II. Responsible for data processing
Viollier is responsible for data processing. For enquiries regarding data protection for all Viollier companies, please contact:
FAO: Data Protection Officer
You can also contact our Data Protection Officer at:
Tel.: +41 848 121 121
III. Data that is collected and processed
We collect and process all types of personal data that we require within the scope of our activities, services and products, in other words, customer data, patient data, user data, applicant data, technical data, etc. (hereinafter also sometimes generally referred to as “data”).
We primarily receive the data from treating doctors, medical practices, hospitals and clinics or from the persons concerned.
We assume that the data submitted to us is correct. You as well as Viollier’s business partners are therefore responsible for the authenticity of the data submitted to Viollier, and Viollier assumes no responsibility for this.
If we do not receive the data from you but from third parties, these parties are responsible for ensuring that the persons concerned have been adequately informed and have consented to the disclosure and processing of the data.
It is also possible that we may receive or collect data from other business partners or other persons involved in the process as well as through the operation of our electronic and Internet-based services via websites, apps and other applications.
To the extent permitted and useful for providing our services, we also collect certain data from publicly accessible sources or receive such data from other companies, authorities or other third parties.
In addition to the data directly received from you and already mentioned above, the categories of personal data that we receive from third parties include, but are not limited to:
- information from insurance companies, banks, sales partners and other contractual partners of ours regarding the use or provision of services by you (such as payments made, purchases)
- information we learn about in connection with official and legal proceedings
- information from public registers (debt enforcement register, commercial register, land registers)
- information on compliance with legal requirements, such as combating money laundering and export restrictions
- information about you provided to us by persons in your environment (family, advisors, legal representatives, etc.) so that we can enter into or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney)
- information relating to your professional roles and activities
- information about you in correspondence and meetings with third parties
- credit checks (insofar as we conduct transactions with you personally)
- information about your person from the media and the Internet (insofar as this is appropriate in the specific case), as well as data and references for applications
- data relating to your use of the website (such as IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content accessed, functions used, referring website, location information)
IV. Purpose of data processing
We use the personal data we collect primarily to provide our laboratory medicine business activities and services, as well as to distribute medical products and therapeutic remedies and to provide our electronic and Internet-based services. Data processing serves to conclude and execute contracts with our customers and business partners as well as to ensure the necessary communication with you.
Personal data processing is also required to comply with legal obligations (such as forwarding patient data to cantonal or federal registries). We process patient data and other sensitive personal data in compliance with particularly strict protection requirements. Applicant data is generally only used as part of the application process. User data can be checked if there are specific indications of illegal use.
In addition, we also process personal data, where necessary and permitted, for the following purposes, in particular but not exclusively, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- to guarantee and continue to develop our services, offers, websites, apps and other electronic and Internet-based services and applications;
- to guarantee our operations, in particular IT, our websites, apps and other electronic and Internet-based services and applications;
- to assert legal claims and defence in relation to legal disputes and administrative proceedings;
- to prevent and investigate criminal offences and other misconduct (e.g., conducting internal investigations, analysing data to combat fraud);
- measures for IT, building and system security and to protect our employees and other persons as well as assets entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone records);
- any transactions under company law and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations;
- to communicate with third parties and process their enquiries (such as applications, media enquiries);
- to review and optimise procedures for requirements analyses for direct customer contact as well as to collect personal data from publicly accessible sources for the purpose of customer acquisition;
- advertising and marketing (including the organisation of events), unless you have objected to the use of your data, market and opinion research, media monitoring.
V. Legal basis for data collection and processing
If you have consented to the processing of your personal data for specific purposes (for example, when using our services, as part of an application, etc.), we will process your personal data within the scope of and based on this consent, unless we have a different legal basis and require such consent. Consent that has been granted can be revoked at any time, although this has no effect on data processing that has already taken place.
VI. Use of our websites and electronic and Internet-based services
A cookie is a small file that is sent to your computer and automatically stored on your computer or mobile device by the web browser you use, which allows an analysis of your usage when you visit our website or install an app. The information generated by the cookie about the use of this website (including the IP address) is usually transmitted to a server where it is stored. This allows us to recognise you when you return to this website or use our app, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website (known as “session cookies”), cookies can also be used to store user settings and other information for a specific period of time (such as two years) (known as “permanent cookies”).
Use of the Internet services is also possible without cookies. You can set your browser to reject cookies, store them only for one session or otherwise delete them prematurely. Most browsers are preset such that they accept cookies. We use permanent cookies, among other things, to enable you to save user settings (such as language, auto login) and to better understand how you can use our offers and content. Some of the cookies are set by us while others may also be set by the contractual partners with whom we work together. If you block cookies, certain functions (such as language selection, shopping cart, ordering processes) may no longer work and the user-friendliness of our Internet services may be limited.
In our newsletters and other marketing e-mails, we sometimes and – if permitted – also incorporate visible and invisible image elements, which can be retrieved from our servers to determine if and when you open the e-mail, so that we can also measure and better understand how you use our services and tailor them to your requirements. You can block this in your e-mail program; most e-mail programs are preset to enable you to do this.
By using our websites, apps and consenting to receive newsletters and other marketing e-mails, you agree to the use of these technologies. If you do not agree, you must configure your browser or your e-mail programme accordingly or uninstall the app, if the respective adjustments cannot be made in the settings.
2. Google Analytics and similar services
We use Google Analytics or similar services on our websites. This is a service provided by third parties who may be located in any country in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland)). Google Ireland relies on Google LLC (based in the USA) as an order processor [both “Google”], www.google.com), with which we can measure and evaluate the use of the website (non-personal). Permanent cookies, set by the service provider, are also used for this purpose.
We use the service such that the IP addresses of visitors are neither logged nor stored.
Although we may assume that the information that we share with Google does not constitute personal data as far as Google is concerned, it is possible for Google to draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link the data to the Google accounts of these persons. If you are registered with the service provider, the service provider will also recognise you. The service provider is then responsible for processing your personal data in accordance with its data protection provisions. The service provider merely informs us how our respective website is used (without providing information about you personally).
3. Integration of links and other Internet services
Third-party services are also offered as part of our Internet services, such as videos from YouTube, maps from Google Maps, graphics, etc. Viollier endeavours to use only those third-party services whose respective providers only use the user’s IP address to deliver the content and not for other purposes. Depending on the incorporation of third-party services, the respective data protection regulations of the third parties apply. Viollier assumes no responsibility for the collection and processing of personal data by these third parties.
VII. Data forwarding and data transmission in Switzerland and abroad
Within the scope of our activities, services and products, we may disclose your personal data to third parties in Switzerland, the EU or other countries. This may be the case in particular if third parties process data on our behalf, we are obliged to disclose it to comply with legal or official requirements, in connection with the sale, assignment or other transfer of the business to which the data relates, to respond to reasonable requests or where it is necessary for operational inspections or audits or to investigate and respond to a complaint or security threat.
Third parties may in particular be our business partners or service providers (such as, in particular, treating doctors, medical practices, hospitals and clinics as well as IT providers, cloud services, software companies and other Internet service providers, etc.), associated specialists, retailers, suppliers and subcontractors, customers, domestic and foreign authorities, official bodies and courts, industry organisations, associations, organisations and other entities, the media, the public, including visitors to websites and social media, competitors, purchasers or parties interested in acquiring business areas, companies or other parts of the Viollier Group, other parties involved in possible or actual legal proceedings and other companies of the Viollier Group (“recipient”).
Some of these recipients are located in Switzerland, although they may be located anywhere around the globe. Specifically, you must expect your data to be transmitted to all countries in which the Viollier Group is represented by Group companies, branches or other offices as well as to other countries in Europe and the USA where the service providers used by us are located.
If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection regulations unless it is already subject to a legally recognised set of data protection regulations and we cannot rely on an exemption clause. An exemption may apply in particular in the case of legal proceedings abroad or a statutory obligation, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if you have made the data generally accessible and you have not objected to its processing.
VIII. Duration of data retention
We process and store your personal data only for as long as it is necessary within the scope of our activities, services and products; in particular, therefore, to execute the contractual relationship (from the initiation to the termination of a contract), to fulfil our contractual and legal obligations, to guarantee our Internet services, or insofar as it is otherwise necessary for the purposes pursued with the processing or the provision of future services and/or where statutory retention and documentation obligations or an overriding private or public interest exist.
Within this context, it may be that your personal data is stored for the period in which claims may be asserted against our company or for which legitimate business interests or scientific purposes so require (for example, for evidential and documentation purposes or for research purposes).
As soon as your personal data is no longer needed for the above purposes, it will in principle be deleted or anonymised as far as possible.
IX. Data security and protective measures
We take appropriate technical and organisational security precautions to protect your personal data against unauthorised access and misuse. These measures include (but are not limited to) issuing directives, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, controls. Our security measures are always adjusted to the current state of the art.
The products and services technically developed by Viollier to collect personal data protect your data by design (‘privacy by design’) by integrating the protection and respect of users’ privacy into the structure of these products or services. Viollier also ensures that the highest level of security is maintained when these products and services are placed on the market by activating all the necessary measures for data protection and the restriction of data usage as standard, in other words, without user intervention (“privacy by default”). If users make changes to these basic settings, Viollier rejects all responsibility for any effects caused by these changes.
Viollier is certified in accordance with the internationally recognised ‘Good Priv@cy®’ data protection seal. This certification is a protected certification mark of the Swiss Association for Quality and Management Systems ‘SQS’ (www.sqs.ch) and ensures the secure handling of personal data as well as the effective fulfilment of data protection and contractual principles, including appropriate information security. An audit is carried out annually and recertification takes place every three years to ensure compliance with the standard. Viollier is also certified according to IQNet (www.iqnet-certification.com), a global certification network and partner of SQS.
All Viollier employees, consulted third parties and visitors who have access to confidential data or information are subject to a duty of confidentiality. They are either already subject to a duty of confidentiality based on their professional status (such as medical confidentiality in accordance with Art. 321 SCC) or they have to sign a corresponding non-disclosure agreement.
X. Customers’ and business partners’ obligation to provide personal data
Within the scope of our customer and business relationship, you must provide the personal data required for commencing and performing our laboratory medicine services and for the sale of our medical products and therapeutic remedies, as well as the overall business relationship and the fulfilment of the associated contractual obligations. Without this data, we will generally not be able to conclude or execute a contract with you (or the office or person you represent) or to provide the requested services. Our website can also not be used if certain minimum information to safeguard data traffic (such as IP address) is not disclosed.
XI. Profiling and automated decision-making
We may partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). In particular, profiling allows us to inform and advise you about products possibly relevant for you. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as required, including market and opinion research.
As a matter of principle, we do not use automated decision-making processes or automated individual decisions to establish and implement business relationships or otherwise. Should we use such procedures in individual cases, we will inform you separately insofar as this is required by law as well as inform you of the associated rights.
XII. Your Rights
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability).
Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to refer to this) or if we need this data in order to assert claims. Please also note that exercising these rights may conflict with contractual agreements and may have consequences such as the early termination of the contract or cost implications.
You also have the right to assert your claims in court and to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner.
XIII. Consent to data collection and data processing when using Viollier’s activities, services and products
XIII. Consent to data collection and data processing when using Viollier’s activities, services and products