Privacy Statement

1. Data protection statement

The protection of data protection and privacy represents one of the core values of Ente Ospedaliero Cantonale (hereinafter simply "EOC" or also "we" / "us").

We are actively committed to treating all information with the utmost care and responsibility in compliance with applicable data protection provisions, in particular in accordance with the requirements of Swiss and Canton Ticino Law and in line with European legislation, if and to the extent that the latter is applicable.
We are constantly working to ensure maximum protection for the personal data we handle, making necessary changes and improvements in accordance with applicable laws.

This data protection statement is addressed to everyone who comes into contact with the EOC (e.g., website users, patients, EOC employees, suppliers, physicians and health care providers, clinics, hospitals, etc.) and is intended to inform how and why we collect, process, and use personal data.

What is described below applies to any processing of personal data collected by the EOC in the course of carrying out its many activities and regardless of how such personal data is collected, i.e. online (e.g., through our website www.eoc.ch, use of EOC applications, e-mail), or physically at our facilities and locations (e.g., by filling out forms/forms or through other means).

Please read this data protection statement carefully and check this page regularly to keep abreast of any changes made under this statement.

2. Useful definitions, changes and updates

In accordance with Article 5 of the DPA, the following are defined in this Declaration:

A. personal data: any information concerning an identified or identifiable natural person;

B. personal data worthy of special protection:

• data concerning religious, philosophical, political or trade union opinions or activities,
• data concerning health, intimacy or membership in a race or ethnic group,
• genetic data,
• biometric data that uniquely identify a natural person,
• data concerning administrative and criminal prosecutions and sanctions,
• data concerning social welfare measures;
  

C. processing: any operation concerning personal data, regardless of the means and procedures used, namely the collection, recording, storage, use, modification, communication, storage, erasure or destruction of data

D. communication: the transmission of personal data or the act of making them accessible;

E. data subject or person: the natural or legal person whose data are processed by the EOC.

Possible changes and updates
The EOC reserves the right to amend this Data Protection Statement at any time and without notice in compliance with legislative updates in the field of data protection and privacy protection.
Such changes will be effective as soon as they are posted on the EOC website and other official EOC channels. All recipients of this statement are encouraged to consult this document periodically to be informed of any updates.

Last updated: 04/17/2025.

3. Who is the data controller?

Pursuant to the provisions on data protection (in particular, reference is made to Art. 5(j) DPA), the data controller is Ente Ospedaliero Cantonale (EOC), in its capacity as a public law entity entrusted with the management and operation of public hospitals in the Canton of Ticino, with the headquarters of the Executive Board at

Viale Officina 3
CH-6500 Bellinzona
Tel. +41 (0)91 811 13 01
[email protected]

4. What data do we collect and process?

In the performance of its public law mandates and all our further activities, we collect and process various types of personal data in compliance with applicable data protection regulations. In particular:

A. Personal Data
Upon your admission to the EOC - and whenever you come into contact with the EOC - different types of personal data may be requested.

Some examples, depending on your needs and your relationship with us:

• appellation, first name, last name;
• date and place of birth
• nationality
• residential address
• telephone numbers, email addresses, and other contact information
• IP address
• ID numbers of documents (e.g., health insurance and/or insurance card, OASI number or card)
• any other personal data that falls under the definition in Article 5(a) DPA.

This type of information is also known as "common" personal data because it is data commonly used to carry out all those operations that are necessary and fundamental in the management of the main hospital activities (e.g., the safe and correct identification and registration of the person within the facility, the taking care of the requested services, the possibility of communicating with the person to keep him/her informed in case of updates on the results of the examinations or examinations carried out, and so on).

In other cases and circumstances, personal data arising in connection with the conclusion or execution or dissolution of contracts may be used. Such data, in addition to those mentioned above, may include, in particular, the data of legal persons.

B. Health data
The EOC, as part of its activities, may request or become aware of data concerning health (e.g., through various documents such as reports, medical histories, diagnostic results, blood tests, etc.), genetic data, biometric data, and in general information concerning the intimate sphere of patients.

These data are also known as personal data "worthy of special protection" because they are data that must be protected with the utmost care and security.
In the context of the purposes related to the various activities carried out by the EOC, the processing of this type of data is indispensable in order to be able to carry out in the best possible way the health care services required and/or necessary for the patient's medical treatment or course of care.

C. Browsing data, cookies and other tracking tools
By browsing data and cookies we mean all that information that is not collected per se to be associated with identified data subjects, but which by its very nature may include personal data or could, through processing and association, allow us to identify users of the site, our Apps or other digital tools.

Examples include:

• The type of browser used by the User;
• The website from which you reached our site (referring website);
• The operating system of the computer;
• The type of device used;
• The referrer URL (Uniform Resource Locator);
• The IP address;
• Internet Service Provider (ISP);
• The country from which access took place and the language settings of the User's browser;
• The click rate or click-through rate (link tracking);
• The time and date a page was viewed.

Other tools may also be used on our site, such as "tracking pixels" which are graphical elements (e.g., images) embedded in web page codes that serve to document how users navigate the website. In the latter case, the only processing carried out concerns the production of statistics, with anonymized data.

D. Video footage, images, and video surveillance
For security and related evidentiary purposes, we may also take video footage both in the outdoor and indoor spaces of the properties we rent (e.g., of institutions and hospital facilities). We can then obtain information on the behavior in the filmed areas, subject to the recommendations and legal provisions that specifically regulate video surveillance. The use of surveillance cameras is restricted to limited areas and is appropriately reported.

In addition to security needs, the EOC conducts video filming for the purpose of care (e.g., this is the case of intensive care monitoring through CCTV surveillance) or filming of images and/or videos in the care setting (e.g., in the emergency room, imaging of an injury). The use of this type of video surveillance for the purpose of care is limited and restricted to specific areas and services and defined in internal guidelines and regulations in line with the provisions and requirements of the Law.

E. Other data worthy of special protection
In addition to the type of data described in subsection B of this section, the EOC may, under special circumstances and in compliance with applicable legal provisions, also become aware of other types of personal data worthy of special protection, pursuant to Article 5(c) DPA.

For example in the course of official procedures of authorities or in the execution of procedures or acts resulting from courts, we may become aware of personal data pertaining to the private and intimate sphere, contained in documents, acts or means of evidence. For reasons of security and health protection, we may also collect information, e.g. on who and when accesses a particular building or has corresponding access rights (e.g. for access control, based on registration data or visitor lists, etc.), or on who and when uses our infrastructure and systems.

5. Where does the personal data we process come from?

The EOC preferably collects personal data directly from data subjects when they first contact us. Depending on different and specific circumstances, we collect and process personal data from individuals who fall into one of the following categories:

• patients, family members of patients (e.g., current and former spouses, cohabiting partners, parents and children), and other persons who accompany patients or are reference persons for patients;
• people who visit our website or other digital services (e.g., our Apps);
• people who visit our offices or use our other services;
• EOC employees and contractors and people who apply for our job openings;
• students, pupils, apprentices, trainees and civil service participants/volunteers;
• suppliers and partners, employers and their contact persons;
• social and health insurance companies and their contact persons;
• physicians and/or private health care providers and/or belonging to other hospitals/health care institutions and their contact persons;
• freelancers, attorneys (e.g., legal representatives);
• people who write to us or contact us in various capacities (e.g., tenants and contact persons of residential and commercial property rental companies);
• members of our bodies and persons belonging to public authorities and/or offices;
• ...and anyone who falls within the definition in Section 2(E) of this statement.

We would like to clarify that, on these occasions, even if data referring to other persons (such as relatives, friends, the contact of a reference person and/or legal representative or other health care providers) are provided, we assume that the person providing these data has the authorization to do so and that these data are accurate. We also expect that he or she has informed such individuals about this statement, in accordance with the requirements of applicable law.

Data relating to minors or persons incapable of discernment
In the case of patients who are minors under the age of 16 or adults incapable of discernment, consent shall be given by the parents or legal representative.

Treatment justified by the consent of the person concerned is in principle lawful where the minor who has given consent is at least 16 years old. Where the minor is under the age of 16, the processing of personal data is lawful only and to the extent that consent is given or authorized by the legal representative. The EOC may make every reasonable effort to verify that the consent given by the legal representative is effective. However, the EOC will not be responsible in any way for any misrepresentation that may be provided by the minor and, in any case, should it be determined that the statement is false, any personal data and any material acquired will be immediately deleted. The data controller will facilitate requests concerning the personal data of minors coming from the legal representative, as per point 10.

A. Data communicated directly by data subjects

It is often you who directly communicate personal data to us, for example when you transmit data to us or communicate with us in person, by going to our facilities or by phone, e-mail, filling out paper forms and/or forms or online on our website or via App. The transmission of data to us is basically voluntary, but in some cases it is absolutely necessary to be able to use our services or in fulfillment of legal and/or contractual obligations.

In principle, we specify which personal data are mandatory.
For example, the presence of mandatory fields, which it finds on forms to be filled out, indicates that that particular information is necessary to enable us to ensure the provision of the requested services. On the other hand, the provision of other information not marked as mandatory is optional, i.e. it does not affect the activity, e.g. the use of our website, Apps or other services. Through the activity of filling out and sending contact forms and/or forms, you voluntarily provide us with your personal data and this data is used for the sole purpose of pursuing the related purposes

Online application submission
This includes, for example, when personal data are submitted by you through the completion of online application forms/forms accessible from the dedicated section on our website. Data may be processed according to open positions, which may include either a single, specific position or additional positions. The User is required to enter in the online form the information requested by the system and indicated as mandatory, For example, the presence of mandatory fields, which he finds on some forms, indicates that that particular type of information is necessary to allow us to carry out the EOC recruitment and selection activities. The personal data subject to processing are the information in the Curriculum Vitae transmitted and relating to personal details, educational qualifications, professional and work experience, contractual classification, references, job description, motivations for change, aspirations, preferences, etc. The User is free to attach additional documents to supplement the information provided, such as diplomas, work certificates and other documents pertaining to the position.

The EOC is free to use the candidate's personal data to verify the information provided at any time during the application and selection process. This may include verifications with previous employers, academic and/or professional institutions, and other entities and/or agencies, both public and private. Personal data is used and processed only to the extent strictly necessary and in a manner and procedure appropriate to the purposes related to the recruitment, selection and evaluation of EOC personnel.

Personal data will be kept for the time strictly necessary for the proper fulfillment of the above purposes. Specifically, in the case of recruitment, the personal information transmitted by the User is shared within the EOC Human Resources unit and operational and managerial functions to assess how well the application is in line with the position for which the User has applied or with possible other positions, if the User has consented.
Personnel administration uses this information to create a file (dossier) on the new employee for the purpose of managing the subsequent fulfillments arising from the employment contract. In case of non-employment, personal data are kept in the system as a rule for a maximum period of 12 months after their receipt/last profile update, after which they will be destroyed and deleted. The period could be longer, in case the data subject has consented to the possibility of using and then processing the data also for any different and/or future positions in EOC than those for which the data subject originally applied.

The User has the option to register in order to receive regular automatic notifications about positions posted on the platform. At any time the User can unsubscribe from the list of recipients you such notifications. Non-subscription to the notification service or deletion from the list of recipients does not affect or in any way reduce the use of the platform.
With the deletion of the last application on the User's profile, the profile is also automatically, permanently and completely deleted. The User may at any time request the secure and permanent partial and/or final deletion of personal data. The request shall be followed up without delay, but in any case within 30 days of the exercise of the right to deletion.

In any case, the criteria used to determine the retention period may be related to the express consent of the User/interested party, the duration of recruitment and selection activities, the conduct of statistical studies and research, or are prescribed by Law. The Data Controller, also by means of periodic checks, will regularly verify the strict relevance, non-excessiveness and indispensability of the retained personal data with respect to the stated purposes, also with reference to the additional information provided on its own initiative by the data subjects.

B. Data from third parties

Under certain conditions, it is also possible for the EOC to collect data not from data subjects. In these cases we only collect data useful for the provision of health and care services and for the preparation and execution of contracts also from other service providers, social or private insurances, authorities, other health care providers, your family members and relatives, or other third parties.

We may also collect data from publicly available sources (e.g., debt enforcement registry, land registry, commercial registry, media, or the Internet, including social networks) or receive it from (i) authorities, (ii) your employer or principal who has a business relationship with us or is otherwise in contact with us, and (iii) other third parties (e.g., lending institutions, address providers, associations, contractors, Internet analysis services). This includes, in particular, data that we process in connection with the preparation, conclusion, and execution of contracts, as well as data from correspondence and interviews with third parties, within the limits set by law.

6. For what purposes and on what legal basis do we process personal data?

A. Objective: patient care
The EOC, as a cantonal public law entity entitled to manage public hospitals in the Canton of Ticino, collects, organizes, structures and stores personal data with the primary objective of providing the population with inpatient facilities and necessary medical services.

B. Purposes of processing
Personal data is processed only for specified, recognizable purposes and in a manner compatible with those purposes.
All information is processed by the EOC in accordance with the fundamental principles of personal data protection (Art. 6, DPA) and in pursuit of one or more of the following processing purposes and justifying reasons:

• provision of medically necessary and other services required for the purpose of patient care;
• health prevention and protection (namely, activities of diagnosis, treatment, rehabilitation, health or social care or therapy);
• administrative-accounting activities closely related and instrumental to the services provided and, in general, to the management of relations with the patient (acceptance, booking of visits and examinations, management of collections and payments, etc.);
• administrative activities inherent in the management of relations with the health professional collaborator;
• planning and management of health activities in the territory;
• any research and scientific experimentation activities in the medical, biomedical and epidemiological fields - subject to the specific consent of the Patient for each research protocol - except for those patients for whom the EOC already has general consent. In particular, it is specified that for this particular purpose, in each case the data collected will be subsequently anonymized for use for medical and scientific research purposes;
• educational and professional training activities, including possible consultation by authorized students and/or trainees, adequately instructed and made aware of the consequences of inappropriate use of data, involved in the provision of health care services;
• activities to verify, promote and improve quality and patient safety;
• for the preparation, management, execution and conclusion of contractual relationships, including identities, contacts, health data and third party information;
• To communicate through various means, including content, contact details and audio/video recordings;
• For public relations and public health promotion purposes;
• To analyze behaviors and preferences anonymously in order to improve services;
• to operate the website and our digital technologies in a secure manner
• For specific offers and services that require registration;
• To ensure cybersecurity and prevent misuse;
• To comply with laws, regulations and internal standards;
• for risk management;
• to evaluate job profiles (applications);
• to enforce and defend legal rights.

C. Legal Framework
In processing your personal data, we operate primarily in accordance with the Data Protection Law of the Canton of Ticino (LPDP), the Law on the EOC (LEOC), the Law on Health Promotion and Health Coordination (LSan) and in relation to the service mandates assigned by the Canton of Ticino. We are also bound by the provisions of the Federal Data Protection Act (DPA) for activities governed by private law. Depending on the circumstances, we may also be subject to Regulation (EU) 2016/679 (GDPR). The applicability of these laws depends on the specifics of each case.

D. Legal Bases
The EOC, in particular, processes personal data if

• the data subject has provided consent to the processing;
• the processing is necessary for the fulfillment of obligations and duties arising from the Law;
• the processing is necessary for the preparation and conclusion of contracts and their administration and execution;
• the processing is necessary for the fulfillment of legitimate interests pursued by us or by third parties appointed by us;
• processing is essential for the performance of a task of public interest or relating to law enforcement entrusted to us;
• the processing is prescribed or authorized by EEA or member state law;
• the processing is essential to safeguard the vital interests of the data subject or those of other natural persons;

7. Use of Artificial Intelligence (AI)

The Ente Ospedaliero Cantonale (EOC) is committed to exploring and adopting innovative technologies such as Artificial Intelligence (AI) to improve the services and quality of care provided to its patients. In recent years, AI has gained an increasingly prominent role in healthcare, and we are aware of its potential in process optimization, automation of repetitive tasks, and big data analysis.

The EOC uses AI in a variety of areas, always making sure to take appropriate technical and organizational measures to protect personal data and ensure security. We are committed to monitoring the evolution of relevant regulations to ensure maximum transparency and accountability in the use of these technologies.
We are aware that the use of AI also brings some challenges. Therefore, we actively work to mitigate risks such as lack of traceability in decision-making processes and the possibility of inaccurate results. Each application of AI is carefully evaluated to ensure human-centeredness, i.e., that the benefits outweigh the risks and that the new technologies support and do not replace human judgment: automated decisions are always subject to active oversight by qualified personnel, ensuring that the human element remains central to clinical decisions and care delivery.

We are committed to keeping you informed about applications of AI within the EOC, including possible uses in clinical settings or through interaction tools such as the introduction of the virtual assistant (chatbot) here on our website. We aim to promote an open dialogue with patients and the community by continuing to provide updates on our artificial intelligence initiatives.

8. Who are the recipients of the data?

Often, the relationship between therapist and patient also requires the involvement of third parties such as laboratories, IT services, billing and insurance claims assessment services, and access to specific medical expertise through other professionals working in the health care setting. Communication and information sharing among health professionals and practitioners are essential prerequisites to enable the best interoperability of data in order to provide patients with quality care and treatment and effective and efficient care.

For this reason, the EOC can share information and personal data not only internally, but also with other professionals who work in close coordination with the activities performed taken our facilities.
Specifically, the EOC may communicate or share data with the patient's consent or in fulfillment of specific legal obligations with the following categories of recipients:

A. internal EOC recipients (non-exhaustive list):

• internal specialized operational staff forming part of the patient's circle of care (physicians, nurses, pharmacists, physiotherapists, biologists, chemists, psychologists, speech therapists and any other health care workers, including their auxiliaries, students and trainees);
• internal administrative staff responsible for carrying out specific management and direction activities (e.g., Quality Services, Medical Secretariats, EOC Medical Officer Service, Human Resources, Finance and Controlling Services, Legal & Compliance Group, Security Services, ICT Services);
• entities that provide services for the management of information and telecommunications systems used by the data controller for the organization, planning, implementation, and execution of management activities.

B. recipients outside the EOC (non-exhaustive list):

• external physicians (e.g., family physician, assistant physicians);
• insurance and social security agencies and collection services;
• other public and private health and hospital entities;
• suppliers of products and services (under contract to provide loan staff);
• pharmaceutical companies and/or medical device companies;
• freelancers who provide services to the data controller as data processors or who act as independent data controllers;
• subjects belonging to supervisory and control authorities;
• all entities covered by a mandate or contract agreement and not included in the categories listed above for which there is a legal obligation of disclosure by the EOC or other entities for which specific authorizations are acquired on the basis of special requests (e.g., on the basis of the law or from data subjects).

In any case, all recipients of personal data have access only to the data necessary for the performance of their activities and tasks and are obliged, by law or under specific confidentiality agreements, to maintain confidentiality regarding any information learned by reason of their job function.

In addition, the EOC processes personal data primarily and preferably on Swiss territory. However, it is possible that personal data may also be processed abroad, in other countries (e.g., Microsoft tools and Cloud systems) provided that they have the appropriate levels of security required by law or provide adequate safeguards to protect personal data.

Any exchange of information or transfer of data is carried out in compliance with the provisions of data protection laws and/or applicable special laws and involves only third parties that adhere to strict security standards designed to protect and guarantee the interests and fundamental rights of data subjects.

9. How do we handle personal data in the context of digital services?

A. EOC website: Cookies and similar technologies
In general, the processing of personal data on our website is limited to the data necessary for the provision of a functional website with user-friendly content and services. When visiting the EOC's website, the computer systems and software procedures in charge of its operation acquire in the course of their normal operation - i.e. automatically, without the need for the User to perform a specific action - some data concerning the User in navigation. The use of such data is implicit in the use of Internet communication protocols or may be for the purpose of improving the quality of the service offered, e.g. we may use browsing data, cookies and other similar techniques (such as "tracking pixels", see point 4, lett. C) to recognize visitors to our website, assess their behavior and identify their preferences.

During your visit to the EOC website, the computer systems and software procedures in charge of its operation acquire in the course of their normal operation - i.e. automatically, without the need for the User to perform a specific action - certain personal data concerning you, the transmission of which is implicit in the use of Internet communication protocols or is used to improve the quality of the service offered.

In addition, we may use browsing data, cookies and other similar techniques (see point 4, lett. C) to recognize visitors to our website, assess their behavior and identify their preferences.

This data and information is used to:

• ensure the proper display of content on our website;
• statistically analyze this data in an anonymous format in order to improve our services and data security;
• ensure the lasting functionality of our IT infrastructure and technology of our website;
• improve and optimize the content of our website;
• keep track of a user's data and navigation on the web page where he/she is located;
• be able to-in the event of cyber attacks-provide law enforcement agencies with the necessary information for investigations, inspections, etc.

The technical data we collect and the cookies we use do not, as a rule, contain personal data. However, personal data stored by us or by commissioned third parties (for example, when you have a user account with us or with a particular provider) may be combined with the stored technical data or cookies and information about you, which may allow us to establish a relationship with you.

We also use social plug-ins. These are small extensions that establish a relationship between the user's visit to our website and another provider. The social plug-in informs the provider that you have visited our website and may send them cookies that were previously stored in your browser. To learn more about how these providers use your personal data collected through their social plug-ins, please consult their data protection statements.

We also use tools and services from third-party vendors (who may also use cookies) on our website to improve certain features and content (for example, to embed videos or maps or through links to our social media pages, LinkedIn, Instagram, and Facebook), produce statistics, or link advertisements. Such third-party providers may be based outside Switzerland. Information on the disclosure of data abroad can be found in Section 7 (B). Further information can be found in the data protection statements of individual third parties. An example of this may be the use of social plug-ins, which are small software modules with which a connection of our website to social media can be established. The social plug-in informs the provider who visited our website and can send them cookies that have been previously stored in the User's browser. You can find out more about how these providers use the personal data they collect in their data protection statements.

The collected data is processed only for the stated purposes and then deleted or anonymized.

For more information and further details please read our Cookie Policy.

B. Social networking pages
On social networks and other platforms operated by third parties, we operate pages and maintain an online presence. In this context, we may process data about you. We may receive data from you (e.g., when you communicate with us or comment on our content) or from the platform (e.g., statistics).

The platform operators may analyze your use of the platform and process this data together with other data in their possession. They also process this data for their own purposes (e.g., marketing and market analysis, management of their platforms). In doing so, they act under their own responsibility. The data protection statements of each platform provide further information on this.

We have the right, but not the obligation, to monitor third-party content after it has been posted on our online pages, to delete content without notice, and, if appropriate, to report it to the platform operator.

Some platform operators may be based outside Switzerland. For information on data transfer abroad, see Section 7(B).

10. How do we protect personal data and how do we protect privacy?

A. Protection of Personal Data
We adopt security measures of a technical and organizational nature to ensure the security of personal data, to protect them from unauthorized or unlawful processing, and to counter the danger of loss, accidental alteration, inadvertent disclosure, or unauthorized access, to the extent permitted by the nature and management of the risk.

For example, in general, we use technical security measures such as encryption, anonymization and pseudo-anonymization of data, logging logs, password access restrictions, and back-up storage. In contrast, organizational security measures usually include contracts and confidentiality clauses, internal directives and protocols, targeted training, and periodic audits. We also select third parties, our data processors, obliging them to ensure an adequate level of data security and generally assuring us of their commitment to compliance with data protection regulations.

Our security measures correspond to the current state of the art and take into account generally recognized international standards.

B. Privacy protection
As part of the EOC's activities, we recognize that privacy goes far beyond mere data protection. Within our facilities, the protection of each individual's private and intimate sphere is of paramount importance. Our responsibility extends protection not only to patients, but also to employees, visitors and anyone who interacts within our spaces.

An individual's privacy is not limited to the protection of personal data. It also includes protecting the individual against physical intrusion, such as unauthorized capture of images, videos or recordings. Therefore, behaviors that may violate privacy, such as photography, video or sound recording, are strictly prohibited within our facilities, regardless of the medium used, including cell phones, cameras or any other electronic device.

It is emphasized that our facilities are primarily places of care. As such, every individual has the right to feel safe, respected and secure. This means that any behavior, including posts on social media (social media), that may harm a person's dignity, intimacy or personality is strictly and strictly prohibited.

In EOC facilities, the protection of privacy is essential to ensure a safe and caring environment. In the presence of situations that do not comply with our regulations, EOC staff are authorized to take appropriate action for the purpose of maintaining respect and safety. The cooperation of every individual is required to ensure the integrity of the environment within our facilities.

11. What are the rights of affected persons?

Every data subject (see Section 2(E)) has certain rights in relation to the processing of his or her personal data.
In particular, depending on the applicable law, every data subject has the right to:

• request access to his/her personal data(right of access)
• request the updating/amendment/correction of their personal data that is inaccurate or incomplete(right of rectification);
• request the deletion or anonymization of one's personal data(right to erasure);
• request the restriction of the processing of one's personal data, if the processing is not (anymore) necessary(right to restriction);
• request to receive their personal data in a structured, commonly used and machine-readable format(right to data portability);
• withdraw consent with effect for the future, if personal data are on the basis of consent(right of revocation);
• request the interruption of the transmission/communication of one's personal data, in the permitted cases(right to object).

Please note that the exercise of these rights may be subject to limitations or exclusions depending on the cases provided for by the Law (e.g. if there are doubts about the identity of the Applicant or if the exercise of the right may result in injury to the rights of other persons or to safeguard interests worthy of protection or simply to comply with certain legal obligations).

To exercise these rights, a request must be made in writing. Please be advised that in order to respond to requests regarding the exercise of the aforementioned rights, The EOC is entitled to take appropriate measures to identify the Applicant (e.g., if necessary, by means of a copy of an identity document) and the latter is required to cooperate. In line with the Data Protection Act, information is normally provided free of charge but costs may be considered where disclosure would require a disproportionate burden.

In any case if there are any doubts or questions about the exercise of rights or the content of this document, we invite you to contact us in advance (see item 12). If you are resident in the EEA, you may also have recourse to the relevant data protection authorities in your country. A list of these authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_fr.

12. How long do we keep personal data?

As a matter of principle, we retain personal data for no longer than is necessary to fulfill the purposes for which the data were collected (see Section 6). However, in some cases it is the Law itself that tells us what the retention periods for personal data are, or we are entitled to assert our specific legitimate interests that may provide for longer retention periods.

The criteria and legal terms of retention of personal data may vary. Some examples are:

• in the case of data contained in personnel files, salary certificates or working time records, the statutory retention period is 5 years (Art. 330a CO in conjunction with Art. 128 CO/Art. 46 Labor Law (LLL) and Art. 73 Ordinance 1 concerning Labor Law (OLL 1), while in documents pertaining to occupational medicine must be retained for 40 years (Annex 4 to the FMH Code of Ethics);
• Data contained in business records (such as invoices, tax records or expense slips) may be kept for at least 10 years (Arts. 958 and 958f CO), while access log records are kept for at least one year and are accessible only to the bodies and persons charged with verifying the application of data protection provisions or safeguarding or restoring confidentiality, integrity, availability and traceability of data and shall be used only for that purpose; the retention of data worthy of special protection included in the health record shall be kept for at least 20 years (combined Art. 128a CO and Art. 67, para. 4, LSan) treats personal data in accordance with the principles of good faith, proportionality and minimization, for as long as necessary to achieve the purposes.

Given the above, in the absence of legal or contractual obligations or technical and/or security reasons to the contrary, at the end of the storage period personal data will be deleted or completely anonymized.

13. How to get in touch with us?

For general questions related to data protection, the data controller can be contacted
via e-mail address [email protected].

For inquiries regarding the exercise of rights, in particular the right of access (Art. 25 DPA) and the right to data portability (Art. 28 DPA), they can be submitted by enclosing a copy of one's ID:

• in writing by regular mail to the following address:
  Data Protection Compliance Officer (DPCO) c/o General Management EOC, Viale Officina 3 - CP 1437, CH-6501 Bellinzona;
• or to the following e-mail address: [email protected].

Please note that, for security reasons, when processing requests the EOC may take appropriate measures in order to verify in advance the identity of the requesting data subject (Art 16, co 5, OPDa).