Powered by ZigaForm version 4.0

Privacy Policy

We, SYMBIONET AG, Mittelstrasse 18, 8008 Zürich (“SYMBIONET AG” or “we”), are the operators of the website www.symbiocommerce.io, the SYMBIOCOMMERCE Platform application and the SYMBIO App and are responsible as data controllers for the related collection, processing and use of your personal data as well as for ensuring that data processing complies with the applicable data protection legislation.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure the appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other data protection provisions under Swiss or EU law that may be applicable, in particular the General Data Protection Regulation (GDPR). Please note the following information, so that you know what personal data we collect from you and the purposes for which we use it.

If you have any data protection queries, you can send them to us at the following address:

SYMBIONET AG
Mittelstrasse 18
8008 Zurich
SWITZERLAND

Our data protection officer in the EU is:

SYMBIONET GmbH
Harald Zimmermann
Im Grund 3
91593 Burgbernheim
GERMANY

Contact Harald Zimmerman

Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily save each access in a log file. The following technical data is recorded without your intervention, as is generally the case with every connection to a web server, and is stored by us until it is automatically deleted:

  • the IP address of the accessing computer,
  • the name of the owner of the IP address range (usually your internet access provider),
  • the date and time of access,
  • the website from which the access was made (referrer URL), if applicable with the search term used,
  • the name and URL of the file accessed,
  • the status code (e.g. error message),
  • the operating system of your computer,
  • the browser you use (type, version and language),
  • the transmission protocol used (e.g. HTTP/1.1) and
  • if applicable, your user name from a registration/authentication.

The collection and processing of this data is carried out for the purposes of enabling the use of our website (estab-lishing a connection), ensuring system security and system stability on a permanent basis and enabling the optimi-sation of our internet offering, as well as for internal statistical purposes. This represents our legitimate interest in data processing within the meaning of Art. 6 Para. 1 b of the GDPR.

In addition, in the event of attacks on the network infrastructure or other unauthorised or abusive website use, the IP address is evaluated together with other data for the purpose of clarification and defence and, if necessary, used for identification in the context of criminal proceedings and for civil and criminal proceedings against the users concerned. This represents our legitimate interest in data processing within the meaning of Art. 6 Para. 1 b of the GDPR.

2. Use of our contact form/contact by email

You have the option of using a contact form to get in touch with us. For this purpose we require the following mandatory information:

  • Name
  • email address
  • message

You can also contact us by email. You are responsible for the content you send us. We advise you not to transmit any confidential data. Personal data is only collected if you provide it to us voluntarily. We only use this data so that we can answer your contact enquiry in the best possible and personalised way or provide the services you have requested. The processing of this data is therefore in our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR. If you contact us in order to receive an offer for our products and services, processing will then be necessary for the fulfilment of precontractual or contractual measures in accordance with Art. 6 Para. 1 b of the GDPR.

3. Cookies

When you access our website, we collect information using cookies and tracking tools. Cookies help in many ways to make your visit to our website easier, more pleasant and more effective. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

For example, we use cookies to temporarily store the services you have selected and the information you have entered when filling in a form on the website so that you accordingly don’t need to enter the same information again when you visit another sub-page (“session cookies”). Cookies can also be used to identify you as a registered user after you have registered on the web-site, without you having to log in again when you call up another sub-page (“permanent cookies”).

In addition to the cookies mentioned above, the cookies stored on your computer or mobile device may be so-called “third-party cookies” that originate from independent third parties (e.g. tracking tools such as Google Analytics, see also Section 4 of this privacy policy “third-party cookies”).

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. Deactivating cookies may result in you not seeing some information on our website and not being able to use all the functions of our website that are intended to improve your visit. The processing of data through the use of strictly necessary functional cookies is based on our legitimate interest in the technically error-free provision of our services in accordance with Art. 6 Para. 1 b of the GDPR. The use of non-essential functional cookies is based on your consent in accordance with Art. 6 Para. 1 a of the GDPR. This consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

4. Tracking tools

4.1. Google services

On our website, we use the following Google services:

  • Google Analytics
  • Google Tag Manager
  • Google Fonts

The provider of the Google services is Google LLC, a company owned by the holding company Alphabet Inc. (both located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland) acts as the data controller for users in the EU/EEA and Switzerland (both are referred to as “Google”).

You will find Google’s privacy policy at https://policies.google.com/privacy?hl=de. Further information on the Google services used can be found under Points a-c below. Information on data protection in connection with the transfer of data to the USA can be found be-low under Section 20 of this privacy policy.

a. Google Analytics

We use the Google Analytics web analysis service for the purposes of demand-oriented design and continuous optimisation of our website. . In the process, pseudonymised usage profiles are created and small text files stored on your computer (“cookies”) are used. Cookies of this type are deactivated by default. However, you have the option to allow them by clicking on “Google Analytics” in the data protection settings on our website. With your consent, the information generated by the cookies about your use of these web pages is transmitted to the servers of the providers of these services, stored there and processed on our be-half. Google’s servers are usually located in the USA. In addition to the data listed under Section 1, we may receive the following information:

  • the navigation path that a visitor follows on the site,
  • the time spent on the website or sub-page,
  • the sub-page from which the website is exited,
  • scrolls (whenever a user scrolls at least 90% to the end of the page)
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • adverts viewed/clicked
  • language setting
  • the country, region or city from which access is made,
  • terminal device (type, version, colour depth, resolution, width and height of browser window),
  • returning or new visitor (page views),

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailoring this website to your needs. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google.

Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisa-tion (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area as well as in Switzerland. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, in no case will the IP address be associated with other data relating to the user.

The legal basis for processing data for the above purposes lies in your consent within the meaning of Art. 6 Para. 1 b of the GDPR. You can revoke your consent at any time with future effect by accessing the cookie settings on our website and changing your selection there. The legality of any processing carried out on the basis of the consent which was given before the revocation remains unaffected by this.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, configuring your browser in this way may lead to restrictions in functionality on this and other websites. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=de.

You can also find more information about the data protection of the web analysis service used on the Google Analytics website at https://support.google.com/analytics/answer/6004245?hl=de.

b. Google Tag Manager

This website uses the Google Tag Manager. This service enables website tags to be managed via an interface. The Google Tag Manager only manages tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. This processing is based on our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR.

You can also find further information on data protection with regard to Google Tag Manager at https://support.google.com/tagmanager/answer/9323295?hl=de

c. Google Fonts (use of web fonts)

Google Fonts are used on this website for the uniform display of fonts. The integration of these web fonts for the correct display of texts and fonts is carried out by accessing a server. This means that information about which of our web pages you have visited is transmitted to the server. The IP address of the browser on the device used to visit these web pages is also stored. We have integrated Google Fonts on our local servers by default to ensure that no user data is sent to third-party providers outside Switzerland.

This data processing is based on our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR.

4.2 Social-media plugins

On our website, we have integrated the social media buttons of the following companies:

  • Meta Platforms Inc. (1601 Road Willow, CA 94025 Mento Park, California, USA)
  • LinkedIn Corp. (1000 West Maude Avenue, Sunnyvale, CA 94085, California)

The “Meta services” include, among others, the social networks “Facebook” and “Instagram”, of which we have integrated the corresponding plugins. The provider of the “Meta services” is Meta Platforms Inc. (1601 Road Willow, CA 94025 Mento Park, California, USA). Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) acts as the data controller for users in the EU/EEA and Switzerland (both are referred to as “Meta”). Meta’s privacy policy can be found at https://www.facebook.com/privacy/policy.

The provider of «LinkedIn» is Linkedin Corp. (1000 West Maude Avenue, Sunnyvale, CA 94085, Cali-fornia, USA). LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) acts as the data controller for users in the EU/EEA and Switzerland (both are referred to as “LinkedIn”). You will find the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy.

You can recognise the plugins by the fact that they are marked with the corresponding logo. By default, the social media plugins are deactivated when you visit our website. However, you have the option of activating them in the data protection settings on our website by clicking on the relevant social media button (“consent”). A direct connection to the provider’s server is only established when you activate the relevant plugin. If you are logged into your respective social media account at the same time, the provider in ques-tion can assign the visit to our website to your user account. If you want to prevent this, you should log out of your relevant social media user account before clicking the plugin on our website. Such an assignment is made in any case when you log into the relevant network after clicking on the plugin.

The legal basis for processing the data for the following purposes lies in your consent within the meaning of Art. 6 Para. 1 b of the GDPR. You can revoke your consent at any time with future effect by accessing the plugin settings on our website and changing your selection there. The legality of any processing carried out on the basis of the consent which was given before the revocation remains unaffected by this.

a. Information on data protection in connection with the transfer of data to the USA can be found below under Point 20 of this privacy policy. Further information on the social me-dia plugins can be found under Points a-c below. Meta Pixel – Custom Audiences (for Websites) / Conversion

This website uses the so-called “Meta Pixel” for the following purposes:

Custom Audiences

We use the Meta Pixel for remarketing purposes in order to be able to address you again within 180 days. This enables interest-based advertisements to be displayed to users of the website when they visit the social networks “Facebook”, “Instagram” or other websites that also use this method. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website and services more interesting for you.

Conversion

In addition, we would like to ensure with the help of the Meta Pixel that our adverts correspond to the potential interest of users and do not have a nuisance effect. With the help of the Meta Pixel, we can track the effectiveness of the adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on an advertisement (so-called “conversion”).

b. If you have activated the Facebook plugin when visiting our website, the integration of the Meta Pixel will provide Meta with the information that you have accessed the corre-sponding page of our website or clicked on one of our advertisements. Instagram

We use Instagram social network plugins to make our services accessible to a wider audience. The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

If you have activated the Instagram plugin when visiting our website, your browser will establish a direct connection to Meta’s servers. The content of the plugin is transmitted directly to your browser by Meta and integrated into the page. This integration provides Meta with the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to a Meta server in the USA and stored there.

If you interact with a plugin, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.

c. LinkedIn

This website uses LinkedIn social network plugins. We use these plugins to make our offer accessible to a wider audience. You can recognise the LinkedIn plugins by the LinkedIn logo or the “Recommend” button on our site. If you have activated the LinkedIn plug-in when visiting our website, a direct connection is established via the plugin between your browser and the LinkedIn server. In this way, LinkedIn receives the information that you have visited our site using your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile.

5. Newsletter

Our website offers users the opportunity to subscribe to our newsletter. We will only send newsletters, emails and other electronic notifications (hereinafter: newsletters) with the consent of the recipients or with legal authorisation. As a newsletter subscriber, you submit your email address and your first and last name. This information is necessary for transmission and for the purpose of personal communication. You can change your profile data at any time.

For the registration for our newsletter, we use a so-called “double opt-in” procedure. After registration, we send you an email in which you have to confirm the registration for our newsletter once again. The purpose of this is to ensure that you are indeed the owner of the email address provided or that the owner has consented to receiving the newsletter. The registration process is recorded in order to be able to prove compliance with the applicable legal requirements. This represents our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR. This means that your IP address as well as the date and time of your login and confirmation will be stored. Any changes to your stored data will also be logged.

The distribution of the newsletter and the processing of the data provided in the registration form are based on your consent within the meaning of Art. 6 Para. 1 b of the GDPR. If a service provider is commissioned with the distribution of the newsletter, this is based on our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR in efficient and secure distribution. You can unsubscribe from our newsletter at any time and thereby revoke your consent to store and use your data for sending the newsletter. There is a link for cancelling the newsletter at the end of each newsletter. Unsubscribing does not affect the legality of the data processing that has already taken place up to that point.

Use of the “MailChimp” email service provider

For the purpose of managing newsletter contacts and transmitting the newsletter, we use “MailChimp”, a service that includes support for designing the newsletter and orienting it toward target groups. This is a newsletter delivery platform provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA. MailChimp allows us to organise the transmission of our newsletter and to analyse the usage behaviour of news-letter recipients in order to optimise our services.

We record the details of your registration for our newsletter in MailChimp. To this end, your email address and the additional data indicated above will be passed on to MailChimp and conse-quently stored on MailChimp’s servers in the USA. Further information on data protection in connection with the transfer of data to the USA can be found below in Section 20 of this privacy policy. You will also find more information on data transfer by Mailchimp at https://mailchimp.com/de/help/mailchimp-european-data-transfers/ and at

https://mailchimp.com/de/legal/data-processing-addendum/.

We are able to analyse our newsletters using the MailChimp services. In order to be able to assign session launches and clicks to users, MailChimp uses session cookies and pixel tags/web beacons in our emails. The data are processed directly on the service provider’s servers, which are located overseas. Information regarding users’ actions (e.g. the duration, sequence and URL of visits and page views, as well as information about the device used, IP address, time of access, operating system, browser and approximate location) is also transmitted there. We use this information for the technical improvement and statistical analysis of our newsletter campaigns so that we can better tailor future newsletters to the interests of recipients. There are instances where we direct newsletter recipients to MailChimp’s website. In this regard, we wish to point out that cookies are used on the MailChimp website and that personal data is consequently processed by MailChimp, its partners and the service providers used (e.g. Google Analytics). We have no control over this data collection. Further information can be found in the MailChimp privacy policy (http://mailchimp.com/legal/privacy/). You declare your agreement to this by registering for the newsletter. Should you no longer agree to the newsletter being sent via MailChimp and the aforementioned use of your data, you can unsubscribe from our newsletter at any time and revoke your consent. You cannot separately revoke mailing via MailChimp or the associated statistical evaluation. Your data will be deleted from both our and MailChimp’s servers after you cancel your registration for our newsletter.

Data processing in connection with the use of the SYMBIOCOMMERCE platform

6. Affiliate programme for users

You have the option of using a login form to access our service as a user for which you have to register. For this purpose we require the following mandatory information:

  • user name
  • company
  • address (street, house number, postcode, city, country)
  • title
  • email address
  • first name
  • surname (of the first person registering/business contact)
  • VAT ID
  • industry sector

When you register for the product selection SYMBIO Network, we also require the following information:

  • a description of the company
  • position in the company
  • field of activities
  • telephone number
  • countries you supply or where your products are available

We use this data as well as a company website or/and further voluntary information provided by you only to be able to offer you the best possible use of our platform and to inform you about products of interest. The processing of this data is therefore necessary for the implementation of pre-contractual and contractual measures within the meaning of Art. 6 Para. 1 b of the GDPR, or is in our legitimate interest within the meaning of Art. 6 Para. 1 b of the GDPR.

7. Means of payment

Our platform gives you the option to choose whether you wish to pay by invoice or by credit card. You can specify which means of payment you would like to use in your profile settings. You can go to settings to change the means of payment for future invoicing at any time. Payment for our services will be made using the payment method you have currently selected. If a valid credit card payment cannot be made, we will invoice you for our services.

When you pay by credit card, your payment will be processed via “Stripe”, a third-party service. This is a service provided by the US technology company and online payment service Stripe Inc (354 Oyster Point Blvd, South San Francisco, CA 94080, USA), which offers payment solutions for online payments. This enables us to accept credit and debit card payments. Stripe Payments Europe Ltd (The one Building, 1, Lower Grand Canal Street, Dublin 2, Ireland) is responsible for customers within Switzerland and the EU. However, it cannot be ruled out that personal data may also be transferred to the US. Further information on data protection in connection with the transfer of data to the USA can be found below in Section 20 of this privacy policy.

If you choose to pay by credit card, you will be redirected to a Stripe input screen and the payment data you enter (bank details, credit card details, credit card validity period, credit card verification num-ber (CVC), date and time of the transaction, transaction amount, name of the provider, location) will be transmitted to Stripe for the purpose of payment processing and also processed by Stripe insofar as this is necessary for the fulfilment of the contract. Information such as your surname, first name, email address, customer number, order number and billing or shipping address may also be transmitted to Stripe. This data is used for authentication purposes. We ourselves do not have access to your credit card information, the processing of this data is carried out by Stripe. The legal basis for the forwarding of data to Stripe is the fulfilment of a contract within the meaning of Art. 6 Para. 1 b of the GDPR.

For more information on Stripe’s data collection and use, please see its privacy policy at: https://stripe.com/de-ch/privacy.

When paying by credit card, your payment details will also be passed on to your credit card issuer and to the credit card acquirer. Therefore, we request that you also refer to the privacy policy and general terms and conditions of your credit card issuer concerning the processing of your credit card data by these third parties. The transfer of your data is based on the performance of a contract within the meaning of Art. 6 Para. 1 b of the GDPR.

Data processing in connection with the use of the SYMBIO app

8. Access to the SYMBIO app

The SYMBIO app can be accessed by downloading it from the Apple App Store, the Google Play Store or the Mi-crosoft Store. To use the app you have to register as a user.

9. Customer profiles and the management of their data

For the use of our SYMBIO app, we collect various items of information such as your name, address, phone num-ber, email address or employee number in order to create our customer profiles. There are mandatory and optional fields. Their content is entered by the administrator of the company or the participants (users) themselves. The legal basis for the processing of your personal data lies in pre-contractual measures and the per-formance of a contract within the meaning of Art. 6 Para. 1 b of the GDPR, and our legitimate inter-est within the meaning of Art. 6 Para. 1 b of the GDPR.

10. Interfaces when using the app

Your personal data may reach the providers of other apps through interfaces (a programming interface is a part of a programme that is made available by a software system to other programmes for connection to other sys-tems) when using different apps, without us being able to influence this. You can restrict such interfaces on your tablet or smartphone. Disabling interfaces may result in you not being able to use all the features of our SYMBIO app.

11. Location data

When you make a request, we register your current location via GPS in order to quickly provide you with infor-mation about your immediate surroundings. Data about your location will only be used to process your enquiry. Your location data is transmitted via an encrypted connection. Your location data will be anonymised after your enquiry has been dealt with and statistically analysed to improve our service. The GPS function can be deactivated, but this may lead to restrictions in the use of the app. The legal basis for processing data for this purpose is the fulfilment of a contract within the meaning of Art. 6 Para. 1 b of the GDPR.

12. What data does Symbionet collect when you use the app?

In addition to data about your location, the available goods searched for or ordered as well as the intensity of use of the app, we process the data you provide when checking for approval as a user of the app. We also process the data uploaded voluntarily by users. We collect this data for the development and improvement of the platform, the app and the services associated with it. The legal basis for processing data for this purpose is the fulfilment of a contract within the meaning of Art. 6 Para. 1 b of the GDPR.

Storage and exchange of data with third parties

13. Use of the SYMBIOCOMMERCE platform and app

If you place orders or submit offers via our platform or app, the users concerned receive several items of personal information. Generally, this is the data listed in Section 6 of this privacy policy. In addition, we may receive enquiries about your order or offer. We will process this data by name in order to record your order as requested and to provide you with the services you have ordered. The legal basis for processing data for this purpose is the fulfilment of a contract within the meaning of Art. 6 Para. 1 b of the GDPR.

Finally, we may be informed by users about disputes in connection with the use of the SYMBIOCOMMERCE plat-form or the SYMBIO app. In doing so, we may also receive data relating to the booking process, which may include a copy of the booking confirmation as evidence of the effective completion of the booking. We have a legitimate interest in processing this data within the meaning of Art. 6 Para. 1 b of the GDPR. For example, the data may be needed to safeguard and enforce our claims and fulfil any associated requirement to provide proof in legal proceedings.

Please also note the relevant user’s privacy policy.

14. Central storage and linking of data

We store the data specified in this privacy policy with our web hosting service provider MTF Swiss Cloud AG, Freier Platz 10, CH-8201 Schaffhausen. The data relating to you is systematically recorded and linked for the purposes of processing your orders and handling contractual services. The processing of this data within the framework of the software is based on our legitimate interest in customerfriendly and efficient customer data management within the meaning of Art. 6 Para. 1 b of the GDPR. Subsequently, the legal basis for this processing is also the performance of the contract within the meaning of Art. 6 Para. 1 b of the GDPR.

15. Retention period

We only store personal data for as long as is necessary for the fulfilment of our contractual or legal obligations and any other purposes for which such processing is required. As soon as your personal data is no longer needed for this purpose, it is deleted or anonymised as far as possible.

We retain contractual data for longer, as this is required by legal retention obligations. Retention obligations that require us to retain data result from regulations on accounting, civil law and tax law. According to these regulations, business communication, concluded contracts and accounting records must be kept for up to 10 years. As soon as we no longer need this data to perform the services for you, the data is blocked. This means that the data may then only still be used for accounting and tax purposes and for the defence of any claims against our company.

16. Transmission of data to third parties and transfer abroad

We consider the personal data mentioned in this privacy policy to be confidential and treat it accordingly. We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights and in particular, to enforce claims arising from the contractual relationship.

In addition, we pass on your data to third parties insofar as this is necessary within the framework of the use of the website and the processing of contracts (also outside the website), namely the pro-cessing of your orders or for further processing purposes mentioned in this privacy policy.

Various third-party service providers are explicitly mentioned in this privacy policy. Furthermore, in the course of our business activities and for the purposes described in this privacy policy, to the extent permitted and as we deem appropriate, we may also disclose your personal data to the following recipients in particular:

  • service providers used by us (e.g. trust companies, IT providers, banks)
  • dealers, suppliers, subcontractors and other business associates;
  • domestic and foreign authorities, official bodies or courts;
  • parties in potential or actual legal proceedings.

The recipients can be at home and abroad. In particular, you must expect your data to be transmitted worldwide, wherever the service providers we commission are located (e.g. Google, Meta, MailChimp, Stripe).

The recipients are bound to data protection to the same extent as we are. If the level of data protection in a specific country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

In the case of recipients in a country where the level of data protection does not correspond to the Swiss or European level, we contractually oblige the recipient to comply with the applicable Swiss and European data protection laws, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot invoke an exemption clause. In particular, an exception may apply in the case of legal proceedings abroad but also in cases of overriding public interests or if the performance of a contract requires such disclosure. It may also apply if you have consented or if you have made the data concerned generally accessible and have not objected to its processing.

For this purpose, we agree with the recipients upon the revised Standard Contractual Clauses (“SCCs”) of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2019/914/oj? . Where necessary, we implement additional contractual adjustments to comply with the Swiss data protection provisions “Swiss Addendum”. Where necessary, we implement additional technical and organisational measures.

Certain third-party providers mentioned in this privacy policy are based in the USA. Further information on data transfer to the USA can be found in Section 20 below. 20.

17. Integration of third-party services and content

It may happen that third-party content, such as videos from YouTube or Vimeo, webinars via join.me, RSS feeds or graphics from other websites are integrated within this online offer. This always requires the providers of this content (referred to below as “third-party providers”) to be aware of the IP address of the user. Without the IP address, they would not be able to send the content to the browser of the relevant user. The IP address is accordingly required for the display of this content. We endeavour to use only the content of providers which use the IP address merely to deliver the content. However, we have no influence on whether or not the third-party providers store the IP address, e.g. for statisti-cal purposes. Insofar as this is known to us, we will inform users of this.

Further information

18. Right to information, correction, deletion and restriction of processing; right to data portability

You have the right to request information about the personal data we store about you. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or an authorisation that allows us to process the data. Furthermore, you have the right to object to our data processing, especially in connection with direct marketing, as well as the right to revoke your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

Under certain circumstances, you also have the right to demand that we return the data you have provided to us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a standard file format. You can reach us for the aforementioned purposes via the contact form. We may, at our discretion, require proof of identity to process your requests.

In many countries, you also have the right to lodge a complaint with the relevant data protection authority if you have concerns about how we process your data. The competent data protection au-thority in Switzerland is the Federal Data Protection and Information Commissioner (“EDÖB”). You can find further information at: https://www.edoeb.admin.ch.

The above rights depend on the relevant applicable data protection legislation and may therefore be either more limited or more comprehensive.

19. Data security

To protect your personal data stored with us against manipulation, partial or complete loss and unauthorised access by third parties, we use appropriate technical and organisational security measures such as issuing instructions, training, IT and network security solutions, access controls and restrictions, appropriate encryption measures, pseudonymisation and checks. Our security measures are continuously improved in line with technological developments. Nevertheless, it is not possible to guarantee the absolute security of personal data. In this context, please also note that data transmitted via an open network such as the internet or an email service is openly accessible. We cannot guarantee the confidentiality of messages or content shared via these networks. You should always keep your access data confidential and close the browser window or app when you have finished communicating with us, especially if you share the computer, tablet or smartphone with others.

We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiali-ty and to comply with the provisions of data protection law.

20. Note on data transfer to the USA

Some of the service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users who are resident or have their registered office in Switzerland or the EU that in the USA the US authorities have surveillance measures in place which generally allow the storage of all personal data of all persons whose data has been transferred to the USA from Switzerland or the EU. This is done without any differentiation, limitation or exception in terms of the goal pursued and without any objective criterion that would make it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of this data. Furthermore, we would like to point out that there are no judicial remedies available in the USA for data subjects from Switzerland or the EU that would allow them to obtain access to the data concerning them and to have it corrected or deleted. There is also no effective judicial legal protection against the general access rights of the US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriate informed decision on consenting to the use of their data.

We would like to point out to users who are resident or have their registered office in Switzerland or the EU that the USA does not have an adequate level of data protection from the point of view of the EU and Switzerland for reasons including those mentioned here in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our service providers through contrac-tual regulations with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

21. Right to complain to a data protection supervisory authority

You have the right to complain to a data protection supervisory authority at any time.

22. Applicable law and place of jurisdiction

The present privacy policy and the contracts concluded on the basis of or in connection with this privacy policy are subject to Swiss law unless the law of another country is mandatorily applicable. The place of jurisdiction is the registered office of SYMBIONET AG unless another place of jurisdiction is mandatory.

23. Validity of the German version / contradictions between different language versions

Only the German version of these Data Protection Provisions is legally binding. The English translation is provided for information purposes only. In the event of any ambiguities and/or contradictions between the German and English versions of these Data Protection Provisions, the German version shall therefore be exclusively binding.

24. Final provisions

If individual parts of this privacy policy are invalid, this will not affect the validity of the rest of the privacy policy. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this privacy policy. The latest version of our privacy policy is published on our website and in our application.

This page was last amended on 1 July 2023. If you have any questions or comments about our legal notices or data protection, please contact us.

Valid from: 1 July 2023