Privacy policy
PURPOSE OF THIS PRIVACY POLICY
The information in this privacy policy applies to the processing of personal data on the website of GET CHECKED GmbH (“GET CHECKED”) and is intended to inform the user affected by the data processing, in particular about the purposes of processing, legal bases, the scope of processing, recipients, storage periods, and their rights.
PURPOSE OF DATA PROCESSING
The GET CHECKED website serves to provide the user with information about GET CHECKED and services in the field of sexual health. In particular, it enables the user to gain in-depth information on the topic of sexually transmitted infections (STIs) and on opportunities to get tested at testing centers trained and certified by GET CHECKED.
Against this background, the purpose of processing the user’s personal data is to grant them the smoothest possible technical access to the relevant information and to offer an appealing user experience. GET CHECKED does not use user data for purposes other than those mentioned. In particular, no user data is collected for commercial exploitation for other purposes. No medical or other particularly sensitive information about the user’s health is collected via the GET CHECKED website.
DATA CONTROLLER / CONTACT POINT FOR DATA PROTECTION CONCERNS
Legally responsible for data processing on the GET CHECKED website is GET CHECKED GmbH, Switzerland (“the Controller”). For the address and further details about GET CHECKED, please refer to the Imprint.
All data protection concerns related to the use of the GET CHECKED website, especially requests for information, deletion, correction, and objection, should be addressed to the address shown in the Imprint, with the note “Data Protection”.
LEGAL BASES FOR DATA PROCESSING
GET CHECKED has prepared this privacy policy based on the Swiss Federal Act on Data Protection (“FADP”) of September 25, 2020, as of September 1, 2023. The privacy policy is also guided by the EU General Data Protection Regulation (“GDPR”). This ensures a high level of protection and transparency. However, as the website is exclusively aimed at a Swiss audience, the applicability of the FADP is to be assumed.
With regard to the terminology used, such as “personal data” or its “processing,” reference is made to the definitions in Art. 5 FADP.
PRINCIPLES OF DATA PROCESSING
Personal data is processed by GET CHECKED in accordance with, among others, the following legal principles:
- Processing is carried out in good faith and must be proportionate;
- Processing is carried out only for the purposes identifiable to the data subjects and only to the extent compatible with these purposes;
- The data is destroyed or anonymized as soon as its processing is no longer necessary and as long as no legally provided exceptions exist;
- Data that is recognizably incomplete or incorrect is corrected or deleted;
- Consents of the data subjects to data processing are only valid if given voluntarily after adequate information;
- The principles of “Privacy by Design” and “Privacy by Default” are observed.
SCOPE OF DATA PROCESSING
As a rule, the user can access all pages of this website without providing any personal information. GET CHECKED reserves the right to keep limited records of website usage for statistical purposes (for example, to determine on which days there are particularly high numbers of visits or which offers are used), whereby access data is stored in a log file that could be used to identify the user. Specifically, the following data is collected:
- User’s IP address (however, this is automatically anonymized before being stored)
- Date and time of access
- Name of the accessed file
- Access status (successful, partially successful, unsuccessful, etc.)
- Website from which the access was made
- Web browser used
- Operating system used
This data is stored in the log files of GET CHECKED’s IT system. This data is not stored together with other personal data of the user. The collection of this data by the system is necessary to enable the transmission of the website’s information to the user’s device. Furthermore, this data serves the Controller to optimize the website, ensure system security, and prevent abuse (e.g., through automated mass queries, spam, etc.).
Due to the anonymization of the IP address, it is impossible to draw conclusions about specific users. The user-specific IP address is therefore not merged with other data, and a personal evaluation is not possible and does not take place. Access to user data is only possible for a few individuals—specially authorized by GET CHECKED and contractually bound to confidentiality—who are involved in the technical maintenance of the protected servers.
STORAGE / ARCHIVING
GET CHECKED has no general obligation to retain user data. It is primarily the user’s responsibility to keep data relevant to them available and, if necessary, to archive it.
GET CHECKED deletes user data as soon as its storage is no longer necessary for the fulfillment of the processing purpose, but at the latest after ten years, unless legal retention obligations or overriding interests of GET CHECKED require longer storage.
User-related log files are deleted from the server after 30 days at the latest and are then available in the backup for another 30 days before being completely deleted.
CONFIDENTIALITY / DISCLOSURE TO THIRD PARTIES
Unless expressly mentioned in this privacy policy, such as in the area of data processing by contractors or in the area of third-party services, or unless intended for disclosure for a recognizable purpose, user data is treated confidentially and no user data is passed on to third parties or sold to third parties for their own purposes. Excluded from this are legally mandatory disclosures to third parties, e.g., as a result of an official or court order.
DISCLOSURE ABROAD
The website’s data, including user data, is stored and processed on protected servers in Switzerland or in states of the EU/EEA. No user data is transferred to countries outside the EU/EEA unless explicitly stated in this privacy policy, particularly in the section on third-party services.
NOTE REGARDING DATA TRANSFERS TO THE USA
The Controller points out that in cases where data is transferred to the USA, there is a risk of access by US authorities under US law. This occurs without differentiation, limitation, or exception based on the objectives pursued and without an objective criterion that would allow limiting the access of US authorities to the data and its subsequent use to very specific, strictly limited purposes that could justify the interference associated with both the access to and the use of this data. Furthermore, we point out that in the USA, there are no legal remedies available to data subjects from Switzerland comparable to the situation under the FADP, which would allow them to obtain access to the data concerning them and to have it corrected or deleted, or rather, there is no effective judicial protection against general access rights of US authorities. We explicitly inform the user of this legal and factual situation in order to make a correspondingly informed decision to consent to the processing of their data in the USA.
DATA PROCESSING BY PROCESSORS
The Controller is entitled to have the user’s personal data processed by contractually bound external service providers or processors. However, these must be legally or contractually obliged to the same extent as the Controller to comply with data protection law and confidentiality. They may not process user data to a greater extent than the Controller itself would be allowed to. The Controller is also obliged to regularly ensure that the commissioned data processors are able to guarantee data security.
A current list of the data processors used by the Controller for the purposes of operating the website, as well as the scope of the processing of personal data carried out by the processors, will be provided to the user upon request by the Controller, provided that no overriding interests prevent this.
DATA SECURITY (TOM)
To ensure data security, technical and organizational measures (TOM) according to the current state of the art are used by the Controller and its processors. Upon request, and provided that the data security of other users is not endangered, the Controller will provide the user with more detailed information about the TOMs taken.
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that the user sends to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
USE OF COOKIES
This website uses cookies. These are small files stored on the user’s computer to track their website visit and their preferences apparent from the use of the website. Cookies show how users navigate the website and can also be used to save user settings between visits. Cookies are stored on the user’s end device and transmitted from it to the website.
Some of the cookies used on the Controller’s website are so-called “session cookies”. They are automatically deleted at the end of the user’s visit. Other cookies remain stored on the user’s end device until they are deleted. These cookies allow the Controller to recognize the user on their next visit. They contain an identification number with which the Controller can identify the querying device computer. This allows the Controller to improve its services when the user visits the website repeatedly. However, it is not possible to link personal data to this identification number.
When accessing the website, the user is given the opportunity via a pop-up display to consent to the use of cookies or to restrict or disable the use of cookies. The user can also set their web browser to display a warning on the screen before a cookie is saved or to restrict or completely prevent the creation of cookies. The user can also delete cookies retrospectively via their web browser or activate the automatic deletion of cookies when closing the browser. The user can find out how to make cookie settings via the help functions of their browser.
The user should note that if cookies are deactivated or deleted, for technical reasons it may not be possible to use all functions of the website to their full extent.
USE OF THIRD-PARTY SERVICES
The Controller uses content or service offers from third-party providers within the website in order to be able to integrate their content and services, such as videos or fonts, into the website (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content detect the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Such information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offer, and can also be linked with such information from other sources. Depending on the third-party service, other information about the user may also be collected, used for the third-party provider’s own purposes, and possibly processed abroad.
The user acknowledges in particular that the Controller cannot assume any responsibility for the processing of personal data within the scope of such third-party services due to a lack of influence. The Controller endeavors to use only such content whose respective providers use the IP address only for the delivery of the content, but cannot guarantee this due to a lack of influence. Such third-party services and, consequently, the scope of user data processing change constantly as a result of updates, bug fixes, new releases, or other program modifications. The corresponding descriptions of the third-party services in this privacy policy therefore only serve as a rough guide for the user about the content and scope of data processing by such services as well as objection possibilities (so-called opt-out). The Controller endeavors to update the descriptions regularly, but cannot guarantee that the information is always up-to-date. It recommends that the user regularly inform themselves directly from the respective third-party service provider about the content of such services or the scope of the associated user data processing.
Specifically, GET CHECKED uses the following third-party services:
Google Analytics
This website uses Google Analytics, a web analytics service of Google Ireland Limited. If the controller for data processing on this website is located outside the European Economic Area or Switzerland, then the Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.
With the statistics obtained, we can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under “My data”, “personal data”.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website, Google Analytics has been extended by the code “_anonymizeIp();” to ensure anonymized collection of IP addresses. This means that IP addresses are processed in a shortened form, which excludes the possibility of personal reference. If the data collected about you has a personal reference, this is immediately excluded and the personal data is deleted immediately.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet use to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.
Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Disable Google Analytics. This stores an opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your end device, these opt-out cookies will also be deleted, meaning you will have to set the opt-out cookies again if you wish to continue preventing this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer, or other end device.
Google Maps
This website uses the Google Maps service. This allows us to display interactive maps directly on the website and enables you to comfortably use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. For more information on the purpose and scope of data collection and its processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit: https://policies.google.com/privacy?hl=en&gl.
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/
USER’S RIGHTS
Subject to legally provided or contractually agreed exceptions, the user has the following rights regarding user data:
- The right to information about data processing (Art. 19 FADP)
- The right of access (Art. 25 FADP)
- The right to rectification of data (Art. 6 para. 5 FADP; 32 para. 1 FADP)
- The right to erasure of data (“right to be forgotten”; Art. 6 para. 4 FADP; 32 para. 2 lit. c FADP)
- The right to object to and to restrict (“block”) or stop the processing of data (Art. 30 para. 2 lit. b; 32 para. 2 lit. a, b FADP)
- The right to withdraw consent to data processing (Art. 30 para. 2 lit. b FADP)
- The right to data portability (Art. 28 FADP)
- The right to information in the case of automated individual decisions (Art. 21 FADP)
In the event of withdrawal of consent for the processing of user data, a request for restriction of data processing, or a request for the deletion of user data, the user data will be deleted by the Controller, unless legal retention obligations or overriding interests of the Controller prevent this. In this case, in particular, the Controller will restrict the use of user data to the legally required purposes. User data required for order processing or for commercial purposes are not affected by this. In all of these cases, the user accepts that no or only limited personalized services can be provided.
For questions regarding the processing of personal data or for other data protection concerns, the user can contact the Controller via the contact point specified above under the title “Controller / Contact Details”. To prevent misuse, the Controller will only respond to data protection inquiries in writing and upon presentation of proof of identity (copy of your passport or ID). The information is free of charge and is usually provided within 30 days.
COMPETENT SUPERVISORY AUTHORITIES
The competent authority for concerns regarding data protection in the processing of user data by private individuals, insofar as persons in Switzerland are affected or the data is processed from Switzerland, is the Federal Data Protection and Information Commissioner (FDPIC). He can investigate violations of data protection regulations ex officio or upon notification and can order that the processing be adjusted, interrupted, or stopped in whole or in part. He also advises private individuals on data protection issues, provides information to affected persons upon request on how they can exercise their rights, and can file a report with the competent criminal prosecution authority. The contact details of the FDPIC can be found at https://www.edoeb.admin.ch.
JURISDICTION / APPLICABLE LAW
Unless mandatory law provides otherwise, Swiss law is solely applicable, to the exclusion of international conflict of laws. The exclusive place of jurisdiction, apart from mandatory legal jurisdictions, is the seat of the Controller.
Köniz, June 2025
GET CHECKED GmbH