Your data are safe in our hands. The Federal Administration only collects the personal data that it needs to fulfil its tasks (data economy). Stored data are carefully managed and protected against any form of abuse.
Under Article 13 of the Swiss Federal Constitution and under federal data protection law, everyone is entitled to have their privacy protected and to have their personal data protected from abuse. Swissmedic complies with these provisions on its web pages and in the web services it provides.
Person responsible for data processing
Responsible for the data processing on swissdamed and contact for data protection issues (unless otherwise stated in individual cases):
Swissmedic, Medical Devices Surveillance Sector, Hallerstrasse 7, 3012 Bern
If you have questions or concerns regarding how we use your data, please e-mail datenschutz@swissmedic.ch.
Purposes of data processing
Legitimation
The processing of personal data on the Swissmedic website is limited to the data required to provide a properly functioning website and user-friendly content and services, or to the data that you have actively made available to us.
Furthermore, Art. 62a para. 1 let. a no. 2 TPA applies to the processing of personal data provided when reporting side effects.
Submission of information to Swissmedic by form
The website offers various ways of submitting information to Swissmedic, for example by means of contact forms. All information provided to Swissmedic via the website or services must have been found to be correct and complete.
When you complete a form on our website (e.g. a contact form), we process the data that you provide to us to the extent that this is required to fulfil the purpose of processing or to complete the assignment. All information is generally provided voluntarily. Mandatory fields are defined as such only if the information is necessary for the fulfilment of our statutory task or your request. Data will be deleted at the latest when the statutory retention period expires.
With regard to any individual whose personal data are submitted to Swissmedic via the website and services, it must be established prior to submission that:
- Submission is permissible (e.g. the affected individual has given their consent);
- The information submitted contains all information required for processing.
Reporting side effects
Using the online reporting tool, patients, consumers and their relatives can report suspected side effects directly to Swissmedic. When you have filled out the online side effects reporting form, we process the data that you provide where this is required to fulfil the purpose of processing or to complete the assignment.
The online side effects reporting form contains several mandatory fields. These fields contain information that is considered by international standards to be essential for a valid report of a side effect. These include:
- Details of the reporting individual
- The country from which the report originates
- The date of birth and gender of the affected individual
- The suspected side effect
- The date of occurrence of the side effect
- Details of the severity and outcome of the side effect
- Details of the medicine that is thought to have caused the side effect
A proper professional evaluation of these reports of suspected side effects also requires certain sensitive details. The date of birth is used to calculate the exact age of the person concerned when the reported reaction occurred and to reliably identify any double-reporting. To process and accurately evaluate reports of suspected side effects, Swissmedic or an involved regional pharmacovigilance centre may need to ask follow-up questions relating to the reported information. Although reports of suspected side effects can be sent to Swissmedic anonymously, i.e. without stating any contact details, it may not be possible to carry out necessary medical validation of the clinical information in a report if further details cannot be obtained.
After you have completed and sent your report, the data will be imported into Swissmedic's side effect reports database and, for security reasons, deleted from the web form. Your report will then be processed, evaluated and stored in the Swissmedic database.
With regard to any individual who has experienced a side effect submitted to Swissmedic, it must be established prior to submission that:
- Submission is permissible (e.g. the affected individual has given their consent);
- The information submitted contains all information required for processing.
Newsletter distribution
The following essential information is recorded when you order a newsletter: Title, first name, last name and e-mail address. You also have the option of providing an organisational affiliation and to select the news channels/topics you are subscribing to. Personal data used to send you the newsletter(s) to which you subscribe will be erased immediately after you terminate your subscription(s).
Web analytics
The following data will be stored in log files when you access the Federal Administration’s websites and web services: IP address, date, time, browser request and information submitted on the device used, including its operating system and browser. These data are evaluated by web analytics tools (see below). Swissmedic does this in order to continuously improve its methods of communication.
Swissmedic uses the Matomo software solution as standard for non-personal web analytics. Matomo is operated by the Federal Office of Information Technology, Systems and Telecommunication (FOITT). The Federal Chancellery also operates a Matomo server. A managed server at Metanet (Schweiz) AG is used.
Retention and erasure
Swissmedic processes and stores your personal data for as long as needed to fulfil its contractual and legal obligations, or otherwise for the purposes pursued with the processing, as well as to satisfy the statutory retention and documentation requirements. It is possible that personal data are stored for the period during which claims can be asserted against Swissmedic and insofar as Swissmedic is otherwise legally obliged or authorised to do so, or this is required for legitimate (business) interests (e.g. for evidentiary and documentation purposes).
Cookies
The Swissmedic website uses cookies in order to make visiting the website more attractive and to enable certain functions to be used. Cookies are small text files stored on your computer. Most of the cookies used are deleted from your hard drive at the end of the browser session (these are known as session cookies). Other cookies remain on your computer so that you can be recognised on your next visit (these are known as permanent cookies).
You can prevent your browser from storing cookies by restricting or disabling the storage and reading of cookies. Please note that you will not be able to use certain functions of the website, or possibly even the website itself, unless you enable cookies.
Social networks and other third-party services
Swissmedic operates various accounts and profiles on social networks, such as microblogs (e.g. X) as well as Facebook, LinkedIn, YouTube, Vimeo and Instagram. These sites and services are provided and operated by third parties. Each of these sites has its own data protection rules.
In addition, some third-party services, such as those provided by Vimeo or Google Maps, are also directly embedded into individual Swissmedic web pages. These providers also use cookies. When users use the relevant Federal Administration web pages, their data are automatically transmitted to these companies. In such cases, the data protection provisions of the provider concerned expressly apply. Users must be aware that data may be collected and also shared with third parties via these services. If users also have an account with the service concerned, the operator may directly link the information transmitted to the personal account in question.
Swissmedic has no influence on data collection or subsequent data use by these operators. Swissmedic has no knowledge of how much data they store, where they store it and how long, the extent to which they comply with duties to erase data, the analyses they make of the data, the links they make to the data and with whom they share the data.
The most important third-party services the Federal Administration uses are:
Vimeo: As soon as you access a Swissmedic web page with a Vimeo video embedded in it, a connection to the Vimeo servers is established and plug-ins from Vimeo (Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA) are used in some cases. Vimeo receives information on which page was visited from which IP address. For further information on how Vimeo handles user data, please consult its Privacy Policy and its Cookies Guideline.
Google Maps: The Google Maps map service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is used in some cases to display interactive maps and to provide directions to federal government offices. If you use Google Maps, information on your use (e.g. IP address) may be saved and sent to a Google server in the USA.
Google Custom Search: Certain offices within the Federal Administration use the "Custom Search" search box provided by Google LLC. If you use this search box (by sending the form), user data will be sent to the operator company. For further information on how Google handles user data, please consult the Google Privacy Policy.
Instagram: Instagram, Inc. is owned by Meta Inc. For further information on how Instagram handles user data, please consult Meta's Privacy Policy.
X (formerly Twitter): X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For further information on how X handles user data, please consult its Privacy Policy and Cookies guidelines.
Friendly Captcha: Friendly Captcha is used for the online reporting of side effects. This Captcha reliably protects against spam and bots. User data are not collected unnecessarily and are not forwarded to external servers or saved. The Captcha is compliant with data privacy requirements. Further information can be found in Friendly Captcha's Privacy Policy for End Users (https://friendlycaptcha.com/legal/privacy-end-users/).
Identity providers: Electronic identities are used to provide authenticated access to certain web-based services offered by Swissmedic (eGov portal). The eIAM service, the Federal Administration's central login infrastructure is used for this purpose.
Data transfer and data transmission abroad
In principle, we use your personal data only within Swissmedic. If, and insofar as, we use third parties in the fulfilment of contracts (e.g. service providers, IT providers), or in the event that we outsource certain data processing tasks (order processing), these parties receive personal data only to the extent to which transmission is required for the corresponding service.
No data are transferred to agencies or individuals outside the European Economic Area (EEA) or Switzerland, nor is any such transfer planned.
Adverse reaction reports are evaluated by Swissmedic in collaboration with a regional pharmacovigilance centre and are fed into the continuous evaluation of the benefit-risk profile for authorised medicinal products and vaccines. To this end, the reports are also made available in anonymised form to the respective marketing authorisation holder and, on the basis of international agreements, forwarded to the World Health Organization (WHO).
Links from and to external sites
Swissmedic has no influence either on external sites to which it provides links, or on external sites that link to Swissmedic. Accordingly, Swissmedic provides no guarantee in relation to such pages that the information they contain is accurate or that they are free of malware (such as viruses). Responsibility for the information and services provided on linked web pages or web services rests entirely with the third party concerned. No responsibility or liability is accepted for such websites or web services.
Your rights
You have the right to request information on the processing of your personal data by any unit of the Federal Administration at any time free of charge. To do so, contact the agency named in the publishing details (Impressum). You may have further statutory rights, such as the right to have data erased or corrected, to have data processing restricted and to have data transmitted.
Data are saved to log files during website operation. Log files typically contain information such as the access time, IP address, browser or operating system used and are essential for website operation. Consequently, users of our website have no right of objection in this regard.
Data security
When you visit our website, Swissmedic uses encrypted data communication based on TLS in conjunction with the highest encryption level supported by your browser. You can see whether a page on the website is being transmitted in encrypted form by checking whether the lock symbol displayed in the address bar of your browser is closed.
In addition, Swissmedic uses suitable technical and organisational security measures in its data processing to protect your data against accidental or wilful manipulation, partial or complete loss, destruction or unauthorised access by third parties. Swissmedic's security measures correspond to the current state of the art.
Technical maintenance of the web servers that are used to operate the websites is provided by the Federal Administration’s own service providers. Individual services may also be provided by external partners. External operators are subject to the same data protection requirements as apply to internally operated applications.