Here you will find our other data protection information.
Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us. In accordance with the General Data Protection Regulation (GDPR), we inform you below about how we handle your personal data when you use our website at https://www.melisana.ch
I. Person responsible
Melisana AG
Grüngasse 19
8004 Zürich
Phone: +41 44 247 72 00
E-mail:info@melisana.ch
II. Data Protection Officer
Mr. Alexander Bugl
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Eifelstrasse 55
93057 Regensburg
Office phone: 0941-630 49 789
E-mail: Datenschutz.buglundkollegen@klosterfrau.de
III. Purposes and legal bases of data processing
1. Informational use of the website
You can visit our website without providing any personal data. If you use our website for information purposes only, we do not process any personal data, with the exception of the data that your browser transmits to enable you to visit the website.
Technical provision of the website
For the purpose of the technical provision of the website, it is necessary for us to process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This is technical information that is automatically collected each time you visit our website and stored in our server log files, such as
• IP address;
• Browser type/version (e.g.: Firefox 59.0.2 (64 bit));
• Browser language (e.g. German);
• Operating system used (e.g. Windows 10);
• Inner resolution of the browser window;
• Screen resolution;
• Javascript activation;
• Java On / Off;
• Cookies On / Off;
• Colour depth;
• Referrer;
• Time of access.
We also use cookies to make our website available for you to use. Cookies are text files that are stored in the Internet browser or by the Internet browser on your end device when you access a website. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use these cookies exclusively to make our website and its technical functions available to you. Some functions of our website cannot be offered without the use of cookies. The following information is stored in the cookies and transmitted to us: Cookie ID, login information.
We do not use the information we have collected through the above cookies to create user profiles or to evaluate your surfing behaviour.
We process your personal data for the technical provision of our website on the basis of the following legal bases:
- to fulfil a contract or to carry out pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to obtain information about us; and
- to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to make the website technically available to you. Our legitimate interest is to be able to provide you with an attractive, technically functioning and user-friendly website and to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks to third parties.
2. Processing for the purposes of analysis, advertising and remarketing
We use cookies and the tools described below for the purpose of advertising and remarketing.
We will only process your personal data for this purpose if you have given us your consent to do so. The legal basis is Art. 6 para. 1 lit. a GDPR. You can revoke your consent once given in whole or in part with effect for the future by calling up the Cookie settings again on the cookie page and changing your selection.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses so-called "cookies", i.e. text files that are stored on your end device and enable your use of the website to be analysed. The information generated by the cookie about your use of the website such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are generally transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees that your IP address is masked so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator.
Browser plugin
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
3. Social media links
Our website contains links to external services such as Facebook, Instagram, Pinterest and Google Maps. After clicking on the link, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your data when using the websites of other providers, please refer to the respective data protection notices.
4. Active use of the website
In addition to the purely informational use of our website, you can also actively use our website. In addition to the processing of your personal data described above for purely informational use, we will then also process further personal data from you as described below.
Contact requests
In order to be able to process and respond to your inquiries to us, e.g. via the contact form or to our e-mail address, we process the personal data you provide in this context. In any case, this includes your name and your e-mail address in order to send you a reply, as well as any other information that you send us as part of your message.
We process your personal data to respond to contact requests in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in responding appropriately to contact requests.
IV. Categories of recipients
In our company, only those employees who need your personal data to fulfil our contractual and legal obligations will have access to it. Your data will only be passed on to external bodies if this is permitted or required by law or if you have given your consent.
Below we list the categories of external recipients of your data:
- Affiliated companies within the group of companies, insofar as they act as service providers for us and provide IT services, for example, insofar as this is necessary for the provision of our services or if and insofar as they require the data to fulfil our contractual and legal obligations or on the basis of our legitimate interests.
- Private bodies outside the group of companies, such as online media agencies in particular, which support us in the implementation of advertising measures on our websites, as well as IT service providers who support us in the operation, administration and maintenance of our websites, among other things.
- Public bodies and institutions, insofar as we are legally obliged to do so. For example, as part of our legal obligation, we report reported quality defects in our products (e.g. complaints and counterfeits) to the state authorities responsible for the companies of the Klosterfrau Group. We report your data collected by us in the context of non-interventional studies or observational studies to the relevant authorities to which we are obliged to report as part of our legal obligations.
V. Third country transfer
We only transfer data to countries outside the European Union or the European Economic Area (so-called third countries) if this is necessary or legally permitted or required, if you have given us your consent or as part of order processing.
If service providers are used in a third country, they are obliged to comply with the level of data protection in Europe by agreeing the EU standard contractual clauses. Alternatively, we transfer the data on the basis of an adequacy decision by the European Commission.
For further information, please contact our Data Protection Officer.
VII. Duration of storage
If you use our website purely for information purposes, we store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted immediately.
When you actively use our website, we initially store your personal data for the duration of the response to your request.
In addition, we then store your personal data until any legal claims arising from the relationship with you become time-barred, in order to use it as evidence if necessary. The limitation period is usually between 12 and 36 months, but can also be up to 30 years.
We will delete your personal data once the limitation period has expired, unless there is a legal obligation to retain it, for example due to commercial or tax regulations.
VIII. Your rights as a data subject
You are entitled to the following rights as a data subject under the legal requirements, which you can assert against us:
Right to information: You are entitled to request confirmation from us at any time within the framework of Art. 15 GDPR as to whether we are processing personal data concerning you; if this is the case, you are also entitled within the framework of Art. 15 GDPR to receive information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfer, the appropriate guarantees) and a copy of your data.
Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.
Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the establishment, exercise or defence of legal claims.
Right to restriction of processing: You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
Right of revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
Information about your right to object in accordance with Art. 21 GDPR
1. You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
2. We also process your personal data in individual cases for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct advertising. We will observe this objection for the future.
We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
You can either send us inquiries regarding the assertion of your aforementioned data protection rights using the contact details of the Controller provided above or contact our external Data Protection Officer using the contact details provided above.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
IX. Scope of your obligations to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we may not be able to provide you with our website in full and without technical errors and may not be able to answer your inquiries to us. Personal data that we absolutely require for the above-mentioned processing purposes is marked with an "*" or another symbol as mandatory information.
X. Non-existence of automated decision-making in individual cases (including profiling)
We do not use any procedures for purely automated decision-making in individual cases (including profiling) in accordance with Art. 22 GDPR.
Status: June 2024