1. Data Controller
In accordance with the Federal Data Protection Act and the General Data Protection Regulation, the controller is the person who decides on the purposes and means of processing personal data:
Foundation for the Institute for Research in Biomedicine
2. Data Protection Officer
The Fondazione per l’Istituto di Ricerca in Biomedicina has appointed a Data Protection Officer who can be contacted using the e-mail address firstname.lastname@example.org.
3. Types of data processed
Upon visiting our website, the system automatically records data and information about the user’s computer each time the website is accessed. The following data (“technical information”) is collected:
- IP address of the access device
For users who require a login to use the tools (Inside Area) on our website, the following data is stored upon login:
- IP address of the access device
- Login date and time
The data collected is stored in log files by the provider of our website (TI-EDU – SWITCH).
If the data processing is carried out to fulfil legal obligations, the legal basis is Art. 6 Para. 1 lit. c GDPR. If the data processing is carried out to fulfil a contract, the legal basis is Art. 6 Para. 1 lit. b GDPR.
The data is saved in log files in order to ensure website functionality. The data also helps the provider to improve the website and safeguard the information technology systems.In this context, the data is not analyzed for marketing purposes.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.If data are stored in log files, this is the case after six months at the latest.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. The complete deactivation of cookies can, however, result in the functionality of our website being restricted.
6. Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
Google Analytics uses so-called cookies. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States.
However, if IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services to the website operator relating to website activity and internet usage.
7. Duration of storage
Unless specifically stated, we will only store personal data for as long as is necessary to fulfill the purposes for which it was collected.
8. Data transfer and transmission abroad
In principle, we use your personal data only within our company.
If and to the extent that we involve third parties in the performance of contracts (e.g. service providers, IT providers), such personal data will only be provided to the extent that the transmission is necessary for the corresponding service.
In the event that we outsource certain parts of the data processing (“contract processing”), we contractually oblige contract processors to use personal data only in accordance with the requirements of the GDPR and the Swiss Data Protection Act and to guarantee the protection of the rights of the data subject.
A data transfer to places or persons outside the EU or Switzerland does not take place and is not planned. The only exception to this is described in point 7.
9. Rights of the data subject
If you process personal data, you are affected in the sense of the GDPR and the DPA. In addition to the rights under the DSG, you are also entitled to the following rights under the GDPR vis-à-vis the person responsible:
9.1. Right to information
Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the origin of the data if not collected from us, and the existence of an automated decision making process including profiling and, where appropriate, meaningful information on its details.
9.2. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to demand immediate correction or completion of your personal data stored by us.
9.3. Right to cancellation
Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
9.4. Right to limitation of processing
Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you; the processing is unlawful but you refuse to delete it; we no longer need the data but you need it to assert, exercise or defend legal claims; or you have lodged an objection to the processing pursuant to Art. 21 GDPR.
9.5. Right to data transferability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person.
9.6. Right of objection
Pursuant to Art. 21 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you on the basis of Art. 6 para.1 lit. e or f GDPR.
9.7. Right to revoke the declaration of consent under data protection law
Pursuant to Art. 7 GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
9.8. Right to complain to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place where the alleged infringement is suspected. This is the case if you are of the opinion that the processing of your personal data violates the GDPR.
9.9. Data security
We take appropriate technical and organisational security measures in accordance with Art. 32 GDPR to protect your personal data from unauthorised access and misuse. Our security measures are continuously improved in line with technological developments.
In order to ensure that our data protection declaration always complies with the current legal requirements, we reserve the right to make changes at any time.