SECTION

Privacy policy

This website is operated in accordance with the revised Swiss Federal Act on Data Protection (revFADP) and, additionally, the EU General Data Protection Regulation (GDPR). Website statistics are only collected with explicit consent; data is hosted exclusively on a server located in Switzerland or, where applicable, within the EEA under an adequate level of protection.

1. Controller

The controller within the meaning of Art. 5 lit. j revFADP and Art. 4 no. 7 GDPR is:

Praxis Dr. med. Olga Meier Olga Meier GmbH Chirurgisches Zentrum Zürich — Klinik Hirslanden Witellikerstrasse 40 8032 Zürich Switzerland

Contact: see contact page

Data Protection Officer: Beat Meier, e-mail:

Technical operation of the website is carried out by Beat Meier (Praxis Olga Meier GmbH) on behalf of the controller.

2. Scope

This privacy policy informs you about the nature, scope and purpose of the processing of personal data when visiting olgameier.ch and all of its language versions (German, French, Italian, Spanish, Russian, English). It does not apply to linked external services (e.g. Klinik Hirslanden, third-party booking portals).

3. Principles of data processing

Personal data is processed exclusively in good faith, in a purpose-bound, proportionate manner and for as short a period as possible. Only data that is necessary for the operation of the website or for the relevant function (e.g. enquiries, optional statistics) is collected. No disclosure to third parties for advertising purposes takes place.

Important note (medical practice): No patient data and no particularly sensitive health data within the meaning of Art. 5 lit. c revFADP are collected or processed via this website. Clinical communication, findings, imaging material and appointment requests take place exclusively via the secure channels communicated by the practice (encrypted e-mail, telephone, in person, patient portal behind authentication).

4. Server log files

When a page is accessed, technically necessary information is processed by the web server in order to deliver the page and to defend against attacks:

truncated IP address (the last two octets are removed before storage)
date and time of the request
URL accessed and HTTP status code
volume of data transferred
browser type, operating system and language (user agent)
referrer (if transmitted by the browser)

These log data are retained for a maximum of 14 days and are used exclusively to ensure the operation of the service, to analyse errors and to defend against misuse. They are not merged with other data sources.

Legal basis: Art. 31 para. 1 and para. 2 lit. d revFADP (legitimate interest in secure operation); supplementary Art. 6 para. 1 lit. f GDPR.

5. Cookies and comparable technologies

This website uses only cookies that are necessary for operation as well as — subject to explicit consent — cookies for anonymised audience measurement. There is no tracking across sessions or websites.

Cookie / storage	Purpose	Category	Storage period
`omcc_consent_v1`	Status of cookie consent (categories: necessary, statistics, external content) — localStorage	strictly necessary	12 months
`pref-lang`	Stores the most recently chosen language	strictly necessary	1 year
`pref-theme`	Light/dark mode (localStorage)	strictly necessary	persistent
`csrf-token`	Protection against cross-site request forgery (only when using forms)	strictly necessary	session
`_pk_id`, `_pk_ses`	Statistics cookies of the self-hosted audience measurement (Matomo) — only set after consent	statistics (consent)	13 months / 30 min.

Cookies can be deleted or blocked at any time via the browser settings. Any consent given may be withdrawn at any time via the “Cookie settings” link in the footer of the website.

Legal basis: Art. 31 revFADP (Switzerland), Art. 6 para. 1 lit. a GDPR (consent) or lit. f (legitimate interest for necessary cookies).

To improve the service, Matomo Analytics is used — a self-hosted, privacy-friendly open-source solution. Data is collected exclusively after explicit consent via the “Statistics” category in the cookie banner.

Where statistics are activated, only anonymised usage data are collected:

pages accessed and time spent
approximate region (country/canton) based on the truncated IP address
device class, browser and language
referrer category (search engine, direct access, referring website)

Protective measures:

the IP address is truncated by its last two octets before storage (example: 192.168.0.0 instead of 192.168.42.123) — re-identification of an individual is thereby precluded
the data are processed exclusively on a server located in Switzerland (Matomo instance on our own infrastructure)
there is no disclosure to third parties, no profiling and no automated individual decision-making
individual data records are deleted no later than after 180 days; only anonymous aggregates may be retained for longer
the software is self-operated — there are no contractual relationships with third-party providers for the analysis (no Google Analytics, no US provider)
the data transmission endpoint analytics.beat-w-meier.ch is a separate Swiss subdomain that is technically separated from the public website

Purpose: Optimisation of the website (which content is being looked for? do the translations work? where does navigation fail?), no advertising, no profiling.

Legal basis: consent pursuant to Art. 6 para. 6 revFADP; supplementary Art. 6 para. 1 lit. a GDPR.

7. Embedded external content (click-to-embed)

Map, video and audio content from third-party providers (e.g. Google Maps, YouTube, Vimeo) are not loaded automatically. You initially see only a preview image hosted on our server. The content is loaded from the respective provider only after you explicitly click on the preview — only at that point do those providers receive your IP address and may set their own cookies.

The platforms named may, in this context, disclose data to countries outside Switzerland and the EU (in particular the USA). By giving consent through your click, you accept this disclosure pursuant to Art. 17 para. 1 lit. a revFADP. Privacy notices of the providers:

Google (Maps, YouTube): https://policies.google.com/privacy
Vimeo: https://vimeo.com/privacy
Klinik Hirslanden: https://www.hirslanden.ch/de/corporate/utilities/datenschutz.html

8. Contacting us

If you contact us via the contact form, by e-mail or by post, the information transmitted (name, contact details, content of the message) will be processed exclusively in order to respond to your enquiry. The data will not be disclosed to third parties. The data will be deleted once the matter has been concluded, at the latest after 24 months, unless statutory retention obligations apply.

Note: For the transmission of medical or confidential information, please do not use the public contact form. Instead, contact us by telephone or via the encrypted channels communicated by the practice.

Legal basis: Art. 31 para. 1 revFADP (legitimate interest); for the initiation of a contract Art. 31 para. 2 lit. a revFADP.

9. Hosting and processing on behalf

The website is operated on servers in Germany (Hetzner Online GmbH, Falkenstein location) and, additionally, in Switzerland (own infrastructure for Matomo). A data processing agreement pursuant to Art. 9 revFADP and Art. 28 GDPR is in place with the hosting provider.

No patient data or particularly sensitive personal data of third parties are processed on this website (see §3).

10. Disclosure abroad

Disclosure of data abroad takes place only in the following cases:

with active consent to external embeds (§7) to the respective platforms
for technically necessary services within the EU/EEA (e.g. Hetzner Germany), provided that an adequate level of data protection within the meaning of Annex 1 of the Ordinance on Data Protection (DPO) exists

A transfer to third countries without an adequate level of protection takes place only if the requirements of Art. 16 or Art. 17 revFADP are met.

11. Data security

Appropriate technical and organisational measures are taken in accordance with Art. 8 revFADP:

transport encryption (TLS 1.3) for all requests (HTTPS)
regular security updates of the server and the software in use
restrictive access rights and two-factor authentication for administrators
encrypted backups (LUKS, age) of configuration and content
separation of public and administrative access (VPN for admin access to the reporting interface)

12. Retention periods (overview)

Data category	Retention
Server log files (truncated)	max. 14 days
`omcc_consent_v1` (consent status)	12 months
Statistics individual records (Matomo, after consent)	max. 180 days
Anonymous statistics aggregates	indefinite
Contact enquiries	until conclusion, max. 24 months

13. Your rights as a data subject

Under the revFADP and, additionally, the GDPR, you have in particular the following rights:

right of access to the data being processed (Art. 25 revFADP)
rectification of inaccurate data (Art. 32 para. 1 revFADP)
erasure or blocking (Art. 32 para. 2 revFADP)
restriction of processing
objection to processing based on legitimate interest
withdrawal of consent given, with effect for the future
data portability in a common electronic format (Art. 28 revFADP)
complaint to the competent supervisory authority

To exercise these rights, please contact the address indicated in §1 or the Data Protection Officer at . For security reasons, proof of identity may be required.

14. Supervisory authority

Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1, 3003 Bern https://www.edoeb.admin.ch

Data subjects in the EU/EEA may additionally turn to their respective national data protection authority.

15. Automated individual decision-making and profiling

No high-risk profiling and no automated individual decision-making within the meaning of Art. 21 revFADP or Art. 22 GDPR take place.

16. Amendments to this policy

This privacy policy may be amended in order to reflect changes in the legal or technical framework. The version published on this page from time to time is the authoritative one.

17. Disclaimer

17.1 Liability for content

The content of this website is compiled with the greatest possible care. The controller, however, gives no warranty whatsoever as to the timeliness, accuracy, completeness, quality, availability or suitability of the information provided for any particular purpose. All content represents general information only and is no substitute for individual medical advice, diagnosis or treatment. For health-related questions, always consult a qualified medical professional.

Use of the website is at your own risk. Any liability claims against the controller arising from the use or non-use of the information provided, or from the use of incorrect or incomplete information, are excluded as a matter of principle.

The controller expressly reserves the right to alter, supplement or delete parts of the pages or the entire offering without separate notice, or to suspend or definitively cease publication.

17.2 Liability for links

References and links to third-party websites lie outside the controller’s area of responsibility. Any liability for the content of such websites is rejected in its entirety. Access to and use of such websites is at the user’s own risk. At the time of linking, the third-party content was checked as to whether it might give rise to potential civil or criminal liability. Continuous monitoring of the linked pages is not reasonable in the absence of concrete indications of an infringement.

17.3 Liability for data transmission

Data transmission over the internet (e.g. when communicating by e-mail or contact form) can, despite transport encryption (TLS), exhibit security gaps. Complete protection against access by third parties is not possible. The controller accepts no liability for damage caused by unauthorised third-party access to transmitted data. Please therefore do not transmit sensitive medical information via unencrypted e-mail.

17.4 Copyright

All content published on this website (in particular texts, images, graphics, audio, video and animation files and their arrangement) is protected by copyright. Reproduction, modification, distribution or exploitation — even in extracts — is not permitted without the express written consent of the controller or the respective rightsholders. Excerpts from third-party articles are used under the quotation limit of Swiss copyright law (Art. 25 URG) with citation of the source.

Downloads and copies of this page are permitted only for private, non-commercial use.

17.5 Trademark and personality rights

All trademark, name and identification rights mentioned within the website and, where applicable, protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective registered owners. The mere mention of a trademark does not imply that it is not protected by the rights of third parties.

18. Severability clause

Should individual provisions or formulations of this privacy policy and disclaimer not, no longer or not fully correspond to the applicable legal situation, the remaining parts shall remain unaffected in their content and validity. In place of the invalid or missing provision, the legally permissible arrangement that comes economically closest to what was originally intended shall apply.

19. Applicable law and place of jurisdiction

The use of this website and all legal relationships between the controller and users shall be governed exclusively by Swiss law, to the exclusion of conflict-of-laws rules and to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG).

The exclusive place of jurisdiction for all disputes arising out of or in connection with the use of this website is Zurich, Switzerland, unless mandatory statutory provisions provide for a different place of jurisdiction. The controller is also entitled to bring proceedings against the user at the user’s general place of jurisdiction.

As of: 24 May 2026

For any questions, please contact our Data Protection Officer:

Beat Meier, Data Protection Officer Olga Meier GmbH Witellikerstrasse 40 8032 Zürich E-mail: