Data Privacy Statement

MRI Medical Radiological Institute Zurich KIG (MRI Medizinisch Radiologisches Institut Zürich KIG), which has 4 sites in Zurich and is registered in the Commercial Register (CHE-243.612.595), renders medical services in the field of medical imaging. This is the privacy statement of this medical practice (hereinafter we, us, MRI). The following privacy statement applies to the use of our website and the medical services we offer (in particular your treatment/examination at our practice). This privacy statement informs you, as a patient (hereinafter you) or as a visitor to our website, about the collection of personal data during the use of our website and our services. By using this website, you agree to the processing of your personal data in accordance with this privacy statement.

Generally, our medical practice offers its services in Switzerland and is focused on persons resident in Switzerland.

Contact details

Your data will be processed by us. The contact on our part regarding the purpose and means of the processing is:

MRI Data Protection Office
Goethestrasse 18
CH-8001 Zürich
Telephone: +41 44 226 20 90
E-Mail: datenschutz [at] mri-roentgen [dot] ch

Please send your enquiries in writing or by email to the respective above address.

Collection of data

We shall collect personal data that you or your doctor communicate to us, e.g. through your doctor's referral documents, the completion of the registration form, the telling of the patient's history or the publication of data.

Particular types of personal data are deemed to be «sensitive» under data protection law, e.g. health data such as symptom descriptions, diagnoses, laboratory results, medication and other characteristics as well as biometric features. Depending on the context, aforementioned categories of personal data may also encompass personal data that are particularly worthy of protection (e.g. religious affiliation information in the master data for your treatment needs). As a rule, we process personal data that are particularly worthy of protection only if this is necessary for rendering a service, you have disclosed these data to us of your own accord or you have given us or your referring doctor your consent to the processing. If we receive data from your referring doctor, we shall assume that you have given your consent. Moreover, we may process personal data that are particularly worthy of protection if this is necessary for the safeguarding of rights or for compliance with domestic or foreign legal provisions, if the data concerned have evidently been made public by the data subject, or if applicable law otherwise permits their processing.

Technically essential data are collected every time the website is accessed. Such data may include, for example, the browser types used, the operating system used, the date and time of access, an Internet Protocol address (IP address), the name and URL of the file accessed.

Purposes of the data processing

Your data will be processed for the purposes of performing our services. They may also be processed for the following additional purposes:

  • for communicating with you, e.g. answering enquiries
  • for handling contractual relations, e.g. for rendering medical, radiological and pharmaceutical services
  • for the functioning of the practice's processes such as IT, websites (e.g. patient web portal) etc.
  • for maintaining the customer relationship
  • for ensuring that actions conform with the law, industry standards etc.
  • for legal proceedings or investigations
  • for ensuring safety
  • for administrative activities and management
  • for the instruction, skills development and training of the employees generally bound to secrecy

Duration of retention

Your data will be retained for 20 years from the time you were last treated. The retention period is a legally mandatory obligation of the doctor and cannot be altered.

Disclosure of the data to third parties and processors

Insofar as necessary for the operation of our medical services (in particular for your well-being), we shall pass on data to the companies we contract to operate and handle the services. During the processing of your data, your data may be disclosed to the following third parties:

  • doctors and hospitals responsible for pretreatment and follow-up treatment, on request
  • scientific circles (such as for example tumour boards)
  • health insurance funds and insurance companies, in particular for the assessment of obligations to pay benefits
  • group companies and their employees, insofar as these are bound to secrecy
  • service providers (who process your data partly on our behalf, e.g. IT/web providers, support companies, partly under their own responsibility, e.g. laboratories for investigations or solicitors in the case of legal questions)
  • public authorities at home and abroad due to statutory obligations

The respective service providers are bound to our standards under data protection law by way of statutory provisions, a data processing agreement or on the basis of contractual provisions or are entitled to process personal data by using standard contractual clauses recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

Disclosure of the data abroad

Within the scope of statutory or contractual processing (e.g. IT support of radiological equipment), your data may possibly be transferred to EEA countries and processed and stored there, and to any country in the world in exceptional cases. In this respect, we shall make sure that the respective country has adequate data protection. If your data are transferred to a country that does not have adequate data protection or are processed and stored in such country, this shall take place on the basis of contractual safeguards reported to the FDPIC. However, standard contractual clauses created or recognised by the FDPIC shall be used, meaning that the reporting obligation shall not apply.

Withdrawal or limitation of your consent

You have the right to withdraw or limit your consent. Such change shall be valid if made in writing (not by email) and shall, from the time of receipt, apply to the processing of data in future. Rights not based on consent (e.g. statutory or contractual rights) shall remain unaffected by the withdrawal of consent.

Cookies and further service offerings

Our medical practice may use cookies on its website. Cookies contain a so-called cookie ID, a unique cookie identifier that links websites and servers to a specific Internet browser. A particular Internet browser is recognisable and identifiable via this unique cookie ID.

Data security

In order to be able to safeguard your rights, your data will be protected against unauthorised access, alterations and loss. Technical and organisational measures (e.g. access restrictions or backups) serve us in this respect. The technical and organisational measures to be chosen are invariably based on the risk. The stipulations on data security in the Data Protection Regulation (DPR) shall be observed accordingly.

We use a portal solution (see patient portal) and an encrypted email connection (HIN Global) to exchange sensitive data. In individual cases, and especially for making appointments, unencrypted emails and SMS messages may be used. You acknowledge and agree that in such cases we exchange data unencrypted.

Patient portal

In the patient portal, you can view your images and the results of all examinations performed at the MRI. The images and results will be stored locally on services at the MRI and thus be protected against external access, and be made available to you. You will receive, by email or as a printout, a link or QR code and an additional code for entry. The portal is protected by two-factor authentication so that only authorised persons have access to the data. In the patient portal, it is possible to download images and results or share them by email (e.g. with another doctor); in the process, the link / QR code and the additional code are forwarded. The second factor for authentication must then still be communicated to the addressee. The portal processes are recorded.

Your rights

You have various rights on the basis of data protection law, e.g. a right of access. To assert your rights, please contact us.

Applicable law and place of jurisdiction

This privacy statement and the contracts entered into on the basis of or in connection with this privacy statement shall be subject to Swiss law, excluding any conflict-of-laws standards that may exist. The place of jurisdiction is the place where the medical practice has its registered office.

Final provisions

If individual parts of this privacy statement are ineffective, this shall not affect the effectiveness of the remainder of the privacy statement. We may adapt this privacy statement at any time without prior notice. The respective current version published on our website shall apply.

MRI, 14 August 2024

Version 1.1 of 14.08.2024