Privacy policy

Data protection at LINDAREN med

 

The platforms lindarenmed.ch, naturheilpraxis-lindaren.ch, heilkundemagazin.ch and vwm.swiss, or lindarenmed.com, are operated by LINDAREN med Solutions AG or Verlag für Wissenschaft und Medizin GmbH (together LINDAREN) and are part of the Lindaren med Group. The privacy policy describes how and for what purpose LINDAREN collects, processes and uses personal data. Responsible handling of customer data (hereinafter referred to collectively as customers) is an important concern for us. We are continuously making adjustments in order to better protect the personal data of our customers.

What does LINDAREN do for data protection?

LINDAREN enjoys the trust of its customers. Data protection and data security are therefore central concerns for us. Responsible handling of personal data is enshrined, among other things, in the personnel and data protection guidelines, which must be complied with throughout the Group.

What data is processed about me?

We process personal data on different occasions and for different purposes. Whenever you interact with us or we interact with you, personal data is also processed, e.g. when you order something from us. It is also important to us to be able to tailor our offers to your individual needs. When you create a customer account, register for another of our services, or navigate on our websites, we therefore also process behavioral and possibly transaction data and make assumptions about your preferences based on this. This enables us, for example, to send you or display offers that are likely to be of interest to you.

How do I benefit from data processing?

Our data processing has many advantages for you. For example, it allows us to respond to your individual needs and concerns in customer support. It also makes shopping easier for you, for example by making it easier for you to find those products online from our range that you purchase frequently or that are probably particularly relevant to you. Thanks to our data processing, you also benefit from a personalized shopping experience, for example by receiving offers and discounts tailored to your shopping habits. Thanks to the processing of personal data, you also benefit from constantly more attractive assortments and improved products and services.

To whom will my personal data be disclosed?

Your personal data may be disclosed to and used by other companies of the LINDAREN Group. Outside the LINDAREN Group, it will only be shared with selected service providers and partners. As a rule, personal data is processed on our behalf and in accordance with our instructions; however, certain partners also process personal data on their own responsibility or jointly with us.

Is my data safe?

We ensure that your data is protected in a manner commensurate with the risks involved and take comprehensive security measures to protect your personal data from unauthorized access. We continuously improve our security measures and adapt them to the current state of the art.

Who can I contact with questions?

If you have any questions about our processing of your personal data, please feel free to contact us at: datenschutz@lindarenmed.ch. In the privacy policy you will find further details on how you can exercise your rights in connection with your personal data.

1 What is this privacy policy about?

Data protection is a matter of trust, and your trust is important to us. In this privacy policy, we therefore inform you how and for what purpose we collect, process and use your personal data.

You will learn in this privacy policy, among other things:

    • which personal data we collect and process;
    • for what purposes we use your personal data;
    • who has access to your personal data;
    • what benefit our data processing has for you;
    • how long we process your personal data;
    • what rights you have with respect to your personal data; and
    • how to contact us.

We have aligned this privacy policy with both the new Swiss Data Protection Act (valid from 01.09.2023) and the European General Data Protection Regulation - DSGVO for short. The GDPR has established itself worldwide as a benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case.

2 Who is responsible for data processing?

The company responsible under data protection law for a particular data processing operation is the company that determines whether this processing is to take place, for what purposes it is to take place, and how it is to be structured. As a rule, a company of the LINDAREN med Group is responsible for data processing under this privacy policy. These are the following companies: Lindaren med AG, Lindaren med Solutions AG, Lindaren med Vertrieb AG, Lindaren Informatik GmbH (all located at Oberstrasse 125 A, CH-9000 St. Gallen), or LINDAREN Naturheilpraxis Winterthur, Zürcherstrasse 120, CH 8406 Winterthur or Verlag für Wissenschaft und Medizin GmbH, Seestrasse 16, CH 9423 Altenrhein responsible. These companies may also be jointly responsible for a particular data processing if they both have a say in the design or purpose of the data processing in question.

We may also be jointly responsible for a particular data processing with other companies of the LINDAREN Group, if they have a say in the design or purpose of the data processing in question.

3 For whom and for what is this privacy policy intended?

This privacy policy applies to all persons whose data we process (each "you"), regardless of how you contact us, e.g. in an online store, on a website, in an app, in a store where our products are offered, by telephone, via a social network, at an event, etc.. It is applicable to the processing of both personal data already collected and personal data collected in the future.

Our data processing operations may in particular concern the following categories of persons, insofar as we process personal data in the process:

    • Visitors to our websites
    • Owners and holders of a customer account
    • Customers in our online stores and stores
    • Dealers who offer products and services through our online stores
    • other persons who use services from us or who come into contact with offers from us
    • Users of our online services and apps
    • Visitors to our premises
    • People who write to us or contact us in any other way;
    • Recipients of information and marketing communications
    • Participants in contests and sweepstakes
    • Participants Participants in customer events, public events and training courses
    • Participants in market research and opinion polls and customer surveys;
    • Contact persons of our suppliers, customers and other business partners as well as organizations and authorities
    • Job applicants and job candidates.

Please also consult the contractual conditions for individual services (e.g. General Terms and Conditions, Terms of Use or Conditions of Participation). These may contain supplementary information on our data processing. For information on the collection and processing of personal data when using our websites, mobile apps and social media sites, in particular in connection with cookies and similar technologies, please also consult our respective cookies information.

4 What personal data do we process?

"Personal data" is information that can be associated with a specific person. We process different categories of such personal data. The most important categories are listed below for your orientation. In individual cases, however, we may also process other personal data.

In section 5 you will learn more about the origin of this data and in section 6 about the purpose for which we process the data.

4.1 Master data

Master data is the basic data about you, such as title, name, contact details, date of birth or telephone number. We collect master data in particular when you create a customer account with LINDAREN. However, we also collect master data, for example, when you enter a contest or sweepstakes or register for a newsletter. We also collect master data about contact persons and representatives of contractual partners, organizations and authorities.

The master data includes e.g.

    • Salutation, first name, last name, gender, date of birth
    • Address, email address, phone number and other contact details
    • Customer numbers (e.g. for participants of a loyalty program or training)
    • Payment information (e.g. deposited means of payment, bank details, billing address)
    • Username and profile picture
    • Information about your use of our online platforms (e.g., whether you are registered with Lindaren)
    • Details of associated websites, social media profiles, etc.
    • Information on affinities and interests, language preferences, etc.
    • Information about your relationship with us (customer, visitor, supplier, etc.)
    • Information about related third parties (e.g., contact persons, recipients of services, or representatives).
    • Settings regarding receipt of advertising, subscribed newsletters, etc.
    • Information about your status with us (inactivity or blocking of a customer account, etc.)
    • Information on participation in contests and sweepstakes
    • Information on participation in events (e.g. events, trainings ect.)
    • Official documents in which you appear (e.g. identification documents, excerpts from the commercial register, permits, etc.)
    • Information on titles and function in the company for contact persons and representatives of our business partners
    • Date and time of registrations

Under certain circumstances, you may log in to individual online offers with the login of a third-party provider (e.g. Apple, Google or Facebook). In this case, we obtain access to certain data stored with the provider in question, e.g. your name and e-mail address, the scope of which you can usually determine. You can find information on this in the privacy policy of the provider in question.

The disclosure of your own identity in your public profile on our platforms is voluntary. The user name you choose, which does not have to be a clear name, is displayed to the outside world.

4.2 Contract data

Contract data is personal data that arises in connection with the conclusion or execution of a contract, e.g. information on the conclusion of the contract, acquired claims and receivables or information on customer satisfaction. We conclude contracts primarily with customers and business partners and job applicants. If you use offers from us on the basis of a contract, e.g. purchase products or use services, we also frequently collect behavioral and transaction data.

The contract data includes, for example, information on

    • on the initiation and conclusion of contracts, e.g. date of conclusion of the contract, information from the application process and information on the contract in question (e.g. type and duration)
    • about the processing and administration of contracts (e.g. contact details, delivery addresses, deliveries made or failed and payment information)
    • in connection with customer service and assistance with technical matters
    • about our interactions with you (at most a history with corresponding entries)
    • on receivables and acquired rights and benefits (e.g. vouchers)
    • about defects and complaints as well as adjustments of a contract
    • on customer satisfaction, which we can collect with surveys
    • on financial matters, such as determining creditworthiness (i.e., information that allows conclusions to be drawn about the likelihood that receivables will be paid), reminders, debt collection, and enforcement of claims
    • in connection with a job application, e.g. curriculum vitae, references, qualifications, certificates, interview notes, etc. (which may also contain personal data of third parties)
    • to interactions with you as a contact person or representative of a business partner
    • in connection with security checks (e.g., checking for fraudulent actions on orders) and other checks with regard to the establishment or continuation of a business relationship

4.3 Communication data

When you are in contact with us or we are in contact with you, for example, when you contact our customer service or when you write or call us, we process the exchanged communication content and information about the type, time and place of the communication. In certain situations, we may also ask you for proof of identity for identification purposes.

Communication data are e.g.

    • Name and contact details such as postal address, email address and telephone number;
    • Content of emails, written correspondence, chat messages, social media posts, comments on a website, phone calls, video conferences, etc.
    • Responses to customer and satisfaction surveys
    • Information on the type, time and, if applicable, place of communication
    • Proof of identity such as copies of official identification documents
    • Boundary data of the communication.

Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option to terminate the conversation at any time and contact us by other means (e.g. by e-mail).

4.4 Behavioral and transactional data

When you shop with us, use our offers and infrastructure or make use of our services, we often collect data about this use. This is the case, for example, when you store with us in an online store, when you become active in our communities or when you use our websites and apps. If you act on behalf of third parties, personal data may also concern those third parties (e.g., your family members if you shop for them).

Behavioral and transactional data includes, for example, the following information, to the extent we have it on a personal basis:

    • about your behavior in online stores (ordered and abandoned shopping cart, watch lists, viewed items, search terms and results, type of payment method, selected delivery method, etc.);
    • about your behavior in the LINDAREN communities (information in your profile, e.g. a voluntary public profile description; points and awards earned by you; interaction with other members and content, e.g. by means of "follow" or "like"; ratings, questions and answers about products and other content, discussion posts, etc.);
    • about your purchases in stores with our products (e.g. where, how often, what and at what prices you buy, as well as the type of payment method and delivery method chosen);
    • about the attendance of our events (e.g. date, place and type of event);
    • about participation in contests, sweepstakes and similar events;
    • about your behavior on websites;
    • about installing and using our mobile apps;
    • about your use of electronic communications from us (e.g., whether and when you opened an email or clicked on a link);

You can also use some of our offers anonymously. On our websites and apps, however, behavioral and transaction data may be assigned to your profile even if you are not logged in when you visit the website or use the app.

4.5 Preference data

We want to tailor our offers and services to our customers in the best possible way. We therefore also process data on your interests and preferences. To this end, we may link behavioral and transaction data with other data and evaluate this data on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences and anticipated behavior, e.g. your affinity for certain products and services.

In particular, we can form segments (permanently or on a case-by-case basis), i.e., groups of people who have similarities with regard to certain characteristics. Preference data can be used on a person-related basis (e.g., to show you relevant advertising that might interest you, but also on a non-person-related basis, e.g., for market research or product development).

The processing described can also be referred to as "profiling" in technical language. You can find more information on profiling in section 11.

4.6 Technical data

When you use our websites, our apps, our Wi-Fi networks or other electronic offerings, we collect certain technical data such as your IP address or a device ID. Technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number to your end device (tablet, PC, smartphone, etc.) (an ID), e.g. by means of cookies or similar technologies, so that we can recognize it. You can find more information about this in our cookie information.

On the basis of technical data, behavioral data in particular can also be collected, i.e. information on your use of websites and mobile apps (see section 4). As a rule, however, we cannot deduce who you are from technical data unless, for example, you create a customer account or register for other offers. In this case, we can link technical data with master data - and thus with your person.

The technical data include

    • the IP address of your device and other device IDs (e.g. MAC address)
    • Identification numbers assigned to your device by cookies and similar technologies (e.g. pixel tags)
    • Information about your device and its configuration, e.g. operating system or language settings
    • Details of the browser with which you access the offer and its configuration
    • Information about your movements and actions on our websites and in our apps
    • Information about your Internet provider
    • Your approximate location and the time of use
    • system records of accesses and other processes (log data)

Please also note our cookie information for processing technical data.

4.7Image and sound recordings

We regularly take photos, videos and audio recordings in which you may appear, e.g. when you attend an event, have contact with our customer service or take advantage of a consultation via video conference. For security and evidentiary purposes, we also record conversations during our sales calls and customer service calls. This may provide us with information about your behavior in the relevant areas. The use of recording systems is limited and will always be indicated to you.

Image and sound recordings include, for example:

    • Records from video surveillance systems;
    • Photos, videos and sound recordings of customer events and public events (e.g. advertising events, sponsoring events or cultural and sporting events);
    • Photos, videos and sound recordings of courses, presentations, trainings, etc.;
    • Recordings of telephone and videoconference conversations (e.g., in customer service or customer consultation).

5 Where does the personal data come from?

5.1 Transferred data

You often disclose personal data to us yourself, e.g. when you transmit data to us or communicate with us. In particular, you usually disclose master data, contract data and communication data to us yourself. You also frequently disclose preference data to us yourself.

For example, you provide us with personal data yourself in the following cases:

    • You order products from us
    • You create a customer account
    • You participate in a sweepstakes or contest
    • You contact our customer service
    • You register for other offers, for example our newsletter

The provision of personal data is usually voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process those personal data that are necessary for the processing of a contractual relationship and for the fulfillment of associated obligations or are required by law, e.g. mandatory master and contract data. Otherwise, we cannot conclude or continue the contract in question.

If you provide us with data about other persons (e.g. family members), we assume that you are authorized to do so and that this data is correct. Please also ensure that these other persons have been informed about this privacy policy.

5.2 Data collected

We may also collect personal data about you ourselves or by automated means, e.g. when you shop with us, use our offers or make use of our services. This is often behavioral and transactional data as well as technical data (e.g., the time at which you visit our website).

For example, we independently collect personal data about you in the following cases:

    • You order a product from one of our online stores or from customer service
    • You visit one of our websites or use one of our apps
    • You buy from one of our sellers or partners and disclose your customer account in the process
    • You click on a link in one of our newsletters or otherwise interact with one of our electronic promotional communications

We can also derive personal data from already existing personal data, e.g., by evaluating behavioral and transactional data. Such derived personal data is often preference data.

We can, for example, analyze the behavioral and transaction data generated by purchases in our online stores and make assumptions about your personal interests, preferences, affinities and habits based on this data. This enables us, for example, to tailor our offers and information to your individual needs and interests. This enables us to send you an individual selection of offers that are relevant to you. You can find more information on behavioral and transaction data in section 4 and on profiling in this context in section 11.

5.3 Received data

We may also receive personal data from other companies in the LINDAREN Group. You can find more information about this in section 8. We may also receive information about you from other third parties, e.g. from companies with which we cooperate, from persons who communicate with us, or from public sources.

For example, we may receive information about you from the following third parties:

    • from cooperation partners, e.g. point collection or redemption partners;
    • From your employer and from work colleagues, in connection with an application and with their professional functions;
    • from third parties when correspondence and meetings concern you;
    • from people close to you (family members, legal representatives, etc.), e.g. your address for deliveries, references or powers of attorney;
    • from credit reporting agencies, e.g. when we obtain credit information;
    • from the Swiss Post and address dealers, e.g. for address updates;
    • of banks, insurance companies, distributors and other contractual partners for purchases and payments;
    • of providers of online services, e.g. providers of Internet analysis services;
    • Provider of cyber security services
    • of information services for compliance with legal requirements such as anti-money laundering and export restrictions;
    • of authorities, parties and other third parties in connection with official and judicial proceedings;
    • From media monitoring companies in connection with articles and reports in which you appear;
    • from public registers such as the debt enforcement register or the commercial register, from public agencies such as the Federal Statistical Office, from the media or from the Internet.

6 For what purposes do we process personal data?

6.1 Communication

We would like to stay in contact with you and respond to your individual concerns. We therefore process personal data for communication with you, e.g. answering inquiries and customer care. For this purpose, we use in particular communication and master data and, insofar as the communication concerns a contract, also contract data. We may also personalize the content and timing of messages based on behavioral, transactional, preference and other data.

The purpose of communication includes in particular:

    • answering your inquiries
    • contacting you with any questions
    • customer service and customer care
    • communication related to product recalls (e.g., we may contact you directly if we know you have purchased a product that is subject to a recall)
    • the delivery of other notifications (e.g. information on order status)
    • authentication, e.g. when using our online offers
    • the quality assurance and training
    • all other processing purposes, insofar as we communicate with you for this purpose (e.g. contract processing, information and direct advertising)

6.2 Contract execution

We would like to offer you the best possible service. We therefore process personal data in connection with the initiation, administration and processing of contractual relationships, e.g. in order to deliver an order, provide a service, broker purchases and services, build up our communities, run a loyalty program or organize a competition. The processing of the contract also includes any agreed personalization of services. In particular, we use master data, contract data, communication data, behavioral and transaction data, and preference data for this purpose.

The purpose of contract execution generally includes everything that is necessary or expedient to conclude, execute and, if necessary, enforce a contract.

This includes, for example, machining operations:

    • to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check)
    • to provide contractually agreed services, e.g. deliver goods, provide services and provide functions (including personalized service components)
    • to provide customer services and survey customer satisfaction
    • to build and run the LINDAREN communities
    • To run and manage loyalty programs, e.g., to settle and credit earned entitlements and benefits (e.g., promotional vouchers and action codes.
    • to determine, notify and, if necessary, publish the winners of contests and sweepstakes
    • to invoice our services and generally for the accounting
    • to plan and prepare the provision of our services, e.g. deployment planning of our employees
    • to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract
    • to check whether we want to and can work with a company and to monitor and assess its performance
    • to prepare and execute transactions under corporate law, e.g. company acquisitions, sales and mergers
    • to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.)
    • to manage and administer our IT and other resources
    • to store data within the scope of retention obligations
    • to cancel and terminate contracts.

6.3 Information and marketing

We would like to make attractive offers to you. We therefore process personal data for relationship management and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. These may be our own offers or offers from other companies in the Lindaren Group or from advertising partners. We may also act on behalf of other companies, including in the role of an agency, for example to carry out promotions of their products.

Messages and offers can also be personalized in each case in order to send you only information that is likely to be of interest to you. For this purpose, we use in particular master data, contract data, communication data, behavioral data and transaction data as well as preference data, but also image and sound recordings.

These may include, for example, the following communications and offers:

    • Newsletters, promotional emails, in-app messages and other electronic messages
    • Advertising brochures, magazines and other printed matter
    • Advertising messages and spots on screens and other advertising spaces
    • Delivery of promotional vouchers and promotional codes
    • Invitations to events, sweepstakes and contests

You may opt out of contacts for marketing purposes at any time. For newsletters and other electronic communications, you can usually unsubscribe from the corresponding service via the customer account as well as via an unsubscribe link integrated in the communication.

Personalizing our communications allows us to tailor information to your individual needs and interests and, where possible, only provide you with offers that are relevant to you. For example, we can send you an individual selection of products relevant to you or show you online content tailored to you. Personalization also enables you to find the products you are looking for more quickly in our online offering. In general, aligning our activities with the wishes and needs of our customers allows us to simplify processes, such as purchases or sales, so that you can reach your destination more quickly. For more information on profiling in this context, please refer to section 11.

6.4 Market research and product development

We want to continuously improve our offers and make them more attractive for you. We therefore process personal data for market research and product development. To this end, we process in particular master, behavioral, transaction and preference data, but also communication data and information from customer surveys, polls and studies and other information, e.g. from the media, the Internet and other public sources. As far as possible, we use pseudonymized or anonymized data for these purposes.

Market research and product development include in particular:

    • the implementation of customer surveys, polls and studies
    • the further development of our offers (e.g. design of the product range, choice of location, pricing and action planning, etc.)
    • assessing and improving the acceptance of our offers and our communication in connection with offers
    • Optimizing and improving the user-friendliness of websites and apps
    • the development and testing of new offerings
    • the review and improvement of our internal processes
    • statistical evaluations, e.g., to evaluate information about our customers' interactions with us on a non-personal basis
    • the assessment of the supply situation in a particular market and the behavior of our competitors
    • market monitoring, e.g. to understand and react to current developments and trends

6.5 Safety and prevention

We want to ensure your and our security and prevent misuse. We therefore also process personal data for security purposes, to ensure IT security, to prevent theft, fraud and abuse, and for evidentiary purposes. This may concern all categories of personal data mentioned in section 4, in particular also behavioral and transaction data as well as image and sound recordings. We may collect, evaluate and store this data for the aforementioned purposes.

The purpose of safety and prevention includes, for example:

    • the making and analysis (manual and automatic) of video recordings for the detection and prosecution of criminal acts;
    • performing spot checks to verify the correct recording and payment of goods
    • the issuing of house bans and the administration of house ban lists
    • The analysis of behavioral and transactional data for the purpose of detecting suspicious behavior patterns and fraudulent activity
    • the evaluation of system-side records of the use of our systems (log data)
    • the prevention, defense and detection of cyber attacks and malware attacks;
    • Analyses and tests of our networks and IT infrastructures as well as system and error checks
    • Control of access to electronic systems (e.g. logins for user accounts)
    • physical access controls (e.g. access to office premises)
    • Documentation purposes and creation of backup copies

6.6 Compliance with legal requirements

We want to create the conditions for compliance with legal requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect violations. This includes, for example, the receipt and processing of complaints and other notifications, compliance with orders of a court or authority, and measures to detect and clarify abuses. This may concern all categories of personal data mentioned in section 4.

Compliance with legal requirements includes, in particular:

    • the protection of minors and minors
    • the implementation of health and protection concepts
    • Clarifications about business partners
    • the receipt and processing of complaints and other reports
    • the performance of internal investigations
    • Ensuring compliance and risk management
    • the disclosure of information and documents to authorities if we have a factual reason to do so (e.g., because we ourselves are an aggrieved party) or are legally obligated to do so
    • Participation in external investigations, e.g., by a law enforcement or regulatory agency
    • the guarantee of the legally required data security
    • the fulfillment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax obligations, e.g. in the case of archiving obligations and for the prevention, detection and clarification of criminal offenses and other violations
    • the legally regulated fight against money laundering and the financing of terrorism

In all cases, this may involve Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own "corporate governance" or official directives.

6.7 Preservation of rights

We would like to be able to enforce our claims and defend ourselves against claims by others. We therefore also process personal data to protect the law, e.g. to enforce claims in court, before or out of court, and before authorities in Germany and abroad, or to defend ourselves against claims. In doing so, we process different personal data depending on the constellation, e.g. contact data as well as information about processes that have given or could give rise to a dispute.

The purpose of preserving the law includes, in particular:

    • clarifying and enforcing our claims, which may include claims of companies affiliated with us and our contractual and business partners
    • the defense of claims against us, our employees, companies affiliated with us and against our contractual and business partners
    • clarification of litigation prospects and other legal, economic and other issues
    • participation in proceedings before courts and authorities in Germany and abroad. For example, we may secure evidence, have the prospects of litigation clarified or submit documents to an authority. It may also be that authorities request us to disclose documents and data carriers that contain personal data.

6.8 Intra-group administration and support

We want to make our internal processes efficient. We therefore also process personal data for the internal administration of the Lindaren Group (see section 2). For this purpose, we process in particular master data, contract data and technical data, but also behavioral and transaction data as well as communication data.

Intra-group administration includes in particular:

    • the management of IT and real estate
    • the accounting department
    • the archiving of data and the management of our archives
    • training and education, e.g. when we evaluate recordings of telephone, video or other communications
    • the central storage and management of data used by several Lindaren Group companies
    • the review or execution of transactions under corporate law, such as company acquisitions, sales and mergers
    • forwarding inquiries to the appropriate parties, e.g. if you send an inquiry to a Lindaren company that concerns another company
    • the sale of receivables, in which we provide the purchaser with information on the reason for and amount of the receivable and, if applicable, the creditworthiness and behavior of the debtor, for example
    • Generally reviewing and improving internal processes

Like any group of companies, the Lindaren Group has an overall interest in the successful operation of the group companies, and our group companies in turn have an interest in their own operations and processing purposes. We may therefore also disclose personal data to other Lindaren Group companies to support their own processing purposes under the Lindaren Group Privacy Policy in the overall interest of the Lindaren Group. You can find more information about this in section 8.

7 On what legal basis do we process personal data?

Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing:

    • is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g., the review of a contract request)
    • is necessary for the exercise of legitimate interests, for example when data processing is a central component of our business activities
    • is based on consent
    • is required for compliance with domestic or foreign legal provisions

We have a legitimate interest in particular in the processing for the purposes described in section 6 above and in the disclosure of data in accordance with section 8 and the objectives associated with each of these. The legitimate interests include our own interests and the interests of third parties.

These legitimate interests include, for example, the interest:

    • Supply products and services to third parties (e.g. to persons receiving gifts)
    • in good customer service, maintaining contacts and communicating with customers even outside of a contract
    • in advertising and marketing activities
    • to get to know our customers and other people better
    • Improve products and services and develop new ones
    • in the intra-group administration and intra-group traffic, which is necessary in a group with cooperation based on the division of labor
    • in the mutual support of the Group companies in their activities and objectives
    • in the fight against fraud, e.g. in online stores, and the prevention and investigation of offences
    • on the protection of customers other persons and data, secrets and assets of the Lindaren Group
    • In ensuring IT security, especially in connection with the use of websites, apps and other IT infrastructure.
    • in ensuring and organizing business operations, including the operation and further development of websites and other systems
    • in corporate management and development
    • in the sale or purchase of companies, parts of companies and other assets
    • in the enforcement or defense of legal claims
    • in compliance with Swiss and foreign law as well as internal rules

8 To whom do we disclose personal data?

8.1 Within the Lindaren Group

We may share personal data we receive from you or from third party sources with other Lindaren Group companies. Sharing may be for internal group administration or to support the relevant group companies and their own processing purposes Section 6, such as when we are supporting the personalization of marketing activities, the development and improvement of products and services, the performance of credit checks or efforts to prevent theft, fraud and abuse. The personal data received may also be matched and linked to existing personal data by the relevant group companies, if applicable.

This may include, for example, the following data disclosures:

    • All categories of personal data mentioned in item 4 for the administration and processing of contractual relationships, in particular in connection with products and services that involve the performance of several group companies
    • Master data, contract data, communication data, behavioral and transaction data, and preference data, as well as findings from customer surveys, polls, studies, and image and sound recordings for market research and product development, to the extent that a personal reference to such data is required
    • Master data, contract data, communication data, behavioral and transactional data, preference data, and image and sound recordings for the delivery and personalization of offers, communications, and marketing activities
    • Master data, contract data, communication data, behavior and transaction data as well as preference data for fraud and abuse prevention as well as for credit checks (e.g. in connection with a purchase on account)
    • Master data, behavioral and transactional data, and image and sound recordings for theft prevention and evidentiary purposes
    • Safety-related information for safety purposes and compliance with legal requirements
    • Information to assist in the protection of the law

For example, if you contact us with a concern about a product, we may share that information with the manufacturing Lindaren Group company for the purpose of product and quality improvement.

For more information on the companies belonging to the Lindaren Group, please refer to Note 2.

8.2 Outside the Lindaren Group

We may share your personal data with companies outside the Lindaren Group when we use their services. As a rule, these service providers process personal data on our behalf as so-called "order processors". Our order processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly responsible with us or independently (e.g. debt collection companies). We ensure through the selection of service providers and through appropriate contractual agreements that data protection is guaranteed throughout the processing of your personal data.

This involves, for example, services in the following areas:

    • Forwarding and logistics, e.g. for the shipment of ordered goods via "Die Post" or other providers
    • Advertising and marketing services, e.g. for sending notices and information
    • Warranty and return, e.g. for exchange in case of defects
    • Company administration, e.g. accounting or asset management
    • Payment services
    • Creditworthiness information, e.g. if you want to make a purchase on account
    • Collection services
    • Insurance service provider
    • Fraud prevention services provided by payment service providers under their own responsibility, such as PostFinance or PayPal. Corresponding procedures are only applied if you are already a customer of the respective payment service provider. More detailed information is then available in the privacy policy of the respective service provider
    • IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement, etc.
    • Consulting services, e.g. services of tax advisors, lawyers, or consultants (e.g. in the area of personnel recruitment and placement)

It is also possible that we pass on personal data to other third parties, including for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass it on. In these cases, the recipient of the data is a separate data controller under data protection law.

These include, for example, the following cases:

    • information about product recalls by manufacturers, if you have purchased a product of the manufacturer from us
    • the transfer of receivables to other companies such as collection agencies
    • the review or execution of transactions under corporate law, such as company acquisitions, sales and mergers
    • the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement authorities in the event of suspected criminal acts
    • the processing of personal data in order to comply with a court order or official directive or to assert or defend legal claims or if we consider it necessary for other legal reasons. In doing so, we may also disclose personal data to other parties to the proceedings.

Please also see our cookie information on independent data collection by third-party providers whose tools we have integrated on our websites and apps.

In principle, we are not subject to any professional confidentiality (such as banking or attorney-client confidentiality except for Lindaren Naturheilpraxis Winterthur GmbH). Please let us know in individual cases if you believe that certain personal data is subject to a duty of confidentiality so that we can review your request.

9 How do we disclose personal data abroad?

We process and store personal data in Switzerland and, in rare cases, in the European Economic Area (EEA). However, in certain cases, we may or must disclose personal data to service providers and other recipients (see Section 8) located or processing personal data outside this area, generally in any country in the world. The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EEA.

10 How do we process sensitive personal data?

Certain types of personal data are considered "particularly worthy of protection" under data protection law, e.g. information on health and biometric characteristics. Depending on the constellation, the categories of personal data mentioned in section 4 may also include such particularly sensitive personal data. However, we generally only process particularly sensitive personal data if it is necessary for the provision of a service, if you have provided us with this data of your own accord or if you have consented to the processing. We may also process particularly sensitive personal data if this is necessary to uphold the law or to comply with domestic or foreign legal provisions, if the data concerned has obviously been disclosed to the public by the person concerned or if the applicable law otherwise permits its processing.

11 How do we use profiling?

"Profiling" means the automated processing of personal data in order to analyze personal aspects or make predictions, e.g., the analysis of personal interests, preferences, affinities and habits or the prediction of likely behavior. Profiling can be used in particular to derive preference data (for more information, see section 4.5).

Profiling is a common process, e.g. in automated processing:

    • of master data, contract data, behavioral data and transaction data for purchases in our online stores
    • of behavioral and transactional data as well as technical data in connection with our websites and apps
    • of data in connection with the attendance of events, or participation in contests, sweepstakes and similar events
    • of communication data, such as your response to promotional and other communications;
    • from other behavioral and transactional data.

Profiling helps us do this, for example,

    • To continuously improve our offerings and better align them with individual needs
    • To present you our contents and offers according to your needs
    • As far as possible, only present you with advertising and offers that are likely to be relevant to you
    • To better support you in customer service
    • to decide which payment options are available based on a credit check

We carry out profiling, for example, in connection with our online stores by evaluating your shopping behavior and assigning you to certain interests based on this. Such interests can be formed permanently or on a case-by-case basis and can relate, for example, to the purchase motive. This profiling enables us, for example, to send you relevant product suggestions via newsletter.

Profiling also takes place, for example, in connection with the customer account, e.g., by evaluating your usage and shopping behavior in our online stores and on our websites and apps, for example, in order to offer you an individual user experience and to provide you with offers tailored to your interests.

In order to improve the quality of our analyses and forecasts, we may also combine personal data from different sources as a basis for profiling, e.g. data collected via various of our services or data we receive from other Lindaren Group companies. This may also involve the use of self-learning algorithms (certain programming in computer programs).

You may object to profiling in certain cases as described in Section 15.

12 Do we make automated individual decisions?

An "automated individual decision" is a decision that is fully automated, i.e. without human influence, and that has legal consequences for the data subject or otherwise significantly affects him or her. We do not usually do this, but will inform you separately should we use automated individual decisions in individual cases. You then have the option of having the decision reviewed by a human being if you do not agree with it.

13 How do we protect personal data?

We take appropriate security measures of a technical and organizational nature to maintain the security of your personal data, to protect it against unauthorized or unlawful processing, and to protect against the risk of loss, accidental alteration, unauthorized disclosure or access. Like all companies, however, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymization of data, logging, access restrictions and the storage of backup copies. Security measures of an organizational nature include, for example, instructions to our employees, training and controls. We also oblige our order processors to take appropriate technical and organizational security measures.

14 How long do we process personal data?

We process and store your personal data,

    • as long as it is necessary for the purpose of the processing or purposes compatible with it, in the case of contracts as a rule at least for the duration of the contractual relationship
    • as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security.
    • as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period applies. For other data, shorter retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the Internet (log data).

In certain cases, we also ask for your consent if we want to store personal data for a longer period (e.g. in the case of job applications that we want to keep pending). After expiry of the above-mentioned periods, we delete or anonymize your personal data.

We are guided by the following retention periods, for example, although we may deviate from these in individual cases:

    • Customer account: The personal data will be stored for the duration of the customer account. If a deletion of the customer account is ordered, the data will be deleted at the latest after the legal retention period following a review of outstanding claims as well as other relevant points that prevent immediate deletion.
    • Contracts: We generally retain master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of evidence, legal or contractual requirements or for technical reasons. Transaction data in connection with contracts is generally retained for ten years.
    • Technical data: Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
    • Communication data: E-mails, messages via contact form and written correspondence are generally retained for ten years.
    • Image and sound recordings: The retention period varies depending on the purpose. This ranges from a few days for recordings to several years for order or customer contact recordings.
    • Job applications: As a rule, we delete application data within six months after completion of the application process. With your consent, we may keep your application pending with a view to possible subsequent employment.

15 What rights do you have in connection with the processing of your personal data?

You have the right to object to data processing, especially if we process your personal data on the basis of a legitimate interest and the other applicable conditions are met. You may also object at any time to data processing in connection with direct marketing (e.g. advertising e-mails).This also applies to profiling, insofar as this is connected with such direct marketing.

To the extent that the applicable requirements in each case are met and no statutory exceptions apply, you also have the following rights:

    • the right to request information about your personal data stored by us
    • the right to have inaccurate or incomplete personal data corrected
    • the right to request the deletion or anonymization of your personal data
    • the right to request the restriction of the processing of your personal data
    • the right to receive certain personal data in a structured, common and machine-readable format
    • the right to revoke consent with effect for the future, insofar as processing is based on consent

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to protect interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via the customer account or our customer service. If you have a customer account, you can correct your master data stored there (e.g. your address) at any time. You can also request the deactivation of the customer account or the complete deletion of your personal data there. In addition, you can unsubscribe from newsletters and other promotional e-mails by clicking on the corresponding link at the end of the e-mail. You can also contact us in accordance with section 16 if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

You are also free to file a complaint with a competent supervisory authority if you have concerns about whether the processing of your personal data complies with the law.

  1. How can you contact us?

If you have any questions about this privacy statement or the processing of your personal data, you can contact the respective responsible company listed on its website.

In each case, you are also welcome to contact us as follows:

Lindaren med AG
Oberstrasse 125 A
P.O. Box 2233

CH-9001 St. Gallen

info@lindarenmed.ch

For specific questions regarding data protection, you can also contact our data protection officer:

E-mail: datenschutz@lindarenmed.ch

17 Changes to this privacy policy

This privacy policy may be adapted over time, in particular if we change our data processing or if new legislation becomes applicable. We will actively inform persons whose contact details are registered with us of such changes in the event of significant changes, if this is possible without disproportionate effort. In general, the data protection statement in the version current at the start of the processing in question applies to data processing in each case.

Last changes: 15.03.2023