Personal Data Protection Declaration

General Information

Below, the terms “emedSwiss,” “we,” or “our” refer to emedSwiss SA.

In the course of our activities, we may collect and process personal data about you directly or about third parties, as well as sensitive data, within the meaning of the Swiss Federal Act on Data Protection (FADP, Art. 5). These sensitive data (notably medical data) require enhanced protection and are subject to a dedicated statement available at www.emedswiss.ch/sensitive_data_policy.

According to the FADP, personal data are all information relating to an identified or identifiable person. They may contain direct identifiers (name, telephone number, etc.) or indirect identifiers (which may reveal a person’s identity when cross-referenced).

This data protection declaration explains why and how we collect and use personal data and provides information on your rights.

This document is designed to meet the requirements of the Swiss Federal Act on Data Protection (FADP) and the European Union’s General Data Protection Regulation (GDPR). The applicability of these laws depends on each case.

Data Controller

Our data controller and your contact person for data protection is:

emedSwiss SA
Place des Perrières 2
1296 Coppet – Switzerland

dpo@emedswiss.ch

Collection and Processing of Personal Data

We mainly process personal data that we receive from our clients, our partners in the context of business relationships, and from public registers or in connection with your functions and/or professional activities.

We also collect and process your personal data when you visit our website or use our online services (e.g., IP address, cookies, date and time of visit, pages and content viewed, location details).

Purposes of Processing and Legal Bases

We primarily use the personal data collected to:

• Conclude and perform our contracts with our clients and business partners,
• Use services from our suppliers and subcontractors in Switzerland and abroad,
• Fulfill our legal obligations in Switzerland and abroad.

We also process personal data, insofar as permitted by law and deemed appropriate, for the following purposes, for which we have a legitimate interest:

• Offering and developing our services and our website,
• Communicating with clients and third parties and handling their requests,
• Carrying out advertising and marketing actions via email, only if you have explicitly consented (opt-in).

When processing is based on your explicit consent (e.g., account creation, newsletter subscription), this constitutes the legal basis. You may withdraw this consent at any time.

Withdrawal of consent does not affect the legality of processing carried out before the withdrawal.

Disclosure and Transfer of Data Abroad

In the course of our activities, we may disclose personal data to third parties (service providers), in Switzerland or abroad.

If the destination country benefits from a recognized adequacy decision (EU or Switzerland), the transfer is authorized.

In other cases, we ensure an adequate level of protection through EU Standard Contractual Clauses (SCCs) or other equivalent safeguards provided by law.

We nevertheless draw your attention to residual risks (e.g., access to data by foreign authorities), even if we implement additional measures (pseudonymization, anonymization).

Please also note that data exchanged over the Internet are often transmitted via third countries, even if the sender and recipient are located in the same country.

Data Retention

We retain your personal data for as long as necessary to fulfill our contractual and legal obligations or to achieve the purposes described above.

Once these purposes are achieved, your data are deleted or anonymized, unless a legal retention obligation applies.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, including:

• staff training,
• access controls,
• encryption of media and transmissions,
• pseudonymization and anonymization,
• IT and network security monitoring and control.

Despite these measures, a residual security risk cannot be completely excluded.

Your Rights

You have the following rights under the FADP and GDPR:

• Right of access, rectification, erasure, restriction of processing, objection,
• Right to data portability (only when processing is based on your consent or a contract, and carried out by automated means).

The exercise of your rights may be subject to certain legal restrictions (e.g., retention obligations, overriding interest). We will inform you in case of fees or contractual consequences (termination, potential costs).

The exercise of these rights requires your identity to be verified (e.g., copy of an identity document).

You may contact us to exercise your rights at the address listed in the Data Controller section.

You also have the right to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

Response Timeframes

In accordance with the FADP, we respond to your requests regarding the exercise of your rights within 30 days. In the case of complex requests, this period may be extended; you will be informed before its expiration.

Changes

We may modify this data protection declaration at any time and without prior notice. The current version is published on our website.

Version of October 1, 2025, based on www.emedswiss.ch/data-policy