Privacy policy

§ 1 General Provisions

(1) Below, we inform you about the processing of personal data when using our website. This is done in compliance with the applicable legal provisions, in particular the Swiss Federal Act on Data Protection (hereinafter referred to as “FADP”) and the General Data Protection Regulation of the European Union (hereinafter referred to as “GDPR”). Definitions of the terms used in this Privacy Policy (e.g., “personal data” or “processing”) can be found in Art. 5 FADP and Art. 4 GDPR.

(2) The controller for data processing is:
Mobile Health AG
Mühlebachstrasse 43
8008 Zurich
Switzerland
Telephone: +41 43 243 76 22
Email: datenschutz@medidux.com

You can reach our Data Protection Officer at datenschutz@medidux.com or by postal mail to our address with the addition “the Data Protection Officer.”

(3) We delete your personal data as a matter of principle when it is no longer necessary for the purposes for which it was collected or otherwise processed. If we have requested your consent and you have granted it, we will delete your personal data if you revoke your consent and there is no other legal basis for processing. We will delete your personal data if you object to the processing and there are no overriding legitimate grounds for the processing. If deletion is not possible because processing is still necessary to fulfill a legal obligation (e.g., statutory retention periods) to which we are subject, or to establish, exercise, or defend legal claims, we will restrict the processing of your personal data.

§ 2 Processing of Personal Data When Visiting Our Website

When you use our website for informational purposes only, i.e., when you merely view the site without otherwise providing us with information, we process the personal data that your browser transmits to the servers of our web hosting provider, which are exclusively located in Switzerland. The data described below are examples and are technically necessary for us to display our website to you, ensure its stability and security, and must therefore be processed by us:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (page visited)
• Access status/HTTP status code
• Data volume transmitted in each case
• Previously visited page
• Browser
• Operating system
• Language and version of the browser software

§ 3 Data Processing for Contract Fulfillment

If you are or become a customer of ours, we process your contact, contract, payment, and communication data for the provision and billing of the contractual services, which you can find in our General Terms and Conditions. For the aforementioned purpose, your data may be disclosed to service providers supporting us (e.g., service providers, operators of communication applications, etc.), whom we have carefully selected and who are bound by our instructions. If we have requested your consent and you have granted it, the legal basis for processing is Art. 31(1) FADP and Art. 6(1)(a) GDPR. You may revoke your consent at any time. If we have not requested your consent, the legal basis for processing is Art. 6(1)(b) GDPR.

§ 4 Data Processing When Contacting Us

When you contact us by email, telephone, or via a contact form, the data you provide (e.g., email address, name, telephone number, or content of the inquiry) is processed by us to answer your questions and/or handle your request. If we have requested your consent and you have granted it, the legal basis for processing is Art. 31(1) FADP and Art. 6(1)(a) GDPR. If we have not requested your consent, the legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest in this case is the processing of your contact request.

§ 5 Additional Functions and Offers of Our Website

In addition to the purely informational use of our website, we may offer additional services that you can use if interested. For this, you will generally need to provide additional personal data, or we will process such additional data required to provide the respective services. For all data processing purposes described here, the principles of data processing set out above apply.

§ 6 Objection or Revocation

(1) If you have given consent to the processing of your data, you may revoke it at any time. Such revocation does not affect the lawfulness of the processing of your personal data carried out until the revocation.

(2) Where we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case, in particular, if the processing is not necessary for the performance of a contract with you, which we will indicate in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data in the manner we have done. In the event of your objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

(3) You may object at any time to the processing of your personal data for advertising and data analysis purposes.

§ 7 Processing of Data from Your End Devices (“Cookies”)

(1) In addition to the data mentioned above, we use technical tools for various functions when you use our website, in particular cookies, which may be stored on your end device. When you visit our website and at any time thereafter, you have the choice of whether to allow the setting of cookies in general or which individual additional functions you wish to select. You can make changes in your browser settings or via our Consent Manager (“Cookie Settings” on our website). Below, we first describe cookies from a technical perspective (2), before we go into more detail about your individual selection options by describing technically necessary cookies (3) and cookies that you can voluntarily select or deselect (4).

(2) Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can flow to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer; instead, they primarily serve to make the internet offering faster and more user-friendly. This website uses the following types of cookies, whose functionality and legal basis we explain below:

• Transient cookies: These, in particular session cookies, are automatically deleted when you close the browser or log out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the joint session, and your computer can be recognized when you return to our website.
• Persistent cookies: These are automatically deleted after a predefined period, which varies depending on the cookie. In your browser settings, you can view the cookies set and their durations at any time and manually delete the cookies.

(3) Mandatory, technically necessary functions for displaying the website: The technical structure of the website requires that we use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or support functions cannot be enabled. These are generally transient cookies, which are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies are visible in the Consent Manager. The legal basis for this processing is Art. 6(1)(f) GDPR.

(4) Optional cookies with your consent: We only use various cookies after your consent, which you can select when you first visit our website via the so-called Cookie Consent Tool. These functions are only activated if you give your consent and may, in particular, serve to allow us to analyze and improve visits to our website, facilitate navigation across different browsers or end devices, recognize you on subsequent visits, or display advertisements (including, where applicable, to align advertisements with your interests, measure the effectiveness of ads, or display interest-based advertising). The legal basis for this processing is Art. 31(1) FADP and Art. 6(1)(a) GDPR. You may revoke your consent at any time, without affecting the lawfulness of the processing carried out until the revocation.

§ 8 Web Analytics

Web Tracking Using Google Analytics

(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of our use of this tool is to enable analysis of your user interactions on websites and in apps and to improve our offering through the statistics and reports obtained, making it more interesting for you as a user.

(2) We primarily collect interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses, and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us, as website operators, with information about which country, region, or location the respective user comes from (so-called “IP geolocation”). For your protection, we use the anonymization function (“IP masking”), meaning that Google shortens IP addresses within the EU/EEA by the last octet.

(3) Google acts as a processor, and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For these cases, Google has, according to its own statements, imposed standards on itself equivalent to the former EU-US Privacy Shield and has committed to comply with applicable data protection laws in international data transfers. We have also concluded Standard Contractual Clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

(4) The legal basis for the collection and further processing of the information (which is carried out for a maximum of 14 months) is your granted consent (Art. 31(1) FADP and Art. 6(1)(a) GDPR). You may revoke your consent at any time, without affecting the lawfulness of the processing carried out until the revocation. In apps, you can reset the advertising ID under the settings of Android or iOS. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which is available at the following link: tools.google.com/dlpage/gaoptout?hl=de.

(5) For more information on the scope of services provided by Google Analytics, please visit: marketingplatform.google.com/about/analytics/terms/de. Information on data processing when using Google Analytics is provided by Google at the following link: support.google.com/analytics/answer/6004245?hl=de. General information on data processing, which Google states also applies to Google Analytics, can be found in Google’s Privacy Policy at: www.google.de/intl/de/policies/privacy.

§ 9 Plugins / Tools

1. Google Web Fonts

(1) This site uses so-called Web Fonts provided by Google to ensure the uniform display of fonts. When you visit a page, your browser loads the required Web Fonts into its cache to correctly display texts and fonts.

(2) For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.

(3) If your browser does not support Web Fonts, a standard font from your computer will be used.

(4) Google acts as a processor, and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded agreements with EU Standard Contractual Clauses with the provider.

(5) For more information on the purpose and scope of data collection and its processing by the plugin provider, please refer to the provider’s privacy policies. There you will also find further information on your rights and settings options to protect your privacy: www.google.de/intl/de/policies/privacy.

2. Google reCAPTCHA

We use the reCAPTCHA service from Google in the forms for changing your address, communication data, and retrieval account. The purpose of the query is to distinguish between human input and automated, machine-generated input. We base the processing on our legitimate interest (Art. 6(1)(f) GDPR) to protect the website from automated spying, abuse, and spam. For this purpose, your input is transmitted to Google and processed there. Your IP address and, where applicable, other data used by Google for the service are transmitted to Google. For more information about Google reCAPTCHA and the privacy policy, please visit: www.google.com/recaptcha/intro/v3.html or www.google.com/privacy.

§ 10 Social Media

1. Use of Social Media Plug-ins

(1) We currently use the following social media plug-ins: Twitter, Xing, Facebook, which are only loaded if you have previously activated the function by giving your consent. Via the plug-ins, we offer you the possibility to interact with the social networks and other users. The legal basis for the use of the plug-ins is Art. 31(1) FADP and Art. 6(1)(a) GDPR, meaning that the integration only takes place after your consent.

(2) The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise this right. Data is transmitted regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect about you will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this will help you avoid being associated with your profile with the plug-in provider.

(3) The information collected is stored on the providers’ servers, and for international providers, also outside Europe. For these cases, the provider has, according to its own statements, imposed standards on itself equivalent to the former EU-US Privacy Shield and has committed to comply with applicable data protection laws in international data transfers. We have also concluded Standard Data Protection Clauses with the providers, the purpose of which is to ensure an adequate level of data protection in the third country.

2. Embedding of YouTube Videos

(1) We have embedded YouTube videos in our online offering, which are stored on YouTube.com and can be played directly from our website. These are all embedded in “enhanced privacy mode”, meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos is the data mentioned in paragraph 2 transmitted. We have no influence on this data transfer. The legal basis for displaying the videos, including the aforementioned data transfer, is Art. 31(1) FADP and Art. 6(1)(a) GDPR, meaning that this only takes place after your consent.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the basic data mentioned above, such as IP address and timestamp, are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for non-logged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

(3) The information collected is stored on Google’s servers, including in the USA. For these cases, the provider has, according to its own statements, imposed standards on itself equivalent to the former EU-US Privacy Shield and has committed to comply with applicable data protection laws in international data transfers. We have also concluded Standard Data Protection Clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

(4) For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and settings options to protect your privacy: www.google.de/intl/de/policies/privacy.

3. Our Presence on Social Networks

(1) We maintain various presences on so-called social media platforms. We operate these presences with the following providers:

(2) For these information services, we use the technical platform and services of the providers. We would like to point out that you use our presences on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). When you visit our presences, the providers of the social media platforms collect, among other things, your IP address and other information that is present in the form of cookies on your end device. This information is used to provide us, as operators of the accounts, with statistical information about the interaction with us.

(3) The data collected in this context about you is processed by the platforms and, where applicable, transferred to countries outside the European Union, in particular the USA. All of the aforementioned providers state that they maintain an adequate level of data protection equivalent to that of the former EU-US Privacy Shield, and we have concluded agreements containing Standard Data Protection Clauses with the companies. We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored, or whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the page as a non-registered and/or non-logged-in user. When accessing a post or account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, it is possible to trace how you have moved around the network via a cookie on your end device. Through buttons embedded in websites, the platforms can record your visits to these websites and assign them to your respective profile. Based on this data, tailored content or advertising can be offered to you. If you wish to avoid this, you should log out, disable the “stay logged in” function, delete the cookies on your device, and restart your browser.

(4) As the provider of the information service, we only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this Privacy Policy. The legal basis for processing your data on the social media platform is Art. 6(1)(f) GDPR.

(5) To exercise your data subject rights, you can contact both us and the provider of the social media platform. If one party is not responsible for answering or needs to obtain information from the other party, we or the provider will forward your request to the respective partner. For questions about profiling or the processing of your data when using the website, please contact the operator of the social media platform directly. For questions about the processing of your interaction with us on our page, please write to the contact details we have provided above.

(6) For information on what information the social media platform receives and how it is used, the providers describe this in their privacy policies (see link in the table above). There you will also find information about contact options and settings options for advertisements. For more information on social networks and how you can protect your data, please visit www.youngdata.de.

§ 11 Online Advertising

1. Use of Google Ads

(1) We use Google Ads to draw attention to our offerings through advertisements. If you reach our website via a Google ad, Google Ads will store a cookie on your end device. The legal basis for processing your data is Art. 31(1) FADP and Art. 6(1)(a) GDPR, meaning that the integration only takes place after your consent.

(2) The advertisements are delivered by Google via so-called “ad servers”. For this purpose, we and other websites use so-called ad server cookies, which can be used to measure certain parameters for success measurement, such as the display of advertisements or clicks by users. Through the Google Ads cookies stored on our website, we can obtain information about the success of our advertising campaigns. These cookies are not intended to personally identify you. The following are typically stored in this cookie as analysis values: Unique Cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that a user no longer wishes to be addressed).

(3) The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie, so the cookies cannot be tracked across the websites of other Ads customers. By integrating Google Ads, Google receives the information that you have accessed the corresponding part of our internet presence or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or not logged in, it is possible that the provider may obtain and store your IP address.

(4) Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. In the aforementioned advertising measures, we do not collect personal data ourselves, but merely provide Google with the opportunity to collect data. We only receive statistical evaluations from Google, which provide information on how often which ads were clicked at what prices. We do not receive any further data from the use of the advertising tools, in particular we cannot identify users based on this information.

(5) You may revoke your consent at any time, without affecting the lawfulness of the processing carried out until the revocation. The easiest way to revoke your consent is via our Consent Manager or through the following functions:
a) By adjusting your browser software settings accordingly, in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers;
b) By setting your browser to block cookies from the domain “www.googleadservices.com”, www.google.de/settings/ads, although this setting will be deleted if you delete your cookies;
c) By disabling interest-based ads from providers that are part of the self-regulatory campaign “About Ads” via the link www.aboutads.info/choices, although this setting will be deleted if you delete your cookies;
d) By permanently disabling in your browsers Firefox, Internet Explorer, or Google Chrome via the link www.google.com/settings/ads/plugin.
We would like to point out that in this case, you may not be able to use all functions of this offering to their full extent.

(6) Google acts as a processor, and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded agreements with EU Standard Contractual Clauses with the provider.
For more information on data protection at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, please visit: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.

2. Google Conversion Tracking

(1) We use Google Ads with the additional application “Google Conversion Tracking”. This is a procedure that allows us to check the success of our advertising campaigns. For this purpose, the advertisements are provided with a technical provision, e.g., an ID, which allows us to determine how a user interacts after clicking on the advertisements and whether one of our services is actually used.

(2) The legal basis for processing your data is also Art. 31(1) FADP and Art. 6(1)(a) GDPR, meaning that the integration only takes place after your consent. You can prevent or no longer use the conversion tracking function in the same way as described above for Google Ads.

(3) Google acts as a processor, and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded an agreement with EU Standard Contractual Clauses with the provider.
For more information on data protection at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, please visit: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.

3. Google Remarketing

(1) We use Google Ads with the additional application “Google Remarketing”. This procedure allows us to create advertisements based on existing information about you and to re-engage you during your further internet usage. This is done using cookies set when you visit our offerings (usually via cookies), through which your usage behavior when visiting various websites is recorded by Google and evaluated in a pseudonymized manner. According to its own statements, Google does not merge the data collected within the scope of remarketing with your personal data that may be stored by Google.

(2) The legal basis for processing your data is also Art. 31(1) FADP and Art. 6(1)(a) GDPR, meaning that the integration only takes place after your consent. You can prevent or no longer use the remarketing function in the same way as described above for Google Ads.

(3) Google acts as a processor, and we have concluded a corresponding data processing agreement with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded an agreement with EU Standard Contractual Clauses with the provider.
For more information on data protection at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, please visit: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.

§ 12 Your Rights

(1) You have the following rights against us regarding the personal data concerning you:

• Right to information
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to data disclosure

(2) You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

§ 13 Final Provisions

(1) We implement technical and organizational security measures to protect your data, in particular against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

(2) By using our website, you consent to the collection and use of your data in accordance with this Privacy Policy. We will update the Privacy Policy from time to time due to the technological progress of our offerings. To the extent that the amendment to the Privacy Policy does not affect the use of existing data, the new Privacy Policy shall apply from the date of its update on our website.

(3) Our website may contain further links to other websites. These pages are not subject to this Privacy Policy, and we are not responsible for the data protection practices or content of other websites. We have no influence on the further use of your data, which is processed by the respective provider.