This Privacy Policy establishes the terms and conditions under which MJ Medical AG, located at Zolliker Strasse 24, 8702 Zollikon (hereinafter referred to as the “Controller”), processes personal data when providing services, attending to individuals via telephone or other means, as well as when individuals use the website www.neoyou.ch or make purchases through the online store.

We are not responsible for the privacy policies of other websites you may be directed to for further information. Visitors may also be redirected to the Controller’s social media accounts via links provided on www.neoyou.ch.

When information is sent via social media accounts, the personal data provided by visitors may be disclosed to the controllers of these social networks and other persons with whom the social network controllers share personal data. The Controller is not responsible for the privacy policies of these networks, so we recommend that you also familiarize yourself with them.

Terms Used in This Privacy Policy:

• Personal Data: Any information about a natural person whose identity is established or can be identified (data subject); a natural person who can be identified is a person whose identity can be determined directly or indirectly, primarily by an identifier such as a name, surname, identification number, location data, and internet identifier, or by one or more physical, physiological, genetic, mental, economic, cultural, or social identity characteristics of that natural person.
• Company/Companies/Controller/We: MJ Medical AG, located at Zolliker Strasse 24, 8702 Zollikon, email info@neoyou.ch, phone +41 44 49 901 38.
• GDPR/General Data Protection Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
• Data Recipient: A natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not.
• Data Subject: An employee of the Company, a client, or another natural person whose personal data is processed by the Company.
• Data Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.
• Data Processor: A legal entity that processes personal data on behalf of the Company.
• Privacy Policy: This policy setting out the terms for processing personal data managed by the Company.
• Other Terms Used in This Policy correspond to the terms used in the GDPR.

In this Privacy Policy, we describe the procedures, purposes, and types of your data that we process, so we ask that you carefully read this policy. If you have any questions, please contact us using the contacts provided in this Privacy Policy, and we will answer your questions.

Methods of Obtaining Personal Data

We process your personal data obtained in the following ways:

• When you provide us with personal data;
• When we receive your personal data from other entities in accordance with applicable laws and/or this Privacy Policy (we may receive data from other healthcare institutions, insurance companies, laboratories, territorial health insurance funds, or through other lawful means).

Purposes for Processing Your Personal Data

1. For the purpose of providing services:

Categories of Data

For this purpose, we will process your name, surname, contact details (phone number, email address), date of birth, insurance ID number, special category data (services provided, tests, diagnoses, specialist visits, service descriptions, anamnesis, health data, referrals, consent forms for procedures, etc.), and photographs (including those of specific body parts).

Legal Basis for Processing

The legal basis for processing these personal data is set out in Article 6(1)(a), (b), and (c) and Article 9(2)(a), (b), (c), and (h) of the GDPR.

Data Retention Period

We will process these data for the periods prescribed by law:

• Contracts with clients – 10 years after the termination of the contract;
• Outpatient medical history – 15 years after the last visit;
• Personal outpatient treatment statistical card – 5 years after the last visit;
• Outpatient patient registration log – 5 years after the last visit.

Source of Data

We obtain your data directly from you, as well as from other healthcare institutions, laboratories, or territorial health insurance funds.

Categories of Data Recipients

In accordance with the law, we may disclose your data to other healthcare institutions, territorial health insurance funds, insurance companies, laboratories conducting tests, dispute resolution bodies, as well as to our Company’s auditors and legal advisors.

2. For the purpose of direct marketing:

Categories of Data

For this purpose, we will process your phone number, email address, age, and gender (to provide you with the most relevant offer).

Legal Basis for Processing

We will process these data on the basis of Article 6(1)(a) of the GDPR.

Data Retention Period

We will process your data for 5 years from the date of your consent or until consent is withdrawn.

Source of Data

We obtain the data directly from you.

Categories of Data Recipients

We may provide the data to service providers offering online registration services, website maintenance services, and direct marketing services.

3. For the purpose of appointment scheduling and administration:

Categories of Data

For this purpose, we will process your name, surname, contact details (phone number, email address), date of birth, and insurance ID number.

Legal Basis for Processing

The legal basis for processing these personal data is set out in Article 6(1)(b) and Article 9(2)(a) of the GDPR.

Data Retention Period

We will retain your appointment information for no longer than 5 years after your visit.

Source of Data

We obtain your data directly from you.

Categories of Data Recipients

We may provide your data to service providers offering online registration services and website maintenance services.

4. For the purpose of customer service (handling requests, inquiries, complaints, feedback, or other communications from interested parties):

Categories of Data

For this purpose, we will process your name, surname, phone number, email address, and the content of your communication with the Company.

Legal Basis for Processing

We will process these data on the basis of Article 6(1)(a) and (f) and Article 9(2)(a) of the GDPR.

Data Retention Period

We will process your data for 1 year from the date of your inquiry, except when the data need to be processed longer for the purpose of resolving a claim, investigation, or other dispute resolution process – until the dispute is resolved.

Source of Data

We obtain the data directly from you. If you submit a complaint to a supervisory authority, we may receive your data from that authority.

Categories of Data Recipients

We may provide the data to service providers offering online registration services, website maintenance services, dispute resolution bodies, as well as to our Company’s auditors and legal advisors.

5. For the purpose of recording phone conversations to improve quality and document contract terms (evidence of contractual terms):

Categories of Data

For this purpose, we will process your phone number, the content of the conversation, and the time of the call (start and end time).

Legal Basis for Processing

We will process these data on the basis of Article 6(1)(a) of the GDPR.

Data Retention Period

We will process your data for no longer than 6 months from the date of the call recording.

Source of Data

We obtain the data directly from you.

Categories of Data Recipients

We may provide the data to companies offering call handling and communication services, as well as data storage service providers.

6. For the purpose of protecting individuals and property:

Categories of Data

For this purpose, we will process your image when you visit our Company’s premises.

Legal Basis for Processing

We will process these data on the basis of Article 6(1)(f) of the GDPR.

Data Retention Period

We will process your data for no longer than 14 days from your visit to our Company’s premises, or for a longer period if there are grounds to suspect that the video recording will be required for an investigation or to investigate a potential crime. In such a case, we will retain the video data until the investigation is completed and a decision is made.

Source of Data

We obtain the data from surveillance cameras installed in the Company’s premises.

Categories of Data Recipients

We may provide the data to companies providing video surveillance (security) services.

7. The Company does not process the User’s personal data for any purposes incompatible with the above-listed purposes.

Your Rights Regarding the Processing of Your Personal Data:

• To receive information about the processing of your personal data;
• To access your personal data stored by the Company;
• To withdraw your consent to the processing of your personal data;
• To request correction of inaccurate, incomplete personal data;
• To request deletion (the right “to be forgotten”) of personal data relating to you, where one of the grounds specified in Article 17(1) of the GDPR applies;
• To request restriction of processing where one of the circumstances in Article 18(1) of the GDPR applies;
• The right to data portability;
• To object to the processing of your personal data;
• To file a complaint with a supervisory authority;
• The right to compensation for damages due to improper processing of personal data.

If you are not satisfied with the way we process your personal data, you have the right to complain to the Swiss Federal Data Protection and Information Commissioner or with the supervisory authority in another European Union Member State where you have your habitual residence or place of work. A list of supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_lt#member-lt.

We kindly ask that you contact us first before submitting a formal complaint, so we can attempt to address your concerns directly. The easiest way to reach us is via email at info@neoyou.ch.

Please note that the exercise of your rights depends on the specific conditions applicable to each right. In certain circumstances, and if there is a legal basis, your request may not be granted. Our company reserves the right to refuse your request under such conditions.

Your request regarding the exercise of your rights will be reviewed within one month. If necessary, this period may be extended by an additional two months, in which case we will inform you of the extension.

Cookies

We continuously work to improve our website and aim to make it as user-friendly as possible. To do so, we need to understand which information interests our visitors the most, where our site is being accessed from, how frequently visitors return, which browsers are used, and which devices are employed to access our site. In order to ensure proper website functionality, we place small data files, known as cookies, on your device.

If you have any questions regarding the matters outlined in this Privacy Policy, please contact us at info@neoyou.ch, phone +41 44 49 901 38