Consultant 0

GDPR & PERSONAL DATA PROCESSING AGREEMENT

BY CHECKING THE GDPR BOX, YOU AGREE TO ENTER INTO A PERSONAL DATA PROCESSING AGREEMENT IN THE MEANS OF FOLLOWING

IF YOU DONT AGREE WITH ANY PART PLEASE DO NOT CONTINUE PURCHASE AND CONTACT APPOINTED GDPR & ATA PROTECTION MANAGER AT LEGAL(a)AVEGENE.COM

AGREEMENT ON THE PROCESSING OF PERSONAL DATA FOR CLIENTS

Information on the processing of patients' personal data by healthcare facilities of the AveGene group

By purchasing any of our product all data will be handeled, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), to inform you how our group AveGene, as the data controller, processes your personal data and the rights and obligations associated with it.

Personal data is considered to be any information about an identified or identifiable natural person (also referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1. Scope and purposes of personal data processing

The administrator processes personal data to the extent that it was provided by the data subject in connection with the conclusion of a health care contract with the administrator, or in connection with the provision of health services. The administrator also processes personal data that has not been provided by the data subject but is obtained during the provision of health services, for example, data obtained as results of specific examinations. The administrator processes personal data in accordance with the applicable and generally binding legal regulations of the Swiss Confederation and to fulfill his legal obligations.

  • Your personal data is processed for the following purposes:
  • provision of healthcare services (fulfillment of legal obligations by the administrator);
  • purpose arising from negotiations regarding a contemplated contractual relationship (for the purpose of concluding a health care contract);
  • purpose arising from the fulfillment of the health care contract between you and the administrator;
  • determination, enforcement, or defense of legal claims;
  • provision to the extent necessary for legal, economic, and tax advisors and auditors, for the purpose of providing advisory services to the administrator;
  • protection of the company's property and the protection of the life, health, property, and personal data of patients, employees, and other individuals moving within the administrator's premises, and the prevention of undesirable acts and phenomena through camera systems;
  • evaluation of the quality of healthcare services and, within this framework, the distribution and evaluation of satisfaction questionnaires (legitimate interest of the administrator);
  • sending commercial and marketing communications regarding the administrator's products and services in accordance with the provision of Directive 2002/58/EC, paragraph 13, on certain legal aspects of information society services; for this purpose, the Administrator will collect and use the following data: identification data, email address, and basic treatment and health status data (legitimate interest of the administrator and consent).

2. Sources of Personal Data

The administrator processes personal data that they obtain:

In connection with the provision of healthcare services and/or directly from the entities.

3. Categories of personal data and categories of data subjects

  • The subject of processing is the following categories of personal data:
  • address and identification data, which serve for the unambiguous and unmistakable identification of data subjects, such as name, surname, date of birth, permanent residence address, and others;
  • contact details such as contact address, phone number, email address, and others;
  • additional information, such as bank account details;
  • data ascertainable from camera footage, namely gender and appearance;
  • other data necessary for the fulfillment of the health care contract, especially data about the data subject's health status.

    Data subjects whose data the data controller processes and to whom this information is addressed are:
    A) potential client/patient;           B) client/patient;       C) Distributor/partner

4. Method of processing and protection of personal data

Personal data are processed primarily in medical documentation in full compliance with applicable legal regulations. Their security and protection are ensured in accordance with these regulations as well as with the General Regulation.

Processing occurs manually in paper and electronic form or automatically through computing technology, all while adhering to all security principles for the management and processing of personal data. For this purpose, the administrator has implemented technical and organizational measures, particularly those that ensure that unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, unauthorized processing, and other misuse of this personal data cannot occur. All entities to whom personal data may be disclosed respect the data subjects' right to privacy and are required to act in accordance with the applicable data protection laws.

5. Duration of personal data processing

The administrator processes personal data for the period necessary to fulfill the given purpose and in accordance with the deadlines specified in the relevant binding legal regulations of the Swiss Confederation for the destruction and archiving of documents, or as long as needed to establish, exercise, or defend legal claims.

6. Categories of personal data recipients

The recipients of the personal data of the subjects are:

  • other healthcare providers within the framework of extended or follow-up healthcare and providers of selected healthcare services, especially external laboratories;
    public institutions, especially health insurance companies;
  • processors based on a contract with the controller to the extent of the data necessary for the purpose of processing, e.g., companies managing electronic health record systems, individuals ensuring data storage or archiving, and others;
  • people providing legal advice;
  • state authorities in the fulfillment of statutory obligations established by the relevant legal regulations.

7. Information on the rights of data subjects

You have the right with our company as the data controller:

  • request access to personal data processed by the controller, which means the right to obtain confirmation from the controller as to whether personal data concerning you is being processed or not, and if so, the right to access such personal data;
  • request the correction of personal data that is being processed about you if it is inaccurate. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data in some cases;
  • request the deletion of personal data;
  • request the restriction of data processing;

To obtain personal data concerning you, which we process automatically for the performance of a contract concluded with you, in a structured, commonly used, and machine-readable format, and you have the right to request that the controller transmits these data to another controller;

If we receive your request, we will inform you of the measures taken without undue delay and in any case within one month of receiving the request. This period can be extended by an additional two months if necessary, taking into account the complexity and number of requests.

AveGene has appointed a data protection officer. 
Contact details of the data protection officer: legal(a)avegene.com

Providing personal data of patients is a voluntary requirement, and the patient is not obligated to provide it. However, not providing them may mean that the administrator will not be able to provide the patient with sufficiently high-quality services, which could result in harm to the patient's health due to the risk of delay.