Privacy Statement

If you use the services of our company via our website, your personal data may be processed. As a rule, we only conduct such processing with the prior consent of the user on the legal basis of point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

This Privacy Statement explains which personal data are processed by us, the type of processing that is conducted, and the purpose of the processing. Furthermore, reference is made to the rights of the data subject.

Our company has implemented numerous technical and organizational measures to ensure that protection of the personal data processed via our websites is as complete as possible. Nevertheless, absolute security cannot be guaranteed since there may be security gaps in the transmission of data, and in particular in the online transmission of data.

The terms used in this Privacy Statement are based on the terms used in the EU General Data Protection Regulation (GDPR).

1. Name and address of the controller

The controller pursuant to the General Data Protection Regulation, other national data protection laws of the Member States of the European Union, and other data protection provisions is:

Hamilton Medical AG
Via Crusch 8
7402 Bonaduz

Switzerland

Tel.: +41 58 610 10 20
Website: www.hamilton-medical.com

2. Cookies

Our websites use cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. That cookie contains a string of characters (cookie ID) that enables clear identification of the browser and recognition of the user when the website is visited again.

That enables us to provide more user-friendly services to users of our website than would be possible without using cookies.

Users of our website can permanently disable cookies at any time by adjusting the settings of the used internet browser accordingly. Furthermore, already stored cookies can be deleted at any time via the relevant internet browser or other software programs.

3. Collection of general data and information

Our websites collect various general data and information whenever they are accessed by a data subject or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:

  1. browser types and versions used,
  2. the operating system used,
  3. the website from which a system accesses our website,
  4. the subpages that the system accessing our website navigates to,
  5. the date and time of access to the website,
  6. the IP address,
  7. the internet service provider of the system accessing the website, and
  8. other similar data and information that serve to protect our information technology systems in the case of attacks.

The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they serve the following purposes:

  1. correct provision and display of the content of our website
  2. optimization of the website content and advertising the website
  3. ensuring the long-term functionality of our website
  4. provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.

4. Registration on our website

Our website provides users with the possibility of registering with their personal data to use our services (such as e-learning and simulation software). The data are entered using a data entry form on the website and are transmitted to us and stored at the controller. The respective data entry form used for registration indicates which personal data are transmitted to us. The personal data entered by the data subject are solely collected and stored for internal use and for our own purposes. The data may be used for occasional provision of information about our services and for optimizing our services and marketing activities. When using our e-learning service, the user's learning status and test results are also stored so that the user can be shown his/her learning progress. 

When registering, other data, such as the date and time of registration, are stored in addition to the personal data that are entered using the data entry form. The purpose of such collection and storage is to prevent abuse of our services and, if required, disclosure of the data for the investigation of any criminal offenses. These data are not disclosed to third parties as a rule, unless there is a statutory obligation to disclose the data or disclosure of the data serves the purpose of law enforcement.

Registered persons may modify the data provided by them at any time or have the data erased by us at any time, providing that this is not in conflict with any statutory retention periods.

Every data subject has the right to obtain information about the above.

5. Subscription to our newsletter

Our website offers users the possibility of subscribing to a free newsletter. When registering for the newsletter, data such as the user's surname, first name, e-mail address, and country, are transmitted to us via the data entry form.

As a rule, our company's newsletter can only be received if (1) the data subject has a valid e-mail address, and (2) the data subject registers for the newsletter.

For legal reasons, before the first newsletter is sent, a confirmation e-mail is sent to the e-mail address entered by the data subject as part of a double-opt-in process. That confirmation e-mail is designed to check whether the owner of the e-mail address has authorized receipt of the newsletter.

When registering for the newsletter, the IP address, date, and time of the registration are also stored. The collection of that data is necessary in order to be able to trace (potential) abuse of the e-mail address of a data subject in the future.

The personal data collected during registration for the newsletter are used for

  • sending our newsletter
  • notifying the newsletter subscriber of changes to the newsletter service, or
  • technical changes to the newsletter service.

Personal data collected in the scope of the newsletter service will not be shared with third parties. Users of the newsletter service may cancel their subscription at any time. Consent to the storage of the personal data required for the user to be sent the newsletter may likewise be withdrawn at any time. Each newsletter contains a link under which consent may be withdrawn.

6. Newsletter tracking

Our newsletters may contain tracking pixels so that we can gear the content of our newsletters more closely to the information requirements of recipients. Those tracking pixels are miniature graphics embedded in an e-mail sent in HTML format that enable analysis of whether and when the relevant e-mail was opened, and which links contained in the e-mail were followed.

The personal data collected using tracking pixels are stored by us and statistically analyzed to optimize the newsletter service as described above. The collected data are not shared with third parties. The user may withdraw his/her consent to newsletter tracking at any time. If the user unsubscribes from the newsletter, we automatically deem that as withdrawal of consent. Following withdrawal of consent, the collected personal data will be erased, unless they were collected for other purposes (such as the use of services requiring registration).

7. Contact options via our website

Our website contains contact forms enabling users of the website to contact our company directly and quickly and to request information. If a user contacts us using such a form, the personal data entered are automatically stored by us.  The data entry form indicates which personal data are sent to us. The data are collected in order that an employee of our company or of a processor can contact or send further information to the person whose data were entered using the data entry form.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data that are sent by e-mail are stored for the purpose of contacting the user.

The collected data are only collected and stored for our own purposes and used for optimization of our marketing activities. The personal data may be transferred to one or more processors. The processing conducted by the processor will likewise be conducted solely for our internal use.

8. Rights of the data subject

If your personal data are processed and you are a data subject pursuant to the GDPR, then you may have the following rights vis-à-vis the controller:

a) Right of access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning yourself are being processed by us.

Where that is the case, you have the right to obtain the following information from the controller:

  1. the purposes of the processing of the personal data;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom personal data concerning yourself have been or will be disclosed;
  4. the envisaged period for which personal data concerning yourself will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data concerning yourself, or restriction of processing of personal data by the controller, or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information about whether personal data concerning yourself are transferred to a third country or an international organization. You have the right to obtain information about appropriate safeguards pursuant to Article 46 GDPR with respect to such transfer of data.

b) Right to rectification

You have the right to require the controller to rectify or complete processed personal data concerning yourself if such data are incorrect or incomplete. The controller shall rectify the data without undue delay.

c) Right to restriction of processing

You have the right to obtain restriction of processing of personal data concerning yourself in the following cases:

  1. the accuracy of personal data concerning yourself is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, or
  4. if you have objected to processing pursuant to Article 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning yourself has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.

d) Right to erasure

I. Obligation to erase data

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. personal data concerning yourself are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. you withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. personal data concerning yourself have been unlawfully processed.
  5. personal data concerning yourself have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. personal data concerning yourself have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

II. Informing third parties

Where the controller has made personal data concerning yourself public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

III. Derogations

The right to erasure does not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise, or defense of legal claims.

e) Right to be informed

If you have obtained rectification, deletion or restriction of processing from the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

f) Right to data portability

You have the right to receive the personal data concerning yourself which you have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and
  2. the processing is carried out by automated means.

In exercising that right, you also have the right to have personal data concerning yourself transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by exercise of that right.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process personal data concerning yourself unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning yourself are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, personal data concerning yourself shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

h) Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

i) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. That does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and a data controller,
  2. is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Note: our company does not conduct automated decision-making using personal data.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

9. Privacy in job application processes

Application documents may be submitted electronically via our website. We will solely collect and process the submitted personal data for the purpose of conducting the application process. If our company appoints the applicant, the personal data will be stored for administration of the employment. If the applicant is not appointed, the submitted documents and data will be deleted 6 months after notification of the rejection.

10. Privacy policy concerning deployment and use of social media elements

Components of various social media, such as Facebook, Google+, LinkedIn, YouTube, Twitter and Instagram, are integrated into our website.

If a user accesses one of our websites with such an integrated social media element, that component allows the display of components retrieved from the server of the operator of the social media components.

Furthermore, once the user visits our websites, a direct connection is created via the social media components between your browser and the server of the operator of the social media components. Each time our website or subpages of our website are accessed, the operator receives information about which specific websites and subpages are visited by the user with the corresponding IP address.  Please note that we are not informed of the content of the transmitted data and the use of such data by the operator.

Once the user clicks on a link to one of the social media components, the subpage of the operator of the social media components opens in a new browser window and shows content of the controller. Please note that the websites linked to by the social media components are not operated by us, so this Privacy Statement does not apply to those websites. Furthermore, for the afore­mentioned reason, we cannot assume any liability for the protection of personal data when accessing such websites.

For further information on the privacy policies of the integrated social media components, please see

Facebook: https://www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy?hl=en

Twitter: https://twitter.com/privacy?lang=en

Instagram: https://www.instagram.com/about/legal/privacy/

11. Privacy policy concerning the deployment and use of Google Analytics (with anonymization)

The Google Analytics data traffic analysis service (with anonymization) is integrated into our website.

The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics collects and analyzes data about user behavior on specific websites. Such data include visits to websites and their subpages, the length of time spent on the website, and the website from which the user accessed the website that uses Google Analytics.

The purpose of web analysis using Google Analytics is to optimize our website and to perform a cost/benefit analysis for online advertising.

Google Analytics uses cookies (see the section on "Cookies") that are stored on the user's computer and that enable analysis of the user's use of our website. In general, the data stored in the cookie are transmitted to a Google server and stored there.

Google Analytics is used on our website with the "anonymizelp" extension for anonymization. That anonymization function truncates the IP address of the user accessing the website once the user is recognized to be within the European Union or another signatory state to the Agreement on the European Economic Area. The IP address transmitted by your browser in the scope of Google Analytics is not merged with other data held by Google.

The data transmitted to Google are used on our behalf to analyze the use of our website, to compile website activity reports, and to perform further services related to website use and internet use. Any data transmitted by us that are linked with cookies, user identification (e.g. user ID), or advertising IDs are automatically erased after 14 months. The data are automatically erased once a month following expiry of their retention period.

For further information on the terms of service and privacy policy of Google Analytics, please see

https://www.google.com/analytics/terms/gb.html (Great Britain)

https://www.google.com/analytics/terms/us.html (United States of America)

https://policies.google.com/?hl=en

You may prevent the storage of cookies by adjusting your browser settings accordingly; however please note that if you do so you will not be able to use the full functionality of this website. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future. To prevent collection by Google Analytics on multiple devices, you need to opt out on all systems used.

12. Privacy policy concerning the deployment and use of ClickDimensions

We use ClickDimensions marketing and analysis software.

The operator of ClickDimensions is ClickDimensions LLC., 5901 Peachtree Dunwoody Road, NE suite B500 Atlanta, GA 30328, USA. ClickDimensions has certified its compliance with the EU-US Privacy Shield and the Swiss-US Privacy Shield.

ClickDimensions collects and analyzes data about user behavior on specific websites. Such data include visits to websites and their subpages, the length of time spent on the website, and the website from which the user accessed the website that uses ClickDimensions.

The purpose of using ClickDimensions is the provision of targeted information on the basis of your behavior on our website (including its subpages) and the related optimization of our marketing activities.

ClickDimensions uses cookies (see the section on "Cookies") that are stored on the user's computer and that enable analysis of the user's use of our website. In general, the data stored in the cookie are transmitted to a ClickDimensions server and stored there.

The data transmitted to ClickDimensions are used on our behalf to analyze the use of our website, to compile website activity reports, and to perform further services related to website use and internet use. Any data transmitted by us that are linked with cookies, user identification (e.g. user ID), or advertising IDs are flagged for erasure on request. The data are automatically erased once a month.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly.

For the applicable ClickDimensions privacy policy, please see

http://clickdimensions.com/about/privacy-policy/

13. Privacy policy concerning the deployment and use of Google Remarketing

Google Remarketing services are integrated into our website.

The operator of Google Remarketing is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display targeted advertising. After visiting one of our websites, the user may subsequently be shown targeted advertising messages of our company on other websites visited by the user within the Google advertising network. That is achieved by using cookies, which store personal information (see the section on "Cookies").

By storing the cookie, Google obtains knowledge of personal data, such as the IP address of the user, since such personal data are transmitted to Google in the USA. Those personal data are stored by Google in the USA. Google may share those personal data with third parties.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future.

Furthermore, the data subject may disable personalized advertising by Google by opening https://adssettings.google.com from each internet browser used and adjusting the settings there accordingly.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en

14. Privacy policy concerning the deployment and use of Google+

Components of the Google+ social network are integrated into our website. The operator of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

If a user visits one of our websites with an integrated Google+ element, that component allows the display of components retrieved from Google+. In addition, Google obtains information about the specific websites and subpages that are visited by the user.

For further information about Google+, please see

https://developers.google.com/+/

If the data subject is simultaneously signed in to a Google+ user account, Google detects which specific subpage/s of our website the data subject visits each time the data subject visits our website and for the entire duration of the respective visit to our website. That information is collected by the Google+ components and linked by Google+ to the Google+ user account of the data subject. If the data subject makes a Google+1 recommendation by clicking on one of the Google+ buttons integrated into our website, Google+ links that information with the signed-in Google+ user account, stores those personal data, and makes them publicly accessible in accordance with the relevant terms and conditions accepted by the data subject.

A Google+1 recommendation made by the data subject on this website is subsequently stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored for that account, in other Google services, the Google account of the data subject, or elsewhere. In addition, Google is able to link the visit to this website with other personal data stored at Google. Furthermore, Google records that personal information for the purpose of improving or optimizing the various Google services.

If you do not wish Google+ to be able to link the visit to our websites to your Google+ user account, please log out of your Google+ user account.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en 

For further information about the Google+1 buttons policy, please see

https://developers.google.com/+/web/buttons-policy

15. Privacy policy concerning the deployment and use of Google AdWords

The Google AdWords advertising optimization service is integrated into our website.

The operator of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google AdWords is used to advertise our website by displaying relevant advertising on the websites of third-party companies and in Google search engine results.

If a data subject accesses our website via a Google ad, Google stores a conversion cookie (see the section on "Cookies") on the computer of the data subject. The conversion cookie expires after thirty days and does not serve to identify the data subject. The conversion cookie indicates whether specific subpages on our website have been visited. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via an AdWords ad has generated sales, i.e. has completed or canceled a purchase.

The data and information collected using the conversion cookie are used by Google to generate traffic statistics for our website. Neither our company, nor other Google AdWords advertising customers receive information from Google enabling identification of the data subject.

By storing the cookie, Google obtains knowledge of personal data, such as the IP address of the user, since such personal data are transmitted to Google in the USA. Those personal data are stored by Google in the USA. Google may share those personal data with third parties.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future.

Furthermore, the data subject may disable personalized advertising by Google by opening this link

https://adssettings.google.com

from each internet browser used and adjusting the settings there accordingly.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en

16. Duration of storage of personal data

Personal data are stored for a duration corresponding to the respective statutory retention period. Following expiry of that period, the relevant data are routinely erased, provided they are no longer required for fulfillment of contractual obligations or for taking steps prior to entering into a contract.