General Privacy Notice of Navignostics

In this Privacy Notice, we, Navignostics AG (“Navignostics“), explain how we collect and process your personal data. This is not necessarily an exhaustive description. We may inform you about additional data processing activities, e.g., in general terms and conditions, forms and notices.

This Privacy Notice is aligned with the requirements of the EU General Data Protection Regulation (“GDPR“) and the Swiss Federal Act on Data Protection (“FADP“). However, whether and to what extent these laws are applicable depends on the individual case.

1. Identity and Contact Details of Controller

The “controller” of data processing as described in this Privacy Notice (i.e., the responsible person) is Navignostics AG, Tödistrasse 46a, 8810 Horgen.

You can send your data protection-related questions and/or requests to the following address: info@navignostics.ch.

2. Collecting and Processing of Personal Data

2.1 Definition of personal data

The term “personal data” refers to all information relating to an identified or identifiable natural person (“data subject”).

2.2 Collection from data subjects

We primarily process personal data that we receive in the course of initiating or carrying out a business relationship with you or your employer or others represented by you, or that we collect from you as a user of our website and, where applicable, apps and other applications. This Privacy Notice also applies to applicants and employees. Additional internal information applies to the latter.

If you provide us with personal data of other persons (e.g., family members or work colleagues), please make sure that these persons are aware of this Privacy Notice and only share their personal data with us if you are allowed to do so and if this data is correct.

2.3 Collection from third parties

To the extent permitted, we obtain certain personal data from publicly accessible sources (e.g., debt collection register, land register, commercial register, press, internet) or we obtain such information from public authorities or other third parties (e.g., business partners).

Apart from the personal data that you disclose to us directly (Section 2.2), the categories of personal data that we receive about you from third parties include, but are not limited to, information

  • from public registers (e.g., information from the commercial register on your function within the company and your authority to sign for the company you represent);
  • provided to us by persons associated with you (e.g., family members, work colleagues, consultants, representatives, etc.) for the purpose of assessing, entering into or performing contracts with you (e.g., references, powers of attorney);
  • from banks, insurance companies and distributors and other business partners for the use or provision of goods and/or services by you (e.g., payments, purchases etc.);
  • from media and internet about your person (as far as this is indicated in the concrete case, e.g., in the context of an application, marketing/sales, press review etc.);
  • in connection with the use of third-party websites and online offers where such use can be attributed to you;
  • in connection with any administrative or legal proceedings.

Please note that our web server automatically logs every visit to our website in a temporary log file. User-specific data (e.g., information about your browser and your IP address) as well as technical data (e.g., name and URL of the referring website) are logged for the purpose of establishing the connection and optimizing the website visit, for which purpose “cookies” may be used (Section 5).

3. Data Processing

3.1 Purposes of the data processing

We process your personal data primarily for the purpose of reviewing, concluding and fulfilling contracts with you or other persons who represent you (e.g., your employer), in particular in connection with the provision of our services in the field of cancer precision diagnostics and the purchase of products and services from our suppliers and service providers. We also process personal data to review applications and to perform employment contracts if and insofar as this is necessary to assess the suitability of the applicant or to perform the employment contract. Your personal data may also be processed in order for Navignostics to comply with legal and regulatory obligations in Switzerland and abroad.

In addition, we may process personal data about you and other persons, to the extent permitted and as we deem appropriate, in particular for the following purposes in which we (and, as the case may be, third parties) have a legitimate interest:

  • evaluation, improvement and further development of our offers, services and websites, apps and other platforms on which we are present;
  • postal and/or electronic communication with you (e.g., to respond to your inquiries) and, where applicable, third parties (e.g., media inquiries)
  • marketing, unless you have objected to the use of your data for this purpose. If you are part of our customer base and receive our advertising, you may object at any time by sending an e-mail to the address indicated in Section 1;
  • statistics, conducting market and opinion research;
  • assertion of legal claims and defence in connection with legal disputes and proceedings;
  • prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • ensuring the functionality and security of our operations, in particular IT, our websites, any apps and other platforms;
  • video surveillance to safeguard domiciliary rights and other measures for IT, building and facility security as well as for the protection of our employees, customers and other persons as well as assets belonging to or entrusted to us (e.g., by means of visitor lists, access controls, network and mail scanners, telephone recordings);
  • acquisition and sale of business divisions, companies or parts of companies and other transactions and the related transfer of personal data as well as measures for the business management of Navignostics.

4. Legal Basis

Within the scope of the applicability of the FADP, we are generally not required to have a justification or legal basis for the processing of your personal data. If we are required to have a legal basis due to the applicability of the GDPR, we generally base the respective processing on one of the following legal bases, which usually also corresponds to the purpose according to Section 3.1:

If we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the conclusion and/or fulfilment of a contract with you (or the entity you represent, e.g., your employer) (Art. 6 para. 1 lit. b GDPR) or that we (or third parties) have a legitimate interest in pursuing the purposes mentioned in Section 3.1 (Art. 6 para. 1 lit. f GDPR). Our legitimate interests include, but are not limited to, the marketing of our products and services, the interest in better understanding our markets and the ability to manage and develop our business and operations safely and efficiently. We may also process your data on the basis of other legal bases, e.g., in the event of a legal obligation (Art. 6 para. 1 lit. c GDPR).

If you have given us your consent to process your personal data for specific purposes, we will process your personal data within the scope of and based on this consent (Art. 6 para. 1 let. a GDPR), unless we have another legal basis and require one. You can revoke any consent you have given at any time with effect for the future by sending an email to info@navignostics.ch.

5. Cookies and Relation to the Use of our Website

We typically use “cookies” on our websites that can identify your device (computer, smartphone, etc.). A cookie is a small file that is sent to your device or stored by your browser when you visit our website. When you revisit the website, this allows us to recognize you even if we do not know your identity. In addition to cookies that are only used during a session and deleted after your visit, cookies can also be used to store your settings and other information for a certain period of time. We use primarily cookies that are necessary for the proper functioning of the website (e.g., in order to save your cookie preferences). Most browsers are pre-set to accept cookies. You can set your browser to reject cookies. However, this may affect the functionality of the website.

With your consent via the cookie banner on our website, we use “Google Analytics” in order to analyse and optimize our website. This is a Google service that enables us to measure and evaluate the use of our website on an anonymized basis. Google uses permanent cookies for this purpose. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have turned off the “Data Sharing” and “Signals” option. Although we assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors of our website from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. Insofar as you have registered with Google, Google will also know your identity. In this case, your data will be processed under the responsibility and in accordance with the Google’ privacy notice. Google only provides us with data on the use of our website, but not any personal data of you.

6. Recipients of Personal Data

We may disclose your personal data to third parties in the course of our business activities and in pursuit of the purposes described in Section 3. These third parties process your data either on our behalf and according to our instructions (“processors”) or on their own responsibility. These third parties include the following:

  • service providers (e.g., IT providers, cloud providers, web hosting agencies, accountants, laboratory providers);
  • suppliers, subcontractors and other business partners;
  • employers, landlords and other third parties (e.g. reference providers);
  • domestic and foreign offices and authorities (in the context of implementing employment contracts, e.g. social insurance) or courts
  • the media;
  • the public, including users of our websites and social media;
  • competitors, industry associations, organizations and other bodies;
  • potential acquirers of our companies or parts thereof;
  • parties and other involved persons in legal or regulatory proceedings.

together “recipients”.

7. Data Abroad

The recipients pursuant to Section 6 are generally located in Switzerland but may also be located abroad. In particular, you must expect your data to be transferred to countries in the EEA and to the USA, where some of the service providers we use are located (e.g., Microsoft).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised Standard Contractual Clauses of the European Commission, which are available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. Such an exception may exist in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the conclusion or execution of the contract requires such disclosure, if you have expressly consented to the disclosure or if it concerns data that you have made generally accessible and whose processing you have not objected to.

8. Duration of the Retention of Personal Data

We process and retain your personal data as long as it is necessary for the fulfilment of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing (Section 3.1), for example, for the duration of the entire business relationship (i.e. from the initiation, during the performance of the contract until to its termination) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be retained for the time during which claims can be asserted against our company or if other legitimate business interests require this (e.g., for evidence and documentation purposes). As soon as the purposes and/or laws no longer require it, your data will be deleted or made anonymous. For technical data (e.g., system protocols, logs), shorter retention periods of twelve months or less generally apply.

9. Data Security

We take appropriate technical and organizational measures to protect your data from loss and unauthorized access and misuse. These include employee training, IT and network security solutions, access controls and restrictions, pseudonymization of personal data (e.g., when disclosing personal data to service providers), and regular checks.

10. Automated Individual Decision-Making

In general, we do not carry out automated individual decision-making, i.e., decisions that are based exclusively on automated processing (without human influence) and that are associated with a legal consequence for you (e.g., refusal to conclude a contract) or which significantly affect you in any other way. Should we exceptionally make such decisions, you will be informed in advance.

11. Your Rights

To the extent provided for by applicable data protection law, you have the right to access, rectify and erase of your personal data, the right to restrict data processing as well as the right to object to processing, in particular for direct marketing purposes, and other legitimate interests in processing as well as the right to receive certain personal data for the purpose of transmission to another controller. Please note that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest or need the data to assert claims. We have already informed you about the possibility of withdrawing your consent in Section 3.2. Please note that exercising your rights may contradict our contractual agreements and this may have consequences such as premature termination of a possible contract.

The exercise of such rights usually requires that you clearly prove your identity by providing us with a copy of your ID. To exercise your rights, you can contact us at the address indicated in Section 1.
As a data subject, you also have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority is the Federal Data Protection and Information Commissioner.

12. Amendments

We may amend this Privacy Notice at any time without prior notice. The current version published on our website shall apply.

Version valid from 13 December, 2023.