In this Data Privacy Statement, we explain how we, the Swiss Group for Clinical Cancer Research (referred to below as SAKK, we or us), record and process personal data. This is not a final description; specific aspects may be regulated by other data privacy statements, general terms and conditions or conditions for participation. Personal data are understood to be any information related to an identified or identifiable natural person. If you provide us with personal data relating to other people (e.g. family members or data relating to people you work with), please ensure that these people are familiar with this Data Privacy Statement, and only share their personal data with us if the person concerned has agreed to this in a legally valid manner, or if you legally represent this person and are authorized to share their personal data and the personal data are correct.
The legal basis for data processing is formed by the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP) and the European General Data Protection Regulation (GDPR).
- Responsible person / Data protection supervisor / Representative
The data protection officer of the SAKK Coordinating Center, Effingerstrasse 33, CH-3008 Bern, is responsible for the data processing that we describe in this statement. If you have any concerns or comments about data protection, you can send them to us by post or to the following email address: firstname.lastname@example.org
- Recording and processing of personal data
We primarily process the following personal data, which we receive in connection with our activities from:
- Hospital employees
- Government offices
- Organizations working in the field of cancer and prevention
- Pharmaceutical representatives and service providers
as well as data from the following people:
- Website visitors
- Event participants
- Newsletter subscribers
- Potential and current employees and members of the Patient Advisory Board and research groups.
We mainly process data in the context of our business relationship with the parties mentioned above. But we may also process data which we record about users during the operation of our website and other applications.
Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the press, internet) or from government offices and other third parties (such as advice centers). In addition to the data that you share with us directly, the categories of personal data that we receive from third parties about you contain, in particular:
- Information from public registers
- Information relating to your professional functions and activities
- Information about you in correspondence and discussions with third parties so that we can sign or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney)
- Information that we learn in connection with official and court proceedings
- Information to enable compliance with legal requirements such as combating money laundering and export restrictions
- Information from banks, insurers, distribution partners and our other contractual partners concerning your use or provision of services (e.g. payments or purchases you have made)
- Information from the media and internet about you (if this is appropriate in a specific case, e.g. in connection with a job application, press review, marketing/sales, etc.)
- Your addresses and any interests or other sociodemographic data (for marketing)
- Data concerning your use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies and other user and usage data).
- Purposes of data processing and legal basis
We use the personal data that we record primarily so that we can conclude and process contracts with our customers and business partners, implement scientific research projects and comply with our legal obligations in this country and abroad. If you work for a business partner of this kind, your personal data may also be affected in this capacity.
Furthermore, we process personal data concerning you and other people, where permitted and where it seems appropriate to us, for the following purposes in which we (and in some cases also third parties) have a justified interest appropriate for the purpose:
- To perform and refine our offerings, services, websites, and other platforms on which we have a presence;
- To communicate with third parties and process their inquiries (e.g. to provide advice, funding applications for research, job applications, media inquiries);
- To review and optimize processes for analyzing needs in order to address customers directly, and to record personal data from public sources for the purpose of customer acquisition;
- Fundraising and marketing, provided you have not objected to the use of your data;
- Market and opinion research, media monitoring;
- To assert legal entitlements and defense in connection with legal disputes and official procedures;
- To prevent and investigate crimes and other misconduct (e.g. to carry out internal investigations, data analyses to combat fraud);
- To safeguard our operations, in particular IT, our websites and other platforms;
- To perform transactions and restructuring under company law and to transfer personal data in this connection, to take actions to manage the business and in this context to comply with legal and regulatory obligations and internal SAKK regulations.
If you have consented to our processing your personal data for specific purposes (when you registered to receive newsletters, for example), we process your personal data in the context and on the basis of this consent if we have no other legal basis for this and require one. You can withdraw your consent at any time; however, this has no effect on data processing that has already been performed. If you wish to withdraw your consent, you must get in touch with the office whose details are given in point 1 and inform them accordingly.
- Cookies / tracking and other technologies relating to the use of our websites
We use permanent cookies to save user settings (e.g. language, auto-login). This can also happen on websites operated by other companies; however, they cannot find out from us who you are, assuming we even know this ourselves, because they only see that the user of their website is the same one who visited a certain page on our website. If you block cookies, certain functionalities (such as language selection, ordering processes) may no longer work.
If you prefer not to allow any website cookies on your computer, you can set your browser accordingly. If you would like to block cookies, you can do this for the browser you are using.
4.2 Graphic elements
In some instances, and where permitted, we incorporate visible and invisible graphic elements into our newsletters and other marketing emails which, when they are retrieved from our servers, enable us to tell whether and when you have opened an email so that we can measure and better understand how you use our offerings and customize them for you. You can block this in your email program.
4.3 Google Analytics
Opting out of Google Analytics: Users of the SAKK website who do not want their data to be used by Google Analytics can install the Browser add-on Analytics opt-out. If you deactivate Google Analytics, data concerning you will not be used in the statistics collected to improve our website service.
We also use plug-ins from social networks such as LinkedIn, Twitter, YouTube etc. on our websites. This is visible to you (typically in the form of corresponding symbols). The operators of the plug-ins register that you are on our website and can use this information for their own purposes. In this case your personal data are processed on this operator’s responsibility and in accordance with their data privacy provisions. We do not receive any information about you from them.
By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these technologies. If you don’t want this to happen, you must adjust the settings in your browser and email program accordingly or unsubscribe from the newsletter.
- Sharing of data and transfer of data abroad
In the course of our business activities and the purposes detailed in point 2, we make your data available to third parties, where permitted and where this seems appropriate to us, either because they process the data for us or because they want to use them for their own purposes. These third parties are, in particular:
- Our service providers (e.g. banks, insurers), including contractors (such as IT providers or service providers whom we have contracted to host our websites)
- Partner organizations such as hospitals
- Distributors, suppliers, subcontractors, and other business partners
- Domestic and foreign authorities, government offices or courts
- The public, including individuals who visit websites and social media
- Competitors, industry organizations, associations, organizations, and other bodies
- Other parties in potential or actual legal proceedings.
These recipients are located mainly in Switzerland but in some cases also in Europe or other countries/continents. You must expect your data to be transferred to all the countries in which the service providers we use are based. If we transfer your data to a country in which the standard of data privacy is not as high as in Switzerland or the EU, we ensure that the same standards are observed abroad as in Switzerland/the EU.
- Period for which personal data are stored
We process and store your data for as long as is necessary to fulfil our contractual and legal obligations or to achieve the purpose of processing the data, i.e. for the duration of the entire business relationship, for example (from the initiation of a contract, while it is being processed and until it ends) and beyond this time to comply with the legal archiving and documentation requirements. Here it is possible that personal data may be stored for the period during which claims may be made against our company and to the extent that we are required to store them for other legal reasons or because of justified business interests (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above purposes, they will be deleted wherever possible or anonymized. The period for which operational data (e.g. system protocols, logs) must be stored is shorter (twelve months or less).
Web-hosting for SAKK is provided by an external professional partner. The office whose details are given in point 1 can be contacted for more information about this.
- Data security
We take appropriate technical and organizational precautions to protect your data from unauthorized access and misuse. These include issuing instructions, training, IT and network security solutions, access controls and restrictions, encoding of data storage media and transfers, pseudonymization and controls.
- Provision of personal data
Without personal data we will usually not be able to provide you with advice or conclude or process a contract with you (or the office or person whom you represent). It is also not possible to use the website if certain information required to ensure data transfer (e.g. the IP address) is not disclosed.
We process some of your personal data automatically in order to evaluate certain personal aspects (profiling). We use profiling in particular to provide you with customized information and advice about products. To do this, we use evaluation tools that enable us to communicate and advertise in keeping with needs, including market research and opinion polling.
- Rights of the data subject
Under the terms of the General Data Protection Regulation (GDPR) of the EU, you have a right to access, rectification and deletion, a right to restrict data processing and also to object to our processing data and sharing certain personal data for the purpose of transferring them elsewhere (known as data portability). Please note, however, that we reserve the right to enforce the restrictions foreseen in the legislation, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are permitted to claim this interest) or require the data in order to enforce claims. We informed you about the possibility of withdrawing your consent in point 3 above. Please note that exercising these rights may conflict with contractual agreements and can have consequences such as the premature termination of the contract or financial consequences. If this situation is not already regulated in the contract, we will inform you in advance.
Exercising rights of this kind generally presupposes that you can clearly prove your identity (e.g. by providing a copy of your identity document). You can contact us at the office whose details are given in point 1 in order to claim your rights.
All data subjects are additionally entitled to enforce their claims in court or to submit a complaint to the competent data privacy authority. The competent data privacy authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). The European Data Protection Regulation applies at the European level and the EORTC (European Organization for Treatment and Research of Cancer, Brussels) represents SAKK within the scope of this data protection regulation (GDPR (EU) 2016/679). More information about EORTC is available at www.eortc.org.
We may modify this Data Privacy Statement at any time without notice. The valid version is always the version currently published on our website.
Version 1.0 dated March 15, 2021