Skip to main content

Privacy notice

Privacy notice

What is this privacy notice about?

The Swiss Center for Design and Health (SCDH) AG, with its research facilities, including the Living Lab, (hereinafter also “we” or “us”) collects and processes personal data, and in particular, personal data relating to our clients, contracting parties, visitors to our Website, event attendees, newsletter recipients, job applicants, partner enterprises, and other entities and/or the contact persons and employees thereof (hereinafter also “you”). This privacy notice provides information about the processing of this data.

If you disclose information to us that relates to other people (e.g. family members, other associated persons or other service providers), we will assume that you are authorised to do so, that the data in question is accurate, and that you have ensured that the persons concerned are aware of this privacy notice.

 

Who is responsible for the processing of your data?

The party responsible under data protection legislation (the “controller”) for the processing described in this privacy notice is:

Swiss Center for Design and Health (SCDH) AG
ICT-Administration
Ipsachstrasse 16
2560 Nidau

email: webadmin@scdh.ch

Our representative in the EEA under Article 27 of the EU General Data Protection Regulation (GDPR) (to the extent required) is:

SIDD Datenschutz Deutschland UG (limited liability)
Schellingstrasse 109a
80798 Munich
Germany

 

What kind of data do we process and for what purpose?

We collect and process various categories of personal data relating to you (hereinafter also “your personal data”) when you use our services, use our websites (hereinafter referred to collectively as the/our “Website”), or engage with us in some other way.

  • Technical data: when you use our Website or other electronic offerings (e.g. guest WLAN), we collect the IP address of your end device and other technical data in order to ensure the functionality and security of these offerings.
  • Registration data: you must register (either directly with us or through a third-party login-service provider) in order to use certain offerings and services (e.g. login areas, WLAN, newsletters, apps). We process data disclosed during registration for this purpose. We may also collect your personal data while you are using the offering or service; if necessary, we will make further information about the processing of this data available to you.
  • Communication data: we process communication data for the purpose of communicating with you and with third parties (e.g. to respond to inquiries about our services or consulting or for the initiation or performance a contract) by email, telephone, digital communication channels, letter, or by other means of communication. In particular, this means the content of a communication, your contact information and also the peripheral data associated with the communication (for instance, IP address, time and date of the communication, addressees).
  • Master data: we use the term “master data” to refer to basic data, such as name, contact details and information (e.g. concerning your role and function, your bank account(s), your date of birth, and client history) that we need, in addition to contract data (see below), to carry out our contractual and other business relations or for marketing or advertising purposes. We process your master data if you are a client or another business contact or if you act on behalf such a party (e.g. as the business partner’s contact person) or because we wish to contact you for our own purposes or the purposes of a contractual partner (e.g. in connection with marketing and advertising, or with invitations to events, vouchers, or newsletters, etc.)
  • Contract data: this is information collected in connection with the conclusion and/or performance of a contract; this data encompasses, e.g. information relating to contracts and the work/services performed or to be performed, as well as data from the period leading up to the conclusion of the contract, the information necessary or used for the performance of the contract, and information about feedback (e.g. complaints or feedback about satisfaction, etc.). We generally collect this data from you, from contractual partners, and from the third parties involved in the performance of the contract, but we also collect it from external sources (e.g. services that provide credit history data) and from public sources (e.g. commercial register, debt enforcement register, Internet, media).
  • Job applications: if you apply for a position with us, we will collect and process the relevant data for the purposes of assessing your application, carrying out the application procedure and, if the application is successful, preparing and concluding an appropriate contract. In addition to your contact data and the information supplied in relevant communications, we will process other information for these purposes, in particular, the data contained in your application materials and additional data that we collect about you from, for instance, occupation-specific social networks, the Internet, and the media, as well as information from references, should you consent to our asking for references.
  • Video surveillance; photography and video recording:
    Video surveillance
    We use video recordings to monitor our premises outside of business hours, and in particular, at night and on the weekends. Signs identify the areas being recorded as such. Personal data may be generated when someone is present during the period of surveillance in the areas captured, all data of this kind is processed with the surveillance cameras. This includes, in particular, movements of bodies.
    The video surveillance within the SDCH grounds serves the following purposes:
    • prevention and investigation of criminal offenses and other wrongdoing (e.g. crimes of violence or aggressive behaviour), the conduct of internal investigations, data analysis to help combat fraud; 
      • ensuring personal safety; and
      • exercising and defending legal claims in connection with legal disputes and administrative proceedings.

 

Intercom system

If you use our intercom system by ringing the bell when you arrive, a live video recording of you will be transmitted to us in addition to your voice. The transmission begins when the bell is rung and stops as soon as the door opens or the person has been turned away. Signs identify the area captured by the intercom system as such. No data are stored in connection with the intercom system. We use this data solely to identify you before you enter our premises and to enable us to turn away persons who not entitled to enter.

 

Photography and video recording during events 
We regularly hold multimedia events with and for clients and partners. We may take photographs at and make audio and/or video recordings during such events; we may also live stream events. When recordings of any kind are being made, signs drawing attention to this fact are posted at the entry points to the spaces concerned. If you attend such an event, you may be recognisable in the multimedia content created there. In the absence of an objection on your part, by attending such events you are consenting to our use, with no compensation, of said content on our Website, on printed materials, and on social media. Please contact us before attending such events if this is not acceptable to you.

 

Persons who may be affected by other forms of multimedia recording (for instance, motion tracking in connection with certain projects) will be provided with information in an appropriate manner outside of this privacy notice. 

 

  • Additional purposes: these include training and educational purposes, administrative purposes (e.g. bookkeeping), or the holding of events (e.g. professional events for health or other professionals, for clients and for the public). We also use personal data for your protection and safety and the protection and safety of others, employees, third parties or the public, and for the purpose of quality assurance. We may also use personal data for the purposes of organising, holding and following up on events, including, for instance, attendance lists, the content of presentations and discussions, but also image and audio recordings that are created during the events. Finally, we may use your personal data for regulatory compliance purposes.

 

What is the legal basis for our processing of your data?

We are not a priori required to have a legal justification or legal basis for processing your personal data within the scope of applicability of the Swiss Federal Data Protection Act (FDPA). In cases where, due to the applicability of the GDPR, we do require a legal justification or legal basis, the following applies:

If we request your consent for specific processing activities (e.g. for the processing of sensitive personal data, for marketing mailings and advertising management and behaviour analysis on the Website), the processing is based on your consent (within the meaning of GDPR, art. 6(1) lit. a). We will inform you separately about the relevant purposes of the processing. You may withdraw your consent at any time with effect for the future by providing us with written notice (by post) or, unless otherwise stated or agreed, by sending an e-mail to us; you will find our contact details under the heading “Who is responsible for the processing of your data”. In connection with a user account that you hold, you may also withdraw consent or contact us, if necessary, via the Website concerned or through the other service. Unless we have another legal basis for processing your data, we will cease to do so for the purposes you had previously consented to upon receiving notice of your withdrawal of consent. The withdrawal of consent on your part will not, however, affect the lawfulness of processing that has already been done on the basis of your consent.

In cases where we do not request your consent to the processing, the processing of your personal data is based either on the fact the preparation or performance of a contract with you (or with the entity you represent) renders it necessary (in line with GDPR, art. 6(1) lit. b) or on the existence of a legitimate interest of our own or of a third party (in line with GDPR, art. 6(1) lit. f) in the processing, in particular, for instance, a legitimate interest in pursuing the purposes set out above and the aims associated with them and in implementing related measures. Among other things, our legitimate interests include the marketing of our products and services and an interest in gaining a better understanding of our markets and in running and further developing our enterprise, including its business operations, securely and efficiently. Processing your personal data may also be necessary for compliance with a legal obligation (in line with GDPR, art. 6(1) lit. c). Other legal grounds may come into play in individual cases; we will notify you of this in a separate communication if this applies.

 

With whom do we share your data?

In connection with the purposes specified above, we can transmit your personal data – within the necessary scope – to third parties, and in particular to recipients in the following categories, who will process the data either on our behalf and according to our instructions (as processors) or as controllers, i.e. in line with their own privacy notice:

  • Service providers: we work with service providers in Switzerland and abroad who process your data on our behalf, who do so as separate controllers fully responsible for the processing, or who do so as joint controllers, sharing responsibility for the processing with us (e.g. IT providers, logistics companies, advertising services providers, login services providers, security companies, banks, insurance providers, debt-collection agencies, business credit reporting agencies or address verification service providers).
  • Contractual partners, including clients: this refers to clients (e.g. service recipients) and to our other contractual partners, as this data transmission results from these contracts. For example, such partners receive registration data, invitations, etc. If you work for one of these contractual partners, we may also transmit your data to that partner in this regard. 
  • Governmental authorities: we can disclose personal data to government offices, courts or other governmental authorities in or outside of Switzerland if we have a legal obligation or entitlement to do so or if doing so appears necessary to protect our interests. If governmental authorities process data relating to you that they received from us, they do so as controllers.

Since data recipients from any of these categories can make recourse to third parties, it is possible that your data will be made accessible to these third parties as well. While we can restrict the processing by certain third parties (e.g. IT providers), we cannot do so in the case of others (e.g. government authorities, banks, etc.).

 

Will your personal data also be transmitted abroad?

We process and store personal data chiefly in Switzerland and in the European Economic Area (EEA). In exceptional cases, however, it can potentially be processed and stored in a country anywhere in the world.

If a data recipient is located in a country without adequate statutory data protection, we require the recipient to enter into a contractual obligation to ensure an appropriate level of data protection (we use the European Commission’s standard contractual clauses for this purpose, including the amendments necessary for Switzerland) unless the recipient is already subject to a legally accepted set of rules to ensure data protection or unless we can refrain from doing so on the basis of a statutory exception clause. Specifically, an exception can apply in connection with legal proceedings in other countries, but exceptions can also apply where an overriding public interest exists and in cases where disclosure is required for the performance of a contract that is in your interest; where you have given your consent; where disclosure is necessary in order to protect your life or physical integrity or the life or physical integrity of a third party and it is not possible to acquire your consent within a reasonable period of time; or where you have already made the data in question generally accessible and have not explicitly objected to its processing.

 

How long will we continue to process your data?

We will process and store your personal data for as long as this is necessary to enable us to fulfil our contractual and legal obligations or for the purposes in pursuit of which the processing occurs. Beyond that period, we will retain the data only to the extent that we are required to do so by statutory retention and documentation provisions. In this context, it is possible that personal data will be retained for the period in which claims can be asserted against our enterprise and to the extent that we are legally required to do so on other grounds or legitimate interests necessitate this (e.g. evidentiary purposes).

Once your personal data is no longer necessary for the purposes set out above, it will be deleted.

 

How do we protect your data?

We take appropriate security measures to ensure the confidentiality, integrity and availability of your personal data; to protect it against unauthorised or unlawful processing; and to mitigate the risks of loss, accidental alteration, unintended disclosure, or unauthorised access.

 

What are your rights?

You have certain rights in relation to our processing of your data. In particular, you can request information about the processing of your personal data, have us correct personal data that is inaccurate, request the deletion of certain personal data, raise an objection to a processing of data, or request that we provide certain personal data in a commonly used electronic format or transfer it to another controller.

If you wish to exercise your rights in relation to us, please contact us. As we have to be able to prevent misuse, we will need to verify your identity (e.g. with a copy of your ID document if necessary). If issuing the information would give rise to costs for you (e.g. because the issuance is associated with disproportionate expense), we will notify you of this in advance.

Please note that these rights are subject to conditions, exceptions or restrictions (e.g. for the protection of third parties or of professional or trade secrets). We reserve the right to redact copies or supply only excerpts thereof on data protection grounds or on grounds of the preservation of secrecy.

 

Do we use online tracking and online advertising technology?

When someone uses our Website (incl. newsletters and other digital offerings), data, in particular, technical data, is generated and saved in logs. We may also employ cookies and similar technology (e.g. pixel tags or fingerprints) for the purpose of recognising Website visitors, analysing their behaviour and detecting their preferences. A cookie is a small file transmitted between the server and your system that makes the recognition of a specific device or browser possible.

You can set your browser to automatically reject, accept or delete cookies. You can also deactivate or delete individual cookies. Information in your browser’s help menu will tell you how to manage cookies. It is possible that certain features (e.g. language selection) will cease to function if you block cookies.

The technical data that we collect or that is collected by cookies may include personal data (in particular, the user’s IP address). Since personal data relating to you that is stored by us or by a third-party contracted by us (e.g. if you have a user account with us or with these providers) can be linked to the technical data and/or to the information saved in cookies or acquired from them, it is possible that the data can be linked to your person.

We also use Google Analytics or comparable services on our Website. These are services provided by third parties, acting as processors, who may be located in a country anywhere in the world. (In Google Analytics’ case, the service provider is Google Ireland (domiciled in Ireland). Google Ireland relies on Google LLC (domiciled in USA) (hereinafter these, and www.google.com are referred to as “Google”)). These services enable us to measure and analyse the use of the Website (not specifically that of individual persons). Permanent cookies set by the service provider are used for this purpose. We have configured the service so that the IP addresses of persons located in Europe who visit Google are curtailed before they are transmitted to the USA and thus cannot be traced back. We have the settings “data transmission” and “signals” switched off. Although we can assume that the information that we share with Google does not constitute personal data for Google, it is possible that Google can, for its own purposes, use this data to arrive at conclusions about the identity of the visitors and set up person-specific profiles linking this data with the Google accounts of these individuals. If you have registered with this service provider as well, then the service provider also knows you. The service provider is then the controller and is responsible for processing your personal data according to their own data privacy provisions. The service provider provides us only with information on how our Website is being used (not with any information about you as an individual).

Some of the third-party providers that we use may be located outside of Switzerland. In data protection respects, these act “only” as processors or, in some cases, as controllers. Further information on this is contained in the privacy notices of the individual third-party providers.

 

What data do we process on our pages in social networks?

We operate pages and other online spaces on social networks and other platforms operated by third parties, specifically, the following:

  • Instagram, operated by Meta Platforms Ireland Limited, (Ireland, EU)
  • LinkedIn, operated by LinkedIn Ireland Unlimited Company, (Ireland, EU)
  • Vimeo, operated by Vimeo.com, Inc. (New York. USA)

In connection with these, we and these social network’s operators process data relating to you. In this context, we receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics, in anonymised form). The providers of the platforms can analyse your use and process this data together with other data that they have relating to you. They process this data for their own purposes (e.g. marketing and market research purposes and for the purpose of managing their platforms) as well, acting as responsible parties (controllers) for these purposes. Please refer to the privacy notices of the individual platforms for further information on the processing by platform operators; these can be accessed via the following links:

If you wish to exercise your rights in relation to the operators of these platforms, contact the entities specified in these privacy notices.

We are entitled but not required to examine foreign content before or after its publication on our online spaces, to delete content without notice and to report it to the provider of the relevant platform if appropriate.

 

Can this privacy notice be changed?

We can make changes to this privacy notice at any time. The version published on the Website is always the current version. If the privacy notice forms part of an agreement between you and us, you will receive notification of any update of it in an email or by another suitable means.

 

Version of July 2024

Contact

Contact

Making contact is the first step towards collaboration. Reach out and get to know us. We look forward to meeting you.
*Mandatory