Privacy Policy
Protecting your personal data (hereinafter also referred to as “data”) and safeguarding your privacy are important to us. Personal data means any information that identifies you or makes you identifiable, such as your last name, first name, address, and e-mail address. We process these personal data about you (the data subject) in connection with the purposes listed below (chapters 4 and 6).
We are committed to handling your personal data responsibly.
When processing your personal data, we therefore comply as a matter of course with the Swiss Federal Act on Data Protection (FADP; SR 235.1), the Swiss Data Protection Ordinance (DPO; SR 235.11) and any other data protection provisions that may apply, such as the EU General Data Protection Regulation (GDPR) (hereinafter: “applicable data protection laws”). The following terms are used in accordance with the FADP. Within the scope of application of the GDPR they are to be understood in the sense of the GDPR.
In this Privacy Policy, when we speak of processing your personal data we mean any handling of your personal data. This includes in particular storing, processing, using, and deleting the data.
We gather personal data in a transparent manner while respecting the principles of proportionality and earmarking. The data are processed only to the extent and for the period of time needed for our tasks and obligations.
This Privacy Policy informs you about how we obtain and process your personal data. In addition we may inform you separately about the processing of your data, such as in declarations of consent (e.g. in connection with clinical trials), contractual terms and conditions, supplementary privacy policies, forms, and notices.
We retain the right to amend the Privacy Policy at any time. The latest version at the time of use always applies.
1. Controller
The controller of data processing within the meaning of the applicable data protection law is the
Swiss Group for Clinical Cancer Research SAKK
Effingerstrasse 33
3008 Bern
Switzerland
Tel: +41 31 389 91 91
E-Mail: info@sakk.ch
We have the following data protection representation in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for inquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany, info@datenschutzpartner.eu.
For questions in connection with data protection and for information regarding your rights and how to assert them, you can contact us at data-protection@sakk.ch via the contact details provided under “Imprint” on our website.
We have appointed the following person as data protection officer: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany, email@iitr.de.
2. Which personal data do we process?
- Contact details: These include last name, first name, e-mail address, postal address, and telephone numbers,
- Details in online forms: These include contact details and other information that is requested or that you transmit to us,
- Identification data: These include username and password in the online portal,
- Content data: These include text entered,
- Usage data: These include websites visited, access times, click behavior, interest in content,
- Payment data: These include bank details, payment history,
- Meta/communication data: These include IP address, date, time, pages visited, device data,
- Meetings metadata: These include participants’ IP addresses, device/hardware information,
- Server log files: These include browser type and browser version, operating system used, referrer URL, hostname of accessing computer, and time of server request,
- Marketing data: These include contact/sales opportunities, subscribing to/unsubscribing from newsletter, marketing communications sent,
- Newsletter data: These include personal details and e-mail address, data on subscribing/unsubscribing, and opening rates,
- Candidate details: These include your personal details and information about your education, work experience, skills, remarks on previous activity and availability, notice period, and the usual correspondence details such as mailing address, e-mail address, and telephone numbers.
We also process sensitive personal data. Sensitive personal data means:
- Data relating to religious, philosophical, political, or trade union-related views or activities,
- Data relating to health, private life, or affiliation to a race or ethnicity,
- Genetic data,
- Biometric data that uniquely identifies a natural person,
- Data relating to administrative and criminal proceedings or sanctions,
- Data relating to social assistance measures.
Lastly, we also process the following data in connection with customer and business relationships:
- Contract details: In particular, these include services used, payment information,
- Customer data: These include personal details, customer number, customer type, customer history, details of goods or services purchased, order dates, payment dates,
- Personal details relating to course registration: These include course selected, personal details, and contact details.
3. From whom do we obtain your personal data?
We primarily process personal data received from the following in connection with our activities:
- Physicians,
- Hospital employees,
- Public authorities,
- Patients,
- Organizations working in the field of cancer treatment, cancer research and prevention,
- Grant-making foundations,
- Sponsors,
- Collaboration partners,
- Pharmaceutical representatives and service providers.
We also receive personal data from the following persons:
- Event participants,
- Newsletter subscribers,
- Potential and current employees and members of the Patient Advisory Board and other bodies of SAKK.
Where permitted, we also obtain certain personal data from publicly accessible sources or from public authorities and other third parties, especially:
- Information from public registers (e.g. debt enforcement registers, land registers, commercial registers),
- Information relating to your professional functions and activities,
- Information about you in correspondence and discussions with third parties so that we can sign or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney),
- Information that we learn in connection with official and court proceedings,
- Information to enable compliance with legal requirements such as combating money laundering and export restrictions,
- Information from banks, insurances, distribution partners, and our other contractual partners concerning your use or performance of services (e.g. payments or purchases you have made),
- Information from the media and internet about you (where appropriate in a specific case, e.g. in connection with a job application, press review, marketing/sales, etc.),
- Your addresses and any interests or other sociodemographic data (for marketing),
- Data concerning your use of our website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, and other user and usage data).
4. For what purposes do we process your personal data?
We use the personal data that we collect mainly so that we can conclude and process contracts with our customers and business partners, implement scientific research projects, and comply with our legal obligations in this country and abroad.
Furthermore, we process personal data concerning you and other people, where permitted and where it seems appropriate to us, for the following purposes in which we (and in some cases also third parties) have a legitimate interest appropriate for the purpose:
- Visiting our website,
- Making contact,
- Using collaboration tools,
- Recruiting staff,
- Registering for and running events,
- Conducting clinical trials,
- Handling customer and business relationships,
- Sending newsletters,
- Marketing activities,
- Security and access controls.
If you have consented to our processing your personal data for specific purposes (when you registered to receive newsletters, for example), we process your personal data in that context and on the basis of this consent insofar as we have no other legal basis and do not require one. You can revoke your consent at any time; however, this has no effect on data processing that has already been performed. If you wish to revoke your consent, you must get in touch with the contact center whose details are given in point 1 and inform them accordingly.
5. On what legal basis do we process your personal data?
We regularly use the following as a general legal basis for processing your personal data:
- The conclusion or fulfillment of an agreement with you, or your prior request for this,
- Your consent, which you can revoke at any time,
- A legal obligation, which may also be taken into account when weighing up interests.
Our overriding interests in processing your personal data form a further legal basis for processing these data. Our overriding interests include the following:
- Looking after our customers and fostering our business relationships (e.g. maintaining contact, communicating with our business partners)
- Our advertising and marketing activities
- Communicating with you
- The opportunity to get to know users of our website and our online services better
- Improving and developing our products and services (e.g. IT security in connection with the use of our website, improving our range of online services)
If you have given your consent electronically by activating a checkbox, the declaration of consent is logged by us and we store the user account name, the corresponding location on the Internet site, and the date and time, for example.
You can revoke your declaration of consent informally at any time or object to the processing of the data by writing to data-protection@sakk.ch
6. Scope and purpose of processing your personal data in detail
6.1 Visiting our website
You can visit our website without having to give details about yourself. Access to our website is gained via transport encryption (SSL), but access to some microsites may also take place without transport encryption.
When you visit our website, our servers automatically store the following data temporarily in a server log file:
- IP address of the requesting computer,
- Start page (website from which you reached our website),
- Browser settings,
- Language and version of the browser software,
- Date and time of access/retrieval,
- Name and URL of the data retrieved,
- Operating system of your computer and the browser you used,
- Country from which access to our website is gained,
- Name of your Internet access provider,
- Time zone difference to Greenwich Mean Time (GMT),
- Content requested (specific page),
- Access status/HTTP status code,
- The quantity of data transferred in each case,
- Browser plug-ins activated.
These data are processed in order to enable us to analyze the use of our website (connection set-up) and optimize our offerings, as well as for internal statistical purposes. A personal user profile is not created.
The legal basis for processing your personal data is our overriding interest in processing these data.
We use cookies and similar technologies (hereinafter referred to jointly as “cookies”) on our website and in connection with the use of other digital offerings. A cookie is a small file sent from the server to your system so that a particular device or browser can be recognized again. You can find information about how we use cookies in our Cookie Policy.
Our security measures also include encrypting your data. When your data are transmitted to us via our website, they are encrypted using transport layer security (TLS). All the information you enter online is transmitted in encrypted form. This means that the information cannot be viewed by unauthorized third parties at any time.
6.2 Contacting us
Our website describes how to contact us via telephone, e-mail, or an online form. Your contact details must be entered in order for us to process your inquiry.
Processing these data is part of our overriding interest in corresponding with you or for the purpose of processing and handling your inquiry.
6.3 Use of collaboration tools
We use various collaboration tools for online meetings (telephone and video). Different types of data are processed when these tools are used. The type and scope of the data depend on which details you provide before or during participation in an online meeting. These may include:
- First and last name, names of participants, e-mail address,
- Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location,
- Audio, video, or chat contents,
- Name of meeting and any password for participating in it,
- Profile picture if any,
- Any other personal data provided by the data subjects during the meeting.
When online meetings are recorded, this is communicated transparently in advance and consent is requested when necessary.
We have an overriding interest in processing these data. In these cases, our overriding interest consists in ensuring the effective conduct of the meeting. Furthermore, the legal basis for processing data when conducting online meetings is the contract, if the meeting is being conducted within the framework of a contractual relationship.
6.4 Staff recruitment
When you apply to us for a job, we process the personal data that we receive from you in relation to the application process. This includes details about your:
- Person,
- Education and training,
- Professional experience,
- Skills,
- Remarks about previous professional activity, and
- Availability/notice period,
- Usual contact details such as postal address, e-mail address and telephone numbers.
We also process all the documents submitted by you in connection with the application, such as letter of application, CV, references, certificates, diplomas, and other documents provided by you. In addition you may voluntarily provide us with supplementary information.
These data are stored, analyzed, and processed solely in relation to your application. Furthermore, we may process your personal data for statistical purposes (e.g. reporting). In the latter case, however, no conclusions can be drawn about an individual person.
We retain your personal data for four months after the application process in case any queries arise. They are then deleted.
Your applicant data are processed on the legal basis of our (pre-)contractual obligations in connection with the application process and our overriding interest in processing your application. You can object to the processing of these data and withdraw your application at any time. Please send your objection to data-protection@sakk.ch.
If you have consented to us storing your details for future application processes and possibly contacting you again later, we will delete these data after one year. You can revoke the consent given to SAKK at any time by writing to data-protection@sakk.ch.
If you enclose personal data about other people, such as your spouse or children, you are responsible for gaining the consent of these third parties in accordance with the applicable law.
If we conclude an employment contract with you, the data transmitted will then be processed for the purpose of handling the employment relationship in compliance with the legal requirements.
6.5 Registering for and conducting events
When conducting events, we process the following personal data from you:
- Contact details for registering for the event, and job title,
- If an overnight stay is involved, your dates of arrival and departure, any preferences, and payment information where applicable,
- If catering is provided, any data concerning intolerances and/or allergies, as well as meal choices where required,
- Details of disabilities and other physical restrictions, if any, so that your participation can be made as convenient for you as possible and any necessary measures organized,
- All other details that may be required in order to conduct the event, which you yourself provide when deciding to participate in the event.
The legal basis for processing data for these purposes lies in the fulfillment of a (pre-)contract. A further basis is our legitimate interest in processing your personal data in connection with your registration.
Photographs and/or videos of the participants are taken at our events and may be published in the following places:
- on our website,
- on web presences such as social media.
By registering you give your consent in principle. This consent is voluntary and can be revoked at any time with future effect. If the recordings are available on the Internet, they will be removed if possible. Revocations or objections should be sent to the contact center mentioned in point 1 or to the following e-mail address data-protection@sakk.ch. Personal information is provided voluntarily. However, please note that you may not be able to participate if you supply incomplete information or none at all.
6.6. Conducting clinical trials
When conducting clinical trials we process your pseudonymized health data if you are participating in a trial as a patient. The legal basis for processing patient data is the consent you have granted to the hospital treating you. You can revoke your declaration of consent with future effect at any time by writing to the hospital treating you. Further information on how the hospital processes your personal data may be found on the hospital website.
If you are participating in a trial as a health professional, we process your personal data insofar as this is necessary in order to conduct the trial (e.g. contact details, information about your professional experience and training). The legal basis for processing the data of health professionals is our legitimate interest in processing your personal data.
6.7 Customer and business relationships
We process personal data to the extent necessary in each case in order to provide you with our contractual or pre-contractual services and to perform other services requested by you. The processing of the data and their type, scope, purpose, and necessity are determined in accordance with the underlying contractual relationship.
The personal data to be processed include:
- Base data: These include name, address, etc.,
- Contact details: These include e-mail address, telephone numbers, etc.,
- Contract details: These include the services provided, object of the agreement, contractual communications, names of contact persons, etc.,
- Payment details: These include bank details, payment history, etc.
The data are processed for the following purposes in particular:
- Negotiating, concluding, and performing the contract,
- Managing customers and business partners,
- Payment settlement.
The legal basis for processing data for these purposes lies in the fulfillment of a (pre-)contract and in our overriding interests.
6.8 Sending newsletters
Our website gives you the option of subscribing to a newsletter. Our newsletter provides you with information about our offers and our company.
If you have subscribed to our newsletter, we use your e-mail address to send you information about us and our offers. Entering further data is optional.
Registering for the newsletter uses a double opt-in process. This means that after registering and clicking on the relevant box, you receive an e-mail requiring you to click on a link to confirm your registration.
The newsletter contains images that are retrieved from the mail-handling service provider’s server when the newsletter is opened. During this retrieval process, technical information such as information about your browser and system and also your IP address and the time of retrieval are initially recorded. This information is used to improve technical aspects of the service in relation to the technical data, the target groups, and your reading behavior as determined by the locations from which you access the site (which can be established using the IP address) and the length of time during which you access it. The statistics recorded also include determination of whether the newsletters are opened, when they are opened, and which links are activated. This information can be associated with individual newsletter recipients for technical reasons, but it is not our intention, nor that of the mail-handling service provider, to observe individual users. Rather, evaluation of this information is used to identify the reading habits of our users and to adapt our content to them, or to mail different content depending on the interests of our users.
The legal basis for processing these data is your consent.
You can unsubscribe from the newsletter and revoke your consent at any time. To do so, click on the relevant link in the newsletter you have received. A link to unsubscribe from the newsletter may be found at the end of every issue. You may also send your revocation to the contact center mentioned in point 1 or to the following e-mail address: data-protection@sakk.ch.
6.9 Marketing measures
We also use your contact data for the following purposes:
- To maintain contact with you;
- To inform you of particular services, and
- To recommend services that might interest you;
- For statistical purposes.
The legal basis for processing these data lies in our overriding interest.
6.10 Security and access controls
We procure and process personal data in order to ensure and continuously improve the appropriate security of our IT systems and other infrastructure (e.g. buildings). This includes for example controlling electronic access to our IT systems and physical access to our premises, analyzing and testing our IT infrastructures, conducting system and error checks, and creating backup copies. For documentation and security purposes (preventing and investigating incidents), we also maintain access logs and visitor lists in respect of our premises.
Processing your personal data is in our overriding interest.
7. How do we integrate social media networks?
We operate social media and other online presences, and we process data about you in this connection. We receive data from you (for example, when you communicate with us or comment on our content) and from the platforms (e.g. statistics).
We use social plugins (plugins) from various social networks on our website. These plugins enable you to share content, for example, or recommend products.
We use the following social media:
- YouTube
We integrate videos from the platform YouTube. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy - X
Our online offering may integrate functions and content from X Corp. These may include images, videos, or texts, and buttons enabling users to share content from the online offering on Twitter. If users are members of the X Corp. platform, X Corp. can assign access to the above-mentioned content and functions to the profiles of its users. If you live in the USA or another country outside the European Union, the EFTA member states, or the United Kingdom, X Corp. is responsible for your personal data and may be contacted at the following address: X Corp., Attn: Privacy Policy Inquiry, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you live in the European Union, the EFTA member states, or the United Kingdom, X International Unlimited Company is responsible for your personal data and may be contacted at the following address: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Privacy policy: twitter.com/en/privacy. You can contact the Data Protection Officer of Twitter in confidence via the Data Protection Inquiry Form.
- LinkedIn
Our online offering may integrate functions and content from the LinkedIn platform. These may include images, videos, or texts, and buttons enabling users to share content from this online offering on LinkedIn. If the users are members of the LinkedIn platform, LinkedIn can assign access to the above-mentioned content and functions to the profiles of its users. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, parent company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA, privacy policy: LinkedIn Privacy Policy, Cookie Policy: https://www.linkedin.com/legal/cookie-policy,
Our website integrates these plugins as external links only. Your personal data are therefore not processed until you click on the integrated plugins. You are then redirected to the website of the provider in question. We have no influence over the type and scope of the data gathered by social media networks. If you do not wish the above-mentioned providers to obtain your data, please do not click on the plugins.
If you visit our website and one of the social plugins listed on the website is activated, a direct connection is established between your browser and the server of the social network in question. The social network transmits the plugin content directly to the browser, which links it to the website. The network is thus informed that you have visited our website. If you are logged in to the social network, the latter can assign the visit to your account. When you interact with plugins, the browser transmits the corresponding information directly to the social network, where it is stored.
Even if you are not logged in to social networks during your visit to our website, data may be sent to the networks from websites with active social plugins. An active plugin sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie without being asked each time it connects with a server of one of these networks, the social networks could in principle create a profile showing which websites the user belonging to the identifier has accessed. It would potentially be possible to allocate this identifier to an individual at a later stage, such as when they log on to a social network afterwards.
8. Is my personal data passed on to anyone else?
In the course of our business activities, we make your data available to third parties, where permitted and where this seems appropriate to us, either because they process the data for us or because they want to use it for their own purposes. These third parties are, in particular:
- Our service providers (e.g. banks, insurances), including contractors (such as IT providers or service providers whom we have contracted to host our websites),
- Partner organizations such as hospitals,
- Distributors, suppliers, subcontractors, and other business partners,
- Customers,
- Domestic and foreign authorities, government offices, or courts,
- Media,
- The public, including individuals who visit websites and social media,
- Competitors, industry organizations, associations, organizations, and other bodies,
- Other parties in potential or actual legal proceedings.
We select our partners and order processors carefully and only entrust them with processing the data if we receive adequate assurance that they have appropriate technical and organizational measures in place in accordance with the legal requirements.
Our order processors can only process personal data upon documented instruction from us. They are all subject to the duty of confidentiality and may only use your personal data when this is necessary to fulfill the purpose for which your personal data were collected, and unless otherwise required by law.
9. Are personal data disclosed abroad?
We process and store personal data primarily in Switzerland and in the European Economic Area (EEA), but potentially – depending on the particular case – in any country of the world, such as via sub-processors of our service providers or in relation to proceedings before foreign courts or authorities.
If we disclose your personal data to third parties abroad (that is, outside Switzerland or the European Economic Area (EEA)), the third parties are obliged to comply with data protection to the same extent as we ourselves do. If the country concerned does not have an appropriate level of data protection but we have no suitable alternative available to us, we ensure that your personal data are protected to the same level. We ensure this by concluding Standard Contractual Clauses for data transfers as issued by the EU Commission (available here) with the companies in question and/or through the existence of other guarantees corresponding to the applicable data privacy laws. Where this is not possible, we base disclosure of the data on the need to disclose it in order to fulfill the contract.
10. How long are your personal data stored for?
We process and store your personal data only for the period necessary to achieve the stated purpose, or insofar as this is laid down in laws or regulations to which we are subject. If the purpose for which the data were stored no longer applies or a prescribed retention period expires, your personal data are routinely blocked or deleted in accordance with the statutory regulations.
We also delete your data if you ask us to do so and we have no legal or other obligation to retain or safeguard (via back-ups) these personal data. In the latter case we guarantee that the confidentiality of the personal data transmitted will be ensured for an indeterminate period and that the personal data are no longer being actively processed.
If we store the data because of a contractual relationship with you, these data remain stored for as long as the contractual relationship exists, and at the longest during the limitation periods for possible claims, or while legal or contractual retention obligations exist.
11. How are your personal data secured?
We take technical and organizational safety precautions to protect your personal data from manipulation, loss, destruction, disclosure, or access by unauthorized persons, and to ensure the protection of your rights and compliance with the applicable provisions of the data privacy laws.
The measures implemented are designed to guarantee the confidentiality and integrity of your data and ensure the long-term availability and robustness of our systems and services when processing your data. They are also designed to ensure that your data can rapidly be made available again and accessed in the event of a physical or technical incident.
Our data processing and security measures are continuously adapted in line with new technological developments.
We also take our own in-house data protection very seriously. Our employees and the service providers appointed by us are obliged to uphold confidentiality and comply with data privacy laws. Furthermore, access to personal data is granted to them only to the extent necessary.
12. What are your rights?
You have the following rights in relation to your personal data?
- Right to be informed: You have the right to know which personal data we process, what happens to them, and how long they are stored for,
- Right to rectification: You have the right to add to, correct, or block your personal data at any time,
- Right to erasure: You have the right to require the erasure of your personal data at any time,
- Right to surrender and transmission: You have the right to require the surrender of all your personal data from the person responsible for processing and to transmit the data in full to a different person responsible for processing,
- Right of objection: You have the right to object to the processing of your data. We comply with your request unless there are legitimate reasons for processing the data,
- Right to revoke consent: When you consent to us processing your personal data, you have the right to revoke this consent. The data processing performed before the revocation does not lose its legality as a result of the revocation,
- Right to cease the unlawful processing of data,
- Right to establish the unlawfulness of processing data,
- Right to remedy the consequences of unlawful processing.
In order to be able to exclude the illegal use of data, we need to identify you (e.g. by means of a copy of your identity document, if necessary).
Please note that conditions, exemptions, or restrictions apply to these rights (e.g. for the protection of third parties or business secrets, or because of our professional duty of confidentiality).
You may send written requests regarding your rights to the contact center mentioned in point 1. We will comply with your request provided that no legal exemption or restriction exists.
You may, moreover, file a complaint with a local supervisory authority – in Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC) – if you are of the opinion that the processing of your personal data is in breach of the data privacy laws.