HOME

Therapeutic programs

Treatments

Apheresis⁺ Excellence

Continuous Health

LONGEVITY

Chronic Conditions

Advanced Diagnostics

About Elysium Institut

The Team

ARTICLES

CONCIERGE SERVICE

Contact

reception@elysiuminstitut.ch

+41 44 244 83 83

Zürich cityscape overlooking Lake Zürich — Elysium Institute

Close

Data Privacy

Terms

Home
Terms
Data Privacy
Request a consultation

Privacy Policy (Datenschutzerklärung)

Controller: Elysium Institut AG, Tödistrasse 7, 8002 Zürich, Switzerland · E-mail:reception@elysiuminstitut.ch · Tel: +41 44 244 83 83

1. Who we are and scope

Elysium Institut AG operates an apheresis competence centre in Zurich offering longevity, preventive-medicineand chronic-disease services. This Privacy Policy informs you — in accordance with Art. 19 et seq. of the Swiss Federal Act on Data Protection (FADP) and, where applicable, Art. 13/14 of the EU General Data Protection Regulation (GDPR) — how we process personal data when you visit our Website, contact us, subscribe to our newsletter, or become a patient.

It applies to all individuals regardless of nationality or residence, including visitors from Switzerland,the EU/EEA, the UK, the United States and elsewhere.

Note for US residents: Elysium Institut AG is a Swiss healthcare provider and is not a "covered entity" under the US Health Insurance Portability and Accountability Act(HIPAA). Your information is instead protected by Swiss law — including the FADP and the criminal-law medical secrecy duty under Art. 321 of the Swiss Criminal Code — and, where applicable, the GDPR, which provide a comparable or stricter level of protection.

DPO - appointed Data Protection Officer is Mr. Ashly Fusiarki.

2. Categories of data we process

•      Website usage data: IP address, device/browser information, pages visited, referrer, date and time (server logs; analytics subject to your cookie consent — see our Cookie Policy).

•      Contact data: name, e-mail, telephone number and the content of your message, including any files you attach via our contact form (protected by Google reCAPTCHA).

•      Newsletter data: e-mail address and subscription status (double opt-in; you may unsubscribe at any time via the link in each e-mail).

•      Enquiry and pre-admission data: information you volunteer about your health situation when requesting a consultation. This is sensitive personal data (Art. 5(c) FADP; Art. 9 GDPR) and is handled under heightened safeguards.

•      Patient and treatment data: medical history,diagnostics, laboratory results, treatment records, billing and insurance data— processed within our clinical systems, not through this Website, and subject to medical confidentiality.

3. Purposes and legal bases

Purpose

Legal basis (GDPR, for EU/EEA persons)

Swiss position (FADP)

Operating  and securing the Website

Legitimate  interests (Art. 6(1)(f))

Lawful  processing under the FADP principles (Art. 6 FADP); no separate justification  required absent a personality violation

Responding to enquiries

Pre-contractual steps (Art. 6(1)(b)); explicit  consent for health details (Art. 9(2)(a))

Consent for sensitive data where required (Art.  6(6)–(7) FADP)

Newsletter

Consent  (Art. 6(1)(a))

Consent /  opt-in per Art. 3(1)(o) UCA

Analytics & marketing cookies

Consent (Art. 6(1)(a))

Information + choice per Art. 45c TCA and FDPIC  cookie guidelines; opt-in applied

Medical  treatment & care

Art.  9(2)(h) GDPR (provision of health care) and contract

Mandate  relationship (Art. 394 et seq. CO); professional secrecy (Art. 321 SCC)

Legal obligations (accounting, medical record  retention)

Art. 6(1)(c)

Statutory retention duties (e.g. 10-year  business-record retention; cantonal medical record retention rules)

 

4. Recipients and processors

We share personal data only with: (a) our website, hosting and IT providers (currently Webflow platform infrastructure); (b) Google (reCAPTCHA, Analytics, TagManager — subject to consent); (c) laboratories, referring physicians and insurers only with your consent or where the law permits; (d) professional advisers and authorities where legally required. All processors are bound by data processing agreements under Art. 9 FADP / Art. 28 GDPR.

5. International transfers

Your data is hosted and processed in Switzerland and/or the EU/EEA where possible. Where data is transferred to the United States, we rely on the Swiss–US DataPrivacy Framework and the EU–US Data Privacy Framework for certified recipients (Swiss adequacy decision in force since 15 September 2024), and otherwise on EU Standard Contractual Clauses with Swiss-law amendments and, where appropriate, transfer impact assessments (Art. 16–17 FADP; Art. 46 GDPR).

6. Retention

We keep personal data only as long as necessary for the stated purposes or as required by law: contact enquiries [12–24 months]; newsletter data until unsubscription; accounting records 10 years (Art. 958f CO); medical records at least 10–20 years depending on applicable cantonal health legislation (Canton of Zurich rules apply). Thereafter data is deleted or anonymised.

7. Security

We apply appropriate technical and organisational measures (Art. 8 FADP; Art. 32 GDPR): encryption in transit,access controls on a need-to-know basis, staff confidentiality undertakings reinforced by Art. 321 SCC medical secrecy, and segregation of clinical systems from the public Website.

8. Your rights

•      All individuals (FADP): right to information/access (Art. 25 FADP), rectification, deletion, restriction of processing, objection, data portability (Art. 28 FADP), and the right not to besubject to a purely automated decision with significant effects (Art. 21 FADP).We do not currently use automated individual decision-making or high-riskprofiling.

•      EU/EEA/UK individuals (GDPR): correspondingrights under Art. 15–22 GDPR, plus the right to withdraw consent at any time(without affecting prior processing) and to lodge a complaint with yoursupervisory authority.

•      How to exercise: e-mail reception@elysiuminstitut.ch. We respond within 30 days (FADP) / one month (GDPR). Identity verification maybe required to protect your records.

•      Supervisory authority (Switzerland): FederalData Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern.

9. Minors

Our services and Website are directed at adults. We do not knowingly collect data from children without theconsent of a holder of parental responsibility.

10. Changes

We may update this Policy toreflect legal or operational changes; the current version on this page applies. Material changes affecting patients will be communicated directly where feasible.

 

Legal NoticeWebsite Terms of UseCookies PolicyData PrivacyRefund Policy