DATA PROTECTION DECLARATION
1. DATA PROTECTION STATEMENT
2. WHAT IS IT ABOUT AND WHO IS THIS DATA PROTECTION STATEMENT ADDRESSED TO?
4. WHO IS THE DATA CONTROLLER?
5. WHAT ARE THE DATA WE COLLECT AND PROCESS?
6. WHERE DO THE PERSONAL DATA WE PROCESS COME FROM?
7. ON WHAT LEGAL BASIS AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?
8. HOW DO WE PROTECT PERSONAL DATA?
9. TO WHOM CAN THE PERSONAL DATA BE COMMUNICATED?
10. ARE PERSONAL DATA COMMUNICATED ABROAD?
11. HOW LONG DO WE KEEP PERSONAL DATA?
12. WHAT ARE THE RIGHTS OF THE PERSONS INTERESTED IN?
13. HOW TO CONTACT US?
14. CHANGES TO THIS DATA PROTECTION STATEMENT
1. Data protection declaration
data protection and privacy protection represent fundamental values for the Istituto Cardiocentro Ticino (hereinafter simply ICCT, or also “we” / “us”).
We are actively committed to processing all information with the utmost care and responsibility in compliance with the applicable provisions on the protection of personal data, in particular in compliance with federal Swiss law and the Canton of Ticino and in line with European legislation, in cases and to the extent that the latter can be considered applicable.
2. What is it and who is this data protection declaration addressed to?
This Data Protection Declaration is intended to inform you about the methods and purposes of processing of personal data by ICCT. In the following points we describe the
the personal data protection policy that we adopt for any processing of personal data that we process in the course of carrying out our activities.
We invite you to read what is described below in order to understand “how” and “why” we collect, process and use personal data and what rights you can exercise regarding your data.
In accordance with the art. 5 of the LPD, means:
A. personal data: all information relating to an identified or identifiable natural person;
B. personal data worthy of particular protection:
• data concerning religious, philosophical, political or trade union opinions or activities,
• data concerning health, intimate sphere or belonging to a racial or ethnic group,
• genetic data,
• biometric data that uniquely identifies a natural person,
• data concerning administrative and criminal prosecutions and sanctions,
• data concerning social assistance measures;
C. processing: any operation relating to personal data, regardless of the means and procedures used, in particular the collection, recording, storage, use, modification, communication, archiving, cancellation or destruction of data ;
D. communication: the transmission of personal data or making them accessible;
E. person or interested party: the natural or legal person whose data is being processed by the ICCT.
F. data controller: the private individual or federal body that, individually or together with others, determines the purpose and means of the processing of personal data;
G. data controller: the private individual or federal body that processes personal data on behalf of the data controller.
4. Who is the data controller?
The Data Controller is the Cantonal Hospital Authority (EOC), as a public law body responsible for the direction and management of public hospitals in the Canton of Ticino, with the headquarters of the General Management in
Viale Officina 3
Tel. +41 (0)91 811 13 01
General.Management[ at ]eoc.ch
For all matters relating to the protection of personal data relating to our website www.cardiocentro.org, you can contact us at the specifically dedicated references that you can find in the last section dedicated to contacts or you can write to us at
Via Tesserete 48
Tel. +41 (0)91 811 51 11
info.icct[ at ]eoc.ch
5. What data do we collect and process?
When you enter the ICCT – and every time you come into contact with the ICCT – different types of data may be requested or collected which we can summarize in the following categories:
A. Browsing data, cookies and other technical tools
This is all information relating to the User’s activity that is collected automatically by the functioning of our digital systems (e.g. website, applications, WIFI networks or other electronic offers made available). In most cases, these technical data do not in themselves allow us to trace your identity, but they can do so if linked with other information (e.g. through processing and associations between data).
The type of browser used by the User;
The website from which you reached our site (referring website);
The computer operating system;
The type of device used;
The referrer URL (Uniform Resource Locator);
The IP address;
Internet Service Provider (ISP);
The country from which access took place and the language settings of the User’s browser;
The click rate or click rate (link tracking);
The time and date of viewing a page;
…other technical tools (such as “tracking pixels”) used to document how users navigate the website for the purposes of producing statistics, with anonymized data.
B. “Common” personal data
This type of information is also known as “basic” or “generic” or “common” personal data because it is data commonly used to carry out all those preliminary operations or in any case necessary for the correct management of the activities and services offered (for example the secure identification and correct registration of the person within the facility, taking charge of the requested services, the possibility of communicating with the person to inform them about the scheduling of appointments, keeping them informed about the results of visits or tests carried out and so on ).
Examples of “common” personal data are:
– Identification and recognition data (e.g. name, surname and title, date and place of birth, nationality, codes used and stored in a hospital or by a doctor, which can uniquely identify a person such as the NEOC code);
– Visual recognition data (e.g. photos, images, videos);
– Contact data (e.g. telephone numbers, e-mail, domicile and/or residence address and other contact details provided also in relation to third parties);
– Data relating to social security and benefits. (e.g. AVS card and code, information relating to health insurance and/or health insurance, information in relation to the treatment of social security cases and in relation to benefits);
– Contractual data (e.g. personal data relating to the stipulation or execution or dissolution of contracts, the admission of insured persons to professional pensions);
– Financial and billing data (e.g. information related to economic aspects in the context of relationships with service providers, insurance companies, doctors, hospital staff and other entities involved, data that must be shared with regulatory and tax authorities in accordance with laws and current regulations);
– …and any other type of personal data falling within the definition reported in Point 3, letter A, of this Declaration, necessary for carrying out the activities and services requested.
C. Health data
We process health data (e.g., through documents such as reports, medical history, diagnostic results, blood tests, etc.), we can request or know genetic data, biometric data and in general all information relating to the state of physical or mental health that is useful and necessary for the purposes of treatment and protection of the interested party’s health.
This type of personal data is also known as “personal data worthy of particular protection” because it is information relating to the most intimate sphere of the individual and therefore requires attention and strengthened protection.
The processing of this type of data is essential to be able to carry out the healthcare services requested and/or necessary for the patient’s medical treatment or care path in the best possible way.
D. Data relating to minors and/or those incapable of discernment
In the case of minor patients under the age of 16 or adults incapable of discernment, consent is given by the parents or legal representative.
The processing justified by the consent of the interested party is in principle lawful where the minor who has expressed consent is at least 16 years old. If the minor is under the age of 16, the processing of personal data is lawful only and to the extent that consent is given or authorized by the legal representative. ICCT may make every reasonable effort to verify that the consent given by the legal representative is effective. However, ICCT will not be in any way responsible for any false declarations that may be provided by the minor and, in any case, if the declaration is found to be false, all personal data and any material acquired will be immediately deleted. The data controller will facilitate requests relating to the personal data of minors coming from the legal representative, as per Point 14.
E. Video surveillance, video recording and images
For security purposes and for related evidentiary purposes, we can carry out video surveillance footage both in the external spaces and in the internal spaces of the properties rented by us (for example institutes and hospital facilities). We can therefore obtain information on the behavior in the areas filmed, in compliance with the recommendations and legal provisions that specifically regulate video surveillance. The use of surveillance cameras is limited to limited areas and is appropriately reported.
Furthermore, we can take photographic and/or video recordings for treatment purposes (for example, this is the case of monitoring intense treatments via closed-circuit video surveillance) or recording images in the treatment context (for example, the filming of an injury in the emergency room) . The use of this type of data is limited and limited to specific areas and services and defined in specific internal directives and regulations, in line with what is foreseen and required by law.
Finally, we can take photographs and/or videos in the context of events open to the public that we organize (for example training events or for prevention or other purposes). In these cases, in compliance with Swiss and cantonal laws, these data may be used on our official communication channels (e.g. websites, conventional social media, advertising flyers, etc.) and, where necessary, the consent of the users will be obtained. participants before proceeding with publication.
F. Other types of personal data
In certain circumstances, we may also become aware of other types of personal data concerning you. For example:
Data concerning the intimate sphere or belonging to an ethnic group;
Data concerning religious, philosophical, political or trade union opinions/activities;
Data relating to administrative and criminal prosecutions and sanctions, for example if an official procedure by the authority or an enforcement procedure is underway or the information is contained in documents deriving from courts, through documents, deeds or evidence;
Data concerning social assistance measures;
For safety and security reasons, we may also collect information, for example about who and when accesses a specific building or has the corresponding access rights (e.g. for access control, based on registration data or visitor lists, etc.), or on who and when uses our infrastructure and systems.
In other cases and circumstances, personal data that emerge in relation to the stipulation or execution or dissolution of contracts may be used. and which concern legal persons.
In all cases, the confidentiality of this information is protected by data protection legislation and is subject to the provisions relating to medical and professional secrecy.
6. Where do the personal data we process come from?
We preferably collect personal data directly from the person concerned upon first contact with us and subsequently regardless of the means by which this occurs (e.g. by going to our facilities or by telephone, e-mail, filling in forms and/or forms paper or online on our website or via App.)
We wish to clarify that, on these occasions, even if data relating to other people are provided (such as relatives, friends, the contact of a contact person and/or legal representative or other healthcare service providers), it is assumed that the person providing this data has the authorization to do so, that such data is accurate and that such individuals have been informed about this Statement.
Below we can distinguish some macro-categories:
A. Data communicated directly by interested parties
Often it is you who directly communicates your personal data to us, for example when you send us data or communicate with us in person through the use of various tools (e.g. filling out online forms or forms, telephone, e-mail, correspondence). The transmission of data to us is voluntary, but often necessary to be able to use our services or to fulfill legal and/or contractual obligations.
In general, not all information is always necessary. For this reason we specify which personal data are mandatory (e.g. marking them as such on the forms to be filled in) and which are optional. The data indicated as mandatory are such as necessary to allow us to guarantee the activity or provision of the fundamental or requested services. Optional information, however, does not affect the activity or service requested. By completing and sending forms and/or contact forms, you voluntarily provide us with your personal data and these data are used for the sole purpose of pursuing the related purposes.
This context also includes, for example, the possibility of sending to us the online application forms/forms transmitted by the User and accessible from the dedicated section on our website. The data may be processed based on open positions, which may include both a single and specific position and additional positions, leaving this choice to the User. The personal data processed is the information indicated when filling in the fields and that present in the Curriculum Vitae sent. The User has the free right to attach further documents to integrate the information provided, such as diplomas, work certificates and other documents relating to the position.
The EOC has the right to use the candidate’s personal data to verify the information provided at any time during the application and selection process. This may include checks with previous employers, academic and/or professional institutions and other bodies and/or agencies, both public and private. Personal data are processed and stored to the extent strictly necessary for the pursuit of the purposes relating to the recruitment, selection and evaluation of personnel and with methods and procedures suitable for the correct fulfillment of these purposes.
The personal data transmitted are shared within the Human Resources unit of the EOC and the operational and managerial functions to evaluate how much the application is in line with the position for which the User has applied or with possible other positions, if the latter agreed.
In the event of hiring, the personnel administration uses this information to create an archive (dossier) relating to the new collaborator, for the purpose of managing subsequent obligations deriving from the employment contract. In case of non-recruitment, personal data are generally stored in the system for a maximum period of 12 months from their receipt/last profile update, after which they will be destroyed and deleted. The period could be longer, if the interested party has given his/her consent to the possibility of using and therefore processing the data also for any different and/or future positions in the EOC compared to those for which the interested party originally agreed. candidate.
In any case, the criteria used to determine the retention period may be linked to the express consent of the User/interested party, to the duration of the personnel research and selection activities, to the carrying out of studies and statistical research or are prescribed by law. The Data Controller, also through periodic checks, will regularly verify the relevance, non-excess and indispensability of the personal data stored with respect to the purposes indicated, also with reference to further information provided on its own initiative by the interested parties.
The user has the possibility to register in order to receive regular automatic notifications on the positions entered on the platform. The User can unsubscribe from the list of recipients of such notifications at any time. Failure to register for the notification service or cancellation from the list of recipients does not affect or reduce in any way the use of the platform. With the deletion of the last application present on the User’s profile, the profile is also automatically, definitively and completely deleted. The User can request at any time the secure and definitive, partial and/or definitive deletion of personal data. The request will be followed up without delay, but in any case within 30 days of exercising the right to cancellation.
B. Data from third parties
Under the conditions and within the limits established by law, we can also collect personal data not from the directly interested parties. In these cases we collect and process exclusively the data useful for the pursuit of the purposes set out in this Declaration (see Point 7 below)
We may also collect personal data from publicly available sources (e.g. debt enforcement register, land register, commercial register, media or the Internet, including social networks) or receive it (i) from the authorities, (ii) from your employer or client who has a business relationship with us or who is otherwise in contact with us, and (iii) by other third parties (e.g. credit institutions, address providers, associations, contractors, Internet analysis services). This includes in particular data that we process in connection with the preparation, conclusion and execution of contracts, as well as data from correspondence and conversations with third parties, within the limits set by law.
7. On what legal basis and for what purposes do we process personal data?
A. Legal Basis
We collect, organize, structure and store personal data lawfully.
In particular, the processing of personal data takes place on the basis of one or more of the following legality assumptions:
• the interested party has given his/her consent to the processing;
• the processing is necessary for the fulfillment of obligations and duties deriving from the Law;
• processing is necessary for the preparation and conclusion of contracts and for their administration and execution;
• processing is necessary for the fulfillment of legitimate interests pursued by us or by third parties engaged by us;
• the processing is essential for the execution of a task of public interest or related to the law enforcement agency that has been entrusted to us;
• the processing is essential to safeguard the vital interests of the data subject or those of other natural persons;
B. Purpose of the processing
All processing occurs only for specific, recognizable purposes and in a manner compatible with such purposes, in accordance with the law.
The primary objective is the care of patients and to guarantee the population the necessary stationary facilities and medical services.
All information is processed by the Cardiocentro Ticino Institute in compliance with the fundamental principles regarding the protection of personal data and for the pursuit of one or more of the following processing purposes or justifications:
• provision of the necessary medical-health services and other services requested for the purposes of patient care;
• health prevention and protection (in particular diagnosis, treatment, rehabilitation, healthcare or social assistance or therapy activities);
• administrative-accounting activities strictly connected and instrumental to the services provided and, in general, to the management of relationships with the patient (acceptance, booking of visits and tests, management of collections and payments, etc.);
• administrative activities relating to the management of relationships with health professional collaborators;
• planning and management of healthcare activities in the area;
• any scientific research and experimentation activities in the medical, biomedical and epidemiological fields – subject to specific consent of the Patient for each research protocol – except for those patients for whom the ICCT already has general consent. In particular, it is specified that for this particular purpose, in any case the data collected will subsequently be made anonymous for use for medical-scientific research purposes;
• educational and professional training activities, including possible consultation by authorized students and/or trainees, adequately trained and made aware of the consequences of inappropriate use of data, involved in the provision of healthcare services;
• activities to verify, promote and improve the quality and safety of patients;
• for the preparation, management, execution and conclusion of contractual relationships, including identity, contacts, health data and information of third parties;
• to communicate via various means, including content, contact details and audio/video recordings;
• for public relations and public health promotion purposes;
• to analyze behaviors and preferences anonymously, in order to improve services;
• to manage the website and our digital technologies securely
• for specific offers and services that require registration;
• to guarantee IT security and prevent abuse;
• to comply with laws, regulations and internal standards;
• for risk management;
• to evaluate job profiles (applications);
• to assert and defend legal rights.
8. How do we protect personal data?
We adopt technical and organizational measures to guarantee the security of personal data, to protect them from unauthorized or illicit processing and to counteract the risk of loss, accidental alteration, involuntary disclosure or unauthorized access, within the limits permitted by the nature and risk management.
Our security measures correspond to the current state of technology and take generally recognized international standards into account.
The processing of personal data on the website is limited to the information necessary to provide a functional website and user-friendly services. During the visit, data relating to the user is automatically acquired, used to improve the quality of the service offered. Technologies such as cookies and tracking pixels are used to recognize visitors, evaluate behavior and identify expressed preferences.
Technical data and cookies usually do not contain personal data, but can be combined with personal information stored by third parties. Social plug-ins and tools from third-party providers are also used to improve functionality, content and statistics. The data collected is processed only for the declared purposes and subsequently deleted or made anonymous. The data protection declarations of third-party providers provide further details on how personal data is used.
In general, the data collected are used to guarantee the correct display of the site, analyze them anonymously to improve services and security, ensure the functionality of the IT infrastructure, optimize the contents of the site and memorize the user’s activity during navigation . In the event of cyber attacks, the information necessary for investigations can be provided to law enforcement agencies.
B. How we process personal data on our social network pages
On social networks and other platforms operated by third parties, we maintain pages and maintain an online presence. In this context, we may process data concerning you. We may receive data from you (for example, when you communicate with us or comment on our content) or from the platform (for example, statistics).
The platform operators may analyze your use of the platform and process this data together with other data in their possession. Furthermore, they process this data for their own purposes (e.g. marketing and market analysis, management of their platforms). In this way, they act under their own responsibility. The data protection declarations of each platform provide further information on this.
We have the right, but not the obligation, to monitor third-party content after it has been published on our online pages, to delete content without notice and, if necessary, to report it to the platform operator.
Some platform operators may be based outside Switzerland. For information on transferring data abroad, please see Point 10 of this Declaration.
C. How we protect privacy in our physical facilities
We recognize that privacy goes far beyond simple data protection and generally includes all aspects relating to the protection of an individual’s private and intimate sphere, including against possible physical intrusions within our offices. Our responsibility extends protection not only to patients, but also to collaborators, visitors and anyone who interacts within our spaces.
It is underlined that for this purpose, it is strictly prohibited to take photos, video or audio recordings within our facilities, regardless of the medium used, including mobile phones, cameras or any other device. Our facilities are primarily places of care and as such every individual present there has the right to feel safe, respected and protected. This means that any behavior that may harm a person’s dignity, privacy or personality is strictly and severely prohibited.
In the event of situations that do not comply with our rules and regulations, ICCT personnel are authorized to take actions and adopt appropriate measures in order to maintain compliance and safety.
9. To whom can personal data be communicated?
In the medical-health context it is often essential to share and communicate personal data with healthcare workers and other professional figures involved in patient care and in necessary administrative activities, in compliance with legal obligations and in compliance with data protection legislation and provisions on medical and professional secrecy.
Specifically, personal data may be communicated to the following categories of recipients:
• public and private health and hospital bodies;
• insurance and social security bodies or other third parties addressed by law or regulation (e.g. health insurance companies);
• providers of services strictly related and functional to the activities of the EOC, who operate as independent data controllers and/or data processors;
• subjects who provide services for the management of information and telecommunications systems used by the data controller for the organisation, planning, implementation and execution of activities related to the EOC;
• freelancers who provide services to the data controller;
• subjects not falling into the above categories for whom there is a legal obligation to communicate or other subjects for whom specific authorizations are acquired in the event of a request (e.g. judicial or police authorities, supervisory authorities, etc.).
All these subjects have access to the data only to the extent strictly necessary for the correct and efficient performance of their tasks, subject to the assumption, by agreement, of an obligation of confidentiality. These information shares comply with data protection regulations and only involve third parties that comply with rigorous security standards.
Disclosures are made for legal or operational reasons, and obligations of confidentiality and secrecy do not preclude such disclosures. In cases where a specific activity goes beyond this context, the consent of the interested party will be requested, who retains the right to object at any time to the sharing of his/her data with third parties, unless otherwise provided by law.
10. Are personal data communicated abroad?
We process and store personal data primarily and predominantly in Switzerland. However, it is possible that, under certain conditions and within the limits set by law, personal data are also processed in other countries (e.g. use of Microsoft tools and Cloud systems).
In cases in which we transmit personal data to other countries other than Switzerland, in line with the legal provisions, we adopt further and appropriate technical and organizational measures to guarantee the security of personal data (e.g. among these there is the stipulation of contracts drawn up and approved by the European Commission and validated by the Swiss Federal Data Protection and Information Commissioner – FDPIC, concerning the transmission of data that ensure an adequate level of data protection).
11. How long do we keep personal data?
In general, we retain personal data for a period of time no longer than is necessary to achieve the purposes for which the data were collected (see Point 7), unless otherwise provided by law and our specific legitimate interests deriving from legal provisions.
In summary, the criteria for storing personal data may vary. In the absence of legal or contractual obligations or technical and/or security reasons to the contrary, at the end of the retention period the personal data will be deleted or made completely anonymous.
Below are some examples of legal deadlines:
– The personal data included in the health record can be kept for 20 years (combined with art. 128a CO and art. 67, paragraph 4, LSan), while the personal data contained in documents relating to occupational medicine must be kept for 40 years (Annex 4 to the FMH Code of Conduct);
– The retention period required by law for personal data contained in personal dossiers, salary certificates or working time records is 5 years (art. 330a CO in conjunction with art. 128 CO/art. 46 Labor Law (LL) and Article 73 Ordinance 1 concerning the Labor Law (OLL 1);
– The data contained in company documents (such as invoices, tax documents or expense vouchers) can be kept for 10 years (articles 958 and 958f CO);
– The access log records are generally kept for 1 year and are accessible exclusively to the bodies and persons responsible for verifying the application of the provisions on data protection or for safeguarding or restoring confidentiality, integrity, availability and traceability of the data and are used only for this purpose;
12. What are the rights of the interested parties?
Each interested person (see Point 3, letter E) has certain rights in relation to the processing of their personal data.
In particular, each interested party has the right to:
request access to your personal data (right of access)
request the updating/modification/correction of your inaccurate or incomplete personal data (right of rectification);
request the deletion or anonymization of your personal data (right to deletion);
request the limitation of the processing of your personal data, if the processing is no longer necessary (right of limitation);
request to receive your personal data in a structured, commonly used and machine-readable format (right to data portability);
revoke consent with effect for the future, if the personal data are based on consent (right of revocation);
request the interruption of the transmission/communication of your personal data, in the permitted cases (right to object).
Please note that the exercise of these rights may be subject to limitations or exclusions depending on the cases provided for by law (e.g. if there are doubts about the identity of the Applicant or if the exercise of the right may result in infringement of the rights of other people or to safeguard interests worthy of protection or simply to comply with some legal obligations).
To exercise these rights you must request it in writing. Please note that, to respond to requests relating to the exercise of the aforementioned rights, ICCT has the right to take appropriate measures to identify the Applicant (e.g., if necessary, through a copy of the identity document) and the latter is required to cooperate. In line with Data Protection Law, information is normally provided free of charge but costs may be taken into account where communication would require a disproportionate burden.
In any case, if there are any doubts or questions about the exercise of rights or the content of this document, we invite you to contact us in advance (see Point 13 below). If you are resident in the EEA, you can also appeal to the relevant data protection authorities in your country, the list of which is available on the website https://edpb.europa.eu/about-edpb/about-edpb/members_fr.
13. How to contact us?
For general questions relating to this Declaration on the protection of personal data, you can contact us via the email address info.icct[at]eoc.ch
For requests relating to the exercise of rights, in this case the right of access (art. 25 LPD) and the right to data portability (art. 28 LPD), can be forwarded by attaching a copy of your identity document:
• in writing via ordinary mail to the following address:
Data Protection Compliance Officer (DPCO) c/o EOC General Directorate, Viale Officina 3 – CP 1437, CH-6501 Bellinzona;
• or to the following email address: dpo[at]eoc.ch.
For security reasons, when processing requests we may take appropriate measures in order to verify in advance the identity of the interested party (Art 16, co 5, OPDa).
14. Changes to this data protection declaration
It is underlined that this Declaration on the protection of personal data may be adapted over time based on the need to update the contents or to adapt it to the relevant legal provisions in force. In general, for data processing the updated version from time to time considered valid at the start of the processing in question applies.
Therefore ICCT reserves the right to modify this Declaration at any time and without notice in relation to legislative updates regarding data protection. Such changes will be effective as soon as they are published on the ICCT website and other official ICCT channels. All recipients of this privacy statement are invited to periodically consult this document to be informed of any updates.
Last updated on 27 NOVEMBER 2023