Company

Data protection

Name and contact of the data processor according to Section 4(7) GDPR.

Company: MediCrops Holding AG
Address: Alpenstrasse 11, 6300 Zug
Phone: +41 44 932 7777</a >
E-mail: 
info@medicrops.ch

Security and protection of your personal data

We consider it our primary task to maintain the confidentiality of the personal
data provided by you and protect it from unauthorised access. For this reason,
we apply utmost diligence and state-of-the-art security standards to ensure the
protection of your personal data. As a private company, we are subject to the
provisions of the European General Data Protection Regulation (GDPR) and the
provisions of the Federal Data Protection Act (BDSG). We have taken technical
and organisational measures to ensure to ensure that the provision on data
protection are complied with by us as well as by our external service providers.

Definitions

The law demands that personal data be processed in a lawful manner, in good
faith and in a manner that is transparent for the data subject (“lawfulness,
processing in good faith, transparency”). To ensure this we inform you about the
individual legal definitions as they are used in the Privacy Statement:

  1. Personal data “Personal data” is all information
    that relates to an identified or identifiable natural person (hereinafter
    referred to as “data subject”); a natural person is considered to be
    identifiable if the person can be identified, directly or indirectly,
    especially by means of attribution to an identifier such as a name, to an
    identification number, to an online identifier or to one or more specific
    characteristics that express the physical, physiological, genetic,
    psychological, economic, cultural or social identity of this natural person.
  2. Processing “Processing” means any action or set of
    actions that is performed on personal data or sets of data, whether
    automated or not, e.g. the collection, registration, organisation,
    arrangement, storage, adjustment or change, reading, querying, using,
    disclosure by transmission, dissemination or any other form of provision,
    comparison or linking, restriction, erasure or destruction.
  3. Restriction of processing Restriction of processing means the marking
    of stored personal data in order to restrict its processing in the future.
  4. Profiling Profiling means any automated processing of
    personal data that uses this personal data to evaluate certain personal
    aspects relating to a natural person, especially to analyse or predict
    aspects of work performance, economic situation, health, personal
    preferences, interests, reliability, conduct, place of residence or change
    of location of this natural person.
  5. Pseudonymisation Pseudonymisation means the processing of
    personal data in such a way that the personal data can no longer be
    attributed to a specific data subject without bringing in additional
    information if this additional information is kept separately and is subject
    to technical and organisational measures, which ensure that the personal
    data cannot be attributed to an identified or identifiable natural person.
  6. File sytem “File system” refers to any structured
    collection of personal data that is accessible according to specific
    criteria, regardless of whether the collection is centralised, decentralised
    or managed according to functional or geographical aspects.
  7. Data Controller“Data controller” refers to any
    natural or legal person, authority, institution or other body that decides,
    alone or jointly with others, on the purpose and method of processing
    personal data; if the purpose and method of processing are prescribed by EU
    law or by the law of the Member States, the data controller or the specific
    criteria of their designation may be provided for in EU law or in the law of
    the Member States.
  8. Processor A “processor” is the natural or legal person, public
    authority or other body that processes data on behalf of the controller.
  9. Recipient A “recipient” is a natural or legal person, public
    authority, institution or other body to which personal data is disclosed,
    regardless of whether it is a third party or not. However, authorities that
    receive personal data in the context of a specific investigation mandate
    under EU law or the law of the Member States are not deemed recipients.
    Processing of this data by the aforementioned authorities is done in
    compliance with applicable data protection provisions according to the
    purpose of the processing.
  10. Third party A “third party” is a natural or legal person, public
    authority, institution or other body that is not the data subject, the
    controller, the processor; and those persons who are authorised, under the
    direct responsibility of the controller or the processor, to process the
    personal data.
  11. Consent“Consent” is any informed, unambiguous and freely given
    permission by the data subject for the specific case in the form of a
    declaration or any other unambiguous affirmative action by which the data
    subject agrees to have the personal data relating to him or her processed.

The processing of personal data is only legitimate when a legal basis for the
processing is in place. Under Section 6(1) lit. a–f GDPR, the following in
particular can constitute the legal basis for the processing:

  1. The data subject has given his/her consent to the processing of the personal
    data concerning him/her for one or more specific purposes;
  2. the processing is required for executing a contract of which the data
    subject is a party or for the implementation of pre-contractual measures
    that are taken at the request of the data subject;
  3. the processing is required to fulfil a legal obligation the controller must
    comply with;
  4. the processing is required in order to protect vital interests of the data
    subject or another natural person;
  5. the processing is required for the exercise of a task that is in the public
    interest or is due to a public authority that was assigned to the
    controller;
  6. processing is required to protect legitimate interests of the controller or
    a third party unless the interests or fundamental rights and liberties of
    the data subject, which require the protection of personal data, outweigh
    them; especially if the data subject is a child.

Information on the collection of personal data

(1) In the following, we provide information on the collection of personal data
when using our website. Personal data are, for example, name, address, e-mail
addresses, user behaviour. (2) When contacting us by e-mail or using a contact
form, the data provided by you (your e-mail address; your name and telephone
number, if necessary) are stored by us in order to answer your questions. Any
data incurred in this context is deleted by us after the storage is no longer
necessary; or processing is restricted if legal retention obligations exist.

Collection of personal data when you visit our website

If you use our website merely for information purposes, i.e. if you don’t
register or provide us with information in any other way, we collect only the
personal data that your browser transmits to us. If you want to look at our
website, we collect the following data that is technically necessary in order to
show you the website and guarantee its stability and security (legal basis:
Section 6[1] page 1 lit f GDPR):

  • IP address
  • Date and time of access
  • Time zone difference from the Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Respective data volume transmitted
  • Website from which the request comes
  • Browser
  • Operating system and its user interface
  • Language and version of the browser software.

Use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer
when you visit our website. Cookies are small text files that are allocated to
the browser used by you and stored on your hard disk; placing the cookie makes
certain information available to the site that places it. Cookies cannot execute
programs or transmit viruses to your computer. They only serve to make the
website more user-friendly and efficient. (2) This website uses the following
types of cookies, whose scope and functionality will be explained in the
following:

  • Transient cookies (Item a.)
  • Persistent cookies (Item b.).
  1. Transient cookies are deleted automatically when you close your browser.
    They include, in particular, session cookies. These session cookies store a
    so-called session ID with which various requests from your browser can be
    attributed to the joint session. With this, your computer is recognised when
    you visit our website again. The session cookies are deleted when you log
    out or close your browser.
  2. Persistent cookies are deleted automatically after a specified period, which
    differs from cookie to cookie. You can delete the cookies in the security
    settings of your browser at any time.
  3. You can configure the browser settings according to your wishes and
    reject,for example, the acceptance of third-party cookies or of all cookies.
    So-called “third-party cookies” are cookies that were used by a third party,
    i.e. not by the actual website you are visiting. We would like to point out
    to you that you might not be able to use all the features of this website
    when you disable cookies.

Other features and offers of our website

(1) In addition to the purely informational use of our website, we offer various
services that you can use if you are interested. For this, you usually have to
provide additional personal data that we use to render the respective service
and to which the aforementioned data processing principles apply. (2) In some
cases, we use external service providers to process your data. They have been
carefully selected and commissioned by us; they are bound by our instructions
and are regularly checked. (3) Furthermore, we may disclose your personal data
to third parties, if the participation in promotions, raffles, contracts or
similar services are offered by us together with partners. You will receive
further information on this when you provide your personal data or in the
description of the offer below. (4) Inasmuch as our service providers or
partners have their registered office outside the European Economic Area (EEA),
we will inform you about the consequences of this fact in the description of the
offer.

Children

Our offer is exclusively aimed at adults. Persons under the age of 18 should not
transmit any personal data to us without the approval of their parents or legal
guardians.

Rights of the data subject

(1) Revocation of consent Inasmuch as the processing of
the personal data is based on a given consent, you have the right to revoke the
consent at any time. The revocation of consent does not affect the lawfulness of
the processing carried out based on the consent until revocation. You can
contact us at any time to exercise your right to revocation.

(2) Right to confirmationYou have the right to ask the data controller
for a confirmation as to whether we process personal data concerning you. You
can ask for this confirmation at any time using the aforementioned contact
details.

(3) Right to information If personal data is processed, you have the
right to request information about this personal data as well as the following
information at any time:

  1. the processing purposes;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data has
    been disclosed or will be disclosed, in particular recipients in third
    countries or at international organisations;
  4. if possible, the planned period for which the personal data is stored, or,
    if this is not possible, the criteria for the determination of this storage
    period;
  5. the existence of a right to rectification or erasure of personal data
    concerning him/her; of the right to restriction of processing by the
    controller; of a right to an objection to this processing;;
  6. the existence of a right to file a complaint with a supervisory authority;
  7. if the personal data is not collected from the data subject: all available
    information about the origin of the data;
  8. the existence of an automated decision-making process, including profiling,
    according to Section 22 (1, 4) GDPR, and – at least in these cases –
    meaningful information on the logic involved as well as the scope and
    desired impact of such processing for the data subject.

If personal data is transmitted to a third country or an international
organisation, you have the right to be informed of the appropriate guarantees
under Article 46 GDPR in the context of the transmission. We provide a copy of
the personal data that is the subject of the processing. For all other copies
that you request, we are entitled to charge a reasonable fee based on the
administrative costs. If you submit your request electronically, the information
must be made available in a standard electronic format, unless otherwise stated.
The right to receive a copy in accordance with Item (3) shall not impact the
rights and freedoms of other persons.

(4) Right to correction You have the right to demand from us the
immediate correction of incorrect personal data concerning you. Taking into
account the purposes of the processing, you have the right to demand the
completion of incomplete personal data, also by means of a supplementary
declaration.

(5) Right to deletion (“right to be forgotten”) You have the right
to demand from the data controller the immediate deletion of personal data
concerning you; and we are obligated to delete personal data immediately if one
of the following reasons applies:

  1. The personal data is no longer needed for the purposes for which it was
    collected or processed in any other way.
  2. The data subject withdraws his/her consent on which the processing in
    accordance with Section 6(1) lit. a or Section 9(2) lit. a GDPR was based,
    and there is no other legal basis for the processing.
  3. The data subject objects to the processing in accordance with Section 21(1)
    GDPR, and there are no overriding legitimate reasons for the processing; or
    the data subject objects to the processing in accordance with Section 21(2)
    GDPR.
  4. The personal data has been processed unlawfully.
  5. The erasure of the personal data is required to meet a legal obligation
    under EU law or the law of the Member States with which the controller must
    comply.
  6. The personal data was collected in terms of offered information society
    services pursuant to Section 8(1) GDPR.

In the event that the data controller has made public the personal data and he
is obligated under paragraph 1 to delete it, the data controller shall take
appropriate actions – taking in due consideration the available technology and
the costs of implementation – including technical ones in order to inform the
persons responsible for data processing, who process the personal data, that you
as a data subject have requested the deletion of all links to this personal data
or any copies and replications of this personal data. The right to deletion
(“right to be forgotten) does not apply if processing is required:

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation that requires processing in
    accordance with the law of the Union or the Member States; or for the
    exercise of a task that is in the public interest or due to a public
    authority that was assigned to the data controller;
  • on grounds of public interest in the field of public health, pursuant to
    Section 9(2) lit. h and i as well as Section 9(3) GDPR;
  • for archiving purposes that are in the public interest; for purposes of
    scholarly or historical research; or for statistical purposes pursuant to
    Section 89(1) GDPR to the extent that the right specified in the first
    paragraph would make the achievement of these goals impossible or would
    seriously impair it; or
  • for the assertion, exercise or defence of legal claims.

(6) Right to restriction of processing You have the right to require us
to restrict the processing of your personal data if one of the following
prerequisites applies:

  1. The data subject disputes the accuracy of the personal data, namely for a
    period that allows the controller to verify the accuracy of the personal
    data.
  2. The processing is unlawful and the data subject rejects the deletion of the
    personal data and, instead, demands a restriction of the use of the personal
    data.
  3. The data controller no longer needs the personal data for purposes of
    processing but the data subject needs it to assert, exercise or defend legal
    claims.
  4. The data subject has filed an objection to the processing according to
    Section 21(1) GDPR and it is not yet clear whether the legitimate reasons of
    the controller outweigh those of the data subject.

If the processing was restricted in accordance with the aforementioned
prerequisites, this personal data – apart from its storage – is allowed to be
processed only with the consent of the data subject or for the assertion,
exercise or defence of legal claims; or for the protection of the rights of
another natural or legal person; or for other reasons associated with an
important interest of the Union or a Member State. In order to assert the right
to restriction of processing, the data subject can contact us at any time using
the contact details given above.

(7) Right to data portabilityYou have the right to receive the data
provided to us in a structured, common and machine-readable format; and you have
the right to transfer this data to another data controller without interference
from the original data controller to whom the data was provided that:

  1. the processing is based on consent according to Section 6(1) lit. a or
    Section 9(2) lit. a or on a contract in accordance with Section 6(1) lit. b
    of the GDPR; and
  2. the processing uses automated procedures.

In exercising the right to data portability according to paragraph 1, you are
also entitled to seek that the personal data concerning you is transmitted
directly from one data controller to another data controller, insofar as this is
technically feasible. Exercising the right to data portability does not affect
the right to deletion (“right to be forgotten”). This right does not apply to
any processing that is required for the exercise of a task that is in the public
interest or is due to a public authority that was assigned to the data
controller.

(8) Right to objection For reasons that arise from your specific
situation, you have the right to object to the processing of the personal data
concerning you that is carried out on the basis of Section 6(1) lit. e or f
GDPR; this also applies to any profiling based on these provisions. The data
controller shall no longer process the personal data unless he can give proof of
reasons worthy of protection for the processing that outweigh the interests,
rights and liberties of the data subject; or if the processing serves for the
assertion, exercise or defence of legal claims. If the personal data is
processed for direct advertising, you are entitled at any time to object to the
processing of the personal data concerning you for such advertising purposes;
this also applies to profiling insofar as it is connected to such direct
advertising. If you object to processing for purposes of direct advertising, the
personal data will no longer be processed for these purposes. Regardless of
Directive 2002/58/EC, you are entitled, in the context of the use of information
society services, to exercise your right to objection by way of automated
procedures for which technical specifications are used. You have the right, for
reasons arising from your specific situation, to object to the processing of
personal data concerning you for scholarly or historical research purposes or
for statistical purposes within the meaning of Section 89(1) GDPR, unless such
processing is necessary for the fulfilment of a task in the public interest. You
can exercise the right to objection at any time by contacting the respective
data controller.

(9) Automated decisions in individual cases, including profiling You have
the right not to be subject to a decision that is solely based on automated
processing – including profiling – and is legally effective with respect to you
or significantly affects you in a similar way. This does not apply if the
decision

  1. is required for the conclusion or execution of a contract between the data
    subject and the data controller;
  2. is permitted based on the statutory provisions of the Union or the Member
    States with which the data controller must comply, and these statutory
    provisions contain appropriate measures for the protection of the rights and
    liberties as well as legitimate interests of the data subject; or
  3. is made with the express consent of the data subject.

The data controller shall take appropriate actions in order to protect the
rights and liberties as well as legitimate interests of the data subject; this
includes, at a minimum, the right to seek the intervention of a person on the
part of the data controller; the right to present your own standpoint; and the
right to dispute the decision. The data subject can exercise the right to
objection at any time by contacting the respective data controller.

(10) Right to file a complaint with a supervisory authority Without
prejudice to any other administrative or judicial remedy, the data subject also
has the right to file a complaint with a supervisory authority, in particular in
the Member State of his/her residence, place of work or location of the alleged
violation, if the data subject is of the opinion that the processing of the
personal data concerning you violates this Regulation.

(11) Right to effective judicial remedy
Without prejudice to any administrative or out-of-court judicial remedy,
including the right to file a complaint with a supervisory authority
under Section 77 GDPR,the data subject has the right to an effective judicial
remedy if he/she is of the opinion that his her rights to which he/she is
entitled on the basis of this Regulation have been violated due to a processing
of their personal data that is not in accordance with this Regulation.

Use of Google Analytics

(1) This website uses the “Google Analytics” Web analysis service by Google Inc.
(“Google”). Google Analytics uses “cookies,” which are text files placed on your
computer, to help the website analyse how users use the site. The information
generated by the cookie concerning the usage of this website by you is
transmitted to a server of Google in the United States and stored there. When
the IP anonymisation is activated on this website, your IP address will be
abbreviated by Google within the Member States of the European Union or in other
contracting states of the Agreement on the European Economic Area. Only in
exceptional cases is the full IP address transmitted to a Google server in the
United States and stored there. On behalf of the operator of this website,
Google will use this information to evaluate your use of the website, to compile
reports on website activities and to provide other services to the website
operator that are associated with the use of the website and the Internet. (2)
The IP address transmitted from your browser through Google Analytics will not
be merged with other data of Google. (3) You can prevent the installation of the
cookies by selecting the appropriate setting on your browser software; we would
like to make you aware of the fact that in this case it is possible you will not
be able to use all the functions of this website in full. Moreover, you may
prevent data that was produced by the cookie and relates to your use of the
website (including IP address) from being collected and processed by Google by
downloading and installing the following browser plug-in available at the link
below: http://tools.google.com/dlpage/gaoptout?hl=de. (4) This website uses
Google Analytics with the extension “_anonymizeIp()”.