Privacy Policy

 

Contents

1. Who is responsible?

2. What Personal Data do we process?

3. How do we collect Personal Data?

4. For what purposes do we process Personal Data?

5 . Why and how do we share data?

6. Why and how do we transfer data abroad?

7. How do we use profiling?

8. How do we make automated individual decisions?

9. How do we protect data?

10. How long do we store data?

11. Newsletter

12. Social Media

13. Cookie Policy

14. What rights do you have?

15. Legal basis according to GDPR

16. How can we change this Privacy Policy?

 

 

Date: 24.09.2024

IMPORTANT NOTE: The German version of this document will govern our relationship – this translated version is provided for convenience only and will not be interpreted to modify the German version. For the German version, please see https://www.mikrona.com/de/privacy-policy.

With this Privacy Policy, we inform you which Personal Data (data that directly or indirectly identifies you) we collect and process in connection with our activities. It applies to all processing activities that are related to Personal Data. We process the data received and collected responsibly, in accordance with the applicable legal provisions and in accordance with this Privacy Policy. Our processing is generally subject to the Swiss Data Protection Act (FADP).

If we consider it useful, we will provide you with supplementary Privacy Policies and other legal documents (in particular general terms and conditions, terms of use and conditions of participation) for individual or additional processing.



1. Who is responsible?

 

For the processing of your Personal Data, as described in this Privacy Policy and unless otherwise stated in individual cases, the controller within the meaning of the Data Protection Act is:

Mikrona Group Ltd.

Wiesenstrasse 36

8952 Schlieren

SWITZERLAND

References to "Mikrona", "we" or "us" used in this Privacy Policy are references to the controller just mentioned.

Mikrona is a company of Healthcare Holding Schweiz AG, with registered office in Baar. The companies of Healthcare Holding Schweiz Ltd. and Mikrona Group Ltd. are collectively referred to in this Privacy Policy as the “Healthcare Group”. A list of the companies of Healthcare Holding Schweiz Ltd. can be found on the following website: https://www.healthcare-holding.ch/portfolio. A list of the companies of Mikrona Group Ltd. can be found on the following website: https://www.mikrona.com/about-us.

If you have a data protection concern, you are welcome to contact us at any time, in particular at the following e-mail address:

swiss@mikrona.com (subject "Privacy")]



2. What Personal Data do we process?

 

In particular, we collect and process the following Personal Data from you:

  • Main Data, such as name, address, e-mail address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship details (customer, service provider, etc.), history, official details (e.g. extracts from the company register, permits, etc.), details of newsletters subscribed to or other advertising (including consent);
  • Communication Data, such as contact details, type and manner of communication (telephone, e-mail, text messages, video messages, etc.) as well as place, date, time and content of the communication;
  • Registration Data, such as username, password, e-mail address;
  • Financial Data, such as payment details, credit rating details;
  • Contractual Data, data arising in connection with the conclusion or execution of the contract, such as details on the conclusion of the contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. date, place, time and history of purchase, as well as quantity, type and value of goods/services);
  • Technical Data, such as IP address, operating system, date, time, geographical information;
  • Behavioral Data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message (newsletter, e-mail, etc.), location of your end device, interaction with our online presences on social networks or other third-party platforms;
  • Preference Data, such as user preferences and settings, data from the analysis of the collected data (in particular Behavioral Data);
  • Further Data that you provide about yourself.



3. How do we collect Personal Data?

 

We collect your Personal Data in a variety of ways. On the one hand, we collect your Personal Data that you have provided to us (e.g. by e-mail, telephone, letter post, video call), that we receive from third parties (e.g. from business partners, authorities) and that we collect about you (e.g. from publicly accessible registers, websites, business partners).

 

3.1 Data provided

 

You provide us with your Personal Data when you interact with us, for example in the following circumstances:

  • When you communicate with our employees;
  • When you create a user account with us;
  • When you visit our stores or other premises;
  • When you attend customer events and public events organized by us;
  • When you purchase our products or services (in a retail location or online);
  • When you register to use certain offers and services from us (e.g. newsletter, free Wi-Fi);
  • When you enter one of our competitions or prize draws.

 

The data provided includes, in particular, Main Data, Communication Data, Registration Data and Contractual Data, but also Preference Data.

As a rule, the provision of Personal Data is voluntary, i.e. in most cases you are not obliged to disclose Personal Data to us. However, we must collect and process the Personal Data that is necessary or legally required for the execution of a contractual relationship and the fulfillment of the associated obligations, e.g. mandatory Main Data and Contractual Data. Otherwise, we will not be able to conclude or continue the respective contract.

If you transmit Personal Data about other persons (e.g. family members, employees) to us, we assume that you are authorized to do so and that this data is correct. Please ensure that these other persons are aware of this Privacy Policy.

If you do not provide us with certain Personal Data, this may mean that it is not possible to provide the associated service or conclude a contract. We will always let you know in which cases the Personal Data we request is mandatory.

 

3.2 Data received

 

We may also receive your Personal Data from other companies in the Healthcare-Group. We may also receive Personal Data about you from third parties, such as the following:

  • From business partners with whom we work, e.g. banks, insurance companies, sales and other contractual partners;
  • From people who communicate with us;
  • From credit-rating agencies, e.g. when we obtain credit reports;
  • From address dealers or the Swiss Post, e.g. for address updates
  • From providers of online services, e.g. Internet analysis services;
  • From authorities and courts, in connection with official and judicial proceedings.

 

The data received includes in particular Main Data, Communication Data, Financial Data and Contract Data, but also Preference Data.

 

3.3 Data collected

 

We may also collect your Personal Data ourselves or automatically, for example in the following circumstances:

  • When you use our products and services;
  • When you order and/or purchase products or services from us;
  • When you visit our websites or use our apps;
  • When we consult publicly accessible sources (e.g. public registers, websites, platforms);
  • If we obtain information about you from your organization or from another organization or company (e.g. for reference purposes in the application process, if you consent to this)
  • When we work with business partners;
  • When you click on a link in one of our newsletters or otherwise interact with one of our electronic marketing communications.

 

The data collected includes, in particular Behavioral Data and Technical Data.

We can also derive further Personal Data from existing Personal Data, e.g. by evaluating Behavioral Data. Such derived Personal Data often involves Preference Data.



4. For what purposes do we process Personal Data?

 

We process your Personal Data primarily in order to conclude and process our contracts with you, our customers and our business partners. In particular, we also process your Personal Data for the following purposes:

  • to communicate with you;
  • to provide you and our customers with our services (including websites) and to improve them;
  • to manage the business relationship with you and our customers;
  • to conduct advertising, marketing, market research and product development;
  • to ensure your and our security and to prevent misuse (e.g. for IT security, theft, fraud and abuse prevention and for evidence purposes)
  • to comply with legal and regulatory obligations;
  • to assert our claims and defend ourselves against the claims of others;
  • to prepare and execute the sale or purchase of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of Personal Data;
  • for business management and to optimize internal Group processes.

 

When processing Personal Data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding and managing the business relationship and communicating with you as a business partner about our products and services.

For certain purposes, you can give us your consent to process your Personal Data. Unless we have another legal basis, we process your Personal Data within the scope of and based on this consent. You can withdraw your consent at any time. Withdrawal has no effect on processing that has already taken place.



5. Why and how do we share data?

 

We may disclose your Personal Data to trusted third parties where necessary or appropriate for the provision of our services or the fulfillment of the purposes defined in this Privacy Policy. We may disclose your Personal Data to the following categories of recipients External service providers (e.g. IT service providers, auditors, freight forwarders, payment services); customers and other contractual partners; counterparties, their legal representatives and persons involved; business partners with whom we may need to coordinate the provision of services; authorities and courts. We may also disclose your Personal Data to other companies in the Healthcare-Group. Please note that these recipients may in turn involve third parties, so that your data may also become accessible to them.

If we share your Personal Data with third parties who process your Personal Data on our behalf, this is done on the basis of our instructions and in accordance with our Privacy Policy and other appropriate confidentiality and security measures. For example, we use service providers to support the operation of our IT infrastructure, provide our products and services, improve our internal business processes and offer additional support to our customers.

In principle, we only process your Personal Data in Switzerland and the European Economic Area (EEA) (see also Section 6). We use third-party services for our websites and apps; please refer to our Cookie Policy (see Section 13) for information on the independent collection of Personal Data by third-party providers.



6. Why and how do we transfer data abroad?

 

We may transfer your Personal Data to recipients in the European Economic Area (EEA), as well as to recipients in the USA and other countries that do not guarantee a level of data protection comparable to Swiss law (so-called Third Countries). We normally do this if it is necessary to fulfill a contract or to enforce legal claims. If we disclose data to other Third Countries and you are not already aware of this (e.g. from a contract or communication with us), the respective country, international body or at least the region can be found at the appropriate place in this Privacy Policy and in particular in the Cookie Policy. We only transfer your Personal Data to a third country if the data protection requirements are met (e.g. after concluding recognized standard data protection clauses, in accordance with the Swiss-U.S. Data Privacy Framework or obtaining consent) or if we can rely on an exemption clause. An exception may exist in particular in cases of overriding public interests or if the execution of a contract that is in your interest requires such disclosure.



7. How do we use profiling?

 

“Profiling” refers to the automated processing of Personal Data in order to analyze personal aspects or make predictions (e.g. analysis of personal interests and habits). As a rule, profiling is used to derive Preference Data. We use profiling in particular for the automatic processing of Main Data, Contractual Data, Behavioral Data and Preference Data when using and purchasing our products and services, but also in connection with our websites, apps, events, competitions and prize draws. We use profiling in particular to improve our products and services, to present them and our content in line with your needs, to provide you only with advertising and offers that are likely to be relevant to you and to decide which payment options are available to you based on a credit check. We may also combine Personal Data from different sources as a basis for profiling in order to improve the quality of our analyses and forecasts.



8. How do we make automated individual decisions?

 

"Automated individual decisions" are decisions that are made fully automatically, i.e. without human involvement, and that may have legal consequences for the data subject or otherwise significantly affect them. As a rule, we do not use automated individual decisions; if we do, we will inform you separately in each individual case.



9. How do we protect data?

 

We take appropriate technical (e.g. firewall, SSL encryption, password protection) and organizational (e.g. access restriction, training of authorized persons) security measures to protect the security of your Personal Data. We use these measures to protect your Personal Data against unauthorized or unlawful processing, access and/or unintentional loss, alteration or disclosure. Please always bear in mind that the transmission of information via the Internet and other electronic means involves certain security risks. We cannot guarantee the security of information transmitted in this way.



10. How long do we store data?

 

We store your Personal Data for as long as it is necessary for our processing purposes (see Section 4), the statutory retention periods (generally five or 10 years) and our legitimate interests, in particular for documentation and evidence purposes, or for as long as storage is technically necessary (e.g. in the case of backups or document management systems). We delete or anonymize your Personal Data, provided there are no legal or contractual obligations or technical reasons to the contrary, in principle after the storage and processing period has expired as part of our usual processes and in accordance with our retention policy.



11. Newsletter

 

We provide you with the opportunity to subscribe to our newsletter, in which we inform you about news at regular intervals. In order for us to send you the newsletter by e-mail, you must give us your consent in a so-called double opt-in procedure, i.e. we will only send you a newsletter if you have expressly confirmed this to us beforehand. You can unsubscribe from the newsletter at any time, e.g. by clicking on the link at the end of each newsletter or by sending us your unsubscribe request by e-mail.

We use the services of HubSpot Inc., Two Canal Park, Cambridge, MA 02141, USA, to send our newsletter.

When you register for the newsletter, we collect your e-mail address, first name and surname. Any further information is provided voluntarily. We process certain data so that we can determine whether a newsletter e-mail has been opened and which links have been clicked on. Technical information (e.g. time of access, IP address, browser type and operating system) is also collected. We process all data for the purpose of sending the newsletter and analyzing the newsletter campaign. We store your data until you unsubscribe from the newsletter. Data stored for other purposes remains unaffected by this.

For more information on the data collected, please refer to the Privacy Policy of HubSpot at: https://legal.hubspot.com/privacy-policy



12. Social Media

 

We may operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect and process data about you (in particular contact and profile data) that you or the social networks provide to us. We receive the data when you come into contact with us via our online presence (e.g. accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation so that we can further develop the contributions and services we offer. We process the data in particular for communication, marketing purposes (including advertising on these platforms) and market research. We may redistribute content published by you ourselves or delete or restrict content from or about you in accordance with the usage guidelines. Personal Data may also be processed outside Switzerland and the European Economic Area (EEA).

Furthermore, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. which content they display to you).

When using the platforms, other legal documents (e.g. general terms and conditions and terms of use) apply in addition to the corresponding Privacy Policies.

We currently use the following platforms:



13. Cookie Policy

 

In the following, we describe how and why we use log data, cookies, similar technologies and other third-party services when you use our websites and apps (hereinafter collectively referred to as the "website") and process Personal Data and other data.

 

13.1 What is log data?

 

Every time you connect to a web server, certain information is logged and stored for technical reasons. When you visit our website, information is automatically sent to the server of our website. This information includes the IP address of your computer, the date and time of access, the name and URL of the data retrieved, the website from which the access was made (referrer URL), the browser type and version and other information transmitted by the browser (e.g. your computer's operating system, geographical origin, language setting). This information is temporarily stored in a so-called log file and stored in accordance with the legal requirements. We process the data for the purpose of ensuring a smooth connection setup and convenient use of our website as well as evaluating system security and stability.

 

13.2 What are cookies and similar technologies?

 

We may use cookies and similar technologies on our website. Cookies are usually small text files that your browser automatically creates and stores on your end device (computer, tablet, smartphone, etc.) when you visit our website. Session cookies save your entries as you navigate from page to page on the website. Session cookies are deleted after a short time, at the latest when you close your browser. Persistent cookies remain stored for a certain period of time even after the browser is closed. Similar technologies include, for example, pixel tags (invisible images or program code that are loaded from a server and transmit certain information to the server operator), fingerprints (information from the end device and browser that is collected when a website is called up and in conjunction distinguishes the end device from others) and other technologies (e.g. "web storage") for storing data in the browser.

We use both persistent and session cookies on our website. We cannot identify you with a cookie in every case. We use cookies and similar technologies so that we can statistically record the use of our website and evaluate it for the purpose of optimization and user-friendliness. We also use cookies for the purpose of providing our services (in particular technically necessary cookies, essential cookies). Cookies have different storage periods. We have no control over the retention period of cookies set by third-party providers.

 

13.3 How can you deactivate cookies and similar technologies?

 

You can configure your browser so that it does not automatically accept cookies and similar technologies or deletes existing cookies and other data stored in the browser. You can also extend your browser with additional software (so-called "add-ons" or "plug-ins"), which then prevents tracking by certain third parties (such plug-ins are available, for example, at www.noscript.net or at www.ghostery.com). As a rule, you will find further information in the help pages of your browser under the heading "Privacy". Please note that the partial or complete deactivation of cookies may result in you not being able to use all the functions of our websites.

 

13.4 Which cookies and similar technologies do we use and how do we use them?

 

a) Technically necessary cookies

We use persistent cookies to store your personal user settings (in particular regarding cookies and language selection on our website). In doing so, we will not process any of your personal data. The purpose of the processing is to re-identify your personal settings on our website. These cookies are necessary for the functionality of our website. These cookies are automatically deleted from your system after six months at the latest. You can also delete the cookies manually at any time. Please note that your user settings will be lost.

b) Success and reach measurement

We use the following services in particular to measure success and reach:

  • HubSpot from HubSpot Inc, Two Canal Park, Cambridge, MA 02141, USA. The way in which our website is used is monitored and recorded. HubSpot uses persistent cookies to collect anonymous information (e.g. number of visitors to the website, origin of visitors, length of visit). As a matter of principle, we do not transmit any Personal Data or complete IP addresses to HubSpot. HubSpot provides us with the collected information in aggregated form. We do not have the possibility to identify individual visitors. For information on how HubSpot processes your data, please refer to the Privacy Policy of HubSpot Inc. at the following link: https://legal.hubspot.com/privacy-policy


13.5 Third-party services (in particular website plugins)

 

We use various plugins (extensions) from third parties on our website in order to be able to use additional functions. In particular, we use plugins for the following functions:

a) Extensions for providing the website

We use third-party services to provide you with our website and to offer additional functions. In particular, we use the following services:

  • HubSpot from HubSpot, Inc, Two Canal Park, Cambridge, MA 02141, USA. We use HubSpot as a content management system so that we can offer our website. For information on how HubSpot processes your data, please refer to the Privacy Policy of HubSpot Inc. at the following link: https://legal.hubspot.com/privacy-policy

  • Cloudflare from Cloudflare, Inc, 101 Townsend Street, San Francisco, California 94107, USA. We use Cloudflare to deliver our website content quickly and flawlessly on all devices. You can find Cloudflare's Privacy Policy at: https://www.cloudflare.com/privacypolicy/

  • BugHerd by Splitrock Studio Pty Ltd., Rialto, Podium East, Level 2, 525 Collins St, Melbourne VIC 3000, AU. We use BugHerd to help us develop and improve our website. You can find the BugHerd Privacy Policy at: https://bugherd.com/privacy



14. What rights do you have?

 

As a data subject, you may assert various claims against us in accordance with the applicable national and international provisions. We may process your Personal Data again to fulfill your claims.

You have the following rights in relation to your Personal Data:

  • Right of access: You have the right to receive information about what Personal Data we have about you and how we process it;
  • Right to data portability: You have the right to receive or transfer a copy of your Personal Data in a conventional electronic format, provided that it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or performance of a contract between you and us;
  • Right to rectification: You have the right to have your Personal Data rectified if it is incorrect;
  • Right to erasure: You have the right to have your Personal Data erased;
  • Right to object: You have the right to object to the processing of your Personal Data (particularly in the case of data processing for the purpose of direct marketing).

 

Please note that conditions and exceptions apply to these rights. We may restrict or refuse your request to exercise these rights where permitted by law. We reserve the right to redact copies for reasons of data protection or confidentiality or to provide only excerpts.

If you wish to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; our contact details can be found in Section 1. So that we can rule out misuse, we must identify you (e.g. with a copy of your Identity Card, if necessary).



15. Legal basis according to GDPR

 

We do not assume that the EU General Data Protection Regulation (GDPR) applies to us. However, should this exceptionally be the case for certain data processing, this Section 15 shall apply additionally and exclusively for the purposes of the GDPR and the data processing subject to it.

We base the processing of your Personal Data in particular on the fact that

  • they are as described in Section 4 is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR);
  • it is necessary to protect our legitimate interests or those of third parties as described in Section 4 namely for communication with you or third parties, to operate our website, to improve our electronic services and registration for certain products and services, for security purposes, for compliance with Swiss law and internal regulations for our risk management and corporate governance and for other purposes such as training and education, administration, evidence and quality assurance, organization, implementation and follow-up of events and to safeguard other legitimate interests (see Section 4) (Art. 6 para. 1 lit. f GDPR);
  • it is required or permitted by law on the basis of our mandate or our position under the law of the EEA or a member state (Art. 6 para. 1 lit. c GDPR) or is necessary to protect your vital interests or those of other natural persons (Art. 6 para. 1 lit. d GDPR);
  • you have consented to the processing separately, e.g. via a corresponding declaration on our website (Art. 6 para. 1 lit. a, and Art. 9 para. 2 lit. a GDPR).

 

If you are located in the EEA, in addition to the rights in Section 14 you also have the right to restrict data processing and you can lodge a complaint with the data protection supervisory authority in your country. You can find a list of the authorities in the EEA here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Our representative in the EEA in accordance with Art. 27 GDPR is:

Mikrona (Deutschland) GmbH

Invalidenstraße 113

10115 Berlin

GERMANY



16. How can we change this Privacy Policy?

 

We may amend this Privacy Policy or add new processing activities at any time. We also update this Privacy Policy from time to time to take account of legal requirements. We will inform you of such amendments and additions in an appropriate form; in particular, we will publish the current Privacy Policy on our website (see below).

The current Privacy Policy can be accessed at any time at https://www.mikrona.com/privacy-policy.