With this privacy policy, we inform you about the personal data we process in connection with our activities and services, including our BrainCare website. We provide information in particular on what, how, and where we process personal data. We also inform about the rights of individuals whose data we process.

1. Contact Addresses

Responsible for the processing of personal data:

BrainCare Medical Group GmbH

Bürglistrasse 11

CH-8002 Zurich

info@braincare.swiss

We point out if there are other responsible parties for the processing of personal data in individual cases.

2. Terms and Legal Basis

2.1 Terms

Personal data are all information related to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular storage, disclosure, procurement, collection, deletion, storage, modification, destruction, and use of personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

3. Type, Scope, and Purpose

We process personal data that is necessary to carry out our activities and services permanently, user-friendly, securely, and reliably. Such personal data can fall into categories such as inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, and contract and payment data. We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data whose processing is no longer necessary is anonymized or deleted. We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer personal data to third parties. Such third parties are in particular specialized service providers whose services we use. We also ensure data protection with such third parties. We generally process personal data only with the consent of the data subject, unless processing is permitted for other legal reasons, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests, because processing is evident from the circumstances, or after prior information. In this context, we process in particular information that a data subject voluntarily transmits to us when contacting us – for example, by mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We can store such information, for example, in an address book, in a customer relationship management system (CRM system), or with similar tools. If we receive data about other persons, the transmitting persons are obliged to ensure data protection towards such persons and to ensure the accuracy of such personal data. We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of carrying out our activities and services, provided and to the extent that such processing is permitted for legal reasons.

4. Applications

We process personal data about applicants to the extent necessary to assess their suitability for employment or for the subsequent implementation of an employment contract. The required personal data results in particular from the information requested, for example, in the context of a job advertisement. In addition, we process personal data that applicants voluntarily provide, in particular as part of cover letters, resumes, and other application documents.

5. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process or have it processed there.

We may disclose personal data to all countries and territories on Earth and elsewhere in the universe, provided that the law there guarantees adequate data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or according to a decision of the Swiss Federal Council. We may disclose personal data to countries whose law does not guarantee adequate data protection, provided that adequate data protection is guaranteed for other reasons, for example, by appropriate contractual agreements, based on standard data protection clauses, or with other appropriate guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide information to data subjects upon request about any guarantees or to provide a copy of guarantees.

6. Rights of Data Subjects

Data subjects whose personal data we process have rights according to Swiss data protection law. These include the right to information as well as the right to correction, deletion, or blocking of the processed personal data.

Data subjects whose personal data we process have a right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

7. Data Security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security. Access to our website is via transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar. Our digital communication is subject to – like basically any digital communication – mass surveillance without cause and suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence agencies, police stations, and other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data do not have to be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as “session cookies” or for a certain period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, enable a browser to be recognized the next time our website is visited and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example. Cookies can be completely or partially deactivated and deleted in the browser settings at any time. Without cookies, our website may not be fully available. We request – at least if and to the extent necessary – active express consent to the use of cookies. For cookies used for success and reach measurement or for advertising, a general objection (“opt-out”) is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

For each access to our website, we may collect the following information, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, the last web page called up in the same browser window (referrer). We store such information, which can also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.

8.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can collect the same information as in server log files.

9. Notifications and Communications

We send notifications and communications by email and through other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We need this statistical recording of usage for the success and reach measurement, to be able to send notifications and communications effectively and user-friendly as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.

9.2 Consent and Objection

You must generally expressly consent to the use of your email address and your other contact addresses unless the use is permitted for other legal reasons. For any consent, we use the “double opt-in” procedure whenever possible, meaning you will receive an email with a web link that you must click to confirm so that no misuse by unauthorized third parties can occur. We may log such consents including the Internet Protocol (IP) address as well as the date and time for evidence and security reasons.

You can generally object to receiving notifications and communications such as newsletters at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Reserved remain necessary notifications and communications in connection with our activities and services.

9.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

In particular, we use:

Mailchimp: Communication platform; Provider: The Rocket Science Group LLC d/b/a Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Privacy information: Privacy Policy (Intuit) including “Country and Region-Specific Terms,” “Frequently Asked Questions about Privacy at Mailchimp,” “Mailchimp and European Data Transfers,” “Security,” Cookie Policy, “Privacy Rights Requests,” “Legal Terms.”

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested people and to inform about our activities and services. In connection with such platforms, personal data may also be processed outside Switzerland. The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

11. Services of Third Parties

We use services of third parties to carry out our activities and services permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. In the case of such embedding, the services used technically necessarily capture at least temporarily the Internet Protocol (IP) addresses of the users. For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and services in an aggregated, anonymized, or pseudonymized manner. This involves, for example, performance or usage data to be able to offer the respective service.

In particular, we use:

Services of Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles,” Privacy Policy, “Google’s Commitment to Complying with Applicable Data Protection Laws,” “Privacy Guide for Google Products,” “How we use data from websites or apps that use our services” (Google information), “Types of cookies used by Google and other technologies,” “Personalized advertising” (activation / deactivation / settings).

11.1 Digital Infrastructure

We use services of third parties to be able to use the required digital infrastructure in connection with our activities and services. These include, for example, hosting and storage services from specialized providers.

In particular, we use:

Infomaniak: Hosting; Provider: Infomaniak Network AG (Switzerland); Privacy information: Privacy Policy.

11.2 Scheduling

We use services of third parties to be able to schedule appointments, for example, for meetings. In addition to this privacy policy, the conditions of the services used, such as terms of use or privacy policies, may also apply.

11.3 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. We can use them, for example, to hold virtual meetings or conduct online teaching and webinars. The legal texts of the individual services, such as privacy policies and terms of use, apply in addition to participation in audio and video conferences. Depending on the life situation, we recommend standard muting the microphone and blurring the background or displaying a virtual background when participating in audio or video conferences.

11.4 Audiovisual Media

We use services of third parties to enable the direct playback of audiovisual media such as music or videos on our website.

In particular, we use:

YouTube: Videos; Provider: Google; YouTube-specific information: “Privacy and Security Center,” “My Data on YouTube.”

11.5 Fonts

We use services of third parties to embed selected fonts as well as icons, logos, and symbols into our website.

12. Success and Reach Measurement

We use services and programs to determine how our online offer is used. In this context, we can, for example, measure the success and reach of our activities and services as well as the impact of third-party links on our website. But we can also test and compare how different versions of our online offer or parts of our online offer are used (A/B testing method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offer.

When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (“IP masking”) to follow the principle of data economy and thus improve the privacy of users through the corresponding pseudonymization. When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information about the size of the screen or browser window, and the – at least approximate – location. In principle, user profiles are created only in a pseudonymized form. We do not use user profiles to identify individual users. Individual services of third parties with which users are registered may possibly assign the use of our online offer to the user account or user profile at the respective service.

In particular, we use:

Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (cross-device tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, “Privacy,” “Browser Add-on for Disabling Google Analytics.”

Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: “Data captured by Google Tag Manager”; further information on data protection can be found with the individual integrated and managed services.

13. Final Provisions

We may amend and supplement this privacy policy at any time. We will inform about such amendments and supplements in an appropriate manner, in particular by publishing the respective current privacy policy on our website.