Extranet
DEEN
Extranet
DEEN

1. Introduction

Privacy is a matter of trust and your trust is very important to us. We therefore take the privacy of your data seriously.

We are concerned with providing you with complete information about the processing of personal information. This Privacy Policy is intended to inform you of how and why we collect, process and use personal information. We have based this Privacy Policy on both the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). Whenever “personal information” is used as a term in this Privacy Policy, it is meant to include “personal data” as defined in the GDPR. Whether and to what extent the GDPR is applicable, however, depends on the specific case.

We also tell you about your rights vis-à-vis us in relation to your personal information.

This Privacy Policy explains our processing of personal information, whenever:

  • you visit our website https://www.pedeus.ch/,
  • you use PEDeDose (see Section 3 below) or perform agreements in that context,
  • you are otherwise involved in a relationship with us under an agreement,
  • you communicate with us,
  • you register for certain other services (e.g. our newsletter),
  • you have dealings with us in connection with any other data processing operations related to our offers.

2. Who are we?

Data processing operations under this Privacy Policy are generally under the responsibility of the following company ("we" or "us"):

PEDeus Ltd
Technoparkstrasse 1
8005 Zurich
Switzerland
info@pedeus.ch
+41 (0)44 521 73 80

3. What do we do?

In order to ensure optimal medical care for children, we have developed PEDeDose. PEDeDose is a database and calculator for pediatric indications, dosage recommendations and other information about the utilisation of pediatric medicines. PEDeDose will help you to properly adjust the dosage of medicines to the needs of children.

4. What is personal information and what does "processing” mean?

The processing of personal information is regulated by data protection laws. Personal data  means all information that can be associated with a certain individual, i.e., a person. Such information may include the following, for example:

  • contact details (e.g., name, telephone number, e-mail address);
  • other personal details (e.g., age);
  • occupational information (e.g., education, profession, title).

The legislators provide special protection for certain personal information, including "sensitive personal data" ("special categories of personal data” such as healthcare data, among others).

"Processing" means any form of handling of personal information (collecting, storing, managing, using, transferring, disclosing and deletion of personal information).

5. Which personal information do we process, and to what purposes?

We process a variety of personal information according to the specific occasion and purpose of processing. In general, we process the following personal information:

  • The basic data and contact data that we need to handle our business relations or for marketing and advertising purposes, such as the form of address [Mr./Ms.], name, postal address, e-mail address and telephone no.; in the case of corporate contact persons, information is also included about relations with the company for which you work, and possibly resumes, certificates and proof of training and continuing education and professional qualifications, date of birth and nationality;
  • contract data that we need to carry out our services, such as pre-contractual data, details of formation of the contract itself, and the data necessary and/or used for processing (e.g. date, application process, information about the type and duration of the relevant contract and its terms and conditions, information about termination of the contract, contact information, information about payments and terms of payment, invoices, reciprocal claims, contacts with customer service, feedback, etc.;
  • technical data necessary to make use of our services, such as the login data for PEDeDose and the logging of your visits to PEDeDose ("log data") (for further details, see Section 6 below);
  • communication data necessary for our communications with you, e.g. whenever you contact us by using the contact form or other means of communication; such data may include your e-mail address and telephone number and the content of any correspondence.

In addition, we process certain anonymous information about your patients that you may provide when using PEDeDose.  If you use our dosage check service, we process data concerning the dosage specification and personal data of the person who performed the dosage check to ensure the traceability of that person.

We generally collect your personal information directly from you, e.g., when you supply us with your personal information (for example, when you buy a licence to use PEDeDose or when you set up your logins) and when you communicate with us (e.g., telephone numbers, e-mail addresses) and in other business processes. We may also collect personal information from other sources, however, especially in connection with the following data and sources:

  • information from public registers, e.g., the debt collection register and government agencies;
  • information to determine your occupation and/or employer, for example from private information providers such as credit reference agencies or online service providers (e.g. web analytics service providers), and from the media;
  • information from online service providers, e.g., web analytics services that collect information on our website and use it for analyses (for more information, please see the section "How do we process personal information in connection with websites, newsletters and with PEDeDose?");
  • information from financial service providers, when you make payments;
  • information about you that we receive from a company that you work for (e.g., name, contact details, title, position, etc.);
  • information that other people tell us about you (e.g., in the course of administrative or judicial proceedings or in the course of communications with us).

We primarily process your personal information in order to offer and provide our services to you. We process non-personal information about your patients in order to make decision-support directly available to you for the selection, dosage and application of medicines. We also use such data to update, expand and develop PEDeDose to help you improve your treatment of sick children.

In addition, we process your personal information for the purposes mentioned below or for purposes:

  • of communicating with you and your employees as well as third parties;
  • of customer service;
  • to provide, manage, personalise, develop, improve and secure our website(s), (online) offers and the related services;
  • to enter into contracts with you and carry them out;
  • to enter into contracts with our suppliers, customers and business partners with whom you are connected, and for customer and supplier relationship management;
  • in order to find out more about our customers and their behaviour and affinities and to evaluate and improve our products and services and advertising in connection with products and services;
  • for advertising and marketing, e.g., to carry out events, contests, etc. and to distribute targeted information and marketing messages by post and e-mail (unless you opt out of such direct marketing);
  • for market and opinion research;
  • for the preparation and implementation of corporate acquisitions and sales and similar transactions;
  • for the administration and management of our IT infrastructure and other resources;
  • for accounting, archiving, educational and other administrative purposes;
  • to monitor and improve our internal workflows;
  • to monitor and comply with legal obligations, including orders by judicial and administrative authorities; for purposes of compliance and to detect, clarify and prevent misuse;
  • to enforce our claims and the claims of our affiliates and to defend against judicial and administrative claims against us, our employees, our affiliates and contractual and business partners in Switzerland and abroad.

6. How do we process personal information in connection with our websites, newsletters and with PEDeDose?

If you visit our websites or use PEDeDose, we process personal information, including technical data such as the time of access, the duration of utilisation, the information viewed and the terminal used, to provide access to the websites and PEDeDose, for the sake of ensuring the IT security and improving user-friendliness. We also use “cookies” (files stored on your device when you use our websites or PEDeDose) and similar technologies such as "pixel tags" or "web beacons". Certain cookies are necessary in order for our websites or PEDeDose to work properly and are deleted automatically after use. We use other cookies in order to store your settings for subsequent use (e.g., your choice of language) or to collect anonymous statistics on the usage of our websites as well as PEDeDose.

We also make use of web analytics provided by companies such as Google, in the USA or worldwide. Such providers do not receive any personal information from us but they may collect information about behaviour during usage of PEDeDose and the websites in order to provide us with analyses on that basis.

To prevent the use of the technologies mentioned above, you can use your browser settings to disable the use of cookies and to delete stored cookies.

We embed YouTube and Vimeo videos into some of our websites. The operators of the respective plug-in are YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. If you visit a site that contains an embedded video, a connection to the operator’s servers is established. In the process, the operator is notified which sites you visit. If you are logged into your YouTube or Vimeo account, the operator is able to attribute your surfing patterns to you personally. You can prevent this by logging out of your account in advance. If a video is played, the provider uses cookies in order to collect details of user behaviour.

If you have deactivated the storage of cookies for the Google Ads program, you can also expect not to come across such cookies when watching YouTube videos. However, YouTube also uses other cookies to store user information that does not identify individual persons. If you wish to prevent this, you have to block the storage of cookies in the browser. For further information regarding data protection at YouTube please refer to the privacy policy of the provider at https://policies.google.com/privacy?hl=%20en&gl%20=de.

We use MailChimp to send and manage newsletters. MailChimp is a service provided by the U.S. Rocket Science Group LLC. The e-mail addresses of newsletter recipients and data related to the mailout are stored by MailChimp in the U.S. MailChimp is certified under the U.S./EU and the U.S./CH Privacy Shield Agreement. Further information on the nature, scope and purpose of the data processing can be found in the MailChimp privacy notice (https://www.intuit.com/privacy/statement/) and on the MailChimp information site (https://mailchimp.com/en/help/mailchimp-european-data-transfers/).

We use online forms from Paperform Pty Ltd, 64 Tabrett St, Banksia, NSW 2216 Australia. When you visit a site, a connection is made to a Paperform server, which informs Paperform your IP address and the site you visited. When you submit a form, Paperform also processes the information you enter on our behalf. For information about Paperform's privacy policy, please visit this link (https://paperform.co/privacy/).

7. To whom do we disclose personal information?

Our employees have access to the above-mentioned personal information on a need-to-know basis for the above-described purposes. When handling such personal information, our employees act according to our instructions and are bound to maintain confidentiality and secrecy. In addition, we may disclose personal information to third parties when we wish to call upon their services (e.g., consultants or banks), including service providers and contractors (such as IT providers).

We may also share personal information with other companies, in some cases for their own purposes. In such cases, the information recipient is an independent data controller within the meaning of data protection law, e.g., in the situations described below.

  • When we audit or implement transactions such as corporate mergers and acquisitions or sale of certain corporate divisions or their assets, we are required to disclose personal information to another company in so doing.
  • We may disclose personal information to third parties (e.g., courts and government agencies in Switzerland and abroad), if required by law. We also reserve the right to process personal information in order to comply with court orders or to assert or defend against legal claims or if we deem it necessary for other legal reasons. In so doing, we may also share personal information with other parties involved in the proceedings.
  • We may assign our debt claims against you to other companies, such as collection agencies.

8. When do we disclose personal information to foreign countries?

Personal data can be transferred abroad to our service providers located in the EEA, the USA and other countries, potentially worldwide. The recipients of personal information may be located outside Switzerland, including in countries that are member states of neither the EU nor EEA (European Economic Area). Such foreign countries may not have laws that protect personal information to the same extent as in Switzerland or in the EU or EEA Member States. When we wish to communicate personal information to such a state, we are required to ensure that the personal information is protected in an appropriate manner. One means of doing so is to enter into data communication agreements with the recipients of personal information to ensure the necessary data protection. Please contact us if you would like to have a copy of our data communication agreements relevant to your personal information (our contact details are featured in the section "Who are we?").

9. How long do we store personal information?

We store the personal information in identifiable form so long as it is needed for the specific purpose for which we collected it, which, in the case of contracts, is at least for the duration of the contractual relationship. We also store personal information if we have a legitimate interest in such storage, e.g., for purposes of documentation, preservation of evidence, to assert our own claims and to defend against third-party claims. We also store personal information throughout the required statutory retention period.

10. How do we protect personal information?

We take appropriate technical security measures (e.g., encryption, pseudonymisation, logging, restricted access, data backups, etc.) and organisational security measures (e.g., instructing our employees, confidentiality agreements, monitoring, etc.) in order to safeguard the security of personal information, to protect it against unauthorised or unlawful processing and to mitigate the risk of loss, accidental modification, unintentional disclosure or unauthorised access. Security risks cannot generally be ruled out completely; certain residual risks are unavoidable.

11. What are your rights concerning the processing of personal information?

You can also object to the processing of your data at any time, especially data processing related to direct marketing (e.g., by opting out of promotional e-mails). Pursuant to the laws applicable to you, you are also entitled to information, rectification, erasure, restriction of processing, and objection to our data processing; you are also entitled to receive an easily understandable record of the personal information that you have supplied to us. You are also entitled to revoke your consent, but the legality of the data processing performed previously will not be affected thereby. You may also file a complaint with the competent data protection authority (in Switzerland, the Federal Data Protection and Information Commissioner). If you wish to exercise your rights, you can contact us at the above-mentioned address. We ask you to keep us up to date on any changes in your personal information by contacting us at the above-mentioned address.

12. What is the underlying legal basis of our data processing?

Depending on the applicable law, a data processing operation may only be permitted if specifically allowed by the applicable law. That does not apply to data processing operations under the FADP, but to those under the GDPR, for example, to the extent that it is applicable (which can only be determined on a case-by-case basis). In that case, our processing of your personal data is based on the following legal grounds:

  • performance of an agreement with the data subject or pre-contractual measures requested by the data subject;
  • our legitimate interests (see GDPR Art. 6(1)(f)), including, for example: 1) customer service and customer communications, including on an extracontractual basis; 2) marketing activities; 3) becoming better acquainted with our customers and others; 4) improving our products and services and developing new ones; 5) fraud prevention and crime investigation; 6) protecting customers, employees and others, as well as PEDeus Ltd's data, trade secrets and assets; 7) ensuring IT security, especially in connection with the usage of websites, applications and other IT infrastructure; 8) ensuring and organising business operations, including operation and development of websites and other systems; 9) business management and development; 10) buying and selling corporations, corporate divisions and other assets; 11) enforcing our own legal claims and defending against third-party claims; and 12) compliance with Swiss law and our internal regulations;
  • consent, in cases in which we ask you for your consent separately;
  • a need to comply with statutory provisions.

Generally speaking, you are under no obligation to disclose personal information to us unless you are in a contractual relationship with us that creates such an obligation. We must collect and process at least such personal information as is necessary or legally required to start and implement a contractual relationship and to perform the associated obligations. Otherwise, we would be unable to enter into the relevant contract or continue to perform it. In practice, it is also necessary to process log data and certain other data related to website usage. In the course of communications, as well, we must process at least the personal information that you give us or that we give you.

13. Changes to this Privacy Policy

This Privacy Policy is subject to adjustments over time, especially whenever we change our data processing operations or new statutory provisions become applicable. In the event of significant changes, we actively report such changes to persons whose contact information is registered with us whenever it is possible to do so without disproportionate effort. In general, however, our data processing is governed by the version of the Privacy Policy current at the start of the relevant processing.

01.09.2023

Cookie Declaration