulation be exceptionally applicable, Samsara Medical Center Sagl grants the data subjects the protections provided by the GDPR itself (in particular the rights provided for in Articles 12 - 23). The text of the GDPR can be consulted by activating this link.

Concepts and categories of personal data

Personal data means any information concerning an identified or identifiable natural person (Personal Data). Personal data deserving special protection are considered to be sensitive information such as that concerning the intimate sphere, social welfare measures, racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or health-related data, mental, mental or physical state, as well as data concerning criminal convictions and offenses or related security measures.

Purpose and lawfulness of processing

The owner collects and processes Personal Data necessary to enable and optimize navigation on the Site. This data includes information concerning the use of the Site, such as the IP address of the user's device, the user's location, the unique identifier of the user's mobile device, the duration of stay on the Site, activated links, browser characteristics (type, language, plug-ins installed, etc.), cookies, etc.). This data is processed in an automated manner solely to enable navigation on the Site, evaluate the introduction of new features, improve the quality of the services offered, measure the use of the Site, and optimize its usability.

The Site processes Personal Data transmitted by the user, particularly by online form or electronic mail, for the purpose of communicating or making available information requested by the user.

The Site does not process or broadcast content or advertisements designed based on online behavior, profile you, or monitor your use of web resources or e-mail. The Site does not sell, rent, trade, and/or lend Personal Data to third parties.

Duty to provide data

Apart from what is specified for navigation data, the user is free to provide Personal Data.

The provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide the requested data will result in the inability to obtain what is requested or to use the services of the data controller.

Data transfer to a third country and/or international organization

Personal Data may be transferred abroad (with respect to Switzerland), limited, however, to the European Union or to countries that provide adequate protection of personal data (with respect to Swiss law) as per the List established by the Federal Authority, respectively the European Authority responsible for data processing subject to the GDPR. The data subject has the right to obtain a copy of such data.

In case of transfer to non-European countries, in particular the United States, whose level of data protection has not been deemed adequate, Personal Data may be transferred only to individuals, entities and companies that have adhered to specific international agreements and/or instruments having as their object the protection of personal data (for example: Swiss / EU - US Privacy Shield). The data subject may obtain information about the protections adopted for the transfer of Personal Data by contacting Samsara Medical Center Sagl in writing.

Storage period of personal data

The Site retains Personal Data as long as its retention is necessary in view of the purpose for which the data was collected, respectively to the extent that there is a legal obligation to retain it (normally 10 years). Once the purpose for which the Personal Data was collected has lapsed, respectively, the retention obligation established by law has expired, the owner shall provide for the permanent and secure deletion of the data or, alternatively, their anonymization. The detailed policy on the retention of personal data can be requested from the data controller by e-mail or viewed at the company's registered office.

Data relating to minors

Processing justified by the consent of the data subject is lawful where the child who has given consent is at least 16 years old. Where the child is under the age of 16, the processing of personal data is lawful only and to the extent that consent is given or authorized by the legal representative. The controller will make every reasonable effort and in consideration of available technology to verify that the consent given by the legal representative is effective. However, it will not be in any way responsible for any false statements that may be provided by the minor and, in any case, if it ascertains that the statement is false, it will immediately delete all personal data and any material acquired. The owner will facilitate requests concerning the personal data of minors coming from the legal representative.

Data controllers, recipients or categories of recipients, access to data

The Personal Data you provide may be disclosed to recipients who will process the data as appointed data controllers and/or as individuals acting under the authority of the data controller or data processor. Where they operate independently, the individuals take the position of separate data controllers.

Subject to data transmissions required by law, data may be disclosed to recipients in the following categories:

  • entities that provide services for the management of information and telecommunications systems used by the data controller for the provision of the Site and for the organization, planning, implementation and execution of activities related to the Site;
  • companies and freelancers who provide services to the data controller, such as in the legal, accounting, administrative and

As part of the management of the Site and related resources (in particular: e-recruiting, e-mailing, back-up, web-design, graphics, maintenance, translation, hosting and Internet access activities), Samsara Medical Center Sagl uses external suppliers of goods and/or services established and active in Switzerland or the European Union (EU).

External suppliers have access to the data only to the extent strictly necessary for the proper and efficient performance of their tasks, subject to the assumption, by agreement, of an obligation of confidentiality and non-use in relation to Personal Data.

The full list of data processors is available at the company's registered office.

E-mail communications, risks

Users are cautioned that (i) the use of e-mail does not ensure the confidentiality and integrity of data in transit, (ii) many e-mail service providers are located or hold their data in countries that do not provide adequate protection for personal data (e.g., the U.S., see updated official downloadable list qui), (iii) use of such an e-mail service results in the transfer and storage of data in a country that does not provide adequate protection of such data.

The user authorizes the holder (and its auxiliaries) to transmit by ordinary electronic mail (non-certified and encrypted) documents and/or information, including those containing data personal and/or confidential, using the e-mail address provided by the user in response to requests from the user received by telephone or e-mail. The user, in full awareness of the aforementioned risks, exempts the holder from any liability in the event of unauthorized access by third parties to documents and/or personal and/or confidential information transmitted or received via e-mail by the holder and/or its organs and auxiliaries.

Links to third-party resources

The Site contains links to sites, services and other Internet resources referable to third parties. The owner is in no way responsible for the content, security, or usability of such sites and resources; in particular, the owner does not verify the policy, nor does the owner make any guarantees regarding the protection of privacy and personal data by such third parties.

Security

The Site implements security measures reasonably imposed by the circumstances and proportionate to the risks against unauthorized access, use, transmission, alteration, loss or destruction of Personal Data. Such measures include technical, physical and organizational measures. However, given the nature of the Internet as an “open network,” the owner cannot guarantee or warrant that data will not be intercepted or acquired by unauthorized third parties.

User Rights

Within the limits set by the DPA, the data subject may in particular:

  • Obtain correction of inaccurate personal data (Art. 5 2 DPA);
  • To ask free of charge and with a written answer whether data concerning him or her are being processed (Art. 8 1 DPA);
  • To have consent to the processing of personal data discontinued or revoked (Art. 12 2 (b) DPA);
  • stop unlawful processing of personal data (art. 12 2 letter a) LPD);
  • prevent, in the absence of justification, the communication to third parties of personal data worthy of particular protection or personality profiles (art. 12 2 letter c) LPD);
  • request that data processing be blocked, that communication to third parties be prevented or that personal data be rectified or destroyed (art. 15 1 LPD);
  • if neither the accuracy nor the inaccuracy of the personal data can be demonstrated, request that a mention be added to the data highlighting its disputed nature (art. 15 para. 1 LPD);
  • request that the rectification, destruction, blocking, in particular that of communication to third parties, as well as the mention of the disputed nature or the sentence be communicated to third parties or published (art. 15 3 LPD);
  • have personal data collected, stored or used unlawfully destroyed;
  • to establish the illegality of the processing of personal data;
  • file a criminal complaint in case of violation of the information, notification and collaboration obligations (art. 34 LPD), as well as of discretion (art. 35 LPD).

If the processing of data falls within the territorial scope of application of Article 3 of the GDPR, the data subject may exercise the rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR by contacting the data controller or the processor. The user has the right, at any time, to request from the data controller access to his/her personal data, rectification, erasure of such data, restriction of processing concerning him/her or to object to the processing of such data and to exercise the right to data portability. If the processing is based on Article 6(1)(a) or Article 9(2)(a) of the GDPR, the user has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal. The user has the right to lodge a complaint with the supervisory authority. In the case of a request for data portability, the controller shall provide the data subject with his/her personal data in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of Article 20 of the GDPR.

D. Applicable law and competent court

The legal relationship between the user and the owner of the Site with reference to access and use of the Site (and related resources) is governed by Swiss substantive law, excluding the rules of private international law.

The parties choose the Magistrate's Court of Lugano (TI) as the exclusively competent court in the event of a dispute arising from or simply connected to the use of the Site. The owner of the Site reserves the right to appeal to the competent Judge at the user's headquarters, branch or domicile.

Effective date: January 12, 2022