Privacy Policy
Last updated: April 30, 2026
1. Data Controller
The data controller within the meaning of the Swiss Federal Act on Data Protection (nLPD, nouvelle loi sur la protection des données, in force since 1 September 2023) is:
SSVIR — Swiss Society for Vascular and Interventional RadiologyAffiliated with SGR-SSR (Swiss Society of Radiology)
Email: info@ssvir.ch
For all data protection enquiries, please contact us at info@ssvir.ch or via our contact form.
2. Legal Basis and Purposes of Processing
We process personal data only to the extent necessary and for clearly defined purposes:
| Purpose | Data processed | Legal basis (nLPD) |
|---|---|---|
| Membership management | Name, title, email, phone, address, professional details, membership type | Contractual necessity / legitimate interest |
| Email verification & account security | Email address, verification token, login timestamps | Contractual necessity |
| Payment processing | Payment reference, year, amount, status (card data processed solely by Stripe) | Contractual necessity |
| Member directory | Name, workplace, specialty, photo (only if you opt in) | Consent (opt-in setting in profile) |
| Renewal reminder emails | Name, email, membership status | Legitimate interest (membership relationship) |
| Education certificates | Name, quiz results, certificate PDF | Contractual necessity |
| Contact form | Name, email, subject, message | Legitimate interest |
| Website operation (session cookie) | Session ID (no personal data) | Legitimate interest (technically required) |
3. Data We Collect
Members
When you register as a member we collect: title, first and last name, email address, phone, postal address, country, workplace, medical specialty, professional qualifications (e.g. EBIR), profile photo (optional), sponsoring members, and membership type. During use of the members area we also store payment records, quiz attempts, certificates, and your activity log (email delivery status).
Visitors
We do not use analytics tools or tracking pixels. Our server logs (IP address, browser agent, timestamp) are retained for up to 30 days solely for security purposes and are not linked to any personal profile.
4. Cookies
This website uses only one technically essential cookie (ssvir_session) to maintain your logged-in session. It is a session cookie that expires when you close your browser (or after 2 hours of inactivity). No tracking, advertising, or analytics cookies are placed. No consent is required for this cookie under the nLPD.
5. Data Sharing and Transfers
- Stripe Inc. (USA) — processes membership payment data as a PCI-DSS-compliant payment processor. Data transfers to the USA are covered by Stripe's Standard Contractual Clauses.
- Google Maps Platform (Google LLC, USA) — displays the "Find a Center" map. Only your browser communicates with Google; we do not transmit your personal data to Google.
- Email delivery — transactional emails are sent via our configured SMTP provider. Only your email address and name are transmitted.
- We do not sell, rent, or share personal data with third parties for marketing purposes.
6. Data Retention
| Data category | Retention period |
|---|---|
| Active member profile | Duration of membership + 5 years after account closure |
| Payment records | 10 years (Swiss accounting obligations) |
| Contact form messages | 2 years after resolution |
| Outgoing email logs | 2 years |
| Password reset tokens | 60 minutes (automatically deleted) |
| Server access logs | 30 days |
7. Your Rights under nLPD
As a data subject under Swiss law, you have the following rights:
- Right of access — you may request a copy of all personal data we hold about you.
- Right to rectification — you may correct inaccurate data directly in your profile or by contacting us.
- Right to erasure — you may request deletion of your data (subject to legal retention obligations). You may also close your account from your profile page.
- Right to restriction of processing — you may request that we limit how we use your data in certain circumstances.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interests (e.g. renewal reminder emails).
To exercise any of these rights, contact us at info@ssvir.ch. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC / PFPDT).
8. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. These include password hashing (bcrypt), HTTPS encryption, CSRF protection, and role-based access controls. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify the FDPIC without undue delay and, where required, inform affected individuals.
9. Children's Data
Our services are directed exclusively at medical professionals. We do not knowingly collect personal data from persons under the age of 18.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated to members by email. The date at the top of this page reflects the most recent revision.