Introduction
The website of BodyLab GmbH (Domain https://bodylab.ch, hereinafter referred to as "BodyLab"; "we"; "us") is governed by Swiss law, in particular Swiss data protection law (the Federal Act on Data Protection; "FADP"). In certain cases, foreign laws might also apply, such as the General Data Protection Regulation ("GDPR") of the European Union ("EU").
For privacy-related inquiries, please reach out to our Data Protection Officer:
BodyLab Inc.
Alex Schück
Albulastrasse 50
8048 Zurich
SWITZERLAND
Phone +41 (0)44 545 03 03
or via email to: datenschutz@bodylab.ch
We have a data protection representative in the EU to serve as a contact for regulatory authorities and individuals residing in the EU in accordance with Art. 27 GDPR:
VGS Data Protection Partner GmbH
At Kaiserkai 69
20457 Hamburg
Germany
Questions for the Data Protection Officer
If you have questions about how we handle data or about our data protection practices, please send us an email or contact the person listed above who is responsible for data protection. To ensure we respond as efficiently as possible, please provide as detailed a description as possible of the information you would like to receive from us.
1. Processing of Personal Data
We process personal data in accordance with the Federal Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). The definitions of terms explained below for clarification refer to the definitions in the DSG and GDPR.
“Personal data” therefore includes all information relating to an identified or identifiable person.
A “data subject” is a natural or legal person about whom personal data is processed.
“Processing” encompasses any handling of personal data, regardless of the means and procedures used, particularly storing, disclosing, acquiring, deleting, storing, altering, destroying, and using personal data.
When the FADP is applicable, we process personal data according to at least one of the justification grounds of Art. 13 FADP.
When the GDPR is applicable, we process personal data according to at least one of the following legal bases:
Art. 6 para. 1 lit. a GDPR
Processing of personal data with the consent of the data subjectArt. 6 para. 1 lit. b GDPR
Processing of personal data necessary for the performance of a contract with the data subject as well as for taking pre-contractual measuresArt. 6 para. 1 lit. c GDPR
Processing of personal data to fulfill a legal obligation that we are subject to because either EU law or the legal provisions of a country applicable where the GDPR is fully or partially applicableArt. 6 para. 1 lit. d GDPR
Processing of personal data to safeguard vital interests of the data subject or another natural personArt. 6 para. 1 lit. f GDPR
Processing of personal data to protect legitimate interests of ours or of third parties, provided that the fundamental freedoms and rights as well as the interests of the data subject do not prevail
2. Processing Time, Retention Period
The duration of processing personal data depends on the specific purpose for which the data is needed. For analyses, we retain your data until the analysis is concluded. If legal or other obligations require a longer retention period, we adjust the processing and storage duration accordingly. The duration of processing personal data is determined by the specific purpose for which the data is needed. During analyses, we keep your data until the analysis is complete. Should legal or other obligations necessitate longer retention, we align the processing and storage duration with those requirements.
3. Sharing of Personal Data
We may share and disclose your personal data with other companies associated with our business, as long as it's necessary to fulfill the relevant purpose. We may also disclose your personal data to third parties acting for us or on our behalf, so that they can further process the data according to the purpose for which it was originally collected, or for other legally permissible purposes, such as providing services, handling contractually obligated performances, or technical support.
4. Rights of Individuals
Visitors to our website or individuals about whom we process personal data for other reasons have all the 'data subject rights' according to Articles 12-23 of the GDPR, as long as the GDPR is applicable. In particular, they can request information free of charge about whether we process personal data about them. If so, you can request information about the nature, scope, and other aspects of our processing of your personal data. Additionally, you can have the processing of your personal data restricted. If the GDPR is applicable, you can exercise your right to data portability, have your personal data corrected, deleted (Article 17 GDPR: 'Right to be Forgotten') or blocked, revoke consent given earlier for the processing of your personal data, or completely object to the processing of your personal data.
Overview of Your Rights as a Data Subject:
Right to Access (Art. 15 GDPR, Art. 8 ff. FADP),
Right to Rectification (Art. 5 FADP) or Right to Rectification or Erasure (Art. 17 GDPR)
Right to Restrict Processing (Art. 18 GDPR)
Right to Block Disclosure (Art. 20 FADP)
Right to Data Portability (Art. 20 GDPR)
Right to Object to Processing (Art. 21 GDPR)
Exercising your personal rights requires you to unequivocally prove your identity through official documents. If there are any costs incurred from asserting your rights, we will inform you in advance. Should the exercise of your rights conflict with contractually agreed-upon rights and obligations between you and us, this may lead to consequences such as premature termination of the contract, cost implications, or other consequences, which we will inform you about if necessary.
Every individual about whom we process personal data has the right to lodge a complaint with the competent data protection authority (in Switzerland, the Federal Data Protection and Information Commissioner - FDPIC) as well as the right to enforce their claims in court.
5. Server Log Files, Data Security
5.1 Server Log Files
During your visit to our website, the provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The processing of this data is based on Art. 13 para. 1 FADP and Art. 6 para. 1 lit. f GDPR. This typically includes the following data:
Browser type (including language and version)
operating system used
Referrer URL (website from which the request originated)
Hostname of the accessing computer
IP address
Time zone difference to GMT time zone
Content of the request
Access status/http status code
Data volume transmitted each time
Date and time of the server request
This data cannot be attributed to specific individuals. There will be no merging of this data with other data sources. This data is processed primarily for the following purposes:
to ensure the flawless establishment of a connection to the website;
to guarantee the smooth usage of our website;
for the evaluation of system security and stability;
for other administrative purposes.
We reserve the right to subsequently review this data if tangible evidence of unlawful use comes to our attention.
5.2 Data Security
These security measures are regularly reviewed and updated to keep pace with technological advancements. Among these security measures is the use of recognized encryption methods (SSL or TLS).
We implement appropriate technical and organizational security measures to protect your personal data stored with us against accidental, illegal, or unauthorized deletion, alteration, access, sharing, or use, as well as against partial or complete loss.
When you register with us as a user, access to your account is only possible by entering your personal password. Always keep your login and payment information confidential, and remember to close your browser window and clear your history after you have finished communicating with us.
Our employees and the service companies we commission are each obligated by us to maintain confidentiality and comply with data protection regulations.
We accept no liability for data loss or unauthorized access and use by third parties.
6. Functional Technologies
Hosting is conducted on servers by Hostpoint AG, a Swiss provider with server locations in Switzerland.
As a Content Management System (CMS) and for databases, we use WordPress by the WordPress Foundation. It operates under the GNU General Public License, Version 2 (or later), and is hosted on servers by Hostpoint AG.
To ensure the flawless operation of our website, we utilize various technologies (e.g., libraries, fonts). These include:
The JavaScript library JQuery by the OpenJS Foundation from the USA
The WordPress search plugin Ivory Search,
integrated font directories
sharing mechanisms
All these technologies are hosted on the servers we have chosen. As far as we know, no further data transfer to third parties occurs with these technologies.
7. Cookies and Other Tracking Methods
7.1 Overview
This website uses cookies. Cookies are small text files that allow the storage of specific information related to you on your device while you are using our website. Cookies help make your visit to our website easier and more enjoyable, enhance our services, and ensure they are more effective and secure. With cookies, we also gather information to offer you advertisements that may interest you.
When you first visit our website or when new cookies need to be set due to deleted cookies, you will be informed on our cookie banner about the choices for different cookie categories and can select which types of cookies should be collected:
Functional Cookies (“Necessary Cookies”) – Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Because these cookies are essential for the operation of the website, they cannot be disabled in our systems.
Preferences – Preference cookies enable a website to remember information that affects how a website behaves or appears, such as your preferred language or the region you are in. We do not use these types of cookies.
Statistics – Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously. With these cookies, we can measure visits and traffic to improve the performance of our website. They help us understand which pages are viewed most often and for the longest duration, and about which content our visitors prioritize information on the site. All information generated by these cookies, to our knowledge, is aggregated and therefore anonymous.
Marketing Cookies – Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and therefore more valuable for publishers and third-party advertisers. They can be used by these companies to create a profile of your interests and inform you about relevant ads on other websites via our offers. They do not store directly personal information but are based on uniquely identifying your browser and internet device. Identification may occur if you are logged into certain third-party services and your user data can be linked by the third party. If you do not allow these cookies, you will receive less targeted advertising. By default, marketing cookies are deselected on our website.
Cookies are automatically deleted when the information is no longer needed. You can choose whether to allow certain types of cookies or not. Due to system requirements, functional cookies cannot be disabled.
7.2 Types of Cookies
We use transient and persistent cookies.
Transient cookies are automatically deleted once you close your browser. This type of cookie includes, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This way, your computer can be recognized when you return to our website. Session cookies are rarely used and are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. You can delete the cookies at any time in your browser's security settings.
7.3 Benefits and Analysis
Cookies allow us to perform certain analyses on our website, such as determining the frequency of use or the number of users on the pages, as well as analyzing user behavior. Embrace the power of data to make your experience better!
Cookies are primarily used to make our website, its content, and offerings more user-friendly. For instance, cookies might be necessary to use shopping carts or payment functions. By employing cookies, we can apply the preferences or choices you've made to personalize your visit to our site. Additionally, we can use cookies to recognize you during future visits if you have an account with us.
Cookies are typically stored beyond the end of a browser session and can be recalled during a subsequent visit to the site. If you do not wish for this to happen, you can configure your web browser to refuse cookies. However, be aware that this may prevent you from utilizing all features of this website.
8. Services of Third Parties
As mentioned initially, we handle personal data according to the principle of necessity.
a. Selection of Providers, Server Locations
In essence, we strive to select service providers based in Switzerland or the EU. Whenever feasible at the time of contracting with these third parties, we also choose server locations in Switzerland or EU countries. When this is not possible, we turn to alternative providers outside Europe. Consequently, we may transfer your data to those countries where the service providers we use are located, including the USA.
Especially for global service providers, server locations are no longer limited to single locations these days but are often provided through a Content Delivery Network, also known as a CDN, which consists of a group of geographically distributed and interconnected servers.
b. Consent to Third-Party Services
Depending on your cookie preference settings or explicit, active opt-in (sometimes also double opt-in), you consent to the use of the third-party services listed below according to the information collection and processing practices described for each respective service.
For more information on the privacy policy and terms of service for each third-party service, please visit the respective links listed in the table.
c. Legal Bases for Data Transmission
When we transfer data to third parties, the relevant Swiss laws, particularly the Swiss Data Protection Act, form the legal basis. Alternatively and subsidiarily, or where applicable, the provisions of the EU General Data Protection Regulation also apply. Refer to the justifications and legal bases mentioned under section 1 regarding the FDPA and GDPR.
If you would like to know the exact legal basis for any of the third-party services listed in detail below, please contact us using the contact methods mentioned at the beginning of this privacy policy.
When we transfer data to third parties in a country without an adequate legal level of data protection, we ensure an appropriate level of protection as mandated by law using appropriate contracts (for example, by utilizing the European Commission's so-called standard contractual clauses) or rely again on the legal justifications mentioned in section 1.
d. Encryption / Anonymization
Generally, we always transmit personal data to third parties in an encrypted or anonymized manner. Any exceptions to this will be explicitly mentioned.
e. Third-Party Privacy Policies
We have no control over how third-party providers handle personal data with the services used. Their current valid data protection regulations are binding for you regarding their data handling. We can only ensure which cookies are set and which actions regarding third-party services are triggered based on your cookie settings choice.
Overview and information about third-party providers
Below, we mention the third-party providers used according to their services. We inform you which services are used by which companies from which countries and provide you with a link to the currently valid privacy policies to the best of our knowledge. If you have any further questions about any of the services listed below, please contact us using the contact options mentioned at the beginning of this privacy policy.
8.1 Third-Party Data Storage (Settings)
We use CookieBot to save your preferences on how cookies should be used. CookieBot is a cloud-based solution from the Danish company Cybot A/S that automatically controls cookies and trackers, ensuring full compliance with GDPR and ePrivacy for websites.
Service, Tool, System
Provider
Location (Country), Server Location
Terms of Use, Privacy Policy, Data Processing
9. Contact Forms, Comment Functionality
9.1 Contact Forms
When you use the contact forms on our website or send us an email, your personal data is processed by us. This information, as well as your IP address, and the date and time of your contact request, are transmitted by your browser or email client and stored in our systems. Without such processing of your personal data, we cannot respond to your request. Collecting technical data is necessary to prevent misuse of the contact form and to ensure the security of our systems.
Personal data is deleted periodically. We do not merge this personal data with other data sources. There is no transfer of data to third parties unless necessary to respond to your inquiry.
9.2 Comment Functionality
Our website currently does not offer a comment feature.
10. Copyrights
All content on this website is either copyrighted, Copyright by BodyLab, or we have obtained a license to use parts of the website not attributed to our copyright. All rights strictly reserved. We also refer you to our terms of use for this website.
11. Disclaimer
Regarding our liability in connection with the use of this website, we refer to our Terms of Use.
12. Current Relevance and Changes
As we continue to evolve our website, implement new technologies, adjust our internal processes, or adapt to changes in legal frameworks, it may become necessary to update this privacy policy. We, therefore, reserve the right to change this privacy policy at any time while adhering to data protection regulations and laws.
Since the privacy policy may change, we recommend visiting this page from time to time to stay informed about the latest version of the privacy policy.
The latest version of the privacy policy can always be accessed freely on our website.
The currently valid privacy policy is written in German. Any translated versions we may provide are for informational purposes and better understanding only. In the event of disputes, the German text is legally binding and takes precedence over other language versions.