1 General
Data protection is a matter of great importance to Rega. This Privacy Policy describes the scope, purpose and manner of Rega’s processing of personal data. When processing personal data, Rega complies with the applicable data protection laws. All Rega employees are subject to non-disclosure obligations.
2 Responsible body
The body responsible for data protection is Swiss Air-Rescue Rega.
Swiss Air-Rescue Rega
Rega Center
PO Box 1414
8058 Zurich Airport
Switzerland
Tel. +41 44 654 33 11
3 Processing of personal data
3.1 What are personal data
Personal data are information relating to an identified or identifiable natural person, such as form of address, first name, family name, address, e-mail address, date of birth, etc.
3.2 What do we use your personal data for
3.2.1 General purposes
We process your personal data for the purposes described in the following chapters, as well as for the following purposes:
- Securing evidence for the assertion of legal claims and defence in connection with legal disputes and official proceedings.
- Fulfilment of legal obligations (for example, retention obligations).
3.2.2 Orders in the online shop
When goods are ordered in Rega’s online shop, Rega stores the following personal data: first name, family name, address, telephone number and e-mail address and if available company name, patronage number, form of address and payment details.
These data are used for the purpose of processing the contract. The conclusion or performance of a contract pursuant to Article 6(1)(b) GDPR or Article 31(2)(a) FADP serves as the legal basis.
Rega forwards your data to a service provider in Switzerland who processes the order and collects the payment on behalf of Rega. Your data are erased at the latest 10 years after conclusion of the contract. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.3 Emergency calls
In the event that you call the Operations Center, your call is recorded. This happens for the purpose of performing the mission efficiently; the legal basis for the processing of this data is a legitimate or overriding interest on the part of Rega (Article 6(1)(f) GDPR or Article 31(1) FADP) (telephone recording of emergency calls to ensure the correct performance of the rescue mission). In addition, Rega has a legal basis in such cases, as conversations with emergency, rescue and security services are permitted to be recorded (Art. 179quinquies para. 1a, Swiss Criminal Code). The personal data that are processed in this respect are first name, family name and telephone number of the caller. The emergency call itself is erased after 2 years; only the first name, family name and telephone number of the caller are retained. Upon expiration of the statutory retention period, the data are erased. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.4 Rescue
In the event of a rescue mission, Rega collects the following personal data from you: first name, family name, address, date of birth, social data, life circumstances and medical data.
In connection with the rescue mission, Rega may additionally collect personal data (first name, family name, contact information, relationship to injured person) of related, acquainted or other persons involved in the rescue.
Rega uses these personal data for the purpose of providing comprehensive medical care, of determining responsibility for the costs, for invoicing and for maintaining your patient file. The legal basis for the processing of this data is the protection of vital interests (Article 9(2)(c) GDPR or Article 31(1) FADP). and the conclusion or performance of a contract (Article 6(1)(b) GDPR or Article 31(2)(a) FADP).
Rega is obliged by law to retain personal data for 10 years, respectively 20 years pursuant to the Swiss Transplantation Act and the Swiss Therapeutic Products Act. Upon expiration of the statutory retention period, your data are erased. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.5 Repatriation
In the event of a repatriation, Rega collects the following personal data from you: first name, family name, address, date of birth, social data, life circumstances, insurance details, travel documents, current location, destination, validity of your patronage and medical data.
In connection with the repatriation, Rega may additionally collect personal data (first name, family name, contact information, relationship to person being repatriated) of related or acquainted persons.
Rega uses these personal data for the purpose of organising and carrying out patient transports, making medical clarifications, giving medical advice, providing medical care, invoicing and maintaining your patient file. The legal basis for the processing of this data is the protection of vital interests (Article 9(2)(c) GDPR or Article 31(1) FADP) and the conclusion or performance of a contract (Article 6(1)(b) GDPR or Article 31(2)(a) FADP).
Rega is obliged by law to retain personal data for 10 years, respectively 20 years pursuant to the Swiss Transplantation Act and the Swiss Therapeutic Products Act. Upon expiration of the statutory retention period, your data are erased. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.6 Patronage
In connection with patronage, Rega processes the following personal data of existing patrons: first name, last name, address, telephone number, e-mail address, date of birth, patronage number and payment details.
Rega uses the data for the purpose of patronage management and to fulfil legal retention obligations.
Data processing is based on the laws governing the fulfilment of contracts (Art. 6(1)b GDDPR or Art. 31(2)a FADP, and the fulfilment of legal obligations (in particular the retention obligations according to the Swiss Code of Obligations) pursuant to Art. 6(1)c GDPR or Art. 31(1) FADP.
We also process your personal data for advertising and marketing purposes (including when staging events), unless you have objected to the use of your data for advertising purposes. If you object to your data being used for advertising purposes, we will place you on a special list to block further promotional mailings.
Data processing is based on the legal provisions governing the justified interest of Rega in direct marketing (Art. 6(1)f GDPR or Art. 31(1) FADP).
On termination of a Rega patronage, these data are erased upon expiration of the statutory retention period. Should erasure not be technically feasible, the data are anonymised. Furthermore, patrons are subject to the Rega Conditions of Patronage, which can be found via the following link: https://www.rega.ch/en/rega-patron/become-a-patron/conditions-of-patronage
3.2.7 Donations and legacies
In connection with donations, Rega collects the following personal details from existing donors: last name, first name, address, e-mail address, date of birth, patronage number (if available) as well as payment details and – if a payment has been made – the purpose of the payment.
Rega uses the data relating to existing donors for the purpose of processing the transaction. The legal basis is given by the fulfilment of the contract (Art. 6(1)b GDDPR or Art. 31(2)a FADP).
In connection with donations, we also process your personal data for advertising and marketing purposes (including when staging events), unless you have objected to the use of your data for advertising purposes. If you object to your data being used for advertising purposes, we will place you on a special list to block further promotional mailings.
Data processing is based on the legal provisions governing the justified interest of Rega in direct marketing (Art. 6(1)f GDPR or Art. 31(1) FADP).
In connection with inheritances (wills, testamentary dispositions and legacies or bequests), Rega collects the last name, first name, address, e-mail address, date of birth, patronage number (if available) and date of death. Following the distribution of the estate, the data of the deceased person are deactivated.
If an executor has been engaged, Rega collects the following personal details: last name, first name, address, e-mail address and telephone number.
Data processing is based on the laws governing the fulfilment of contracts (Art. 6(1)b GDDPR or Art. 31(2)a FADP, and the fulfilment of legal obligations (in particular the retention obligations according to the Swiss Code of Obligations) pursuant to Art. 6(1)c GDPR or Art. 31(1) FADP.
On its website, Rega uses the wills assistant of EMNA Web AG, Limmatstrasse 65, 8005 Zurich. The White Label app can be identified in the other footer on the website. The embedded application of EMNA Web AG uses only technically necessary cookies that serve to ensure security of the system, e.g. session cookies to manage the session or to protect against cross-site request forgery (CSRF). Neither tracking nor marketing cookies are used; personal data are not collected either.
In connection with donations and legacies, personal data are retained beyond the statutory period of 10 years for the purpose of donor-compatible communication, unless you have requested erasure of your personal data. Data processing is based on the legal provisions governing the justified interest of Rega in direct marketing (Art. 6(1)f GDPR or Art. 31(1) FADP).
If, in connection with a request to erase data, erasure of the personal data retained beyond the statutory retention periods is not technically feasible, these data will be archived, and the access rights will be restricted insofar as possible.
3.2.8 RegaCLUB
Rega patrons under the age of 12 are automatically members of RegaCLUB. The same personal data are used for RegaCLUB membership as have already been collected in connection with their Rega patronage. This information is used to verify RegaCLUB membership and enables Rega to enter into correspondence regarding participation in competitions, send ordered promotional material, confirm registrations, and coordinate events and guided tours. The legal basis for the processing of this data is the conclusion or performance of a contract pursuant to Article 6(1)(b) GDPR or Article 31(2)(a) FADP.
The data are only stored for as long as is necessary for the preparation, implementation and follow-up of the offers and activities. The data relating to children taking part in competitions can be used by Rega for the purposes of marketing and communication, as well as of customer loyalty. The legal basis for the processing of this data is therefore a legitimate or overriding interest on the part of Rega (Article 6(1)(f) GDPR or Article 31(1) FADP). The use of data for promotional purposes can be objected to at any time.
3.2.9 Events
During Rega events, images and videos may be taken. Persons participating in these events are additionally informed in writing by means of a posted notice that pictures and videos may be taken.
If you do not wish to be photographed or filmed while participating in such events, please inform the photographer or the event organiser on location. In such cases, we will provide you or the participating child (within the framework of the RegaCLUB) with a tag that can be worn on your/their clothing in order to prevent pictures or videos being taken or to ensure that images in which you or the participating child are depicted are deleted.
Image and film material that has been created can be used in various Rega media. These include, for example, the websites rega.ch and regaclub.ch, the Rega newsletter, the 1414 magazine, and Rega’s social media channels. The use of image and film material on third-party or paid channels requires the written consent of the person concerned or of a person with parental authority. These channels include, for example, social media, print and online advertisements, and banner advertisements on third-party websites.
The legal basis for the processing of this material is consent (Article 6(1)(a) GDPR or Article 31(1) FADP). Consent that has been given can be revoked at any time. This revocation applies to all future processing of data.
3.2.10 Rega app
Information on the processing of your personal data in connection with the Rega app is available in the Rega App Privacy Policy and Terms of Use, which can be found directly in the app.
3.2.11 Requests or enquiries via contact form or e-mail
In connection with requests or enquiries by e-mail or via the contact form on the website, the following personal data are collected: gender, first name, family name, address, e-mail address and telephone number.
These data are used for the purpose of processing the request or enquiry. The legal basis for the processing of this data is a legitimate interest (answering enquiries: Article 6(1)(f) GDPR or Article 31(1) FADP).
Upon expiration of the statutory retention period, the data are erased. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.12 Telephone calls
In connection with telephone calls that are not directed to the Operations Center because they do not concern an emergency, only the first name, family name, postcode and, if available, patronage number are collected.
These data are used for the purpose of processing the request or enquiry. The legal basis for the processing of this data is a legitimate or overriding interest (answering enquiries; Article 6(1)(f) GDPR or Article 31(1) FADP). Calls to the Contact Center are recorded for quality assurance and training purposes. Before the call begins, recording can be disabled by pressing the appropriate phone button. The legal basis for the processing of this data is a legitimate or overriding interest (answering enquiries or for quality assurance and training purposes; Article 6(1)(f) GDPR or Article 31(1) FADP).
Upon expiration of the statutory retention period, the data are erased. Call recordings are erased after 30 days. Insofar as erasure is technically not possible, the data are archived and the access rights are restricted as much as possible.
3.2.13 Visitors
When you visit our Rega Center, we collect the following personal data for security purposes: first name, family name. The legal basis for the processing of this data is a legitimate or overriding interest (access checks to ensure physical safety and to secure evidence; Article 6(1)(f) GDPR or Article 31(1) FADP). In addition, video recordings are carried out in specific areas of the Rega Center. The legal basis for this, too, is a legitimate or overriding interest (video surveillance to ensure physical safety and to secure evidence; Article 6(1)(f) GDPR or Article 31(1) FADP).
Video recordings are erased after 60 days. The visitor list is destroyed after 2 years.
3.2.14 Contact by Rega
Newsletter
If you are a Rega customer or patron and we are in possession of your e-mail address for this reason, we will use it to send you our newsletter with direct advertising relating to our own similar goods and services, providing that you have not objected to this. You may object to this at any time and we will place you on a special list to block further advertising mailings. The legal basis for the processing of this personal data is a legitimate interest (direct marketing; Article 6(1)(f) GDPR or Article 31(1) FADP).
In connection with subscribing to our newsletter via our website, the following personal data are stored: form of address, first name, family name, e-mail address and, if available, patronage number. Rega uses these data solely to deliver the newsletter you have subscribed to. The legal basis for the processing of this data is consent (Article 6(1)(a) GDPR or Article 31(1) FADP).
If at any time you no longer wish to receive e-mails from Rega, you can unsubscribe via the corresponding link provided in every Rega newsletter. If, however, you use other Rega services (e.g. patronage or ordering in the online shop), your data will remain in the Rega database for the provision of these services and will be used for processing the relevant transactions.
Reactivation of former patrons
Rega has a so-called legitimate interest in contacting former patrons who have not renewed their patronage for marketing purposes, provided that they have not objected to their data being processed for advertising purposes (Article 6(1)(f) GDPR or Article 31(1) FADP). In such cases, first name, family name and address will be processed.
3.2.15 Job applications
Information on the processing of your personal data in the job application process is given in the Privacy Policy for applicants ,which you will find under the following link (in German): Privacy Policy for applicants
4 Legal basis for the processing of personal data
Where Rega obtains the consent of the data subject to process their personal data (e.g. to send a newsletter or for the use of Google Analytics), Article 6(1)(a) GDPR or Article 31(1) FADP serves as the legal basis.
In connection with the processing of personal data for the purpose of performing or concluding a contract, Article 6(1)(b) GDPR or Article 31(2)(a) FADP serves as the legal basis. This also applies for processing operations that are required in order to implement pre-contractual measures.
Where the processing of personal data is necessary to comply with a legal obligation on the part of Rega (e.g. statutory retention periods), Article 6(1)(c) GDPR or Article 31(1) FADP serves as the legal basis.
In connection with the processing of personal data (in particular also personal data requiring special protection or personal data relating to special categories), the protection of vital interests pursuant to Article 6(1)(d) GDPR or Article 31(1) FADP or Article 9(2)(c) GDPR in the context of personal data of special categories serves as the legal basis.
If the processing of personal data is necessary to protect a legitimate or overriding interest on the part of Rega or a third party, Article 6(1)(f) GDPR or Article 31(1) FADP serves as the legal basis. This concerns, for example, the processing of the following data:
- Marketing, provided that you have not objected to the use of your data for marketing purposes;
- Operation and management of the website;
- Responding to requests and enquiries;
- Asserting legal claims and defending legal claims in the context of legal disputes;
- Video surveillance to ensure physical safety and to secure evidence;
- Telephone recording of emergency calls to ensure that the rescue mission is implemented correctly and efficiently;
- Quality control and training purposes;
- Complying with the objection to advertising;
- Access checks to ensure physical safety and to secure evidence.
In the case that there are reasonable grounds for assuming that an amount receivable is unrecoverable, Rega forwards personal data to the competent cantonal social assistance authority for the purpose of a precautionary notification and, if non-recoverability is confirmed, in order to ensure that its costs are partially covered in accordance with the guidelines on contributions to partially cover non-recoverable costs of rescue missions charged to the public welfare budget (social assistance) and with the Swiss federal act on the responsibility for providing support to persons in need.
5 Automated decision-making
In establishing and maintaining business relationships, Rega does not carry out automated decision-making pursuant to Article 22 GDPR or automated individual decision-making, including profiling pursuant to FADP.
6 Exchange of personal data
Rega possesses some of your personal data, as you have provided it to us (e.g. via the contact form) without being obliged to do so. However, if you conclude a contract with us by obtaining a Rega service or, for example, by becoming a patron, you are contractually obliged to provide certain data, such as master data. In addition, when using the website, the processing of technical data is unavoidable. We also receive data from contractual partners, service providers or other persons such as doctors, e.g. relating to a repatriation.
In order to efficiently determine responsibility for payment of the costs (e.g. confirmation of cost coverage for hospital treatment, cost coverage for repatriations), Rega sends all personal as well as medical data that are relevant for processing the case and for assessing the payment obligations of the various insurance companies involved (e.g. health, accident or travel insurance) or of the appropriate authorities (e.g. social assistance in order to clarify who is responsible for bearing or contributing to the costs relating to claims that are suspected or confirmed to be non-recoverable) to the appropriate insurance companies or authorities. The same applies for doctors, hospitals or operational partners and, where applicable, other authorities involved in the case at home or abroad, whom Rega calls on for the purposes of providing assistance. In the event that assistance is provided, the personal data are forwarded to the relevant country, which fundamentally may be any country in the world. If the receiving country does not provide an adequate level of data protection, Rega discloses the personal data pursuant to Article 49(1)(f) GDPR or Article 17(1)(b) and (d) FADP or Article 6(1)(b) and (d) GDPR.
Rega also uses service providers in particular in connection with the coverage of costs, assessing the obligation to provide a service, hosting and operating the website, providing printing services, updating addresses and processing payments. Rega also uses external service providers within the framework of its marketing measures, including postal advertising mailings to potential, existing and/or former patrons, as well as the administration relating to the dispatch of the newsletter by e-mail. Rega selects its service providers carefully and ensures contractually that these service providers only process your data in the same way that Rega would be permitted to do.
Rega points out that it is possible that your data are processed by our service providers both in the EU/EEA and in countries without an adequate level of data protection. In the event that Rega uses such providers in insecure countries, the legal basis for the transfer of data is pursuant to Article 46(1)(c) GDPR or Article 16(2)(d) FADP.
In order to clarify the issue of costs, Rega also forwards the patronage data to Swiss Alpine Rescue (ARS) in the event that the rescue was carried out by this organisation.
In the event of a major incident abroad, in collaboration with other rescue organisations, Rega uses the Crisis Information Management System (CIMS) in order to exchange personal and mission data. All the data and information that is processed via the CIMS is also displayed to the other rescue organisations involved for the purpose of coordinating the large-scale mission. The data are stored for 30 days and then deleted. Subsequently it is stored in a backup for a further 7 days.
In the context of repatriation, WhatsApp (WhatsApp Inc., 650 Castro Street, Suite 120-219, Mountain View, California, 94041, USA) may also be used to make further clarifications. This happens if you initiate a conversation with Rega via WhatsApp, or in exceptional cases if health personnel contact Rega via this medium because no alternatives are available (e.g. due to the network connection in the country concerned). If you write a WhatsApp message to Rega, you are transmitting your telephone number, which according to WhatsApp is stored on secure servers and is not passed on to third parties. Rega processes this data for the purpose of communication. The content is transmitted in encrypted form between the sender and the recipient. The metadata – such as, in particular, telephone number, device information, type and frequency of use, IP address and Facebook Messenger ID (if Facebook Messenger is installed at the same time) – constitute personal data and are transmitted to WhatsApp in unencrypted form. WhatsApp is therefore able at any time to track who has communicated with whom from which location via which end device and for how long.
By using WhatsApp, you agree to WhatsApp’s Terms of Service, which means in particular that you grant WhatsApp Inc. access to both your telephone number and the contacts stored on your phone. You can find further information on how WhatsApp collects and uses your data in its Privacy Policy: https://www.whatsapp.com/legal
7 Rights of data subjects
You have the right to obtain information concerning your data and to have it rectified, restricted or erased, as well as, where applicable, the right to data portability. These rights exist to the extent that no statutory retention periods or other legitimate or overriding interests on the part of Rega conflict with your request. You have the right at any time to revoke consent previously given relating to the processing of your data and also have the right to object to us processing your data, in particular for the purposes of direct marketing (Article 21 GDPR or Article 30 (2)(b) FADP).
In addition, you have the right, insofar as this applies to you, to lodge a complaint with the data protection supervisory authority responsible (Article 77 GDPR).
Corresponding requests, as well as revocations or objections, can be sent to the address given in Chapter 10 below.
8 Cookies, analytical tools and social media plugins
8.1 General purposes
- When you use the website, we process your personal data for the purposes described in the following chapters and for the following purposes:
- Provision and further development of our offers, services and websites;
- Provision of our business operations, in particular IT;
- Securing evidence for the assertion of legal claims and defence in connection with legal disputes and official proceedings;
- Fulfilment of legal obligations (in particular retention obligations).
8.2 Cookies
Rega uses cookies on its website. These are small text files that are stored on your device. Your browser accesses these files. The cookies used by the Rega web servers do not pose a security risk for your computer system. Moreover, they do not store any personal or security-relevant data. The information retained in the cookies can only be retrieved by the sender of the cookies, but not by third parties.
Rega additionally points out that the website can also be visited with the cookies disabled, although in this case certain convenience features will no longer be available. You can find out from the browser provider how to disable the storage of cookies permanently, temporarily or upon the corresponding request by the browser.
Rega uses pixels or transparent GIF files to support online advertising. These GIF files are provided by our advertisement management partner, Adveritas. The cookie was set by Adveritas. The information collected by means of cookies is anonymous and not personally identifiable. It does not contain your name, address, telephone number or e-mail address. You can find further information about Adveritas here (in German): https://adveritas.ch/datenschutzerklaerung
The legal basis for the processing of personal data using technical cookies is a legitimate interest (operation of the website) pursuant to Article 6(1)(f) GDPR or Article 31(1) FADP. The legal basis for the necessary processing of personal data using cookies for analytical purposes is consent by the user pursuant to Article 6(1)(a) GDPR or Article 31(1) FADP.
8.3 Web analysis
Google Analytics
Subject to your consent, Rega uses Google Analytics on its website, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in order to analyse and optimise website usage. For this purpose, Google uses cookies that enable it to analyse the usage of a website. The legal basis for processing this data is consent (Article 6(1)(a) GDPR or Article 31(1) FADP). Among other things, the following usage data are collected when you visit our website:
- the pages viewed;
- your browsing activity on the website (e.g. clicks, scrolling, length of stay);
- technical information such as the browser type and version, end device or screen resolution;
- the address (URL) of the website from which you accessed the Rega website;
- orders placed in the Rega shop;
- the achievement of website targets, e.g. patronages registered or enquiries/requests;
- the IP address of your end device;
- your approximate location (country and city).
These data can be transferred to a Google server in the USA. Rega has concluded a data processing agreement with Google. Google possesses Swiss–U.S. Data Privacy Framework and EU–U.S. Data Privacy Framework certification.
Google uses this information in order to analyse your usage of the website, to compile reports for the website operator concerning website activities and to provide additional services relating to usage of the website and the internet. Google may under certain circumstances also transfer this information to third parties if required to do so by law or where such third parties process these data on behalf of Google. You can prevent the installation of cookies through the appropriate settings on your browser software; please note, however, that if you do so, you may not be able to fully use all the features on this website. By using this website, you are deemed to have consented to the processing of the data collected by Google relating to you in the manner described above and for the purpose described above. With regard to the collection of IP addresses by Google Analytics, we would like to point out that we use Google Analytics with the extension “anonymizeIp()”. This means that IP addresses are only processed further after being abbreviated, in order to prevent any direct link being made to a specific person.
Based on this information, Rega receives analyses from Google. Google Analytics also enables data, meetings and interactions across multiple end devices to be allocated to a pseudonymised user ID, and thus to analyse website usage across multiple devices. In addition, the Privacy Policy of Google Inc. applies and prevails over this Privacy Policy in the event of any discrepancy. Further information can be found in the Privacy Policy of Google Inc.
You can prevent Google Analytics from being used by installing an add-on in your browser. You also have the option of revoking any consent granted to the relevant providers or of objecting to processing by them via Google, for example at: adssettings.google.com/anonymous;
Google reCAPTCHA
Google reCAPTCHA is used to protect this website and its associated functions. This is a service provided by Google Ireland Limited, Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (“Google”). This service is used to distinguish whether an input is made by a natural person or abusively by automated machine-based processing (e.g. bots). The service involves sending the IP address and any further data required by Google for the reCAPTCHA service to Google.
This analysis begins automatically as soon as the website is accessed. The collected data is forwarded to Google and processed there. The legal basis for this data collection is the legitimate or overriding interest (prevention of misuse and spam) on the part of Rega (Article 6(1)(f) GDPR or Article 31(1) FADP).
The use of Google reCAPTCHA may also involve the transfer of personal data to the servers of Google LLC in the USA. Google possesses Swiss–U.S. Data Privacy Framework and EU–U.S. Data Privacy Framework certification.
Further information on Google reCAPTCHA can be found in the Google Privacy Policy.
Hotjar
This website uses Hotjar Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta (“Hotjar”) to better understand the needs of our users and to optimise the offerings and experience on this website. With the help of Hotjar’s technology, Rega gains a better understanding of the user experience (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps to tailor Rega’s offering to user feedback. Hotjar works with cookies and other technologies to collect data about the behaviour of users and about their end devices, in particular the IP address of the device (this is only recorded and stored in anonymised form while you are using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), and preferred language for displaying the Rega website. Hotjar stores this information on behalf of Rega in a pseudonymised user profile.
The legal basis for this is consent pursuant to Article 6(1)(a) GDPR and Article 31(1) FADP.
Further information can be found under the following link: Privacy FAQs – Hotjar Documentation
8.4 Social media plugins
Various social media plugins are installed on the Rega website using the 2-click method. These are only enabled when you click on the provider’s icon. This means that connection is not established automatically and no data are automatically transmitted to social media services when you access the website. Only when you click on the icon does your browser establish a connection to the servers of the operators of the social media services, whereby the provider is notified of your visit to the Rega website as well as your IP address.
We have no influence on how the social media service providers process your data. For further information, please refer to the relevant privacy policies; the appropriate links can be found below. The legal basis in this regard is consent (Article 6(1)(a) GDPR or Article 31(1) FADP), provided that you have clicked on the icon. Please note that due to the embedding of the social media plugins, it is possible that your data may be processed in the EU/EEA, as well as in countries without an adequate level of data protection. If we use such providers in insecure countries and you give your consent, the legal basis for the transfer of this data is pursuant to Article 49(1)(a) GDPR or Article 17(1)(a) FADP. If you do not wish your data to be processed accordingly by the enabled plugins, you should ensure that you refrain from clicking on the corresponding icons.
Facebook
Rega also uses Facebook social plugins on its website, which are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. Their integration can be recognised by the Facebook logo or the terms “like” and “share” in the Facebook colours (blue and white).
The plugin informs Meta Platforms that you have visited our website. In this context, it is possible that your IP address will be stored. If you enable the plugin on our website, the information specified in it is linked with your Facebook account. If you use the features of the plugin – for instance by sharing or “liking” a contribution – the corresponding information is similarly transmitted to Meta Platforms.
If you wish to prevent Meta Platforms from linking these data with your Facebook account, you should refrain from clicking on the Facebook Icon.
Information on all Facebook plugins can be found at the following link: https://www.facebook.com/privacy/policy/
Instagram
Rega uses Instagram social plugins on its website, which are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. The plugins are identified by means of an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of the Instagram plugins and what they look like here:
Introducing Instagram Badges for Webpage Embedding | Instagram Blog
If you enable the plugin on our website, Instagram receives the information that your browser has opened the corresponding page on our website even if you do not have an Instagram profile or are not logged into Instagram at the time. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly attribute the visit to our website to your Instagram account. If you interact with the plugins – for example, by clicking on the “Instagram” button – this information is also transmitted directly to an Instagram server and stored there. Furthermore, the information is published on your Instagram account and displayed to your contacts. For more information about the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this respect and the settings options for the protection of your privacy, please consult the Instagram Data Policy.
YouTube
Rega uses YouTube plugins on its website. The operator is Google, San Bruno, CA 94066, USA.
To prevent the third-party provider from automatically receiving information about you, you will only see locally stored preview images of videos on the Rega website. Information is only shared with the provider when you click on the preview image and on doing so load the content of the third-party provider. The provider receives the information that you have accessed our site, as well as technically necessary usage data. The legal basis for this is consent pursuant to Article 6(1)(a) GDPR or Article 31(1) FADP, provided that you have clicked on the preview image.
We have no influence on how the provider processes your data. You can find more information on the handling of user data in YouTube’s Privacy Policy.
Pinterest
Rega has a Pinterest account. Please check carefully what personal data you share with us via Pinterest. Rega would like to point out that Pinterest stores its users’ data and may also use it for commercial purposes. Rega has no influence on the collection and further processing of data by Pinterest. Further information on Pinterest’s data processing can be found in Pinterest’s privacy policy.
TikTok
Rega has a TikTok account. Please check carefully what personal data you share with us via TikTok. Rega would like to point out that TikTok stores its users’ data and may also use it for commercial purposes. Rega has no influence on the collection and further processing of data by TikTok. Further information on TikTok’s data processing can be found in TikTok’s privacy policy.
9 Technical and organisational measures
Rega undertakes all reasonable and appropriate technical/organisational steps to ensure the security of the personal data.
10 Contact details of the Data Protection Officer
If you have any questions, you can contact Rega at the following address:
Swiss Air-Rescue, Data Protection Officer, PO Box 1414, 8058 Zurich Airport, Switzerland.
11 Contact details of the EU representative
Our representative in the EU is: VGS Datenschutzpartner AG, Am Kaiserkai 69, 20457 Hamburg, Germany.
12 Amendments
Rega may amend this Privacy Policy at any time without prior notice. The current version published on the Rega website, shall apply.