Privacy Policy
The protection of personal data is important to us. Therefore, we process personal data exclusively on the basis of the applicable data protection law. In this privacy policy we inform you about the types of personal data we collect, how this data is used, to whom it is transferred and what options and rights you have in connection with our data processing. In addition, we describe the measures we take to ensure data security and how you, as data subject, can contact us if you have any questions about our data protection practice.
I. Name and Address of the Controller
We, Emergency Radiology Schueller (in the following “Radailogy” or “We”), are controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws and regulations that determine the purposes and means of processing personal data. If you have any questions regarding the processing of your personal data, please do not hesitate to contact us:
Emergency Radiology Schueller
Sumpfstrasse 26
6312 Steinhausen
Our data protection coordinator can be contacted at:
Telephone number: +41 41 501 58 40
E-mail address: office@radailogy.com
II. General Information regarding the Processing of Personal Data
1. Scope of data processing
We only process your personal data if this is necessary to provide a functional website as well as to provide our Radailogy Services. The processing of your personal data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of your personal data is permitted by law.
2. Legal basis for data processing
We process your personal data based on the following legal basis:
- Processing on the basis of your consent to the processing of your personal data (art. 6 (1) (a) GDPR);
- Processing for the performance of a contract to which you are party or the implementation of pre-contractual measures (art. 6 (1) (b) GDPR);
- Processing for compliance with a legal obligation to which we are subject (art. 6 (1) (c) GDPR);
- Processing for the purpose of legitimate interests pursued by us or third parties (art. 6 (1) (f) DSGVO).
3. The erasure and storage of personal data
Your personal data will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, personal data may be stored if this has been required by regulations, laws or other provisions to which we are subject. The personal data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- Information relating to the browser type and version used
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website
The data is also stored in the log files of our system but is not stored together with other personal data concerning you.
2. Legal basis for data processing
The legal basis for the temporary storage of personal data and log files is art. 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of your IP address by the system is necessary to enable the website to be delivered to your computer. For this the IP address must remain stored for the duration of the session.
The personal data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to art. 6 (1) (f) GDPR also lies in these purposes.
4. Period of storage
Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, the data will be deleted when the respective session has ended.
If personal data is stored in log files, it will be deleted after thirty days at the latest. Further storage is possible. In this case, the IP addresses are deleted or alienated so that the calling client can no longer be assigned.
5. Possibility of objection and erasure
The collection of personal data for the provision of our website and the storage of personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection.
IV. Use of cookies
This website uses cookies. You can find more information under the following link https://www.radailogy.com/cookies/
V. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. Our newsletter primarily contains information about our products and general information in connection with our services. When registering for the newsletter, we collect the email address, your phone number and the full name from you.
In addition, the following data is collected upon registration:
- IP address of the calling computer
- Date and time of registration
2. Legal basis for data processing
For the processing of your Personal Data, your consent will be obtained during the registration process in accordance with Art. 6 para. 1 lit. a GDPR and reference will be made to this Privacy Policy. The consent is obtained based on a double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that nobody can register with another person’s email address. Newsletter registrations are logged to preserve our ability to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address used by your system.
3. Forwarding to Mailchimp
Our newsletter is sent by the newsletter tool Mailchimp, which is offered by the Science Group, LLC based in the USA (“Rocket Science Group”). We have concluded a data processing agreement with Rockets Science Group and therefore act in compliance with the strict requirements of the GDPR when using Mailchimp.
The personal data entered into the input mask when registering for the newsletter is stored on the servers of the Rocket Science Group in the United States. Rocket Science Group uses this information to send and evaluate the newsletter on our behalf. In addition, Rocket Science Group may use your personal data, according to its own information, to optimize or improve its own services, e.g., to technically optimize the sending and display of the newsletters or to determine from which countries the recipients come. However, the Rocket Science Group does not use your personal to contact you directly and does not transfer your personal data to any third parties.
For more information about how Rocket Science Group handles personal information, please see the Rocket Science Group Privacy Policy: https://mailchimp.com/legal/privacy/.
4. Purpose of data processing
The collection of your e-mail address serves to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address.
5. Period of storage
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.
6. Possibility of objection and erasure
You can cancel the subscription to the newsletter at any time. For this purpose, there is a corresponding link in every newsletter.
VI. Registration for the use of Radailogy Services (User Account)
1. Description and scope of data processing
In order to use our Radailogy Services, we offer you the opportunity to register by providing personal data. The data entered into the input mask is transmitted to us and stored by us. The data from the input mask will not be transmitted to third parties. The following data of the Customer is collected during the registration process:
- Title
- First and Last Name
- Institute / Company
- Address, Zip Code, City and Country
- Email address
- Phone Number
- Password
- Authentication Certificate
At the time of registration, the following additional data is stored:
- The IP address of the user
- Date and time of registration
In the course of the registration process, your consent to the processing of your personal data is obtained and reference is made to this privacy policy.
2. Legal basis of data processing
The legal basis for the processing of personal data is art. 6 (1) (a) GDPR.
If registration serves to perform a contract to which you are party or to implement pre-contractual measures, the additional legal basis for the processing of the data is art. 6 (1) (b) GDPR.
3. Purpose of data processing
Your registration is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.
We need these data to be able to perform our Radailogy Services as listed on our website.
4. Period of storage
Consequently, the personal data collected during the registration process to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.
5. Possibility of objection and erasure
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
VII. Contact form
1. Description and scope of processing of personal data
There is a contact form on our website which can be used for electronic contact. If you take advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:
- First and Last Name
- Email Address
- Phone Number
- Your Message
At the time the message is sent, the following additional data is stored:
- The IP address of the user
- Date and time of message creation
Your consent is obtained for the processing of the personal data within the scope of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted by e-mail will be stored.
In this context, the personal data will not be transmitted to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for processing
The legal basis for the processing of data is art. 6 (1) (a) GDPR.
The legal basis for the processing of personal data transmitted in the course of sending an e-mail is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.
3. Purpose of data processing
The processing of personal data from the contact form and the e-mail sent to us serves us only for the treatment of the establishment of contact. The personal data collected in the course of sending an e-mail represent also our legitimate interest in processing of personal data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Period of storage
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
To offer a good user experience and to safeguard our ability to comply with our contractual obligations, we need to have access to all user communication. Consequently, the personal data from the contact form or the personal data that is sent by e-mail will be erased not earlier than after 10 yearsThe additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and erasure
You have the possibility to withdraw your consent to the processing of personal data concerning you at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VIII. Use of Radailogy Services / Data Processing of our Patient Data
1. Description and scope of processing of personal data
We primarily process personal data that we receive directly from our Customers within the scope of our client relationships. For the use of our Radailogy Services we primarily process personal data from patients from our Customers (in the following “Patient Data”), which are provided to us from our Customers by uploading radiological images (in the following “Document”) on his User Account. You as a Customer are responsible that the forwarding of Patient Data complies with the applicable data protection or any other applicable law. Whenever required by the applicable law, Customer is responsible for obtaining consent of the Patient. This responsibility lies solely with the Customer. Customer guarantees that the forwarding to Radailogy and processing by Radailogy of the Patient Data of the Document is permitted by the applicable law.
Currently, you can choose between the following Radailogy Services:
- Pure AI
- Combained
- Defained
- Expert
The Document will be provided to AI provider (internal or external) or to a Radailogist for processing (depending on the Radailogy Services you have selected). The Radailogists and AI providers will be selected by us. We have agreements ensuring that our Radailogists and AI provider will only use the data submitted to them to perform their services and that they have appropriate technical and organizational measurements in place.
Depending on which Service Category of Radailogy Services (Free, Pro and Premium) you are using, the data processing of Patient Data will be different:
1.1 Free
When you choose to use our Free Radailogy Services standard pseudonymization of all Patient Data on the Document will take place in the data center of Radailogy.
Pseudonymization means the removal of any personal data which is not necessary to process the uploaded image data. This means at least the following data attributes are removed from your uploaded data before it will be processed by any third party providers: Name (Title, First name, Last name), Birthdate (except Year), social security number
1.2 Pro
When you choose to use our Pro Radailogy Services standard pseudonymization of all personal data on the Document will take place at the Diagnostic Gate at the Customer’s site.
1.3 Premium
When you choose to use our Premium Radailogy Services pseudonymization of all personal data on the Document will take place at the Diagnostic Gate at the Customer’s site.
2. Purpose of data processing and legal basis for processing
When providing our Radailogy Services, we process the Patient Data on behalf of our Customers. Our Customers are controller within the meaning of the EU General Data Protection Regulation (GDPR) and we are processor.
The collected Patient Data will be processed by us in order to perform a contract to which you are party or to implement pre-contractual measures. The legal basis for the processing of the data is art. 6 (1) (b) GDPR.
3. Period of storage
The personal data collected by us will only be stored for as long as it is necessary for the execution of the contractual relationship (from the initiation to the termination of a contract) or the other purposes pursued with the processing and/or a legal obligation to store and document or a predominant private or public interest exists. As soon as the personal data collected by us are no longer required for the above-mentioned purposes, they will be deleted or anonymised as far as possible. The data contained in the Document will be erased 90 days after receipt from the Customer.
4. Possibility of objection and erasure
Within the framework of our business relationship, you must provide us with all personal data required for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations. Without this information, we will generally not be able to enter into or complete or fulfill a contract with you.
5. Data Transfer to third parties and transborder data flows
As part of our business activities, we may disclose Patient Data provided from you to us to third parties (such as AI providers and our Radailogists) and other business partners, to related parties, counterparties and other persons in Switzerland, the EU or other countries for the purposes set out above and where appropriate. We may also be required to disclose your personal information in order to comply with legal or regulatory requirements.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection by means of data transfer agreements (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the statutory exceptions of consent, contract and mandate processing, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.
IX. Rights of the data subject
If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights:
1. Right of access
You can ask us to confirm whether personal data concerning you is being processed by us.
Is that the case, you can request the following information from us:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed;
- the envisaged period for which the personal data will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of personal data, or restriction of processing of personal data concerning you or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to obtain from us the rectification and/or completion of incorrect or incomplete personal data concerning you.
3. Right to restriction of processing
Under the following conditions, you have the right to request the restriction of processing of your personal data:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or
- you have objected to processing pursuant to art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override those of you.
Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
4. Right to erasure
4.1 Obligation to erase
You have the right to obtain from us the erasure of your personal data and we are obliged to erase personal data without undue delay where one of the following grounds applies:
- the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR, and where there is no other legal basis for the processing;
- you file an objection to the processing pursuant to art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to art. 21 (2) GDPR;
- the personal data concerning you has been unlawfullyprocessed;
- the deletion of personal data concerning you is necessary to fulfil a legal obligation to which we are subject;
- the personal data concerning you was collected in relation to the offer of information society services referred to in art. 8 (1) GDPR.
4.2 Information to third parties
Where we have made your personal data public and where we are obliged pursuant to art. 17 (1) GDPR to erase your personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.
4.3 Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by applicable law or for the performance of a task carried out in the public interest or in the exercise of official authority assigned to us;
- for reasons of public interest in the area of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with art. 89 (1) GDPR, insofar as the right referred to in para. IX.1 is likely to render it impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
5. Right to data portability
You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from us to which the personal data have been provided, where:
- the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR; and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.
The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority assigned to us.
6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
We no longer process the personal data concerning you, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of object in the context with the use of in-formation society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
7. Right to withdraw the consent to process personal data
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
9. Changing this Privacy Policy
We reserve our right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations. We will tell you about any changes by posting an updated privacy policy on our website. Any change we make applies from the date we post it on the website. If you have any questions about our privacy policy, please email us.
This privacy policy was updated on the [19.10.2020].