Skip to main content

Privacy Policy

Last updated on: December 11, 2024

We place great importance on transparent handling of personal data. This privacy policy explains what personal data we collect, for what purpose, and to whom we disclose it. To ensure a high level of transparency, this privacy policy is regularly reviewed and updated.

1. Which services we use

  • Google Analytics
  • Adobe Fonts
  • Joomla
  • Google Maps
  • YouTube
  • Google reCaptcha

2. Contact information

If you have any questions or concerns regarding the protection of your data by us, you can contact us at any time by email at This email address is protected against spambots! JavaScript must be enabled to view it.. The entity responsible for data processing carried out via this website is:

Association MEDCAN – Medical Cannabis Association Switzerland
Kalkbreitestrasse 6
Zurich 8003
Switzerland

Data Protection Officer:
Franziska Quadri
This email address is protected against spambots! JavaScript must be enabled to view it.
079 815 8432

3. General Principles

3.1 What data do we collect from you and from whom do we receive this data?

We primarily process personal data that you provide to us or that we collect when you use our website. We may also receive personal data about you from third parties. This could include the following categories:

  • Personal data (name, address, date of birth, etc.);
  • Contact details (mobile phone number, email address, etc.);
  • Financial data (e.g., account details);
  • Online identifiers (e.g., cookie identifiers, IP addresses);
  • Location and traffic data;
  • Audio and video recordings;
  • particularly sensitive data (e.g. biometric data or information about your health).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this privacy policy. We ensure transparent and proportionate processing.

If, in exceptional cases, we are unable to comply with these principles, data processing may still be lawful because a legal basis exists. Such a legal basis includes, in particular:

  • Your consent;
  • the performance of a contract or pre-contractual measures;
  • our legitimate interests, unless your interests override them.

3.3 How can you withdraw your consent?

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent, unless we have another legal basis for doing so.

You have the right to withdraw your consent at any time by sending an email to the address listed in the legal notice. This will not affect data processing that has already taken place.

3.4 In which cases can we share your data with third parties?

a. principle

We may need to use the services of third parties or affiliated companies and commission them to process your data (so-called data processors). Categories of recipients include, in particular:

  • Accounting, trust and auditing firms;
  • Consulting firms (legal advice, taxes, etc.);
  • IT service providers (web hosting, support, cloud services, website design, etc.);
  • Payment service provider;
  • Providers of tracking, conversion, and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection regulations and treat your personal data confidentially.

We may also be required to disclose your personal data to authorities.

b. Visit our social media channels

We may have embedded links to our social media channels on our website. This is always clearly visible to you (typically via corresponding icons). Clicking on these icons will redirect you to our social media channels.

In this case, the social media providers will learn that you are accessing their platform from our website. The social media providers can use the data collected in this way for their own purposes. Please note that we have no knowledge of the content of the transmitted data or how it is used by the operators.

c. Transfer abroad

In some cases, your personal data may be transferred to companies abroad as part of order processing. These companies are bound by the same data protection obligations as we are. This transfer may occur worldwide. If

the level of data protection does not correspond to that of Switzerland, we will conduct a prior risk assessment and contractually ensure that the same level of protection as in Switzerland is guaranteed (e.g., using the EU Commission's new Standard Contractual Clauses or other legally required measures). Should our risk assessment be negative, we will implement additional technical measures to protect your data. You can access the EU Commission's Standard Contractual Clauses at the following link: https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de

3.5 How long do we keep your data?

We only store personal data for as long as necessary to fulfill the specific purposes for which it was collected.

Data collected during your visit to our website is stored for twelve months. An exception applies to analytics and tracking data, which may be retained for a longer period.

We store contractual data for a longer time, as we are legally obligated to do so. In particular, we must retain business correspondence, concluded contracts, and booking confirmations for up to 10 years. If we no longer require such data from you to provide our services, the data will be blocked and used only for accounting and tax purposes.

3.6 How do we protect your data?

We will keep your data secure and take all reasonable measures to protect it from loss, unauthorized access, misuse, or alteration.

Our contractors and employees who have access to your data are obligated to comply with data protection regulations. In some cases, it will be necessary for us to forward your requests to affiliated companies. Even in these cases, your data will be treated confidentially.

Within our website, we use the SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser.

3.7 What rights do you have?

a. Right to information

You can request information about the data we have stored about you at any time. Please send your request for information along with proof of identity to This email address is protected against spambots! JavaScript must be enabled to view it. to send.

You also have the right to receive your data in a commonly used file format if we process your data automatically, and if:

  • You have given your consent to the processing of this data; or
  • You have disclosed data in connection with the conclusion or execution of a contract.

We may restrict or refuse to provide information or data if this conflicts with our legal obligations, legitimate interests (our own or public interests), or the interests of a third party.

Your request will be processed within the statutory 30-day timeframe. However, we may extend this timeframe due to a high volume of requests, for legal or technical reasons, or because we require further information from you. You will be informed of any such extension in a timely manner, at least in writing.

b. Deletion and correction

You have the right to request the deletion or correction of your data at any time. We may reject your request if legal regulations require us to retain the data for a longer period or in its original form, or if a legal basis for processing your data precludes your request.

Please note that exercising your rights may conflict with contractual agreements and could have corresponding effects on the performance of the contract (e.g., premature termination of the contract or cost implications).

c. Legal recourse

If you are affected by the processing of your personal data, you have the right to enforce your rights in court or to file a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

3.8 Changes to the Privacy Policy

We may change this privacy policy at any time. The changes will be published; you will not be notified separately.

4. Individual data processing operations

4.1 Provisioning the website and creating log files

What information do we receive and how do we use it?

By visiting our website, certain data will be automatically stored on our servers or on the servers of services and products that we use and/or have installed, for system administration, statistical, backup, or tracking purposes. This data includes:

  • the name of your internet service provider;
  • Your IP address (in some cases);
  • the version of your browser software;
  • the operating system of the computer used to access the URL;
  • the date and time of access;
  • the website from which you are visiting URL;
  • the search terms you used to find the URL.

Why are we allowed to process this data?

This data cannot be linked to any specific person, and it is not combined with other data sources. The log files are stored to guarantee the functionality of the website and to ensure the security of our IT systems. This constitutes our legitimate interest.

How can you prevent data collection?

The data is stored only as long as necessary to fulfill the purpose for which it was collected. Accordingly, the data is deleted after each session ends. Storing the log files is essential for the operation of the website; therefore, you have no right to object to this.

4.2 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"), on our website. Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

4.3 Adobe Fonts

Adobe Fonts is a service provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. Adobe Fonts is an online service that allows users to integrate high-quality fonts into their websites.

We use Adobe Fonts to integrate certain fonts into our website. This allows us to ensure a consistent and appealing design that contributes to an improved user experience.

To provide the fonts, Adobe Fonts may use cookies or other tracking technologies to collect information such as the visitor's IP address, browser type and version, and other information about the website visit.

4.4 Joomla

Joomla is an open-source content management system (CMS) developed and supported by Open Source Matters, Inc., a company registered in the USA. Joomla allows individuals and businesses to create and manage websites and online applications. Open Source Matters, Inc. is located at PO Box 4668 #88354, New York, NY 10163-4668, USA.

We use Joomla on our website to ensure a structured and user-friendly online presence. Joomla enables us to efficiently organize, edit, and present content to provide our visitors with relevant information and services.

Joomla uses cookies to store certain user preferences and optimize the user experience on the website. Data such as IP addresses and browser information may also be collected to ensure website functionality and implement security measures.

4.5 Google Maps

On our website, we use Google Maps, a map service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google Maps allows us to integrate interactive maps directly into the website and enables you to conveniently use the map function, for example, to search for locations or plan directions.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, further data, in particular your IP address, is transmitted to Google and stored on Google servers. These servers may be located in the USA or other countries. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists.

Google stores your data as usage profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising.

You have the right to object to the creation of these user profiles, and to exercise this right, you must contact Google.

4.6 YouTube

Our website embeds videos from YouTube, a platform of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you view the videos or click the play button, data, including your IP address and information about your browser, is transmitted to and stored on Google's servers. This data is used to provide the video, monitor performance, and improve the user experience.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

4.7 Google reCaptcha

To protect against unwanted requests submitted via the online form on our website, we use the reCAPTCHA service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This query serves to distinguish whether the input is made by a human or abusively by automated, machine processing. As part of the query, information such as your IP address or your behavior when filling out the form may be transmitted to Google.

For this purpose, your input is transmitted to Google and further processed there. By using reCAPTCHA, you agree that your recognition efforts will contribute to the digitization of old works. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data.

BrainBox Generators

BrainBox Generators is a service provided by BrainBox Solutions GmbHto identify all data protection-relevant services on a website and, among other things, to assist in creating the privacy policy. No personal data is collected or processed in this process.

5. Messenger Services

We communicate via messenger services. Messenger services are chat programs that allow users to send text messages, as well as image or video files, in real time over the internet. They can also be used to send emoticons, electronic greeting cards, and contacts. For messages to be transmitted, participants must be connected to each other via a network such as the internet, either directly or through a server, using a computer program (called a client). Messages can usually be sent even if the other party is offline – the message is then temporarily stored by the service's server and delivered to the recipient later when they are online again. Finally, these services can also be used for screen sharing and online games.

If the service uses end-to-end encryption for the sent content (texts, attachments), only the selected communication partners, and not third parties or the service provider itself, can view the message. Therefore, we recommend regularly installing updates for the service to ensure content encryption. However, the service provider has the ability to access the communication metadata. This includes the time and (depending on the settings) location of the communication, as well as the device you used.

We would like to inform you that, depending on the country of origin of the provider mentioned below, the data collected via its platform may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be guaranteed and that the enforcement of your rights may be impossible or significantly impeded.

Data affected:

Inventory and contact data (e.g., name, telephone number, email address),
content data (e.g., posts, photos, videos),
usage data (e.g., access times, websites clicked)
, communication data (e.g., information about the device used, IP address).
Purpose of processing: communication and marketing.

Legal basis: If we have requested your consent before using the respective service, this constitutes the legal basis, Art. 6 para. 1 lit. a GDPR. In this respect, we clarify that we will not transmit your contact details to the service provider for the first time without your consent. If we communicate with you via one of the services listed below in the context of contract negotiations or within the framework of an existing contractual relationship, the legal basis is the performance of a contract or the preparation thereof, Art. 6 para. 1 lit. b GDPR. Furthermore, we rely on our legitimate interests in fast and efficient communication and in fulfilling the communication needs of our communication partners via the services listed below, Art. 6 para. 1 lit. f GDPR.

Right to object: You can revoke your consent to use the service mentioned below at any time. You can also object to communication via the messenger service at any time.

We use the following messaging services:
Telegram Broadcasts

Service provider: Telegram, Dubai.
Website: https://telegram.org/
Privacy policy: https://telegram.org/privacy

This privacy policy was created using the privacy policy generator from SOS Recht. SOS Recht is a service provided by Mueller.legal Rechtsanwälte Partnerschaft, based in Berlin.