MAI Medical

Menu

Privacy Policy

MAI Holding Group AG and all its subsidiaries (“MAI”, “we”, “us”, or “our”) are committed to safeguarding your personal data in accordance with the Swiss Federal Act on Data Protection (FADP, revised 2023), the EU General Data Protection Regulation (GDPR), and, where applicable, relevant U.S. laws such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA).

By using this website, you acknowledge that personal data (e.g., IP address, device information, and any data you submit via forms) may be collected and processed for the purposes of providing access to our services, improving user experience, fulfilling legal obligations, and—if consented—sending marketing communications.

Your data is treated confidentially and protected by appropriate technical and organizational security measures. We do not sell personal data. Data may be shared with trusted service providers under contractual safeguards and, where necessary, transferred internationally under lawful mechanisms such as Standard Contractual Clauses.

You have rights under applicable law, including the right to access, correct, delete, or restrict processing of your data. Requests may be directed to:
Email: support@maimedical.ch.

GENERAL INFORMATION

MAI Holding Group Ltd is a company incorporated under Swiss law, headquartered at Grienbachstrasse 17, 6300 Zug, Switzerland. MAI Holding Group Ltd, acting as the data controller, operates through its global affiliates (collectively referred to as “MAI Holding” or “Company” or “we” or “our”), which act as independent or joint data controllers with regard to their customers, users of products, mobile applications and websites, as well as contractors and partners (“data subjects”).

The Company processes personal data as part of its day-to-day operations. For this reason, this global privacy policy (“Policy”) has been designed. It outlines the Company’s practices regarding the use of personal data. Some of the Company’s products and services as well as certain services offered on this website are subject to additional privacy notices alongside this Policy.

“Personal data” refers to all information relating to an identified or identifiable natural person.

“Sensitive personal data” or “special categories of personal data” generally includes any data that affects personality rights. This includes human dignity, personal security and property, as well as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs. It also includes information about union membership, health data, data on sexual life or orientation, and financial information.

“Processing” means any operation involving personal data, including the collection and recording of data, storage, use, disclosure, and transmission; as well as matching or linking, restriction, deletion, or destruction of data.

“Data subjects” refers to any identifiable natural person whose data is collected and/or processed. In this Policy, the term “data subjects” includes customers, users of products, mobile applications and websites, contractors and partners. A “data controller” is any natural or legal person who alone or jointly with others determines the purposes and means of processing personal data. In accordance with applicable laws, the term “data controller” may be referred to differently where the underlying role remains unchanged.

APPLICABLE LAW

The Company is committed to complying with applicable data protection laws (“applicable laws“). Specific requirements may vary from country to country. As such, the Company commits to comply with the following laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or “GDPR”)
  • The Swiss Federal Act on Data Protection of 19 June 1992 (“FADP”), amended in 2020 and effective from September 2023
  • The California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (“CPRA”)
  • The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Public Law 104–191, Sections 261–264, as amended by the Health Information Technology for Economic and Clinical Health Act, incorporated into the American Recovery and Reinvestment Act of 2009 (“HITECH”), and all applicable implementing regulations, including, but not limited to, the Standards for the Protection of Individually Identifiable Health Information, the Security Rule, and the Breach Notification Rule, codified in 45 C.F.R. Parts 160 and 164 (collectively “HIPAA”)

COLLECTED PERSONAL DATA
The company may process the following personal data:

  • Identity data: name, first name, alias, nationality and date of birth
  • Contact data: postal address, private telephone number, private email address or emergency contact, social security number and insurance company
  • Financial data: means of payment (including credit or debit card number), financial institution and bank details, IBAN, health insurance or insurance information
  • Health data, including weight, height, medical history, medical prescription, hearing ability, tracking of physical activity (step count, training intensity, training minutes), fitness data (heart rate, energy consumption, blood pressure)
  • Data on user behavior on the website: navigation data, IP address (Internet Protocol), cookies and other tracking tools
  • Data on purchased products: model, serial number, usage data
  • Data relating to accounts, including login credentials for accounts (e.g., usernames, account numbers)
  • Data related to the services provided
  • Data relating to feedback on our products and services, including comments and notes.

PURPOSES OF PROCESSING PERSONAL DATA
The company relies on the following legal bases for the processing of personal data:

PROCESSING BASED ON THE CONSENT OF THE DATA SUBJECTS
The processing of personal data may be based on the consent of the data subjects. Such processing may include:

  • Marketing purposes such as sending newsletters and information about products and services offered by the company,
  • Creation of the data subjects’ accounts,
  • Online hearing tests,
  • Profiling to offer updates to products and services that the company has developed and tailored for the data subjects,
  • Inviting data subjects to clinical studies as well as research or testimonial initiatives,
  • Registration in our communities via online forms,
  • Participation in contests and sweepstakes,
  • Participation in online surveys,
  • Participation in events, trainings, or webinars.
  • Publishing comments on our platform: Please note that comments and opinions on our blogs will be published along with your name. Please also note that in these cases we are not responsible for your personal data and will not remove or edit your public comments.

PROCESSING BASED ON A CONTRACT
The processing of personal data may be based on a contract or on pre-contractual arrangements and may include:

  • Fulfillment of our contractual or pre-contractual obligations toward the data subject, including the technical operation and functionality of the products and services they have acquired,
  • Provision of after-sales services following the purchase of products and services,
  • Social security or insurance processing, including billing of acquired products or services,
  • Management and processing of complaints,
  • Advice and interaction when the data subject contacts the company, for example via forms, the comment function, the chat function, or emails,
  • Contacting the data subject to respond to (technical) inquiries and complaints,
  • Contacting the data subject or their representatives to provide the requested commercial support – for example, to schedule an appointment with a hearing care professional or provider.

PROCESSING BASED ON LEGITIMATE INTEREST

The processing of personal data may be based on the legitimate interest of the company to improve our products and services. The processing of personal data for this purpose may, based on applicable laws, include:

  • Conducting statistical usage analyses,
  • Performing internal administrative functions,
  • Protection against fraudulent activities and improving security. For example, we process your email address to send a randomly generated code that marks the completion of your registration process,
  • Managing relationships with data subjects,
  • Evaluating our products and services,
  • Analyzing website performance to improve our services and our website,
  • Marketing products or services offered by the company to business partners or contractors. Please note that MAI Holding will obtain the consent of data subjects when necessary before processing personal data for marketing purposes.

PROCESSING BASED ON OTHER GROUNDS

The company may also process personal data to comply with applicable laws and other mandatory regulations. This processing is based on Article 6(1)(c) of the GDPR, which permits the processing of personal data to fulfill a legal obligation to which the controller is subject.

Depending on the residence of the data subjects, our processing of certain personal data may be based on other legal grounds.

COOKIES AND OTHER TRACKING TOOLS

Cookies and other tracking tools are small files stored by most internet browsers to track visitor information. They allow MAI Holding to make its web offering more attractive to you. During your visit to our website, MAI Holding may use, depending on the site, four categories of cookies and other tracking tools. The retention period depends on the country and applicable law. Please note the supplemental privacy notices that inform you about the cookies used on the websites you visit.

We use cookies and other tracking tools for:

  • Information about your browser settings, domain name, internet service provider, operating system, date and time of access, location, and type of your device,
  • Information about other websites you visited or your search queries,
  • Protection against fraudulent activities and improved security,
  • Understanding your browsing preferences and the products you are interested in.

Some cookies and other tracking tools on our websites are set by us, others by third parties on our behalf. All of this enables customized advertising for MAI Holding on other websites you visit.

Depending on the respective website, we may use the following categories of cookies and tracking tools:

  • Strictly necessary cookies are required to provide you with the basic features of our website,
  • Performance and analytics cookies enable us to record activities to improve the website,
  • Functional cookies are used to optimize your personalized website visit,
  • Targeting or advertising cookies may be set by our advertising partners via our website to build a profile of your interests and show you relevant advertising.

Each type of cookie reflects a specific purpose. On our website, you can consent to each purpose. If you accept all cookies, you will have a fully personalized web experience. You can choose which types of cookies you want to accept or block. You can still use the services we offer even if you do not consent to some cookies – unless the rejection relates to strictly necessary cookies. You can withdraw or change your consent at any time by going to the “Cookie Settings” page.

The way you provide your consent or accept all cookies depends on the applicable laws in your country and is easy to find in the cookie banner.

If you are not interested in the benefits of our cookies, you can use your browser’s “Help” function to get instructions on how to prevent cookies or delete existing cookies. You can also learn how to block all new cookies in your browser and what steps are required to receive a notification of new cookies.

Helpful information about cookies can be found on these websites:
http://www.allaboutcookies.org/ or https://cookiepedia.co.uk.

More details about the categories of cookies and other tracking tools are provided via the cookie banner and the relevant cookie section.

SOCIAL MEDIA PLUGINS

Social media plugins are part of certain MAI Mediacl web pages; they serve social media providers such as Facebook, Instagram, X, LinkedIn and YouTube.
When you click on such a plugin, your browser establishes a connection with the respective social media server. At the same time, the provider learns that you visited our website before landing on the social media page. If you are registered with the respective provider and logged in, your visit can also be linked to your user account.
Providers generally do not specify which data is transmitted when using their social media plugins. Therefore, we are not in a position to conclusively determine the content and scope of the transmitted data or how it is used by these providers. For more information about social media plugins, please refer to the privacy statements of the respective provider.
If you do not want a provider to collect data about you via our website, please deactivate the plugins in your web browser.
If you want to avoid a link to an existing user account, you must log out of the social media website before visiting our website.

LINKS TO THIRD PARTIES

This policy applies solely to the use of this website. We may provide you with links to third-party websites that may be of interest to you. However, please note that MAI Holding is not responsible for the content of such websites and cannot guarantee their privacy security. We recommend that you read the privacy statements on the respective websites to understand how your personal data is processed by these third parties.

STORAGE OF PERSONAL DATA

Personal data is not stored longer than is necessary for the above-mentioned purposes. This means that personal data is deleted as soon as the purpose of data processing has been fulfilled. However, the company may retain personal data for a longer period if required by applicable law; this is to protect or exercise rights.

At the end of the retention period, the company may also need to archive personal data in order to comply with applicable laws, for a limited period of time and with restricted access.

These retention periods may vary depending on the country in which the data subjects reside and in accordance with applicable laws.

DISCLOSURE OF PERSONAL DATA

The company may disclose personal data – provided consent and/or a legal basis exists – to the following third parties:

  • Business partners who provide services on our behalf, such as technical support, marketing purposes, or other types of services
  • Authorities and other governmental institutions for services to protect the rights of data subjects or our rights; furthermore, to protect the property or safety of others and to maintain the security of our services. We also reserve the right to disclose personal data if we are required to do so by applicable laws as well as by court or regulatory orders, or if disclosure is necessary for legal investigations
  • Representatives who are authorized by applicable law to care for the data subject, including family and close friends.

Depending on applicable laws, we enter into contracts with third parties to ensure that personal data is processed based on our instructions and in accordance with this policy and other confidentiality and security measures.

From time to time, it may be necessary to conclude such contracts within the MAI Holding, with subsidiaries and affiliated companies, in order to meet regulatory requirements. In this context, subsidiaries and affiliated companies of MAI Holding are also considered third parties.

TRANSFER OF PERSONAL DATA

The aforementioned third parties such as affiliated companies and subsidiaries of MAI Holding as well as business partners and authorities to whom we may disclose personal data may also be located in countries whose data protection laws differ from ours.

If personal data is processed within the European Union or the European Economic Area and personal data is transferred to third parties in a country which, in the opinion of the European Commission, does not provide adequate protection, the company ensures the following:

  • Implementation of appropriate procedures to comply with applicable laws, particularly if a request for approval by the competent supervisory authority is required
  • Implementation of appropriate organizational, technical, and legal security measures to regulate the said transfer and to ensure the required and appropriate level of protection in accordance with applicable law
  • if necessary, implementation of standard contractual clauses as adopted by the European Commission
  • if necessary and depending on the country of the third party receiving the data, implementation of additional measures, such as an adequacy assessment of the data transfer and, if necessary, supplementary measures to protect the transferred personal data.

If personal data is not processed within the European Union or the European Economic Area or is transferred to third parties outside your country, the company ensures appropriate safeguards for the protection of personal data. For this purpose, appropriate legal mechanisms are implemented. These mechanisms may differ depending on the country and laws.

If the personal data of a data subject is subject to the revised Swiss Data Protection Act (revDSG) and is subject to international transfers, the data subject will be informed of these transfers. Such notifications contain details and safeguards concerning the transfer of personal data outside of Switzerland, respectively.

SECURITY OF PERSONAL DATA

The security of personal data is extremely important to us. We take all reasonable steps to ensure that this data is treated securely and in accordance with this Policy.

MAI Holding uses a variety of security measures to comprehensively protect personal data. These measures are based on appropriate industry security standards and include, among others, access controls, passwords, encryptions, and regular security assessments.

All employees who may process personal data are required to undergo appropriate training to ensure compliance with data protection regulations.

We regularly review our information security procedures to consider suitable new technologies and methods.

DATA PROTECTION RIGHTS REGARDING PERSONAL DATA

Depending on the applicable laws, data subjects have rights concerning their personal data. They may request access, rectification, and deletion of their personal data. They may also object to processing and data portability, as well as withdraw their consent to the processing of personal data. Data subjects may also object to automated individual decision-making if they have concerns about such processing.

Statutory deadlines apply to the rights of data subjects.

Furthermore, some laws contain instructions regarding the storage, transmission, and deletion of personal data posthumously.

To exercise these data protection rights, data subjects may contact us as described in the section “How to contact us” below. We may require proof of identity in order to respond to the request. If we are unable to fulfill the request (denial or restriction), we will document our decision in writing.

The exercise of these rights is not absolute and is subject to the limitations of applicable laws. No person may be subject to retaliation or discrimination for exercising these rights.

Data subjects may have the right to file a complaint with the local supervisory authority or the competent data protection authority if they believe that the processing of their personal data violates applicable laws.

UPDATES TO THIS POLICY
We may update this policy from time to time to reflect new or different data protection practices. In such case, we will publish updated versions of this policy on this page. A revised policy only applies to data collected after the date it takes effect. We recommend that data subjects visit this page regularly to obtain the latest information on our data protection practices.

HOW TO CONTACT US
If you have any questions, comments, or concerns regarding this policy or the exercise of data protection rights that are permitted under applicable law in relation to personal data, please contact our Data Protection Officer at:

 

Contact: MAI Holding Group Ltd
Attn: Data Protection Officer
Grienbachstrasse 17
6300 Zug, Switzerland
+41 79 902 94 29
support@maimedical.ch

Effective as of: June 2025