Privacy Notice

Home > Privacy Notice

Medinova.ch Global Privacy Notice

This information notice is due because both FADP (the Swiss Federal Act on Data Protection) and GDPR (the General Data Protection Regulation) require to inform data subjects (i.e. you) about what we do with personal data, for what reason, for how long we store and with whom we share it.

We based this document on these two laws because Medinova operates globally but it is a Swiss-based company.

Name and contact details of controller

The controller, which is the entity deciding what to do with your personal data, is:
Medinova AG with its registered office at Eggbühlstrasse 28, 8050 Zürich, Switzerland  – email: dataprotection@medinova.ch.

Why we use your personal data and based on what (i.e. legal bases used)

We process your personal data for several purposes when you interact with our website, such as:

  • Service Provision: making sure our services work, ensuring functionality and security of our systems, maintaining our services  for administrative purposes, including the storage of log files in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our services;
    • Generally, this purpose is based on a performance of a contract (or pre-contractual measures) along with the pursuit of our legitimate interests.
  • Contact: Processing and answering your contact requests and providing a contact form
    • This purpose is based on the pursuit of our legitimate interest because it is generally not related to a specific contract.
  • Marketing: Providing marketing tools which create user profiles about interests, allocate advertising categories, serving personalised ads, evaluate marketing campaigns, do retargeting activities, conversion tracking, cross-site and cross-device tracking, matching of email addresses with social media partners.
    • This purpose is based on the collection of a valid and specific consent from you.
  • Newsletter: providing you with newsletter services based upon your specific request and/or the act of filling out a form.
    • This purpose is based, implicitly, on a contract we have signed with you although this may be simply because you opted-in or clicked in a tick box).
  • Event Invitation: we may ask you to participate or register in an event we organise (or we participate as well).
    • This purpose is based on a contract we may sign with you.
  • Adverse event (AE) managing, investigation and reporting: in case there is an adverse reaction (or a suspect of) in relation to one of our products, we have to collect personal data (including sensitive ones).
    • This purpose is based on both a legal necessity (statutory pharmacovigilance obligations under the Therapeutic Products Act) and the pursuit of a public interest.

In addition to the above, also the following processing activities may be performed by us via this website:

  • To invite you to participate in an online survey.
    • Legal basis: performance of a contract.
  • To prevent fraud or other illegal activities, such as willful attacks to MEDINOVA information technology systems.
    • Legal basis: legitimate interest.
  • To establish or preserve a legal claim or defense or to support any legal or criminal investigation.
    • Legal basis: legitimate interest.
  • And otherwise to the extent as required by applicable laws (e.g. laws on cybersecurity).
    • Legal basis: fulfilling a specific law requirement.

We may collect your personal data by tracking how you interact with our website, for example by using cookies. We may collect the Internet Protocol (IP) address, a number assigned to your computer whenever you access our website to conduct system administration and report aggregated information to affiliates, business partners and/or vendors who conduct website analysis and website performance reviews on our behalf. We may further collect your utilization data, e.g. information on the beginning, end and extent of each access, and information on the telecommunications services you accessed. In some instances, we may ask for your consent for collecting and using your personal data for the purposes as outlined in this Privacy Notice, in particular for sending you marketing materials, such as explanatory brochures and information or newsletters or when you submit contact forms or participate in any online survey.

Lastly, we may further anonymize, and/or aggregate data collected through this website for statistical purposes to help us improve the website and related services.

Categories of personal data processed

The processing may include the following categories of data, depending on the case:

  • Applicant data: e.g. applicant’s master and contact data, certificates, CV, salary expectations and other employment related info;
  • Contact information data: e.g. name, surname, email and telephone and any other information that may be disclosed in the form;
  • Contract data: e.g. order information, shipping address;
  • Health-related data: e.g. condition of pre-menopause or menopause;
  • Web-traffic data: e.g. cookies, IPs and time-stamps;
  • Newsletter-related data: e.g. contact details, employment-related information;
  • Adverse event related data: e.g. patient name, age, gender, type or reaction.

Cookies and usage tracking

We use cookies, small text files that are automatically placed on your computer’s hard drive when you access certain websites and similar technologies, directly or through third parties, such as web analytics services like Google Analytics.

For more information on the cookies we use and to set your preference with respect to cookies please read out our cookie policy at www.medinova.ch.

International transfer

We may use services whose providers are partly located in so-called third countries (outside Switzerland or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the Switzerland. 

This is relevant in particular for our central IT dept. located in Malaysia where we established an intra-group data transfer agreement (IGDTA) where transfers are based on the s.c. Standard Contractual Clauses for guaranteeing the same level of protection as provided within Switzerland.

In addition, also applicants‘ personal data may be processed by LinkedIn Inc. (based in USA) and/or companies belonging to DKSH group with which we have a service contract in place and the abovementioned IGDTA regulating the international transfers.

If an adequacy decision of the European Commission (Art. 45 GDPR) or from the Swiss Federal Council (art. 11 FADP) exists for these countries, we base the data transfer on this decision. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework. 

If no adequacy decision has been issued for the country in question, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers.

Where this is not possible, we base the transfer of data on exceptions under art  16 and 17 FADP and/or art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. 

If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence agencies) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed of this. 

Your data may be forwarded in particular to the recipients in third countries mentioned in the section about the recipients of data.

Recipients/ Sub-processors

Personal data collected by us will only be forwarded on if there is a legal basis for this under data protection law in the specific case, in particular if:

  • You have given your consent , or
  • This is legally permissible and necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request, or
  • we are legally obliged to disclose your data, in particular if this is necessary due to binding requirements, official enquiries, court orders and legal proceedings for legal prosecution or enforcement,
  • the disclosure is necessary to protect our interests or for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

Medinova will disclose your personal data especially to the following categories of recipients:

External Processors (acting on behalf of the Controller):

  • IT and cloud service providers (including hosting, storage, backup, and maintenance providers);
  • Customer support and helpdesk service providers;
  • Providers of professional and consultancy services supporting us in the performance of contractual obligations;
  • Other third-party providers expressly authorized by the Controller to process data on its behalf (e.g. AE management firms).

Autonomous Controllers (receiving the data for their own purposes, under their own responsibility):

  • Public authorities, regulatory or judicial bodies, when required by law;
  • Banking, insurance, and payment service institutions involved in the management of transactions;
  • Professional firms (e.g. auditors, legal advisors) acting in their capacity as independent controllers;
  • Affiliates or business partners to whom the disclosure of data is necessary for the execution of contractual or legal obligations.

The updated and detailed list of recipients and processors is available upon request at the contact details indicated above.

How long we store your personal data

We will store your personal data as long as required to fulfill the purposes outlined in this Privacy Notice, unless a longer or shorter retention period is required or permitted by law.

For marketing-related processing activities, our standard retention period is generally 48 months unless there is no interaction or the data subject has withdrawn his/her consent.

For technical and sales-related processing activities, our standard retention period is 10 years in line with local Swiss laws (i.e. art. 958f of the Swiss Code of Obligations – LINK).

Your rights in respect to your personal data

  • Right to Access – you have the right to request access to any of your personal data that MEDINOVA may hold, and to obtain information about the processing of that data.
  • Right to Rectification – MEDINOVA will take steps in accordance with applicable legislation to keep your personal data accurate, complete and up-to-date. You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified). You also have a responsibility to ensure that changes in personal circumstances are notified to MEDINOVA so that we can ensure that your personal data is up-to-date.
  • Right to withdraw your consent – in the event your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to data portability – where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided to MEDINOVA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
  • Right to erasure – you are entitled to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below) or where personal data is unlawfully processed.
  • Right to restriction of processing – you have the right to restrict our processing of your personal data (that is, allow only its storage) where:
    • You contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
    • The processing is unlawful but you do not want us to erase the personal data;
    • We no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defence of legal claims;
    • You have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether MEDINOVA has compelling legitimate grounds to continue processing;
    • Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defence of legal claims.
  • Right to object to the processing of your personal data on grounds relating to your particular situation, or without any reasoning in case of the processing for direct marketing purposes– where we are relying upon our legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
  • Right not to be subject to a decision based solely on automated – processing which produces legal effects or similarly significantly affects you, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
  • Right to lodge a complaint – You may also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your Personal Data infringes applicable law.

Please bear in mind that some of the rights described above may not be “absolute” in their enforcement which means that they may be subject to certain conditions or limits due to the application of the current laws and guidelines by the data protection authorities.

How to contact us

If you have any questions, comments, or concerns about this Privacy Notice, or want to request access to your personal data or exercise your privacy rights, you can reach out to us using one of the following methods:
Medinova Contact form: https://medinova.ch/en/contact/
Direct email to: dataprotection@medinova.ch
Or, online communication channel for DATA SUBJECTS’ REQUESTS using DKSH contact form: https://www.dksh.com/global-en/home/data-request-form

Version 3.0
Date: March 2026