Privacy Policy

Privacy Policy of AMP Advanced Medical Partners AG

Effective September 15, 2025

1. Responsible Entity
AMP Advanced Medical Partners AG
Sulzerallee 70
8400 Winterthur, Switzerland

For inquiries regarding data protection, please use the contact form on the website or write to the postal address above.

2. Scope
This Privacy Policy provides information on the nature, scope, and purposes of the processing of personal data on the website as well as in the context of orders, deliveries, service requests, and business relationships.

3. Principles

  • Lawfulness and Transparency – we process data on a comprehensible legal basis and provide clear information.

  • Purpose Limitation – we process data only for clearly defined purposes.

  • Data Minimization – we collect only the data necessary.

  • Accuracy – we keep data up to date as required.

  • Storage Limitation – we store data only as long as necessary for the purpose or required by law.

  • Integrity and Confidentiality – we protect data with technical and organizational measures.

4. Categories of Data Processed

  • Master data such as name, company, position, postal address, billing address, delivery address

  • Contact and communication data such as email, phone number, contents of inquiries

  • Order and transaction data such as order number, items, prices, payments, shipping details, and returns

  • Website usage data such as pages viewed, access times, referring site, interactions

  • Technical data such as IP address, browser information, device type, approximate location, date and time

  • Cookie data and comparable storage technologies such as local storage and session storage

5. Purposes of Processing

  • Provision, operation, optimization, and security of the website

  • Contract initiation, fulfillment, and customer support

  • Inventory management, logistics, and fulfillment of legal obligations including traceability and safety information for medical devices

  • Billing, accounting, and payment processing

  • Reach measurement, quality assurance, and improvement of services

  • Enforcement and defense of legal claims

6. Legal Bases
For individuals in Switzerland, processing is based on the Federal Act on Data Protection, overriding legitimate interests in the secure, efficient, and economical operation of our website and services, fulfillment of contractual and pre-contractual obligations, and consent where required.

For individuals in the European Economic Area, processing is additionally based on the General Data Protection Regulation (GDPR) with the legal bases of consent, contract performance, legal obligation, and legitimate interest.

7. Source of Data
We obtain data directly from individuals via forms, orders, communication, and user accounts, as well as automatically via the browser and device when visiting the website.

8. Recipients and Processors

  • Hosting and infrastructure providers

  • Payment service providers for payment processing

  • Logistics and transport companies for delivery and returns

  • IT service providers for maintenance, development, and support

  • Communication and collaboration services for scheduling, video conferences, and messaging where used

  • Analytics and measurement services for reach measurement where permitted

  • Authorities, courts, and consultants where legally required

We enter into agreements with processors to ensure adequate data protection.

9. Data Transfer Abroad
Data transfers outside Switzerland and the EEA occur only where an adequate level of data protection exists or on the basis of appropriate safeguards (e.g., standard contractual clauses with additional protective measures).

10. Storage Period
We retain personal data only as long as necessary for the respective purposes or as required by statutory retention periods. Thereafter, data is deleted or anonymized.

11. Security
We protect data through encryption of transmissions using Transport Layer Security, access controls, logging, system hardening, and regular reviews of our security measures.

12. Cookies and Comparable Technologies
We use cookies as well as the browser’s local and session storage. These technologies support functionality, security, convenience features, and reach measurement.

  • Strictly necessary cookies ensure core functions and security.

  • Functional cookies store settings such as language and display options.

  • Statistics cookies are used for anonymous reach measurement.

  • Marketing cookies enable the display of relevant content and may be set by service providers.

We use statistics and marketing cookies only with consent. Consent may be revoked at any time for the future via the “Cookie Settings” link in the footer of the website.

You can manage or block cookies in your browser settings and delete stored cookies. This may restrict website functionality.

13. Reach Measurement and Analytics
Usage data is evaluated only in anonymized or pseudonymized form and only with consent or where there is an overriding legitimate interest. We do not create personal usage profiles without express consent.

14. Medical Devices and Legal Obligations
We process data to fulfill obligations under medical device law, including recalls, safety notifications, and traceability. Where required, we contact customers with safety-related information and process the necessary contact and product data.

15. Server Logs
The hosting provider collects log data for security reasons, including IP address, date and time, time zone, request status, amount of data transferred, referring URL, browser, and operating system. Logs serve operation, security, and error analysis and are deleted or anonymized after an appropriate period.

16. Communication
When you contact us, we process your message content, contact details, and metadata to handle the request and any follow-ups. Where necessary, we use providers for video conferencing and collaboration and ensure an adequate level of data protection.

17. No Automated Individual Decisions, No Profiling
We do not carry out automated individual decisions with legal effect. Profiling for marketing purposes does not occur without express consent.

18. Rights of Data Subjects

  • Right of access to processed data

  • Rectification of inaccurate or incomplete data

  • Erasure where no retention obligations apply

  • Restriction of processing under statutory conditions

  • Data portability in a structured, commonly used, machine-readable format

  • Objection to processing based on overriding legitimate interests

  • Withdrawal of consent with effect for the future

  • Right to lodge a complaint with the supervisory authority in Switzerland (Federal Data Protection and Information Commissioner) or in the EEA with the competent national authority

To exercise your rights, please contact us via the website contact form or by post to the address indicated above.

19. Changes to this Privacy Policy
We may amend this Privacy Policy at any time. The version published on the website is authoritative.