CH EXPERIENCE THE DIFFERENCE

  

 CH EXPERIENCE THE DIFFERENCE CH

  

EN
EN DE FR IT TR

 

Privacy policy

 

 

The platforms lindaren.ch, naturheilpraxis-lindaren.ch, heilkundemagazin.ch and vwm.swiss, or lindarenmed.com, are operated by LINDAREN med AG, Gesellschaft für ein gesundes Leben and Verlag für Wissenschaft und Medizin GmbH (together LINDAREN) and are part of the Lindaren med Group. The privacy policy describes how and for what purpose LINDAREN collects, processes and uses personal data. The responsible handling of customer data (hereinafter referred to collectively as customers) is an important concern for us. We are constantly making adjustments to protect our customers' personal data even better.

What does LINDAREN do for data protection?

LINDAREN enjoys the trust of its customers. Data protection and data security are therefore key concerns for us. The responsible handling of personal data is anchored in the personnel and data protection guidelines, among other things, which must be observed throughout the Group.

What data is processed about me?

We process personal data on various occasions and for various purposes. Personal data is almost always processed when you interact with us or we interact with you, e.g. when you order something from us. It is also important for us to be able to tailor our offers to your individual needs. When you create a customer account, register for another of our services or navigate our websites, we therefore also process behavioral and, where applicable, transaction data and make assumptions about your preferences based on this. This enables us, for example, to send you or display offers that are likely to be of interest to you.

How do I benefit from data processing?

Our data processing has many advantages for you. For example, it allows us to respond to your individual needs and concerns in customer support. It also makes shopping easier for you, for example by making it easier for you to find those products from our range online that you buy frequently or that are likely to be particularly relevant to you. Thanks to our data processing, you also benefit from a personalized shopping experience, for example by receiving offers and discounts tailored to your shopping habits. Thanks to the processing of personal data, you also benefit from constantly more attractive product ranges and improved products and services.

To whom will my personal data be disclosed?

Your personal data may be passed on to other companies in the LINDAREN Group and used by them. Outside the LINDAREN Group, it is only passed on to selected service providers and partners. As a rule, personal data is processed on our behalf and in accordance with our instructions; however, certain partners also process personal data on their own responsibility or jointly with us.

Is my data secure?

We ensure that your data is protected in a manner appropriate to the risks involved and take comprehensive security measures to protect your personal data from unauthorized access. We are constantly improving our security measures and adapting them to the current state of the art.

Who can I contact if I have any questions?

If you have any questions about our processing of your personal data, please contact us at datenschutz@lindarenmed.ch. In the privacy policy you will find further information on how you can exercise your rights in connection with your personal data.

 

1 What is this privacy policy about?

Data protection is a matter of trust, and your trust is important to us. In this privacy policy, we therefore inform you how and for what purpose we collect, process and use your personal data.

Among other things, you will learn in this privacy policy:

    • which personal data we collect and process;
    • the purposes for which we use your personal data;
    • who has access to your personal data;
    • what benefits our data processing has for you;
    • how long we process your personal data;
    • what rights you have in relation to your personal data; and
    • how you can contact us.

We have aligned this privacy policy with both the new Swiss Data Protection Act (valid from 01.09.2023) and the European General Data Protection Regulation (GDPR). The GDPR has established itself worldwide as the benchmark for strong data protection. However, whether and to what extent the GDPR is applicable depends on the individual case.

2 Who is responsible for data processing?

The company that determines whether this processing is to take place, for what purposes and how it is structured is responsible under data protection law for a specific data processing operation. In principle, a company of the LINDAREN med Group is responsible for data processing in accordance with this privacy policy. These are the following companies: Lindaren med AG, Gesellschaft für ein gesundes Leben, LINDAREN med AG, Gesellschaft für ein gesundes Leben, Lindaren med Vertrieb AG, Lindaren Informatik GmbH (all at Oberstrasse 125 A, CH-9000 St. Gallen), or LINDAREN Naturheilpraxis Winterthur, Zürcherstrasse 120, CH 8406 Winterthur or Verlag für Wissenschaft und Medizin GmbH, Seestrasse 16, CH 9423 Altenrhein are responsible. These companies may also be jointly responsible for certain data processing if they both co-decide on the design or purpose of the data processing in question.

We may also be jointly responsible for certain data processing with other companies of the LINDAREN Group if they co-decide on the design or purpose of the data processing in question.

3 For whom and for what purpose is this privacy policy intended?

This Privacy Policy applies to all persons whose data we process ("you"), regardless of how you contact us, e.g. in an online store, on a website, in an app, in a store where our products are offered, by telephone, via a social network, at an event, etc. This Privacy Policy applies to all persons whose data we process ("you"). It applies both to the processing of personal data that has already been collected and to personal data collected in the future.

Our data processing may affect the following categories of persons in particular, insofar as we process personal data:

    • Visitors to our websites
    • Holders of a customer account
    • Customers in our online stores and stores
    • Retailers who offer products and services via our online stores
    • other persons who make use of our services or who come into contact with our offers
    • Users of our online services and apps
    • Visitors to our premises
    • People who write to us or contact us in any other way;
    • Recipients of information and marketing communications
    • Participants in competitions and prize draws
    • Participants Participants in customer events, public events and training courses
    • Participants in market research, opinion polls and customer surveys;
    • Contact persons of our suppliers, customers and other business partners as well as organizations and authorities
    • Job applicants.

Please also consult the contractual conditions for individual services (e.g. General Terms and Conditions, Terms of Use or Conditions of Participation). These may contain additional information on our data processing. For information on the collection and processing of personal data when using our websites, mobile apps and social media presences, in particular in connection with cookies and similar technologies, please also consult the relevant cookie information.

4 What personal data do we process?

"Personal data" is information that can be linked to a specific person. We process various categories of such personal data. The most important categories are listed below for your guidance. However, we may also process other personal data in individual cases.

In section 5 you can find out more about the origin of this data and in section 6 about the purpose for which we process the data.

4.1 Master data

Master data is the basic data about you, such as title, name, contact details, date of birth or telephone number. We collect master data in particular when you create a customer account with LINDAREN. However, we also collect master data, for example, when you take part in a competition or prize draw or register for a newsletter. We also collect master data about contact persons and representatives of contractual partners, organizations and authorities.

The master data includes, for example

    • Title, first name, surname, gender, date of birth
    • Address, e-mail address, telephone number and other contact details
    • Customer numbers (e.g. for participants in a loyalty program or training course)
    • Payment information (e.g. stored means of payment, bank details, billing address)
    • User name and profile picture
    • Information on the use of our online platforms (e.g. whether you are registered with Lindaren)
    • Information on linked websites, social media profiles, etc.
    • Information on affinities and interests, language preferences, etc.
    • Information about your relationship with us (customer, visitor, supplier, etc.)
    • Information on related third parties (e.g. contact persons, recipients of services or representatives)
    • Settings regarding receipt of advertising, subscribed newsletters, etc.
    • Information about your status with us (inactivity or blocking of a customer account, etc.)
    • Information on participation in competitions and prize draws
    • Information on participation in events (e.g. events, training courses, etc.)
    • Official documents in which you appear (e.g. identity documents, extracts from the commercial register, authorizations, etc.)
    • Information on titles and function in the company for contact persons and representatives of our business partners
    • Date and time of registrations

You may be able to log in to individual online services using the login of a third-party provider (e.g. Apple, Google or Facebook). In this case, we receive access to certain data stored by the provider in question, e.g. your name and e-mail address, the scope of which you can usually determine. You can find information on this in the privacy policy of the provider in question.

The disclosure of your own identity in your public profile on our platforms is voluntary. The user name you choose, which does not have to be a real name, is displayed to the outside world.

4.2 Contract data

Contract data is personal data that arises in connection with the conclusion or execution of the contract, e.g. information on the conclusion of the contract, acquired claims and receivables or information on customer satisfaction. We conclude contracts primarily with customers and business partners and job applicants. If you use offers from us based on a contract, e.g. buy products or use services, we also frequently collect behavioral and transaction data.

The contract data includes, for example, details of

    • on the initiation and conclusion of contracts, e.g. date of conclusion of the contract, information from the application process and information on the contract in question (e.g. type and duration)
    • on the processing and administration of contracts (e.g. contact details, delivery addresses, successful or failed deliveries and means of payment information)
    • in connection with customer service and support for technical matters
    • about our interactions with you (if necessary, a history with corresponding entries)
    • on receivables and acquired claims and benefits (e.g. vouchers)
    • about defects and complaints as well as adjustments to a contract
    • customer satisfaction, which we can collect through surveys
    • on financial matters such as determining creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood of claims being settled), reminders, debt collection and enforcement of claims
    • in connection with a job application, e.g. CV, references, qualifications, certificates, interview notes, etc. (which may also contain personal data of third parties)
    • to interactions with you as a contact person or representative of a business partner
    • in connection with security checks (e.g. checks for fraudulent actions in connection with orders) and other checks with regard to the establishment or continuation of a business relationship

4.3 Communication data

When you are in contact with us or we are in contact with you, e.g. when you contact our customer service or when you write or call us, we process the exchanged communication content and information about the type, time and location of the communication. In certain situations, we may also ask you for proof of identity for identification purposes.

Communication data are e.g.

    • Name and contact details such as postal address, e-mail address and telephone number;
    • Content of emails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences, etc.
    • Answers to customer and satisfaction surveys
    • Information on type, time and possibly place of communication
    • Proof of identity, e.g. copies of official identity documents
    • Edge data of the communication.

Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option of terminating the conversation at any time and contacting us in another way (e.g. by e-mail).

4.4 Behavioral and transaction data

When you shop with us, use our offers and infrastructure or make use of our services, we often collect data about this use. This is the case, for example, when you store with us in an online store, when you become active in our communities or when you use our websites and apps. If you act on behalf of third parties, personal data may also concern these third parties (e.g. your family members if you make purchases for them).

Behavioral and transaction data includes, for example, the following information, insofar as it is available to us on a personal basis:

    • about your behavior in online stores (ordered and abandoned shopping cart, watch lists, viewed items, search terms and results, type of payment method, selected delivery method, etc.);
    • about your behavior in the LINDAREN communities (information in your profile, e.g. a voluntary public profile description; points and awards earned, interaction with other members and content, e.g. by means of "follow" or "like"; ratings, questions and answers about products and other content, discussion contributions, etc.);
    • about your purchases in stores with our products (e.g. where, how often, what and at what prices you buy as well as the type of payment method and the selected delivery method);
    • about attending our events (e.g. date, location and type of event);
    • on participation in competitions, prize draws and similar events;
    • about your behavior on websites;
    • about installing and using our mobile apps;
    • about your use of electronic communications from us (e.g. whether and when you have opened an e-mail or clicked on a link);

You can also use some of our services anonymously. On our websites and apps, however, behavioral and transaction data may be assigned to your profile even if you are not logged in at the time you visit the website or use the app.

4.5 Preference data

We want to tailor our offers and services to our customers in the best possible way. We therefore also process data on your interests and preferences. For this purpose, we can link behavioral and transaction data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behavior, e.g. your affinity for certain products and services.

In particular, we may create segments (permanent or case-specific), i.e. groups of people who have similarities with regard to certain characteristics. Preference data can be used on a personal basis (e.g. to show you relevant advertising that may be of interest to you, but also on a non-personal basis, e.g. for market research or product development).

The processing described can also be referred to as "profiling" in technical jargon. Further information on profiling can be found in section 11.

4.6 Technical data

When you use our websites, our apps, our Wi-Fi networks or other electronic services, we collect certain technical data such as your IP address or a device ID. The technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number (an ID) to your end device (tablet, PC, smartphone, etc.), e.g. using cookies or similar technologies, so that we can recognize it. You can find more information on this in our cookie information.

On the basis of technical data, behavioral data in particular can also be collected, i.e. information on your use of websites and mobile apps (see section 4). However, we cannot generally deduce who you are from technical data unless, for example, you create a customer account or register for other offers. In this case, we can link technical data with master data - and thus with your person.

The technical data includes

    • the IP address of your device and other device IDs (e.g. MAC address)
    • Identification numbers assigned to your device by cookies and similar technologies (e.g. pixel tags)
    • Information about your device and its configuration, e.g. operating system or language settings
    • Details of the browser you use to access the offer and its configuration
    • Information about your movements and actions on our websites and in our apps
    • Information about your Internet provider
    • Your approximate location and the time of use
    • System-side recordings of accesses and other processes (log data)

Please also note our cookie information for processing technical data.

4.7Image and sound recordings

We regularly produce photos, videos and audio recordings in which you may appear, e.g. when you attend an event, have contact with our customer service or take advantage of a consultation via video conference. For security and evidence purposes, we also make recordings of conversations in our sales meetings and in our customer service. This may provide us with information about your behavior in the relevant areas. The use of recording systems is limited and will always be indicated to you.

Image and sound recordings include e.g:

    • Recordings from video surveillance systems;
    • Photos, videos and sound recordings of customer events and public occasions (e.g. advertising events, sponsoring events or cultural and sporting events);
    • Photos, videos and sound recordings of courses, presentations, training sessions, etc.;
    • Recordings of telephone and video conference calls (e.g. in customer service or customer advice).

5 Where does the personal data come from?

5.1 Data provided

You often provide us with personal data yourself, e.g. when you transmit data to us or communicate with us. In particular, you usually provide us with master data, contract data and communication data yourself. You also often provide us with preference data yourself.

For example, you yourself provide us with personal data in the following cases:

    • You order products from us
    • You create a customer account
    • You are taking part in a prize draw or competition
    • You contact our customer service
    • You register for other offers, for example our newsletter

The provision of personal data is generally voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process the personal data that is required for the processing of a contractual relationship and for the fulfillment of associated obligations or that is prescribed by law, e.g. mandatory master data and contract data. Otherwise, we will not be able to conclude or continue the contract in question.

If you provide us with data about other persons (e.g. family members), we assume that you are authorized to do so and that this data is correct. Please also ensure that these other persons have been informed about this privacy policy.

5.2 Data collected

We may also collect personal data about you ourselves or automatically, e.g. when you shop with us, use our offers or make use of our services. This often involves behavioral and transaction data as well as technical data (e.g. the time at which you access our website).

We collect personal data about you independently in the following cases, for example:

    • You order a product in one of our online stores or from customer service
    • You visit one of our websites or use one of our apps
    • You make a purchase from one of our sellers or partners and enter your customer account
    • You click on a link in one of our newsletters or otherwise interact with one of our electronic advertising messages

We can also derive personal data from existing personal data, e.g. by evaluating behavioral and transaction data. Such derived personal data is often preference data.

For example, we can analyze the behavioral and transaction data collected during purchases in our online stores and make assumptions about your personal interests, preferences, affinities and habits based on this data. This enables us, for example, to tailor our offers and information to your individual needs and interests. This enables us to provide you with a personalized selection of offers that are relevant to you. You can find more information on behavioral and transaction data in section 4 and on profiling in this context in section 11.

5.3 Data received

We may also receive personal data from other companies in the LINDAREN Group. You can find this under Item 8 other information. However, we may also receive information about you from other third parties, e.g. from companies we work with, from people who communicate with us or from public sources.

For example, we may receive information about you from the following third parties:

    • from cooperation partners, e.g. points collection or redemption partners;
    • from your employer and from colleagues, in connection with an application and with your professional functions;
    • from third parties when correspondence and meetings concern you;
    • from people close to you (family members, legal representatives, etc.), e.g. your address for deliveries, references or powers of attorney;
    • from credit agencies, e.g. when we obtain credit reports;
    • from Swiss Post and address dealers, e.g. for address updates;
    • from banks, insurance companies, sales and other contractual partners for purchases and payments;
    • from providers of online services, e.g. providers of Internet analysis services;
    • Provider of cyber security services
    • information services for compliance with legal requirements such as anti-money laundering and export restrictions;
    • authorities, parties and other third parties in connection with official and court proceedings;
    • from media monitoring companies in connection with articles and reports in which you appear;
    • from public registers such as the debt collection or commercial register, from public bodies such as the Federal Statistical Office, from the media or from the Internet.

6 For what purposes do we process personal data?

6.1 Communication

We would like to stay in contact with you and respond to your individual concerns. We therefore process personal data for communication with you, e.g. to answer inquiries and for customer care. In particular, we use communication and master data for this purpose and, if the communication relates to a contract, also contract data. We may also personalize the content and timing of messages based on behavioral, transactional and preference data and other data.

The purpose of communication includes in particular

    • answering your inquiries
    • contacting you if you have any questions
    • customer service and customer care
    • communication in connection with product recalls (e.g. we may contact you directly if we know that you have purchased a product that is affected by a recall)
    • the delivery of other notifications (e.g. information on order status)
    • authentication, e.g. when using our online services
    • Quality assurance and training
    • all other processing purposes, insofar as we communicate with you for this purpose (e.g. contract processing, information and direct advertising)

6.2 Contract processing

We want to offer you the best possible service. We therefore process personal data in connection with the initiation, administration and processing of contractual relationships, e.g. to deliver an order, provide a service, arrange purchases and services, set up our communities, run a loyalty program or organize a competition. Contract processing also includes any agreed personalization of services. In particular, we use master data, contract data, communication data, behavioral and transaction data and preference data for this purpose.

The purpose of contract processing generally includes everything that is necessary or expedient to conclude, execute and, if necessary, enforce a contract.

This includes, for example, processing:

    • to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check)
    • to provide contractually agreed services, e.g. to deliver goods, provide services and provide functions (including personalized service components)
    • to provide customer services and measure customer satisfaction
    • to build and operate the LINDAREN communities
    • to implement and manage loyalty programs, e.g. to settle and credit acquired entitlements and benefits (e.g. promotional vouchers and promotional codes)
    • to determine, notify and, if applicable, publish the winners of competitions and prize draws
    • to invoice our services and for accounting in general
    • to plan and prepare the provision of our services, e.g. scheduling of our employees
    • to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract
    • to check whether we want to and can work with a company and to monitor and assess its performance
    • to prepare and execute corporate transactions, e.g. company acquisitions, sales and mergers
    • to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.)
    • to administer and manage our IT and other resources
    • to store data within the scope of retention obligations
    • to cancel and terminate contracts.

6.3 Information and marketing

We would like to make you attractive offers. We therefore process personal data to maintain relationships and for marketing purposes, e.g. to send you written and electronic messages and offers and to carry out marketing campaigns. These may be our own offers or offers from other companies in the Lindaren Group or from advertising partners. We may also act on behalf of other companies, including in the role of an agency, for example to promote their products.

Communications and offers can also be personalized in order to provide you only with information that is likely to be of interest to you. For this purpose, we use in particular master data, contract data, communication data, behavioral data, transaction data and preference data, as well as image and sound recordings.

This may involve the following notifications and offers, for example:

    • Newsletters, promotional emails, in-app messages and other electronic messages
    • Advertising brochures, magazines and other printed matter
    • Advertising messages and spots on screens and other advertising spaces
    • Delivery of promotional vouchers and promotional codes
    • Invitations to events, competitions and contests

You can reject contacts for marketing purposes at any time. In the case of newsletters and other electronic communications, you can usually unsubscribe from the relevant service via the customer account and via an unsubscribe link integrated in the communication.

The personalization of our communications enables us to tailor information to your individual needs and interests and, where possible, only provide you with offers that are relevant to you. For example, we can send you an individual selection of products relevant to you or show you online content tailored to you. Personalization also enables you to find the products you are looking for more quickly in our online offering. In general, aligning our activities with the wishes and needs of our customers allows us to simplify processes such as purchases or sales so that you can reach your destination more quickly. Further information on profiling in this context can be found in section 11.

6.4 Market research and product development

We want to continuously improve our offers and make them more attractive for you. We therefore process personal data for market research and product development purposes. In particular, we process master data, behavioral data, transaction data and preference data, as well as communication data and information from customer surveys, polls and studies and other information, e.g. from the media, the Internet and other public sources. As far as possible, we use pseudonymized or anonymized data for these purposes.

Market research and product development include in particular

    • conducting customer surveys, polls and studies
    • the further development of our offers (e.g. design of the product range, choice of location, pricing and action planning, etc.)
    • assessing and improving the acceptance of our offers and our communication in connection with offers
    • optimizing and improving the user-friendliness of websites and apps
    • the development and testing of new offerings
    • reviewing and improving our internal processes
    • statistical evaluations, e.g. to evaluate information about our customers' interactions with us on a non-personal basis
    • the assessment of the supply situation in a specific market and the behavior of our competitors
    • Market observation, e.g. to understand and react to current developments and trends

6.5 Safety and prevention

We want to ensure your and our security and prevent misuse. We therefore also process personal data for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes. This may affect all categories of personal data mentioned in section 4, in particular behavioral and transaction data as well as image and sound recordings. We may collect, evaluate and store this data for the aforementioned purposes.

The purpose of safety and prevention includes e.g:

    • the production and analysis (manual and automatic) of video recordings for the detection and prosecution of criminal acts;
    • carrying out spot checks to verify the correct recording and payment of goods
    • issuing house bans and the administration of house ban lists
    • the analysis of behavioral and transactional data to detect suspicious behavioral patterns and fraudulent activities
    • the evaluation of system-side recordings of the use of our systems (log data)
    • the prevention, defense and detection of cyberattacks and malware attacks;
    • Analyzing and testing our networks and IT infrastructures as well as system and error checks
    • Control of access to electronic systems (e.g. logins to user accounts)
    • Physical access controls (e.g. access to office premises)
    • Documentation purposes and creation of backup copies

6.6 Compliance with legal requirements

We want to create the conditions for compliance with legal requirements. We therefore also process personal data in order to comply with legal obligations and to prevent and detect violations. This includes, for example, the receipt and processing of complaints and other reports, compliance with orders from a court or authority and measures to detect and clarify abuses. This may concern all categories of personal data mentioned in section 4.

Compliance with legal requirements includes in particular

    • the protection of minors and the protection of minors
    • the implementation of health and protection concepts
    • Clarifications about business partners
    • Receiving and processing complaints and other reports
    • conducting internal investigations
    • Ensuring compliance and risk management
    • the disclosure of information and documents to authorities if we have a factual reason to do so (e.g. because we ourselves are an aggrieved party) or are legally obliged to do so
    • cooperation in external investigations, e.g. by a law enforcement or supervisory authority
    • guaranteeing the legally required data security
    • the fulfillment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax obligations, e.g. archiving obligations and for the prevention, detection and clarification of criminal offenses and other violations
    • the legally regulated fight against money laundering and terrorist financing

In all cases, this may involve Swiss law, but also foreign regulations to which we are subject, as well as self-regulation, industry and other standards, our own corporate governance or official directives.

6.7 Safeguarding the law

We want to be in a position to assert our claims and defend ourselves against the claims of others. We therefore also process personal data for legal protection, e.g. to enforce claims in court, before or outside of court and before authorities in Switzerland and abroad or to defend ourselves against claims. Depending on the constellation, we process different personal data, e.g. contact details and information about processes that have given or could give rise to a dispute.

The purpose of upholding the law includes in particular

    • the clarification and enforcement of our claims, which may also include claims of companies affiliated with us and our contractual and business partners
    • the defense of claims against us, our employees, companies affiliated with us and against our contractual and business partners
    • clarifying the prospects of litigation and other legal, economic and other issues
    • Participation in proceedings before courts and authorities in Switzerland and abroad. For example, we can secure evidence, have the prospects of legal proceedings clarified or submit documents to an authority. Authorities may also ask us to disclose documents and data carriers containing personal data

6.8 Group-internal administration and support

We want to organize our internal processes efficiently. We therefore also process personal data for the Lindaren Group's internal administration (see section 2). In particular, we process master data, contract data and technical data, as well as behavioral and transaction data and communication data.

The Group's internal administration includes in particular

    • IT and real estate management
    • accounting
    • the archiving of data and the management of our archives
    • training and education, e.g. when we analyze recordings of telephone, video or other communications
    • the central storage and management of data used by several Lindaren Group companies
    • the review or implementation of corporate law transactions such as company acquisitions, sales and mergers
    • forwarding inquiries to the relevant departments, e.g. if you submit an inquiry to a Lindaren company that concerns another company
    • the sale of receivables, in which we provide the purchaser with information about the reason for and amount of the receivable and, if applicable, the creditworthiness and behavior of the debtor
    • generally reviewing and improving internal processes

Like any group of companies, the Lindaren Group has an overall interest in the successful operation of the group companies, and our group companies in turn have an interest in their own operations and processing purposes. We may therefore also disclose personal data to other Lindaren Group companies in order to support their own processing purposes in accordance with the Lindaren Group Privacy Policy in the overall interests of the Lindaren Group. You will find further information on this in section 8.

7 On what legal basis do we process personal data?

Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. In particular, we may process personal data if the processing:

    • is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g. verification of a contract application)
    • is necessary for the purposes of our legitimate interests, for example when data processing is central to our business activities
    • is based on consent
    • is required to comply with domestic or foreign legal provisions

We have a legitimate interest in particular in the processing for the purposes described above in section 6 and in the disclosure of data in accordance with section 8 and the associated objectives. The legitimate interests include our own interests and the interests of third parties.

These legitimate interests include, for example, the interest:

    • supplying products and services to third parties (e.g. to recipients of gifts)
    • in good customer service, maintaining contacts and communicating with customers even outside of a contract
    • in advertising and marketing activities
    • get to know our customers and other people better
    • Improve products and services and develop new ones
    • the intra-group administration and intra-group traffic that is necessary in a group with a division of labor
    • the mutual support of the Group companies in their activities and objectives
    • in the fight against fraud, e.g. in online stores, and the prevention and investigation of criminal offenses
    • the protection of customers, other persons and data, secrets and assets of the Lindaren Group
    • in ensuring IT security, especially in connection with the use of websites, apps and other IT infrastructure
    • in ensuring and organizing business operations, including the operation and further development of websites and other systems
    • in corporate management and development
    • in the sale or purchase of companies, parts of companies and other assets
    • in the enforcement or defense of legal claims
    • compliance with Swiss and foreign law and internal rules

8 To whom do we disclose personal data?

8.1 Within the Lindaren Group

We may share personal data that we receive from you or from third party sources with other Lindaren Group companies. Disclosure may be for internal group administration or to support the group companies concerned and their own processing purposes, for example, if we support the personalization of marketing activities, the development and improvement of products and services, the performance of credit checks or efforts to prevent theft, fraud and abuse. The personal data received may also be compared and linked with existing personal data by the group companies concerned.

This may involve the following data disclosures, for example:

    • All categories of personal data mentioned in section 4 for the administration and processing of contractual relationships, in particular in connection with products and services that include the performance of several group companies
    • Master data, contract data, communication data, behavioral and transaction data and preference data, as well as findings from customer surveys, polls, studies and image and sound recordings for market research and product development, insofar as a personal reference to such data is required
    • Master data, contract data, communication data, behavioural and transaction data, preference data as well as image and sound recordings for the delivery and personalization of offers, communication and marketing activities
    • Master data, contract data, communication data, behavioral and transaction data as well as preference data for the prevention of fraud and abuse and for credit checks (e.g. in connection with a purchase on account)
    • Master data, behavioral and transaction data as well as image and sound recordings for theft prevention and evidence purposes
    • Safety-related information for safety purposes and compliance with legal requirements
    • Information to assist in the enforcement of rights

For example, if you contact us with a concern about a product, we may pass this information on to the manufacturing company of the Lindaren Group for the purpose of product and quality improvement.

Further information on the companies belonging to the Lindaren Group can be found in section 2.

8.2 Outside the Lindaren Group

We may disclose your personal data to companies outside the Lindaren Group if we use their services. As a rule, these service providers process personal data on our behalf as so-called "processors". Our processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly or independently responsible with us (e.g. debt collection companies). We ensure that data protection is guaranteed throughout the processing of your personal data by selecting the service providers and through suitable contractual agreements.

This involves services in the following areas, for example:

    • Forwarding and logistics, e.g. for the shipment of ordered goods via "Die Post" or other providers
    • Advertising and marketing services, e.g. for sending communications and information
    • Warranty and returns, e.g. for exchange in the event of defects
    • Company administration, e.g. bookkeeping or asset management
    • Payment services
    • Creditworthiness information, e.g. if you wish to make a purchase on account
    • Collection services
    • Insurance service provider
    • Fraud prevention services provided by payment service providers under their own responsibility, such as PostFinance or PayPal. Corresponding procedures are only used if you are already a customer of the respective payment service provider. More detailed information can then be found in the privacy policy of the respective service provider
    • IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement, etc.
    • Consulting services, e.g. services of tax consultants, lawyers or consultants (e.g. in the area of personnel recruitment and placement)

It is also possible that we may pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to do so. In these cases, the recipient of the data is a separate controller under data protection law.

This includes, for example, the following cases:

    • information on product recalls by manufacturers if you have purchased a product from the manufacturer from us
    • the transfer of receivables to other companies such as debt collection agencies
    • the review or implementation of corporate law transactions such as company acquisitions, sales and mergers
    • the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to criminal prosecution authorities in the event of suspected criminal acts
    • the processing of personal data in order to comply with a court order or official order or to assert or defend against legal claims or if we consider it necessary for other legal reasons. We may also disclose personal data to other parties involved in the proceedings.

Please also note our cookie information on independent data collection by third-party providers whose tools we have integrated on our websites and apps.

In principle, we are not subject to any professional confidentiality obligations (such as banking or legal confidentiality, with the exception of Lindaren Naturheilpraxis Winterthur GmbH). Please let us know in individual cases if you believe that certain personal data is subject to a duty of confidentiality so that we can examine your request.

9 How do we disclose personal data abroad?

We process and store personal data in Switzerland and, in rare cases, in the European Economic Area (EEA). In certain cases, however, we may or must also disclose personal data to service providers and other recipients (see section 8) that are located outside this area or process personal data outside this area, in principle in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA.

10 How do we process particularly sensitive personal data?

Certain types of personal data are considered "particularly worthy of protection" under data protection law, e.g. information about health and biometric characteristics. Depending on the constellation, the categories of personal data mentioned in section 4 may also include such particularly sensitive personal data. However, we generally only process sensitive personal data if this is necessary for the provision of a service, if you have disclosed this data to us yourself or if you have consented to the processing. We may also process particularly sensitive personal data if this is necessary to uphold the law or comply with domestic or foreign legal provisions, if the data in question has obviously been publicly disclosed by the data subject or if the applicable law otherwise permits its processing.

11 How do we use profiling?

"Profiling" means the automated processing of personal data in order to analyze personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities and habits or the prediction of expected behavior. Profiling can be used in particular to derive preference data (further information on this can be found in section 4.5).

Profiling is a common process, e.g. in automated processing:

    • of master data, contract data, behavioral data and transaction data for purchases in our online stores
    • behavioral and transactional data as well as technical data in connection with our websites and apps
    • of data in connection with attending events or participating in competitions, prize draws and similar events
    • of communication data, e.g. your response to advertising and other messages;
    • from other behavioral and transactional data.

Profiling helps us with this, for example,

    • continuously improve our offerings and tailor them better to individual needs
    • to present our content and offers to you in line with your needs
    • to provide you only with advertising and offers that are likely to be relevant to you
    • Better support you in customer service
    • to decide which payment options are available on the basis of a credit check

We carry out profiling, e.g. in connection with our online stores, by evaluating your purchasing behavior and assigning you to certain interests based on this. Such interests can be formed on a permanent or case-by-case basis and can, for example, relate to the motive for purchase. This profiling enables us, for example, to send you relevant product suggestions via newsletter.

Profiling also takes place, for example, in connection with the customer account, e.g. by evaluating your usage and purchasing behavior in our online stores and on our websites and apps, for example to offer you an individual user experience and to provide you with offers tailored to your interests.

In order to improve the quality of our analyses and forecasts, we may also combine personal data from different sources as a basis for profiling, e.g. data collected via various of our services or data that we receive from other companies in the Lindaren Group. Self-learning algorithms (specific programming in computer programs) may also be used.

You can object to profiling in certain cases as described in section 15.

12 Do we make automated individual decisions?

An "automated individual decision" is a decision that is made completely automatically, i.e. without human influence, and that has legal consequences for the data subject or significantly affects them in some other way. As a rule, we do not do this, but we will inform you separately if we use automated individual decisions in individual cases. You then have the option of having the decision reviewed by a human if you do not agree with it.

13 How do we protect personal data?

We take appropriate security measures of a technical and organizational nature to protect the security of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risk of loss, unintentional alteration, unwanted disclosure or unauthorized access. Like all companies, however, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymization of data, logging, access restrictions and the storage of backup copies. Security measures of an organizational nature include, for example, instructions to our employees, training and controls. We also oblige our contract processors to take appropriate technical and organizational security measures.

14 How long do we process personal data?

We process and store your personal data,

    • as long as it is necessary for the purpose of processing or compatible purposes, in the case of contracts generally at least for the duration of the contractual relationship
    • as long as we have a legitimate interest in the storage. This may be the case in particular if we need personal data to enforce or defend against claims, for archiving purposes and to ensure IT security
    • as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period applies. For other data, shorter retention periods apply, e.g. for recordings from video surveillance or for recordings of certain processes on the Internet (log data)

In certain cases, we will also ask for your consent if we wish to store personal data for longer (e.g. for job applications that we wish to keep pending). We will delete or anonymize your personal data after the aforementioned periods have expired.

We are guided, for example, by the following retention periods, although we may deviate from these in individual cases:

    • Customer account: Personal data is stored for the duration of the customer account. If a deletion of the customer account is requested, the data will be deleted at the latest after the statutory retention period has expired following a review of outstanding claims and other relevant points that prevent immediate deletion.
    • Contracts: As a rule, we retain master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of proof, due to legal or contractual requirements or for technical reasons. Transaction data in connection with contracts is generally stored for ten years.
    • Technical data: Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
    • Communication data: E-mails, messages via the contact form and written correspondence are generally stored for ten years.
    • Image and sound recordings: The storage period varies depending on the purpose. This ranges from a few days for recordings to several years for recordings of orders or customer contacts.
    • Job applications: As a rule, we delete application data within six months of completing the application process. With your consent, we may keep your application pending with a view to possible future employment.

15 What rights do you have in connection with the processing of your personal data?

You have the right to object to data processing, particularly if we process your personal data on the basis of a legitimate interest and the other applicable requirements are met. You can also object to data processing in connection with direct marketing (e.g. advertising e-mails) at any time. Diit also applies to profiling insofar as this is connected with such direct marketing.

Insofar as the applicable requirements are met and no statutory exceptions apply, you also have the following rights:

    • the right to request information about your personal data stored by us
    • the right to have incorrect or incomplete personal data corrected
    • the right to request the deletion or anonymization of your personal data
    • the right to request the restriction of the processing of your personal data
    • the right to receive certain personal data in a structured, commonly used and machine-readable format
    • the right to withdraw consent with effect for the future, insofar as processing is based on consent

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about your identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via the customer account or our customer service. If you have a customer account, you can correct your master data stored there (e.g. your address) at any time. You can also request the deactivation of your customer account or the complete deletion of your personal data. You can also unsubscribe from newsletters and other advertising e-mails by clicking on the corresponding link at the end of the e-mail. You can also contact us in accordance with section 16 if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

You are also free to lodge a complaint with a competent supervisory authority if you have concerns as to whether the processing of your personal data complies with the law.

  1. How can you contact us?

If you have any questions about this privacy policy or the processing of your personal data, you can contact the respective responsible company using the contact details listed on its website.

You can also contact us as follows:

Lindaren med AG, company for a healthy life
Oberstrasse 125 A
P.O. Box 2233

CH-9001 St. Gallen

info@lindarenmed.ch

For specific questions about data protection, you can also contact our data protection officer:

E-Mail: datenschutz@lindarenmed.ch

17 Changes to this privacy policy

This privacy policy may be amended over time, in particular if we change our data processing or if new legislation becomes applicable. We will actively inform persons whose contact details are registered with us of any significant changes if this is possible without disproportionate effort. In general, the data protection declaration in the version current at the start of the relevant processing applies to data processing.

Last changes: 15.03.2023