Bellevue Healthcare Trust data privacy notice
The Bellevue Group AG resp. its subsidiary Bellevue Asset Management AG operates the website www.bellevuehealthcaretrust.co.uk of Bellevue Healthcare Trust plc ("Bellevue Healthcare Trust" and/or "we" and/or "our") and provides the services offered through this website and is responsible for collecting, processing and using your personal data and ensuring compliance with all applicable data protection laws and regulations.
1. Data privacy – general information
Keeping your trust is important to us. We therefore attach great importance to the issue of data privacy and take all the necessary security precautions. We adhere to the provisions of the Federal Act on Data Protection (FADP), the ordinance to the Federal Act on Data Protection (OFADP) and the Federal Telecommunications Act (TCA) as well as other applicable data privacy provisions under Swiss or EU laws and regulations, including the EU’s General Data Protection Regulation (GDPR).
This notice explains how we process your data and the legal rights you have under applicable data protection laws and regulations. Do not use this website if you do not agree to be bound by the following terms and conditions.
As a (natural) person subject to these terms and conditions, it is in your own interest to protect the devices you use (computer, notebook, etc.) from unauthorized third-party access with strong passwords, to not disclose your password to third parties, and to install and regularly update an antivirus program from a recognized provider (“Internet security”).
2. Collection of general data and information
Whenever our website is accessed, our servers record certain details of every access request in a web server log. As is the case whenever a request to access a web server is made, we will record and store the following technical data without requiring any action on your part.
- The name of the owner to whom your IP address was assigned (usually your internet access provider),
- The date and time the access request was made
- The website from which our website was accessed (referrer URL), which may include words that had been entered into a search engine
- The name and URL of the web page requested - The status code (e.g., an error message)
- The operating system of your computer - The browser you are using (type, version and language)
- The file transfer protocol used (such as HTTP/1.1)
Such data is collected and processed to enable access to our website (to establish a connection), to ensure durable system security and stability, to optimize our Internet presence and for internal statistical purposes. This constitutes the basis of our legitimate interests in collecting and processing data as stipulated in Art. 6 (1f) of the GDPR.
3. Collection of personal data and information
Bellevue collects personal data (such as name, gender, address, email address, telephone number) if you submit such information to us through the website, for example, when filling in a registration form or subscribing to an email news service. We will use your personal data:
- For technical administration purposes, website evaluations and ongoing website development
- For client and user administration and for marketing purposes
- To provide you with information about Bellevue Healthcare Trust and affiliated companies, and
- For any other specifically designated purpose.
The legal basis for processing your data for these purposes is derived from your declaration of consent in accordance with Art. 6 (1a) of the EU’s GDPR.
4. Data transfer to third parties
We may rely on internal and external service providers based in our country of incorporation or in a foreign country (EU), or on other persons, to dispatch correspondence, distribute emails or perform other tasks on our behalf. These persons will have access to the personal data that you have given us through our website. It may be used by them only to carry out the tasks that have been delegated to them. The above-mentioned persons may not use your personal information for any other purpose. If the data protection laws and regulations of the country in which these persons are based do not provide the same level of protection given under Swiss or European law, we shall ensure that your personal information is always protected by an equivalent level of privacy as in Switzerland or the EU through a corresponding legal agreement.
We or our information providers shall not automatically collect personal information about visitors to our website unless we are obliged to do so by applicable laws or regulations. We will not share any personal data with other persons, unless (a) we are required to do so by law or by public authorities or private entities within the scope of legal proceedings, court subpoenas, legal investigations or similar processes or events (b) applicable laws or regulations must be complied with or (c) such compliance is demanded or (d) we and our partner companies or service providers use this information to offer you our services, in which case we may share your personal information provided you have given us your consent to do so.
We or our information providers will not sell the email addresses nor provide personal data of our clients to external parties for third-party marketing purposes. Without your prior consent, we or our information providers will not send any emails to you unless you have granted us your consent to receive electronic transmissions of information within the scope of our electronic communications system. You may revoke your consent at any time. You should not submit any personal data to us through insecure communication channels, which include public electronic communication channels such as email through a webmail interface because they are generally not secure.
5. Third-party websites
Bellevue Healthcare Trust may provide links on its website to one or more third-party websites. Bellevue Healthcare Trust has no control over these websites or their content or over the products/services that are offered on these websites. All access and usage of the websites called up through such links shall be subject to the terms and conditions and the privacy policies of the said websites and shall be at your own risk. Bellevue assumes no responsibility for the data privacy and customer information policies of third-party websites that you access through a link on our website.
Bellevue Healthcare Trust's website, like many other websites, uses so-called cookies. Cookies are small text files that are stored in your computer’s temporary memory and on its hard drive when you visit certain web pages. Cookies are used to enable websites to function, to provide the owners of a website with information and for other purposes.
- Analysis: Analysis cookies enable us to identify and assess visitors to our website and track their visits. This helps us to improve and enhance the functioning of the Bellevue website, for example, by determining whether visitors to the website can easily find information or which areas of our website are of the greatest interest to visitors.
- Usage preferences: Some of the cookies on the website are activated when visitors make a choice regarding their use of the website. These cookies allow our website to remember a user’s preferences. The website can then be tailored to their custom settings.
- Functional purposes: Cookies for functional purposes store information that is needed by our applications for processing and operational purposes. For example, if transactions or requests comprise several work sequence phases within an application, cookies are used in order to temporarily store information from each phase, which facilitates the execution of the entire transaction or request.
Some of our web pages include content intended to be displayed with Adobe Flash Player, such as animations, videos and tools. The local flash memory (frequently referred to as “flash cookies”) can be used to improve your experience as a user of the website. The flash memory is stored on your device in almost exactly the same way as standard cookies but is managed directly from your flash software. If you would like to disable or delete information that is locally stored in the flash memory, please read the documentation on your flash software, which you can find at www.adobe.com. Please note that if flash cookies are disabled it may not be possible to use the full functionality of our website.
Most web browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message appears whenever you receive a new cookie. The following sites contain instructions on how to manage cookies in some of the most popular browsers:
Disabling cookies might prevent you from taking advantage of the full functionality of our website.
7. Tracking Tools
7.1. General information
We use the web analytics service provided by Google Analytics to tailor our website to the needs of its users and for ongoing optimization purposes. Anonymized usage profiles are created in this process and small text files ("cookies") that are stored on your computer are used. The information generated by the cookies regarding your use of this website is transferred to the server of the provider of these services, where it is stored and processed on our behalf. In addition to the data listed under section 1, we may also receive the following information as a result:
- The navigation path visitors take through the site
- Dwell time on the website or a subpage
- The exit page, or the last page visited during the session
- The country, region or city from which the website is accessed
- The device used to access the website (type, version, color depth, resolution, width and height of browser window), and
- Returning or new visitors
The information collected is used to evaluate website usage, to compile reports about website activities and to provide additional services associated with the use of the website and the Internet, to conduct market research and ensure that the website is designed to meet user needs. We may also transfer this information to a third party if we are required to do so by law or if the third party has been retained to process this information.
7.2. Google Analytics
Google Analytics is a service provided by Google Inc., a subsidiary of the holding company Alphabet Inc., which is domiciled in the USA. Prior to the transfer of data to the above service provider, your IP address will be truncated by means of the IP anonymization tool ("AnonymizeIP") that has been activated for this website if the IP address originates from within a member state of the European Union or a signatory state to the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser to Google Analytics will not be associated with any other data held by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then truncated. In such cases, we enter into contracts that ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances will a user's IP address be associated with other data pertaining to the user. Further information about the web analytics services used may be found on the website of Google Analytics. Instructions on how to prevent your information from being used by the web analytics service may be found at tools.google.com/dlpage/gaoptout
8. Notice regarding the transfer of data into the USA
For the sake of completeness, visitors to our website whose place of residence or domicile is located in Switzerland are informed that US authorities conduct monitoring activities in the USA that enable the general recording of all the personal data of any person whose data is transmitted from Switzerland to the USA. This occurs without differentiation, restrictions or exceptions on the basis of the objective pursued and without an objective criterion that makes it possible to restrict the access of the US authorities to the data and how it is subsequently used to very specific, strictly limited purposes that permit both the access to and usage of such data. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data held by US authorities concerning them or effect the correction or erasure thereof, nor is there any effective legal protection barring the US authorities from generally accessing such information. We explicitly draw attention to this legal and factual situation so that data subjects may make an informed decision regarding their declaration of consent to the use of their data. Users residing in a member state of the EU are advised that the US does not have an adequate level of data protection from the point of view of the European Union, partly because of the issues mentioned in this section. With respect to the recipients of data outlined in this privacy notice that are based in the USA (such as Google), we will ensure that your data is appropriately protected by our partners either through contractual arrangements with these companies or by requiring that these companies be certified under the EU-US or Swiss-US Privacy Shield Frameworks.
9. Your data protection rights
Under certain conditions, you may enforce your data protection rights against us:
- Right to revoke your consent: You may revoke your consent to the processing of your data at any time, with effect from that time on. Revocation shall not affect the legal basis for any data processing prior to the revocation of your consent, nor will it affect the legal basis for data processing if justified by legal obligations.
- Right to information: As stipulated in Art. 15 GDPR, you have the right to request information about the data we have collected concerning you.
- Right to rectification: At your request, we will rectify the data stored about you if it is inaccurate or incorrect, in accordance with Art. 16 GDPR.
- Right to erasure: If you wish, we will erase your data in accordance with the provisions of Art. 17 GDPR, unless there are other legal obligations (e.g. data retention requirements) or overriding legitimate grounds on our part (e.g. in defense of our rights and entitlements) that prevent us from doing so.
- Right to restrict processing: In accordance with the conditions stipulated in Art. 18 GDPR, you have the right to restrict the processing of your personal data.
- Right to object: You may also object to the processing of your personal data in accordance with Art. 21 GDPR. This right of objection, on grounds relating to your particular situation, pertains only to data processing for which the legal basis rests on a balancing of interests relating to profiling or direct marketing purposes. Upon objection, we will no longer process your data unless we are legally entitled to refuse the objection. An objection to direct marketing, including profiling, must be made for us to refrain from processing your data for these purposes.If you have granted consent to direct marketing and no longer wish to be a recipient of direct marketing activities, you must withdraw your consent
- Right to data portability: You also have the right to receive your data in a structured, commonly used and machine-readable format in accordance with the provisions of Art. 20 GDPR and to transmit your data to a third party.
- Right to lodge a complaint with a data protection authority: Furthermore, you have to right to lodge a complaint with any relevant data protection authority (Art. 77 GDPR). We advise you to lodge a complaint first with our data protection officer, so that we can resolve your issue to your satisfaction as quickly as possible.
Bellevue Group AG
10. Retention of data
Bellevue Healthcare Trust retains personal data only for as long as required in connection with the above-mentioned tracking and analysis services and for other processing needs on the basis of its legitimate interests. Bellevue Healthcare Trust retains contractual data for a longer period of time in accordance with legal data retention requirements. Data retention requirements that compel Bellevue Healthcare Trust to retain data arise from financial accounting regulations and tax laws. In accordance with these laws and regulations, business communications, records of contractual agreements and accounting documents must be kept for a period of up to 10 years. If this data is no longer required to provide you with services, access to the data will be blocked during this time. This means that the data can then be used only for financial accounting and tax purposes.
11. Scope of your obligation to submit your information to Bellevue
There is no legal obligation for you to give Bellevue Healthcare Trust any information about you. However, you will not be entitled to use the advantages or services provided by Bellevue Healthcare Trust website (www.bellevuehealthcaretrust.com) if you choose not to give us your information. Submission of your information is voluntary. You will incur no legal disadvantages if you do not give us any information about you.
This privacy-related information was last updated on May 25, 2018.