1 How is the Adent Group committed to protecting the personal data you entrust to us?
1.1 The Adent Dental Clinics commitments to protecting your personal data
Adent Dental Clinics is a major presence in the dental sector and the number one network of Swiss dental clinics operating nationwide, with clinics in both French- and German-speaking Switzerland.
We want our patients, clinicians and employees to place their trust in us because we offer relevant, customised solutions, including in the area of data privacy.
Our commitments are based upon your consent.
We undertake to secure and protect the personal data which we collect from our patients, applicants for employment and internet users visiting any of the websites in our network, especially against any malicious breach, loss, alteration or disclosure to unauthorised third parties.
1.3. Applicable regulations
As a group of companies under Swiss law, we comply with all Swiss Confederation legal provisions on the protection of personal data, both federal and cantonal, including the Data Protection Act (DPA) CC 235.1 of 19 June 1992 (status on 1 January 2011) governing the processing of personal data belonging to any legal person or entity registered in Switzerland, and the corresponding regulations for all our patients who are Swiss citizens residing or registered in Switzerland and who are within the Swiss Confederation.
The Federal Data Protection Act guarantees that personal data is processed in accordance with the fundamental rights, freedoms and dignity of individuals, with particular emphasis on confidentiality, their identity and the right to data privacy.
For our patients and internet users located within the European Union, we are required to comply with the provisions of Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation), in force across the entire EU since 25 May 2018, whenever we make them offers of goods or services, but also whenever they are subject to our use of commercial targeting based on profiling within the European Union (EU).
In view of the above, we are at present required to distinguish between three levels of regulations in the implementation of our Privacy Charter on the Protection of Your Personal Data:
1.3.1. Swiss regulations
- Federal level: The Data Protection Act (DPA) and corresponding provisions, in particular the Civil Code, which in connection with the protection of personal data include the data of natural persons and those of legal entities;
- Cantonal level: The Adent Group is subject to cantonal regulations – including on the management of patient records by health professionals – for all rights that patients have to access their records and information; this means we are subject to the health laws in all cantons in which the Adent Group operates.
1.3.2. European Union regulations
These are the GDPR, the General Data Protection Regulation, and the national laws applicable in the country of location of the patient or internet user.
In the interests of improving the understanding of this Charter, the terms below are understood as follows:
- Personal data: Personal data is any information relating to a natural person who is identified or may be identified, either directly or indirectly, by reference to an identifier such as a name, an identification number, location data or one or more specific aspects pertaining to their identity, whether physical, physiological, genetic, etc.
- Sensitive data: This is information concerning racial or ethnic origin, political, philosophical or religious views, trade union membership, health or sex life, as well as biometric and genetic information.
- Processing of personal data: Processing signifies any operation or combination of operations, whether or not carried out using automated processes, which are applied to personal data or sets of personal data, such as the collection and organisation, saving, viewing, use, circulation or any other form of provision, reconciliation or disposal of the data.
- IP (internet protocol) address: This is an online identifier assigned to a person by the device applications, tools and protocols they use. IP addresses are protected personal data since they indirectly allow a person to be identified, and so their collection and use by private companies requires the consent of the individual concerned.
- Patient history: This is the entire set of information about the patient’s history provided by him/her or third parties to the health professional during a medical consultation.
- Profiling: This is any form of automated processing of personal data entailing the use of this data to evaluate certain personal features of a natural person, especially in order to predict their health, personal preferences, behaviour, etc.
- Offer of goods or services: This must allow the person concerned to order goods or services, whether they attract a fee or are free of charge.
2. What types of data do we collect?
The forms that we make available to you, either in hard copy or via one of our websites, specify the information that must without exception be provided to our relevant departments, as well as optional information and the consequences of not supplying this information (e.g. restricted access to our services).
For each dental treatment, our forms state the purpose and aim of data collection, the category of data collected, the data retention period and your rights.
The data we collect can be divided into four categories:
2.1. Data associated with our dental care services
We collect the following identification information: surname, first name, address, date of birth, telephone number, e-mail address, OASI number (old-age and survivor’s insurance), social security number and mutual insurance membership number, as well as various other items of data such as family situation, income, etc. and details of the person to contact in an emergency.
When we carry out dental treatment, we may also need to collect information relating to your state of health, including a panoramic dental X-ray, your blood group, allergies, etc. as part of your patient history. All of this information is included in your patient records.
2.2. Data associated with our commercial activity
We collect the following identification data: surname, first name, address, date of birth, telephone number, e-mail address, IP address.
This information is needed in particular to give you access to our range of treatments, as well as to all our web services.
2.3. Data associated with your use of any of our websites
The device you use to connect to the internet communicates with one of our servers, which provides it with all the resources it requests by automatically saving each operation in a specific file (cookies or text files) whenever your device can be identified by its IP address. Your browser automatically sends certain standard data such as your IP address and operating system to our servers.
We encourage you to refer to our Cookies Policy, which sets out our commitments regarding the cookies we use.
2.4. Data associated with our recruitment procedures
If you apply online to join the Adent Group, we will only collect the information contained in your application file which is strictly necessary for any future employment relationship. HR managers and other managers involved in screening your application will have access to your data in this context only.
3. At what stage do we collect your personal data?
Your data is collected either:
- When you register on our website, especially when you make an appointment online;
- When you sign up to receive our newsletter;
- When you first visit one of our dental clinics with a view to receiving dental services or undergoing dental treatment by us;
- When your dental history is taken by one of our dentists or dental assistants;
- When you apply online to work for us;
Automatically when you browse one of our websites (see our Cookies Policy).
This data is regularly updated, in particular as changes are made to your patient records or to the information you provide to us.
This information is collected in order to compose one or more individual files for each specific treatment that you have clearly and unambiguously volunteered to undergo.
4. Which action has the Adent Group taken to keep your data secure?
4.1. Our commitments to data privacy and security
It is our priority to respect your right to the protection, security and confidentiality of your data.
The Adent Group undertakes to implement security measures which are adequate for the sensitivity of the personal data, in order to protect it from any malicious breach, loss, alteration or disclosure to unauthorised third parties.
When we develop, design, select and use services which rely on the processing of personal data, the Adent Group takes into account the right to data privacy from the point the services are conceived and/or by default, in order to safeguard you against any attack on your personal identity.
For example, in this regard we pseudonymise or anonymise personal data whenever this is possible or necessary.
Since all personal data is confidential, access to it is limited to employees of the Adent Group or service providers acting on behalf of the Adent Group who require it in order to perform their duties.
All individuals who have access to your data are bound by a duty of confidentiality and may be subject to disciplinary action and/or other sanctions if they fail to comply with these obligations.
Operations involving any third party receiving your data are covered by a contract to ensure that your personal data is protected and your rights respected.
Within the Adent Group, we are fully committed to protecting the personal data that you entrust to us. We always work to ensure the security and protection of your data and in this spirit, we encourage you to exercise care to prevent any unauthorised access to your personal data and to protect your devices (computer, smartphone, tablet, etc.) against any unwanted or malicious access by choosing a secure password which you are advised to update on a regular basis. If you use a shared computer, we recommend that you log out after every use.
4.2. Our Data Protection Officer
We have appointed a Data Protection Advisor or Data Protection Officer (DPO) whose contact details are as follows:
Ms Jessica Austin (firstname.lastname@example.org)
5. Why do we collect data about you?
We pledge to use your data ethically and responsibly. We undertake to collect only the data we need in order to carry out our business activity.
By collecting and processing personal data and by defining the means employed and the purposes associated with this processing, the Adent Group is the Controller of the Data File within the meaning of the Swiss Data Protection Act, and the Data Controller within the meaning of the GDPR. The Adent Group therefore bears a responsibility towards you but also towards the authorities.
To this end, we have taken appropriate organisational and technical steps to prevent any malicious breach, loss, alteration or disclosure of your data to unauthorised third parties.
5.1. As a patient accessing the dental care we offer
We collect your data in order to offer you the dental care and products best able to meet your needs, while at the same time protecting your health and your rights as a patient.
5.2. As an internet user registering on one of our websites
We collect your data in order to respond as best we can to your requests for information, in order to provide you with the dental care you have requested, to tell you about our new products and services, and to allow you to benefit from our promotional offers.
5.3. As an internet user visiting one of our websites
We collect data automatically in order to monitor the general activity on our websites without being able to identify you by your name.
5.4. As an online applicant for employment
Your application for employment with us will be treated completely confidentially. We will only record and process the personal data contained in your application in the context of a potential employment relationship, and it will only be rendered accessible to HR managers and other relevant managers in this very specific context.
If you provide the personal details of a third person as a reference for your application, you undertake to inform the data subject and obtain their consent.
6. How do we use the data we collect?
We collect your data on the basis of the consent you grant us when you tick a box provided for this purpose for each treatment we carry out. It may also be collected in connection with a legal obligation by which the Adent Group is bound.
As the Controller of the Data File or Data Controller, we remain responsible for your data within the limits of your consent or this legal obligation.
7. With whom do we share your personal information?
We may transfer your personal data to other entities if you have given your consent for us to do so.
The data we collect may be shared in accordance with the conditions set out below:
7.1. Sharing your data with all companies of the Adent Group
For the purposes stated in this Charter, we may transfer your personal information to other entities and companies with a capital link to the Adent Group in Switzerland. In order to guarantee the security of your personal data, these entities are contractually bound to comply with our requirements relating to privacy. Furthermore, all of our employees receive our instructions on the subject of data protection. By accessing our website, signing up for a product or providing us with your personal information in any other way, you authorise this transfer of your personal data across the Adent Group network.
7.2. Sharing your data with our service providers
We work with providers of products and services who help us manage or support some aspects of our operations. These product or service providers may be located in Switzerland, the EU or outside the EU, and may be tasked with credit card processing, fraud management services, online registration, product delivery, content personalisation, advertising and marketing activities (notably digital and personalised advertising), IT services, messaging service provision, data hosting, satisfaction surveys, recovery of debts or the management or support of any of the Adent Group websites. These providers are contractually bound to ensure the confidentiality of the personal data transferred to them by us, and they may under no circumstances use this data for any purpose other than to execute the duties specified, in accordance with the requirements of the Adent Group.
Your data will only be disclosed to third parties located in Switzerland or in another country providing the same level of protection as that which we must guarantee.
7.3. Sharing your data without your consent
The Adent Group may be required to disclose your personal data without obtaining your prior consent in the following cases only:
- If we have valid grounds to believe that it is in our overriding interest to identify, contact or initiate legal proceedings against any person liable to cause any harm to our Group, regardless of whether this harm is intentional, or in order to safeguard the integrity of all of our rights;
- If our Group should acquire another company or be reorganised, bought out, merged with or amalgamated or absorbed into another company in any way whatsoever;
- If a supervisory or judicial authority explicitly requests us to do so via the applicable legal channels.
7.4. Sharing your data with other healthcare professionals
Your data will only be shared in this way if you have given your consent to do so and in accordance with a legal provision applicable to us, our overriding interests, and after making a request (if applicable) to the competent authority to breach the principle of doctor/patient confidentiality, by which we are bound.
The Adent Group cannot be held liable in any way whatsoever for the consequences of an unauthorised use of this data, in breach of contractual or legal directives, by third parties or by authorities which have been able to access your data. These contractual provisions, as well as audits that we may be required to instigate in respect of these third parties, are part of our commitment to protecting your personal data.
8. Where is your personal data stored?
Your data is stored by the Adent Group which collects it, in compliance with Swiss laws and European Union regulations.
We may be required to share with other companies the personal data necessary to provide the services you have contracted or subscribed to (home delivery, for example).
Operations involving a third party which receives your data are covered by a contract, in order to assure you that your data is protected and your rights respected.
All servers on which data is stored are located either in Switzerland or within the European Union. Data stored by our data host partners is anonymised. Our patients’ health information is stored exclusively on servers located in Switzerland, as required by Swiss federal and cantonal laws.
Some of your data may be held in paper format in secure areas inside the treatment centres where you received your dental care.
The information we collect is held in secure environments which cannot be accessed by the public.
9. For how long do we retain your personal data?
Your data is only retained for the period of time necessary for the purposes of the data processing, or for the period of time imposed upon us by law.
9.1. For patients or internet users located in Switzerland
We hold your data for a period not exceeding 10 years in accordance with the federal provisions contained in Articles 127 and 128 of the Code of Obligations, which states: “All claims prescribe after ten years, unless otherwise provided by federal civil law.” This is the retention period in principle which applies in Switzerland. However, certain cantonal provisions may instruct us to implement a longer or shorter data retention period. The period begins from the time of your last consultation at one of our centres.
While the retention period in principle is 10 years, the retention periods for data comply with the recommendations of the Federal Data Protection and Information Commissioner (PFPDT) and/or our obligations under legislation, as follows:
- For life for official documents, e.g. official family documents, passport, family record book, OASI card, certificates of education, employment references, deeds of property
- Five years for cantonal taxes, public insurance policies (e.g. compulsory insurance, OASI), rental payments, salaries, child maintenance, doctor’s invoices, notaries, lawyers, tradespersons, etc.
- Three years for any fines incurred
- Two years for some insurance policies such as private, supplementary or household policies
9.2. For patients and internet users located in the EU who have received dental products or services from us, the time periods may vary from one EU member state to another.
For example, the following periods apply to Adent Group patients in France:
- In accordance with Article R.1112-7 of the French Public Health Code, patients’ medical records must be kept for 20 years from the time of their last consultation, except in the event of the patient’s death, following which their records will be kept for 10 years from the date of death. Furthermore, your personal data is retained in accordance with the provisions of CNIL (French National Data Protection Authority) simplified standard no. 48 on the automated processing of personal data for the management of customers and prospective customers.
- The data retention periods adhere to CNIL’s recommendations and/or our obligations under legislation, as follows:
- For customer account information, three years after the last commercial contact
- For Adent Group website connection data, one year
- For cookies, thirteen months
- For invoices, five years
- For identification information, retention until customer requests erasur
At the end of the retention period, your data will either be anonymised and/or destroyed.
Your data will be anonymised in order to meet our legal obligations in connection with historical scientific and/or medical research, and/or for the statistical purposes of our own departments.
9.3. For online applicants to the Adent Group
Job application files will be kept while they are processed by the individuals within the Adent Group authorised to undertake this activity. Documents sent to us and any copies of these will be deleted immediately if the application is rejected, unless you agree that your file may be retained in order to offer you another position within the Adent Group which may subsequently become available.
10. What are your rights over your data and what are our obligations?
Under the regulations in force and by which we are bound, you retain control of your personal data and remain at liberty to have possession and verify the processing of your data at any time. These rights concern your own personal data, as well as that of any person to whom you may be the legal successor.
However, different rights and obligations are attached to your personal data depending on whether you are located within the Swiss Confederation or within the European Union, and we are required to ensure that we comply with these regulations.
10.1. As a citizen or resident of Switzerland, or if you are registered in Switzerland, you are entitled to:
- Be informed of the nature and purpose of the processing, as well as all operations connected with this processing
- Object to or restrict the processing of your data at any time. This objection would only be valid in the future; it cannot be applied to processing previously carried out
- Request the restriction of processing
- Have access to the processing of your personal data
- Request the erasure of your data under the right to be forgotten
- Request that your personal data be rectified if any is found to be false or inaccurate
You may exercise your right of access, rectification or erasure at no cost to you. No compensation will be requested from you unless your application is proven to be unrelated to the processing you refer to, or if it is repetitive, vexatious, or requires disproportionate effort. The fee that we would be entitled to claim from you in such a case may not exceed the sum of CHF 300 (three hundred Swiss francs).
Individuals located in Switzerland who wish to assert their right of access, rectification or erasure of their data may apply to us either by post or e-mail providing proof of their identity. No justification is necessary. Your application must be addressed directly to the person referred to in question 11, “How can you exercise your rights?” The data you send us in your request to exercise your rights will only be used to identify you, thereby ensuring the security of your data is protected and it is not shared with any third party.
We have a period of 30 days following receipt of your request in which to respond. We are entitled to restrict, defer or refuse your right to rectify or delete your data. In any of these scenarios, we will provide an explanation justifying the grounds for our decision to refuse, defer or restrict your access. As soon as the reasons and/or interests which justified this refusal, deferral or restriction are eliminated, we undertake to send the requested information to you, providing that this does not prove impossible to do and does not necessitate disproportionate effort.
10.2. As an individual located within the European Union who receives an offer of goods or services or who is subject to profiling by the Adent Group, you have the following rights:
- The right to information when we collect your data: We are obliged to provide you with a certain amount of information, in particular that contained in this Charter
- The right of access: You are entitled to obtain from us confirmation that your data is or is not processed by our Group; in the event that we process personal data concerning you, you are entitled to access your data and request a copy; moreover, this right of access authorises you to be given certain information such as the purposes of the processing that we carry out, the recipients or categories of recipients to whom your data has been or will be disclosed, the retention period of the data and the criteria used to determine this period, the existence of the various rights attached to your personal data, and the existence of any automated decision-making
- The right to request that your data be rectified if it is found to be inaccurate or incomplete
- The right to delete your data when: you have withdrawn your consent, the data collected is no longer necessary given the purpose for which it was collected, you object to the processing of your data carried out for the purposes of business development or profiling, your data has undergone unlawful processing, the data must be deleted in order to comply with a legal obligation, or the data has been collected in connection with an offer of chargeable services made to children via remote, electronic means.
- The right to restrict the processing of your personal data when you dispute the accuracy of the data, when the processing is unlawful, you object to their erasure and instead request that their use be restricted, when we no longer need your data, and when you have made use of your right to object during the period of time we need to verify our legitimate interests that may justify the processing of the data
- The right to the portability of the data concerning you that we use in connection with one of our processing operations: you have the right to receive your data in a structured format and to transfer the data to another data controller. The right to data portability is only attached to data processing for which you have given your consent and processing carried out using automated processes
- The right to object at any time for reasons relating to your personal situation to processing concerning you which is based on public interest or our legitimate interests, including profiling
- The right to bring proceedings with the supervisory authority
- The right not to be subject to an automated individual decision
- The right to be contacted if your data privacy has been breached
We have a period of two months from receipt of your application in which to respond.
10.3. For all our patients and internet users
If we do not collect your personal data directly from you, you have the right to obtain any available information regarding the source of your data.
You have the option to withdraw your consent to the processing of your data for business development purposes at any time:
- By using the unsubscribe link in the e-mails you receive
- By sending a request to the e-mail address provided
- By sending us a letter
Finally, you have the right to set instructions for the retention, erasure and disclosure of your personal data after your death.
We will ensure we respond to any request you make in a satisfactory manner. If you consider that our response is not satisfactory for any reason whatsoever, please be aware that you may submit a complaint to the regulatory authority in your place of residence.
11. How can you exercise your rights?
Depending on your location, you have a right to access, rectify or delete your data and to restrict or object to the processing of your data, as well as a right to data portability and to set instructions that will determine what happens to your data following your death. You may also withdraw your consent at any time and submit a complaint to a supervisory authority.
In order to exercise your rights, you must prove your identity by sending us a copy of a valid, unexpired identity document (e.g. your passport, identity card or driving licence). Please note that if you exercise any of your rights referred to above, we will use your identification information for the sole purposes of identifying you, verifying your capacity to act in this way, and preventing access to your data by unauthorised third parties.
You may assert your rights by contacting us at the following address:
Adent Cliniques Dentaires | Av. Gratta-Paille 1 | 1018 Lausanne
Your contact person at our Group is our Data Protection Officer, Ms Jessica Austinn (email@example.com)
To exercise your rights in connection with an application for employment, please send an e-mail to the following address: firstname.lastname@example.org. A response will be sent to you by e-mail confirming that your data has been deleted or rectified.
11.1. As a Swiss citizen resident or registered in Switzerland
Your contact person at the Adent Group is our Data Protection Officer.
The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (PFPDT) at:
Telephone: +41 (0)58 462 43 95 (Monday to Friday, 10am to 12pm)
Fax: +41 (0)58 465 99 96
Contact form to report a breach of your data privacy (in French): https://www.edoeb.admin.ch/edoeb/fr/home/le-pfpdt/contact/formulaire-de-contact.html
11.2. As an individual located within the European Union
Depending on the European Union country you are in (where you reside or are registered, or where you accessed our services), you may identify your local supervisory authority by visiting the following website: An overview of the National Data Protection Authorities.
This Charter may be amended by the Adent Group at any time, including to ensure we comply with all changes to regulations (especially the revision of the Data Protection Act currently under way) or to case law, or following editorial or technical changes. We will replace the charter appearing on the website to ensure you have unencumbered access to the latest version of the document.