Data privacy policy

1. Contact details

This privacy policy provides information on which personal data we process in connection with our www.bodyminandsoul.ch-Website and our other services. In particular, we provide information on why, how and where we process personal data. We also provide information about the rights of persons whose data we process.

For individual or additional offers and services, further data protection declarations and other legal documents such as general terms and conditions (GTC), terms of use or conditions of participation may apply.

Responsibility for the processing of personal data:

Alinda Enzler
Praxisgemeinschaft am Waffenplatz
Brandschenkestrasse 177
8002 Zurich

Phone: +41 77 267 28 96

E-Mail: info@bodymindandsoul.ch

Company Name: Kinesiologie Zürich Enge – Alinda Enzler

We point out if there are other controllers for the processing of personal data in individual cases.

2. Terms and legal bases

2.1 Terms

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed.

Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, erasure, storage, modification, destruction and use of personal data.

2.2 Legal foundation

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

3. Type, scope and purpose

We process the personal data required to provide our services in a permanent, user-friendly, secure and reliable manner. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.

This data is collected, stored and processed exclusively in your patient dossier or in the dossier required for administration, in particular in the app required for billing in accordance with tariff 590. All processing steps carried out on your data, including the persons responsible, can be traced in these two storage locations.

We process personal data for the duration required for the respective purpose(s) or by law. Personal data whose processing is no longer required will be anonymized or deleted. Persons whose data we process generally have a right to erasure.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized providers whose services we use. We also guarantee appropriate data protection for such third parties.

In principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.

In this context, we process in particular information that a data subject voluntarily and personally transmits to us when contacting us – for example by post, email, contact form, social media or telephone – or when registering for a user account. We may store such information in an address book or with comparable tools, for example. If you transmit personal data to us via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted for legal reasons.

4. Personal data abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular in order to process it or have it processed there.

We may disclose personal data to all countries and territories on earth and elsewhere in the universe, provided that the local law guarantees adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with a decision of the Swiss Federal Council.

We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that adequate data protection is guaranteed for other reasons, for example through corresponding contractual agreements or on the basis of standard data protection clauses. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the special requirements under data protection law are met, for example the express consent of the data subjects.

5. Rights of affected people

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information and the right to rectification, erasure or blocking of the processed personal data.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data security

We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We therefore cannot guarantee absolute data security.

Our online offering is accessed using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Access to our online offer is subject – as is generally the case with any Internet use – to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police forces and other security authorities.

7. Use of the website

7.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies cannot execute programs or transmit malware such as Trojans and viruses.

Cookies can be stored temporarily in your browser during your visit as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

You can completely or partially deactivate and delete cookies in your browser settings at any time. Without cookies, our website may no longer be fully available. We actively request your express consent for the use of cookies, if and to the extent necessary.

For cookies that are used to measure success and reach or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAd-Choices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server log files

We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, last website accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. This information is necessary in order to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.

7.3 Tracking pixel

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.

7.4 Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

To protect your requests via the internet form on our website, we use the reCAPTCHA v2 service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes the transmission of your IP address and any other data required by Google for the reCAPTCHA service to Google.

For this purpose, your input is transmitted to Google and used there. By using reCAPTCHA, you agree that the identification you provide may be used in the digitization of old works. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.

7.5 Bookingtool

Our website uses the WordPress booking system Amelia from TMS Plugins. This is an online booking system that allows users to book appointments for services directly via the website. When you book an appointment via Amelia, you will be asked to provide certain personal data, e.g. your name, e-mail address, telephone number and any other information relevant to the service in question. This data is required to process your booking, to inform you of the status of your booking and to provide the requested service.

When you make a booking on our website, you consent to the storage and processing of your personal data by Amelia. Your personal data will be stored within our website. This storage and processing of data is for the purpose of supporting and processing your appointment booking, your authentication and improving Amelia’s services. Privacy policy of Amelia.

8. Getting in touch

8.1 Request by e-mail or phone

If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

8.2 WhatsApp Business Chat

For direct communication, we offer you the option of contacting us via “WhatsApp Business Chat”. This service is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Inc. 1601 Willow Road, Menlo Park, CA 94025, USA.

If you contact us via WhatsApp Business Chat, your cell phone number and the content of your message and any other data you provide will be transmitted to WhatsApp and processed there. We receive this data and use it to respond to your request.

WhatsApp uses cookies and other technologies to provide the service and enable communication. Your IP address may also be collected and stored in the process.

Please note that the use of WhatsApp Business Chat and communication via this service is subject to WhatsApp’s privacy policy.

9. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our services. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply in each case. These provisions provide information in particular about the rights of data subjects, including, for example, the right to information.

10. Third-party services

We use third-party services in order to provide our website in a permanent, user-friendly, secure and reliable manner. Such services may also be used to embed content in our website. Such services require your Internet Protocol (IP) address, as otherwise such services cannot transmit the corresponding content.

For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offering as well as from other sources – including with cookies, log files and tracking pixels – in aggregated, anonymized or pseudonymized form.

We use in particular:

Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Privacy Policy for Google Products”, “How we use data from websites or apps on or in which our services are used” (information from Google), “How Google uses cookies”, “Personalized advertising” (activation / deactivation / settings).

10.1 Digital infrastructure

We use third-party services in order to be able to use the digital infrastructure required for our offering. These include, for example, hosting and storage services from specialized providers.

We use in particular:

Infomaniak: Hosting and other infrastructure; Provider: Infomaniak Network SA (Switzerland); Privacy Policy: Privacy Policy, Certifications.

WordPress: Our website is based on the WordPress platform, a content management system developed by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. WordPress enables us to create, manage and publish content. When you use our website, which is based on WordPress, various data, including your IP address, date and time of access and information about the browser you are using, may be collected and stored. This data is mainly used for administrative purposes and to ensure the smooth operation of the website. Some WordPress functions, such as comments or contact forms, may collect additional personal data when you use them.

10.2 Social media functions and social media content

We use third-party services and plugins to embed functions and content from social media platforms and to enable the sharing of content on social media platforms and in other ways.

We use in particular:

10.3 Map material

We use third-party services to embed maps on our website. We also use third-party services to protect you from unwanted connections to external Google Maps services.

We use in particular:

Google Maps including Google Maps Platform: Map service; Google Maps-specific data protection information: “How Google uses location information”.

10.4 Fonts

We use third-party services to embed selected fonts, icons, logos and symbols on our website.

We use in particular:

11. Extensions for the website

We use extensions for our website in order to be able to use additional functions.

In particular, we use

Google reCAPTCHA: Spam protection (differentiation between wanted comments from humans and unwanted comments from bots and spam); Google reCAPTCHA-specific information on data protection: “What is reCAPTCHA?”. (“What is reCAPTCHA?”).

12. Performance and reach measurement

We use services and programs to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our online offering and the effect of third-party links to our website. We can also, for example, test and compare how different versions of our online offering or parts of our online offering are used (“A/B test” method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen particularly popular content or make improvements to our online offering.

When using services and programs to measure success and reach, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are always truncated in order to comply with the principle of data minimization and to improve the data protection of visitors to our website (“IP masking”) through the corresponding pseudonymization.

When using services and programs to measure success and reach, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the – at least approximate – location. In principle, user profiles are only created in pseudonymized form. We do not use user profiles to identify individual visitors to our website. Individual services with which you are registered as a user may be able to assign the use of our online offer to your profile with the respective service, whereby you usually have to give your prior consent to this assignment.

We use the following in particular:

  • Google Analytics: Success and reach measurement; Google Analytics-specific data protection information: Measurement also across different browsers and devices (cross-device tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only transmitted in full to Google in the USA in exceptional cases, “Data protection”, “Browser add-on to deactivate Google Analytics”
  • Google Tag Manager: Integration and management of other services for measuring success and reach as well as other services from Google and third parties; Google Tag Manager-specific information on data protection: “Data collected with Google Tag Manager”; further information on data protection can be found in the individual integrated and managed services.
  • Google My Business: On our website we use functions of Google My Business, a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google My Business enables companies to manage their presence on Google, including Google Search and Google Maps, and to interact with customers. By visiting our website or interacting with our Google My Business entry, such as leaving reviews or asking questions, data, in particular your IP address and the content of your interactions, is transmitted to Google and stored on Google servers. These servers may be located in the USA or other countries.
    Google uses this information to provide Google My Business services, to facilitate interaction between users and companies and to provide us with reports and analyses about the interactions and performance of our company listing.

13. Final clauses

We have created this privacy policy using the privacy policy generator from Datenschutzpartner.

We may amend and supplement this privacy policy at any time. We will provide information about such amendments and additions in an appropriate form, in particular by publishing the current privacy policy on our website.