Privacy Policy of the Hepart Group

 

§1 Controller, Data Protection Officer and Representative

 

This privacy policy contains information on how Hepart Group Switzerland (hereinafter referred to as “Hepart Group Switzerland”, “we” or “us”) processes personal data (hereinafter referred to as “personal data”).

The Hepart Group Switzerland comprises the following companies:

 

Hepart AG

Esslenstrasse 3

CH-8280 Kreuzlingen

 

IABC AG – Institute of Applied Biochemistry

Esslenstrasse 3

CH-8280 Kreuzlingen, Switzerland

 

Fachkurhaus Seeblick

Wieslistrasse 34

CH-8267 Berlingen

Switzerland

 

Unisan GmbH

Max-Stromeyer-Strasse 170

DE-78467 Konstanz

 

SHC Swiss Health Concepts BV

Steenovenweg 5

NL-5708 HN Helmond

 

SfGU Foundation for Health and Environment

Wieslistrasse 36

CH–8267 Berlingen

 

Salusmed AG

P.O. Box 36

CH-8267 Berlingen

 

Hepart Group Switzerland undertakes to process personal data in accordance with Swiss and European data protection law and to take appropriate security measures to protect it from unauthorized access. In this privacy policy, we inform you in particular about which personal data is collected and processed, for what purposes it is used, to whom it may be passed on and what your rights are in connection with the use of your personal data by Hepart Group Switzerland. Personal data is any information relating to an identified or identifiable person.

By using our services and products, you declare that you have read this privacy policy carefully and agree to the data processing described. Any questions in connection with this privacy policy can be addressed at any time by e-mail to datenschutz[at]hepart.ch. If you do not agree with this statement, do not use our services and products.

Responsible for the processing of personal data within the companies of the Hepart Group Switzerland is the

Hepart AG
Esslenstrasse 3

8280 Kreuzlingen

Switzerland

Phone: +41 71 6668-340Email: info@hepart.ch

 

You can contact our data protection officer at:

Hepart AG

The Data Protection Officer
Esslenstrasse 3

8280 Kreuzlingen

Switzerland

Phone: +41 71 6668-340

Email: datenschutz@hepart.ch

 

According to Article 27 GDPR, as a company established outside the EU, we are obliged to appoint a representative established within the EU to represent Hepart Group Switzerland vis-à-vis data subjects and data protection authorities. This representative is the

Unisan GmbH

Max-Stromeyer-Strasse 170

78467 Konstanz

Germany

Phone: +49 800 1014037

Email: info@unisan.de

 

§2 Your rights in matters of data protection and the competence of the supervisory authority

 

As a “data subject”, you have the following rights under the GDPR/revDSG:

  • The right of access – We, as the controller, must provide you with information about your personal data upon request.
  • The right to rectification of your – data If an error has crept into the personal data concerning you, we will correct it immediately.
  • The right to withdraw consent – If the processing of your personal data is based on your consent, you may withdraw this consent at any time. In this case, we will immediately cease processing your data. However, this does not affect any processing of your data that has already taken place in the past.
  • The right to object to processing – If the processing of your personal data is based on another legal basis, you may object to the processing of the data at any time.
  • The right to restriction of processing – You can request that we restrict processing at any time — this means that we will no longer process your data until further notice, but we will not delete it either.
  • The right to erasure – You can request the deletion of your personal data at any time. Please note, however, that in certain situations we are legally obliged to retain or process your personal data.
  • The right to data portability – You have the right to request your personal data processed by us. We will provide this data in a commonly used, machine-readable format.
  • The right to lodge a complaint with a supervisory authority – If you have any reason to complain about our handling of your personal data, you can complain to the competent data protection authority at any time. Of course, we would still be happy if you contact us directly beforehand so that we can check and clarify the case. For non-EU companies, the jurisdiction of the supervisory authority depends on the representative’s place of residence. Thus, Hepart AG is responsible for:

The State Commissioner for Data Protection and Freedom of Information Baden-WürttembergP.O. Box 10 29 3270025 Stuttgart

Phone: +49 711 615541–0Fax: +49 711 615541–15Email: poststelle@lfdi.bwl.de

§3 What personal data do we process?

“Personal data” is information that can be associated with a specific individual. We process various categories of such personal data. The most important categories can be found below for your orientation. In individual cases, however, we may also process other personal data.

Master data

is the basic data about you, such as title, name, contact details or date of birth. We collect master data in particular when you register for one of our offers, you register for one of our offers or you create a customer account. However, we also collect master data, for example, when you take part in a competition or sweepstakes or register for a newsletter. We also collect master data for access controls to our events (e.g. courses) or office premises. We also collect master data, for example, about contact persons and representatives of contractual partners, organisations and authorities.

Contract data

Contract data is personal data that arises in connection with the conclusion or execution of the contract, e.g. the date of purchase, the product description and the quantity. This may also include health data and information about third parties, e.g. information about cases of illness in the family. We conclude contracts primarily with customers, patients, business partners and job applicants, but also with other contractual partners such as applicants for sponsorship.

Health data

Due to our therapeutic offer, we regularly process health data. All information that allows conclusions to be drawn about the physical or mental state of health is considered as such. We attach particular importance to the protection of this data.

Certain types of personal data are considered “particularly worthy of protection” under data protection law, e.g. health data and biometric features. As a rule, however, we only process particularly sensitive personal data if it is necessary for the provision of a service, if you have disclosed this data to us on your own initiative or if you have consented to the processing. If you are in contact with us or we are in contact with you, e.g. if you contact a practice or pharmacy or if you write or call us, we will process the content of the exchanged communication and information about the type, time and place of the communication.

Behavioral and Transaction Data

When you use our services, make purchases from us, or use our infrastructure, we often collect information about that usage and more generally about your behavior.

Preference data

We want to tailor our offers and services to our customers in the best possible way. We therefore also process data about your interests and preferences. To do this, we may combine behavioral and transactional data with other data and evaluate this data on a personal and non-personal basis.

When you use our websites or other electronic offerings, we collect certain technical data. See §4

We may take photographs, videos and sound recordings in which you may appear, e.g. when you attend an event. This data may also be passed on to our social media channels in accordance with §8.

 

§4 Where does the data come from?

 

§4.1 Data you provide to us

Hepart Group Switzerland collects and processes personal data that the user voluntarily transmits to Hepart Group Switzerland by means of an online form directly on the website, via our contact e-mail address, via any other applications connected to the website, by telephone or in any other way (e.g. to process specialist information, job applications, newsletters, product orders, etc.). This information includes, for example, the following personal data:

  • Surnames, first names, postal addresses, e-mail address, telephone number, date of birth, gender
  • Education, area of expertise, employer, company name
  • Your message or inquiry
  • Health information such as height, weight, diagnoses, health status, information on diseases, symptoms, laboratory analyses, treatments
  • Product Orders
  • Pictures, videos
  • Letter of application, photo, contact details of reference persons, CVs, proof of achievements, AHV number

The provision of this personal data is expressly voluntary. However, without this personal data, we will not be able to provide the services requested by the user in the desired quality or at all.

Hepart Group Switzerland uses the personal data that the user transmits to us for the following purposes:

  • provide, maintain, protect and optimize the services and information offered
  • communicate with you and provide you with the best possible and personalized information you require from us (e.g. about our products and services)
  • To offer you new services and information and, based on your profile, to suggest services and information tailored to you that may be of interest to you
  • To comply with legal or other regulatory requirements and internal regulations
  • to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings
  • for other legitimate purposes, if such processing arises from the circumstances or was indicated at the time of collection
  • to process complaints and reports of side effects in accordance with legal regulations
  • To answer enquiries and consultations in the health sector
  • to take care of customers
  • for the purpose of recruiting employees

§4.2 Data collected when using our services

  • Request for information material

If you request information material from us about our products and services, we collect address data that is necessary to carry out the dispatch and to enable a polite address. Furthermore, on the basis of Article 6, paragraph 1 (f) GDPR, we use your data to send you further information material (advertising) about our products and services. From time to time, we are assisted by service providers in sending information material. They take on the role of processors. Your data will be passed on to these service providers exclusively for the purpose of sending the information material. After sending, your data will be deleted by the service provider. You have the right to object to the use of your personal data for advertising purposes at any time!

  • Telephone contact

When you call a Hepart-Group Switzerland company, your phone number is usually visible and logged in our telephone system. If you do not wish this to happen, you can prevent your telephone number (“CLIP”) from being sent. To do this, contact your phone provider. If you are connected to one of our agents, your call (i.e. your phone number, as well as the date and time of your call) will be automatically recorded in our customer care system. In the course of the interview, the employees may collect other personal data, such as your name. As a matter of principle, only data that is necessary for the processing of your request will be collected. If you do not agree to this, you can inform the employee at any time. Please note, however, that we may not be able to process your request or not be able to process it completely.

  • Purchase of products and services

If you, as an end customer, purchase products or services directly from us, we will first process your data in order to fulfil our contractual obligations (Article 6, paragraph 1 (b) GDPR) resulting from this purchase contract.

In addition, we must comply with the obligations we have under Swiss commercial and tax law. This means that we must also process and archive your data for this purpose (Article 6, paragraph 1 (c) GDPR).

A valid contract of sale is conditional on you providing us with this information.

Furthermore, on the basis of Article 6, paragraph 1 (f) GDPR, we use your data to send you information material (advertising) about our products and services.

From time to time, we are assisted by service providers in sending information material. They take on the role of processors. Your data will be passed on to these service providers exclusively for the purpose of sending the information material. After sending, your data will be deleted by the service provider.

You have the right to object to the use of your personal data for advertising purposes at any time!

 

§5 Visiting our website

When you visit one of our websites, the following data is collected by our web servers by default:

  • Your IP address and/or your computer’s domain name
  • The full address (URL) of the files you requested
  • The response code (e.g. error status) of our web server
  • If applicable, the URL of the website that referred you to our website (legal basis Article 6, paragraph 1 (b) GDPR)

The collection of this information is technically necessary for two reasons:

On the one hand, we need this information in order to be able to deliver the website you have requested to you. On the other hand, the retention of this information serves to detect and analyze possible attack attempts on our infrastructure and thus serves your and our security (Article 6, paragraph 1 (f) GDPR).

We are supported in the collection of data by technical service providers. They do not evaluate the data at any time for purposes other than those described above. The data collected in this way will be deleted after 6 months and will not be associated with any other data at any time.

§5.1 Creating a user account on one of our websites

If you register on one of our websites, the data entered in this context will be used to provide you with additional services. The type of information collected differs depending on the purpose of registration, but always follows the minimum principle. This means that in order to register for a specific purpose, you only have to enter the data that is necessary to fulfil this purpose.

As long as you do not request deletion, your data provided in the course of registration will be processed by us.

§5.2 The use of cookies on our websites

Cookies are used on most of our websites to simplify the use of these websites or to make them possible in the first place. Cookies are small text files that your browser stores on your computer and in which our web servers can store information. We store a unique ID in these files, which enables our servers to identify your browser again when you visit the site at a later date. You as a person can only be identified via a cookie if you have created a user account on the corresponding website and thus given your consent (legal basis: Article 6, paragraph 1 (a) GDPR) to the processing of the data. You can revoke this consent at any time and request the deletion of your data (as far as legally permissible).

In most cases, we use so-called “session cookies” on our websites, which are only valid for one browser session and are used, for example, to enable the login to websites or the processing of a purchase process.

On individual websites, we also use so-called “persistent cookies”, which are stored on your computer for a longer period of time and thus enable a specific browser to be identified over a longer period of time. These are used to analyse user behaviour and for online marketing purposes.

You can disable the acceptance of cookies in your browser. Unfortunately, you will not be able to use all the functions of our website without cookies!

Basic technical information on the subject of “cookies” can be found on de.wikipedia.org/wiki/HTTP-Cookie, for example, and details on other services based on cookies can be found further down in this document.

§5.3 Registration for one of our e-mail newsletters

We send out a number of different newsletters that contain, among other things, information about our products and services (advertising).

We use the so-called double opt-in procedure to send these newsletters, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed to us that we should activate the newsletter service. We will then send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link contained in this email (legal basis Article 6(1)(a) GDPR).

If you no longer wish to receive newsletters from us at a later date, you can revoke your consent at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to our contact details (e.g. e-mail, fax, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in each newsletter.

We are occasionally assisted by service providers in sending newsletters. They take on the role of processors. Your data will be passed on to these service providers exclusively for the purpose of sending the newsletter for which you have registered. If you revoke your consent, your data will be deleted immediately by the service provider.

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to engage with subscribers directly. In addition, we analyse your usage behaviour in order to optimise our offer.

To do this, we share the following personal data with Mailchimp:

E-mail address, first name, last name, address data.

Our e-mails contain a link that you can use to update your personal data.

Mailchimp is the recipient of your personal data and acts as a processor for us when it comes to sending our newsletter. The processing of the data indicated under this section is not required by law or contract. Without your consent and the transmission of your personal data, we will not be able to send you a newsletter.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods:

Information about your device (IP address, device information, operating system, browser ID), information about the application you use to read your emails, and other information about hardware and internet connection. In addition, usage data is collected, such as date and time, when you opened the email/campaign, and browsing activity (e.g., which emails/web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the Terms of Service, and the prevention of misuse. This corresponds to the legitimate interest (pursuant to Art. 6 (1) (f) GDPR) and serves the performance of the contract (pursuant to Art. 6 (1) (b) GDPR). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to compile usage and performance statistics of the Services.

Mailchimp additionally collects information about you from other sources. For an unspecified period of time and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

For more information on how to object and remedy Mailchimp, please visit:

https://www.intuit.com/privacy/statement/#3._Privacy_for_Contacts

The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the contact options provided. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.

Your data will be processed for as long as you have given your consent. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements require further storage.

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities in which Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, see:

https://mailchimp.com/legal/data-processing-addendum/

§5.4 Use of our contact forms

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. This data will not be passed on to third parties.

§5.4.1 Filling out the HCK questionnaire / health questionnaire on our websites

 

The data will be treated in the strictest confidence. They are used exclusively to determine your personal micronutrient requirements, which are evaluated with the help of a computer. The data will not be passed on to third parties. The provision of this personal data is expressly voluntary. However, without this personal data, we will not be able to provide the services requested by the user in the desired quality or at all.

§5.5 Analysis Tools

In order to design our website in line with demand, to optimise our website and to advertise our own products and services in a way that is appropriate for the target group, anonymised data is collected and stored by analysis tools, and user profiles are created from this data using pseudonyms.

For this purpose, cookies may be used to enable the recognition of your Internet browser. However, user profiles will not be merged with data about the bearer of the pseudonym without your explicit consent. In particular, IP addresses are made unrecognizable immediately after receipt, which means that it is not possible to assign usage profiles to IP addresses.

We use the following analysis tools:

§5.5 1 Google Analytics:

  • Subject: all websites of the Hepart Group Switzerland

These websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files that are stored on your computer and enable an analysis of your use of the websites. The information generated by the cookie about your use of these websites is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on these websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of the websites, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage.

Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google’s behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. You can prevent the installation of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of these websites to their full extent. By using these websites, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above.

We use the “Activation of IP anonymization” function on these websites. However, this means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of these websites, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

These websites use the “demographics” feature of Google Analytics. This makes it possible to generate reports that contain information about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google, as well as third-party visitor data. This data cannot be assigned to a specific person. You can deactivate this feature at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics.

You can also prevent the collection of the data generated by the cookie and related to your use of the websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:

tools.google.com/dlpage/gaoptout

 

§5.5.2 SMARTLOOK

  • Applies to the following website: www.epd-shop.com

Smartlook is operated by Smartlook.com s.r.o. Company registration number: 095 08 830 VAT ID: CZ 095 08 830 Address: Šumavská 524/31, Veveří, 602 00 Brno

Smartlook allows us to record user behavior on our website. This allows us to improve the user-friendliness of our website. The data is anonymized. Click here for Smartlook’s Privacy Statement:

https://help.smartlook.com/docs/privacy-first

You can object to this data collection and storage by Smartlook at any time for the future here. To do so, please visit the following link:

https://www.smartlook.com/de/opt-out

§5.5.3 TAWK’s chat tool. TO

  • Applies to the following website: www.epd-shop.com

This site uses Tawk.to for the live chat offered. This site provides epd-shop.com’s advisors with an external platform to manage the chats. The chat is integrated into the source code on epd-shop.com via a script.

By using the chat, you automatically use the services of Tawk.to. This is where data is transmitted, which is used for the security and documentation of epd-shop.com. The data collected includes: chat history, name provided, IP address at the time of the chat, and country of origin. This data will not be shared with third parties and is only used for protection and internal statistics. By using the chat, you agree that you agree to this.

Here you can find more information from Tawk.to! Please be sure to read them. Please note, however, that the site is only available in English: https://www.tawk.to/privacy-policy/

 

§5.6 Integration with social media services

 

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to be able to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

 

§5.6.1 Facebook Plugins (Like Button), Facebook Pixel, Custom Audiences and Facebook Conversion Subject:

  • Subject: all websites of the Hepart Group Switzerland

Plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. As a result, Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign your visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy under www.facebook.com/about/privacy/

If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account before visiting our website.

Facebook Pixel, Custom Audiences, and Facebook Conversion

On the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour,  Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The processing of the data by Facebook takes place within the framework of Facebook’s data use policy. Accordingly, general information on the display of Facebook ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook pixel and how it works, visit Facebook’s Help Center: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website http://www.aboutads.info/choices or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

§5.6.2 Instagram

Concerns:

  • Subject: all websites of the Hepart Group Switzerland

Functions of the Instagram service are integrated into our pages. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign your visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

You can find more information about this in Instagram’s privacy policy: instagram.com/about/legal/privacy/

 

§5.6.3 YouTube

  • Subject: all websites of the Hepart Group Switzerland

The website in question uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. In doing so, the YouTube server is informed which of our pages you have visited.

If you are logged in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy

 

§5.6.4 LinkedIn Analytics and LinkedIn Ads

Concerns:

www.hck-mikronaehrstoffe.ch

www.sfgu.ch

We use conversion tracking technology and the retargeting function of LinkedIn Corporation on our website.

With the help of this technology, visitors to this website can be shown personalized advertisements on LinkedIn. Furthermore, it is possible to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is integrated into this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. Please refer to LinkedIn’s privacy policy under www.linkedin.com/legal/privacy-policy for more information on data collection and data use, as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the collection of data at any time under the following link: www.linkedin.com/psettings/enhanced-advertising.

 

§5.7 Online advertising with Google Inc.

  • Subject: all websites of the Hepart Group Switzerland

§5.7.1 Google Ads and Conversion Measurement

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing process Google “AdWords” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially correspond to their interests.

If, for example, a user is shown ads for products that he or she has been interested in on other online offers, this is referred to as “remarketing”. For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google executes code directly and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). In this file, it is noted which websites the user visits, which content he is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information on the use of the online offer.

We also receive an individual “conversion cookie”. The information collected with the help of the cookie is used by Google to compile conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

The user’s data is processed pseudonymously within the framework of the Google advertising network. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant cookie-related data within pseudonymous user profiles. This means that, from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the United States.

For more information on the use of data by Google, as well as settings and objection options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

 

§5.8 Further integration on our websites

§5.8.1 Google Tag Manager

Subject: all websites of the Hepart Group Switzerland

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services. Acceptable Use Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

§5.8.2 Google Maps

Subject: all websites of the Hepart Group Switzerland

We integrate Google Maps, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually carried out as part of the settings of their mobile devices). The data may be processed in the United States.

§5.8.3 Google Fonts

Subject: all websites of the Hepart Group Switzerland

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

§5.8.4 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites.

The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is carried out by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and Google Terms of Service at the following links:

https://policies.google.com/privacy?hl=de and

https://policies.google.com/terms?hl=de.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards. More

Information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

§5.8.5 Participation in Affiliate Partner Programs

Concerns www.epd-shop.com

Within our online offering, we use industry-standard tracking measures on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering) in accordance with Art. 6 (1) (f) GDPR, insofar as these are necessary for the operation of the affiliate system. In the following, we explain the technical background to the users.

The services offered by our contractual partners may also be advertised and linked to on other websites (so-called affiliate links or after-buy systems, e.g. if links or services of third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and then take advantage of the offers.

In summary, it is necessary for our online offer that we can track whether users who are interested in affiliate links and/or the offers available from us subsequently take advantage of the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values, which can be set as part of the link or otherwise, e.g. in a cookie. The values include, in particular, the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising media ID, partner ID and categorisations.

The online identifiers of the users used by us are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or e-mail addresses. They only help us to determine whether the same user who clicked on an affiliate link or was interested in an offer via our online offer took advantage of the offer, i.e. e.g. concluded a contract with the provider. However, the online identifier is personal insofar as the partner company and also we have the online identifier together with other user data. This is the only way the partner company can tell us whether the user has taken advantage of the offer and whether we can, for example, pay out the bonus.

 

§6 Use of our formulation tool “FAS”

If you, as a specialist, are given access to our “FAS” formulation tool, we will collect detailed information about you or your organization. These serve to fulfil our legal obligations as well as the fulfilment of the contract concluded with you.

In addition, professionals with access to our formulation system have the opportunity to store customer and patient data in the system and use it both for the creation of micronutrient mixtures and for order processing. In this case, Hepart is not the controller within the meaning of the GDPR and revDSG, but a processor.

When it comes to customer data, we distinguish between two basic types of personal data collected:

Health data is processed exclusively for the purpose of creating micronutrient mixtures for the patient, as well as ensuring and improving the quality of our products. This means that our formulation system can make suggestions for a prescription to the responsible professional, and that we use your health data in anonymised form to ensure the efficacy and tolerability of our products. The system supports the responsible specialist in the formulation, but who is ultimately responsible for the composition of the micronutrient mixture created.

Other personal data is collected for the purpose of order processing.

The personal data collected in connection with the creation of a micronutrient mixture (esp. Health data) are kept for the periods specified by the legislator (legal basis: Article 6, paragraph 1 (c) and paragraph 1 (f))GDPR.

 

§7 Attendance at an event of the Hepart Group Switzerland

If you register for a Hepart Group Switzerland event, we will collect the information from you that is necessary to process your registration and for invoicing. This means: your full name, company and postal address if applicable, as well as your tax number, if applicable.

In addition, you have the option of storing your e-mail address as well as your telephone and/or mobile phone number. The provision of this information is voluntary and serves to facilitate contact in the event of short-term changes.

Furthermore, on the basis of Article 6, paragraph 1 (f) GDPR, we use your data to send you further information material (advertising) about our products and services.

From time to time, we are assisted by service providers in sending information material. They take on the role of processors. Your data will be passed on to these service providers exclusively for the purpose of sending the information material. After sending, your data will be deleted by the service provider.

You have the right to object to the use of your personal data for advertising purposes at any time! (see §2)

 

§8 Customers who are looked after by a specialist

Customers who are looked after by a specialist hand over their personal data to this specialist. If we receive this data together with an order about this specialist from whom you will be personally looked after and advised, or if the order forms are labelled with the name and address data of the specialist that we have received from you directly or from the specialist, this specialist will be entered in your customer data and assigned to you as a “supervising specialist”.

From this point on, your supervising specialist will have access to your personal data, which also includes order data such as, number, article number, article description and price of the orders invoiced to you by one of the companies of the Hepart Group Switzerland. This disclosure of the order data concerning you takes place regardless of whether you have placed the order through your specialist or directly with one of the companies of the Hepart Group Switzerland without further naming of the specialist. This also applies to all our online shops that carry our imprint. If the order placed with us also includes a laboratory service, your specialist will also receive your laboratory data.

If you would like to be supervised by another specialist or explicitly a specialist in the future, you must inform us in writing, as well as if you expressly wish to use our services/products without a supervising specialist. As soon as this is the case, the assignment is changed accordingly to the new specialist or no specialist.

From this point on, the previous specialist loses access to future incoming orders that concern you. From this point on, the new specialist will have access to all your previous and new laboratory and order data. [Refers to created and ordered HCK mixtures as well as ordered laboratory analyses, not to the previous fee and support statements].

 

§9 On what legal basis is the data processed?

  • Your consent, only if it can be withdrawn at any time (e.g. when you sign up for our newsletter and other marketing communications)
  • for the performance of a contract with you or for the intention to enter into a contract with you (e.g. when purchasing a product)
  • to comply with a legal obligation (e.g. for tax reasons or for the purpose of judicial investigations or proceedings), or
  • to protect our legitimate interests (e.g., protecting and security of our services, systems, assets; compliance with legal, regulatory and contractual obligations; establishing, exercising or defending legal claims; Maintenance and efficient organization of business operations; Improvement and development of our services as well as sale and marketing of our services)
  • Where the processing is based on your consent or our legitimate interests, you may withdraw consent or object to such processing at any time by contacting us directly. Please note, however, that the withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

 

 

§10 To whom do we pass on the data?

Hepart Group Switzerland takes the necessary measures to ensure that only our authorised staff and our processors who have the necessary knowledge have access to your personal data in order to fulfil the purposes for which your personal data was collected.

We may disclose your personal data to the following possible categories of recipients in accordance with the purposes and legal bases of processing described above, to the extent necessary for the intended data processing:

  • Service providers who process personal data on behalf of and on the instructions of Hepart Group Switzerland (so-called processors such as in the areas of IT, hosting, support and laboratories)
  • Customers, partners, suppliers, insurance companies and other business partners
  • Industry organisations, associations and other bodies
  • Courts, arbitration boards, law enforcement agencies, regulators, lawyers and other parties in potential or actual legal proceedings where necessary to comply with the law or to establish, exercise or defend rights or legal claims.
  • We select our partners and processors carefully and only if there is sufficient assurance that they have appropriate technical and organizational measures in place in accordance with legal requirements. They are all subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected, unless otherwise required by law.