Introduction
Privacy is a matter of trust and your trust is very important to us. We therefore take the privacy of your data seriously and comply with the general terms of the Swiss Federal Act on Data Protection (FADP) (in the present and/or subsequent versions) and the EU General Data Protection Regulation (GDPR).
We are concerned with providing you with complete information about the processing of personal information. This Privacy Policy is intended to inform you of how and why we collect, process and use personal information. We also tell you about your rights vis-à-vis us in relation to your personal information.
Who are we?
Data processing operations under this Privacy Policy are generally under the responsibility of the following company ("we" or "us"):
PEDeus Ltd
Technoparkstrasse 1
8005 Zurich
Switzerland
info@pedeus.ch
+41 (0)44 521 73 80
What do we do?
In order to ensure optimal medical care for children, we have developed "PEDeDose”. "PEDeDose” is a database and calculator for pediatric indications, dosage recommendations and other information about the utilisation of pediatric medicines. "PEDeDose" will help you to properly adjust the dosage of medicines to the needs of children.
What is personal information and what does "processing” mean?
The processing of personal information is regulated by data protection laws. Personal data (or "personal information") means all information that can be associated with a certain individual, i.e., a person. Such information may include the following, for example:
- contact details (e.g., name, telephone number, e-mail address);
- other personal details (e.g., age);
- occupational information (e.g., education, profession, title).
In Switzerland, information relating to a certain legal entity is also considered personal information (e.g., information about a contract with a company).
The legislators provide special protection for certain personal information, including "sensitive personal data" ("special categories of personal data” such as healthcare data, among others).
"Processing" means any form of handling of personal information (collecting, storing, managing, using, transferring, disclosing and deletion of personal information).
Which personal information do we process, and to what purposes?
We process a variety of personal information according to the specific occasion and purpose of processing. In general, we process the following personal information:
- Personal details such as your name, address, e-mail address and telephone number;
- Information about your employer;
- Logging of your access to PEDeDose ("log data").
In addition, we process certain information that you make available about your patients. Such data cannot be used to identify the relevant patients. The anonymity of the patients is guaranteed. If you use PEDeDose, we process the children's details that you enter (date of birth, body weight, body length and other relevant information such as premature birth or gestational age at birth). We also process information about the selected indication in terms of the selected active ingredient, mode of application and medicine that may be available on the market. If you use our dosage check service, we process data concerning the dosage specification and personal data of the person who performed the dosage check to ensure the traceability of that person.
We generally collect your personal information directly from you, e.g., when you supply us with your personal information (for example, when you buy a licence to use "PEDeDose" or when you set up your logins) and when you communicate with us (e.g., telephone numbers, e-mail addresses) and in other business processes. We may also collect personal information from other sources, however, especially in connection with the following data and sources:
- information from public registers, e.g., the debt collection register and government agencies;
- data from private information providers, such as credit agencies or online service providers (e.g., web analytics services);
- information from the Internet and other media;
- information from online service providers, e.g., web analytics services that collect information on our website and use it for analyses (for more information, please see the section "How do we process personal information in connection with websites?");
- information from financial service providers, when you make payments;
- information about you that we receive from a company that you work for (e.g., name, contact details, title, position, etc.);
- information that other people tell us about you (e.g., in the course of administrative or judicial proceedings or in the course of communications with us).
We primarily process your personal information in order to offer and provide our services to you properly. We primarily process non-personal information about your patients in order to make decision-support directly available to you for the selection, dosage and application of medicines. We also use such data to update, expand and develop "PEDeDose” to help you improve your treatment of sick children.
In addition, we process your personal information for the purposes mentioned below or for purposes:
- of communicating with you and your employees as well as third parties;
- of customer service;
- to provide, manage, personalise, develop, improve and secure our website(s), (online) offers and the related services;
- to enter into contracts with you and carry them out;
- to enter into contracts with our suppliers, customers and business partners with whom you are connected, and for customer and supplier relationship management;
- in order to find out more about our customers and their behaviour and affinities and to evaluate and improve our products and services and advertising in connection with products and services;
- for advertising and marketing, e.g., to carry out events, contests, etc. and to distribute targeted information and marketing messages by post and e-mail (unless you opt out of such direct marketing);
- for market and opinion research;
- for the preparation and implementation of corporate acquisitions and sales and similar transactions;
- for the administration and management of our IT infrastructure and other resources;
- for accounting, archiving, educational and other administrative purposes;
- to monitor and improve our internal workflows;
- to monitor and comply with legal obligations, including orders by judicial and administrative authorities; for purposes of compliance and to detect, clarify and prevent misuse;
- to enforce our claims and the claims of our affiliates and to defend against judicial and administrative claims against us, our employees, our affiliates and contractual and business partners in Switzerland and abroad.
To whom do we disclose personal information?
Our employees have access to the above-mentioned personal information on a need-to-know basis for the above-described purposes. When handling such personal information, our employees act according to our instructions and are bound to maintain confidentiality and secrecy. In addition, we may disclose personal information to third parties when we wish to call upon their services (e.g., consultants or banks), including service providers and contractors (such as IT providers).
We may also share personal information with other companies, in some cases for their own purposes. In such cases, the information recipient is an independent data controller within the meaning of data protection law, e.g., in the situations described below.
- When we audit or implement transactions such as corporate mergers and acquisitions or sale of certain corporate divisions or their assets, we are required to disclose personal information to another company in so doing.
- We may disclose personal information to third parties (e.g., courts and government agencies in Switzerland and abroad), if required by law. We also reserve the right to process personal information in order to comply with court orders or to assert or defend against legal claims or if we deem it necessary for other legal reasons. In so doing, we may also share personal information with other parties involved in the proceedings.
- We may assign our debt claims against you to other companies, such as collection agencies.
When do we disclose personal information to foreign countries?
The recipients of personal information may be located outside Switzerland, including in countries that are member states of neither the EU nor EEA (European Economic Area). Such foreign countries may not have laws that protect personal information to the same extent as in Switzerland or in the EU or EEA Member States. When we wish to communicate personal information to such a state, we are required to ensure that the personal information is protected in an appropriate manner. One means of doing so is to enter into data communication agreements with the recipients of personal information to ensure the necessary data protection. Please contact us if you would like to have a copy of our data communication agreements relevant to your personal information (our contact details are featured in the section "Who are we?").
How do we process personal information in connection with our websites, newsletters and with PEDeDose?
If you visit our websites or use PEDeDose, we process personal information, including technical data such as the time of access, the duration of utilisation, the information viewed and the terminal used, to provide access to the websites and PEDeDose, for the sake of ensuring the IT security and improving user-friendliness. We also use “cookies” (files stored on your device when you use our websites or PEDeDose) and similar technologies such as "pixel tags" or "web beacons". Certain cookies are necessary in order for our websites or PEDeDose to work properly and are deleted automatically after use. We use other cookies in order to store your settings for subsequent use (e.g., your choice of language) or to collect anonymous statistics on the usage of our websites as well as PEDeDose.
We also make use of web analytics provided by companies such as Google, in the USA or worldwide. Such providers do not receive any personal information from us but they may collect information about behaviour during usage of PEDeDose and the websites in order to provide us with analyses on that basis.
To prevent the use of the technologies mentioned above, you can use your browser settings to disable the use of cookies and to delete stored cookies.
We embed YouTube and Vimeo videos into some of our websites. The operators of the respective plug-in are YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. If you visit a site that contains an embedded video, a connection to the operator’s servers is established. In the process, the operator is notified which sites you visit. If you are logged into your YouTube or Vimeo account, the operator is able to attribute your surfing patterns to you personally. You can prevent this by logging out of your account in advance. If a video is played, the provider uses cookies in order to collect details of user behaviour.
If you have deactivated the storage of cookies for the Google Ads program, you can also expect not to come across such cookies when watching YouTube videos. However, YouTube also uses other cookies to store user information that does not identify individual persons. If you wish to prevent this, you have to block the storage of cookies in the browser. For further information regarding data protection at YouTube please refer to the privacy policy of the provider.
We use MailChimp to send and manage newsletters. MailChimp is a service provided by the U.S. Rocket Science Group LLC. The e-mail addresses of newsletter recipients and data related to the mailout are stored by MailChimp in the U.S. MailChimp is certified under the U.S./EU and the U.S./CH Privacy Shield Agreement. Further information on the nature, scope and purpose of the data processing can be found in the MailChimp privacy notice and on the MailChimp information site.
We use online forms from Paperform Pty Ltd, 64 Tabrett St, Banksia, NSW 2216 Australia. When you visit a site, a connection is made to a Paperform server, which tells Paperform your IP address and the site you visited. When you submit a form, Paperform also processes the information you enter on our behalf. For information about Paperform's privacy policy, please visit this link.
Do we use automated decision-making?
"Automated decision-making” refers to a decision made automatically, i.e., without significant human intervention, that could have negative legal consequences for you, or other similar negative effects. We will notify you separately whenever we use automated decision-making.
How long do we store personal information?
We store the personal information in identifiable form so long as it is needed for the specific purpose for which we collected it, which, in the case of contracts, is at least for the duration of the contractual relationship. We also store personal information if we have a legitimate interest in such storage, e.g., for purposes of documentation, preservation of evidence, to assert our own claims and to defend against third-party claims. We also store personal information throughout the required statutory retention period.
How do we protect personal information?
We take appropriate technical security measures (e.g., encryption, pseudonymisation, logging, restricted access, data backups, etc.) and organisational security measures (e.g., instructing our employees, confidentiality agreements, monitoring, etc.) in order to safeguard the security of personal information, to protect it against unauthorised or unlawful processing and to mitigate the risk of loss, accidental modification, unintentional disclosure or unauthorised access.
What are your rights concerning the processing of personal information?
You can also object to the processing of your data at any time, especially data processing related to direct marketing (e.g., by opting out of promotional e-mails). Pursuant to the laws applicable to you, you are also entitled to information, rectification, erasure, restriction of processing, and objection to our data processing; you are also entitled to receive a free, easily understandable record of the personal information that you have supplied to us. You are also entitled to revoke your consent, but the legality of the data processing performed previously will not be affected thereby. You may also file a complaint with the competent data protection authority (in Switzerland, the Federal Data Protection and Information Commissioner). If you wish to exercise your rights, you can contact us at the above-mentioned address. It is our duty to ensure that your personal information is accurate and up-to-date. We therefore ask you to keep us up to date on any changes in your personal information by contacting us at the above-mentioned address.
What else needs to be considered?
We base our personal data processing on the following fundamental elements, in particular:
- performance of an agreement with the data subject or pre-contractual measures requested by the data subject;
- our legitimate interests (see GDPR Art. 6(1)(f)), including, for example: 1) customer service and customer communications, including on an extracontractual basis; 2) marketing activities; 3) becoming better acquainted with our customers and others; 4) improving our products and services and developing new ones; 5) fraud prevention and crime investigation; 6) protecting customers, employees and others, as well as PEDeus Ltd's data, trade secrets and assets; 7) ensuring IT security, especially in connection with the usage of websites, applications and other IT infrastructure; 8) ensuring and organising business operations, including operation and development of websites and other systems; 9) business management and development; 10) buying and selling corporations, corporate divisions and other assets; 11) enforcing our own legal claims and defending against third-party claims; and 12) compliance with Swiss law and our internal regulations;
- consent, in cases in which we ask you for your consent separately;
- a need to comply with statutory provisions.
Our processing of sensitive personal data is subject to narrower restrictions (for more information, read the section "What is personal information and what does "processing” mean?”). Such processing is permitted, for example:
- if you have you expressly consented to such processing without having revoked that consent;
- if the processing concerns personal information that the data subject has obviously disclosed to the public;
- if necessary for law enforcement purposes;
- if such processing is required in order to comply with certain statutory provisions.
Generally speaking, you are under no obligation to disclose personal information to us unless you are in a contractual relationship with us that creates such an obligation. We must collect and process at least such personal information as is necessary or legally required to start and implement a contractual relationship and to perform the associated obligations. Otherwise, we would be unable to enter into the relevant contract or continue to perform it. In practice, it is also necessary to process log data and certain other data related to website usage. In the course of communications, as well, we must process at least the personal information that you give us or that we give you.
Changes to this Privacy Policy
This Privacy Policy is subject to adjustments over time, especially whenever we change our data processing operations or new statutory provisions become applicable. In the event of significant changes, we actively report such changes to persons whose contact information is registered with us whenever it is possible to do so without disproportionate effort. In general, however, our data processing is governed by the version of the Privacy Policy current at the start of the relevant processing.