top of page

contact@santechampagne.ch

Parking

Bus stop 2' /Highway 2'

Open 7/7

Privacy Policy

This policy describes how La Santé à Champagne SA collects, uses and protects the personal data of its clients and users, in accordance with the Swiss Federal Act on Data Protection (nLPD, RS 235.1, in force since 1 September 2023) and, for persons residing in the European Union, the General Data Protection Regulation (GDPR, EU 2016/679).

1. Data controller

The data controller is:

 

La Santé à Champagne SA

Chemin de Praz 8

1424 Champagne (VD), Switzerland

Tel.: +41 24 436 20 00

General email: contact@santechampagne.ch

Data protection contact: contact@santechampagne.ch

 

For any questions relating to the protection of personal data, the Client may contact La Santé at the address indicated above.

2. Categories of data collected

Identification data

  • surname and first name;

  • date of birth;

  • postal address;

  • email address;

  • telephone number.

 

Contractual data

  • subscriptions taken out;

  • reservations;

  • services provided;

  • purchase history;

  • invitations used.

 

Payment data

  • billing information;

  • payment history.

 

Bank card data are not stored directly by La Santé when a secure payment service provider is used.

 

Health data (sensitive data within the meaning of art. 5c nLPD)

Certain services may require the collection of health data, in particular:

  • allergies and intolerances;

  • medical contraindications;

  • health questionnaire and medical history;

  • medical information relevant to the requested service.

 

These data are considered sensitive data within the meaning of art. 5c nLPD and are subject to enhanced protection. They are processed only with the Client's express consent or where this is indispensable for the requested service.

 

Technical and browsing data

When using the website or digital tools:

  • IP address;

  • cookies and trackers (see art. 14);

  • browsing data and behaviour on the site;

  • site usage statistics.

 

3. Purposes of processing

Personal data are used for:

  • the management of subscriptions, reservations and services (legal basis: performance of the contract);

  • billing and payments (legal basis: performance of the contract and legal obligations);

  • the administrative management of the centre (legal basis: legitimate interest);

  • the improvement of services (legal basis: legitimate interest);

  • the security of the facilities and video surveillance (legal basis: legitimate interest);

  • the prevention of abuse (legal basis: legitimate interest);

  • compliance with legal obligations (legal basis: legal obligation);

  • marketing communications, newsletters and promotions (legal basis: the Client's express consent — see art. 4);

  • profiling processing for behavioural analysis and targeted marketing communication purposes (legal basis: consent — see art. 14bis).

4. Legal basis for processing

Data are processed on the basis of:

  • Performance of the contract: management of reservations, services, subscriptions and billing.

  • Express consent: sensitive health data, marketing communications, analytical and advertising cookies. The Client may withdraw consent at any time without this affecting the lawfulness of processing carried out before the withdrawal.

  • Legal obligation: retention of accounting data, transmission to the competent authorities.

  • Legitimate interest: security of the centre, prevention of abuse, improvement of services, video surveillance — provided that this legitimate interest is not overridden by the Client's fundamental rights and interests (art. 31 para. 1 nLPD).

5. Independent providers

Certain services offered within the centre are performed by independent providers, legally distinct from La Santé. In this context:

  • certain data necessary for the service (identity, relevant health information) may be transmitted to the provider concerned, on the basis of the performance of the contract or the Client's consent where sensitive data are involved;

  • the provider acts as an independent data controller for data relating to its own services.

 

Providers are subject to their own legal obligations regarding data protection and, where applicable, professional secrecy.

6. Health data and professional secrecy

Where services involve health professionals (doctors, dentists, therapists or other specialists), certain data may be subject to professional secrecy. In this case:

  • access to the data is limited to the professionals concerned;

  • medical information is accessible only to authorised persons;

  • the data are processed only to the extent necessary for the service.

7. Data sharing

Personal data may be shared only where necessary, with:

  • IT providers and management software providers;

  • payment service providers;

  • accountants or professional advisers;

  • independent providers operating within the centre (within the limits of art. 5);

  • public authorities where required by law.

 

Personal data are never sold to third parties.

8. IT providers, cloud and digital tools

La Santé uses specialised software for managing reservations, subscriptions, billing and communication with clients. These tools may be hosted on external servers or cloud infrastructures, in particular solutions such as Microsoft 365 / Azure.

La Santé ensures that these providers comply with high standards of security and data protection and that data processing agreements (DPA) are concluded with each relevant processor.

9. Transfer of data abroad

Certain IT providers or digital tools used by La Santé may be established abroad. La Santé distinguishes between:

 

  • Transfers to adequate countries (EU/EEA and countries listed by the FDPIC): these transfers take place without any particular formalities, the level of protection being recognised as equivalent to Swiss law.

  • Transfers to countries without an adequacy decision (in particular the United States): La Santé ensures that appropriate safeguards are in place, in particular:

    • approved standard contractual clauses (SCC) incorporated into the contracts with the relevant processors;

    • the processor's adherence to the Swiss-US Data Privacy Framework (DPF) recognised by the FDPIC;

    • a data processing agreement (DPA) with each processor established outside Switzerland.

 

The following in particular are concerned by transfers to the United States:

  • Meta Platforms Inc. (Meta Pixel): transfer covered by the SCC incorporated into the Meta Business terms. Opt-in consent is required before the pixel is loaded (see art. 14).

  • Google LLC (Google Tag Manager): transfer covered by Google's SCC. Advertising or analytical tags are activated only after consent has been obtained.

  • Microsoft Corporation (M365 / Azure): transfer covered by Microsoft's SCC incorporated into the standard Microsoft Data Processing Addendum (DPA), as well as by Microsoft's adherence to the Swiss-US Data Privacy Framework.

10. Data retention

Personal data are retained:

  • for the duration of the contractual relationship and as long as necessary for the purposes of processing;

  • accounting data are retained for ten (10) years in accordance with Swiss law (art. 958f CO);

  • health data collected in connection with services are retained for ten (10) years after the end of the relationship, by analogy with practices in the health sector;

  • video surveillance images are retained for approximately ten (10) days, unless a particular need arises in connection with an incident or proceedings.

 

Once the applicable period has expired, the data are deleted or irreversibly anonymised.

11. Data security

La Santé implements appropriate technical and organisational measures in order to protect personal data against any unauthorised access, loss, destruction, alteration or disclosure. These measures include in particular:

  • restriction of access to authorised persons;

  • regular backups;

  • secure IT systems;

  • management of authorisations and permissions.

12. Data breaches

In the event of a security incident likely to entail a high risk for the persons concerned, La Santé takes the necessary measures to contain the incident, analyse the situation, inform the Federal Data Protection and Information Commissioner (FDPIC) where required by law (art. 24 nLPD), and inform the persons concerned if necessary.

13. Video surveillance

Certain areas of the centre may be equipped with video surveillance systems for reasons of safety of persons and property. These areas are indicated by visible pictograms on site. Images are retained for a limited period (see art. 10), unless there is a particular need in the event of an incident or proceedings.

14. Cookies and tracking tools

 

La Santé's website uses cookies and tracking tools. A distinction is made between:

  • Strictly necessary cookies: essential for the proper functioning of the site (authentication, basket, language preferences). They do not require prior consent.

  • Analytical or audience-measurement cookies: used to analyse traffic and improve the site. They are activated only with the visitor's express consent.

  • Marketing or targeting cookies: used to display personalised advertisements. They are activated only with the visitor's explicit consent (opt-in).

 

Specific tools used on the site:

 

  • Brevo (formerly Sendinblue) — marketing and behavioural tracking tool: Brevo is a provider established in the European Union. It is used for managing newsletters, transactional emails and tracking the behaviour of visitors who have consented. A data processing agreement (DPA) is in place with Brevo. Category: analytical / marketing cookies.

 

  • Meta Pixel (Meta Platforms Inc., United States) — advertising tool: Meta Pixel makes it possible to measure the effectiveness of advertising campaigns broadcast on Meta platforms (Facebook, Instagram). This cookie involves a transfer of data to the United States, covered by the standard contractual clauses (SCC) incorporated into the Meta Business terms. This pixel is activated only after the visitor's explicit opt-in consent has been obtained via the cookie management banner. Category: marketing cookies — opt-in consent required.

 

  • Google Tag Manager (Google LLC, United States) — tag manager: Google Tag Manager is used to deploy and manage third-party scripts on the site (including analytical and marketing cookies). GTM itself does not collect personal data, but activates other scripts according to the visitor's consent preferences. No advertising or analytical tag is loaded before consent is obtained. Transfers to the United States are covered by Google's SCC. Category: infrastructure — activated according to consent choices.

 

Consent management is ensured by the site's cookie banner (Consent Management Platform). The visitor may modify preferences at any time via this banner or by configuring the browser. Refusal of certain cookies does not affect access to the main functions of the site.

14bis. Profiling and behavioural analysis

Certain tools used on La Santé's website make it possible to analyse the behaviour of visitors (pages viewed, interactions, content viewed, etc.) in order to better understand their interests and offer them content or advertisements suited to them. This processing constitutes profiling within the meaning of art. 4 no. 4 GDPR and is explicitly mentioned as such.

 

This processing may include:

  • analysis of browsing on the site and of visitor behaviour;

  • tracking interactions with La Santé's content and offers;

  • displaying personalised advertisements on third-party platforms (in particular via Meta Pixel);

  • analysis of the behaviour of newsletter and marketing email recipients (via Brevo).

 

This profiling processing is carried out only on the basis of the user's prior and express consent, collected via the site's cookie management banner. No profiling is carried out before this consent has been obtained.

 

The user may at any time withdraw consent or object to this processing by modifying preferences via the cookie banner or by contacting La Santé at contact@santechampagne.ch.

 

No automated decision producing legal effects or significantly affecting the user is taken solely on the basis of this profiling (art. 22 GDPR / art. 21 nLPD).

15. Rights of data subjects

In accordance with the nLPD and, for persons residing in the EU, the GDPR, every person has the following rights:

  • right of access to data concerning them (art. 25 nLPD / art. 15 GDPR);

  • right to rectification of inaccurate data (art. 32 nLPD / art. 16 GDPR);

  • right to erasure of data ("right to be forgotten") (art. 32 nLPD / art. 17 GDPR);

  • right to restriction of processing (art. 18 GDPR);

  • right to object to processing (art. 21 GDPR / art. 30 nLPD);

  • right to data portability, that is to say to obtain personal data concerning them in a structured, commonly used and machine-readable format, where the processing is based on consent or on the performance of a contract (art. 28 nLPD / art. 20 GDPR);

  • right to withdraw consent at any time, without this affecting the lawfulness of processing carried out before the withdrawal.

 

To exercise these rights, the Client may contact La Santé at: contact@santechampagne.ch. Proof of identity may be requested in order to verify the identity of the applicant. La Santé responds within thirty (30) days of receipt of the request.

 

The Client also has the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC), the competent supervisory authority for data protection in Switzerland (www.edoeb.admin.ch).

16. Clients residing in the European Union

Where personal data concerning persons residing in the European Union are processed, the General Data Protection Regulation (GDPR, EU 2016/679) applies in addition to Swiss legislation, by virtue of its principle of extraterritoriality (art. 3 GDPR).

The rights provided for by the GDPR (in particular arts. 13 to 22) may be exercised according to the same procedures as those provided for in art. 15 of this policy. In the event of a conflict between the two laws, La Santé applies the more protective standard.

Persons residing in the EU also have the right to lodge a complaint with the data protection authority competent in their Member State of residence.

17. Amendments to the policy

This policy may be amended in order to take account of developments in the services, legal changes or technical improvements. The most recent version is available on the website or on request at the centre reception.

In the event of a substantial amendment affecting the rights of the persons concerned, La Santé will inform the Clients concerned by appropriate means (email, notification on the site or display at the centre).

 

Champagne, 1 April 2026

La Santé à Champagne SA

Chemin de Praz 8  —  1424 Champagne (VD)

bottom of page