1. Scope of application

This privacy policy (hereinafter referred to as “Policy”) applies regardless of the means or medium used to access our website and sets out the conditions under which, during your browsing, we collect, use and store information about you, as well as the choices you have regarding the collection, use and disclosure of this information. It also applies to all the services we provide as part of our activities.

By accessing this website or contracting with us, you acknowledge that you have read, understood and agree to be bound by the terms of this Policy.

2. Definitions

• Personal data: any information relating to an identified or identifiable natural person.
• Processing: any operation relating to personal data, whatever the means and procedures used, in particular the collection, recording, storage, use, modification, communication, archiving, erasure or destruction of data.
• Data controller: the private individual or federal body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Sub-processor: the private individual or federal body that processes personal data on behalf of the controller.
• Data security breach: any breach of security resulting in the accidental or unlawful loss, alteration, deletion, destruction, disclosure or unauthorised access of personal data.

3. When you browse our website

3.1 Data collected

3.1.1 Navigation data

When you browse our website, we may collect the following information about you:

• Your IP address ;
• The date and time of your visit;
• Browser used ;
• The brand of equipment you use to connect.

Please note that the last part of your IP address is masked and its residual value is hashed. These operations are carried out in order to guarantee your anonymity.

The IP address is used solely for the purpose of detecting the geographical origin of access to the website.

3.1.2 Contact details

In addition, when you make a contact request, we collect the following information with your consent:

• Your first and last name ;
• Your e-mail address ;
• Your telephone number ;
• Information about your company or employer.

3.1.3 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our contact forms. This service is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

reCAPTCHA is used to check whether data entered on our website (for example on a contact form) has been entered by a user or by an automated programme. To do this, reCAPTCHA analyses the website visitor’s behaviour according to various characteristics. This analysis starts automatically as soon as the website visitor enters the site.

For the analysis, reCAPTCHA evaluates various items of information (for example, the IP address, the length of time the visitor has been on the website or the mouse movements made by the user). The data collected during the analysis will be transmitted to Google.

reCAPTCHA analyses take place completely in the background. Visitors to the site are not informed that such an analysis is in progress.

We have a legitimate interest in protecting our website from abusive automated crawling and spam.
For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/about/.

3.2 Purpose of data use

As the controller of the personal data we collect on our site, this article describes the purposes for which we process your data. Not all the purposes for which data is used apply to all users.

3.2.1 Supply of services

We use your contact details to respond to your contact requests.

3.2.2 Customisation

We use your data to analyse your preferences and habits, personalise your experience on our site and optimise our site for you and your computer. This also enables us to offer you content that better matches your interests.

3.2.3 Pursuit of our legitimate interests

Your data may also be used to pursue our legitimate interests, which include monitoring the use of our site and investigating any complaints we may receive from you or third parties.

3.3 Cookies

When you visit our website, data may be stored in or retrieved from your browser, usually in the form of cookies.

This information may relate to you, your preferences or your device and is mainly used to ensure that the website functions correctly.

Please note that when you browse our website, these types of cookies are used:

3.3.1 Necessary cookies

These cookies are necessary for the website to function and cannot be deactivated in our systems. They are generally set as a response to actions you have taken that constitute a request for services, such as logging in or filling in forms. You can configure your browser to block or be informed of the existence of these cookies, but some parts of the website may be affected.

3.3.2 Performance cookie

These cookies enable us to determine the number of visits and the sources of traffic, in order to measure and improve the performance of our website. They also help us to identify the most and least visited pages and to assess how visitors navigate the website.

4. If you are a Hestia customer

4.1 Data collected

4.1.1 Identification data

When you use Hestia, we collect information that identifies you, such as :

• Your first and last name ;
• Your postal address ;
• Your e-mail address.

4.1.2 Financial data

We may also collect financial information about doctors and practitioners, such as :

• Bank details for billing the service;
• Use of the service for billing purposes.

4.1.3 Data from doctors and practitioners

We also collect information relating to the doctor-patient relationship as part of health monitoring, such as :

• The first and last names of the practice’s patients registered on the Hestia service.

4.1.4 Patient data

We also collect information relating to the doctor-patient relationship as part of health monitoring, such as :

• Physiological data collected and shared by patients ;
• The day and time the measurements were taken.

4.2 Purpose

In the course of providing our services, we may process your personal data for the following purposes:

• Contractual performance ;
• Accounting management ;
• Use of our service resources ;
• Service management.

4.3 User account management

User accounts and accesses are managed by our service Keycloak, an open-source digital access and identity manager. This service is hosted and administered by us, and the data sent and processed does not leave our infrastructure.

This service is used by users when they connect to our Hestia service through our applications, via the address sso.int.hestia-med.ch.

User accounts are used for identification and account management purposes only. No social functionality between users, such as message sharing or media transfer, is possible with Hestia.

4.4 Deleting your account

You can ask us to close your account and delete your information from the Hestia service at any time. To do so, please refer to the delete an hestia account page.

5. Categories of recipients

5.1 Subcontracting

We use subcontractors and external service providers to host our online services and to manage our accounts.

When we use subcontractors, we ensure that they apply technical and organisational security measures that are at least equivalent to those that we put in place to guarantee the security of the personal data subcontracted.

5.2 Transmission to third parties

We may pass on your data to third parties if required to do so by law or at the request of a judicial or administrative authority, to protect our rights or interests.

6. Data security and confidentiality

We have put in place appropriate security measures (technical and organisational) that comply with legal requirements and best practice, taking into account the risks involved, to protect your data against accidental or intentional manipulation, loss, destruction, disclosure or unauthorised access.

Our hosting providers, both for our services and for our websites, are based in Switzerland and guarantee various quality and security certifications.

7. International communications

Data will only be processed in Switzerland or within the European Union.

However, in the case of transfers to third parties established in countries that do not ensure a sufficient level of data protection, we will take appropriate protection measures, such as signing standard contractual clauses.

8. Your rights

You may ask us to access, rectify, forward or delete your personal data.

To exercise your rights, please contact us using the details given in the “Contact” section.

9. Contact

If you have any questions about this Policy, the processing of personal data by us or to exercise your individual rights, please contact us at the following address: info@lynxdata.ch

10. Policy updates

This Policy may be amended in line with legal, operational and strategic developments. Any updates will be available on this page. Please check it regularly.