Privacy Policy
Last updated: 2026-04-22
Introduction
This privacy policy describes how the practice processes the personal data collected via this website and within the care relationship.
Processing is carried out in accordance with the Swiss Federal Act on Data Protection (nFADP, in force since 1 September 2023) and, where applicable, the European Union General Data Protection Regulation (GDPR).
Data controller
Data controller within the meaning of the nFADP (and, where applicable, the GDPR):
Dr Coraline Zhiti — Orthopaedic surgery and musculoskeletal traumatology.
The practice addresses are listed at the bottom of the page. For any data protection matter, please write to: cabinet.zhiti@hin.ch or call +41584451100.
Categories of data processed
Depending on the context, we may process the following categories of data:
• Identification and contact data: first and last name, postal address, e-mail address, phone number, date of birth.
• Health data (sensitive data under Art. 5 lit. c nFADP): reason for consultation, medical history, imaging, operative reports, medical correspondence.
• Administrative data: health insurance information, billing data.
• Appointment data: date, time, office, reason provided during online booking.
• Technical data: IP address, session identifier, browser type, pages visited (collected only after consent to audience-measurement cookies).
Purposes and legal bases
Data is processed for the following purposes:
• Providing medical services and clinical follow-up — performance of the care contract (Art. 31 para. 2 lit. a nFADP; Art. 6(1)(b) GDPR).
• Maintaining the medical record and meeting legal documentation obligations — legal obligation (Art. 31 para. 2 lit. c nFADP; Art. 6(1)(c) GDPR; Art. 321 CO and cantonal health legislation).
• Managing appointments, sending reminders and confirmations by e-mail or SMS — performance of the contract / legitimate interest in efficient practice organisation.
• Responding to requests submitted via the contact form — legitimate interest and, where applicable, consent.
• Measuring site audience and improving user experience — consent (Art. 6(1)(a) GDPR).
• Ensuring site security and preventing abuse — legitimate interest.
Retention periods
Retention periods are as follows:
• Medical record: at least 20 years after the last consultation, in accordance with Swiss practice (Art. 321 CO and applicable cantonal legislation).
• Billing and accounting records: 10 years (Art. 958f CO).
• Online appointment booking data and administrative correspondence: 3 years after the last contact.
• Messages sent via the contact form: 2 years.
• Cookies and trackers: according to each cookie's own duration, as indicated in the "Manage cookies" panel.
Recipients and processors
Your data may be shared, only to the extent strictly necessary, with the following recipients:
• Medical and administrative staff of the practice, bound by professional secrecy (Art. 321 SCC).
• Fellow physicians, hospitals and laboratories involved in your care, with your agreement.
• Insurers and billing services, for reimbursement of services.
• Technical providers acting as processors:
– Brevo (transactional e-mail delivery);
– AspSMS (SMS reminders and confirmations);
– Google Ireland Ltd. (Google Tag Manager and Google Analytics, only after consent, with Consent Mode v2);
– OneDoc (online appointment booking);
– the website hosting provider (see the legal notice).
• Public authorities where required by law.
Transfers outside Switzerland or the EU
Some processors may handle data outside Switzerland or the European Economic Area (notably Google).
Such transfers are subject to appropriate safeguards: adequacy decisions, standard contractual clauses adopted by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC), or additional technical measures.
Cookies and audience measurement
The site uses cookies strictly necessary for its operation (session, security, language preference) as well as audience-measurement cookies (Google Analytics via Google Tag Manager, using Consent Mode v2) which are only placed after your explicit consent.
You can accept, refuse or withdraw your consent at any time by clicking the "Manage cookies" button at the bottom of every page.
Your rights
In accordance with the nFADP and, where applicable, the GDPR, you have the following rights:
• right of access to your data and to obtain a copy of the medical record;
• right to rectification of inaccurate or incomplete data;
• right to erasure, to the extent no legal retention obligation prevents it;
• right to restriction of processing;
• right to data portability;
• right to object to processing based on legitimate interests;
• right to withdraw consent at any time;
• right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, Feldeggweg 1, 3003 Bern) or, for persons residing in the EU, with their national supervisory authority.
To exercise your rights, send your request, together with a copy of an identity document, to cabinet.zhiti@hin.ch. A reply will be provided within 30 days.
Security
The practice implements appropriate technical and organisational measures to protect your data against loss, alteration or unauthorised access: encrypted communications (HTTPS/TLS), access control, regular backups, security updates and staff bound by professional secrecy.
Automated decisions and profiling
No decision producing legal effects concerning you, or significantly affecting you, is made solely by automated means. No profiling is carried out for commercial purposes.
Changes to this policy
This policy may be amended to reflect legal, technical or organisational developments. The version in force is the one published on this page; the date at the top indicates the most recent update.
Contact us
For any question regarding this policy or the exercise of your rights, you can contact us:
• by e-mail: cabinet.zhiti@hin.ch
• by phone: +41584451100
• by post, at the practice address given in the legal notice.
Practice addresses
- Health Space of the Outpost, 1st floor — Avenue de l'Avant Poste, 4, 1005 Lausanne, Suisse
- Oculus Clinic, 2nd floor — 62 Lausanne Street, Renens, Switzerland