Data protection regulation
Contents
1. What is this privacy policy about?
2. Who is responsible for processing your data?
4. For what purposes do we process your data?
5. On what basis do we process your data?
6. Who do we share your data with?
7. Does your personal data also go abroad?
8. How long do we process your data?
9. How do we protect your data?
The sureVIVE SA (hereinafter also "we", "us") obtains and processes personal data that concerns people in your organization or people from your partner organizations (so-called "third parties"). We use the term "data" here synonymously with "personal data" or "personal data".
sureVIVE SA takes protecting the privacy of your employees seriously. When processing your personal data, it adheres to the applicable data protection law regarding the processing of personal data. With this privacy policy we inform you about the scope, purpose and manner in which your personal data will be processed by sureVIVE SA if you use our services or products (in particular the web application and mobile app "Momentum (PRO)"), are otherwise in contact with us within the framework of a contract, communicate with us or have other dealings with us.
If necessary, we will inform you of additional processing activities not mentioned in this data protection declaration by means of a timely written notice. In addition, we can inform you separately about the processing of your data, for example in declarations of consent, contractual conditions, additional data protection declarations, forms and notices.
If you provide us with information about other people, we will assume that you are authorized to do so and that this information is accurate. By transmitting data via third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy policy.
This data protection declaration is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR") and the Swiss Data Protection Act ("DSG"). However, whether and to what extent these laws are applicable depends on the individual case.
Protection law, the organization name, address (the "organization name abbreviated") is responsible for the data processing described in this data protection declaration, unless otherwise communicated in individual cases.
You can contact us for your data protection concerns and to exercise your rights in accordance with Section 11 as follows:
sureVIVE SA
Via Rime 38
6850 Mendrisio
Switzerland
info@surevive.ch
We process different categories of data about you. Personal data refers to information that relates to an identified or identifiable natural person, e.g. B. Title, first name, last name, date of birth, address, email address, etc.
The main categories of data are as follows:
- The personal data of the emergency services, as part of their registration and the events respectively. Missions in which they took part are processed as follows:
- Personal data of patients that are related to an event or processed in one use:
- Event and deployment data that further qualify the type, location, operational sequence and the alerted group
- AED device location and metadata that can be captured and displayed to responders
- Technical data, utilized in conjunction with our services and products, may include (but is not limited to):
- Communication data: If you are in contact with us by email, telephone or chat, by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the peripheral data of the communication. If we want or need to determine your identity, e.g. in the event of a request for information you have made, a request for media access, etc., we collect data to identify you. We retain this data for as long as this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons. Emails in personal mailboxes and written correspondence are generally retained for at least 10 years.
- Master data: We refer to master data as the basic data that we need in addition to the contract data (see below) to process our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, for example about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person for a business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner. We receive master data from you, from departments you work for, or from third parties such as our contractual partners, associations and from publicly accessible sources such as public registers or the Internet (websites, etc.). We generally store this data for a period of 10 years following our last interaction with you, or at least until the conclusion of the contract. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons. For purely marketing and advertising contacts, the deadline is usually much shorter.
- Contract data: This includes data that arises in connection with the conclusion or processing of the contract, e.g. information about contracts and the services to be provided or already provided. Additionally, it includes data from the period leading up to the conclusion of a contract, as well as the information required or used for processing and information about reactions (e.g. complaints or information about satisfaction etc.). We generally collect this data from you, from contractual partners and from third parties involved in the execution of the contract, but also from third-party sources and from publicly accessible sources. We generally retain this data for 10 years from the date of the last contractual activity, or at least until the conclusion of the contract. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements or for technical reasons.
- Other data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data may be generated (such as files, evidence, etc.) that could pertain to you. We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. on occasions, through security cameras, etc.). We may also collect data about who enters certain buildings, their corresponding access rights (including access controls based on registration data or visitor lists, etc.), participation in events or promotions (e.g. competitions) and usage of our infrastructure and systems. The retention period of this data depends on the purpose and is limited to what is necessary.
We process your data for the purposes that we explain below.
- We process your data in order to deploy people in your organization or people from your partner organizations to a rescue operation, to process it and to complete it. If you take part in an event or if you take part in an operation, your data will be processed for the organization and implementation of the operation, in particular to provide you and the emergency services involved in the operation with a situation report. For this purpose, in addition to the operations center, the people who manage the operation also have access to your data via the web application and, if necessary, via the mobile app.
- We process your data for purposes related to communicating with you, in particular to answer inquiries and assert your rights and to contact you if you have any questions. This also includes services related to Momentum (PRO) support. For this purpose, we use communication data and master data in particular and also technical data in connection with the offers and services you use. We retain this data to document our communications with you, for training purposes, for quality assurance and for inquiries.
- We process your data to establish, manage and process contractual relationships.
- We process data for marketing purposes and to maintain relationships, for example, to send our customers and other contractual partners personalized advertising about products and services.
- We continue to process your data for market research, to improve our services and operations and for product development.
- We may also process your data for security purposes and access control.
- We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations ("compliance").
- We also process data for our risk management purposes and as part of prudent corporate governance, including operational organization and corporate development.
- We may process your data for other purposes, for example as part of our internal processes and administration.
If we ask you for your consent for certain processing operations, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with future effect by sending written notice (by post); Our contact details can be found in section 2. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for this. Revoking your consent will not affect the lawfulness of the processing carried out based on your consent before its revocation.
Where we do not ask for your consent for processing, we will base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or a third party have a legitimate interest in particular in order to pursue the purposes and associated goals described above in section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with legal regulations, unless this is already recognized as a legal basis by the applicable data protection law. This also includes the marketing of our products and services, the interest in better understanding our markets and the safe and efficient management and further development of our company, including operational functions.
If we receive sensitive data (e.g. health data, information about political, religious or philosophical views or biometric data for identification), we may also process your data based on other legal bases, for example in the event of a dispute due to the need for processing for any legal process or the enforcement or defence of legal claims. In individual cases, other legal reasons may apply, which we will communicate to you separately if necessary.
In connection with our contracts, services and products, legal obligations or other actions to otherwise protect our legitimate interests as well as the other purposes listed in Section 4, we also transmit your personal data to third parties, in particular to the following categories of recipients:
- Service providers: We work with service providers at home and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us on their own responsibility.
- Contractual partners including customers: This initially refers to our customers (e.g. service recipients) and other contractual partners of ours, because this data transfer results from these contracts. If you work for such a contractual partner yourself, we may also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate.
- Authorities: We can pass on personal data to authorities, courts and other authorities at home and abroad if we are legally obliged or authorized to do so or if this appears necessary to protect our interests. The authorities are responsible for processing data about you that they receive from us.
- Other organizations or persons: This refers to other cases where the involvement of third parties results from the purposes set out in section 4
All of these categories of recipients may in turn involve third parties so that your data can also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).
Personal data related to rescue operations in accordance with Section 4 will be stored and processed in the "Microsoft Azure" cloud platform of Microsoft Corporation, One Microsoft Way, Redmond, Washington, 98052-6399 USA, whereby the Microsoft Privacy Statement [1], the Online Services Terms [2]and the Data Protection Addendum [3]guarantee appropriate legal data protection. Regarding the cloud services used, sureVIVE SA ensures that, whenever available, "Microsoft Azure" cloud services in the northern and western regions of Switzerland are used.
As explained in Section 6, we also disclose data to other bodies if necessary. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the European Commission's revised Standard Contractual Clauses, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? are available) unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception provision.
An exception may apply in particular, in legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally accessible and the processing of which you have not objected to.
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require it, or for as long as storage is required for technical reasons. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our usual processes.
We take appropriate technical and organizational security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, accidental alteration, unwanted disclosure or unauthorized access.
To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:
- The right to request information from us as to whether and what data we process about you;
- The right for us to correct data if it is inaccurate;
- The right to request deletion of data;
- The right to request that we release certain personal data in a common electronic format or to transfer it to another responsible person;
- The right to withdraw consent to the extent that our processing is based on your consent;
- The right to request further information necessary to exercise these rights;
If you wish to exercise the above rights against us, please contact us in writing, at our location or, unless otherwise stated or agreed, by email; Our contact details can be found in Section 2. Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or data protection, please let us know (Section 2). You also have the right to complain to your country's data protection supervisory authority. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en. The UK regulator can be contacted here: https://ico.org.uk/global/contact-us/. You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.
sureVIVE SA can adjust this privacy policy at any time. sureVIVE SA will inform you of any changes in an appropriate form.
|
|
[1]https://privacy.microsoft.com/de-de/privacystatement
[2]https://www.microsoft.com/licensing/terms/de-DE/product/ForallOnlineServices
[3]https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwwlpdocumentsearch.blob.core.windows.net%2Fprodv2%2FMicrosoftOnlineServicesDPA(WW)(English)(Dec9%252C2020) (CR) 3D&wdOrigin=BROWSELINK