Roider Lab

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how we process personal data when you visit our website and interact with us. We comply with the Swiss Federal Act on Data Protection (FADP / revDSG) and, where applicable, with the EU General Data Protection Regulation (GDPR).

1. Controller and contact details

The controller responsible for the processing of personal data described in this policy is:

The Roider Lab
Elisabeth Roider, MD, PhD, MBA
Petersplatz 10
4051 Basel
Switzerland

Email: roiderlab(at)gmail.com
Phone: +41 61 26 52341

If you have any questions about this Privacy Policy or about how we process your personal data, you can contact us at the details above.

2. Scope and definitions

This Privacy Policy applies to:

  • our website [https://roiderlab.com] (the “Website”), and
  • any communication with us by email or other contact channels referenced on this Website.

“Personal data” means any information relating to an identified or identifiable natural person, as defined under Swiss FADP and, where applicable, GDPR.

3. Types of personal data we process

3.1 Data you provide to us

We process personal data that you actively provide, for example:

  • Email and other contact
    • Name
    • Email address
    • Affiliation / institution (if you provide it)
    • Subject and content of your message
    • Any other information you choose to share with us

If we add contact forms to the Website in the future, the information entered into those forms will also be processed for the purpose of handling your enquiry.

3.2 Data we collect automatically when you use the Website

When you visit our Website, certain data is automatically collected and stored in server log files and analytics systems. This typically includes:

  • IP address
  • Date and time of access
  • Pages and files accessed
  • Referrer URL (the page you came from)
  • Browser type and version
  • Operating system
  • Amount of data transferred
  • Approximate location derived from IP address (e.g. country/region)

This data is mainly used to operate the Website, ensure its security and stability, and to generate aggregated statistics about usage.

3.3 Cookies and similar technologies

We use cookies and similar technologies to operate and improve our Website. Cookies are small text files stored on your device by your browser.

We currently use in particular:

  • Strictly necessary cookies: required for the basic functioning of the Website (e.g. security, session management, load balancing).
  • Analytics / performance cookies: used to collect information about how visitors use our Website (e.g. which pages are most visited, how visitors navigate the site), in order to improve our content and technical performance.

These cookies do not normally identify you individually, but they may be linked to an IP address or other technical identifiers.

4. Purposes and legal bases for processing

We process your personal data for the following purposes:

  • Website operation and security
    • To provide you with access to the Website and its functions.
    • To ensure stability, security, and performance (e.g. analysis of server logs, prevention of abuse).
  • Communication and handling of enquiries
    • To process and respond to enquiries sent to us by email or other channels.
  • Statistics and optimisation (analytics)
    • To understand how our Website is used (e.g. visitor numbers, most visited pages, technical performance).
    • To improve our content and presentation.
  • Compliance with legal obligations and defence of legal claims
    • To fulfil legal retention obligations.
    • To establish, exercise, or defend legal claims if necessary.

Legal bases (where GDPR applies)

Where the GDPR is applicable (e.g. for users in the EU/EEA), we process personal data on the following legal bases, in addition to the Swiss FADP:

  • Art. 6(1)(b) GDPR: performance of a contract or steps prior to entering into a contract (e.g. when you contact us about collaboration).
  • Art. 6(1)(a) GDPR: your consent (e.g. for certain optional cookies, if we request it).
  • Art. 6(1)(f) GDPR: legitimate interests (e.g. ensuring Website security, statistical analysis, improvement of our services).
  • Art. 6(1)(c) GDPR: compliance with legal obligations.

5. Recipients and third‑party services

5.1 Hosting and infrastructure

Our Website is hosted and technically provided by third‑party service providers. These providers process personal data such as your IP address, log data, and technical metadata on our behalf to operate the Website.

Currently, our Website is hosted on WordPress.com, provided by Automattic Inc. and/or its affiliates. These providers may process personal data in data centres located outside Switzerland and the EU/EEA (see section 6).

5.2 Analytics and statistics

We currently use the analytics and statistics functions provided by our website hosting platform (WordPress.com) and its related services. These tools process usage data such as:

  • IP address (possibly in shortened/anonymised form, depending on configuration),
  • pages visited and actions taken on the Website,
  • date and time of visits,
  • device and browser information,
  • approximate location derived from IP address (e.g. country/region).

We use the resulting reports in aggregated form to understand and improve the use of our Website. We do not use this data to make decisions about individual persons.

5.3 Other recipients

We may also share personal data with:

  • IT and maintenance providers who support us in operating and maintaining the Website.
  • Authorities, courts, legal advisors and other third parties where required by law or where necessary to protect our rights (e.g. in the event of legal disputes or security incidents).

All service providers are contractually obliged to process personal data only on our instructions and in compliance with applicable data protection law.

6. Data transfers abroad

Some of the recipients mentioned above (in particular hosting and analytics providers) may be located outside Switzerland or the EU/EEA, or may process data there, including in the United States.

If personal data is transferred to a country without an adequate level of data protection as recognised by Switzerland, we ensure an appropriate level of protection by using, for example:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the Swiss authorities, and/or
  • other recognised safeguards and mechanisms, or
  • specific legal exceptions (e.g. your explicit consent, performance of a contract, establishment, exercise or defence of legal claims).

You can contact us for more information about the safeguards in place for specific services.

7. Cookies and control options

You can configure your browser to:

  • accept cookies only in individual cases,
  • exclude the acceptance of cookies for certain cases or in general,
  • delete cookies automatically when closing the browser.

Please note that disabling cookies may limit some functionalities of this Website.

If we use a cookie banner or preference tool, it will appear when you first visit the Website and inform you about the categories of cookies used. You may be able to adjust your preferences for non‑essential cookies through this tool.

8. Retention periods

We store personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or:

  • as long as we have a legitimate interest in storing it (e.g. to enforce or defend legal claims), and
  • as long as statutory retention obligations apply (e.g. under commercial, tax, or other laws).

When personal data is no longer required for the purposes described, and no legal obligations or overriding interests require further storage, we delete or anonymise it as far as possible.

9. Data security

We take appropriate technical and organisational measures to protect personal data against:

  • accidental or unlawful destruction,
  • accidental loss,
  • technical errors,
  • unauthorised access, modification or disclosure.

However, no method of transmission over the internet and no method of electronic storage is completely secure, and we cannot guarantee absolute security.

10. Your rights

Under the Swiss FADP and, where applicable, the GDPR, you have the following rights in relation to your personal data:

  • Right of access: to obtain information about what personal data we process about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of your personal data, where the legal requirements are met.
  • Right to restriction of processing(GDPR): in certain cases, to request that processing be restricted.
  • Right to data portability (GDPR): to receive personal data you have provided to us in a structured, commonly used, machine‑readable format, where processing is based on consent or contract and carried out by automated means.
  • Right to object:
    • to processing based on our legitimate interests, on grounds relating to your particular situation;
    • and at any time to processing for direct marketing purposes (we currently do not use your data for direct marketing).
  • Right to withdraw consent: if processing is based on your consent, you may withdraw it at any time with effect for the future.

To exercise these rights, please contact us using the contact details in section 1. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with a supervisory authority:

  • In Switzerland:
    Swiss Federal Data Protection and Information Commissioner (FDPIC)
    https://www.edoeb.admin.ch
  • If the GDPR applies to you:
    the competent data protection authority in your EU/EEA country of residence or place of work.

11. Links to other websites

Our Website may contain links to external websites. We have no control over these external sites and are not responsible for their content or privacy practices. We recommend that you review the privacy policies of those websites.

12. Changes to this Privacy Policy

We may amend this Privacy Policy at any time, in particular if we change our data processing practices or if legal requirements change. The version published on this Website applies.

The date of the latest update is indicated at the top of this document.