Privacy statement

The company responsible under data protection law for a particular data processing is the company that determines whether this processing is to take place, for what purposes it is to take place and how it is to be structured. LamKap Bio Group (LamKap Bio Group, Bahnhofstrasse 1, CH-8808 Pfäffikon (SZ), Switzerland) is responsible for data processing in accordance with this data protection declaration.

We may also be jointly responsible for a particular data processing with other companies of the LamKap Bio Group if they have a say in the design or purpose of the data processing in question.

This privacy policy applies to all individuals whose data we process (each "you"), regardless of how you contact us, e.g. on a website, by telephone, via a social network, at an event etc.. It applies to the processing of both personal data already collected and personal data collected in the future.

Our data processing operations may in particular concern the following categories of persons, insofar as we process personal data in the process:

• Visitors to our website;
• other persons who use services from us or who come into contact with offers from us;
• Visitors to our premises;
• People who write to us or contact us in any other way;
• Recipients of information;
• Participants at client events and public events;
• Participants in market research and opinion polls and customer surveys;
• Contact persons of our suppliers, customers and other business partners as well as organisations and authorities; and
• Job applicants.

Please also consult the contractual conditions for individual services (e.g. General Terms and Conditions, Terms of Use or Conditions of Participation). These may contain supplementary information on our data processing. For information on the collection and processing of personal data when using our websites and social media sites, in particular in connection with cookies and similar technologies, please also consult our cookie information.

"Personal data" is information that can be associated with a specific person. We process different categories of such personal data. The most important categories are listed below for your guidance. In individual cases, however, we may also process other personal data.

You can find out more about the origin of this data in section 5 and the purposes for which we process this data in section 6.

4.1 Master data

Master data is the basic data about you, such as title, name, contact details or date of birth. We also collect master data about contact persons and representatives of contractual partners, organisations and authorities.

The master data includes e.g.

• Salutation, first name, surname, gender, date of birth;
• Address, email address, telephone number and other contact details;
• Information about related third parties (e.g. contact persons, beneficiaries of services or representatives);
• Details of your status with us (house bans in Healing Centre etc.);
• Details of participation in events;
• Official documents in which you appear (e.g. identity documents, excerpts from the commercial register, permits, etc.);
• Information on titles and function in the company for contact persons and representatives of our business partners;
• Date and time of registrations.

4.2 Contract data

Contractual data is personal data that arises in connection with the conclusion or execution of a contract, e.g. information on the conclusion of the contract, acquired claims and receivables or information on customer satisfaction. We conclude contracts primarily with customers and business partners and job applicants. If you use offers from us based on a contract, e.g. use services, we also frequently collect behavioural and transaction data (see section 4.4).

Contract data includes, for example, details of

• on the initiation and conclusion of contracts, e.g. date of conclusion of the contract, information from the application process and information on the contract in question (e.g. type and duration or, if necessary, proof of identity such as copies of official IDs);
• about the processing and administration of contracts (e.g. contact details);
• in connection with customer service and assistance with technical matters;
• about our interactions with you (at most a history with corresponding entries);
• on claims and acquired entitlements and benefits (e.g. vouchers);
• about defects and complaints as well as adjustments to a contract;
• on customer satisfaction, which we can collect with surveys;
• on financial matters such as determining creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood of debts being paid), reminders, debt collection and enforcement;
• in connection with a job application, e.g. CV, references, qualifications, certificates, interview notes, etc. (which may also contain personal data of third parties);
• to interactions with you as a contact person or representative of a business partner;
• in connection with security checks (e.g. checking for fraudulent actions on orders) and other checks with regard to the establishment or continuation of a business relationship.

4.3 Communication data

When you are in contact with us or we are in contact with you, for example when you contact a customer service representative or when you write or call us, we process the exchanged communication content and information about the type, time and place of the communication. In certain situations, we may also ask you for proof of identity for identification purposes.

Communication data are e.g.

• Name and contact details such as postal address, email address and telephone number;
• Content of emails, written correspondence, chat messages, social media posts, comments on a website, telephone conversations, video conferences etc.;
• Responses to customer and satisfaction surveys;
• Details of the type, time and possibly location of the communication;
• Proof of identity such as copies of official identity documents;
• Marginal data of the communication.

Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option to terminate the conversation at any time and contact us by other means (e.g. by e-mail).

4.4 Behavioural data

When you use our offers and infrastructure or make use of our services, we often collect data about this use. This is the case, for example, when you use our websites.

Behavioural data includes, for example, the following information, insofar as it is available to us on a personal basis:

• about your behaviour on websites;
• about your use of electronic communications from us (e.g. whether and when you opened an email or clicked on a link);
• about your use of our Wi-Fi networks (e.g. date, time and duration of connection, Wi-Fi network location and data volume).

4.5 Preference data

We want to tailor our offers and services to our customers in the best possible way. We therefore also process data on your interests and preferences. To this end, we can link behavioural and transactional data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behaviour, e.g. your affinity for certain products and services.

In particular, we can form segments (permanently or on a case-by-case basis), i.e. groups of people who have similarities with regard to certain characteristics. Preference data can be used on a personal basis (e.g. for market research or product development).

The processing operations described may also be referred to as "profiling" in technical language. For more information on profiling, see section 11.

4.6 Technical data

When you use our websites, our Wi-Fi networks or other electronic offerings, we collect certain technical data such as your IP address or a device ID. Technical data also includes the logs in which we record the use of our systems (log data). In some cases, we may also assign a unique identification number to your end device (tablet, PC, smartphone, etc.) (an ID), e.g. by means of cookies or similar technologies, so that we can recognise it. You will find further details on this in our cookie information.

In particular, behavioural data can also be collected on the basis of technical data, i.e. information on your use of websites (see section 4.4). As a rule, however, we cannot deduce who you are from technical data, unless you register for offers, for example. In this case, we can link technical data with master data - and thus with your person.

The technical data include

• the IP address of your device and other device IDs (e.g. MAC address);
• Identification numbers assigned to your device by cookies and similar technologies (e.g. pixel tags);
• Information about your device and its configuration, e.g. operating system or language settings;
• Details of the browser with which you access the offer and its configuration;
• Information about your movements and actions on our websites;
• Information about your internet provider;
• Your approximate location and the time of use;
• system records of accesses and other processes (log data).
• Marginal data from telecommunication traffic

Please also note our cookie information for processing technical data.

4.7 Image and sound recordings

We regularly take photos, videos and audio recordings in which you may appear, e.g. when you attend an event, have contact with our customer service or take advantage of a consultation via video conference. We also make video recordings on our premises for security and evidence purposes. This may provide us with information about your behaviour in the relevant areas. The use of video surveillance systems is localised and labelled.

Image and sound recordings include, for example:

• Recordings from video surveillance systems;
• Photos, videos and sound recordings of client events and public occasions;
• Photos, videos and sound recordings of courses, presentations, training sessions etc.;
• Recordings of telephone and video conference calls (e.g. in customer service or customer counselling).

5.1 Data provided

You often provide us with personal data yourself, e.g. when you send us data or communicate with us. In particular, you usually provide us with master data, contract data and communication data yourself. You also frequently disclose preference data to us yourself.

For example, you provide us with personal data yourself in the following cases:

• You contact our customer service;
• You register for other offers.

The provision of personal data is usually voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process those personal data that are necessary for the processing of a contractual relationship and for the fulfilment of associated obligations or are required by law, e.g. mandatory master and contract data. Otherwise, we cannot conclude or continue the contract in question.

If you provide us with data about other people (e.g. family members), we will assume that you are authorised to do so and that this data is correct. Please also ensure that these other persons have been informed about this privacy policy.

5.2 Data collected

We may also collect personal data about you ourselves or automatically, e.g. when you use our offers or make use of our services. This often involves behavioural and transactional data as well as technical data (e.g. the time at which you access our website).

We independently collect personal data about you in the following cases, for example:

• You are visiting one of our websites;

We may also derive personal data from existing personal data, for example by analysing behavioural and transactional data. Such derived personal data is often preference data.

For behavioural and transactional data, please see section 4.4 and for profiling in this context, please see section 11.

5.3 Data received

We may also receive personal data from other companies in the LamKap Bio Group. You can find more information about this in section 8. We may also receive information about you from other third parties, e.g. from companies we work with, people who communicate with us or from public sources.

For example, we may receive information about you from the following third parties:

• from cooperation partners, e.g. point collection or redemption partners;
• from your employer and from work colleagues, in connection with an application and with their professional functions;
• from third parties when correspondence and meetings concern you;
• from people close to you (family members, legal representatives, etc.), e.g. your address for deliveries, references or powers of attorney;
• from credit agencies, e.g. when we obtain credit information;
• from Swiss Post and address dealers, e.g. for address updates;
• Provider of cyber security services
• of information services for compliance with legal requirements such as anti-money laundering and export restrictions;
• of authorities, parties and other third parties in connection with official and judicial proceedings;
• by media monitoring companies in connection with articles and reports in which you appear;
• from public registers such as the debt enforcement register or the commercial register, from public agencies such as the Federal Statistical Office, from the media or from the internet.

6.1 Communication

We would like to stay in contact with you and respond to your individual concerns. We therefore process personal data for communication with you, e.g. answering enquiries and customer care. For this purpose, we use in particular communication and master data and, insofar as the communication concerns a contract, also contract data. We may also personalise the content and timing of messages based on behavioural, transactional, preference and other data.

The purpose of communication includes in particular:

• answering enquiries;
• contacting you with any questions;
• customer service and customer care;
• the delivery of other notifications (e.g. order status information);
• the authentication;
• quality assurance and training;
• all other processing purposes, insofar as we communicate with you for this purpose (e.g. contract processing, information and direct advertising).

6.2 Contract execution

We would like to offer you the best possible service. We therefore process personal data in connection with the initiation, administration and processing of contractual relationships, e.g. in order to provide a service or to arrange services. The processing of contracts also includes any agreed personalisation of services. In particular, we use master data, contract data, communication data, behavioural and transaction data and preference data for this purpose.

The purpose of contract performance generally includes everything that is necessary or expedient to conclude, perform and, if necessary, enforce a contract.

This includes, for example, edits:

• in order to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit assessment);
• in order to provide contractually agreed services, e.g. to perform services and provide functions (including personalised service components);
• to provide customer services and survey customer satisfaction;
• to invoice our services and generally for accounting purposes;
• to plan and prepare for the provision of our services, e.g. scheduling of our employees;
• to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract;
• to check whether we want to and can work with a company, and to monitor and assess its performance;
• to prepare and execute transactions under company law, e.g. company acquisitions, sales and mergers;
• to enforce legal claims arising from contracts (debt collection, court proceedings, etc.);
• to manage and administer our IT and other resources;
• to store data within the scope of retention obligations;
• to cancel and terminate contracts.

6.3 Information and marketing

We would like to make you attractive offers. We therefore process personal data for relationship management and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. These may be our own offers or those of advertising partners. We may also act on behalf of other companies and take on the role of an agency, for example to carry out promotions for their products.

Messages and offers can also be personalised in each case in order to send you only information that is likely to be of interest to you. For this purpose, we use in particular master data, contract data, communication data, behavioural data and transaction data as well as preference data, but also image and sound recordings.

This may include, for example, the following notices and offers:

• Electronic news;
• Advertising brochures, magazines and other printed matter;
• Advertising messages and spots on screens and other advertising spaces;
• Delivery of promotional vouchers and promotional codes;

Personalising our communications allows us to tailor information to your individual needs and interests and, as far as possible, only present you with offers that are relevant to you. In general, tailoring our activities to the wishes and needs of our customers allows us to simplify processes so that you can reach your destination more quickly. You can find more information on profiling in this context in section 11.

6.4 Market research and product development

We want to continuously improve our offers and make them more attractive for you. We therefore process personal data for market research. To this end, we process in particular master data, behavioural data, transaction data and preference data, but also communication data and information from customer surveys, polls and studies and other information, e.g. from the media, the Internet and other public sources. As far as possible, we use pseudonymised or anonymised data for these purposes.

Market research and product development include in particular:

• conducting customer surveys, polls and studies;
• the further development of our offers (e.g. design of the product range, choice of location, pricing and action planning, etc.);
• assessing and improving the acceptance of our offers and our communication in connection with offers;
• optimising and improving the user-friendliness of websites;
• the development and testing of new offerings;
• reviewing and improving our internal processes;
• statistical evaluations, e.g. to evaluate information about our customers' interactions with us on a non-personal basis;
• the assessment of the supply situation in a particular market and the behaviour of our competitors;
• market monitoring, e.g. to understand and react to current developments and trends.

6.5 Safety and prevention

We want to ensure your and our security and prevent abuse. We therefore also process personal data for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes. This may concern all categories of personal data mentioned in section 4, in particular also behavioural and transaction data as well as image and sound recordings. We may collect, analyse and store this data for the aforementioned purposes.

The purpose of safety and prevention includes, for example:

• the production and evaluation (manually and automatically) of video recordings for the detection and prosecution of criminal acts;
• the issuing of house bans and the administration of house ban lists;
• the analysis of behavioural and transactional data for the purpose of detecting suspicious patterns of behaviour and fraudulent activity;
• the evaluation of system-side records of the use of our systems (log data);
• the prevention, defence and detection of cyber attacks and malware attacks;
• Analyses and tests of our networks and IT infrastructures as well as system and error checks;

We can also automatically evaluate video recordings for the purpose of security and prevention in particular. In a concrete case of suspicion, we can, for example, define a combination of characteristics (such as clothing or body size) and have this combination of characteristics automatically searched for in existing video recordings of a certain period of time. This enables us to evaluate video recordings more efficiently and thus supports us in the investigation of criminal acts. However, we do not carry out an analysis of biometric data (e.g. facial recognition) or an automated evaluation of behaviour patterns or similar analyses in this context.

6.6 Compliance with legal requirements

We want to create the conditions for compliance with legal requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect violations. This includes, for example, the receipt and processing of complaints and other reports, compliance with orders of a court or an authority and measures to detect and clarify abuses as well as the legally required retention of marginal data from telecommunications traffic (mobile subscription). This may concern all categories of personal data mentioned in paragraph 4.

Compliance with legal requirements includes in particular:

• the protection of minors and the protection of minors, e.g. the enforcement of age limits for the purchase of alcohol;
• the implementation of health and protection concepts;
• Clarifications about business partners;
• the receipt and processing of complaints and other reports;
• the conduct of internal investigations;
• ensuring compliance and risk management;
• the disclosure of information and documents to authorities if we have a factual reason to do so (e.g. because we ourselves are an aggrieved party) or are legally obliged to do so;
• the involvement in external investigations, e.g. by a law enforcement or regulatory authority;
• ensuring the legally required data security;
• the fulfilment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax obligations, e.g. archiving obligations and for the prevention, detection and clarification of criminal offences and other violations;
• the legally regulated fight against money laundering and terrorist financing. 

6.7 Safeguarding the law

We want to be able to enforce our claims and defend ourselves against claims by others. We therefore also process personal data for legal protection, e.g. to enforce claims in court, before or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. In doing so, we process different personal data depending on the constellation, e.g. contact data as well as information about processes that have given or could give rise to a dispute.

The purpose of upholding the law includes in particular:

• clarifying and enforcing our claims, which may include claims of companies affiliated with us and our contractual and business partners;
• the defence of claims against us, our employees, companies associated with us and against our contractual and business partners;
• clarifying the prospects of litigation and other legal, economic and other issues;
• participating in proceedings before courts and authorities at home and abroad. For example, we can secure evidence, clarify the prospects of litigation or submit documents to an authority. It may also be that authorities request us to disclose documents and data carriers that contain personal data.

6.8 Intra-group administration and support

We would like to organise our internal processes efficiently. We therefore also process personal data for the internal administration of the LamKap Bio Group (see section 2 on the LamKap Bio Group). To this end, we process master data, contract data and technical data in particular, but also behavioural and transaction data and communication data.

Intra-group administration includes in particular:

• the management of IT and real estate;
• the accounting department;
• the archiving of data and the management of our archives;
• training and education, e.g. when we evaluate recordings of telephone, video or other communications;
• the central storage and management of data used by several LamKap Bio Group companies;
• the review or implementation of transactions under company law, such as company acquisitions, sales and mergers;
• forwarding enquiries to the competent bodies;
• the sale of receivables, where we provide the purchaser, for example, with information on the reason for and amount of the receivable and, where applicable, the creditworthiness and conduct of the debtor;
• generally reviewing and improving internal processes.

Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing:

• is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g. the examination of a contract request);
• is necessary for the exercise of legitimate interests, for example when data processing is a central component of our business activities;
• is based on consent;
• is necessary to comply with domestic or foreign law.

We have a legitimate interest in particular in the processing for the purposes described in section 6 above and in the disclosure of data in accordance with section 8 and the objectives associated with each of these. The legitimate interests include our own interests and the interests of third parties.

These legitimate interests include, for example, the interest in

• to supply products and services to third parties (e.g. to persons receiving gifts);
• good customer service, maintaining contacts and communicating with customers outside of a contract;
• to get to know our clients and other people better;
• Improve products and services and develop new ones;
• in the intra-group administration and intra-group traffic that is necessary in a group with cooperation based on the division of labour;
• in the mutual support of the Group companies in their activities and objectives;
• in the fight against fraud, e.g. in the prevention and investigation of offences;
• in ensuring IT security, especially in connection with the use of websites and other IT infrastructure;
• in ensuring and organising business operations, including the operation and further development of websites and other systems;
• in corporate management and development;
• in the sale or purchase of companies, parts of companies and other assets;
• in the enforcement or defence of legal claims;
• in compliance with Swiss and foreign law as well as internal rules.

8.1 Within the LamKap Bio Group

We may share personal data we receive from you or from third party sources with other LamKap Bio Group companies. Sharing may be for internal group administration or to support the relevant group companies and their own processing purposes (clause 6), for example, to support the development and improvement of products and services, to carry out credit checks or to support efforts to prevent theft, fraud and abuse. The personal data received may also be compared and linked with existing personal data by the group companies concerned.

This may involve, for example, the following data disclosures:

• All categories of personal data mentioned in section 4 for the administration and processing of contractual relationships, in particular in connection with products and services involving the performance of several group companies;
• Master data, contract data, communication data, behavioural and transaction data and preference data, as well as findings from customer surveys, polls, studies and image and sound recordings for market research and product development, insofar as a personal reference to such data is necessary;
• Master data, contract data, communication data, behavioural and transactional data, preference data and image and sound recordings for the delivery and personalisation of offers, communication and marketing activities;
• Master data, contract data, communication data, behaviour and transaction data as well as preference data for fraud and abuse prevention
• Master data, behavioural and transactional data as well as image and sound recordings for theft prevention and evidentiary purposes;
• Security-relevant information for security purposes and compliance with legal requirements;
• Information to assist in the administration of justice.

For example, if you contact us with a concern about a product, we may share that information with the LamKap Bio Group proprietary manufacturing company for the purpose of product and quality improvement.

For more information on the companies belonging to the LamKap Bio Group, please refer to section 2.

8.2 Outside LamKap Bio Group

We may share your personal data with companies outside the LamKap Bio Group when we use their services. As a rule, these service providers process personal data on our behalf as so-called "order processors". Our order processors are obliged to process personal data exclusively in accordance with our instructions and to take suitable data security measures. Certain service providers are also jointly responsible with us or independently (e.g. debt collection companies). We ensure that data protection is guaranteed throughout the processing of your personal data by selecting the service providers and by means of suitable contractual agreements.

This involves, for example, services in the following areas:

• Forwarding and logistics;
• Warranty and return, e.g. for repair in case of defects
• Business administration, e.g. accounting or asset management;
• Payment services;
• Insurance service provider
• Fraud prevention services that payment service providers carry out on their own responsibility, such as PayPal Fraud Protection. Corresponding procedures are only applied if you are already a customer of the respective payment service provider. More detailed information can then be found in the privacy policy of the respective service provider;
• IT services, e.g. services in the areas of data storage (hosting), cloud services, data analysis and refinement, etc.;
• Consultancy services, e.g. services of tax consultants, lawyers, management consultants or consultants in the field of personnel recruitment and placement.

It is also possible that we pass on personal data to other third parties, including for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass it on. In these cases, the recipient of the data is a separate data controller under data protection law.

This includes, for example, the following cases:

• the transfer of receivables to other companies such as collection agencies;
• the review or implementation of transactions under company law, such as company acquisitions, sales and mergers;
• the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement agencies in cases of suspected criminal offences;
• the processing of personal data in order to comply with a court order or official directive or to assert or defend legal claims or if we consider it necessary for other legal reasons. We may also disclose personal data to other parties to the proceedings.

Please also note our cookie information on independent data collection by third-party providers whose tools we have integrated on our websites.

As a matter of principle, we are not subject to any professional secrecy obligation (such as banking or medical secrecy). Please let us know in individual cases if you are of the opinion that certain personal data is subject to a duty of confidentiality so that we can examine your request.

We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see section 8) who are located outside this area or who process personal data outside this area, in principle in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, the conclusion of data transfer contracts with the recipients of your personal data in third countries that ensure the necessary data protection. These include contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. An example of the data transfer contracts we typically use can be found here. Please note that such contractual provisions partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. of government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.

Certain types of personal data are considered "particularly worthy of protection" under data protection law, e.g. information on health and biometric characteristics. Depending on the constellation, the categories of personal data mentioned in section 4 may also include such particularly sensitive personal data. As a rule, however, we only process particularly sensitive personal data if it is necessary for the provision of a service, you have provided us with this data of your own accord or you have consented to the processing. We may also process particularly sensitive personal data if this is necessary to uphold the law or to comply with domestic or foreign legal provisions, if the data concerned has clearly been disclosed to the public by the person concerned or if the applicable law otherwise permits its processing.

We may process particularly sensitive personal data in the following cases, for example:

• You apply for a job vacancy and provide information about your health, trade union affiliation or criminal record.

"Profiling" means the automated processing of personal data in order to analyse personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities and habits or the prediction of probable behaviour. Profiling can be used in particular to derive preference data (for more information, see section 4.5).

Profiling is a common process, e.g. in automated processing

• of behavioural, transactional and technical data in connection with our websites;
• of information in connection with the attendance of events;
• of communication data, e.g. your response to advertising and other communications;
• from other behavioural and transactional data.

Profiling helps us to do this, for example,

• to continuously improve our services and better tailor them to individual needs;
• to present our contents and offers to you in a way that meets your needs;
• To better support you in customer service;
• to decide which payment options are available based on a credit check.

In order to improve the quality of our analyses and forecasts, we may also combine personal data from different sources as a basis for profiling, e.g. data collected via various of our services. Self-learning algorithms (specific programming in computer programs) may also be used.

You can object to profiling in certain cases as described in section 15.

An "automated individual decision" is a decision that is fully automated, i.e. without human influence, and that has legal consequences for the data subject or otherwise significantly affects him or her. We do not usually do this, but will inform you separately should we use automated individual decisions in individual cases. You then have the option of having the decision reviewed by a human being if you do not agree with it.

We take appropriate security measures of a technical and organisational nature to maintain the security of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risk of loss, accidental alteration, unauthorised disclosure or access. However, like all companies, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymisation of data, logging, access restrictions and the storage of backup copies. Security measures of an organisational nature include, for example, instructions to our employees, training and controls. We also oblige our order processors to take appropriate technical and organisational security measures.

We process and store your personal data,

• as long as it is necessary for the purpose of the processing or purposes compatible with it, in the case of contracts as a rule at least for the duration of the contractual relationship;
• as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security;
• as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period applies. For other data, shorter retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the internet (log data).

In certain cases, we also ask for your consent if we want to store personal data for longer (e.g. for job applications that we want to keep pending). After expiry of the above-mentioned periods, we delete or anonymise your personal data.

We are guided by the following retention periods, for example, although we may deviate from these in individual cases:

• Contracts: As a rule, we keep master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of evidence, legal or contractual requirements or for technical reasons. Transaction data in connection with contracts is generally retained for ten years.
• Technical data: Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
• Communication data: E-mails, communications via contact form and written correspondence are generally retained for ten years.
• Image and sound recordings: The retention period varies depending on the purpose. It ranges from a few days for security camera recordings to several years for reports on events with images.
• Job applications: As a rule, we delete application data within six months after completion of the application process. With your consent, we may keep your application pending with a view to possible subsequent employment.

You have the right to object to data processing, especially if we process your personal data on the basis of a legitimate interest and the other applicable conditions are met. You can also object to data processing in connection with direct marketing at any time. This also applies to profiling, insofar as this is connected with such direct marketing.

To the extent that the applicable requirements in each case are met and no statutory exceptions apply, you also have the following rights:

• the right to request information about your personal data stored by us;
• the right to have inaccurate or incomplete personal data corrected;
• the right to request the deletion or anonymisation of your personal data;
• the right to request the restriction of the processing of your personal data;
• the right to receive certain personal data in a structured, common and machine-readable format;
• the right to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can also contact us in accordance with section 16 if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

You are also free to lodge a complaint with a competent supervisory authority if you have concerns about whether the processing of your personal data complies with the law.

• The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

If you have any questions about this privacy statement or the processing of your personal data, you can contact the respective company responsible at the contact details listed on its website.

You can also contact us as follows:

LamKap Bio Group Bahnhofstrasse 1
CH-8808 Pfäffikon (SZ)
Switzerland

https://www.lamkapbio.com/contact/contact.html

This privacy policy may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. We actively inform persons whose contact details are registered with us of such changes in the event of significant changes, if this is possible without disproportionate effort. In general, the data protection statement in the version current at the time of the start of the processing in question applies to data processing in each case.
 

Last changes: 31.08.2023