Skip to main content

Data Privacy Policy

The website www.cereneo.ch (hereinafter „website“) is operated by cereneo Switzerland Ltd., Seestrasse 18, CH-6354 Vitznau (hereinafter „cereneo“ or „we“). cereneo is responsible for the collection, processing and use of personal data, which are collected from or entered into by the visitors of the website (hereinafter „user“ or „you“), and the compliance of the data processing with the applicable law.

Your trust is very important to cereneo. cereneo is aware of the fact that personal data may contain sensitive health data, which are particularly worthy of protection. Therefore, cereneo takes the subject of data protection very seriously and complies with the applicable data protection regulations.

cereneo takes data protection very seriously. Consequently, we are committed to the protection of your personal data and comply with the legal requirements of the Swiss Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG) and the General Data Protection Regulation of the European Union (GDPR).

Certain information provided by the user may fall under the scope of patient’s secrecy according to art. 321StGB. Even if cereneo implements the highest security measures for the transmission and storage of data, cereneo recommends to not transmit such information through the website or to keep the according information as general as possible. Reservation is made for data processing opportunities for which it is hereafter explicitly mentioned that patient data can be submitted.

Hereinafter, you as user will find information about which personal data cereneo will collect and process in connection with the website. Section 2 also contains information on data processing outside the website, in particular in connection with the provision of services by cereneo to patients. Data processing outside the website is also carried out by cereneo International AG, Seestrasse 18, 6354 Vitznau.

The legal responsibility for data processing outside the website lies with either cereneo or cereneo International AG, depending on which company the patient is assigned to. In section 2 the term "cereneo" is also used to refer to cereneo International AG. The data protection representative of cereneo and cereneo International AG in the sense of Art. 27 GDPR is: relearnlabs GmbH, Factory Berlin Mitte, Rheinsberger Str.76/77, 10115 Berlin, Germany (relearnlabs), privacy@relearnlabs.com.

 

1. Scope and purpose of the collection, processing and use of personal data

1.1 When accessing the website

While visiting the website, the server temporarily stores each access in a log file. Until the automatic deletion, the IP address of the requesting computer, date and time of the access, the name and the URL of the retrieved file, the website from which the access took place and the operating system used by user’s computer and the browser used by the user as well as the country, from where the user has accessed among other things, will be automatically collected.

The collection and processing of these data are generally anonymised without personal reference for the purpose, to enable the use of the website (connection establishment), to guarantee permanently the system security and stability and to optimise the internet offer as well as for internal statistical purposes. The information mentioned above will not be linked or stored with personal data.

Only in the case of an attack on the net infrastructure of cereneo or in case of suspicion of an illegal use or misuse of the website the IP-address will be analysed for investigation and defense purposes and potentially used in the course of a criminal proceeding for the identification and for civil and criminal law actions against the respective user. We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR to process the data for these purposes.

 

1.2 Contact form

Apart from this passive data acquisition and the hereinafter described data processing for advertising purposes, cereneo collects and processes personal data only if the user voluntarily forwards the personal data to cereneo, e.g. by email or contact form.

By communicating personal data to cereneo, the users agree that cereneo stores the data and processes it to answer questions, process requests, send the requested information or provide eventually requested services.

The legal basis for the processing of data voluntarily provided by the user lies in the consent pursuant to Art. 6 para. 1 lit. a GDPR and, e.g. for contact inquiries, in our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Users can object to this data processing at any time (see contact data below).

 

1.3 Use of data for advertising purposes/ Newsletter

cereneo uses so-called re-targeting technologies on the website. In doing so, the user’s behavior is analysed on the website in order to be able to subsequently offer individual tailored advertising to the user on the partner websites. The behavior of the user is recorded pseudonymously.

Most of the re-targeting technologies work with cookies (see therefore section 1.4 below). This website uses Doubleclick by Google, a service of Google LLC. („Google“). Google uses therefore the so-called DoubleClick-Cookie which allows to recognize the browser used by a specific user when this user visits other websites. The information generated by the cookie regarding the visit of these websites (including the IP addresses) are transmitted to a Google server in the US and stored there (you will find additional information about personal data transfer to the US in section 1.5.2 below).

Google will use this information to evaluate the use of the website with regard to the ads to be served, to compile reports on the website activities and advertisements for the website operators and to provide other services connected with the use of the website and the Internet. Google may also transfer this information to third parties as far as this is required by law or if third parties process this data on behalf of Google. However, under no circumstances will Google associate the user’s IP address with other data from Google.

User can prevent re-targeting at any time by rejecting or deactivating the cookies in the web browser’s menu bar (see section 1.4 below). The legal basis for this processing of personal data lies in the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Users can object to this data processing at any time by rejecting or deactivating cookies as described above.

 

1.4 Cookies

In order to make the visit of the website attractive and to enable the use of certain functions, so-called cookies are installed on the website. The cookies are small text files, which are stored on the user’s device. Some of the installed cookies are automatically deleted after the end of the browser session (so-called session cookies). Other cookies remain on the user’s device and allow cereneo to recognise the browser on the next visit (persistent cookies).

cereneo hereby advises the users that certain cookies are already set as soon as a user accesses the website. Users can, however, set up the browser in such a way that they are informed of the setting of cookies and may decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. The non-acceptance or de-activation of cookies may restrict the functionality of the website. Browsers allow the users to control the storage of cookies on their respective devices. The description for the respective browsers can be found under the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

 

1.5 Tracking Tools

1.5.1 Google (Universal) Analytics

We use the web analytics service Google Analytics to maintain a user-oriented and continuously improving website. Google Analytics is provided by Google Ireland Limited, a company under Irish law with registered seat at Gordon House, Barrow Street, Dublin 4, Ireland („Google“). We create pseudonymized user profiles and cookies (see section 1.4) for this purpose. Information that is generated by the cookies includes:

- browser type/version,

- operating system used,

- referrer URL (the previously visited website),

- host name of the accessing computer (IP address),

- time of server inquiry, and

- device used.

This information will be transmitted to and stored by Google. We have concluded a data processing agreement with Google for this purpose and use Google Analytics with a privacy-friendly set up. This privacy-friendly setting means that we have masked the last octet of your IP address, have turned off 'sharing data with Google' and do not use other Google services in combination with the Google Analytics cookies.

The information obtained with Google Analytics is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the design of these Internet pages to meet requirements. This information may also be transferred to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

It cannot entirely be excluded that the respective data will be processed in locations outside of the European Union or the European Economic Area. However, Google participates in and complies with the EU-US and also the Swiss-US Privacy Shield Framework. This means that Google's level of data protection is in accordance with European standards regarding the collection, use and retention of personal data.

For more information about the web analytics service used, please visit the Google Analytics website. The following link https://tools.google.com/dlpage/gaoptout?hl=en on how to prevent the use of user data by the web analytics service.

We rely on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR to use the Google Analytics cookies for the mentioned purposes. Our legitimate interests consist of the optimal functioning of the website.

 

1.5.2 Google AdWords Conversion-Tracking

We use the offer of Google Ads Conversion to draw attention to our attractive offers by means of advertising material (so-called Google Ads) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In this way, we pursue the interest of displaying advertising that is of interest to users, making our website more interesting for users and achieving a fair calculation of advertising costs.

These advertising materials are delivered by Google via so-called "Ad Servers". For this purpose, we use Ad Server Cookies, through which certain parameters can be measured to measure success, such as the display of the ads or clicks by users. If users reach our website via a Google ad, Google Ads will store a cookie on their end device. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.

The cookies enable Google to recognise users' internet browser. If a user visits certain pages of an ad client's website and the cookie stored on their computer has not expired, Google and the client may recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each AdSense client. Cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, users' browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of these tools and therefore inform users according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that users have called up the corresponding part of our website or clicked on an advertisement from us. If users are registered with a Google service, Google can assign the visit to their account. Even if users are not registered with Google or have not logged in, it is possible that the provider will find out their IP address and save it.

Users can find additional information about the conversion-tracking here.

Users may prevent this tracking by rejecting or de-activating cookies (see section 1.4). For the sake of completeness, cereneo points out to users which have a Swiss residency or domicile, that there are surveillance measures by the US authorities that generally enable the storage of all personal data of all persons whose data have been transferred from Switzerland to the US. This is done without differentiation, restriction or objective criterion, which would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes, access to such data as well as their use. We also point out that in the US there are no legal remedies available to the persons concerned from Switzerland which allow them to gain access to the data concerning them and to correct or eradicate them, or no effective judicial protection against general access rights from US authorities.

The legal basis for this data processing lies in the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Users can object to this data processing at any time by using the aforementioned opt-out options.

 

1.6 Social Plugins

On this website social plugins are installed. These social plugins consist on the one hand side of “Like-Buttons” or similar functionalities that are typical for social media networks, on the other hand side of “dynamic” links to the sites of cereneo on the respective social media network. Users recognise the respective plugins because they are displayed using the logo of the respective network.

If a user is logged in its user account with the respective social media network when accessing the website of cereneo, the respective network may connect the website visit to his / her user account. If a user interacts with the plugins, the respective information will directly be forwarded to the server of the respective provider and stored there. The information may be published on the respective social media network and in certain circumstances displayed to other users of the network (e.g. if the “like”-button is used). The provider of the social media network uses the information for marketing purposes, market surveys and the user-focused design of its services. In this respect use, interest or relation profiles may be created, e.g. in order to analyse the use of the cereneo website by the respective user with respect to the advertising displayed to this user on the social media network, in order to inform other users of the social media network about the activities of the respective user on the cereneo website, and in order to provide other services connected to the use of the social media network.

Purpose and extent of the data collection, processing and use by the provider of the social media networks as well as the rights and user settings for the protection of the users’ privacy may be found in the data privacy policies for the social media networks.

If users do not want that the provider of a social media network is able to connect the data collected on the website of cereneo directly with their user account, the respective user must log out from his user account prior to using the plugins or prior to visiting the website. The legal basis for this data processing lies the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Users can object to this data processing at any time by using the aforementioned opt-out options.

On this website plugins of the following providers are implemented:

 

2. Data processing outside of the website

2.1 Medical and therapeutical treatment

cereneo only processes personal data of patients and, if applicable, their accompanying persons, which the patients themselves provide to cereneo within the framework of the offer, upon entry or registration (e.g. personal master data, doctor's reports of prior treatment, clinical pictures, medical documents), which cereneo receives from third parties with the consent of the patient (e.g. Travel and accommodation information, medical records and medical documents from third-party service providers consulted; laboratory examination reports) and which are collected during treatment (e.g. clinical pictures, prescribed therapies and therapy results, diagnostic/assessment/imaging material, reports, recording of training progress as well as the withdrawal report and accounts).

The legal basis for this data processing is the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR), exceptionally legitimate interests of cereneo (Art. 6 para. 1 lit. f GDPR) as well as, in explicitly mentioned constellations, the consent of the patients in the admission form or in specific individual cases.

 

2.2 Teletherapy

In connection with teletherapy services, cereneo cooperates with relearnlabs. relearnlabs is a company of the Neurorecovery Group. relearnlabs provides technical support, management services and legal and technical clarification of the tools used for the teletherapy services offered by cereneo. After informing the patient and with his consent, cereneo can also transfer the patient to relearnlabs, which then enters into an independent contractual relationship with the patient. In this case, relearnlabs will be responsible for the data processing carried out after the transfer has been made. In order to provide the aforementioned services, relearnlabs shall have access to the data of the patients concerned (e.g. name, year of birth, e-mail address, technical devices used by the patient, certain information on the limitations and duration of teletherapy, assessments regarding satisfaction with and improvements through teletherapy). Where cereneo is the data controller, it shall contractually ensure that relearnlabs processes the data only as cereneo is permitted to do.

The legal basis for this data processing is the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR), exceptionally legitimate interests of cereneo (Art. 6 para. 1 lit. f GDPR) as well as, in explicitly mentioned constellations, the consent of the patients in the admission form or in specific individual cases.

 

2.3 Data exchange

In connection with the service performance and administration data may be exchanged between the various companies of the Neurorecovery Group. These data exchanges result from the fact that certain administrative services (e.g. HR, finance) are performed centrally. For the purpose of coordinated medical and therapeutic service provision, patient data is also exchanged between the various Neurorecovery Group companies or employees of other Group companies have access to the patient data. In order to ensure suitable accommodation and for administrative purposes, personal data is also passed on to companies of the HVLL Group. The individual group companies of the Neurorecovery Group and the HVLL Group are listed below. Access to patient data by these companies is granted and controlled according to the "need-to-know" principle. In addition, it is contractually ensured that these companies only process the data in the way that cereneo is likely to do.

The legal basis for this data processing is the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR), exceptionally legitimate interests of cereneo (Art. 6 para. 1 lit. f GDPR).

 

3. General provisions

3.1 Transfer of data to third parties

cereneo only discloses personal data if the data subject either has consented explicitly, a legal obligation therefore exists or if it is required for the enforcement of rights and claims of cereneo.

In addition, cereneo will pass on personal data to third parties as far as it is necessary in the context of the use of the website as well as the answering of questions, processing of inquiries or for the possible provision of services. The use of the data submitted by the third parties is strictly limited to the stated purposes.

A list with third party service providers as mentioned above is available in section "third party providers" (see below). Additional service providers are explicitly mentioned in this data privacy policy (see for example in sections 1.3, 1.5, 1.6 and 2.2) or also in the admission form to be signed by the patient. If the personal data represents information which falls under the scope of the patient secrecy according to Art. 321 StGB, this information shall in no case be passed on to third parties without the consent of the user.

 

3.2 Transfer of personal data abroad

cereneo is entitled to forward personal data to third parties and service providers abroad, provided that this is necessary within the scope of the purposes mentioned in section 3.1 above. In doing so, the statutory provisions for the transfer of personal data to third parties are of course complied with.

These third parties are bound to the same extent as cereneo itself for data protection. If a country‘s data protection level does not comply with Swiss or EU data protection law, cereneo contractually ensures that the protection of the personal data is always the same as in Switzerland or the European Economic Area (EEA).

A list with third party service providers in connection with the website and their domiciles can be found in section "list with third party provider" (see below). Most of these service providers have their domiciles in the neighbouring countries. The website is hosted on a server in Switzerland. Some of the service providers explicitly mentioned in this data privacy policy have, however, there domicile in the US (see sections 1.3, 1.5 and 1.6). Additional information about the transfer of personal data to the US can be found in section 1.5.2.

 

3.3 Entitlement to disclosure, deletion, correction and data portability

Data subjects have, upon request and free of charge, the following rights:

Information right: Data subjects have the right at any time to request access to their personal data stored by us. This gives them the opportunity to check which personal data we process about them and that we use it in accordance with applicable data protection regulations.

Correction right: Data subjects have the right to have inaccurate or incomplete personal data corrected and to be informed of the correction. We will inform the individual concerned of the adjustments made to any incorrect data, unless such notification is impossible or involves a disproportionate effort.

Deletion right: Data subjects have the right to require us to delete their personal data, as long as there is no legal basis that allows us to further process such data.

Right to limitation of processing: Data subjects have the right, under certain conditions, to request the processing of their personal data to be restricted.

Data transferability rights: Under certain circumstances date subjects have the right to receive from us the personal data that they have provided to us, free of charge and in a readable format.

Right to complain: If data subjects are residents of an EU or EEA member country, they have the right to lodge a complaint with a competent supervisory authority against the way in which their personal data is processed at any time.

Right of revocation: Data subjects can withdraw their consent to certain data processing at any time, with effect for the future.

Right to object: Data subjects can object to certain data processing at any time. For this, the data subject contact datenschutz@cereneo.ch.

 

3.4 Data retention

cereneo only stores personal data for as long as it is necessary to achieve the data processing purposes mentioned above. Contract data is retained by cereneo for a longer period, as this is prescribed by legal retention obligations. Retention duties, which oblige cereneo to store data, result from regulations on accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be stored for up to 10 years. If cereneo no longer needs any such data to perform the services for the users, the data will be blocked. This means that the data may then exclusively be used for accounting and tax purposes.

 

3.5 Data security

cereneo uses appropriate technical and organisational security measures to protect personal data against manipulation, partial or total loss and against unauthorised access by third parties. These safety measures are continuously improved according to the technological development.

 

4. Contact

If you have any questions regarding data privacy, please contact datenschutz@cereneo.ch. Last changed at April 2020.

 

Third Party Providers in connection with the Website

 

cereneo International AG

Seestrasse 18

6354 Vitznau, Switzerland

 

Hostpoint AG

St. Dionysstrasse 31

Postfach

8640 Rapperswil-Jona, Switzerland

 

SWISS ITP Professional AG

Riethofstrasse 3

8442 Hettlingen, Switzerland

 

Pühringer Residential AG

c/o Park Hotel Vitznau

Seestrasse 18

6354 Vitznau, Switzerland

 

AgenturWebfox

Einsteinufer 63

10587 Berlin, Germany

 

WeVenture GmbH

Reichenberger Str. 120

10999 Berlin, Germany

 

Data exchange

In connection with the service performance for patients data is exchanged between the following companies:

 

Neurorecovery Group

cereneo Schweiz AG, Seestrasse 18, 6354 Vitznau

cereneo International AG, Seestrasse 18, 6354 Vitznau

relearnlabs GmbH, Rheinsberger Str. 76/77, D-10115 Berlin

 

Hospitality Visions Lake Lucerne Group

Hospitality Visions Lake Lucerne AG, Seestrasse 18, 6354 Vitznau

Park-Hotel Vitznau AG, Seestrasse 18, 6354 Vitznau

Campus Hotel Hertenstein AG, Hertensteinstrasse 156, 6353 Weggis

 

cefir

cereneo - Zentrum für Interdisziplinäre Forschung (cefir) Gemeinnützige Stiftung

Seestrasse 18

6354 Vitznau 

 

Version dated April 2020