Privacy policy
FAQs
Order Status Shipping & Delivery Returns Billing & payment Products
Shipping & Returns Privacy policy Cookies

Privacy policy

1. What is this privacy policy about?

CELLAP LABORATOIRES SA (hereinafter also referred to as "we", "us" or "our") collects and processes personal data about you and other persons ("third parties"). We use the term "data" here interchangeably with "personal data".

In this Privacy policy, we describe what we do with your data when you use https://eu.cellcosmet.com/, when you purchase our products and services, when you are in contact with us as part of a contract, when you communicate with us or deal with us in any other way. If necessary, we will inform you in a separate statement of any processing acti-vities not covered by this data protection statement. We may also inform you separately about the processing of your data, for example in consent forms, terms and conditions, additional statements, forms and other notices.

If you provide us with data or share data with us about other people, such as family mem-bers, work colleagues, etc., we assume that you are authorised to do so and that the data concerned is accurate. When you share data about other people with us, you are confir-ming the above. Please ensure that these persons have been informed of this Privacy policy.

This Data Protection Statement is aligned with the EU General Data Protection Regulation ("GDPR"), the Federal Act on Data Protection ( "FADP" ). However, the specific application of these laws depends on the case in question.

2. Who is responsible for processing your data?

CELLAP LABORATOIRES SA, with registered office at Chemin de la Crêta 80, 1618 Châtel-Saint-Denis, Switzerland is the data controller under this Privacy policy, unless we indicate otherwise in a specific case, for example in additional Privacy policys, in a form or in a contract .

You can contact us for data protection issues and to exercise your rights under section 11 as follows:

CELLAP LABORATOIRE SA
Chemin de la Crêta 80
1618 Châtel-Saint-Denis
dataprotection@cellcosmet.com

We have appointed the following additional functions:

  • EU Data Protection Representative in accordance with Article 27 GDPR:
  1. CELLAP LABORATOIRE FRANCE SAS
  2. 254 RUE VENDÔME
  3. 69003 LYON
  4. FRANCE
  • UK Data Protection Representative in accordance with Article 27 UK GDPR:
  1. CELLAP LABORATORY UK LIMITED
  2. C/O BUZZACOTT LPP
  3. 130 WOOD STREET
  4. LONDON
  5. EC2V 6DL
  6. UNITED KINGDOM

3. What data do we process ?

We process different categories of data about you. The main categories are as follows:

  • Technical data: When you use our website or other online services, we collect the IP address of the device you are using (terminal) and other technical data in order to ensure the functionality and security of these services. This data includes the usage logs of our systems. We generally store technical data for 12 months. In order to guaran-tee the functionality of these offers, we may also assign an individual code to you or to your terminal (e.g. in the form of a cookie, see section 12 ). Technical data as such does not allow any conclusions to be drawn about your identity. However, technical data may be linked to other categories of data (and potentially to your person) in the context of user accounts, registrations, access controls or the per-formance of a contract.

    Technical data includes the IP address and operating system information of your terminal device, the date, region and time of use and the type of browser you use to access our electronic offerings. This information enables us to provide an appropriate layout of the website or, for example, to display a website tailored to your region. We know from which provider you are accessing our offers (and therefore also the re-gion) thanks to the IP address, but this does not generally allow us to know who you are. However, this changes, for example, when you create a user account, as perso-nal data can then be linked to technical data (for example, we can find out which browser you use to access an account via our website). Examples of technical data include logs that are created in our systems (e.g. the log of user connections to our website).

  • Registration data : Certain offers and services (e.g. the sending of newsletters) can only be used with a user account or after registration, which can be done directly with us or via our third-party connection service providers. In this context, you must provide us with certain data and we collect data on the use of the offer or service. If you redeem a voucher issued by us, we may ask you for certain data at the time of redemption. If we issue a voucher to you for one of our contractual partners, we may share or re-ceive some of your registration data from the relevant contractual partner (see section 7). Access controls to certain facilities may require registration data. We generally retain registration data for 12 months after the end of use of the service or closure of the user account.

    Registration data includes the information you provide when you create an account on our website (e.g. username, password, name and e-mail). It also includes data that we may ask you for before you can use certain free services, such as voucher redemption, in this case: name, address, contact details, time of redemption. You must also register if you wish to subscribe to our newsletter. As part of access controls, we may need to record you and your data (access codes in badges, biometric data for identification purposes) (see "Other data" category).

  • Communication data: When you are in contact with us via the contact form, by e-mail, by telephone, by post or by any other means of communication, we collect the data you exchange with us, including your contact details and the metadata of the communication. If we record or listen to telephone conversations or video conferences, for example for training and quality assurance purposes, we will specifically inform you. Such recordings may only be made and used in accordance with our internal policies. You will be informed if and when such recordings are made, for example by an indi-cation during the video conference in question. If you do not wish to be recorded, please inform us or leave the (video) conference. If you simply do not want your image to be recorded, please turn off your camera. If we need to establish your identity, for example as part of a request for information, a request for access for the press, etc., we will collect data enabling us to identify you (e.g. a copy of an identity document). We generally keep this data for 12 months from the last time we communicate with you. This period may be longer if necessary for evidential purposes, to comply with legal or contractual requirements, or for technical rea-sons. E-mails in the personal inbox and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally kept for 12 months.

    Communication data includes your name and contact details, the means, place and time of communication and generally also its content (i.e. the content of e-mails, letters, chats, etc.). This data may also include information about third parties. For identification purposes, we may also process your passport or identity card number, a password you have set or your press card. To ensure secure identification, the following information must be provided for me-dia requests: publisher, name of publication, title, first name, surname, postal address, e-mail address and telephone number of the journalist.

  • Basic data: By basic data we mean the basic data that we need, in addition to contractual data (see below), to perform our contractual and other business relationships or for marketing and promotional purposes, such as your name and contact details, as well as information about, for example, your role and function, bank details, date of birth, customer history, powers of attorney, signature authorisations and declara-tions of consent. We process your basic data if you are a customer or other busi-ness contact or if you work for one of them (e.g. as the business partner's contact person), or because we wish to contact you for our own purposes or those of a con-tractual partner (e.g. as part of marketing and advertising, invitations to events, with vouchers, with newsletters, etc.). We receive basic data from you (for example when you make a purchase or as part of a registration), from people for whom you work or from third parties such as contractual partners, associations and address brokers, as well as from public sources such as public registers or the internet (websites, social networks, etc.). We may also collect basic data from our share-holders and investors. We generally retain basic data for 10 years from the last time we deal with you or the end of the contract. This period may be longer if necessary for evidential purposes, to comply with legal or contractual require-ments, or for technical reasons . For contacts used solely for marketing and adver-tising purposes, the retention period is in principle much shorter, generally no more than 2 years from the last contact.

    Basic data includes information such as name, address, e-mail address, telephone number and other contact details, gender, date of birth, nationality, data on relatives, websites, social network profiles, photos and videos, copies of identity cards; in addition, details of your relationship with us (customer, supplier, visitor, service recipient, etc.), details of your status, allowances, classifications and mailing lists, details of our interactions with you (where applicable, a history of these with corresponding entries), reports (e.g. media re-ports) or official documents (e.g. extracts from the commercial register, permits, etc.) relating to you. As payment information, we collect, for example, your bank details, your account number and your credit card details. Declarations of consent and informa-tion about unsubscribing from a service also form part of the basic data, as does infor-mation about third parties, for example contact persons, service recipients, recipients of advertising or representatives.

    With regard to contact persons and representatives of our customers, suppliers and partners, basic data includes, for example, name and address, information on role or function in the company, qualifications and (where applicable) information on superiors, colleagues and subordinates and information on interactions with these persons.

    Basic data is not collected exhaustively for all contacts. The data collected in an individual case depends mainly on the purpose of the processing.

  • Contractual data: This is data collected in the context of the conclusion or performance of a contract, e.g. information on contracts and services provided or to be provided, as well as data relating to the period prior to the conclusion of a contract, information requi-red or used for the performance of a contract, and customer feedback (e.g. com-plaints, customer satisfaction data, etc.) . We generally collect this data from you, contractual partners and third parties involved in the performance of the contract, but also from third party sources (e.g. credit information providers) and public sources. We generally retain this data for 10 years from the last contractual activi-ty or the end of the contract. This period may be longer where necessary for evi-dential purposes, to comply with legal or contractual requirements, or for technical reasons.

    Contractual data includes information on the conclusion of the contract, on your contracts, for example, the type of contract, the date of conclusion, information from the application process (such as the request to perform our products or services) and information on the con-tract concerned (for example, its duration), the performance and administration of con-tracts (for example, information relating to invoicing, customer service, technical assis-tance and the enforcement of contractual claims). Contractual data also includes infor-mation on deficiencies, complaints and changes to a contract, as well as information on customer satisfaction that we may collect, for example through surveys. Contractual data also includes financial data, such as credit information (i.e. information that allows us to draw conclusions about the likelihood of payment of debts), information about payment reminders and debt collection. We receive this data partly from you (e.g. when you make payments), but also from credit agencies, debt collection companies and public sources (e.g. commercial register).

  • Behavioural and preference data: Depending on the relationship we have with you, we try to get to know you better and adapt our products, services and offers to your needs. To this end, we collect and process data about your behaviour and preferences. We do this by evaluating information about your behaviour in our domain, and we may also supplement this information with information from third parties, including public sources. On the basis of this data, we can, for example, determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is either already known to us (e.g. where and when you use our services) or we collect it by recording your behaviour (e.g. how you browse our website ). We anonymise or delete this data when it is no longer relevant for the purposes for which it was collected, i.e. - depending on the type of data - between 1 month (for movement profiles) and 24 months (for product and service preferences). This period may be longer where necessary for evidential purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website at section 12.

    Behavioral data is information relating to certain actions, such as your response to electronic communica-tions (for example, if and when you opened an e-mail) or your location, as well as your in-teraction with our pages on social networks and your participation in sweepstakes, con-tests and similar events. We may, for example, collect your location data when you use our website.

    Preference data tells us what your needs are, what products or services might interest you, or when and how you are likely to respond to our messages. We obtain this information by analysing existing data, such as behavioural data, in order to get to know you better, to tailor our advice and offers more precisely to your needs and, more generally, to improve our offers. In order to improve the quality of our analyses, we may combine this data with other da-ta that we also obtain from third parties.

    Behavioural and preference data may be analysed on a personal and identifiable basis (e.g. to send you personalised advertising), but also on a non-identifiable basis (e.g. for market research or product development). Behavioural and preference data may also be combined with other data (e.g. movement data may be used for contact tracing as part of a health protection concept).

  • Other data : We also collect data about you in other situations. For example, we process data that may relate to you (such as files, evidence, etc.) as part of administrative or legal proceedings. We may also collect data for health protection purposes (for example as part of health protection concepts). We may obtain or create photos, videos and sound recordings in which you may be identifiable (e.g. at events, with security cameras, etc.). We may also collect data about who enters certain buil-dings and when, or who has access rights (including as part of access controls, on the basis of registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions), and who uses our infrastructure and systems and when. Furthermore, in addition to basic data, we collect and process data about our shareholders and other investors, including information for registers, in con-nection with the exercise of their rights or in connection with events (e.g. general meetings). The length of time we keep this data depends on the purpose of the processing and is limited to what is necessary. It ranges from a few days for many security cameras, to a few weeks for contact tracing and tracking and for visitor da-ta, which is generally kept for 12 months, to several years or more for event re-ports containing images. The data concerning you as a shareholder or investor is kept in accordance with company law and, in any case, for as long as you are in-vested in that role.

Most of the data mentioned in this section 3 is provided to us directly by you (via forms, when you communicate with us, in the context of concluding a contract, when you use the website, etc.). You are not obliged or required to provide us with any data, except in cer-tain cases, for example in the context of compulsory health protection concepts (legal obligations ). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular basic data, contractual data and registration data, as part of your contractual obligations under the relevant contract. Furthermore, it is not possible to avoid processing technical data when using our website. If you wish to have access to certain systems or buildings, you must also provide us with registration data. However, in the case of behavioural and preference data, you generally have the option of objecting or not giving your consent.

We provide certain services to you only if you provide us with registration data, because we or our contractual partners wish to know who is using our services or has accepted an invitation to an event, because it is a technical requirement or because we wish to communicate with you. If you or the person you represent (e.g. your employer) wish to enter into or perform a contract with us, we need to collect basic data, contractual data and communication data, and we process technical data if you wish to use our website or other electronic offerings for this pur-pose. If you do not provide us with the data required to enter into and perform the contract, you should expect that we may refuse to enter into the contract, that you may be in breach of con-tract or that we may not perform the contract. Similarly, we can only respond to a request from you if we process communication data and - if you communicate with us online - possibly also technical data. Furthermore, it is not possible to use our website without receiving technical data.

Insofar as this is not illegal, we also collect data from public sources (e.g. debt collection registers, land registers, commercial registers, the media or the internet, including social networks) or receive data from other companies in our group, public authorities and other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analysis services, etc.).

The categories of personal data we receive about you from third parties include information from public registers, information we receive in the course of administrative and legal proceedings, information relating to your professional functions and activities (so that we can, for example, enter into and perform transactions with your employer with your support), information about you in correspondence and meetings with third parties, credit information (where we deal with you on a personal basis), information about you that persons related to you (family mem-bers, advisers, legal representatives, etc.) share with us in order for us to enter into or perform contracts with or about you (e.g. your references, delivery address, power of attorney, informa-tion about compliance with legal requirements such as the prevention of money laundering, ter-rorist financing, etc.).) shares with us in order for us to enter into or perform contracts with or about you (e.g. your references, delivery address, powers of attorney, information about com-pliance with legal requirements such as those relating to the prevention of fraud and the comba-ting of money laundering and terrorist financing, export restrictions, information from banks, insurance companies, vendors and other contractual partners about your use of our services or your provision of services (e.g. payments, purchases, etc.), information from the media and other sources (e.g. the Internet, the Internet, etc.).), information from the media and the In-ternet about your use of our services or the provision of our services (e.g. payments made, pur-chases made, etc.), information from the media and the Internet about you (if applicable in a specific case, e.g. in the context of an application, marketing/sales, press review, etc.), your ad-dress, your potential interests (e.g. in the context of an application, marketing/sales, press re-view, etc.), your personal data (e.g. your name, address, telephone number, e-mail address, etc.) and your personal data (e.g. your name, address, telephone number, e-mail address, etc.).), your address, your potential interests and other socio-demographic data (in particular for marketing and research purposes), as well as data relating to the use of third-party websites and online offers, insofar as this use can be attributed to you.

4. For what purposes do we process your data?

We process your data for the purposes set out below. Further information can be found at section 12 and 13 for online services. These purposes and their objectives serve our inte-rests and, where applicable, those of third parties. Further information on the legal basis for our processing can be found at section 5.

We process your data for the purposes of communicating with you, in particular to res-pond to your requests and exercise your rights (section 11 ) and to enable us to contact you if we have any questions. For this purpose, we use in particular communication and basic data as well as registration data in connection with the offers and services you use. We store this data to document our communication with you, for training purposes, quality assurance and to follow up enquiries.

The above includes all the purposes for which we communicate with you, whether in connection with customer service or advice, authentication when using the website, and for training and quality assurance (e.g. in connection with customer service). We also process communication data to enable us to communicate with you by e-mail and telephone, as well as through messa-ging services, chat rooms, social networks, letters and faxes. Our communication with you gene-rally takes place in connection with other processing purposes, for example so that we can pro-vide services or respond to an access request. Our processing also serves to document the communication and its content.

We process data for the conclusion, administration and performance of contractual rela-tionships.

We enter into various contracts with our business and private customers, suppliers, subcontrac-tors and other parties, such as project partners or parties to legal proceedings. In particular, we process basic data, contractual data and communication data and, depending on the cir-cumstances, registration data relating to the customer or the persons for whose benefit the customer has received a service. This includes, for example, recipients of our products or ser-vices who receive vouchers and related invitations from our own customers and may become our customers when they redeem them. In this case, we process the data in order to perform the contract with these recipients, but also with the contractual partners who have invited them.

In the course of establishing a business relationship, personal data - in particular basic data, contractual data and communication data - is collected from potential customers or other con-tractual partners (e.g. in an order form or a contract) or is obtained in the course of communica-tion. When concluding a contract, we process data in order to assess a person's creditworthiness and to enter into a customer relationship. In some cases, this information is examined in order to comply with legal requirements.

As part of the performance of the contractual relationship, we process data for the administra-tion of the customer relationship, for the provision and enforcement of contractual services (which includes the involvement of third parties, such as logistics companies, security service providers, advertising service providers, banks, insurance companies or credit information provi-ders, who may in turn provide us with data), for advisory services and for customer support. Services also include the enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.), accounting, termination of contracts and public communication.

We process data for marketing and relationship management purposes, for example to send our customers and other contractual partners personalised advertisements for pro-ducts and services offered by us or by third parties (e.g. advertising partners). This may take the form of newsletters and other regular contacts (by electronic means, e-mail or telephone), through other channels for which we have your contact details, but also as part of marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You may object to such contact at any time (see the end of this section 4 ) or refuse or withdraw your consent for us to contact you for mar-keting purposes. With your consent, we can target our online advertising on the Internet more specifically to you (see section 12 ). Finally, we also wish to allow our contractual partners to contact our customers and other contractual partners for marketing purposes (see section 7).

For example, with your consent, we may send you information, advertising and product offers from us and from third parties within and outside the Group (e.g. advertising partners), in the form of printed material, electronically or by telephone. We process communication and registra-tion data in particular for this purpose. Like most companies, we personalise communications so that we can provide you with tailored information and offers that meet your needs and interests. We therefore combine the data we process about you and collect preference data and use this data as the basis for personalisation (see section 3). We also process data in the context of com-petitions, contests and similar events.

Relationship management includes addressing existing customers and their contacts, possibly in a personalised manner based on behavioural and preference data. As part of relationship mana-gement, we may also operate a customer relationship management ("CRM") system in which we store data from customers, suppliers and other business partners necessary to manage the relationship, e.g. data on contact persons, relationship history (e.g. information on products and services purchased or provided, interactions, etc.), interests, marketing measures (newsletters, invitations to events, etc.) and other information.

All of these processing activities are important to us, not only to promote our offerings as effecti-vely as possible, but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships and to use our resources as efficiently as possible.

We also process your data for market research purposes, to improve our services and business activities, and for product development.

We aim to continually improve our products and services (including our website) and to respond quickly to changing needs. To this end, we analyse, for example, how you navigate our website or which products are used by which groups of people and in what way, and how new products and services can be designed (for more details, see section 12). This helps us to understand market acceptance of existing products and services and the market potential of new products and ser-vices. To this end, we process, among other things, basic data, behavioural data and preference data, but also communication data and information from customer surveys, polls and studies, as well as other information from, for example, the media, social networks, the internet and other public sources. Wherever possible, we use pseudonymised or anonymised data for these pur-poses. We may also use media monitoring services or carry out media monitoring ourselves and process personal data in order to carry out media monitoring or to understand and react to cur-rent developments and trends.

We use anonymised location data, for example to provide our contractual partners with recom-mendations for avoiding peak traffic times. With your prior consent, we use non-anonymised location data to alert you to interesting offers and products in your vicinity (based on your loca-tion), to determine your interests from location data (dwell time) and to inform you about pro-ducts and services that other contractual partners with similar interests have used.

We may also process your data for security and access control purposes.

We constantly review and improve the security of our IT and other infrastructures (e.g. buil-dings). Like any business, we cannot rule out data security breaches with absolute certainty, but we do our best to reduce the risks. For example, we process data for the purposes of monitoring, inspecting, analysing and testing our IT networks and infrastructure, for system and error checks, for documentation purposes and as part of back-ups. Access controls include electronic access controls to systems (e.g. login to user accounts), as well as physical access controls (e.g. access to buildings). For security purposes (to prevent and investigate incidents) we also keep access logs and visitor lists and use surveillance systems (e.g. security cameras). We will inform you of surveillance systems at relevant locations by means of appropriate signage.

We process personal data in order to comply with the laws, directives and recommenda-tions of the authorities and internal regulations ("compliance with legal requirements").

This includes, for example, the implementation of health safety concepts or the regulated fight against money laundering and the financing of terrorism. In certain cases, we may also be requi-red to carry out certain clarifications on our customers ("Know Your Customer") or to make declarations to the authorities. Obligations to provide information or make declarations, for example in the context of control and tax obligations, also require or entail the processing of da-ta, for example archiving obligations and the prevention, detection and investigation of criminal offences and other violations. This also includes receiving and processing complaints and other reports, monitoring communications, conducting internal investigations or providing documents to an authority if we have sufficient grounds to do so or are legally obliged to do so. We may also process your personal data in the context of external investigations, for example by a law enfor-cement or supervisory authority or by a private entity commissioned for this purpose. In addi-tion, we process data in order to serve our shareholders and other investors and to comply with our obligations in this respect. For these purposes, we process in particular basic data, contrac-tual data and communication data and, in certain circumstances, behavioural data and data in the category "other data". Legal obligations may arise from Swiss law, but also from foreign regu-lations to which we are subject, as well as self-regulations, industry standards, our own corpo-rate governance and instructions and requests from the authorities.

We also process data as part of our risk management and corporate governance, inclu-ding business organisation and development.

For these purposes, we process basic data, contractual data, registration data and technical data, as well as behavioural and communication data. For example, as part of our financial mana-gement, we need to monitor our customer and supplier accounts, and we need to avoid falling victim to crime and abuse, which may lead us to analyse data to find relevant patterns of such activity. We may also carry out profiling and create and process profiles for these purposes and to protect you and us from criminal or abusive activities (see also section 6) In planning our re-sources and organising our business activities, we may need to evaluate and process data rela-ting to the use of our services and other offerings or share this information with others (e.g. sub-contracting partners), which may also include your data. The same applies to services pro-vided to us by third parties. As part of the development of our business, we may sell businesses, parts of businesses or companies to third parties or acquire them from third parties or enter into partnerships, which may also involve the exchange and processing of data (including about you, for example as a customer, supplier or supplier's representative).

We may process your data for other purposes, for example as part of our internal pro-cesses and administration or for quality assurance and training purposes.

These other purposes include, for example, training and educational purposes, administrative purposes (such as basic data management, accounting and data archiving, as well as the tes-ting, management and continuous improvement of IT infrastructure), the protection of our rights (e.g. to assert claims in court or out of court, and before the authorities in Switzerland and abroad, or to defend ourselves against claims made against us, for example by preserving evidence, carrying out legal analyses and participating in judicial or administrative proceedings), evaluation and improvement of internal processes. We may use recordings of (video) conferences for quality assurance and training purposes. These other purposes also include safeguarding other legitimate interests which cannot be named exhaustively.

5. On what basis do we process your data?

Where we seek your consent for certain processing activities (for example, for marketing activities, for personalised movement profiles and for the management of advertising and analysis of website behaviour), we will inform you separately of the relevant processing purposes. You may withdraw your consent at any time with effect for the future by sending us written notification (by post) or, unless otherwise indicated or agreed, by sending us an e-mail; you will find our contact details at section 2. To withdraw your consent to online tracking, see section 12. Where you have an user account, you may also withdraw your consent or contact us via the website or service in question. Once we have received notice of withdrawal of consent, we will no longer process your information for the purpose(s) to which you consented, unless we have another legal basis to do so. Withdrawal of consent does not, however, affect the lawfulness of processing based on consent prior to withdra-wal.

Where we do not seek consent for processing, the processing of your personal data is ba-sed on the necessity of the processing to initiate or perform a contract with you (or the entity you represent) or on our or a third party's legitimate interest in the processing in question, in particular in pursuing the purposes and objectives set out in section 4 and in implementing related measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by the appli-cable data protection legislation (for example, in the case of the GDPR, laws in the EEA and, in the case of the FADP, Swiss law). This also includes marketing our products and services, better understanding our markets and managing and developing our business, including its operations, in a secure and efficient manner.

If we receive sensitive personal data (for example, data relating to health, data revealing political opinions, religious or philosophical beliefs, as well as biometric data for the pur-pose of uniquely identifying a natural person), we may process your data on other legal grounds; for example, in the event of litigation, for the purposes of potential litigation or for the enforcement or defence of legal claims. In some cases, other legal bases may apply and, if so, we will inform you separately.

6. What rules apply in the case of profiling and automated individual decisions?

We may automatically assess personal aspects about you ("profiling") on the basis of your data (section 3) for the purposes set out in section 4, where we wish to establish prefe-rence data, as well as to detect abuse and security risks, to carry out statistical analyses and for business planning. We may also create profiles for these purposes, which means that we may combine behavioural and preference data, as well as basic data, contractual data and technical data about you in order to better understand you as a person - with your different interests and other characteristics.

If you are our customer, we may, for example, use "profiling" to determine which other products are likely to be of interest to you based on your purchases. We may also use profiling to assess your creditworthiness before offering to pay for a purchase by invoice. In addition, automated data analysis may determine, for your own protection, the likelihood that a transaction is fraudu-lent. This allows us to suspend the transaction while we clarify the situation. Profiles" are to be distinguished from "profiling". Profiling" refers to the linking together of different pieces of data in order to draw conclusions about key aspects of your personality (e.g. what you like, how you be-have in certain situations) from the data as a whole. Profiles may also be used for marketing pur-poses, for example, or for security purposes.

We ensure the proportionality and reliability of the results and take measures against the misuse of these profiles or profiling. If these automated individual decisions could have legal consequences for you or otherwise affect you in a significant way, we ensure in prin-ciple that the decision is controlled by a human being.

7. With whom do we share your data?

For the purposes of our contracts, the website, our products and services, our legal obliga-tions, the protection of our legitimate interests, and the other purposes set out in section 4, we may disclose your personal data to third parties, in particular to the following ca-tegories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint data controllers with us or who receive data about you from us as independent data controllers (e.g. IT service providers, transport companies, advertising service providers, connection service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit information agencies or address verification providers). In order to be able to provide our products and services efficiently and focus on our core competencies, we call on the services of third parties in various areas. These include, for example, IT services, information transmission, marketing, sales, com-munication or printing services, facilities management, security and cleaning ser-vices, the organisation and running of events and receptions, debt collection, cre-dit agencies, address verification providers (e.g. to update address lists when mo-ving house), fraud prevention measures and the services of consultancy firms, la-wyers, banks, insurers and telecommunications companies. In each case, we pro-vide these service providers with the data they need for their services, which may also concern you. These service providers may also use this data for their own pur-poses, for example information about outstanding debts and your payment history in the case of credit information agencies, or anonymised data to improve their services. In addition, concludes contracts with these service providers which in-clude provisions to protect data, where such protection does not derive from law. In some cases, our service providers may also process data about how their ser-vices are used and other data generated in the course of using their services as independent data processors for their own legitimate interests (e.g. for statistical analysis or billing purposes). These service providers disclose their independent data processing activities in their own privacy policys.
  • Contractual partners, including customers : These are customers and our other contractual partners, insofar as the communi-cation of data arises from these contracts. If you work for one of these contractual partners, we may also disclose your data to them. These recipients also include contractual partners with whom we cooperate or who advertise on our behalf and to whom we may therefore pass on data about you for analysis and marketing pur-poses (again, this may include service recipients, but also sponsors and online ad-vertising providers). We ask these partners to send you or display advertisements based on your data only with your consent (for online advertising, see section 12).

    If you are acting as an employee of a company with which we have a contract, the per-formance of that contract may require us to tell the company, for example, how you have used our service. We provide our cooperation and advertising partners with basic data, contractual data, behavioural data and selected preference data so that they can carry out non-personal analyses in their areas (e.g. how many of our customers have viewed their advertisements) and use the data for advertising purposes (including targeting you). For example, advertising partners must be able to contact some of our customers and send them advertising.

  • Authorities: We may disclose personal data to agencies, courts and other authorities in Swit-zerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities act as indepen-dent data controllers.

    These include, for example, criminal investigations, police measures (e.g. health protec-tion concepts, combating violence, etc.), regulatory requirements and investigations, court proceedings, reporting obligations and prejudicial and extrajudicial proceedings, as well as legal obligations to provide information and to cooperate. Data may also be dis-closed if we wish to obtain information from public bodies, for example to justify a request for information or because we need to identify the persons about whom we require information (for example from a register).

  • Other persons: These are other cases in which interactions with third parties fall within the scope of the objectives set out in section 4, for example service recipients, the media and associations in which we participate, or if you appear in one of our publications.

    Other recipients include, for example, delivery recipients or third-party debtors specified by you, other third parties in the context of an agency relationship (for example if we share your data with your lawyer or bank) or persons involved in administrative or legal proceedings. If we cooperate with the media and share documentation with them (e.g. photos), this may also affect you. The same applies if we publish content (e.g. photos, in-terviews, quotes, etc.) on our website or in our other publications. As part of the deve-lopment of our business, we may sell businesses, parts of businesses or companies to third parties or acquire them from third parties or enter into partnerships and these ac-tivities may also involve the disclosure of data (including yours, for example as a custo-mer or supplier or a supplier's representative) to those involved in such transactions. In the context of communication with competitors, industry organisations, associations and other bodies, data relating to you may be exchanged.

All these categories of recipients may involve third parties, so your data may also be communicated to them. We may restrict processing by certain third parties (e.g. IT sup-pliers), but not by others (e.g. authorities, banks, etc.).

8. Will your personal data be transferred abroad?

As explained in section 7, we share data with other parties. Not all of these parties are located in Switzerland. Your data may therefore be processed both in Europe and in other non-European countries.

If a recipient is located in a country without adequate legal data protection recognised on the basis of Art. 8 para. 1 and Annex 1 of the Data protection ordinance (DPO), we require that the recipient undertakes to comply with the applicable data protection legislation (unless the recipient is already subject to a legally accepted set of rules designed to gua-rantee data protection or we can invoke an exception. An exception applies, for example, in the case of legal proceedings abroad, in the case of an overriding public interest or when the performance of a contract requires the communication of data, as well as if you have consented to the transfer of the data or if the data has generally been made avai-lable by you directly and you have not objected to the processing.

Many countries outside Switzerland and the EEA do not currently have legislation guaranteeing an adequate level of data protection under the FADP or the GDPR. The contractual provisions mentioned compensate to a certain extent for this less extensive or missing legal protection. However, contractual provisions cannot eliminate all risks (in particular the risk of government access abroad). You should be aware of these residual risks, even if they are low in this case, and we are taking steps to minimise them.

Please note that data exchanged via the Internet often passes through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as our processing purposes, statutory retention periods and our legitimate interests in documenting and preserving evidence so require or reten-tion is a technical requirement. Further information on the respective retention and pro-cessing periods for the various categories of data can be found at section 3, and for coo-kies at section 12. In the absence of legal or contractual obligations to the contrary, we will delete or anonymise your data once the retention period has expired or processing has ceased as part of our normal processes.

Documentation and evidential purposes include our interest in documenting processes, interac-tions and other facts for legal claims, inconsistencies, IT security and infrastructure require-ments and to demonstrate good corporate governance and compliance with legal requirements. Data retention may be a technical requirement where certain data cannot be separated from other data and we therefore need to keep them together (e.g. in the case of backups or docu-ment management systems).

10. How do we protect your data?

We take appropriate security measures to ensure the necessary security of your personal data and to guarantee the confidentiality, integrity and availability of your data, to protect it against unauthorised or unlawful processing, and to minimise the risk of loss, accidental alteration, unauthorised disclosure or access.

Technical and organisational security measures may include data encryption and pseudonymisa-tion, logging, access restrictions, keeping back-up copies, instructing our employees, entering into confidentiality agreements and monitoring. We protect your data that is sent through our website in transit by appropriate encryption. However, we can only secure the areas under our control. We also require our subcontractors to take appropriate security measures. However, security risks can never be totally excluded; there are always residual risks.

11. What are your rights?

Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profilingfor direct marketing purposes and other legitimate interests in processing.

To help you control the processing of your personal data, you have the following rights in relation to our processing of your data in accordance with applicable data protection le-gislation:

  • The right to request information from us as to whether we are processing data about you and, if so, which data;
  • The right to request that we correct data if it is inaccurate;
  • The right to request the erasure of data;
  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another data controller;
  • The right to withdraw your consent, where our processing is based on your consent;
  • The right to receive, on request, other information relevant to the exercise of these rights;

If you wish to exercise the aforementioned rights towards us you may contact us in wri-ting at our address or, unless otherwise indicated or agreed, by e-mail; you will find our contact details in section 2. In order to prevent misuse, we need to identify you (for example by means of a copy of your identity card, if identification is not otherwise pos-sible).

Please note that conditions, exceptions and restrictions may apply to the exercise of these rights in accordance with applicable data protection legislation (e.g. to protect third par-ties or trade secrets). In such cases, we will inform you.

In particular, we may continue to process your data and retain your personal data in order to perform a contract with you, to protect our own legitimate interests, for example in enforcing contractual claims, exercising or defending legal claims or complying with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may also reject a data subject's request in whole or in part (for example by redacting content relating to third parties or our trade secrets).

If you do not agree with the way we respond to the exercise of your rights or with our data protection practices, you can let us know (section 2). If you are located in the EEA, the UK or Switzerland, you also have the right to lodge a complaint with the relevant data protec-tion supervisory authority in your country.

12. Do we use online tracking and online advertising techniques?

We use various techniques on our website that enable us - and the third parties we en-gage - to recognise you when you use our website, and possibly to track you over several visits. This section provides information on this subject.

Basically, we want to distinguish between your access (via your system) and access by other users, so that we can ensure the functionality of the website and carry out analyses and customisation. We do not intend to determine your identity, although it may be pos-sible for us or third parties we engage to identify you by linking to registration data. However, even in the absence of registration data, the technologies we use are designed so that you are recognised as an individual visitor each time you access the website, for example our server (or third party servers) assigning a specific identification number to you or your browser (called a "cookie").

Cookies are individual codes (e.g. a serial number) which our server or a server of our service providers or advertising partners transmits to your system when you connect to our website, and which your system (browser, mobile phone) accepts and stores until the end of the set expi-ry period. Your system transmits these codes to our server or to the third-party server each time you access the site again. In this way, you can be recognised even if your identity is unk-nown.

Each time you access a server (for example when you use a website or an application, or when an e-mail includes a visible or invisible image), your visits may be "tracked". If we integrate offers from an advertising partner or an analysis tool provider on our website, they may track you in the same way, even if you cannot be identified in the particular case.

We use these technologies on our website and may authorise certain third parties to do so as well. You can also configure your browser to block or deceive certain types of cookies or certain alternative technologies, or to delete existing cookies. You can also add software to your browser to block certain third-party tracking. You can find more information on your browser's help pages (usually with the keyword "data protection") or on the websites of the third parties listed below.

We distinguish the following categories of "cookies" (including technologies that work in the same way, such as fingerprints):

  • Necessary cookies: Some cookies are necessary for the operation of the website or for certain functions. For example, they ensure that you can move from one page to another without losing the in-formation you have entered in a form. They also ensure that you remain connected. These cookies exist only temporarily ("session cookies"). If you block them, the website may not function properly. Other cookies are needed by the server to store options or information (that you have entered) beyond one session (i.e. one visit to the website) if you use this function (e.g. language settings, consents, automatic login functionality, etc.). These coo-kies have an expiry date of up to 24 months.
  • Performance cookies: In order to optimise our website and related offers and better tailor them to users' needs, we use cookies to record and analyse the use of our website, potentially beyond a single session. We use third-party analytics services for this purpose. Before using these cookies, we ask for your consent. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of third-party analytics services.
  • Marketing cookies: It is in our interest and that of our advertising partners to target advertising as precisely as possible, i.e. to show it only to the people we wish to reach. To this end, if you consent, we and our advertising partners use cookies that may record the content you have viewed or the contracts you have entered into. This enables us and our advertising partners to display adverts that we believe may be of interest to you, on our website and on other websites that display adverts from us or our advertising partners. These cookies have an expiry period ranging from a few days to 12 months, depending on the circumstances.

We currently use third-party analytics services and advertising partners such as:Google Analytics (https://support.google.com/analytics/answer/6004245), Hotjar Heatmaps (https://www.hotjar.com/legal/policies/privacy/) Google Ads (https://policies.google.com/privacy) and Meta (Facebook) Pixel (https://www.facebook.com/policy.php).

13. What data do we process on our social networking pages?

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks and other platforms operated by third parties and collect data described in section 3 and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). These platforms also analyse your use of our online presence and combine this data with other data they have about you (e.g. behavioural and preference data). They also process this data for their own purposes, in particular for marketing and market research purposes (e.g. to personalise advertising) and to manage their platforms (e.g. what content they show you) and, for this purpose, they act as independent data controllers.

We receive data about you when you communicate with us via online presences, view our content on the corresponding platforms or visit our online presences or when you are ac-tive on them (e.g. publish content, submit comments). In particular, these platforms col-lect technical data, registration data, communication data, behavioural data and prefe-rence data from or about you (see section 3 on these terms). These platforms typically perform statistical analysis of how you interact with us, how you use our online presences and content or other parts of the platform (what you watch, comment on, "like", follow, etc.) and link this data with other information about you (e.g. information about your age and gender and other demographic information). They use this data and these profiles to display advertisements and other personalised content to you on the platform and to ma-nage the content of the platform, as well as for market research and usage statistics.

For more information on the processing of platform operators, you can consult the rele-vant Privacy policys. There you will also find information on the countries in which they process your data, your rights of access and erasure of data and other rights of data sub-jects, as well as how you can exercise these rights or obtain further information. We cur-rently use the platforms Facebook, Instagram, TikTok, Linked-In and Pinterest.

14. Can we update this Privacy policy?

This privacy statement does not form part of any contract with you. We may amend this data protection statement at any time. The version published on this website is the cur-rent version.

Last updated: March 2026