General personal data
We process general personal data about you.
Details: para. 3.
We process your financial data.
Details: para. 3.
We process your healthcare data.
Details: para. 3.
We process data about your private and personal life.
Details: para. 3.
We process personal data that you provide us.
Details: para. 3.
We process personal data that we collect about you.
Details: para. 3.
We process personal data about you that we receive from third parties.
Details: para. 3.
We use your personal data for marketing and advertising purposes.
Details: para. 4.
We only process your personal data in Switzerland and the EU.
Details: para. 8.
The present privacy statement from Swisscom describes the way in which we process your per-sonal data in connection with the evita health record and when you navigate on evita.ch.
1. What is this privacy statement?
Data privacy is a matter of trust and your trust is important to us. The protection of your personal data and in particular your healthcare data is our top priority. We respect your private and personal life. A responsible and legally compliant handling of per-sonal data is very important to us.
This privacy statement ("statement") describes the way in which we process your personal data when you visit our website or when you use the evita health record ("evita") as a customer.
If you transmit or disclose data about other people, such as family members, work colleagues, etc., we assume that you are authorised to do so and that this data is correct. With the transmission of third party data, you confirm the aforesaid. Please also ensure that these third parties have been informed of the present privacy statement.
2. Who is responsible for processing your data?
Swisscom (Switzerland) Ltd, Alte Tiefenaustrasse 6, Worblaufen, 3050 Bern (“Swisscom” or “we”) is responsible for the data processing in evita described in this privacy statement, unless otherwise communicated in individual cases.
Information about third parties to whom we pass on your data can be found below in para. 7..
In addition, we have created the following position:
You can contact the data protection officer according to Art. 10 revDPS of Swisscom (Switzerland) Ltd as follows:
3. Which data do we process?
We process different categories of data about you, with the current and possibly also with the previous information, if details change. The main categories are as follows:
4. Where do we get your data from?
You provide us with much of the data mentioned in para. 3. ourself (e.g. when registering, when using your evita health record, when communicating with us, in connection with contracts, when using the website, etc.). If you want to open and use an evita health record, you must provide us with data as part of your contractual obligation in accordance with the “General Terms and Conditions of evita”, in particular contact, identification, contract and registration data. When using our website, the processing of technical data is inevitable.
To the extent this is not inadmissible, we can, in certain cases, also take data from publicly acces-sible sources (e.g. debt enforcement registers, commercial register, media or the Internet includ-ing social media) or receive data from authorities and other third parties (such as credit reference agencies, etc.).
5. For what purposes do we process your data?
We process your data for the purposes that we explain below. These purposes or the underlying goals represent legitimate interests of ours and, if applicable, of third parties. You can find further information on the legal basis of our processing in para. 6..
6. On what basis do we process your data?
Where we ask for your consent for certain processing (e.g. for marketing mailings), we will inform you separately about the respective purposes of the processing. You can revoke your consent at any time by written notification (by post) or, unless otherwise stated or agreed, by email to us at any time with effect for the future. You can find our contact details in para. 2.. As soon as we have received your withdrawal of consent, we will no longer process your data for the purposes to which you originally agreed, unless we have another legal basis to do so. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.
If we do not ask for your consent for processing your personal data, we base the processing on the fact that processing is necessary for the fulfilment of contract or the initiation of a contract with you (or the body you represent) or that we or third parties have a legitimate interest, in particular, to pursue the purposes described in para. 5. and to be able to take appropriate measures. This also includes compliance with statutory provisions, insofar as compliance is not already recognised as a legal basis by the applicable data protection law.
7. Who do we share your data with?
n connection with our contracts, the website, our services and products, our legal obligations, or otherwise, to safeguard our legitimate interests and other purposes described in para. 5., we also transfer your personal data to third parties, in particular to the following categories of recipient:
These categories of recipient can in turn involve third parties so that your data can also be ac-cessed by them. We have restricted processing by certain third parties (e.g. software developers) but we cannot restrict those of other third parties (e.g. authorities, etc.).
8. Is your personal data also transferred abroad?
Your data is safely stored in data centres in Switzerland. As explained in para. 7., we also share data with other bodies who are generally located in Switzerland. In certain cases, your data can also be processed by our service providers in Europe (e.g. to pro-cess online payment transactions). Please also note that data exchanged over the Internet can be sent via third countries. Your data can therefore be sent abroad even if the sender and recipient are in the same country.
9. For how long do we process your data?
We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require or stor-age is technically required. As long as you actively use your evita account, your data will be saved.
In the event of prolonged inactivity, your account will be deactivated after prior notice and, if you do not react, your data in evita will be deleted. You can also delete your data in evita yourself in your evita account under “Delete account”.
As part of our usual processes, if there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired.
The above-mentioned documentation and evidence purposes include our interest in document-ing processes, interactions and other facts in the event of legal claims, discrepancies, purposes of IT and infrastructure security and evidence of good corporate governance and compliance. Storage can be for technical reasons if certain data cannot be separated from other data and we therefore have to keep them together (e.g. in the case of backups).
10. How do we protect your data?
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data in order to protect this data against unauthorised or unlawful processing and the dangers of loss, unintentional change, unintentional disclosure or to counteract unauthorised access.
The security measures of a technical and organisational nature include measures such as the encryption and pseudonymisation of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements, controls and security reviews. We use suitable encryption mechanisms to protect your data transmitted via our website during transport, but we can only secure areas that we control. We also oblige our service providers to take appropriate security measures.
11. What are your rights?
The applicable data protection law grants you the right to object to the processing of your data under certain circumstances, in particular for direct marketing purposes. In order to make it easier for you to control the processing of your personal data, you also have other rights in connection with our data processing, such as:
Note: You can view the data processed about you in evita directly in your evita account and download yourself the files you have uploaded to evita. You can also delete your evita account yourself, which will delete your data from evita as well.
If you want to exercise your data protection rights towards us, please contact us by letter or, unless otherwise stated or agreed, by email; our contact details are linked in para. 2.. To rule out misuse, we must identify you (e.g. with a copy of a document of identification, if no other option is available).
The above-mentioned rights extend to other bodies who work independently with us (cooperation partners who offer services in evita). Please contact them directly if you want to exercise your rights in connection with their pro-cessing. Information on our cooperation partners can be found in para. 7..
Please note that requirements, exceptions or restrictions apply to these rights (e.g. to protect third parties or trade secrets) according to the applicable data protection law. Furthermore, in the case of requests for information, disclosure or deletion of data we may point out to you the possibility of viewing, downloading or deleting your data yourself in evita, and to exclude this data from the implementation of your request. We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or our approach to data protection, please inform us or our data protection officer (para. 2.). You also have the right to complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC). https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html.
12. What cookies do we use?
In the login area of our website we use various techniques with which we can recognise you when you are using the website and possibly also track you over several visits. Essentially, it is about being able to distinguish your accesses (via your system) from accesses by other users so that we can ensure the functionality of the website and personalise it by our serv-er assigning you or your browser a certain identification number (a so-called "cookie").
Cookies are individual codes (e.g. a serial number) that our server transmits to your system when you connect to our website and that your system (browser, mobile) receives and saves until the programmed expiry time. With each subsequent access, your system transmits these codes to our server so that you can be recognised.
13. Can we change this statement?
This statement is not part of any contract with you. We reserve the right to change this statement at any time. The version published on our website is the valid version.
Last uptdate: 18.10.2021