OhMy.Health takes the protection of personal data seriously. For this reason, we would like to provide users of our online service with information on which data we store and how we use it.
(GDPR). Although the GDPR is a regulation for the European Union, it is also
important for us. The Swiss Federal Data Protection Act (FADP) is heavily
influenced by EU law. Since we also provide some of our services to customers
outside of Switzerland, we follow the EU standard.
We are not permitted to use your data for any purposes other than those stated here or permitted by law.
Unless otherwise stated in individual cases, OhMy.Health is responsible for the forms of data processing described here. If you have any queries about data protection law, you can contact us as follows:
c/o Athos Family & Business Services (Switzerland) AG
Lindenstrasse 16, 6340 Baar
We do not forward your personal data
We will not forward your data to third parties. We work with external service providers for particular tasks, for example, putting addresses on shipments. These service providers are obliged to comply fully with data protection regulations, are not permitted to use your data for any other purposes whatsoever and must delete it after 30 days. All OhMy.Health employees who handle your data are obliged to comply with data protection regulations.
Use of data
We will not misuse any data that you provide to us about yourself. In order to send you a newsletter you are subscribed to, respond to your queries, process your requests for information, ensure your participation in petitions, campaign promotions or competitions or complete your order in the online shop, we require some information from you. We will use the information that you provide via a form on the website or by other means to achieve these ends and process the resulting communication.
Just like any online provider, we collect user data in order to optimise our service. We collect and store information in such a way that it is not personally identifiable. We therefore cannot check which user has accessed which data. In particular, we do not collect any names, postal addresses, telephone numbers or e-mail addresses when you visit our website, nor any details about your personal interests or other personally identifiable information.
If you have given us consent to process your personal data for particular purposes (for example when you subscribe to newsletters), we will process your personal data on the basis of this consent. You can revoke your consent at any time.
Right to rectification, blocking and to be informed
Within the scope of the data protection legislation applicable to you and in so far as this legislation provides (as in the case of the GDPR, for instance), you have the right to rectification and erasure, as well as the right to restrict data processing, object to our data processing and publish certain personal data for the purpose of transferring it to another authority (known as data portability). Please note, however, that we reserve the right to enforce the legally prescribed restrictions, for example if we are obliged to store or process your data or need it to assert claims. If this incurs any costs for you, we will notify you in advance. We have already explained the option of revoking your consent in the “Use of data” section.
If you send a written request to OhMy.Health, we will inform you about the data we have stored about you. When requesting this data, please send us your full name, e-mail address and a copy of an official identification document (ID card, passport). This is necessary to prevent any unauthorised persons gaining access to your data. You may exercise the rights indicated above with regard to the data stored about you.
Furthermore, every data subject is entitled to assert their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch/edoeb/en/home.html).
We use Google Analytics or similar services on our website. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, it is Google LLC in the USA, www.google.com), which allows us to measure and evaluate the use of the website (in such a way that it is not personally identifiable). For this purpose, we also use permanent cookies set by the service provider. The service provider will not receive any personal data from us or retain any IP addresses. It may, however, track your use of the website, combine this information with data from other websites you have visited that are also tracked by the service provider, and use these findings for its own purposes (for example, managing advertising). If you have registered with the service provider yourself, it will also know you. In this case, the service provider is responsible for processing your personal data in accordance with its own data protection provisions. The service provider will only tell us how our respective website is being used. We will not receive any information that identifies you personally.
Elements from other providers on our website
We use services from other providers on our websites and mobile applications. For example, videos are embedded via the YouTube platform. Content may be shared or recommended via Facebook, Twitter or Google+. Clicking an element from one of these third party providers (e.g. the “Like” plug-in from Facebook), may automatically connect you to this third-party provider’s servers. Data relating to your visit to the website may then be transferred to the third-party provider and possibly associated with the user account you have created with them. You can find out how these platforms collect and use data in their respective privacy policies, where you will also be given the option to adjust the settings to restrict the use of your personal data.
Secure data transfer
All data that you provide to us on our website, when ordering a newsletter or making contact enquiries, is transferred to us via a secure connection in encrypted form. We use a state-of-the-art security procedure (SSL Secure Sockets Layer) to do this.
Liability for links
We also place links on our website to external services that we think you might like. Of course, we only provide links to pages that did not appear to contain any misleading or illegal content when the link was created. We have no control over the way these pages will be set up in future, however. We cannot therefore be held responsible for recommended pages that have been changed after the link was created. Liability for illegal, incorrect or incomplete content and, in particular, for any damage or loss suffered as a result of using this information lies solely with the provider of the page in question.
If you subscribe to one of the newsletters we offer, we will use your data exclusively to send our newsletter as it is defined when you subscribe. You only need to provide your e-mail address to subscribe to our newsletter. Subscriptions or changes to newsletter subscriptions are recorded and are therefore traceable.
If you provide any more personal information when you subscribe, we will check it against our own address database to ensure that the addresses are fully up to date and of sufficient quality, thus optimizing our communication with you. We will treat your newsletter data as strictly confidential and will not forward or sell it to third parties. We work closely with our Internet and newsletter providers to provide maximum protection for your data from unauthorized access, loss, misuse or forgery. Please do not forward your newsletter as this may also send a means of accessing your personal information. To forward the newsletter, please use the “Forward message” function integrated into every newsletter or the URL for the online version of the newsletter.
Retention period for personal data
We process and store your personal data for the duration of the business relationship and in accordance with the statutory retention and documentation requirements. Data may therefore be retained for the period in which claims can be asserted against our company (including, in particular, during the statutory limitation period) and to the extent that we are otherwise required to do so by law or it is required by legitimate business interests (for example for evidence or documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will be deactivated and will no longer be used. For operational data (for example system records, logs), shorter retention periods of up to twelve months apply as a basic principle.
Obligation to provide personal data
As part of our business relationship, you are invited to provide the personal data that is required to enter into and conduct a business relationship and fulfil the associated contractual obligations. Generally speaking, you are not legally required to provide data to us. Without this data, we will usually be unable to conclude or process a contract with you (or the body or person you are representing). The website cannot be used either if certain details designed to secure data traffic (such as your IP address) are not disclosed.
c/o Athos Family & Business Services (Switzerland) AG
Lindenstrasse 16, 6340 Baar