All personal data provided to Security Lab Health Tech SA are processed under the Federal Data Protection Act (FDPA), under the General Data Protection Regulation (EU) 2016/679 of the European Parliament, and in compliance with the principles of correctness, lawfulness, transparency, purpose limitation and conservation, minimization and accuracy, and protection of integrity and confidentiality.

1 Data Controller‍

The Data Controller is Security Lab Health Tech SA.

For any further information on the processing of personal data or to exercise your rights, you can contact us:

• by sending a written request to: Security Lab Health Tech SA, C.so Enrico Pestalozzi 21/A, 6900 (Lugano), Switzerland
• by eMail at contact@medrooms.ch

‍

2 Personal Data and Processing

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as, for example, a name, an identification number, location data or an online identifier.

Processing means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, consultation, erasure or destruction, etc.

3 Personal Data we collect about you

Informiamo l’Utente che i dati personali oggetto di trattamento sono i seguenti:

a.    Browsing data

The IT systems and software procedures for the operation of the website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols. This is information is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users. This category of data includes the IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are only used to obtain anonymous, statistical information regarding website use, to verify its correct operation, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the Data Controller or third parties.[MOU1]

b.    Data provided through the Free Trial Form

User data is collected by the Data Controller when filling in a form (hereinafter referred to as "form"). The form requires the entry of the following personal data: name, surname, company name, telephone, email, billing address.

c.     Data provided voluntarily by the User

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

4 Purposes

User’s personal data will be process for the following purposes:

4.1      Respond to a request for information from the User

4.2      Sign contract for the service use of Medrooms Platform based on the Subscription Plan selected by the User;

4.3      Fulfill the contractual, pre-contractual, administrative and tax obligations arising from the relationship between the User and Security Lab Health Tech SA;

4.4      Fulfill the obligations established by law, by a regulation, and satisfy requests from the competent authority

4.5      Update and inform the User about the status of the process and on any initiatives of the Controller.

5 Legal basis

Each treatment is justified by one of the following legal bases:

·      The processing is necessary to execute the contract between the parties. In this case, the provision of personal data is optional but its absence makes the impossibility to conclude the contract and execute the requested service

·      The processing is necessary to fulfill a legal obligation. In this case, the provision of data is mandatory and its absence makes the impossibility to conclude the contract and execute the requested service

·      The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of personal data. In this case, the provision of data is optional.

6 Disclosure of User’s personal data to third parties

As part of Security Lab Health Tech SA ’s activities and for the purposes specified above, the User's personal data may be shared with:

• Appointed Data Processors who provide specific processing activities or services on behalf of the Data Controller and under its instructions (e.g. web hosting, system administrators)
• Data Controllers to whom the data could be communicated pursuant to legal provisions or orders of the Authorities, or e.g. to execute payments (banks); to allow the Data Controller to exercise its rights (law firm); etc.
• Subjects authorised by the Data Controller to process the personal data necessary to perform activities strictly related to the provision of services and who have assumed an appropriate legal and contractual obligation of confidentiality (e.g. employees and/or collaborators of the Data Controller).

We don’t sell or otherwise disclose the User's personal data to third parties.

7 Storing User’s personal data

All personal data are stored on servers located in Switzerland and in the EU.

ever, if it will be necessary, the Data Controller will have the right to transfer the data even outside Switzerland and extra EU. In such a case, the Data Controller ensures from now on that the data transfer will take place in accordance with the applicable law and regulations.

8 Retention of User’s personal data

In compliance with the principles of lawfulness, purpose limitation and data minimization, according to art. 6 of the FDPA and art. 5 of the GDPR, the retention period of the User’s personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the mandatory time limits prescribed by law about the retention of tax, fiscal and contractual records: 10 years from the conclusion of the service contract for the use of the Medrooms Platform.

‍

9 Cookies

Cookies are texts strings that act as computer markers sent by a server (the website's server, in this case) to the user's device (normally, an Internet browser) when the user accesses a given page of a website. Cookies are automatically stored by the browser and retransmitted to the server which generated them each time the user accesses the same web page. In this manner, for example, cookies facilitate access to several web pages to improve the User's browsing (or allow storage of pages visited or other specific information, such as the most frequently consulted pages, connection errors, etc.).

Characteristics and purposes of cookies

Our Website uses the following categories of cookies:

• "Strictly necessary cookies" (so-called Technical Cookies): these cookies are necessary to allow the User to browse the website and use its functions. In particular, they enable features without which the User would not be able to fully use the website, since their presence enables basic functions such as page navigation and access to protected areas of the website.
• "Session cookies":  these cookies are temporary and expire once the User closes his or her browser (or once the User’s session ends). They help keep track of the User’s data so he or she does not have to enter the same information more than once.

How to manually enable or disable cookies on your browsers

You can block the acceptance of technical cookies on the website or some of them through your web browser, as well as manually by using our cookie banner. However, this could make access to certain website features or pages more difficult or impossible. The methods provided by the main browsers to manually block acceptance of cookies are shown below:

·       Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11

·       Firefox: https://support.mozilla.org/it/kb/Gestione dei cookie

·       Chrome: https://support.google.com/chrome/answer/95647?hl=it ¨

·       Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

·       Tor: http://www.torproject.org

·       Srware: http://www.srware.net  

If "Strictly necessary cookies" (Technical Cookies) are disabled, the User browsing experience may be less functional or completely compromised. User’s consent is not required for the use of "Strictly necessary cookies" (Technical Cookies).

‍

10 Rights of the data subject

The User has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, the User can exercise the following rights:

• right to access to the personal data and the following information: the purposes of the processing; the recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the envisaged consequences of the processing based on profiling
• right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
• the right to obtain the rectification of inaccurate personal data concerning him or her
• right to obtain the erasure of personal data concerning him or her, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the User withdrew his or her consent on which the processing is based or the personal data have been unlawfully processed
• right to restrict processing, if provided by applicable law
• right to receive the personal data concerning him or her, which the User has provided to the Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another Data Controller without hindrance from the current Controller (if provided by applicable law)
• right to object to the processing of personal data concerning him or her. Specifically, the User has the right not to be subject to a decision based solely on automated processing, including profiling
• right to lodge a complaint with a supervisory authority, if the User considers that the processing of personal data relating to him or her infringes the applicable law.

The User may exercise his or her rights freely and at any time:

• using the contact details provided in the paragraph "Data Controller"
• contacting the Federal Data Protection and Information Commissioner.

11 Automated decision making

The User is not subject to decisions based solely on automated processing.

12 Changes to our privacy policy

Security Lab Health Tech SA reserves the right to change or simply update the content of this Privacy Policy, in part or in full, including due to changes in applicable law. Such changes will be binding as soon as they are published on the Website and/or the Application. If you continue to access or use the Service after such publication, you will be deemed to have expressly accepted such changes. Security Lab Health Tech SA therefore invites the User to regularly visit this section to take cognizance of the most recent and up-to-date version of the Privacy Policy so that he/she is always up-to-date on the data collected and its use by Security Lab Health Tech SA.

Last update: 03.07.2023