Data Privacy Notice
1.What is this Privacy Notice about?
The AlveoliX AG(also «we», «us») collects and processes personal data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «personal data».
In this Privacy Notice, we describe what we do with your data when you use www.alveolix.com, obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with us. When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice.
If you disclose data to us or share data with us about other individuals, we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR»), the Swiss Data Protection Act («DPA») and the revised Swiss Data Protection («revDPA». However, the application of these laws depends on each individual case.
2. Who is the controller for processing your data?
You may contact us for data protection concerns and to exercise your rights under Section 11 as follows:
3. What data do we process?
We process various categories of data about you. The main categories of data are the following:
- Technical data: When you use our website, we collect the IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 6months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your terminal device (for example as a cookie, see Section 11). Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to user accounts, registrations, access controls or the performance of a contract.
- When you are in contact with us via the contact form, by e-mail, telephone or chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. E-mails in personal mailboxes and written correspondence are generally kept for at least 10years.
- Master data: With master data we mean the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We generally keep master data for 10 years from the last exchange between us or from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used only for marketing and advertising, the retention period is usually much shorter, usually no more than 2years from the last contact.
- Behavioral and preference data: Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you. For this purpose, we collect and process data about your behavior and preferences. We do so by evaluating information about your behavior in our domain, and we may also supplement this information with third-party information, including from public sources. Based on this data, we can for example determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is already known to us (for example where and when you use our services), or we collect it by recording your behavior (for example how you navigate our website). We anonymize or delete this data when it is no longer relevant for the purposes pursued. We describe how tracking works on our website in Section 12.
4. For what purposes do we process your data?
We process your data for the purposes explained below. Further information is set out in Sections 11 and 12 for online services. These purposes and their objectives represent interests of us and potentially of third parties. You can find further information on the legal basis of our processing in Section 5.
We process your data for purposes related to communication with you, in particular in relation to responding to inquiries and the exercise of your rights (Section 10) and to enable us to contact you in case of queries. For this purpose, we use in particular communication data and master data. We keep this data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.
We process data for marketing purposes and relationship management, for example to send our customers and other contractual partners personalized advertising for products and services from us and from third parties. This may happen in the form of newsletters and other regular contacts, but also as part of marketing campaigns (for example events, contests, etc.). You can object to such contacts at any time (see at the end of this Section 4) or refuse or withdraw consent to be contacted for marketing purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 11).
5. On what basis do we process your data?
Where we ask for your consent forcertain processing activities (for example for marketing mailings), we will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with effect for the future by providing us written notice; see our contact details in Section 2. For withdrawing consent for online tracking, see Section 11.
Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose(s) you consented to, unless we have another legal basis to do so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to withdrawal.
6. With whom do we share your data?
In relation to our contracts, the website, our services and products, our legal obligations or otherwise with protecting our legitimate interests and the other purposes set out in Section 4, we may disclose your personal data to third parties, in particular to the following categories of recipients:
- Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as separate controllers. These include, for example, IT services.
- Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests.
- Other persons: This means other cases where interactions with third parties follows from the purposes set out in Section 4.
7. Is your personal data disclosed abroad?
As explained in section 6, we disclose data to other parties. These are not all located in Switzerland. Your data may therefore be processed also in Europe; in exceptional cases, in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception.
8. How long do we process your data?
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. You will find further information on the respective storage and processing periods for the individual data categories in Section 3, and for cookies in Section 11. If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes.
9. How do we protect your data?
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. Technical and organizational security measures may include encryption and pseudonymization of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. We protect your data that is sent through our website in transit by appropriate encryption.
10. What are your rights?
Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing.
To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
- The right to request information from us as to whether and what data we process from you;
- The right to have us correct data if it is inaccurate;
- The right to request erasure of data;
- The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
- The right to withdraw consent, where our processing is based on your consent;
- The right to receive, upon request, further information that is helpful for the exercise of these rights.
If you wish to exercise the above-mentioned rights in relation to us, please contact us in writing, at our premises or, unless otherwise specified or agreed, by e-mail; you will find our contact details in Section 2.
If you do not agree with the way we handle your rights or with our data protection practices, please let us or our Data Protection Officers (Section 2) know. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
11. Cookies and Online Tracking
We use various techniques on our website that allow us and third parties engaged by us to recognize you during your use of our website, and possibly to track you across several visits. This Section informs you about this.
In essence, we wish to distinguish access by you (through your system) from access by other users, so that we can ensure the functionality of the website and carry out analysis and personalization. We do not intend to determine your identity, even if that is possible where we or third parties engaged by us can identify you by combination with registration data. However, even without registration data, the technologies we use are designed in such a way that you are recognized as an individual visitor each time you access the website, for example by our server (or third-party servers ) that assign a specific identification number to you or your browser (so-called «cookie»).
Cookies are individual codes (for example a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website, and that your system (browser, cell phone) accepts and stores until the set expiration time. Your system transmits these codes to our server or the third-party server with each additional access. That way, you are recognized even if your identity is unknown.
We distinguish the following categories of «cookies»:
- Necessary cookies: Some cookies are necessary for the functioning of the website or for certain features. For example, they ensure that you can move between pages without losing information that was entered in a form. They also ensure that you stay logged in. These cookies exist temporarily only («session cookies»). If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 24months.
We may also integrate additional third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (for example by clicking a button), these providers can determine that you are using our website. If you have an account with that social media provider, it can assign this information to you and thereby track your use of online offers. These social media providers process this data as separate controllers.
11.1. Tracking services
11.1.1. Google Analytics
Google Ireland Ltd. (located in Ireland) is the provider of the service «Google Analytics» and acts as our processor. Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»). Google collects information about the behavior of visitors to our website (duration, page views, geographic region of access, etc.) through performance cookies (see above) and on this basis creates reports for us about the use of our website. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the «Data sharing» option and the «Signals option». Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. In any event, if you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (in particular website and app usage, device information and unique IDs) to the United States and other countries. Information about data protection with Google Analytics can be found at https://support.google.com/analytics/answer/6004245 and if you have a Google account, you can find more details about Google’s processing here: https://policies.google.com/technologies/partner-sites?hl=en.
11.1.4. Browser Plugin
11.2. Other Google services
11.2.1. Google Web Fonts
This website uses web fonts provided by Google for the uniform display of fonts. When users click on a page, the user’s browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If the user’s browser does not support web fonts, a default font is used by the user’s computer.
11.2.4. Google Ads
This website uses Google conversion tracking. If a user accesses our website via an ad placed by Google, Google Ads will add a cookie on the user’s computer. The conversion-tracking cookie is added when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we, together with Google, detect that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Google Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could personally identify users.
If a user does not wish to participate, the adding of a cookie required for this can be refused, e.g. by means of a browser setting that generally deactivates the automatic adding of cookies or by setting the browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that users should not delete the opt-out cookies if they do not want any measurement data to be recorded. If all the cookies in the browser have been deleted, the relevant opt-out cookie should be added again.
«YouTube» service functions are integrated into this website. «YouTube» is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the Services in the European Economic Area and Switzerland.
For users who would like to receive the newsletter offered on this website, we require an email address as well as data that allows us to verify that the subscriber is the true owner of the email address provided and genuinely wishes to receive the newsletter. No other data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
Users can revoke their consent to the storage of the data, the email address and receipt of the newsletter at any time, for example via the «unsubscribe link» in the newsletter.
11.6. Contact form
If inquiries are sent via the contact form, the information provided, including the contact data entered, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without the user’s consent.
12. Social media
We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and collect the data about you described in Section 3 and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). At the same time, the platforms analyze your use of our online presences and combine this data with other data they have about you (for example about your behavior and preferences). They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.
We currently use the following platforms:
The controller for the operation of the platform for users from Europe is Facebook Ireland Ltd., Dublin, Ireland. Their privacy notice is available at www.facebook.com/policy. Some of your data will be transferred to the United States. You can object to advertising here: www.facebook.com/settings?tab=ads.
With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with Facebook Ireland Ltd., Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). This is explained at www.facebook.com/legal/terms/information_about_page_insights_data.
It helps us understand how our page is used and how to improve it. We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on www.facebook.com/legal/terms/page_controller_addendum.
For example, this includes information about the operating system, the browser, the website the user previously visited (referrer URL), the offers the user clicked on, and the date and time of the user’s visit to our website. The information generated by the cookie about the user’s use of this website is transferred pseudonymously to a LinkedIn server in the USA and stored there. Accordingly, LinkedIn does not store the name or email address of each user. Rather, the above data is only assigned to the individual for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process data without pseudonymization or has their own LinkedIn account.
We use LinkedIn Analytics to analyze and improve the use of our website from time to time. The statistics obtained enable us to improve our offer and make it more attractive for our users. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the U.S. and Singapore necessary for the development, operation, and maintenance of the Services occurs in a lawful manner. If we ask users for consent, the legal basis for the processing is Art. 6(1)(a) GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6(1)(f) GDPR.
13. Can we update this Privacy Notice ?
This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.
This privacy notice is based on DSAT.ch.