Skip to main content

Data protection

Last updated on: December 11, 2024

We attach great importance to ensuring that the handling of personal data is transparent. This privacy policy provides information about what personal data we collect, for what purpose and to whom we share it. In order to ensure a high level of transparency, this data protection declaration is regularly checked and updated.

1. Which services we use

  • Google Analytics
  • Adobe Fonts
  • Joomla
  • Google Maps
  • YouTube
  • Google reCaptcha

2. Contact information

If you have any questions or concerns about how we protect your data, you can contact us at any time by email This email address is being protected from spam bots! To display JavaScript must be turned on. . Responsible for the data processing carried out via this website is:

Association MEDCAN – Medical Cannabis Association Switzerland
Kalkbreitestrasse 6
Zurich 8003
Switzerland

Person responsible for data protection:
Franziska Quadri
This email address is being protected from spam bots! To display JavaScript must be turned on.
079 815 8432

3. General principles

3.1 What data do we collect from you and from whom do we receive this data

We primarily process personal data that you provide to us or that we collect when operating our website. We may also receive personal information about you from third parties. These can be the following categories:

  • Personal master data (name, address, dates of birth, etc.);
  • Contact details (mobile phone number, email address, etc.);
  • Financial data (e.g. account details);
  • Online identifiers (e.g. cookie identifiers, IP addresses);
  • location and traffic data;
  • sound and image recordings;
  • particularly sensitive data (e.g. biometric data or information about your health).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this data protection declaration.

We ensure that processing is transparent and proportionate. If, in exceptional cases, we are unable to follow these principles, the data processing may still be lawful because there is a justification. The following can be considered as justification:

  • your consent;
  • the implementation of a contract or pre-contractual measures;
  • our legitimate interests, unless your interests outweigh them.

3.3 How can you revoke your consent?

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have other justification.

You have the option to revoke your consent at any time by sending an email to the address given in the legal notice. Data processing that has already taken place is not affected by this.

3.4 In what cases can we pass on your data to third parties?

a. principle

We may be dependent on using the services of third parties or affiliated companies and commissioning them to process your data (so-called processors). Categories of recipients are:

  • accounting, fiduciary and auditing companies;
  • Consulting companies (legal advice, taxes, etc.);
  • IT service providers (web hosting, support, cloud services, website design, etc.);
  • payment service providers;
  • Provider of tracking, conversion and advertising services.

We ensure that these third parties and our affiliates comply with data protection requirements and treat your personal data confidentially.

Under certain circumstances we are also obliged to disclose your personal data to authorities.

b. Visit our social media channels

We may have embedded links to our social media channels on our website.

This is clear to you in each case (typically via corresponding symbols). If you click on the symbols, you will be redirected to our social media channels. In this case, the social media providers learn that you are accessing their platform from our website. The social media providers can use the data collected in this way for their own purposes. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the operators.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing.

These companies are committed to data protection to the same extent as we are. The transfer can take place worldwide. If the level of data protection does not correspond to that of Switzerland, we carry out a prior risk assessment and contractually ensure that the same protection as in Switzerland is guaranteed (e.g. by means of the EU Commission's new standard contractual clauses or other legally required measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link. https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de

3.5 How long do we keep your data?

We only retain personal information for as long as necessary to fulfill the individual purposes for which the information was collected.

Data that we store when you visit our website will be retained for twelve months.

An exception applies to analysis and tracking data, which can be retained for longer periods. We store contract data for longer because we are obliged to do so by legal regulations. In particular, we must store business communications, concluded contracts and booking documents for up to 10 years. If we no longer need such data from you to carry out the services, the data will be blocked and we will only use it for accounting and tax purposes.

3.6 How do we protect your data?

We will keep your information secure and take all reasonable measures to protect your information from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations.

In some cases it will be necessary for us to pass on your requests to companies affiliated with us. Even in these cases, your data will be treated confidentially. Within our website we use the SSL process (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser.

3.7 What rights do you have?

a. right of providing information

You can request information about the data we have stored about you at any time. We ask you to submit your request for information together with proof of identity This email address is being protected from spam bots! To display JavaScript must be turned on. to send.

You also have the right to receive your data in a common file format if we process your data automatically and if:

  • you have given your consent for the processing of this data; or
  • You have disclosed data in connection with the conclusion or processing of a contract.

We may restrict or refuse to provide information or data release if this conflicts with our legal obligations, legitimate own or public interests or the interests of a third party.

The processing of your application is subject to the statutory processing period of 30 days. However, we may extend this deadline due to a high volume of inquiries, for legal or technical reasons or because we need further information from you. You will be informed about the extension of the deadline in a timely manner, at least in text form.

b. Deletion and correction

You have the option to request the deletion or correction of your data at any time.

We can reject the request if legal regulations require us to store it for a longer period of time or without changes or if there is a permit that conflicts with your request. Please note that exercising your rights may, under certain circumstances, conflict with contractual agreements and have corresponding effects on the execution of the contract (e.g. early termination of the contract or cost consequences).

c. Legal recourse

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to submit a report to the responsible supervisory authority. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

3.8 Changes to the privacy policy

We may change this privacy policy at any time. The changes will be published on , you will not be informed about them separately.

4. Individual data processing operations

4.1 Providing the website and creating log files

What information do we receive and how do we use it?

By visiting, certain data will be automatically stored on our servers or on servers of services and products that we purchase and/or have installed for system administration purposes, for statistical or backup purposes or for tracking purposes. It is about:

  • the name of your internet service provider;
  • your IP address (under certain circumstances);
  • the version of your browser software;
  • the operating system of the computer used to access the URL;
  • the date and time of access;
  • the website from which you are visiting URL;
  • the search words you used to find the URL.

Why are we allowed to process this data?

This data cannot be assigned to a specific person and this data is not merged with other data sources. The log files are stored to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.

How can you prevent data collection?

The data will only be stored for as long as is necessary to achieve the purpose of your collection. Accordingly, the data will be deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website, so you have no opportunity to object to this.

4.2 Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google") on our website.

Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout.

4.3 Adobe Fonts

Adobe Fonts is a service of Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA.

Adobe Fonts is an online service that allows users to incorporate high-quality fonts into their websites. We use Adobe Fonts to integrate certain fonts on our website.

This allows us to ensure a consistent and responsive design that helps improve the user experience. To provide the fonts, Adobe Fonts may use cookies or other tracking technologies to collect information such as the visitor's IP address, browser type and version, and other information about the website visit.

4.4 Joomla

Joomla is an open source content management system (CMS) developed and supported by Open Source Matters, Inc., a US registered company.

Joomla allows individuals and businesses to create and manage websites and online applications. The organization Open Source Matters, Inc. is located at PO Box 4668 #88354, New York, NY 10163-4668, USA. We use Joomla on our website to ensure a structured and user-friendly online presence.

Joomla allows us to organize, edit and display content efficiently to provide relevant information and services to our visitors. Joomla uses cookies to store certain user preferences and optimize the user experience on the website. Data such as IP addresses and browser information may also be collected to ensure the functionality of the website and to implement security measures.

4.5 Google Maps

On our website we use Google Maps, a map service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

Google Maps allows us to integrate interactive maps directly into the website and allows you to conveniently use the map function, for example to search for a location or plan directions. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website.

In addition, further data, in particular your IP address, is transmitted to Google and stored on Google servers. These servers may be located in the United States or other countries. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. Google saves your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website.

Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these user profiles; to exercise this you must contact Google.

4.6 YouTube

Our website includes videos from YouTube, a platform owned by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

When you view the videos or click on the play button, data, including your IP address and information about the browser you use, is transmitted to Google servers and stored there. This data is used to deliver the video, monitor performance and improve the user experience. If you are logged in to your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

4.7 Google reCaptcha

To protect against unwanted requests via the internet form on our website, we use the reCAPTCHA service from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").

The query is used to distinguish whether the entry was made by a human or improperly through automated, machine processing. As part of the query, information such as your IP address or behavior when filling out the form may be transmitted to Google. For this purpose, your input will be transmitted to Google and further processed there.

By using reCAPTCHA, you agree that the recognition you provide will be incorporated into the digitization of old works. However, if IP anonymization is activated on this website, Google will first shorten your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.

BrainBox generators

BrainBox Generators is a service from BrainBox Solutions GmbH to identify all data protection-relevant services on a website and, among other things, to help with the creation of the data protection declaration. No personal data is collected or processed.

5. Messenger services

We communicate via messenger services. Messenger services are chat programs that can be used to send text messages, as well as image or video files, between users in real time over the Internet. In addition, messenger services can also be used to transmit emoticons, electronic greeting cards and contacts. In order for messages to be transmitted, participants must be connected to each other using a computer program (called a client) via a network such as the Internet, directly or via a server. As a rule, messages can also be sent if the person you are talking to is not online - the message is then cached by the service's server and later delivered to the recipient when they can be reached again. Finally, these services can also be used for screen sharing and online games.

If the service uses end-to-end encryption for the content sent (texts, attachments), only the selected communication partners, but not third parties or the service provider itself, can view the message. In this respect, we recommend that you regularly install updates for the service to ensure that the content is encrypted. However, the service provider has the ability to access the metadata of the communication. This includes the time and (depending on the settings) place of communication as well as the device you use.

We would like to point out that, depending on the country of residence of the provider mentioned below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR will not be met and that your rights will not be enforceable or will be difficult to enforce.

Affected data:

Inventory and contact data (e.g. name, telephone number, email address)
Content data (e.g. posts, photos, videos)
Usage data (e.g. access times, websites clicked on)
Communication data (e.g. information about the device used, IP address) .
Purpose of processing: communication and marketing

Legal basis: If we have asked you for your consent before using the respective service, this is the legal basis, Art. 6 Para. 1 lit. a GDPR. In this respect, we make it clear that we will not transmit your contact details to the service provider for the first time without your consent. If we communicate with you about one of the following services as part of the initiation of a contract or as part of an existing contractual relationship, the legal basis is the fulfillment or preparation of the contract, Article 6 Paragraph 1 Letter b GDPR. Furthermore, we rely on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in the communication of the services mentioned below, Art. 6 Para. 1 lit. f GDPR.

Options for objection: You can revoke your consent to use the service mentioned below at any time. You can also object to communication via the Messenger service at any time.

We use the following messenger services:
Telegram Broadcasts

Service provider: Telegram, Dubai
Website: https://telegram.org/
Data protection declaration: https://telegram.org/privacy

This data protection declaration was created with the help of the data protection generator from SOS Recht. SOS Law is an offer from the Mueller.legal lawyers partnership based in Berlin.