deenfr

Data Privacy Statement CAI WORLD@

General information

SWICA Health AG (hereinafter "santé24") provides a virtual therapy room for psychotherapeutic treatment. This data privacy statement provides information on the data processing activities associated with the virtual therapy room.
The technology provider and operator of the platform is CAI GmbH, Roonstrasse 23A, 76137 Karlsruhe, Germany, VAT no. DE292337926.

Virtual therapy room

The virtual therapy room is used exclusively to provide more efficient and effective psychotherapeutic treatment.

Registration

In order to use the virtual therapy room, when logging in for the first time you must enter an email address and password and consent to the terms of use and data privacy statement of CAI GmbH.

Obligations of the user

When using the virtual therapy room, you must adhere to the terms of use of CAI GmbH:
Terms of use.

Use and security warnings

Use

The link supplied by santé24 grants you access to the virtual therapy room. You can enter this room at any time. To make sure you are able to communicate without any problems, please ensure that the necessary devices, such as your microphone and camera, are activated for every session.

Security warnings

The virtual therapy room is accessed online via an internet service provider chosen by the user. The portal is optimised for current versions of commonly used browsers. Some functions may not work properly when using older versions or less common browsers. Despite state-of-the-art security precautions, it is not possible to guarantee absolute security either on SWICA's side or on the user’s side. The user's terminal device forms part of the internet and is outside SWICA's control. SWICA draws the user's attention in particular to the following risks when accessing the services:

  • A lack of system knowledge and inadequate security precautions on the terminal device could allow unauthorised access to data. SWICA therefore urgently recommends that users equip their terminal devices with up-to-date protection programs and run all programs and systems at the maximum possible security level.
  • Despite the use of state-of-the-art security technologies, there can be no guarantee of absolute security in data transmission.
  • If there is any suspicion that any unauthorised third party may have become aware of the access data, this must be changed without delay and, where necessary, CAI GmbH must be asked to block access.
  • SWICA has no influence over whether or how the user's chosen internet service provider analyses data traffic.
  • There is a latent risk that a third party may gain access to the user’s terminal device while the services are being used without the user being aware of this.
  • The data may be transmitted across borders without controls. This applies even if both the sender and the recipient are located in Switzerland. Although the individual data packets are transmitted in encrypted form, the sender's and recipient's details are unencrypted. It is therefore possible to infer a relationship between the user and SWICA.

SWICA rejects all liability for the consequences of non-compliance with the security warnings.

Termination of online access

The online access will be terminated under the following circumstances

  • Access to the virtual therapy room will be removed 20 working days after the completion of the therapeutic treatment.
  • If the user deletes their profile of their own accord.
  • If the administrator removes the online access (in accordance with the terms of use of CAI GmbH).

Data protection and use of data

Protecting personal data is important to SWICA. As such, SWICA handles users' personal data with the greatest care and in accordance with the applicable data protection regulations. SWICA uses personal data only for the purposes of the therapeutic treatment. CAI GmbH also processes the data in accordance with the contractual provisions agreed with SWICA. More detailed information on the use of personal data is available in the relevant data privacy statements.

santé24: data privacy statement / SWICA data privacy statement
CAI GmbH: Data privacy statement - CAI GmbH

Warranty and liability

SWICA takes all appropriate technical and organisational measures to ensure the proper operation of the services, but cannot guarantee that the services will be available at all times or will be error-free. In particular, maintenance work may cause temporary interruptions to the services. SWICA will not be held liable for any loss or damage that the user may suffer in such cases.

To the extent permitted by law, SWICA rejects all liability for any direct or indirect loss or damage that the user may suffer in connection with the use of the services. This includes in particular loss or damage resulting from the use of information or transmission errors, technical problems, interruptions, disruptions or illegal acts by third parties.

SWICA will also not be held liable if the services are interrupted, wholly or partially limited or rendered inoperative due to force majeure or third-party culpability. Force majeure includes but is not restricted to power failure, malware (e.g. viruses), natural phenomena of particular intensity (e.g. earthquakes, avalanches, floods and landslides), acts of war, insurrection and unforeseeable official restrictions.

Applicable law and place of jurisdiction

All legal relationships of the user are subject to Swiss law, excluding any conflict-of-law rules and the provisions of the UN Convention on Contracts for the International Sale of Goods (CISG; Vienna Convention). The exclusive place of jurisdiction is SWICA's head office in Winterthur, unless otherwise provided for in mandatory Swiss law or the General Insurance Conditions (GIC) for insurance contracts.

Final provisions

SWICA expressly reserves the right to amend this data privacy statement at any time. The most recent data privacy statement can be viewed on the platform at any time.

Should any provision of this data privacy statement be or become ineffective, this will not affect the effectiveness of the remaining provisions.

Any ancillary arrangements and agreements between the user and SWICA must be in writing. The place of performance is SWICA's head office.

SWICA Health AG

Version 1.0/2024

 

Privacy Policy CAI GmbH

The following statement provides an overview of the type of personal data collected and stored, the purpose for which it is collected, and how it is used when accessing our website or using our online services and contact options.

Below, we inform you about your rights as a data subject and, among other things, identify the entity responsible for data processing and compliance with data protection regulations.

1.     Name and Address

CAI GmbH
Erbprinzenstraße 4–12
76133 Karlsruhe
Germany

Email: info@cai-world.com
Phone: (+49) 721 / 161 18 46
Fax: (+49) 721 / 161 18 47
Web: www.cai-world.com

2.     Contact Details for Data Protection Matters

Data protection concerns can be directed to datenschutz@cai-world.com.

3.     Information on Data Processing / Storage of Information / Definitions

3.1.    "Personal data" refers not only to obvious personal information, such as a person's name or address, but also to the IP address and information about which pages a person has visited on the internet (user behavior).

3.2.    Depending on the occasion for processing, the provision of personal data may be required by law or contract, or necessary for the conclusion of a contract. If this is the case, we will indicate this below as well as the possible consequences of non-provision. Automated decision-making or profiling pursuant to Article 22(1) and (4) GDPR will only take place if we explicitly indicate this.
 
3.3.     If you do not provide us with the data in the cases outlined below under sections 4.4 and 4.5, this would mean that you cannot use the service / the corresponding function or contact option. 

3.4.    When accessing our website, information is generally stored in the end-user's terminal equipment (website visitor) or information already stored in the terminal equipment is accessed; see section 4.2 for more details. 
    Both the storage of information in the end-user's terminal equipment or access to information already stored in the terminal equipment, as well as the processing of this information, generally require consent according to § 25 para. 1 TTDSG, unless an exception regulated in § 25 para. 2 TTDSG applies. This is the case, for example, if the data or information is required to carry out the transmission of a message, i.e., to display the website and its content, as described in section 4.2.

3.5.    Storage of information in the terminal equipment or access to information already stored in the terminal equipment can take place via cookies and other technologies. This information varies depending on the configuration settings of the website visitor.

3.6.    Cookies are small text files that are stored on your device by your browser. Cookies have different functions. They may be technically strictly necessary to access our website, or serve to make our offers more user-friendly and secure, analyze the surfing behavior of our website visitors, or provide personalized advertising.

As a user, you can control the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time – including automatically. 

However, if you deactivate cookies or do not consent to the setting of certain cookies, it may no longer be possible to use all functions of the websites you visit or various tools on the internet to their full extent.

3.7.    A general distinction is made between so-called first-party cookies, i.e., cookies set by the website operator (see section 4.3), and third-party cookies, which are placed by third parties when their services are integrated. 
Third-party cookies are used to provide third-party providers with information about user behavior on certain websites. If we use third-party services that use cookies, we will point this out below.
Furthermore, a distinction must be made between session cookies and persistent cookies.

While session cookies are deleted as soon as the browser is closed, persistent cookies are stored in the browser for a longer period and are partially deleted automatically after an "expiration date." 

3.8.    Furthermore, within the framework of the legal basis, we will generally indicate whether the setting of a cookie and the use of other technologies for individual functions or integrated services requires the consent of the website visitor.
 
3.9.    If personal data that has already been generated by the setting and reading of non-strictly necessary cookies is to be processed in a subsequent process, further consent from the website visitor is required. In this respect, two consents must be obtained, which, in the opinion of the Conference of the Independent Data Protection Authorities of the Federation and the States, can occur in a single action.

We request necessary consents when you access our website via the cookie banner. To manage consents, we use the following software: 
CookieConsent - v2.8.8
Github Link: https://www.github.com/orestbida/cookieconsent
Author Orest Bida
Released under the MIT License

In some cases, we integrate services and tools from service providers on our website who have their registered office in a third country within the meaning of the EU General Data Protection Regulation (GDPR) or store data on servers in a third country, particularly the USA. 
These service providers regularly use cookies and other technologies in providing the services, which in most cases are not strictly necessary. This can result in the data of our website visitors being processed by these service providers. 
To ensure the best possible protection of your data when using these services, we have generally agreed upon EU Standard Contractual Clauses with these service providers, which guarantee an adequate level of data protection, as well as additional guarantees.
Nevertheless, it cannot be ruled out that, as in the case of the USA, US intelligence services or state authorities may access your data based on national legislation and that data may be processed unnoticed.

3.10.    In some cases, we use external service providers (processors within the meaning of Art. 28 GDPR, e.g., hosting service providers) to process your data, to whom we may disclose personal data. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. Otherwise, your data will only be disclosed to other recipients if we point this out separately below.

3.11.    Contacting Us - General
When you contact us (e.g., by email, fax), we will process the data you provide, such as your name, your email address, and any other contact details you provide.

Purpose of Processing: The processing of the above data is necessary to process or respond to your request communicated to us in the context of contacting us.
Legal Basis: Depending on the request, processing the data may be based on different legal foundations. In any case, processing is necessary to protect our legitimate interests within the meaning of Art. 6(1)(f) GDPR. The legitimate interest arises from our desire to follow up on your request and fulfill the processing purpose. 
Storage Period: We will delete your personal data as soon as storage is no longer necessary. The exact time is to be determined on a case-by-case basis, whereby storage must end at the latest once any civil law claims are barred by the statute of limitations according to § 199 BGB or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB).

 

4.    Data Processing via Website

4.1.     Encryption
To ensure that the processing of your personal data occurs in a way that protects the data against unauthorized or unlawful processing as well as against accidental loss, destruction, or damage, we use encryption (SSL or TLS) on our website and all subpages. 

4.2.     Visiting our Website
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This involves the following data: 

  • Name of the retrieved file
  • Date and time of retrieval
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • IP address
  • Browser type
  • Browser version and its language
  • Operating system and its interface
  • Referrer URL
  • Access status/HTTP status code
  • Type of terminal device

The data is stored in the log files of software installed by us, which is operated on an IT system of our host. 

Purpose of Processing The processing of the above data is necessary to display the website to you and to ensure the security and stability of our information technology systems as well as the technology of our website. In addition, processing takes place to provide law enforcement authorities with information necessary for prosecution in the event of a cyberattack.
Legal Basis We have a legitimate interest in data processing within the meaning of Art. 6(1)(f) GDPR, whereby the legitimate interest arises from the stated purpose. Consent according to § 25 para. 2 TTDSG is not required.
Storage Period The data will be deleted as soon as data storage can no longer fulfill the purpose. The exact time is to be determined on a case-by-case basis, whereby storage must end at the latest once any civil law claims are barred by the statute of limitations according to § 199 BGB or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB). 


4.3.     Our Cookies (so-called First-Party Cookies)
We use so-called session and persistent cookies. 

Regarding the functions of cookies and how you can generally prevent the setting of a cookie, we refer to the sub-item "Information on Data Processing / Storage of Information / Definitions."

Essential Cookies:
Session cookies store the following data:

  • Cookie "JSESSIONID"
    Assigns an anonymized ID (Session ID) to your browser for the duration of your visit to bundle several related requests to the server and assign them to one session.
  • Cookie "LFR_SESSION_STATE^"
    Date information for handling session expiration messages.
  • Cookie "COMPANY_ID"
    Used by the Liferay framework for internal purposes.
  • Cookie "ID"
    Used to maintain the session when the user returns to the portal after closing the browser.

Persistent cookies store the following data:

  • Cookie "GUEST_LANGUAGE_ID"
    Language selection.
  • Cookie "COOKIE_SUPPORT"
    Indicates whether cookies are supported for further functions.
  • Cookie "PRIVACY_READ"
    Indicates that you agree to the use of cookies on our pages. It is set when you confirm the "Use of Cookies" notice with OK. If this cookie is present, the notice is no longer displayed.
  • Cookie "COMPANY_ID"
    Used by the Liferay framework for internal purposes.
  • Cookie "ID"
    Used to maintain the user session when the user returns to the portal after closing the browser.
  • Cookies "LOGIN", "REMEMBER_ME", "REMEMBER_ME_TOKEN_VALUE", "REMEMBER_ME_TOKEN_ID"
    Enable automatic login via "save login data" in the login dialog.


Non-essential Cookies:
Persistent cookies store the following data:

  • Cookie "audioEnabled"
    Automatic activation of the microphone when switching between breakout sessions.
  • Cookie "videoEnabled"
    Automatic activation of the camera when switching between breakout sessions.

Cookies that are strictly necessary do not require consent and are therefore set automatically.

Purpose of Processing: Cookies enable us to recognize your browser on your next visit. We use cookies to provide the service, analyze the surfing behavior of our users on our website, and increase user-friendliness. 
Legal Basis: Insofar as the setting of the cookie and the resulting processing of the data obtained serves at least to analyze the user behavior of visitors to our website (tracking) or is not strictly necessary for the provision of the requested service, we obtain the corresponding consents from the data subject according to Art. 6(1)(a) GDPR and § 25 para. 1 TTDSG. For strictly necessary cookies, cookies are set to protect our legitimate interests within the meaning of Art. 6(1)(f) GDPR, whereby the legitimate interest then arises from our desire to fulfill the processing purpose. 
Storage Period: Session cookies are automatically deleted after the end of your visit. Persistent cookies are additionally stored for a specific period (generally for a duration of one year) or remain on your terminal device until you delete them. 


4.4.    Contacting Us - Contact Form
When you contact us via the contact form, the data you enter into the input mask is transmitted and stored. If you use the contact form, the following data is also stored at the time the message is sent: 

  • IP address
  • Date and time
  • Name of the retrieved file
  • Message as to whether the retrieval was successful
  • Browser type
  • Browser version and its language
  • Operating system and its interface
Purpose of Processing: The processing of personal data from the input mask serves to process the contact/your request. The other data processed at the time of sending serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Legal Basis: Before the sending process, your consent is obtained for processing this data, and reference is made to this privacy policy. Based on your consent, the legal basis for processing is Art. 6(1)(a) GDPR and § 25 para. 1 TTDSG. 
Storage Period: The data will be deleted as soon as data storage can no longer fulfill the purpose. The exact time is to be determined on a case-by-case basis, whereby storage must end at the latest once any civil law claims are barred by the statute of limitations according to § 199 BGB or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB).

 

4.5.    Login / Registration on Website
You have the possibility to register or log in to our website by providing personal data. Which personal data is transmitted to us results, on the one hand, from the respective input mask used for registration/login. On the other hand, through registration/login on our website, your IP address and the date and time of registration/login are additionally stored. Furthermore, we store the following data from you:

  • Message as to whether the retrieval was successful
  • Browser type
  • Browser version and its language
  • Operating system and its interface
  • Referrer URL
  • Access status/HTTP status code
  • Type of terminal device
Purpose of Processing: We require the information you provide as part of the login process to provide you with the desired service and to verify your legitimacy to use the website as a logged-in user. The storage of other data also takes place to prevent misuse of our services and, if necessary, to initiate civil and criminal steps in the event of misuse. Processing may also take place to fulfill contractual obligations.
Legal Basis: The legal basis for processing the personal data based on your consent is Art. 6(1)(a) GDPR and § 25 para. 2 TTDSG. Furthermore, the legal basis may also result from Art. 6(1)(b) GDPR.
Storage Period: We will delete your personal data as soon as storage is no longer necessary. The exact time is to be determined on a case-by-case basis, whereby storage must end at the latest once any civil law claims are barred by the statute of limitations according to § 199 BGB or criminal prosecution is no longer possible due to the statute of limitations (§§ 78, 79 StGB).

 

5.     Information on Data Subject Rights

Due to the processing of your personal data, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us, whereby we are referred to below as the "controller": 

-    Right of Access, Art. 15 GDPR
You have the right to request confirmation from the controller as to whether personal data concerning you is being processed. If this is the case, you have a right to information regarding the details listed in Art. 15 GDPR.

-    Right to Rectification, Art. 16 GDPR
According to Art. 16 GDPR, you have the right to request the controller to rectify or complete personal data concerning you if the personal data concerning you is inaccurate or incomplete.

-    Right to Erasure ("Right to be Forgotten"), Art. 17 GDPR
In accordance with Art. 17 GDPR, you have the right to demand that the controller delete personal data concerning you. 

-    Right to Restriction of Processing, Art. 18 GDPR
As a data subject, you have the right to demand that the controller restrict processing under the conditions of Art. 18 GDPR. 

-    Right to Notification, Art. 19 GDPR
According to Art. 19 GDPR, you have the right to be informed about the recipients to whom personal data concerning you has been disclosed and to whom the controller has communicated your assertion of the rights to rectification, erasure, or restriction of your data. 

-    Right to Data Portability, Art. 20 GDPR
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format. You have the right, under the conditions of Art. 20 GDPR, to transmit this data to another controller without hindrance from the controller to whom the personal data was provided. You have the right to have the personal data transmitted directly from one controller to another, where technically feasible. 

-    Right to Object, Art. 21 GDPR
In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f). This also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

-    Right Not to be Subject to Automated Decision-Making Including Profiling, Art. 22 GDPR
As a data subject, according to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

-    Right to Withdraw Consent, Art. 7 GDPR
According to Art. 7 GDPR, you have the right to withdraw your consent to the processing of personal data concerning you at any time.

-    Right to Lodge a Complaint with a Supervisory Authority, Art. 77 GDPR
Without prejudice to any other legal remedies, according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data by us violates the GDPR.