Data protection

.

For the purpose of better readability on the gender-specific spelling and multiple designation is waived. The masculine form always refers to female, male and diverse persons at the same time. All personal designations are thus to be understood as gender-neutral.  

Preamble

Thank you for your interest in our company. Data protection is important to us and accordingly we explain in this privacy statement how we collect and process which personal data (in short: "personal data", i.e. data which relate to an identified or identifiable person, such as name, address, e-mail address, health data, insurance coverage, medication purchases, etc.). This Privacy Policy is based on the EU General Data Protection Regulation (in short: "GDPR") as well as on the new data protection legislation of Switzerland (in short: nDSG).

General provisions

1.1. Responsible institution

Breite-Apotheke AG, Zürcherstrasse 97, 4052 Basel

1.2. Responsible data protection officer

Mr. Weiss Andreas, Head of Breite-Apotheke AG

1.3. Your data protection rights

• You have the right to request information from us at any time and free of charge about the personal data we have stored about you, as well as its origin, recipients or categories of recipients to whom this personal data is disclosed and the purpose of storage.
• You also have the right to demand that we correct or restrict the processing of your personal data at any time. In addition, you have the right to data portability, i.e. you can receive your personal data that you have provided to us in a structured, common and machine-readable format, or you can request the transfer to another controller.
• You also have the right to object to the processing of your personal data by us under certain circumstances.
• If you have given us consent to use personal data, you may revoke this consent at any time without giving reasons.
• If you believe that the processing of your personal data by us violates applicable data protection law or your data protection rights have been violated in any other way, you have the right to lodge a complaint with the competent supervisory authority

2. Data processing in the context of the customer relationship

>2.1. collection u. storage of personal data and the purpose of their use

We limit the processing of personal data to personal data that we receive in connection with our services and products from our customers, our cooperation partners or other involved persons and organizations or that we collect on our websites, apps or other applications.

Further involved persons may include, in particular:

• Nursing and caregiver staff.

Other organizations involved may include, in particular:

• Other health care providers (e.g., physicians, hospitals, clinics, pharmacies, or other health care professionals).
• Cooperation partners (e.g. nursing homes, family assistance, Spitex, etc.).
• Social insurance and health insurance companies.
• Authorities and government institutions (e.g. Federal Office of Public Health, Swissmedic).
• Other companies in the group

We collect the following personal data from you in particular on a case-specific basis and depending on the purpose:

• Identification data, esp. surname, first name, title, date of birth, gender, IDN (national identification number in healthcare)
• Contact data, esp. address, telephone number(s), email address
• Health insurance data, esp. health insurance company, health insurance number, insurance coverage, company affiliation if applicable
• Health-related data, esp. medications, prescriptions, physical and laboratory analyses, medical history
• IP address (only when using our websites and apps)
• Other data in connection with our services

In addition, where permitted and indicated, we obtain and process further data on a case-specific basis from publicly available sources (e.g. media or Internet for address completion, addition of telephone numbers to existing address data, etc.) or receive such data from other group companies, public authorities and healthcare institutions (e.g. VeKa insurance card query service of SASIS), from your personal environment or from other third parties.

This data is collected in particular to fulfill the following purposes:

• to identify you as a customer or cooperation partner or user of our websites and apps
• to correspond with you
• to carry out our due diligence obligations (legal consultation, documentation or reporting obligations, such as the obligation to keep records, recall medications, check drug incompatibilities, interactions, report drug misuse to the Federal Office of Public Health, etc.)
• to comply with other legal requirements under the Health Act, Health Ordinance, HMG (eg, documentation obligation / recording of inputs and outputs of prescription drugs, etc.)
• for the conclusion and processing of personal orders (e.g. for the purchase of products from suppliers that are ordered explicitly for a customer such as the customization of compression stockings)
• for processing and for the fulfillment of the tasks of service and supply contracts (e.g. consultation contract, supply contract, consulting contract, etc.)
• for the settlement and fulfillment of the tasks of cooperation with cooperation partners (eg, supply of nursing homes, supply of family assistance, etc.)
• for billing
• for the provision of other services from our company or, if necessary, in cooperation with third parties (eg body and laboratory analyses)
• to provide the best possible and tailored services to you and to further develop our service and product offering
• to communicate with third parties (e.g. exchange with other medical service providers such as doctors, laboratories as well as with health insurance companies and social security funds)
• to assess and respond to applications
• to advertise and market our services and products (if you have given your consent to the use of your data for this purpose or if you have not objected)
• to assert legal claims or defend our position in general
• to ensure our operation in general (e.g. IT, websites, apps)
• for video surveillance as a security element for access management (including visitor lists or other access controls)
• for the preservation of other security aspects.

Furthermore, we collect in the course of video surveillance of the salesroom in the pharmacy / drugstore, personal data in the form of video footage of you. The video surveillance of the sales premises serves to protect against burglary, theft and robbery, as well as the prosecution of criminal offenses and to preserve evidence. The personal data from the video surveillance is processed and stored for as long as it is required for the purposes described above. Video recordings that are required as part of any criminal and/or civil proceedings will be retained for as long as they are necessary for the purposes of clarification and evidence. The remaining video recordings are automatically deleted consecutively after 7 days, as soon as they are no longer required for the purpose for which they were processed. For more detailed information about the retention periods, please contact our data protection officer (see contact details under point 1).

We only process your personal data if we have a legal (e.g. due diligence, documentation, retention or reporting obligation) or contractual (e.g. purchase of medicines, billing with health insurance companies) basis or the data processing is necessary for the performance of a task that is in the public interest (e.g. legal obligation to report observed incompatibilities or side effects to the Swiss Agency for Therapeutic Products Swissmedic). We only process data beyond this if we have your consent and there is no revocation (e.g. customer loyalty programs) or if a legitimate interest on our part prevails (e.g. continuation of the delivery of newsletters to existing customers, provided there is no revocation here either) and your interests or fundamental rights with regard to the protection of personal data do not prevail. Consent can be revoked at any time.

2.2 Recipients or categories of recipients of personal data

We disclose your personal data to recipients or third parties only within the scope of the purposes described above, to the extent permitted and indicated. This may include, in particular:

• Other health care providers and organizations such as doctors, hospitals/clinics, pharmacies, family assistance, Spitex, nursing homes or other medical professionals.
• Social insurance and health insurance companies.
• Authorities and government institutions (eg, Federal Office of Public Health, courts, Swiss Agency for Therapeutic Products Swissmedic, etc.).
• Other companies in the group
• Service companies such as IT providers, POS system providers, software suppliers or billing office for health insurance settlements (IFAK) as well as accounting and auditing company.
• Suppliers, dealers, subcontractors or other cooperation partners
• Authorities, government institutions, courts

2.3 Transfer of personal data

The recipients of personal data may be domestic or foreign. In the case of recipients outside our company in the area of Switzerland or in countries with recognized data protection adequacy, we ensure data protection by concluding - if necessary and appropriate - so-called commissioned data processing agreements. We do not supply any personal data to countries outside the EU/EEA area.

2.4 Storage period

Personal data collected by us to provide our services is retained for a minimum of ten years. In the interest of patient safety, we generally store personal data collected by us for longer than ten years (e.g., due to lifelong possible and decisive allergies and intolerances). However, you can request the deletion of your personal data older than ten years at any time. Further processing and storage may nevertheless last longer for reasons of preservation of evidence, for example in the case of legal clarifications during the duration of the applicable statute of limitations. We may also be required by law to store certain data for a longer period of time.

3. Data processing when visiting our websites

3.1 Provision of the website

All technical details related to the website must be clarified with their web administrator and completed/adjusted accordingly. Make sure that no analytics or tracking tools (e.g. Google analytics) or Google Maps embeddings exist on the website. Replace such services with DSGVO compliant solutions.

The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This can be:

• Browser type and browser version
• Operating system used
• referrer URL
• host name of the accessing computer
• date and time of server request
• IP address

The processing is carried out for reasons of data security, in order to ensure the stability and operational security of our system and an error-free presentation of the website. A combination of this data with other data sources is not made.

If you contact us via the contact form, we also collect your:

• Name
• first name
• Email
• Phone
• Message
• Attachment provided, such as a recipe

3.2 Purpose of processing

The processing of personal data on our website is limited to those data that are necessary for the provision of a technically error-free presentation and the optimization of our website.

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

3.3. cookies

We use cookies on our website to make our offer user-friendly. Cookies are small files that your browser automatically creates and that are stored on your terminal device (computer, tablet, smartphone, etc.) when you visit our site. This allows us to recognize your browser the next time you visit.

If you do not want this, you can set up your browser so that it informs you about the setting of cookies. However, we would like to point out that deactivating cookies will mean that you will not be able to use all the functions of our website.

The legal basis for the data processed by cookies is Art. 6 para. 1 lit. f DSGVO.

The temporary cookies retain their validity for the duration of the session and are subsequently deleted by your browser. The permanent cookies remain in your browser according to your own specifications or until they are manually deleted.

3.4 Google Web Fonts

We use on our website for the uniform display of fonts so-called Web Fonts, which are provided by Google. The Google Fonts are installed locally. A connection to Google servers does not take place.

3.5 Newsletter

The Breite-Apotheke AG currently does not offer a newsletter.

3.6 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.7 Social Media

We use the platforms and services of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025 USA and Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA. We would like to point out that you use Facebook and its functions on your own responsibility. We do not use any social plugins from Facebook, i.e. no information is passed on to the providers Facebook and Instagram when you visit our websites.

3.8 Legal basis

The processing of personal data in connection with our website is carried out in accordance with Art. 6 para. 1 DSGVO on the basis of:

• Your consent, if you provide us with your data voluntarily, for example by sending us an e-mail or filling out the contact form;
• our legitimate interest in ensuring the stability and operational security of the system.

3.9 Storage duration

We store the personal data collected each time our website is accessed and files are transferred for a period of 180 days. The storage is done for reasons of data security - in particular to defend against attempted attacks on our web server - as well as to ensure the stability and operational reliability of our system.

Your personal data in connection with the contact form or which we have received from you by e-mail will be processed by us as long as the contractual relationship remains in place. If no contract is concluded, we delete the data after responding to your request.

4. Data processing in the application process

We collect and process personal data of applicants for the purpose of processing the application procedure. The processing may take place on paper or also electronically by e-mail or by filling out a web form. If an employment contract is concluded with an applicant, the personal data received will be processed for the purpose of handling the employment relationship in compliance with the statutory provisions. Otherwise, the application documents will be deleted six months after rejection, provided that deletion does not conflict with any legitimate interests on our part, for example in connection with a duty of proof in the sense of equal treatment, or consent has been given on the part of the applicant that the documents may continue to be stored in order to be able to refer to them in the event of a subsequent vacancy.

5. final provisions

5.1 Duration of storage of personal data

We generally retain your personal data only for as long as is necessary for the purposes for which it was collected in accordance with this Privacy Policy. However, we may be required by law to store certain data for a longer period of time. In this case, we will ensure that your personal data is treated in accordance with this Privacy Policy for the entire period.

5.2 Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art in each case.

5.3 Applicable version

This privacy policy is currently valid and has the status of August 31, 2023

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on our website