Legal
Privacy Policy
We take the protection of your personal data seriously – especially in the sensitive field of medical care. This privacy policy informs you about which data are processed when you visit this website and when you contact us, for what purposes this is done, and what rights you have.
The decisive laws are the Swiss Data Protection Act (revDSG) and – where applicable – the EU General Data Protection Regulation (GDPR).
Data Controller
The party responsible for data processing in connection with this website is:
Metamedical Schweiz AG
Industriestrasse 24
6060 Sarnen, Switzerland
UID: CHE-480.698.053
Contact for data protection matters:
Tel. 032 589 68 20
metamedical [ät] hin.ch
Please note: the address metamedical [ät] hin.ch is a HIN address (Health Info Net). HIN enables the encrypted transmission of sensitive health data. If you would like to send us health-related information, we recommend doing so via HIN or by telephone.
Principles of our data processing
This website has deliberately been kept minimal:
- It is a purely static website with no user accounts and no contact form.
- We do not use any analytics or tracking cookies and no web analytics services. There is no analysis of your browsing behaviour.
- The fonts used are served locally by our server; no external font services are embedded.
- External services (Google Maps, online appointment booking) load only after your explicit consent via a click and not automatically when the page is opened.
Processing when you visit the website (server log files)
When our website is accessed – as is technically necessary with every web server – what are known as server log files are created and temporarily stored by our hosting provider. In particular, the following data may be recorded:
- IP address of the accessing device
- date and time of access
- page/file accessed and volume of data transferred
- referring page (referrer), if transmitted
- browser type, browser version and operating system
These data serve solely the technical operation, security and stability of the website (e.g. defending against attacks, error analysis). We do not combine these data with other data or use them to identify individual persons.
Legal basis / purpose: legitimate interest in the secure and trouble-free operation of the website (Art. 31 revDSG; Art. 6(1)(f) GDPR).
Retention: Server log files are kept only for as long as is necessary for the stated purposes and are then deleted or anonymised. In the case of security-relevant incidents, individual entries may be retained longer until the matter has been conclusively clarified.
Contacting us by e-mail and telephone
If you contact us by e-mail or telephone, we process the information you provide (e.g. name, contact details and the content of your enquiry) in order to handle your request and to get in touch with you.
Legal basis / purpose: processing of your enquiry and the initiation or performance of the treatment or contractual relationship, as well as our legitimate interest in communicating with you (Art. 31 revDSG; Art. 6(1)(b) and (f) GDPR; for health data, additionally Art. 9(2) GDPR).
Retention: We retain correspondence for as long as is necessary to handle your request and to comply with statutory retention and documentation obligations. For medical documentation, a statutory retention period of ten years generally applies, and longer in certain cases. The data are then deleted.
Special care with health data
Health data are considered particularly sensitive personal data and are treated by us with heightened care. For the exchange of sensitive health information, we use HIN encryption (metamedical [ät] hin.ch). Within the practice, medical confidentiality (professional secrecy) and the applicable requirements for the protection of patient data apply.
Please do not send us health data via unencrypted channels where this can be avoided.
Integrated third-party services – only with your consent
The following services are integrated in such a way that they are loaded only after an active click. Without your consent, no connection to these providers is established and no data are transmitted to them.
Google Maps (location map)
On the Contact page, we offer the option to load a map showing the location of our practice. The map is provided by Google (Google Ireland Limited or Google LLC). Only when you activate the map by clicking is a connection to Google's servers established. In doing so, your IP address, among other data, may be transmitted to Google, and data processing may take place outside Switzerland or the EU/EEA (in particular in the USA).
We have no influence over the data processing carried out by Google. Google's data protection provisions apply: policies.google.com/privacy.
Legal basis / purpose: your consent and our legitimate interest in making the practice easy to find (Art. 31 revDSG; Art. 6(1)(a) GDPR; Art. 49(1)(a) GDPR for any transfer abroad).
arzt-direkt (online appointment booking)
On the Appointment page, you can book an appointment online via our partner arzt-direkt. The booking takes place via an embedded window (iframe) that is loaded only after your explicit consent via a click. Only then are data transmitted to arzt-direkt.
If you enter data in the booking window (e.g. name, contact details, desired appointment and, where applicable, information about your request that may constitute health data), these are processed by arzt-direkt in order to carry out the appointment booking on our behalf. arzt-direkt is operated by a provider based in Germany; the booking data are processed on servers in Germany or the EU/EEA. In doing so, arzt-direkt acts as our processor; for this purpose, a data processing agreement is concluded with the provider, governing the permissible data processing. For disclosure abroad, we rely on the recognised adequate level of data protection within the EU/EEA area (Art. 16 revDSG) as well as on your consent. The arzt-direkt provider's own data protection provisions additionally apply to the processing within the booking window; these can be viewed in the booking window or at the provider.
Legal basis / purpose: your consent to loading the service, as well as the initiation and performance of the treatment relationship (appointment scheduling) (Art. 31 revDSG; Art. 6(1)(a) and (b) GDPR; for health data, additionally Art. 9(2) GDPR).
Retention: booking-related data are retained for as long as is necessary for organising the appointment and the subsequent treatment, as well as for complying with statutory obligations.
Disclosure to third parties and transfer abroad
Your data are disclosed to third parties only insofar as this is necessary for the provision of our services (e.g. to our hosting provider or to arzt-direkt as processor), where you have consented, or where we are legally obliged to do so. Processors are carefully selected and are contractually obliged to process data in compliance with data protection law.
A transfer of data abroad may occur in particular when using Google Maps (USA) and when booking appointments online via arzt-direkt (Germany or the EU/EEA). For Google Maps, we rely on an exception under Art. 17 revDSG (in particular your explicit consent). For the processing by arzt-direkt within the EU/EEA area, a suitable basis exists owing to the recognised adequate level of data protection there (Art. 16 revDSG), supplemented by the data processing agreement.
Data security
We take appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access. The website is delivered over an encrypted HTTPS connection. For the transmission of sensitive health data, we use HIN encryption. However, complete protection of data transmission over the internet cannot be guaranteed.
Your rights
Under the applicable data protection law (revDSG and, where applicable, the GDPR), you have in particular the following rights:
- access to information on whether and which personal data we process about you;
- rectification of inaccurate data or completion of incomplete data;
- erasure of your data, provided no statutory retention obligations or overriding interests preclude this;
- restriction of processing;
- release or transfer of data (data portability) in a common electronic format;
- objection to certain processing operations;
- withdrawal of consent that has been given, with effect for the future (e.g. for loading Google Maps or arzt-direkt); the lawfulness of processing carried out up to the point of withdrawal remains unaffected.
To exercise your rights, a message to the contact details listed under 'Data Controller' is sufficient. To protect your interests, we may request additional information in order to verify your identity.
Right to lodge a complaint
If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC / EDÖB) (edoeb.admin.ch). Persons within the scope of the GDPR may also contact the data protection supervisory authority responsible for them.
Changes to this privacy policy
We will amend this privacy policy if our website, the services we use or the legal framework change. The version published on this page applies in each case.
Last updated: 26 June 2026
