Closed Now +41 43 543 44 00
Home
Services
About Us
Contact
Book an appointment +41 43 543 44 00

Privacy Policy

ZOLLIKON FAMILY PRACTICE

Table of Contents

  1. Introduction and Scope
  2. Data Controller
  3. Definitions of Terms
  4. Rechtsgrundlagen
  5. Art der erhobenen Daten
  6. Purposes of Data Processing
  7. General Data Processing
  8. Cookies and Tracking Technologies
  9. Specific Data Processing (Third-Party Services)
  10. International Data Transfer
  11. Retention Periods
  12. Data Security
  13. Data Subject Rights
  14. Updates and Contact

1. Introduction and Scope

With this Privacy Policy, we inform you comprehensively about the nature, scope, and purposes of the collection and use of your personal data by HAUSARZTPRAXIS ZOLLIKON (Sole Proprietorship).

This Privacy Policy applies to our website https://arzt-zollikon.ch/ and all associated online offerings, services, and communication channels.

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with Swiss data protection law (revDSG) as well as the General Data Protection Regulation (GDPR) of the European Union.

The use of our website is generally possible without providing personal data. Insofar as personal data is collected on our pages, this is always done on a voluntary basis. This data will not be passed on to third parties without your express consent.

For individual or additional offers, special, supplementary, or further privacy policies as well as other legal documents such as General Terms and Conditions (GTC), terms of use, or conditions of participation may apply.

2. Controller

The entity responsible for data processing within the meaning of data protection legislation is: HAUSARZTPRAXIS ZOLLIKON Sole Proprietorship
Zumikerstrasse 18
8702 Zollikon
Switzerland

E-Mail: praxis@arzt-zollikon.ch
Telephone: +41 (0)43 543 44 00
Website: https://arzt-zollikon.ch/

If you have any questions about data protection, please feel free to contact us at any time.

3. Definitions of Terms

To make this Privacy Policy understandable, we use the following definitions of terms:Personal DataAll information relating to an identified or identifiable natural person. This includes, for example, name, address, email address, telephone number, or IP address.ProcessingAny handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion, or destruction of data.Data SubjectThe natural person whose personal data is processed.ControllerThe natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.ProcessorA natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.ConsentAny freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.CookiesSmall text files that are stored on your device and may contain certain information. A distinction is made between session cookies (deleted after the browser session ends) and persistent cookies (stored for a defined period).

4. Legal Basis

We process personal data in accordance with Swiss data protection law, in particular the revised Federal Act on Data Protection (revDSG) of September 25, 2020, and the Data Protection Ordinance (DSV).

Under Swiss law, the processing of personal data is generally permitted provided that:

  • There is no legal prohibition
  • the data subject has given consent
  • there is an overriding private or public interest
  • the processing is necessary for the performance of the contract

Stricter requirements apply to the processing of personal data requiring special protection or to high-risk profiling.

Legal Basis for the GDPR

To the extent that the General Data Protection Regulation (GDPR) of the European Union is applicable (e.g., for offers to individuals in the EU/EEA), we process personal data on the following legal bases in accordance with Article 6(1) GDPR: a) Consent (Article 6(1)(a) GDPR) The data subject has given consent to the processing of their personal data for one or more specific purposes. This consent can be withdrawn at any time with effect for the future. b) Contractual necessity (Article 6(1)(b) GDPR) Processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract. c) Legal obligation (Article 6(1)(c) GDPR) Processing is necessary for compliance with a legal obligation to which we are subject. d) Vital interests (Article 6(1)(d) GDPR) Processing is necessary in order to protect the vital interests of the data subject or of another natural person. e) Public interest (Art. 6 para. 1 lit. e GDPR) Processing is necessary for the performance of a task carried out in the public interest. f) Legitimate interests (Art. 6 para. 1 lit. f GDPR) Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

5. Type of Data Collected

We collect and process various categories of personal data. The specific data we collect depends on the services and features you use.

Overview of Data Categories

Category Examples Description
Master Data Name, First Name, Salutation, Title Basic personal information for identification
Contact Data Email address, phone number, postal address Information for contact and communication
Technical Data IP address, browser type and version, operating system, device type, screen resolution Automatically collected information when using our website
Usage Data Visited pages, dwell time, click paths, access times Information about your usage behavior on our website
Content Data Text entries in forms, message content, files Information actively transmitted by you
Communication Data Newsletter subscription, open and click behavior, email preferences Information related to our email communication
Application Data Resume, certificates, qualifications, professional experience Information within the scope of application procedures

Data Sources

Data is collected in various ways:

  • Directly from you: by entering it into forms, emails, registration
  • Automatically: through technical logging during website visits
  • From third parties: e.g., by payment service providers or advertising partners (if applicable)

6. Purposes of Data Processing

We process your personal data for the following purposes:

Purpose Description Legal Basis
Provision and operation of our website To provide you with our website and its functions Legitimate interest
Ensuring IT security Protection of our systems against misuse, attacks, and technical disruptions Legitimate interest
Processing of contact inquiries To answer your inquiries and communicate with you Contract initiation / Legitimate interest
Sending newsletters and marketing communications To inform you about news, offers, and relevant information Consent
Web analysis and statistics To analyze user behavior and improve our offerings Consent / Legitimate interest
Marketing and advertising For targeted advertising, conversion tracking, and remarketing Consent
Applicant Management For processing applications and conducting selection procedures Contract initiation / Consent
Fulfillment of legal obligations To comply with legal retention and documentation obligations Legal obligation

7. General Data Processing

Contact Forms

If you contact us via a contact form, the information you provide (name, email address, phone number, message) will be processed and stored for the purpose of handling your inquiry.

  • Processed data: Name, email address, optional phone number, message content
  • Legal basis: Fulfillment of contract or initiation of contract (Art. 6 para. 1 lit. b GDPR / Art. 31 para. 2 lit. a revDSG) or legitimate interest (Art. 6 para. 1 lit. f GDPR / Art. 31 para. 1 revDSG)
  • Retention Period: The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there are no legal retention requirements that prevent its deletion.

Newsletter

With your consent, you can subscribe to our newsletter, through which we will keep you informed about the latest information, offers, and news.

Double Opt-In: We use the double opt-in process: After you sign up, you will receive a confirmation email containing a link that you can use to confirm your subscription. You will be added to our newsletter mailing list only after you have confirmed your subscription.

  • Processed data: Email address, optional name, time of registration, IP address
  • Legal basis: Consent (Art. 6 para. 1 lit. a GDPR / Art. 31 para. 1 revDSG)
  • Revocation: You can unsubscribe from the newsletter at any time. An unsubscribe link can be found in every newsletter. Alternatively, you can contact us at praxis@arzt-zollikon.ch.

Applications

If you apply to us, we process your application data for the purpose of carrying out the selection process.

  • Processed data: Contact details, resume, cover letter, certificates, qualification proofs
  • Legal basis: Fulfillment of contract or initiation of contract (Art. 6 para. 1 lit. b GDPR / Art. 31 para. 2 lit. a revDSG) or consent (Art. 6 para. 1 lit. a GDPR / Art. 31 para. 1 revDSG)
  • Storage period: If the application is successful, the data will be transferred to the personnel file. If the application is rejected, the data will be deleted after 6 months, unless you have consented to longer storage for future job offers.

Server Log Files

Each time our website is accessed, technical data is automatically recorded in server log files. This is necessary for technical and security reasons.

  • Processed data: IP address, date and time of access, accessed page/file, amount of data transferred, browser type and version, operating system used, referrer URL, hostname of the accessing computer
  • Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR / Art. 31 para. 1 revDSG) – ensuring system security and error analysis
  • Storage period: Log files are automatically deleted after 30 days, unless longer retention is required for evidentiary purposes.

8. Cookies and Tracking Technologies

Cookies and similar technologies

Our website uses cookies and similar technologies to ensure functionality and provide you with an optimal user experience.

What are cookies?

Cookies are small text files that are stored on your device by your browser. They contain information that can be retrieved during a later visit.

Types of Cookies

Technically necessary cookies (Essential Cookies) These cookies are absolutely essential for the operation of the website. They enable basic functions such as page navigation, secure areas, and saving your cookie preferences. These cookies cannot be deactivated. Functional Cookies These cookies enable extended functionality and personalization, such as storing your language settings or user settings. Analytics Cookies These cookies help us understand how visitors interact with our website by anonymously collecting and reporting information. Marketing Cookies These cookies are used to display relevant advertising to visitors and to measure the effectiveness of our advertising campaigns.

Consent Management

We use CookieYes as a consent management platform to obtain and manage your consent for the use of cookies and similar technologies.

When you first visit our website, a cookie banner will be displayed where you can set your preferences. You can change your settings at any time via the cookie settings link in the footer of our website.

Note: Only technically necessary cookies are loaded before your express consent.

Browser Settings

You can set your browser to inform you about the setting of cookies, to allow only certain cookies, or to block cookies generally. Please note that if cookies are deactivated, the functionality of our website may be limited.

Legal basis: For technically necessary cookies: Legitimate interest (Art. 6 para. 1 lit. f GDPR). For all other cookies: Consent (Art. 6 para. 1 lit. a GDPR).

9. Specific Data Processing (Third-Party Services)

We use third-party services to operate, analyze, and improve our website. Below, we inform you in detail about the services used.

Analytics

Google Analytics 4

Provider: Google LLC
Location: USA
Purpose: Web analysis and visitor statistics to improve the website
Data categories: IP address, device information, browser type, visit behavior, location data
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy
IP anonymization: activated

Marketing & Tracking

Google Tag Manager

Provider: Google LLC
Location: USA
Purpose: Central management of website tags and tracking codes
Data categories: IP address, browser information, page views
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy

Meta Pixel (Facebook)

Provider: Meta Platforms Inc.
Location: USA
Purpose: Conversion tracking and remarketing for Facebook/Instagram advertising
Data categories: IP address, user behavior, conversion data, device information
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://www.facebook.com/privacy/policy/
Conversion tracking: activated

LinkedIn Insight Tag

Provider: LinkedIn Corporation
Location: USA
Purpose: Conversion tracking and remarketing for LinkedIn advertising
Data categories: IP address, user behavior, professional data, conversion data
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Conversion tracking: activated

Google Ads Conversion Tracking

Provider: Google LLC
Location: USA
Purpose: Measurement of advertising campaign success and conversions
Data categories: IP address, conversion data, click data, device information
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy
Conversion tracking: activated

Hosting & Infrastructure

Cloudflare

Provider: Cloudflare Inc.
Location: USA
Purpose: CDN, DDoS protection and performance optimization
Data categories: IP address, browser information, request data
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Kinsta

Provider: Kinsta Inc.
Location: European Union
Purpose: Managed WordPress Hosting
Data categories: IP address, server logs, website data
Legal basis: Fulfillment of contract
Privacy Policy: https://kinsta.com/legal/privacy-policy/

Hostpoint

Provider: Hostpoint AG
Location: Switzerland
Purpose: Swiss web hosting and servers
Data categories: IP address, server logs, website data
Legal basis: Fulfillment of contract
Privacy Policy: https://www.hostpoint.ch/hostpoint/datenschutz.html

cyon

Provider: cyon GmbH
Location: Switzerland
Purpose: Swiss web hosting
Data categories: IP address, server logs, website data
Legal basis: Fulfillment of contract
Privacy Policy: https://www.cyon.ch/legal/datenschutz

Security

Cloudflare Bot Management

Provider: Cloudflare Inc.
Location: USA
Purpose: Detection and blocking of bots and automated attacks
Data categories: IP address, browser fingerprint, behavioral analysis
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Google reCAPTCHA v2

Provider: Google LLC
Location: USA
Purpose: Protection against automated form submissions (spam)
Data categories: IP address, browser information, mouse movements, cookies
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://policies.google.com/privacy

Google reCAPTCHA v3

Provider: Google LLC
Location: USA
Purpose: Invisible bot protection through behavioral analysis
Data categories: IP address, browser information, user behavior, cookies
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://policies.google.com/privacy

Wordfence

Provider: Defiant Inc.
Location: USA
Purpose: WordPress security and firewall
Data categories: IP address, login attempts, security logs
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://www.wordfence.com/privacy-policy/

CDN & Resources

cdnjs (Cloudflare)

Provider: Cloudflare Inc.
Location: USA
Purpose: CDN for JavaScript libraries
Data categories: IP address, referrer, user agent
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://www.cloudflare.com/privacypolicy/

Google Fonts (Remote)

Provider: Google LLC
Location: USA
Purpose: Integration of fonts via Google servers
Data categories: IP address, referrer, user agent
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy

Google Fonts (Locally hosted)

Provider: Self-hosted
Location: Switzerland
Purpose: Locally integrated fonts without external connections
Data categories:  
Legal basis: No data transfer
Privacy Policy:  

Font Awesome (CDN)

Provider: Fonticons Inc.
Location: USA
Purpose: Icon library via external CDN
Data categories: IP address, referrer
Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Privacy Policy: https://fontawesome.com/privacy

Adobe Fonts (Typekit)

Provider: Adobe Inc.
Location: USA
Purpose: Premium fonts via Adobe servers
Data categories: IP address, page views
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://www.adobe.com/privacy/policy.html

Widgets & Embeds

Google Maps

Provider: Google LLC
Location: USA
Purpose: Embedding interactive maps
Data categories: IP address, location data, device information, cookies
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy

Mapbox

Provider: Mapbox Inc.
Location: USA
Purpose: Interactive maps and location services
Data categories: IP address, location data, usage data
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://www.mapbox.com/legal/privacy

WordPress Plugins

Contact Form 7

Provider: Takayuki Miyoshi
Location: Switzerland
Purpose: Contact forms for WordPress
Data categories: Form data, email address, name
Legal basis: Consent / Contract initiation
Privacy Policy: https://contactform7.com/privacy-policy/

WPForms

Provider: WPForms LLC
Location: USA
Purpose: Drag-and-drop form builder
Data categories: Form data, email address, uploaded files
Legal basis: Consent / Contract initiation
Privacy Policy: https://wpforms.com/privacy-policy/

Elementor

Provider: Elementor Ltd.
Location: Other Countries
Purpose: Page Builder for WordPress
Data categories: Usage data, license information
Legal basis: Fulfillment of contract
Privacy Policy: https://elementor.com/about/privacy/

WPML

Provider: OnTheGoSystems Ltd
Location: European Union
Purpose: Multilingualism for WordPress
Data categories: Language preferences, license information
Legal basis: Fulfillment of contract
Privacy Policy: https://wpml.org/about/legal/

Yoast SEO

Provider: Yoast BV
Location: European Union
Purpose: Search engine optimization for WordPress
Data categories: Website metadata, usage statistics
Legal basis: Legitimate interest
Privacy Policy: https://yoast.com/privacy-policy/

Site Kit by Google

Provider: Google LLC
Location: USA
Purpose: Integration of Google services into WordPress
Data categories: Analytics data, Search Console data, AdSense data
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Privacy Policy: https://policies.google.com/privacy

10. International Data Transfer

Data transfer to third countries

As part of our data processing, personal data is also transferred to recipients outside Switzerland and the European Economic Area (EEA). This applies in particular to the following countries:

USA, Other Countries, OTHER

For these countries, there is no adequacy decision by the European Commission or the Federal Data Protection and Information Commissioner (FDPIC) confirming a level of data protection comparable to that in Switzerland or the EU.

Guarantees for data transfer

To ensure an adequate level of data protection, we rely on the following guarantees:

  • Standard Contractual Clauses (SCC): We have concluded the Standard Contractual Clauses approved by the European Commission with the relevant recipients, which contractually guarantee an adequate level of data protection.
  • Adequacy assessment: Before each data transfer, we check whether the recipient country offers an adequate level of data protection or whether additional protective measures are required.
  • Additional protective measures: If necessary, we implement technical and organizational measures such as encryption, pseudonymization, or contractual agreements to ensure the protection of your data.

Note on USA transfers

Some of our service providers are based in the USA. The USA currently does not have a level of data protection equivalent to that in Switzerland or the EU. However, we have agreed on Standard Contractual Clauses with these providers and/or they have committed to complying with appropriate data protection standards.

Please note that US authorities may have access to transferred data under certain circumstances. By using the corresponding services (after information and, if applicable, consent), you accept this residual risk.

Your rights

You have the right to request a copy of the agreed Standard Contractual Clauses or information about the implemented protective measures.

11. Retention Periods

Retention Periods

We store your personal data only for as long as it is necessary for the fulfillment of the purposes for which it was collected or as required by legal retention obligations.

General Principles

The storage period depends on:

  • the purpose of data processing
  • legal retention obligations
  • legitimate interests (e.g., defense against legal claims)
  • the type of data and the risk to the data subjects

Specific Retention Periods

Data Category Retention Period Basis
Contact inquiries 12 months Fulfillment of purpose / Legitimate interest
Newsletter data Until unsubscribed Until consent is revoked
Server log files 30 days IT security
Booking documents / Invoices 10 years Art. 958f OR (Swiss law)
Contracts and business correspondence 10 years after contract end Art. 958f OR / Limitation periods
Application documents (rejection) 6 months Defense against claims

Legal retention obligations (Switzerland)

According to Swiss law, the following retention obligations apply in particular:

  • Art. 958f OR: Business books and booking documents, as well as the annual report and the audit report, must be retained for ten years.
  • Tax law regulations may provide for additional retention obligations.

After the respective periods have expired, the data is routinely deleted, unless it is still required for other purposes.

12. Data Security

Data Security

We take appropriate technical and organizational security measures (TOM) to protect your personal data from unauthorized access, loss, misuse, or destruction. The specific measures used are based on the current state of the art and are regularly reviewed and adapted.

Our security measures may include, depending on the risk and protection requirements:

  • Encrypted data transmission (e.g., TLS/SSL)
  • Access restrictions and authorization concepts
  • Protection of IT infrastructure through suitable security systems
  • Regular data backups
  • Maintenance and updating of our systems
  • Confidentiality obligations for employees
  • Careful selection and contractual binding of service providers
  • Processes for detecting and handling security incidents

Security in international data transfers

If personal data is transferred to recipients in countries without an adequate level of data protection, we ensure that your data is adequately protected through appropriate guarantees. These may include, in particular, standard contractual clauses, contractual agreements, or technical protective measures such as encryption.

Limitation

Despite all precautions, no data transfer over the internet can be guaranteed as completely secure.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will inform you immediately and notify the competent authorities.

13. Data Subject Rights

Your Rights (Data Subject Rights)

As a data subject, you have various rights regarding your personal data. These rights arise from the Swiss Data Protection Act (revDSG) and, where applicable, from the General Data Protection Regulation (GDPR).

Right to Access

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to access this data and to further information such as the purposes of processing, categories of data, recipients, and planned storage period.

Right to Rectification

You have the right to request the rectification of inaccurate or the completion of incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

You have the right to request the erasure of your personal data under certain conditions. This applies in particular if the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your data under certain conditions, e.g., if you dispute the accuracy of the data or if the processing is unlawful.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, where such processing is based on legitimate interests.

In the case of direct marketing, you can object at any time without giving reasons.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw this consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

Competent supervisory authority in Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Tel.: +41 58 462 43 95
Website: www.edoeb.admin.ch

For offers to persons in the EU/EEA, you can also contact the data protection supervisory authority responsible for your country.

Exercising Your Rights

To exercise your rights, you can contact us at any time:

Email: praxis@arzt-zollikon.ch
Phone: +41 (0)43 543 44 00

To process your request, we require proof of identity to ensure that the request comes from the authorized person. We usually process your request within one month.

14. Updates and Contact

Updating this Privacy Policy

We may adapt and update this Privacy Policy from time to time to reflect changes in our data processing practices, new legal requirements, or other developments.

Changes will be published on our website. For significant changes affecting your rights or the nature of data processing, we will inform you separately – where possible and appropriate.

We recommend that you regularly review this Privacy Policy to stay informed about the current status of our data protection practices.

Contact for Questions

If you have any questions about this Privacy Policy or the processing of your personal data, you can contact us at any time:

HAUSARZTPRAXIS ZOLLIKON
Email: praxis@arzt-zollikon.ch
Phone: +41 (0)43 543 44 00

Status of this Privacy Policy: 2026-07-14


Legal Notice

This document was created with the Privacy Policy Generator from dartera and does not constitute legal advice. It does not replace individual legal advice from a lawyer or data protection expert.

Please have this Privacy Policy reviewed by a legal expert before publication to ensure that it meets your specific requirements and the current legal situation.

Status: 2026-07-14