Privacy Policy

Initial provisions

Pursuant to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016., hereinafter referred to as: General Data Protection Regulation), which has been adopted and fully applied within all Members of the European Union since May 25^th 2018, the Federal Act on Data Protection of June 19^th 1992 (hereinafter referred to as: Data Protection Act), the Ordinance to the Federal Act on Data Protection of June 14^th 1993 (hereinafter referred to as: Data Protection Ordinance), as well as pursuant to all applicable laws on data protection and the legal frame of personal data protection applied by the Members of the European Union, having in mind the best practices in the related matter, the company Diahem AG, Diagnostic Products, with registered seat in Switzerland, CH-8180 Bülach, Schlosserstrasse 4, enlisted in Commercial Registry of Canton Zürich (hereinafter referred to as: Company), as the controller of personal data from users of its services, has prepared this Privacy Policy for the aforementioned users.
 
Due to the fact that it is supplying data subjects within the European Union with products and services, the Company hereby would like to inform such users (data subjects) that it recognizes the value and importance of personal data regarding each single data subject and it will do its outmost to secure the high standards of data protection, established through the General Data Protection Regulation, apply to the Company’s registered business activities which include any processing of personal data.
 
The Privacy Policy is a unilateral legal document based on the principles relating to processing of personal data that prescribes which personal data of users is being collected, the way such personal data is being processed and the purposes of using such personal data.
 
The Privacy Policy also informs the users of services with their rights regarding the collecting and processing of personal data, all for the purpose of securing their privacy in a broad way.
 
The Privacy Policy is based on the following principles relating to processing of personal data:
 
– lawfulness, transparency and best practices;

– purpose limitation and data minimisation;

– accuracy and completeness of personal data;

– storage limitation;

– integrity and confidentiality;

– accountability;

– trust and fairness;

– purpose of processing;

– anonymisation.

The Privacy Policy is applied to all services provided by the Company, with the goal to inform the users of services in a clear and transparent way with the proceedings of processing their personal data, as well as with their rights regarding such processing. The users are therefore, pursuant to the General Data Protection Regulation, entitled to contact the Company, at any time, with a request for rectification, completion and/or review of personal data concerning the users, as well as with a request regarding the purposes for which the users would like their personal data to be or not to be processed.

Responsibility for processing of personal data:

Diahem AG, Diagnostic Products, with registered seat in Switzerland, 8180 Bülach, Schlosserstrasse 4, enlisted in Commercial Registry of Canton Zürich

Contact information:
e-mail: infoch@diahem.com

Collection of data

Certain services provided by the Company request collection of personal data of users. Such data is being collected in one of the following ways:

Directly from the users, in a way that the users provide the data to the Company, as the controller, with their personal consent in the necessary scope which is important for providing certain services. For such purposes the user is obligated to provide the Company with the following data, necessary to the Company for establishing a contractual obligation and providing a certain service:
 
1. name and surname;

2. address;

3. contact phone and/or mobile phone number;

4. contact E-Mail;

5. information from the personal ID Card;

6. bank account information for the purpose of regulating payment obligations;

Automatically by visiting our web-site and applications, with data associated to online identifiers (IP address and cookie identifiers).

From other sources, mainly from our business partners or publicly available sources (e.g. information available from telephone directory and other publicly available services);

Cookies

Cookies are small data files which are being stored on a computer or a mobile device while visiting a certain web-site. Cookies are being used for the purpose of providing better user experience to each user, storage of user preferences, with a goal to make web-sites work more efficiently, as well as for tracking and analysis of usage and page views of the Company’s web-site. We can distinguish the following sorts of cookies used by the Company:
 
Persistent Cookies, which help memorize data and settings for future visits of the Company’s web-site – this ensures faster access to the content on the web-site and better user experience;
 
Session Cookies, which enable tracking of movement through the Company’s web-site – this ensures that search and entry of information, which has been done by the user while visiting the web-site, is not done while visiting the web-site the next time, which ensures disturbance-free movement without unnecessary further authentication;
 
First Party Cookies, which come from the Company’s web-site visited by the user – this ensures storage of data for any additional visit to the Company’s web-site;
 
Third Party Cookies, which come with advertisements of othr web-sites and are located on the Company’s web-site – this ensures tracking and analysis of usage and page-views as well as for marketing purposes. As such cookies do not come from the Company’s web-site, it is recommended that users inform themselves about their rights regarding protection of their data with each of the entrepreneurs who own such web-sites;
 
Necessary cookies, which are vital for the function of the Company’s web-site and for providing the services of the web-site (e.g. they enable navigation on the web-site and the login into safe areas).
 
Cookies are also used for tracking Internet usage and for establishing user profiles, and subsequently for showing adapted Internet advertisements based of the preferences of users.By turning off and/or blocking cookies (all except the necessary cookies) the user shall still be able view the Company’s web-site. However, due to the importance of Cookies in enabling the full user experience on the web-site, there is a possibility that certain features and/or functionalities of the web-site will not be available to such user, or that the time necessary to access certain functions of the web-site will be longer than usual.The aforementioned online identifiers may leave traces which, combined with other identifiers and information from internet providers, can be used in identifying the user.The amount, or the scope of personal data collected by the Company depends on the service the Company is providing to its users, as well as on the legal grounds of such collection of personal data. The Company is constantly putting the emphasis on collecting only the necessary scope of personal data which is important for achieving the legal purpose of collecting such data.

Purposes of collecting and further processing of personal data

The Company collects personal data so that it could provide, maintain, secure and enhance its services regarding the purchase of certain products, so that it could understand the ways users use provided services and the Company’s web-site, as well as to execute the Company’s contractual obligations. Such data is being collected on the grounds of a consent by the user for one or more specific purposes, as well as in one of the following situations:

Executing contractual obligations

The Company collects and further processes personal data of users for the purpose of executing contracts, delivery of requested products, consulting and helping with usage of products, solving claims of users and other activities which are related to entering into and executing contracts pursuant to the governing law.The necessity of entering into a contract presents the legal ground for processing of personal data of users for the aforementioned purposes. In case the user does not provide the vital data, the Company will not be able to enter into a contract and/or conduct the specific activities related to execution of a contract entered into with the user.

Executing legal obligations

On the grounds of a written request by the user, the Company is obligated to provide the user with access to personal data of such user which is being processed, rectification of inaccurate personal data, erasure of personal data or restriction of processing of personal data, as well as to inform the user of his option to object to processing of personal data and to request data portability.

Marketing and legitimate interests of the Company

The contact information of users may be used for advertising information regarding products and services of the Company in case the user has granted a consent for such processing or in case the Company has legitimate interests for such activities, except in cases where such grounds are overridden by interests and civil rights and freedoms of users which demand protection of personal data.The Company may use the contact information and directly address those users which information it already possesses, in case of legitimate interests for delivering advertising information on similar products and services which the Company provides, using all available channels for advertising, unless the user objects to such processing.

It is necessary for the Company to use certain information of users for constructing personalized advertising information so that the user might receive information which correspond to his wishes and habits, all until the user does not expressly object to such processing of personal data, or until the user revokes his earlier consent to processing.

The legitimate grounds of the Company provide the legal grounds for processing of personal data in the aforementioned purposes unless such grounds are overridden by interests and civil rights and freedoms of users which demand protection of personal data.

Internal purposes

The Company uses certain data of users exclusively for its own records, for the purpose of securing the legitimate interests of the user and/or the Company. E.g. the aforementioned includes usage of personal data for the purpose of construing offers which fulfil the needs and wishes of users, for exploration and analysis of the market.

Data regarding potential users

The Company is also entitled to collect data on potential users of its services. Such data include basic information (name and surname, e-mail address) as well as interests of potential users who address the Company with the purpose of being informed and/or to be offered certain products and services.The legal grounds for such collection of data are a consent of the user or the legitimate interests of the Company.

Time-frame of keeping and processing of personal data

With regard to the purpose and the legal interests of collecting personal data of users, the Company is in certain cases obligated to keep personal data within a time-period (time-frame) which is being prescribed for certain purposes by governing law or by the cease of the purpose to which such data has been collected. After the prescribed legal time-period for keeping certain personal data by the Company had passed, or in case that the purpose of such keeping has ceased, the data shall be erased. Such period may also depend on interests of the Company to provide adequate evidence necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.In cases where the legitimate interests of the Company are the grounds for collecting and processing of data, personal data shall be kept within the time-periods necessary for maintaining a business relationship with the users, like, as an example:
 
– data on existing users: during the contract execution and 2 years after its termination;
– data on potential users: 1 year;
 
Data processed on the grounds of legitimate interests of the Company and/or the consent of the user may also be erased before the end of the time-periods stated in this Privacy Policy in cases where the user requests such erasure or in cases where the user objects to such processing.

Rights of users

Right of access to personal data

On the grounds of a written request by the user, which request may also be in a form of an E-Mail, the Company, as the controller, is obligated to provide the user with access to his personal data which the Company is processing, inform the user of the purpose of processing of personal data, the sort of personal data which is being processed, of persons or categories of persons to which personal data has been made available, of the estimated time-period of processing or of the criteria used to determine such a time-period.

Right to rectification of inaccurate data

The Company shall, as the controller, provide rectification of inaccurate personal data in each single case where it has been established that the collected personal data of a user are not correct or in case where there has been a change of user data.

Right to erasure of personal data

The Company shall conduct the erasure of user personal data in the following cases:
 
1. when user personal data is no longer necessary for executing the purpose of processing, or in case of termination of the purpose of processing;
2. when the user revokes his consent as the legal grounds for processing of personal data and there are no other legal grounds for processing of such data;
3. when the user objects to processing (see more under the Right to object);
4. when the data is being processed unlawfully;
5. when the personal data has to be erased in order to fulfil the legal obligations from the European Union law or the law of the Member State which applies to the Controller;
6. when personal data has been collected with regard to an offer of information society services concerning child’s consent.
 
Right to restriction of processing

The Company shall secure the restriction of processing of personal data in cases where the user is contesting the accuracy of data, where the processing is being conducted unlawfully and the user is opposing the erasure of data as well as requesting the restriction of their use instead, when the controller no longer needs personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, and also in case when the data subject has objected to processing conducted on legitimate grounds of the Company, including the forming of a profile of the user.

Right to data portability

The Company shall conduct the portability of personal data to another controller on the basis of a request by the user in case the user has given his consent to such transfer and the processing is being conducted automatically, as well as if such a transfer is technically possible.

Right to object

The user has the right to object to processing of his or her personal data if such data is being processed for the purpose of legitimate grounds of the controller. In such a case the Company, as the controller, shall cease to process personal data, except if it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claimsWhere personal data are processed for direct marketing purposes, the user shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data is being processed

The Company processes personal data of users in Switzerland and within the Member States of the European Union.The Company would hereby like to inform the users that the European Union has recognised Switzerland as one of the countries which provide adequate protection of personal data (Commission Decision of July 26^th 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland).

Conditions for transferring personal data to third persons

The Company transfers personal data of users to third persons (including competent authorities) only in the following cases:
 
– on the grounds of a consent by the user;
– for the purpose of executing its legal obligations;
– when such processing is necessary for securing key interest of the user.
 

Managing consents

The active role of the users in data protection is manifested through giving consents, as freely given, specific, informed and unambiguous indication of data subject’s wishes by which statement or clear affirmative action the user signifies agreement to processing his or her personal data. Managing consents implies the possibility of the user to authorise the Company, by an active and clearly affirmative action, for collection and processing of specific personal data for one or more purposes (consent of the data subject), as well as to withdraw, in the same way, any prior consent for collection and processing of specific personal data for one or more purposes.

Who to contact

In case of any questions regarding the data protection by the Company, the users can contact the Company via the E-Mail address stated in this Privacy Policy or in a written form to the following address:

Diahem AG
Schlosserstrasse 4
8180 Bülach
Switzerland

Alterations and amendments of this Policy

The Company reserves the right to alter or amend this Privacy Policy at any time and to inform the users of such alterations.

In Bülach, May 2018
Diahem AG, Diagnostic Products