Data Protection at BodyLab LLC

Here you will find all the information about what we know about you, or rather need to know, such as when we register your data, what we do with it, how we process it, who we have to share it with, when we delete it, and what you can do about it. We, the BodyLab LLC, possibly along with affiliated companies and subsidiaries (hereinafter also "we" or "us"), take data protection very seriously. We aim to collect as little personal data as possible, only that which can actually be used to provide our services and conduct our business, and we refrain from anything unnecessary.

1. What is this about

We, BodyLab LLC headquartered in Zurich, Switzerland,

• respect the applicable statutory data protection regulations;

• collect and process personal data (hereinafter also "data") in accordance with this privacy statement;

• generally observe the principle of necessity, which means we collect and process only as much data as is necessary for the purpose of fulfillment.

In the course of our business activities, we procure and process data, especially personal data about individuals interested in our activities, our customers, related people, visitors to our websites, participants in events, job applicants, potential recipients of newsletters or other publications, and other third parties (hereinafter also "you").

In addition to this privacy statement, we may inform you separately about the processing of your data (e.g., in forms or contract terms).

If you disclose data about other people to us, we assume that you are authorized to do so, that this data is accurate, and that you have ensured these persons have been informed of this disclosure, insofar as a legal information obligation applies (e.g., by previously making them aware of this privacy statement).

For information about the offerings, conditions, and handling of personal data by other services (such as external websites and social media), even if linked here, please refer directly to these providers.

2. Who is responsible

The party responsible under data protection law for the processing described in this privacy statement is:

BodyLab LLC
Alex Schück, Albulastrasse 50, CH-8048 Zurich

Email datenschutz@bodylab.ch  

3. Which law applies

Our data processing is subject to Swiss data protection law.

For visitors residing in the European Union (“EU”) and the European Economic Area (“EEA”), the following applies: Switzerland and the EU including the EEA mutually recognize their data protection laws as equivalent. In certain cross-border situations, EU law, particularly the EU General Data Protection Regulation (“GDPR”), may also apply to a specific data processing activity.

We do not assume that the GDPR generally applies to our data processing. However, if the GDPR is exceptionally applicable to specific data processing activities, the provisions below apply solely for the purposes of the GDPR and the data processing activities governed by it:

3.1. Details on the Applicability of the GDPR

When the GDPR applies, we base the processing of your personal data on the following:

• The necessity for acquiring, concluding, and fulfilling contracts and their management and enforcement (Art. 6 para. 1 lit. b GDPR),

• The necessity to protect our legitimate interests or those of third parties, e.g., for communication with you or others, operating our websites, improving our electronic offerings and services, registering for specific offerings and services, for security purposes, complying with laws and internal regulations, our risk management, corporate governance, and other purposes like training and education, administration, evidence, and quality assurance, organization, execution and follow-up of events, and protecting other legitimate interests (Art. 6 para. 1 lit. f GDPR),

• Legal requirement or permission by law due to our role or status under EU law, the EEA, or an EU member state (Art. 6 para. 1 lit. c GDPR) or necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);

• Your consent to the processing, for instance, through the relevant declaration on our websites (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).

Furthermore, you then have all the rights granted to you by the GDPR in this regard (in addition to the practically identical rights under Swiss data protection law): Regarding your personal data that we store and process, you can request the following actions from us:

• Information about it, according to Art. 15 GDPR;

• Correction, if the data is incorrect, according to Art. 16 GDPR;

• Deletion, per Art. 17 GDPR; or restriction if deletion is not permitted, according to Art. 18 GDPR (then they are marked to restrict future processing); both subject to overriding legitimate interests on our part or legal regulations that require retaining and using the data;

• The right to object to the use of your data; subject to there being no compelling reasons against this objection or if we need the data to safeguard our rights;

• Release of the data you provided us with based on your consent, according to Art. 20 GDPR.

The aforementioned right to object to the processing of your data applies particularly to data processing for direct marketing purposes.

If you disagree with our handling of your rights or data protection, please contact us (see contact details above). If you are located in the EEA, you also have the right to lodge a complaint with your country's data protection supervisory authority. A list of authorities in the EEA can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_de#member-de. 

4. What data do we store

We primarily process personal data that we receive directly in our contractual relationships with our customers and our activities with third parties, including you as users. We also receive, collect, or process data from business partners or other participating persons. As permitted and necessary, we also obtain data from publicly accessible sources (such as public registers, media, the internet) or receive it from our customers and their employees, authorities, and third parties (such as business and contract partners of our customers, medical institutions, doctors, healthcare professionals, insurance companies, etc.).

Besides the data we receive directly from you, the categories of personal data we receive from third parties include, but are not limited to:

• Master data (e.g., names, addresses, functions, date of birth, organizational affiliation, etc.)

• Contact data (e.g., email address, phone number, etc.)

• Content data (e.g., text and image files, videos, etc.)

• Usage data (e.g., access data)

• Treatment-related health data (diseases, accidents, insurance information, health insurance and accident/claim numbers, biological gender, etc.)

• Meta/communication data (e.g., IP addresses)

• Information you disclose to us due to our contractual relationships

• Information in connection with your professional functions and activities

• Information about you in correspondence and meetings between us or with third parties (e.g., via communication by phone, email, or other means)

• Information via configuration of your user settings, data access permissions, or other interaction with us

• Information from public registers (debt collection register, commercial register, land registers)

• Registration for or participation in an event

• Information from media and the internet about you (as far as indicated in a specific case) and references during applications.

• Filling out questionnaires, support tickets, or other forms for information requests

If you do not provide us with certain personal data, this may lead to the impossibility of providing the related services or concluding a contract. We indicate the mandatory personal data in each case.

Information about you provided by individuals from your environment (family, advisors, legal representatives, etc.) so that we can conclude or execute contracts with or involving you (e.g., references, your delivery address, power of attorney)

5. Where do the data come from

Data from You

Many of the data we process are provided by you directly (e.g., when using our website, in connection with our services for you, or when communicating with us). In some cases, this data is also automatically transmitted to us by your device. You are only obliged to disclose your data in exceptional cases. However, if you wish to conclude contracts with us or make use of our services, you must provide us with certain data. Even the use of our website is not possible without a minimum level of data collection and processing.

Data from Third Parties

We may also obtain data from publicly accessible sources (e.g., media or the internet including social media platforms, public registers, online research, etc.) or receive this data from your attending doctor, the competent authorities, your employer or client engaging with us in a business relationship, or otherwise dealings, as well as from other third parties (e.g., associations, contract partners, insurance companies, internet analysis services). This includes notably the data that we process in connection with patient treatment and care, as well as data from correspondence and other communication with third parties, but also all other data categories according to sec. 4 "What data do we store".

Data in Communication with You and for You

In addition to personal meetings, telephone discussions, postal mail, and email, we use various other communication methods with you. And also for you or the necessary internal and third-party communication for your treatment, we use third-party software and tools (SaaS). Below are the main services we use: 

1. Management of patient records: Medionline

We use the tool from Ärztekasse Medionline for entries related to patient visits. This includes all administrative matters (appointments, schedule, planning, patient visits themselves, patient records, etc.) and generally all purposes as practice software. All necessary documents are stored online, and notes are recorded.

Provider: Ärztekasse Cooperative, In der Luberzen 1, 8902 Urdorf

Data Protection: https://www.medionline.ch

Legal Basis: Legitimate interest

2. Video Calls

Service: Zoom

Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, San Jose, CA 95113, USA

Data Protection: https://www.zoom.com/en/trust/privacy/

Legal Basis: Legitimate interest

Service: Microsoft Teams

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Data Protection: https://www.microsoft.com/de-de/privacy/privacystatement

Legal Basis: Legitimate interest

Service: Apple FaceTime

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Data Protection: https://www.apple.com/chde/legal/privacy/

Legal Basis: Legitimate interest

3. Microsoft Office365

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Data Protection: https://www.microsoft.com/de-de/privacy/privacystatement

Legal Basis: Legitimate interest

4. Cloud Data Services: Google Drive Services

Provider: Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Protection: https://policies.google.com/privacy?hl=ch-DE

Legal Basis: Legitimate interest

5. Cloud Data Services: Apple iCloud

Provider: Apple Inc., One Apple Park Way, Cupertino, CA, USA (headquarters); Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland (European branch, subsidiary)

Data Protection: https://www.apple.com/chde/legal/privacy/

Legal Basis: Legitimate interest

6. Newsletter: Brevo

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, DE

Data Protection: https://www.brevo.com/de/legal/privacypolicy/

Legal Basis: Legitimate interest including your right to unsubscribe at any time 

7. Telephony: CTI-Client

Provider: WWCOM, Schöngrund 26, 6343 Rotkreuz

Data Protection: https://wwcom.ch/home/disclaimer

Legal Basis: Legitimate interest

8. Telephone System: Nexphone

Provider: Nexphone AG, Alpenstrasse 1, 8803 Rüschlikon

Data Protection: https://www.nexphone.ch/datenschutzerklaerung.html

Legal Basis: Legitimate interest 

6. How are the data processed and used

As part of our operations, we may process various categories of personal data for different purposes. Specifically, we process the personal data mentioned in sec. 4 about you for the following purposes:

Communication

We process personal data so that we can communicate with you and third parties via email, phone, by mail, or otherwise. This can also take the form of newsletters and other regular contacts (e.g., electronically, by mail, by phone). You can refuse this communication at any time or reject or revoke your consent to this communication. In the course of the communication, we particularly process the contents and accompanying data of the communication as well as your contact details, but also image and audio recordings of (video) calls. In the case of audio or video recording of the communication, we inform you separately at the start, and you are free to let us know if you do not wish to be recorded, or to end the communication or leave the call. If we need or want to verify your identity, we may collect additional data.

Activities related to contracts, services, treatments

In terms of concluding a contract with you or your employer or client, we may process your name, contact details, consent declarations, information about third parties (e.g., contact persons, third parties, project participants, etc.), contract contents, and all other data you provide us with or that we legally obtain from public sources or third parties.

Contract Management and Patient Treatment

We process personal data to meet our contractual obligations to our contract partners (e.g., suppliers, service providers, patients) and particularly to provide and demand contractual services. This includes data processing for maintaining patient records as well as data processing for contract enforcement, accounting, and communication with our patients and third parties publicly. We specifically process the data we received or collected during acquisition and contract conclusion and data we create as part of our contractual services or that we gather or receive from public sources or other third parties. These data particularly include meeting protocols, notes, internal and external correspondence, contract documents, patient records from third parties, messages from medical institutions and doctors, documents we create and receive related to patient treatment, background information about you or other persons, image and sound recordings, and other patient-related information, documents, evidence of performance, invoices as well as financial and payment information. If necessary for the treatment, we may also collect and process particularly sensitive personal data in the course of these activities. Otherwise, we adhere, in particular concerning the collection of patient master data, to the recommendations of the Swiss associations of osteopaths and physiotherapists. Where recommendations from these associations are missing, we generally follow the recommendations of FMH, the Swiss Medical Association.

Security Purposes, Access Controls, Video Surveillance

We process personal data to ensure and continuously improve the adequate security of our IT and other infrastructure. This includes, for example, monitoring and controlling electronic access to our IT systems and access to our premises, analyses, and tests of our IT infrastructures, system and error checks, and creating backups.

For documentation and security purposes (preventatively and for resolving incidents), we also use surveillance systems (“System”) for our security in our premises. We indicate surveillance systems at the relevant locations with appropriate signs.

We use a video surveillance system in general practice areas, but no recordings are made in the respective individual treatment rooms. This way, no compromising recordings of our patients are made. 

The personal data created by the system recordings on our premises are processed to protect people and property from possible attacks, theft, burglary, damage, vandalism, and similar crimes; they also serve purposes like fire protection, workplace safety, the pursuit of our legitimate interests through evidence collection, and other organizational requirements.

The collected recordings are not used to monitor the activities of employees, except for uncovering unlawful or fraudulent behavior, which is punishable by criminal consequences. Generally, we have configured the system to minimize data collection and processing, thereby minimizing potential risks for affected persons. For instance, we collect no statistical data from visitors using the system, not even anonymously.

The recordings are made during regular opening hours, after business hours, and when the premises are empty for the aforementioned reasons.

The data are exclusively viewed and, if necessary, processed electronically by the management of BodyLab. 

For video surveillance, we use software from Ubiquiti Networks . The data is physically stored on BodyLab's internal servers, accessible only via VPN or app using two-factor authentication.

The monitoring recordings are retained for a maximum of 7 days  and then deleted unless they are needed for specific requirements related to investigations or other legally required or permitted activities, such as for police or judicial purposes. Personal data is not disclosed or shared with third parties, except for the aforementioned necessities.

Risk Management and Corporate Governance

We process personal data in the context of risk management and corporate governance. This includes, among other things, our business organization (e.g., resource planning, employee data) and corporate development.

Job Applications

If you apply for a job with us, we process the relevant data for the purpose of evaluating and assessing the application, conducting the application process, and preparing and concluding a corresponding contract in the case of successful applications. In addition to your contact details and the information contained in the related communication, we also process the data in your application documents, possibly also extracts from criminal records, and data that we can additionally obtain about you, eg. from job-related social networks, the internet, the media, and references (if you consent to the collection of references). Data processing related to the employment relationship is regulated separately.

Operating our websites

In order to operate our website safely and stably, we collect technical data, such as the IP address, details about the operating system and settings of your device, the region, the time, and the type of use. We also partially use cookies and similar technologies. More information is in the section below.

Improving our electronic offerings

If you want to improve our website and electronic offerings (e.g., newsletters) on an ongoing basis, we collect data about your behavior and preferences by analyzing how you navigate our websites and how you interact with our social media profiles and other electronic offerings (e.g., newsletters).

Registration

In order to use certain offers and services (e.g., newsletters), you must register. For this, we process the data provided as part of the respective registration. Furthermore, we may also collect personal data about you during the use of the offer or service. If necessary, we will provide you with further information about how these data are processed.

Other purposes

Other purposes include, for example, training and educational purposes, as well as administrative purposes (e.g., accounting). In addition, we may process personal data for the organization, execution, and follow-up of events, such as participant lists and content of lectures and discussions, as well as image and audio recordings created during these events. Protecting other legitimate interests is also one of the other purposes that cannot be listed exhaustively.

7. What data is collected and processed when visiting our website

General settings and internal regulations

Type and depth of data, links to providers

The terms of use and privacy policy of the services we use can change continuously, along with the type and depth of data collected by the provider. Therefore, we do not provide detailed information on the data that each service may collect. However, we provide the relevant link to the respective service and the corresponding privacy policy. We periodically check the links to the respective services or their privacy statements, and strive to update the links so they remain current. Despite this, it may happen that individual links are not up to date. If you encounter such an outdated link, we ask you to inform us immediately.

Choice of service providers, server locations, Data Privacy Framework

We generally use service providers where data is stored in data centers in Switzerland or the EU when possible. Where data storage occurs in the USA, on CDN servers (and therefore globally), or in other countries, we choose service providers from countries with an adequate level of data protection, such as Switzerland (for US service providers, for example, those falling under the Privacy Framework between Switzerland and the USA [“Swiss-U.S. Data Privacy Framework”, “SDPF”, https://www.dataprivacyframework.gov/] ). For our used US service providers, we almost exclusively use those covered by the SDPF. Their compliance with the Privacy Framework and Swiss data protection can be queried through https://www.dataprivacyframework.gov/list and checked in detail through accessible entries at any time.

Data processors, DPA, SCC, level of protection

If necessary, we have signed a processing contract, usually based on EU standard contractual clauses (Standard Contractual Clauses of the European Commission, “SCCs”), or a Data Privacy Addendum (“DPA”) with external data processors (or the latter is often already considered a legally binding part of the contract via the terms or conditions of the third-party provider), to adequately ensure security. The provider usually guarantees to process personal data outside Switzerland and the EU following the standards and protection levels of Swiss and European data protection laws.

In our company, only selected employees have access to such data according to the principle of necessity. All employees with access to personal data must follow internal rules and processes and regulations in relation to processing personal data to protect them and ensure their confidentiality.

Security, encryption (external)

We have taken appropriate technical and organizational security measures to protect your personal data collected by us when visiting the website against unauthorized, accidental, or unlawful use.

‍To protect the safety of data transmission, we use common encryption (e.g., SSL) via HTTPS.

Administration

We manage our website ourselves. CarigietSolutions, Männedorf, serves as the webmaster of our website on our behalf (www.carigiet-solution.ch).

Cookies

Using our websites (including newsletters) generates data that is stored in logs (especially technical data). We may also use cookies and similar techniques (e.g., pixel tags or fingerprints) to recognize website visitors, analyze their behavior, and identify preferences. A cookie is a small file transmitted between your system and the server that enables the recognition of a specific device or browser.

You can usually configure your browser to automatically reject, accept, or delete cookies. You can also disable or delete cookies individually or reject the setting of cookies in general for our website. How you can manage cookies in your browser can be found in the help menu of your browser.

Neither the technical data we collect nor the cookies usually contain personal data. However, personal data that we or third parties commissioned by us store from you (e.g., if you have an account with these providers or are still logged in to the third-party service during your website visit), may be linked to the technical data or the information from the cookies and possibly related to your person.

Social Networks

We currently do not use social media plug-ins (small software components) to connect your visit to our websites with a third-party provider, but only link to content on social media platforms.

The social media plug-in communicates to the third-party provider that you have visited our websites and may transmit cookies to the third-party provider that it previously placed on your web browser. For more information on how these third-party providers use your personal data collected via their social media plug-ins, please see their respective privacy policies.

Additionally, we use our own tools and third-party services (which themselves may use cookies) on our websites to improve the functionality or content of our websites (e.g., integration of videos or maps), create statistics, and serve advertising.

Personal Data on Our Social Network Pages

We operate online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g., if you communicate with us or comment on our content) and from the platforms (e.g., statistics). The platform providers can analyze your use and process this data together with other data they have about you. They also process this data for their own purposes (e.g., marketing and market research and platform management) and act as their own controllers for this purpose. For more information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

Third-party Services Used When Using Our Website

1. Hosting, CMS, Web-Design, Search Function, Cookies

Provider: Framer B.V., Rozengracht, 1016 LZ Amsterdam, Nederland (“Framer”)

Data Protection: https://www.framer.com/legal/privacy-statement/

Legal Basis: Legitimate interest; you can adjust your consent to the various cookie categories beforehand and during your visit to our website. Cookie Script is provided by the CMS Framer for use on websites created with Framer.

2. Calendar Functions, Appointment Entries, Booking Functions 

We use OneDoc as an integrated tool for finding and scheduling appointments. Data exchanged via OneDoc is encrypted both during transmission and at rest and decrypted when queried. The terms of OneDoc apply to access rights, which we cannot influence. Other data than the data concerning the patient, address, and data entered by the therapist are not stored, particularly our internally recorded patient data regarding particularly sensitive personal data. Personal data and medical history are not transmitted to OneDoc. For OneDoc's automatic messages to the patient, the name and mobile number as well as their email are always stored, if known.

Service: OneDoc

Provider: OneDoc SA, Chemin des Mines 15 bis, CH-1202 Genève

Data Protection: https://privacy.onedoc.ch/de/privacy-policy

Legal Basis: Your consent, which you provide by using the booking function.

3. Google Services

Our website uses various services from subsidiaries of the US company Alphabet Inc. (see table below). These services usually all reference the same privacy policies, which can be found at https://policies.google.com/privacy.

If the IP anonymization function is activated, your IP address is truncated by Google before being transmitted to the USA. The total IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. Google uses this information to evaluate your usage, to create analytics services regarding these activities and to provide further services for us, such as mapping services.

Provider/Headquarters: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (unless otherwise and separately noted)

General Privacy Notices for Google Services: https://policies.google.com/privacy 

(If additional relevant privacy notices for the specific service are provided, these are noted separately. Otherwise, the general privacy policies of Google apply)

Service: Google Analytics

Privacy Notice: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008&sjid=11159380926726341526-EU

Information for Google Accounts: https://policies.google.com/technologies/partner-sites?hl=de

Legal Basis: Your consent, which you give beforehand and can also revoke later. 

Service: Google Maps

Legal Basis: Legitimate interest or your consent, which you give beforehand and can also revoke later. 

Service: Google Looker Studio

Legal Basis: Your consent, which you give beforehand and can revoke later. 

Service: Google Tag Manager

Legal Basis: Your consent, which you give beforehand and revoke later. 

Service: Google Ads 

Legal Basis: Your consent, which you give beforehand and can revoke later. 

Service: Google Marketing Platform 

Legal Basis: Your consent, which you give beforehand and can revoke later. 

Service: Google MyBusiness

Legal Basis: Legitimate interest. 

Service: YouTube

Provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

Legal Basis: Legitimate interest

4. Social Network Links

We only allow access to linked entries on various social networks via our website. Even the links to our presences on social media platforms fall into this category. Although these links are actively linked to the corresponding platforms, and are embedded on our website, we do not use active cookies from platform operators or, e.g., the Facebook pixel. Nevertheless, we cannot guarantee that the platform operators will not draw certain conclusions about your person or your user/browsing behavior through clicking the link.

We reserve the right to verify content before or after its publication on our online presences, delete contents without notice, and report them to the respective platform provider where applicable.

Service: LinkedIn

Provider: LinkedIn Ireland Unlimited Company or LinkedIn Corporation

Privacy Notices: https://www.linkedin.com/legal/privacy-policy

Legal Basis: Your consent, which you provide beforehand and can revoke later.

Service: Facebook

Provider: Meta Inc., 1 Meta Way, Menlo Park, CA 94025, USA

Privacy Notices: https://www.facebook.com/privacy/policy

Legal Basis: Your consent, which you provide beforehand and can revoke later.

Service: Instagram

Provider: Meta Inc., Menlo Park, CA 94025, USA

Privacy Notices: https://privacycenter.instagram.com/policy

Legal Basis: Your consent, which you provide beforehand and can revoke later.

5. Fonts

Provider: Google Fonts, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Provided by: Framer (see sec. 1)

Data Protection: https://developers.google.com/fonts/faq/privacy?hl=de

Legal Basis: Legitimate interest

8. To whom is the data disclosed

In the context of our business activities, we may disclose your personal data in accordance with the principle of necessity or your explicit consent, for the stated purposes, and where appropriate, to third parties (such as affiliated companies, authorities, medical professionals, suppliers, agents, particularly self-employed specialists, and other business partners and other persons) and to service providers who process data on our behalf (e.g., IT providers). We may also be obliged to disclose your personal data to comply with legal or regulatory requirements. The recipients may be located in Switzerland, the EU, or any other country in the world.

If we transfer data to a country without adequate legal data protection, we ensure, as required by law, an adequate level of protection (in particular based on SCC or DPA) or rely on the legal exceptions of consent, performance of a contract, establishment, exercise, or enforcement of project-related claims, or overriding public interests.  

9. How and how long do we store the data

The personal data collected is stored only for the duration necessary for the execution of the contractual relationship (from the initiation of the business relationship until the end of a contract or the duration of treatment) or the otherwise pursued purposes or as long as a legal retention and documentation obligation or an overriding private or public interest exists, or storage is technically necessary (e.g., in the case of backups or document management systems). Once the personal data collected is no longer needed for the above purposes, it will be deleted or anonymized according to our usual procedures and in accordance with our retention practices and applicable law.

10. Where is the data stored

General information on data storage location

Depending on the scope of your interactions with our offerings, your personal data may be stored or accessed in multiple countries. Whenever we transfer personal data to other countries, we strive to ensure, to the best of our ability, that the data is transferred in accordance with this privacy statement and applicable data protection laws.

For Visitors to Our Website

Your data is stored at the locations of our aforementioned external data processors, according to the services used and corresponding configurations following the principle of necessity.

For Business Partners, Third Parties

Your data is partially stored at the locations of our aforementioned external data processors as well as primarily internally by us.  

11. What personal rights do you have

According to Swiss law, you have the following rights:

• Right of Access
  Request information on whether we have stored personal data about you and copies of that personal data and information on how it is processed;

• Right to Rectification
  The right to correct incorrect personal data about you;

• Right to Erasure
  The right to require the deletion of personal data about you that are no longer necessary for the purposes underlying the processing, processed based on revoked consent, or processed in violation of applicable legal provisions;

• Limitation of Processing
  The right to ask us to restrict the processing of your personal data when processing is inappropriate and to object to the processing of personal data;

• Right to Data Portability
  The right to request the transferability of personal data that you have provided to us;

If you wish to do this, you may contact us at any time at the communicated contact address. It may take up to 30 days to respond to your request.

If you have consented to the processing of your personal data for a specific purpose, you may withdraw your consent at any time, and we will stop processing your data for that purpose.

Complaints and Supervisory Authority

If you believe that we have not complied with your complaints or concerns, you have the right to lodge a complaint with a competent data protection authority.

12. Supplementary Provisions

Reservation for changes

This privacy statement is not part of a contract with you. We may change this privacy statement at any time. The version published on this website is the current version in effect.

Legal validity, Applicable Language

If we provide data protection provisions in languages other than German, they are usually machine-translated; these non-German versions of the privacy statement are provided to our users for information purposes and better understanding only. Only the privacy statement in German is legally valid.