Privacy policy

This privacy policy describes how we, the University Hospital Zurich, collect and process your personal data when you contact us via one of our online services.

The processing of data that is not collected through our online services is governed in separate documents. Additionally, if our services are subject to specific privacy policies, this privacy policy is valid in so far as it goes beyond the specific privacy policy.

Your data is collected and processed exclusively in accordance with the relevant laws and in line with our high information security and data protection standards.

Who is responsible for the data processing?

The University Hospital Zurich (Rämistrasse 100, 8091 Zurich, Switzerland) is responsible for the data processing described herein. If you have any questions concerning data protection, you can contact us at the address below: internet@usz.ch.

When do we collect and process your personal data?

We collect and process information that you provide to us voluntarily through our online services, e.g. when you use contact forms. This also includes information about your health.

Additionally, we automatically collect personal data whenever we are in contact with you through our online services: as soon as you access or use one of our online services, certain personal data is collected such as your IP address, the MAC address of your smartphone or computer, device information, your browser and operating system, your ISP, cookies, the date and time of your visit, the pages and content you have accessed, the features you have used, the referring URL, location information, and country and language settings.

Cookies

A cookie is a small file that is stored by your browser when you visit any of our websites or install our app. If you visit a website repeatedly or use our app, the browser will be recognized. We will not know who you are. No security-related data is stored in the cookies either.

All cookies we use are only valid temporarily and are then deleted. It is also possible to set most browsers to block cookies, notify you when a cookie is downloaded or subsequently delete cookies. However, in these cases, you might be unable to use some of the content and features of our services in the same quality. See the settings in your browser or the website of your browser provider for a guide on how to block cookies in your browser.

Why do we process your personal data?

We collect and process your data for various purposes.

If you have provided us with your personal data voluntarily for a specific purpose, we will process your personal data exclusively for the following purposes as well as for the purpose that we described when you provided us with your data or that was evident from the circumstances.

We process the personal data that you automatically leave behind when you use our online services because we want to provide you with a better service. This can be summarized as follows:

  • We analyze the use of our online services in order to improve and develop our products, services, websites, apps, and other platforms on which we are present;
  • Communication with third parties and processing their requests (e.g. applications and media enquiries);
  • We want to avoid unnecessary advertising by using the findings of our analyses of user habits for the purposes of individualized, personalized direct marketing. We therefore reserve the right to process your data in order to send individualized, personalized advertisements, adapt the content of our website and mobile apps, for the purposes of email marketing and for our channels on Internet platforms and social media.

You can withdraw your consent to being sent information and promotional material in newsletters or cancel your subscription to other services at any time in each newsletter, on the other subscription page or by sending an email to internet@usz.ch.

How long is your data stored?

We process your personal data for as long as necessary to fulfill our contractual and statutory obligations or other purposes for which we are processing the data, as well as in line with the statutory regulations on storage and documentation. This means that it is possible for personal data to be stored beyond the statutory duties if legitimate business interests require it. Your personal data will be erased, anonymized or archived as soon as it is no longer required for the purposes above.

How is your data protected?

The University Hospital Zurich has taken reasonable, state-of-the-art security precautions to protect your personal data from unauthorized access and misuse. Such security precautions encompass technical cyber security measures such as IT and network security solutions, data encryption and need-to-know access to your data, as well as organizational and administrative measures such as regular inspections of our monitoring methods, employee training and a framework of instructions.

Is data disclosed to third parties and/or abroad?

Generally speaking, your personal data will remain in the possession of the University Hospital Zurich. We only disclose your personal data to third parties in order to utilize technical or organizational services that we require in order to fulfill the stated purposes or for our other business activities. Otherwise, your personal data is only disclosed if you have expressly consented to it or if the data has been anonymized in such a way that no conclusions can be drawn as to your identity. If data does have to be disclosed, the disclosure will always be consistent with the applicable statutory regulations.

Web analysis with AT Internet

The University Hospital Zurich uses AT Internet for web analysis purposes, a service of Applied Technologies Internet SAS, Parc d’Activité La Devèze, 8 impasse Rudolf Diesel, 33700 Mérignac, France (AT Internet).

AT Internet collects your cookie ID, mobile ID and IP address for us. We need this data to analyze user behavior on our website and in order to guarantee a high level of quality of use. The data generated by the cookie on the user behavior (including the IP address) is anonymized immediately following data collection and stored on one of AT Internet’s servers in the European Union. We have no access to this server. After six months, the anonymized IP addresses are fully deleted. The cookies of AT Internet remain in your browser for 13 months. This enables us to recognize visitors returning to our website.

In addition to the above-mentioned possibility of blocking cookies in your browser, you can also actively opt out of tracking. You can do so on AT Internet’s website.

Opt out here

You are also free to request at any time that AT Internet delete personal details that may have been collected on you (specifically your IP address). In order to exercise this right, you can contact AT Internet by e-mail (privacy@atinternet.com) or letter (AT Internet, Attn: Legal Department, Parc d’Activité La Devèze, 8 impasse Rudolf Diesel, 33700 Mérignac, France).

Gilroy font tracking

We use the Gilroy font of the company Monotype Imaging Inc. USA. In order to check adherence to the paid license, Monotype measures the number of pages accessed. Your IP address is passed on in anonymized form for this purpose.

Social media plugins:

Our website also uses plugins from social networks such as Facebook, Twitter, YouTube, Google+ and Instagram. You can usually identify each social network from its icon. We have configured these elements so that they are inactive by default. If you activate them (by clicking on them), the operator of the social network in question can log that you are on our website (including the specific page) and use that information for its own purposes. Your personal data is then processed under the responsibility of that operator and in line with its own privacy policy. The operator will not provide us with any information about you.

What rights do you have under data protection legislation?

You are entitled to exercise your data protection rights at any time, especially to request information about what data we have stored concerning you, for the rectification, supplementation, or erasure of your personal data, or to object to the processing of your personal data, provided that no statutory storage obligations conflict with your request.

Amendments

We can amend this privacy policy at any time without providing prior notice. The current version published on our website is the valid version. We therefore recommend that you re-read this privacy policy from time to time.

 

Version 1.1 dated September 22, 2020

 

Directory of information assets

The University Hospital Zurich (USZ) manages and processes information in the following types of systems:

Type of information processed:

  • Patient data
  • Employee data
  • Business Partner
  • Financial data
  • Business data

Type of information processed:

  • Patient data
  • Employee data
  • Business Partner
  • Financial data
  • Business data
  • Website visitor data
  • Government Information

Type of information processed:

  • Patient data

This is only done with the consent of the patients (general consensus).

Type of information processed:

  • Employee data

Type of information processed:

  • Employee data
  • Business Partner
  • Business data
  • Website visitor data

Type of information processed:

  • Employee data
  • Financial data
  • Business data

Type of information processed:

  • Patient data
  • Employee data
  • Business Partner
  • Financial data
  • Business data
  • Government Information