078 914 27 34
Aemtlerstrasse 76, Zurich
Book appointmentAppointment

Privacy Policy

With this privacy policy, we inform about the processing of personal data in connection with our activities, including our spineinmotion.ch website. In particular, we inform you about the purposes, methods, and locations of our processing of personal data. We also inform about the rights of individuals whose data we process.

Separate or additional privacy policies or other information regarding data protection may apply for certain activities and operations.

We are subject to Swiss data protection law as well as potentially applicable foreign data protection laws, notably those of the European Union (EU) under the General Data Protection Regulation (GDPR).

On July 26, 2000, the European Commission recognized that Swiss data protection law provides an adequate level of data protection. On January 15, 2024, the European Commission reaffirmed this adequacy decision.

1. Contact Addresses

Responsibility for the Processing of Personal Data:

Fernando Molleda
Aemtlerstrasse 76
8003 Zurich
Switzerland

hc.noitomnienipsobfsctd-5756f2@emoclew

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties.

2. Terms and Legal Foundations

2.1 Begriffe

Data Subject: Natural person whose personal data we process.

Personal Data: Any information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data concerning trade union membership, political, religious, or philosophical beliefs and activities, health data, data regarding the private sphere or racial or ethnic origin, genetic data, biometric data uniquely identifying a natural person, data concerning criminal and administrative sanctions or prosecutions, and data concerning social welfare measures.

Processing: Any handling of personal data, regardless of the means and methods applied, such as querying, matching, adjusting, archiving, retaining, retrieving, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, storing, altering, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

Note: The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

2.2 Legal Foundations

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).

We process personal data according to at least one of the following legal bases, insofar as the General Data Protection Regulation (GDPR) is applicable:

  • Art. 6 para. for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
  • Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to safeguard legitimate interests—also the legitimate interests of third parties—provided that these do not override the fundamental freedoms, fundamental rights, and interests of the data subject. Such interests particularly include the enduring, humane, secure, and reliable pursuit of our activities; ensuring information security; protection against misuse; enforcement of our own legal claims; and compliance with Swiss law.
  • Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the applicable law of member states in the European Economic Area (EEA).
  • Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
  • Art. 9 para. for the processing of special categories of personal data, particularly with the consent of the data subjects.

3. Nature, Scope, and Purpose of Processing Personal Data

We process personal data that are necessary to carry out our activities and operations in a sustainable, humane, secure, and reliable manner. The personal data processed may particularly fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities, insofar as such processing is legally permissible.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we can process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects even when it is not required.

We process personal data for as long as necessary for the respective purpose. We particularly anonymize or delete personal data in accordance with legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. These third parties primarily include specialized service providers whose services we utilize.

We may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.

5. Communication

We process personal data to communicate with third parties. In this context, we particularly process data that a data subject submits when making contact, for example, via postal mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other individuals are obligated to ensure data protection for those affected. This includes, among other things, ensuring the accuracy of the transmitted personal data.

6. Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, though we cannot guarantee absolute data security.

Access to our website and other online presence is secured via transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers issue a warning before visiting websites without transport encryption.

Our digital communication is subject to mass surveillance without cause and suspicion by security authorities in Switzerland, other parts of Europe, the United States of America (USA), and other countries, much like all digital communication. We have no direct influence over the corresponding processing of personal data by intelligence services, police departments, and other security authorities. We also cannot rule out that an individual may be specifically monitored.

7. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or to have it processed there.

We may export personal data to any country or territory on Earth, provided that the local law ensures adequate data protection according to a decision by the Swiss Federal Council and—where and to the extent that the General Data Protection Regulation (GDPR) is applicable—also according to a decision by the European Commission.

We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is guaranteed for other reasons, particularly based on standard contractual clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide data subjects with information on any safeguards or supply a copy of any such safeguards upon request.

8. Rights of Data Subjects

8.1 Data Protection Claims

We grant data subjects all claims according to applicable data protection law. Data subjects, in particular, have the following rights:

  • Information: Data subjects can request information on whether we process personal data about them, and if so, what personal data it involves. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the personal data processed as such, but also information on the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and have the processing of their data restricted.
  • Deletion and Objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the processing of their data with future effect.
  • Data Provision and Transfer: Data subjects can request the provision of personal data or the transfer of their data to another controller.

We may defer, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any prerequisites that need to be fulfilled for exercising their data protection claims. For example, we may wholly or partially refuse to provide information by citing trade secrets or the protection of other individuals. We may also wholly or partially refuse the deletion of personal data by citing legal retention obligations.

We may charge fees for the exercise of rights in exceptional cases. We will inform data subjects in advance about any potential costs.

We are obligated to reasonably identify data subjects who request information or assert other rights. Data subjects are required to cooperate in this process.

8.2 Legal Protection

Data subjects have the right to pursue their data protection claims through legal channels or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states within the European Economic Area (EEA), data protection supervisory authorities have a federal structure, particularly in Germany.

9. Use of the Website

9.1 Cookies

We may use cookies. Cookies—both our own (first-party cookies) and those from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data are not necessarily limited to traditional text-form cookies.

Cookies may be temporarily stored in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable the recognition of a browser during a subsequent visit to our website, allowing for activities such as measuring the reach of our website. However, permanent cookies can also be used, for example, for online marketing.

Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively seek explicit consent for the use of cookies, at least where and to the extent necessary.

For cookies used for performance and reach measurement or for advertising, a general opt-out is possible through services such as AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logging

We may log at least the following information for each access to our website and other online presence, provided this information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, and the last webpage visited in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to provide our online presence in a sustainable, user-friendly, and reliable manner. Furthermore, it is required to ensure data security—even when provided by or with the assistance of third parties.

9.3 Tracking Pixels

We may incorporate tracking pixels into our online presence. Tracking pixels, also known as web beacons, are typically small, invisible images or scripts written in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as in log files.

10. Notifications and Communications

10.1 Performance and Reach Measurement

Notifications and communications may include web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also track the use of notifications and communications on a personal basis. We need this statistical tracking for performance and reach measurement to send notifications and communications effectively and user-friendly, as well as sustainably, safely, and reliably, based on the needs and reading habits of the recipients.

10.2 Consent and Objection

You generally need to consent to the use of your email address and other contact details, unless the use is lawful for other reasons. For obtaining a possible consent, we may use the “Double Opt-in” process. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidentiary and security purposes.

You can generally object to receiving notifications and communications, such as newsletters, at any time. Such an objection can simultaneously act as an objection to the statistical tracking of usage for performance and reach measurement. This does not affect necessary notifications and communications related to our activities and operations.

10.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

In particular, we use:

11. Third-Party Services

We use services from specialized third parties to conduct our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such services enable us to embed functions and content into our website. For technical reasons, the services used at least temporarily capture the IP addresses of users when such embedding occurs.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data required to provide the respective service.

Digital Infrastructure

We use services from specialized third parties to leverage the necessary digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

12. Extensions for the Website

We use extensions for our website to leverage additional functionalities. We may utilize selected services from suitable providers or employ such extensions on our own digital infrastructure.

In particular, we use:

13. Performance and Reach Measurement

We strive to measure the success and reach of our activities and operations. In this context, we can also assess the impact of third-party references or examine how different parts or versions of our online offerings are used (“A/B testing” method). Based on the results of performance and reach measurement, we can particularly correct errors, reinforce popular content, or make improvements.

For performance and reach measurement, the IP addresses of individual users are generally collected. In this case, IP addresses are typically shortened (“IP masking”) to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used in performance and reach measurement, and user profiles may be created. Potentially created user profiles include, for example, the individual pages visited or content viewed on our website, information on the screen or browser window size, and the—at least approximate—location. In principle, any user profiles are created exclusively in a pseudonymized manner and are not used to identify individual users. Certain third-party services where users are logged in may associate the use of our online offering with the user’s account or profile on the respective service.

14. Final Provisions

We may amend and supplement this privacy policy at any time. We will inform about such changes and additions in an appropriate manner, particularly by publishing the current privacy policy on our website.