ST Med← Back to home

Legal

Privacy Policy

Last updated: 18 June 2026

We take the protection of your personal data very seriously. This policy informs you – pursuant to the revised Swiss Federal Act on Data Protection (revFADP / revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR) – about what data we process, for which purposes and what rights you have.

1. Data controller

ST Med am Sternen – Healthcare & Nutrition Center
Tramstrasse 4, 8050 Zurich-Oerlikon, Switzerland
Email: info@st-med.ch · Phone: +41 44 261 00 97

2. Categories of data processed

2.1 Website visits

  • technical data: IP address (shortened / anonymised where possible), browser, OS, referrer, time of access
  • cookies and similar technologies (see our Cookie Policy)

2.2 Contact and appointment booking

  • identification: first/last name, date of birth
  • contact details: address, email, phone
  • insurance details
  • contents of your message

2.3 Within medical treatment

  • health data (medical history, diagnoses, findings, therapies, medication, lab results, imaging)
  • billing and insurance data

Health data are sensitive personal data within the meaning of Art. 5 lit. c revFADP and are handled with particular care.

3. Purposes and legal basis

  • performance of the treatment contract (medical care, diagnostics, therapy)
  • legal retention and documentation duties (KVG, MedBG, cantonal health law – patient records min. 10, usually 20 years)
  • billing with patients and insurers (TARMED/TARDOC)
  • IT and practice operations and security
  • handling enquiries and communication
  • consent, where no other legal basis applies

4. Medical confidentiality

All staff are bound by medical confidentiality under Art. 321 of the Swiss Criminal Code. We share data with third parties only with your explicit consent, where required by law, or upon release by the cantonal health authority.

5. Recipients and processors

  • referring/treating physicians, hospitals, therapists
  • laboratories and pharmacies
  • health, accident, disability and military insurers
  • trust centres / billing services (e.g. Ärztekasse)
  • IT service providers, hosting providers and practice-management software vendors (with data processing agreements)
  • authorities, where legally required

6. International transfers

Transfers to countries outside Switzerland/EEA only take place if an adequate level of protection is ensured (e.g. EU Standard Contractual Clauses, adequacy decision) or an exception under Art. 17 revFADP applies.

7. Retention

Patient records are retained in accordance with the cantonal Health Act for at least 10, usually 20 years after the last entry. Other data are processed only as long as necessary for the respective purpose or required by law.

8. Your rights

  • access (Art. 25 revFADP)
  • rectification of inaccurate data
  • erasure, subject to statutory retention obligations
  • restriction of processing
  • data portability (Art. 28 revFADP)
  • withdrawal of consent
  • complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch

Requests may be sent to the address above or by email to info@st-med.ch. We may request a copy of an official ID to verify your identity.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss or misuse (HTTPS encryption, access controls, backups, staff training).

10. Cookies and web analytics

For details, see our Cookie Policy.

11. Changes

This policy may be updated at any time. The version published on this page applies.