for the website abilis.ch and the mobile app Abilis
1. Which society operates the website abilis.ch and the mobile app Abilis?
The website abilis.ch and the mobile app Abilis are operated and managed by Ofac cooperative society, rue Pedro Meylan, 7, 1208 Geneva.
Ofac is constantly concerned about the safety and proper use of your personal data, which may include medical data, as well as the respect of your data protection rights.
Ofac has three important certifications in terms of security and data protection: ISO 27001, for management of the security of information systems, GoodPriv@cy and DPCO for the management of data protection.
If you do not find the answer to your questions in this document, you may contact firstname.lastname@example.org.
2. Who is responsible for data protection?
The File controller/Data controller is:
Ofac General management
Rue Pedro Meylan 7
1211 Geneva 6
The File Controller/Data controller Ofac designates the following person as Independent advisor for data protection:
Mr Claude Lachat
Rue Pedro Meylan 7
3. What data is collected and processed and for what purpose?
Generally speaking, we only process our users’ personal data as necessary to provide a functional website and mobile app and to provide the services expected on the website abilis.ch and the mobile app Abilis.
When you consult the website abilis.ch or the mobile app Abilis, our web server automatically saves certain information relative to your visit (particularly your IP address, the type of browser used, web pages consulted, including the date and duration of your visit). We also collect personal data which you spontaneously provide through the website Abilis.ch or through the mobile app Abilis. This is the case when you fill in an online form and when you communicate your details (surname, given name, gender, address, email address, phone number), when you sign up to an electronic newsletter or when - and only if - you have expressly consented to sharing your medical details by accepting the form title “Declaration of consent”, having been reminded that medical data are considered sensitive data within the federal law for data protection.
The processed and collected data are as follows:
- Your identity data: surname, given name, gender, date of birth;
- The email address with which you wish to correspond with us;
- Medical data shared by the health providers of the ABILIS network;
- Cookies (see point 4 below);
- Other collected information, such as data transmitted when login details are attributed (data stated as”IDP subscription”, phone number etc.).
The main purpose for the collection and data processing relates to the services expected on the website Abilis.ch or the mobile App Abilis, which particularly consists of facilitating the management and sharing of your medical data by your care providers.
The secondary purpose is as follows:
- allow us to communicate with you through email, to inform you,
- collection and data processing in relation to other purposes, such as purchases on the webshop, use of CDSS (Clinical Decision Support System).
The website abilis.ch and the mobile app Abilis use three types of cookies.
- Session cookies are strictly required. This type of cookie is especially used in order to maintain the coherence of a session or to save the articles which are placed in the trolley during a single shopping session. They are temporary and expire as soon as the internet user leaves the website. If you refuse this type of cookie, you will not be able to navigate on the website abilis.ch and the mobile app Abilis.
- Analysis cookies which reveal the use and performance of the site and which improve its operation. These cookies are anonymous and do not allow you to be identified.
- Identification cookies created during identification on the site in order to transmit this information from one page to another and to allow restriction of the number of simultaneous users for the same account. These cookies combined with our analysis tools allow tracking of what the users are consulting (this information remains anonymous).
If you choose to visit one of these third party websites or mobile apps, you will be redirected to these third party websites or mobile apps. We have no control over third party websites or mobile apps and consequently recommend that you refer to the declaration of confidentiality of these websites or mobile apps to know everything about their procedures for collection, use and transmission of personal data.
6. Duration of data storage?
We preserve and process your personal data as long as necessary to meet the objective for which they have been collected or within the limits indicated or authorised by law.
7. Who will have access to your data?
Regarding your personal data in general, it may be be necessary to communicate to third parties:
- to third parties service providers.
- to other entities belonging to the Ofac ground, which may be implicated in the provision of the website or its contents.
- to the authorities.
All personal data processing given to a third party is performed in accordance with the legal and regulatory requirements (see article 10a of the Federal Law on Data Protection).
Regarding your personal medical data, only the member care providers of the ABILIS network will have access to your medical data.
8. How do we protect your data?
We have taken organisational and technical measures which guarantee that the legal provisions for data protection are observed.
Additionally, as indicated above, Ofac is a Swiss company certified in information security and data protection.
9. What are my rights?
You have the right to be informed at any moment about personal data relating to you which is processed by our services. You may send your information request by writing, accompanied by a copy of your identity card or your passport, to our postal address.
You also have the right to demand rectification of erroneous personal data. Furthermore, you have the right to demand removal of your personal data in so far as we are neither obliged nor authorized to store certain personal data under the current legislation and regulations.
10. Contact for data protection?
You may exercise your rights regarding data protection by sending an email to email@example.com or by mail to:
Ofac cooperative company
Rue Pedro Meylan 7
1211 Geneva 6
Geneva, September 2019.