Privacy Policy of the Avosano Group

1. Overview and scope of application

This Privacy Policy provides information on how and for what purposes companies belonging to the Avosano Group (hereinafter “we”) process your personal data (hereinafter “you”) that you disclose to us or that we collect from you. This Privacy Policy is not exhaustive; in particular, you may find further information on the processing of personal data in our General Terms and Conditions (GTC) and similar documents.

The Avosano Group includes the following entities and branches:

Avosano AG, CHE-105.980.086, 8590 Romanshorn, Switzerland;

• Avosano AG, branch, CHE-231.921.730, 4704 Niederbipp, Switzerland;
• Avosano AG, branch, CHE-328.231.140, 1070 Puidoux, Switzerland.
• Avosano Industrie Service AG, CHE-109.460.006, 8590 Romanshorn, Switzerland;
• Avosano Industrie Service AG, branch, CHE-328.822.602, 4704 Niederbipp, Switzerland;

“Personal data” refers to all data and information relating to an identified or identifiable natural person.

2. Controller and point of contact

As the Avosano Group consists of different companies, the company responsible for processing your personal data may vary. As a rule, the company of the Avosano Group responsible for processing your personal data within the scope of this Privacy Policy is the company with which you correspond, conduct business or which has referred you to this Privacy Policy in the context of an enquiry, a contract or other correspondence.

Depending on the type of data processing, the companies of the Avosano Group may individually or jointly assume the role of controller or also the role of processor.

The contact person for your questions about data protection is the company responsible for processing your personal data, regardless of which company in the Avosano Group is responsible in the individual case:

Avosano Group - data protection service
Aachstrasse 4
8590 Romanshorn
Switzerland
datenschutz@avosano.ch

 

If you have any questions about data protection, please contact our e-mail address above.

We have the following data protection representation in the European Union (EU) and the European Economic Area (EEA):

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu

3. Data origin and data categories

As a matter of principle, we only process the personal data that we receive or collect from our customers or end consumers, interested parties, business partners and website visitors as part of our business activities. Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection register, commercial register, press, Internet), the register of medical professions (MedReg) or the Business Register (BetReg) etc. or receive such data from other companies in the Avosano Group, from authorities or other third parties. If you provide us with personal data of other persons, we ask you to ensure that these persons are aware of this Privacy Policy and only provide us with their personal data if you have been authorised to do so and if the corresponding personal data is correct.

The personal data or categories of personal data processed by us include, depending on the case, in particular personal details and contact data (e.g. name, address, gender, telephone number and email address); identification and background information (e.g. date of birth, language); contract data that we receive or collect in connection with the initiation, conclusion and processing of contracts with you (e.g. products and services used or requested by you as well as associated behavioural and transaction data as well as health data, financial data for payment purposes such as bank account details) as well as visit reports, prescription behaviour and response to mailings; health data and other information in connection with customer feedback and evaluations; details of employment (e.g. job title, title, function); financial and transaction data (e.g. payment transaction data, details of your payment order as well as details of the payee or beneficiary and the purpose of the payment); financial and transaction data (e.g. payment transaction data, details of your payment order as well as details of the payee or beneficiary and the purpose of the payment); communication data (e.g. content of e-mails, written correspondence, comments on websites, telephone conversations, video conferences, proof of identity, marginal data); documentation data or data from your contacts with third parties (e.g. consulting or meeting minutes, file notes, references); Preference and marketing data (e.g. data on the use of our websites or other digital offerings, data in connection with the marketing of services such as newsletter subscriptions/unsubscriptions, documents received and special activities, personal preferences and interests); public data that can be obtained about you (e.g. commercial register data, data from the media, MedReg or BetReg); data in connection with proceedings or investigations by authorities, official bodies, courts, organisations or other instances; data for compliance with legal requirements, such as in connection with export restrictions; image and sound recordings (e.g. photos, videos and audio recordings of customer events and functions, recordings of video surveillance systems, recordings of telephone and video conference calls) and technical data (e.g. IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).

4. Processing purposes and legal bases

4.1 General in the context of our business activities

We process your personal data primarily for those processing purposes that are necessary in connection with our business activities and the provision of our services. In particular, we process your personal data for the following purposes:

• to communicate with you, in particular to provide you with information or process your requests, to authenticate and identify you, for customer service and customer care;
• for contract processing, in particular in connection with the initiation, conclusion and processing of contractual relationships. This includes all data processing that is necessary or expedient to conclude, execute and, if necessary, enforce a contract, such as processing to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit checks), to provide contractually agreed services, e.g. to provide services and functions (including personalised service components), to invoice our services and generally for accounting, processing applications (e.g. managing and evaluating applications, conducting interviews including creating personality profiles, collecting reference information), to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
• to provide you with our services as well as our digital offerings (e.g. websites) and to analyse and improve them;
• to inform you about new developments (e.g. newsletters) or to send you other information about our services;
• to invite you to events;
• for customer care and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns (e.g. newsletters);
• in connection with accounting, archiving data and managing our archives;
• for training and education: We may process your personal data in order to organise internal training courses and to train and further educate our employees;
• for the sale of receivables, e.g. if we provide the purchaser with information about the reason for and amount of the receivable and, if applicable, the creditworthiness and behaviour of the debtor;
• for security measures, in particular for IT and building security (e.g. access controls, visitor lists, prevention, defence against and investigation of cyber- and malware attacks, network and mail scanners, video surveillance, telephone recordings), as well as for the prevention and clarification of criminal offences and other misconduct or to carry out internal investigations, protection against misuse, evidence purposes, data analyses to combat fraud, evaluation of system-side recordings of the use of our systems (log data);
• in connection with corporate transactions or other acts under company law (e.g. due diligence, sale of the company, management of share registers);
• for the assertion of legal claims and defence in connection with legal disputes as well as official proceedings in Switzerland and abroad, including the clarification of litigation prospects and other legal, economic and other issues;
• in order to comply with our legal and internal requirements and rules in Switzerland and abroad, including compliance with orders from a court or authority as well as clarifications regarding business partners.
• We process your personal data for the above-mentioned purposes, depending on the situation, in particular based on the following legal bases:
• the processing of personal data is necessary for the fulfilment of a contract with you or for the pre-contractual measures;
• you have given your consent to the processing of your personal data;
• the processing of personal data is necessary for the fulfilment of a legal obligation;
• in some cases, processing is necessary for the fulfilment of a task carried out in the public interest;
• processing is necessary in order to protect the vital interests of the data subject or of another natural person; or
• we have a legitimate interest in the processing of personal data, whereby our legitimate interests may include the following interests in particular - interest in: good customer service, maintaining contact and communicating with customers, also outside of a contract; advertising and marketing activities; improving products and services and developing new ones; combating fraud and preventing and investigating offences; protecting customers, employees and other persons as well as our data, business secrets and assets; ensuring appropriate security (both physical and digital); ensuring and organising business operations, including the operation and further development of websites and other systems; business management and development; the sale or purchase of companies, parts of companies and other assets; the enforcement or defence of legal claims; compliance with Swiss and foreign law as well as other rules applicable to us.

4.2 When visiting our website

Our websites collect a range of user information each time they are accessed, which is stored in the server log files. The information collected includes the IP address, the date and time of access, the time zone difference to the GMT time zone, the name and URL of the file accessed, the website from which access is made, the browser used and the operating system used. The collection of this information or data is technically necessary in order to display our web pages to you and to ensure their stability and security. This information is also collected in order to improve the websites and to analyse their use.

4.3 E-Mail, telephone calls and video conferences

You can contact us via the e-mail address provided. The personal data you provided to us will be stored by us and processed for the purpose of dealing with your enquiry. The legal basis for this personal data processing is your consent as well as our legitimate interest in processing your enquiry.

If you contact us by e-mail, you authorise us to reply to you via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. We exclude - to the extent permitted by law - any liability that you may incur, in particular as a result of incorrect transmission, falsification of content or disruption of the network (interruptions, overloading, illegal interventions, blocking).

Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option of ending the conversation at any time and contacting us in another way (e.g. by e-mail).

4.4 Contact form

You can get in touch with us using the contact forms provided on our website. The personal data you transmit to us will be stored by us and processed for the purpose of dealing with your enquiry. The legal basis for this personal data processing is your consent and our legitimate interest in processing your enquiry.

4.5 Newsletter

If you subscribe to our newsletter, we will use your e-mail address and other contact details to send you the newsletter. The newsletter is sent by an external mailing service provider, which processes your personal data in accordance with the information in its privacy policy.

You can subscribe to our newsletter with your consent; the legal basis for this personal data processing is therefore your consent. Mandatory for sending a newsletter are your full name and e-mail address, which we store after your registration. You can revoke your consent at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to our e-mail address given above.

4.6 Cookies and other third-party services

Our websites may use cookies and other third-party services. Cookies are text files that are stored in the Internet browser respectively by the Internet browser on the user's computer system or mobile device. The cookie contains a characteristic string of characters that enables the browser or mobile device to be uniquely identified when the website is called up again. The purpose of using cookies is on the one hand to enable and simplify the use of our websites for you. Some functions of our websites cannot be offered without the use of cookies (so-called technically necessary cookies). On the other hand, we also use cookies/tools to analyse user behaviour on our websites, in particular to measure reach, and finally also for marketing purposes.

The other services of third party providers are services integrated on our websites, which may result in your data being disclosed to the third-party provider via the use of our websites and/or the services of the third-party provider (e.g. social media plug-ins, Google Maps, Google reCAPTCHA, YouTube).

4.6.1 Technically necessary cookies

Technically necessary cookies are required for our websites to function. Therefore, these cookies cannot be switched off in our systems. As a rule, they record important actions, such as the number of enquiries made, the processing of your data protection settings or the completion of forms. You can block these cookies in your browser, but some parts of our website may then no longer function.

The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our websites.

4.6.2 Analytical and marketing cookies and third-party services

Analytical cookies enable us to analyse visitor behaviour and traffic sources so that we can measure the performance of our websites and improve the user experience. They help us to recognise how popular which pages are and show how visitors move around our websites. Marketing cookies allow us to deliver advertisements that are relevant to you. These cookies can remember that you have visited our website and share this information with other companies, including other advertisers.

In our cookie settings, you can see which specific analysis and marketing cookies as well as third-party services we use. We have no influence on the data collected and data processing procedures of the cookie providers and third-party services. These are subject to the respective privacy policies of the cookie providers respectively third-party service providers. Further information on the purpose and scope of data collection and its processing by the cookie providers respectively third-party service providers can be found in the privacy policies of these providers. If and insofar as we use analysis and marketing cookies and third-party services, we will obtain your consent to do so. The legal basis for data processing when using analytics and marketing cookies as well as third-party services is your consent as well as our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.

You can also object to the use of cookies or third-party services, for example (i) by selecting the appropriate settings in your browser, (ii) by using add-ons for your browser (e.g. “NoScript” http://noscript.net/) or (iii) by using appropriate cookie blocker software (e.g. ghostery).

4.7 Applications

Your application for a position with us will be accepted by post, e-mail or via our application portal. The application documents and all personal data disclosed to us will be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application dossier will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a statutory retention obligation. If an employment contract is concluded, the application dossier will be included in the personnel files. The legal basis for the processing of your data is your consent, the fulfilment of the contract with you and our legitimate interests.

5. Disclosure of personal data to recipients and abroad

5.1 Disclosure of personal data to recipients

In addition to the data disclosures to recipients expressly mentioned in this Privacy Policy, we may disclose personal data to the following categories of recipients, where permitted:

• other entities of the Avosano Group;
• providers to whom we have outsourced certain services (e.g. IT and hosting providers (such as project management or training tools), advertising and marketing services, accounting, debt collection services, photographers, payment service providers) as well as other suppliers and subcontractors;
• consulting service providers, e.g. tax consultants, lawyers;
• business partners of ours;
• insurance companies;
• third-party providers of software applications used by customers or end consumers in connection with our services;
• credit reference agencies that store this data for credit rating purposes;
• third parties that collect data about you via websites;
• prospective buyers or investors in the case of corporate transactions or other acts under company law;
• auditors;
• parties in potential or actual legal proceedings or legal disputes; and
• domestic and foreign authorities, official bodies or courts.

5.2 Disclosure of personal data abroad

In principle, we process your personal data in Switzerland. In exceptional cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to the member states of the EU and the EEA, but sometimes also to other countries worldwide, in particular to the USA (primarily in connection with cookies, social media plug-ins and other software applications from third-party providers).

If we transfer data to a country without adequate legal data protection, we ensure, as required by the law, that an adequate level of protection as provided by using appropriate contracts (namely on the basis of the European Commission standard contractual clauses) or rely on the legal exceptions of consent, the performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interests, publicly available data or the necessity to protect the integrity of the individuals concerned. Nevertheless, please note that data transmitted abroad is no longer protected by Swiss law and that foreign law and official orders may require the disclosure of this data to authorities and other third parties.

6. Storage period

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing or if there is another legal basis (e.g. statutory retention periods) for this. We retain personal data that we hold on the basis of a contractual relationship with you for at least as long as the contractual relationship exists and limitation periods for possible claims by us run or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it is generally and as far as possible passively set, deleted or anonymised.

7. Your rights

You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the disclosure of certain personal data for the purpose of transfer to another body (so-called data portability) within the scope of the data protection law applicable to you and insofar as provided therein. Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or need it to assert claims. If you incur costs, we will inform you in advance.

If data processing is based on your consent, you can withdraw your consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your ID if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 2 of this Privacy Policy.

Every data subject also has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

8. Data security

We take appropriate security measures of a technical and organisational nature to protect the security of your personal data, in particular to protect it against unauthorised or unlawful processing and to counteract the risk of loss, unintentional modification, unwanted disclosure or unauthorised access. Like all companies, however, we cannot rule out data security breaches with absolute certainty, as certain residual risks are unavoidable. As part of our security measures, we use firewalls, logging and encryption in particular, we have authorisation concepts and have implemented other protective measures to ensure that personal data is protected as completely as possible.

9. Amendments to this Privacy Policy

We expressly reserve the right to amend this Privacy Policy at any time. If such amendments are made, we will immediately publish the amended privacy policy on our websites. The most recent privacy policy published on our websites is always valid.

 

In case of doubt, the German version of this Privacy Policy shall prevail.

Status: January 2025