Privacy policy

1. Data controller

• Controller: Firststepswiss GmbH (FirstStepSwiss)
• Address: c/o Ismael Muñoz Fernandez, Untere Bergstrasse 4, 8103 Unterengstringen, Switzerland
• UID/VAT (Switzerland): CHE-473.406.854
• Email: info@firststepswiss.com

2. What data we collect

Depending on how you interact with the website, we may process:

• Identification and contact details: name, email address, phone number (if provided), country/city.
• Professional details: healthcare profession, experience, training, language level, preferred region/employer, availability.
• Documents you send us: CV, cover letters, certificates, documentation for recognition/registration processes (only if you provide them).
• Communications: messages you send, enquiries and follow-ups.
• Technical data: IP address, device identifiers, browser, pages visited, and cookies (see Cookie Policy).

We do not ask for special category data (e.g. health). If you send such information, we will use it only to handle your request and with appropriate safeguards.

3. How we obtain your data

• When you complete contact forms or email us.
• When you book a session or request a service via third-party tools (e.g. booking platforms or forms).
• When you browse the website (cookies and similar technologies, depending on your consent).

4. Why we use your data (purposes)

• To respond to enquiries and requests for information.
• To deliver our services (guidance, preparation and support for working in Switzerland).
• Recruitment/intermediation with clinics and hospitals where applicable, and as part of the service (e.g. presenting your profile), or with your authorisation.
• Operational administration (scheduling, follow-up, support).
• To improve the website and security (analytics, abuse prevention, maintenance).
• Marketing communications about our services and updates, only where you have consented or where permitted due to an existing relationship.

5. Lawful bases

• Contract or steps prior to entering a contract (when you book or request a service).
• Consent (e.g. non-essential cookies or marketing where required).
• Legitimate interests (security, preventing misuse, improving services, handling basic enquiries).
• Legal obligation (where applicable: tax/accounting duties, lawful requests by authorities).

6. Who we share data with

We do not sell your data. We may share it with:

• Technology and service providers (hosting, email, scheduling tools, forms, analytics, etc.) acting as processors.
• Clinics/hospitals or potential employers only where necessary for your process and as part of the service (e.g. submitting your application/profile), or where you authorise us.
• Authorities where required by law.

7. International transfers

The controller is established in Switzerland. Switzerland is generally recognised as providing an adequate level of data protection for transfers from the EU/EEA.

Some tools we use (e.g. booking or form platforms) may involve transfers outside the EU/EEA (e.g. to the United States). In those cases, appropriate legal safeguards will be used where required (such as Standard Contractual Clauses or other valid mechanisms), depending on the provider.

8. Retention

• Enquiries: for as long as needed to respond, then only as long as necessary to deal with potential claims.
• Services/contractual relationship: for the duration of the relationship and afterwards for applicable legal retention periods (e.g. tax/accounting).
• Applications/processes: as long as needed for the process and, where relevant, for a reasonable period for future opportunities unless you request deletion.

9. Your rights

If you are in the EU/EEA, you may exercise:

• Access, rectification and erasure.
• Restriction and objection.
• Data portability (where applicable).
• Withdraw consent at any time (without affecting prior processing).

To exercise your rights, email info@firststepswiss.com and specify your request; we may ask for proof of identity where necessary.

You can also lodge a complaint with your supervisory authority. In Spain, the authority is the Spanish Data Protection Agency (AEPD).

10. Security

We use reasonable technical and organisational measures to protect your data against unauthorised access, loss or alteration. However, no system is 100% secure.

11. Children

This website and our services are not aimed at children. If you believe a child has provided us with personal data, please contact us so we can address it.

12. Changes

We may update this policy to reflect legal or service changes. The current version will always be published on this page with the updated date.