Privacy notice
We take the protection and security of our employees’, business partners’ and customers’ data seriously. This is why we are very strict about protecting your privacy when processing and using personal data. Insofar as we do collect personal data (e.g. your name, address or other contact details), we only process and use it in compliance with the applicable data protection regulations. The following section explains how we collect personal data during your use of this website. Personal data are all of the data by which a person can be identified, such as their name, address, email addresses and user behaviour. This privacy notice is governed by Swiss law and in particular the Swiss Federal Data Protection Act (FADP). Where applicable, the regulations of the European Union (EU), and the EU General Data Protection Regulation (GDPR) in particular, will also be taken into account. The information on this website is provided for information purposes only and does not constitute any medical advice or treatment recommendations. This website is primarily aimed at persons located in Switzerland.
1. Controller & data protection officer
The controller responsible for the collection, processing and use of your personal data in the meaning of the GDPR is PHOENIX Pharma Switzerland AG, Mönchmattweg 5, CH-5035 Unterentfelden, Switzerland.
Our data protection officer can be contacted at datenschutz.CH@~@phoenixgroup.eu or by sending a letter to our postal address and marking it as for the attention of ‘the data protection officer’.
2. Collection of personal data when visiting our website
(1) When our website is visited for information purposes only, i.e. if a person does not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following essential data, which we need in order to be able to display our website to you and to ensure its consistency and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content request (specific page)
- Access status/HTTP status code
- Amount of data transferred
- Referring URL
- Browser
- Operating system and interface
- Browser language and version
(2) In addition to the above data, we will also store cookies on your computer when you use our website. Cookies are small text files that are stored on your hard drive by your browser that provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your computer. They are designed to make websites as a whole more user-friendly and effective.
(3) Cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. The most frequently used type of transient cookies are session cookies. Session cookies store a ‘session ID’, which make it possible to link various requests submitted by your browser to a single session. This allows our website to recognise your computer when you return. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a set period, which varies from cookie to cookie. You can delete cookies at any time using the security settings of your browser.
d) You can configure your browser settings to suit your preferences and, for example, decline third-party cookies or all cookies. Please note that, in that case, you may not be able to use all of this website’s features.
e) If you hold an account with us, we will use cookies in order to be able to identify you every time you visit our website again. Without these cookies, you would need to log in again at each visit.
f) The Flash cookies used are not captured by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your end device. These objects store the required data independently of the browser you use and do not have an automatic expiry date. If you want to block Flash cookies, you will need to install a corresponding add-on, such as ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash cookie cleaner for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.
(3) You can obviously also view our website without the use of cookies. Web browsers tend to be configured to accept cookies by default. However, you can generally refuse the use of cookies through the options in your browser settings. Please use your web browser’s help section to find out how to change these settings. Please note that some of our website’s features may not work if you have disabled the use of cookies.
(4) The legal basis for processing this data in accordance with the above provisions is Art. 13(2) FADP and, where applicable, Art 6(1)(f) GDPR. We process this data in particular for the purpose of enabling use of the website by ensuring its consistency and security. Unless stated otherwise, we store personal data only for as long as necessary to fulfil the purposes for which it was collected.
(5) Wherever we use authorised third-party providers to provide some of our website features or wherever we would like to use your data for advertising purposes, we will set out the details of the relevant processes below. When doing so, we will also provide information on storage period criteria.
3. Email contact
If you contact us (e.g. through the contact form or by email), we will store your details in order to process your query and for any follow-up questions. We will delete this data when there is no longer any need for it or will restrict its processing if there is a legal requirement to keep it. We only store and use other personal data where you consented to the same or where legally permitted without special consent.
4. Job applications
You can submit your application for a position with us through the email address provided or through the corresponding web form. Your application documents will be treated in strict confidence, will not be disclosed to any third party outside Amedis and will only be processed with a view to filling the position for which you have applied. Unless you expressly consent to the contrary, your (electronic) application dossier will be deleted/destroyed once the application process has been completed, unless there is a legal obligation to retain the same.
5. Data transfer
Based on our legitimate commercial interests, we may disclose data to other PHOENIX group members and third parties where necessary for the performance of a contract. These recipients many also be located in other countries which may not have equivalent data protection standards. We and our Group companies ensure that data is protected by means of standard contractual data protection clauses in accordance with Art. 46(2)(c) of the EU General Data Protection Regulation and Art. 6(2)(a) FADP.
Any external service providers that come into contact with personal data are required to implement legal, technical and organisational measures to comply with data protection regulations.
6. Your rights
The following section contains information on your rights under the GDPR:
Right to access
You have the right to obtain information on whether we will be processing your personal data. Where applicable, you have the right to obtain information on the data being processed in accordance with Art. 8 FADP and, if applicable, in accordance with Art. 15 GDPR.
Right to rectification
In accordance with Art. 15 FADP and, where applicable, with Art. 16 GDPR, you have the right to demand the rectification or correction of incorrect data pertaining to your person.
Right to erasure
With reference to Art. 15 FADP and, where applicable, Art. 17 GDPR, you have the right to request the deletion of your personal data, provided there is no legal obligation to retain the same.
Right to restriction of processing
You have the right to request the restriction of the processing in accordance with Art. 15 FADP and, where applicable, with Art. 18.
Right to data portability
You have the right to request that the personal data you have provided to us be handed over to you or transferred to other responsible persons.
Right to object
You have the right to object to the processing of your personal data at any time in accordance with Art. 15 FADP and, where applicable, with Art. 21 GDPR.
Right to withdrawal
In accordance with Art. 7(3) GDPR, you have the right to withdraw your consent to processing your personal data with future effect.
Right to lodge a complaint with a supervisory authority
Within Switzerland, individuals do not have the right to submit a complaint to a supervisory authority. If the GDPR applies, individuals do have the right to submit a complaint to the relevant data protection supervisory authority.
7. Reporting system for data privacy incidents
The PHOENIX group, i.e. PHOENIX Pharmahandel GmbH & Co KG and its affiliated companies, have set up a very user-friendly online reporting system for employees, business partners, customers, and third parties for reporting data privacy incidents or problems. These reports are taken seriously, are regularly reviewed, acted upon and used to improve personal data protection.
This group-wide reporting system can also be used by individuals within Switzerland. It can be accessed at any time at:
phoenixgroup-databreach.integrityplatform.org
In order to make it easier and quicker for you to understand how this reporting system works, we have provided a few answers to frequently asked questions below:
When should I report an incident?
The PHOENIX group must notify the supervisory authority within 72 hours of becoming aware of an incident. This means that all incidents must be reported immediately through the online reporting tool.
Which data privacy incidents need to be reported and how?
Every incident involving personal data has to be reported to the data protection officer via the online reporting tool.
What is a data privacy incident?
A data privacy incident is any event that has led or could lead to an accidental or deliberate loss of personal data (electronic or paper) or the destruction of data, or unauthorised access to data (e.g. loss or theft of laptops, smartphones, paper documents, prescriptions).
What happens after I submit a report?
The data protection officers will review the report and contact you for further information or, where necessary, will support you with any measures required as a result of the incident.
8. General
We reserve the right to modify our privacy policy. This may be necessary in particular as a result of technological advances. For this reason, we recommend reading the privacy policy from time to time, making sure to refer to the current version.
If you have any further questions regarding the processing of your personal data, please contact the relevant data protection officer.
