Privacy Policy 

Introduction 

This Privacy Policy explains how personal data is collected, used, and protected by the Healthcare Cyber Security Center – H-CSC (“Controller”) when you visit or interact with our website https://h-csc.ch (the “Website”). 

We are committed to complying with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union’s General Data Protection Regulation (GDPR). 

Data Controller 

• Name/Legal Entity:  Healthcare Cyber Security Center (H-CSC) 

• Contact Email: [email protected] 

• Website: https://h-csc.ch  

Types of Personal Data Collected 

Data Provided by Users 

• Contact or Registration Forms: When you fill out a form, register an account (if available), or communicate with us by email, we may collect information such as your name and email address, or any other information you voluntarily provide. 

• Comments/Posts: If our Website allows comments, we collect the information in the comment form, your IP address, and browser user-agent string to help with spam detection. 

Browsing Data 

When you use or access the Website, our systems may automatically collect technical information (e.g., IP address, device type, browser type, operating system, time and date of visits). While generally not used to identify you, such data could potentially lead to your identification if combined with additional information held by third parties. 

Cookies

Cookie Policy

Cookies are small text files stored on your device by websites you visit. They serve various purposes, such as enabling site functionality, remembering user preferences, and improving user experience. Some cookies are strictly necessary for the operation of our Website, while others are used for analytics. 

Cookies have specific retention periods, after which they expire automatically. Session cookies generally remain active only until you close your browser, whereas persistent cookies can last for a predetermined duration unless manually deleted. 

Types of cookies we use: 

• Strictly Necessary Cookies: These cookies are essential for the basic functioning of the Website. Without these cookies, certain services or features may not be available. They are usually set in response to your actions, such as logging in, filling out forms, or setting your preferences for cookie consent. 

• Functionality Cookies: These cookies allow the Website to provide enhanced functionality and personalization, such as remembering login details or user preferences (e.g., language). While not strictly necessary, they improve the user experience. 

• Performance/Analytics Cookies: Where applicable, we may use performance/analytics cookies (e.g., Google Analytics) to collect aggregated information about how visitors use the Website. These cookies help us understand which pages are most visited, how users navigate the Website, and if they encounter error messages. 

• Third-Party Cookies: Our Website may integrate features from third parties (e.g., embedded videos, social media plugins). These providers may set their own cookies to track user activity or personalize content and advertisements. We have no direct control over the information collected by these cookies. Please refer to the privacy or cookie policies of the respective third parties for further details. 

It is possible to set most browsers to block cookies, notify you when a cookie is downloaded or subsequently delete cookies. See the settings in your browser or the website of your browser provider for a guide on how to block cookies in your browser. 

Please note that disabling certain cookies, particularly strictly necessary ones, may affect the functionality of the Website. 

Purposes and Legal Bases of Processing 

We process personal data for the following purposes: 

1. Website Functionality: To enable proper operation, security, and navigation of the Website (legal bases: performance of contractual/pre-contractual measures; legitimate interest). 

2. Communication: To respond to inquiries, comments, or feedback submitted via online forms or email (legal bases: performance of contractual/pre-contractual measures or your consent, where applicable). 

3. User Account Management (if applicable): To facilitate user registration, login, profile management, and related account functionalities (legal basis: performance of a contract). 

4. Legal Compliance: To comply with applicable laws and regulations or respond to requests from authorities (legal basis: legal obligation). 

5. Security and Fraud Prevention: To detect and prevent fraudulent activity, spam, or abuse (legal basis: legitimate interest). 

Retention of Personal Data 

We retain personal data for as long as necessary to achieve the purposes outlined above or to comply with legal obligations. For example: 

• Comments: Indefinitely, unless you request deletion or further restrictions. 

• Contact Form Submissions: For the time needed to process and respond to your request, plus any additional retention period required by law or for legitimate interests (e.g., evidence in the event of disputes). 

• User Accounts: For as long as the account remains active, and thereafter only as legally or contractually required. 

Data Recipients and Disclosure 

Personal data may be processed by authorized staff or third-party service providers (e.g., hosting providers, IT maintenance). These entities will be bound by appropriate contractual obligations and confidentiality. We do not disclose personal data to third parties unless required by law, authorized by you, or necessary to fulfill the intended purpose (e.g., fulfilling a service request). 

Transfer of Data Abroad 

Where data transfers outside of Switzerland or, where applicable, the European Economic Area (EEA) are necessary, we will adopt suitable safeguards (such as standard contractual clauses or adequacy decisions) to ensure your personal data remains appropriately protected. 

Your Rights 

Under Swiss law and, where applicable, GDPR, you have the right to: 

1. Access the personal data we hold about you. 

2. Rectify inaccurate or incomplete data. 

3. Request erasure of data when no longer needed or if processing is unlawful. 

4. Object to processing based on legitimate interest, for reasons related to your particular situation. 

5. Request restriction of processing in specific circumstances. 

6. Data Portability (where applicable), i.e., to receive your data in a structured, commonly used, and machine-readable format. 

To exercise these rights or for any privacy-related inquiries, please contact us at the details provided under “Contact Us” below. You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, or with a competent EU supervisory authority if GDPR applies. 

Automated Decision-Making 

We do not use automated decision-making processes (including profiling) that produce legal or similarly significant effects on you, unless otherwise stated (e.g., spam detection services). 

Changes to This Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on this page, and if they significantly affect how we use your data, we will notify you accordingly (e.g., via email or prominent notice on the Website). 

Contact Us 

If you have any questions or concerns regarding the processing of your personal data or to exercise your rights, please contact: 

• Data Controller: Healthcare Cyber Security Center 

• Email: [email protected]