Data Protection Policy

We are delighted that you have visited our website and are interested in our company. The protection of your personal data is important to us. In accordance with the European Union's General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (FADP), we have provided the information below on the handling of your personal data for the use of our website www.biokosma.ch.

Personal data are individual pieces of information on personal or material circumstances of an identified or identifiable natural person. This includes information such as name, address, telephone number and date of birth.

I.             Controller

ebi-pharm ag
Lindachstrasse 98
CH-3038 Kirchlindach

E-Mail: info@ebi-pharm.ch
www.biokosma.ch


Tel +41 31 828 12 22
Fax +41 31 829 25 19

II.             Data protection officer

Bugl & Kollegen

Mr Alexander Bugl

Sedanstraße 7

93055 Regensburg

Telephone office: 0941-630 49 789

Mobile: 0176-10 31 26 88

Email: Datenschutz.buglkollegen@klosterfrau.de 

III.               Representatives in the EU

We announced the following representative in the EU:

MCM Klosterfrau Vertriebsgesellschaft mbH

Gereonsmühlengasse 1-11

50670 Köln

Telephone: +49 (0) 221-1652-0

Fax: +49 (0) 221-1652-430

Email: dialog@klosterfrau-service.de

 

IV.             Purpose and legal foundation of data processing

1.         Informational use of the website

You may visit our website without providing personal information. If you merely use our website for informational purposes or otherwise transmit personal information, we do not process personal data, with the exception of data which is transmitted by your browser in order to permit you to visit the website.

Technical provision of the website

For the technical provision of the website it is necessary for us to process certain automatically transmitted information about you so that your browser can show our website and you can use it. This information is automatically collected every time our website is visited and stored in our server logfiles. This information refers to the computer system of the requesting computer. The following information is collected here:

  • IP address
  • Browser type/version (for example: Firefox 59.0.2 (64 bit))
  • Browser language (for example: German)
  • Operating system used (for example: Windows 10)
  • Internal resolution of the browser window
  • Screen resolution
  • JavaScript activation
  • Java on / off
  • Cookies on / off
  • Colour depth
  • Referrer
  • Time of access

Furthermore, we use cookies so that you may use our website. Cookies are text files which are stored in the internet browser or by the internet browser on your computer system when you visit a website. A cookie contains a characteristic string of characters which permits an unambiguous identification of the browser when the website is revisited. We use these cookies exclusively to provide our website with its technical functions to you. A few functions of our website cannot be offered without the use of cookies. The following information is stored in the cookies and transmitted to us: cookie ID, login information.

You may configure your browser settings to reject cookies, accept them only for one session or delete them earlier. Most browsers are set to accept cookies. However, you may prevent the storage of cookies on the hard disk of your computer by changing your browser settings. Please refer to your browser manufacturer's instructions to learn how this is done. You may additionally delete the cookies that have already been accepted by your browser at any time.

We do not use the information we have collected about you using the above mentioned cookies to create user profiles or to analyse your surfing behaviour.

We process your personal data for the technical provision of our website on the basis of the following legal foundations:

  • To satisfy a contract or to conduct pre-contractual measures where you visit our website for informational purpose; and
  • To safeguard our legitimate interests in order to be able to technically provide the website to you. Our legitimate interest here is to provide you with an attractive technically functioning and user friendly website and to take measures to protect our website from cyber risks and to prevent cyber risks emanating from our website for third parties.

SSL and TLS encryption

This website uses an SSL or TLS encryption for safety reasons and to protect the transmission of confidential content such as inquiries which you send to us as website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

If the SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

a.         Marketing

For advertising and remarketing purposes, we use Google Analytics, Google Tag Manager and cookies, as well as the tools discussed below.

Analysis tools, marketing and remarketing

Google Analytics

This website uses functions of the web analysis service Google Analytics, provided by Google Inc., Google LLC and Google Ireland Limited (Irland) "Google". We use Google Analytics in the protection of our legitimate interests. Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and facilitate an analysis of your use of the website. The website operator has a legitimate interest in the analysis of the user behaviour in order to optimise both its web offer and marketing. The information generated by cookies about your use of the website e. g.

  • Browser type/version (for example: Firefox 59.0.2 (64 bit))
  • Operating system used (for example: Windows 10)
  • Referrer
  • IP address
  • Time of access

is usually transmitted to a Google server in the USA and stored there. Google Analytics will not combine the IP address transmitted from your browser with other data from Google. To this end, we have enhanced Google Analytics on this website with the code "anonymizeIP". This guarantees that your IP address will be masked so that all collected data will remain anonymous.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You may also prevent Google's collection of data through cookies and in relation to your use of the website (incl. your IP address) and the processing of this data by downloading and installing the browser plugin available at this link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternative to the browser add-on and especially with browsers on mobile end devices, you may also prevent collection by Google Analytics by clicking on the link below. An opt-out cookie placed on your computer will then prevent the collection of your data when you visit the website. This opt-out cookie applies only to this browser and only for our website. If you delete cookies in this browser, you will have to reinstall the opt-out cookie to prevent collection of your data. [Note: Instructions on opt-out cookie installation can be found at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].

More information on data protection in connection with Google Analytics can be found on the Google Analytics Help page (https://support.google.com/analytics/answer/6004245?hl=de).

Browser plugin
You can prevent the storage of cookies by setting your browser software accordingly. We would like to point out, however, that in this case you may possibly not be able to use all functions of this website to the full. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of these data by Google by downloading the browser plugin available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de. Further information on the handling of user data at Google Analytics is provided by the data protection policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.

IP anonymisation
We have activated the IP anonymisation function on this website. As a result, your IP address is abbreviated by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on the website activities and to provide services associated with the use of the website and the use of the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

Google Tag Manager
We use the Google Tag Manager from Google on our website. The Google Tag Manager is a solution using which advertisers can manage web page tags via a user interface. The Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The Google Tag Manager service facilitates the triggering of other tags which for their part may collect data under certain circumstances. Google Tag Manager does not access these data. If a deactivation was made at the domain or cookie level, it continues to exist for all tracking tags which are implemented using Google Tag Manager.

b.         Social media links

Links to the services Facebook, Search.ch, YouTube and Instagram are incorporated in our website. After clicking the link you are forwarded to the page of the respective provider, i.e. only then is user information transmitted to the respective provider. Information on the handling of your data when using the websites of other providers is provided by the respective data protection policies of these providers.

Plugins and tools

YouTube
Our website uses plugins from the YouTube page operated by Google. Operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

Whenever you visit one of our pages equipped with a YouTube plugin, a link to the servers of YouTube is created. The YouTube server is notified about which of our pages you have visited.

If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging off from your YouTube account.

We use YouTube in the interest of an attractive presentation of our website. This represents a legitimate interest within the meaning of applicable data protection legislation. 

Further information on the handling of user data is provided in YouTube data protection policy at: https://www.google.de/intl/de/policies/privacy.

Facebook
Our website uses integrated plugins from Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You will recognise Facebook plugins on our website by the Facebook logo or the "Like" button. An overview on Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. When you visit any part of our website, a direct connection is created between your browser and Facebook's server via the plugin. This informs Facebook that you visited our website with your IP address. If you click on a Facebook "Like" button while logged in to your Facebook account, you can post content from our website to your Facebook Timeline. This allows Facebook to assign the visit to our website to your user account. Please note that we, as the website provider, receive no information regarding the content of the transmitted data or Facebook's use thereof. Further information on this topic can be found in Facebook's Data Protection Policy at https://de-de.facebook.com/policy.php

If you do not want Facebook to assign your visit to the website with your user account there, please log out of your Facebook user account.

2.         Active use of the website

In addition to the purely informational use of our website, you can also use our website actively to get into contact with us. In addition to the above mentioned processing of your personal data for purely informational use, we also process further personal data which we require to answer your inquiry.

Contact inquiries
In order to be able to process and answer your inquiries to us, e.g. via the contact form or to our email address, we process the personal data you have communicated to us in this connection. This includes at all events your name and your email address in order to send you an answer as well as the other information which you send to us in your communication.

We process your personal data to answer contact inquiries on the basis of the following legal foundations:

  • To safeguard our legitimate interests in accordance with the applicable data protection legislation; our legitimate interest consists of the proper responses to contact inquiries.

Newsletter data
If you would like to subscribe to the newsletter offered on our website, we need an email address as well as information which permits us to check whether you are the holder of the specified email address and are agreed to the receipt of the newsletter (double-opt-in process). Further data are not collected. We use these data exclusively to send the requested information and do not pass them on to third parties.

The consent given to store data, the email address as well as its use to send the newsletter can be withdrawn at any time by using the “Unsubscribe” link in the newsletter, for example.

Product tester
If you have been selected to be a product tester of BIOKOSMA, we shall store your mailing address in addition to your first name, last name and email address. We use your mailing address exclusively for sending you the product to be tested and winnings (if applicable).

Contests on our website, Facebook and Instagram
Personal data shall be stored for the duration of a contest for the purpose of winnings distribution. This data shall be deleted when the contest ends. Participants are free to withdraw their consent to the storage of their personal data at any time by sending an email to info@biokosma.ch, which shall exclude them from participation.

In respect to these contests, the participant furthermore agrees to the publication of their uploaded photo or the uploaded product review with their full first name with surname initial, both in connection with the contest as well as together with the winnings, after our posting on the BIOKOSMA website and/or the Facebook or Instagram pages of BIOKOSMA. The participant shall ensure that uploaded photos conform to all legal requirements, particularly image rights. BIOKOSMA reserves the right to refuse publication of photos or texts containing content that clearly do not conform to legal requirements (these photos shall not be publicly posted and shall be excluded from the contest).

Use of web fonts
This website uses Google Fonts. Google Fonts is a service of Google Inc., Google LLC and Google Ireland Limited (Irland) ("Google"). The integration of these web fonts is carried out through a server request, usually to a Google server in the USA. Information regarding which of our internet pages you have visited will be transmitted to the server. Google will also store your end device's browser IP address. You can learn more by consulting Google's Data Privacy Policy, found here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

 V.                Links

A few sections of our website contain links to the websites of third party providers. These websites are subject to their own data protection policies. We are not responsible for their operation including data handling. If you send information to or via such pages of third party providers, you should check the data protection policies of these sites before you send them information which can be assigned to you.

VI.             Categories of recipients

Firstly, only our employees receive knowledge of your personal data. In addition, we share your personal data with other recipients insofar as permitted or prescribed by law who provide services for us in connection with our website. We restrict the forwarding of your personal data to that which is necessary, in particular in order to handle your order. Our service providers also receive your personal data as contract processors and are then strictly bound by our instructions in the handling of your personal data. In some cases, the recipients act independently with your data we send to them.

In the following we set out the categories of recipients of your personal data: IT service providers in the administration and hosting of our website.

VII.             Third country transfer

Our use of Google's software involves the transmission of your IP address to the USA in truncated form. This data transfer is based on the applicable "Privacy Shield" Framework (CH-US / EU-US).

Furthermore, we do not transfer your personal data to countries outside of the EU or of the EEA or to international organisations.

VIII.             Period of storage

1.         Informational use of the website

For the purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. Your personal data are immediately deleted once you have left our website.

2.         Active use of the website

We store your personal data when you actively use our website to register for contests or newsletters.

We also store your personal data until any legal claims arising from the relationship with you have become statute barred so as to use them as evidence where applicable. The period of limitation is usually between 12 and 36 months but can also be up to 30 years.

We will delete your personal data at the end of the limitation period, subject to the applicable legal retention requirements.

IX.             Security and liability

We take appropriate measures to protect your personal data from loss, misuse, unauthorised access, disclosure, alterations or deletion. For this purpose, we make use of appropriate technical and organisational security measures that, in line with technological developments, are subject to continuous improvement. However, we cannot guarantee the absolute security of your data. We hereby expressly accept no liability, to the extent permissible by law, for any loss or damages that you suffer or have suffered, directly or indirectly, in connection with infringements against this Data Protection Policy, our processing of your data, your use of the website or information on the website.

X.             Third-party consent

If you act as mediator or in another capacity on behalf of a third party or provide us with information about a third party, you hereby declare that you are an authorised representative of this third party and that you have been granted all necessary consent from this third party (as required by applicable law) for the collection, processing, use and disclosure of their personal data to us and/or through us.

XI.             Your rights as data subject

Depending on applicable legislation, you are entitled to the following rights as a data subject under the statutory conditions that, depending on the applicable legislation, you can assert against us:

Right to information: You are entitled, within the framework of applicable data protection laws and to the extent provided by us, to demand a confirmation as to whether we are processing your personal data; if this is the case, you are further entitled – depending on the applicable data protection laws and to the extent provided – to receive information about this personal data as well as certain additional information (including purpose of processing, categories of personal data, categories of recipients, planned length of storage, data origin, use of automated decision making and a suitable guarantee in the event of a transfer to a third country) and a copy of your data at any time.

Right to rectification: You are entitled, depending on applicable data protection laws and to the extent provided by us, to demand the rectification of your stored personal data if it is found to be inaccurate or incorrect. 

Right to erasure: You have the right, depending on applicable data protection laws, to obtain from us the erasure of your personal data without due delay. The right to erasure does not exist if the processing of personal data is necessary for (i) the exercise of the right of freedom of expression and information, (ii) for the satisfaction of a legal duty to which we are subject (e.g. statutory storage duties) or (iii) to establish, exercise or defend legal claims.

Right to restriction of processing: You are entitled, depending on applicable data protection laws, to the extent provided and under the corresponding conditions, to demand that we restrict the processing of your personal data.

Right to data portability: You are entitled, depending on applicable data protection laws, to the extent provided and under the corresponding conditions, to receive from us your personal data you have provided to us is a structured, commonly used and machine-readable format.

Right to withdraw: You have the right, depending on applicable data protection laws, to withdraw your given consent to the processing of your personal data at any time with effect for the future.

Right to object: You are entitled, depending on applicable data protection laws, to the extent provided and under the corresponding conditions, to object to the processing of your personal data so that we must end the processing of your personal data. The right to object is subject to restrictions provided by law. In addition, our interest in the termination of processing may be contrary to this so that despite your objection we are entitled to process your personal data.

Right to lodge a complaint with the supervisory authority: You are entitled, depending on applicable data protection laws, to the extent provided and under the corresponding conditions to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists notwithstanding any other appeal under administrative law or of the courts.

To the extent that the GDPR is applicable, the competent supervisory authority responsible for us in Germany is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(Regional officer for data protection and freedom of information of North Rhine Westphalia)
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner

Federal Data Protection and Publicity Commissioner
Feldeggweg 1
3003 Bern
Telephone: +41 (0)58 462 4395
Fax: +41 (0)58 465 9996

 However, we recommend that you always first lodge a complaint with our data protection officer.

Your applications to exercise your rights should where possible be directed in writing to the above-mentioned address or directly to our data protection officer.

XII.             Extent of your duties to provide data

In principle, you are not obliged to give us your personal data. However, if you do not do so we will not be able to provide our website to you or answer any inquiries directed at us. The personal data we need for the above-mentioned purposes of processing are marked by an “*” or another symbol as mandatory information.

XIII.             Automated decision making / profiling

We do not use any automated decision making or profiling (an automated analysis of your personal circumstances). 

Information on your right to object under Art. 21 GDPR (to the extent that the GDPR applies)

  1. You have the right to object, on the grounds relating to your particular situation, at any time to the processing of your data based on Art. 6 (1 f) GDPR (Data processing on the basis of a weighing up of interests) or Art. 6 (1 e) GDPR (Data processing in the public interest). This also applies to a profiling based on this determination within the meaning of Art. 4 No. 4 GDPR.

    If you object, we will no longer process your personal data unless we are able to provide compelling legitimate reasons for processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

  2. We process your personal data in individual cases also for direct marketing purposes. If you do not wish to receive marketing, you have the right at any time to object to it; this also applies to profiling to the extent that it is connected with any such direct marketing. We will take this objection into consideration for the future.

    We will no longer process your data for the purposes of direct marketing if you object to the processing for these purposes. The objection can be provided without consideration of form and should be addressed where possible to the following:

MCM Klosterfrau Vertriebsgesellschaft mbH

Gereonsmühlengasse 1-11

50670 Cologne

Telephone: 0221-1652-0

Fax: 0221-1652-430

Email: dialog@klosterfrau-service.de

 

XIV.             Final provisions

We reserve the right to change this Data Protection Policy at any time. Any changes will be published in the form of an amended Data Protection Policy on our website. Where nothing is stated to the contrary, such changes will become effective immediately. Please therefore check this Data Protection Policy regularly so as to view the most up-to-date version.

Should one or more provisions or parts of this Data Protection Policy be or become invalid or unenforceable, this shall have no effect on the validity of the remaining provisions. In the event that a provision proves to be invalid or unenforceable, it shall be replaced by a valid provision that most closely meets the purpose of the invalid provision which infringes upon this Data Protection Policy.

Conditional to any applicable mandatory data protection laws, this Data Protection Policy is governed by Swiss substantive law, excluding its conflict of law provisions. Exclusive place of jurisdiction is Zurich 1, Switzerland, subject to any (additional) foreign places of jurisdiction that are applicable according to mandatory foreign law.

Last updated in January 2019

©2024 BIOKOSMA