Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our reseachem.ch website. We provide information specifically about the purposes, methods, and locations where we process personal data. Additionally, we inform about the rights of individuals whose data we process.

For specific or additional activities and operations, additional privacy policies and other legal documents such as Terms and Conditions (T&C), Usage Terms, or Participation Terms may apply.

We are subject to Swiss data protection law and, if applicable, foreign data protection law, notably the law of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law ensures adequate data protection.

1. Contact Information

Responsibility for the processing of personal data:

Michele Leuenberger
ReseaChem GmbH, Pestalozzistrasse 16, 3400 Burgdorf

info@reseachem.ch

We will indicate if there are other responsible parties for the processing of personal data in specific cases.

2. Definitions and Legal Bases

2.1 Definitions

Personal data refers to any information relating to a specific or identifiable natural person. An affected person is an individual whose personal data we process.

Processing includes any handling of personal data, regardless of the means and methods used, such as querying, comparing, adapting, archiving, retaining, extracting, disclosing, acquiring, recording, collecting, deleting, disclosing, organizing, storing, altering, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the member states of the European Union, as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, including the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).

If and to the extent the General Data Protection Regulation (GDPR) applies, we process personal data based on at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, unless the fundamental rights and freedoms of the data subject prevail. Legitimate interests include, in particular, our interest in exercising our activities and functions permanently, user-friendly, securely, and reliably, as well as being able to communicate about them; ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of the Member States in the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to exercise our activities and functions permanently, user-friendly, securely, and reliably. Such personal data may particularly fall into the categories of inventory and contact data, browser and device data, content data, metadata, and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration that is necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process or transmit personal data jointly with third parties. These third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.

We generally process personal data only with the consent of the data subjects. If and to the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or safeguard overriding interests.

In this context, we process, in particular, information voluntarily provided by a data subject when making contact – for instance, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for instance, in an address book or using comparable tools. When we receive data about other individuals, the transmitting individuals are obligated to ensure data protection for these individuals and to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the exercise of our activities and functions, to the extent and as long as such processing is permissible under legal reasons.

4. Personal Data Abroad

We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or having it processed there.

We can export personal data to all countries and territories on Earth as well as elsewhere in the Universe, provided that local law ensures adequate data protection according to a decision by the Swiss Federal Council, and – if and to the extent the General Data Protection Regulation (GDPR) applies – based on a decision by the European Commission ensuring adequate data protection.

We may transfer personal data to countries where local law does not provide adequate data protection, provided that data protection is ensured for other reasons, especially through standard data protection clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards or provide copies thereof.

5. Rights of Data Subjects

5.1 Data Protection Rights

We grant data subjects all rights under applicable data protection law. Data subjects particularly have the following rights:

• Information: Data subjects have the right to request information about whether we process personal data about them, and if so, what personal data it concerns. Data subjects also receive the necessary information to assert their data protection rights and ensure transparency. This includes the processed personal data as such, but also includes information about the purpose of processing, the duration of retention, possible disclosure or transfer of data to other countries, and the origin of the personal data.
• Rectification and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and request the restriction of the processing of their data.
• Erasure and Objection: Data subjects can request the erasure of personal data ("right to be forgotten") and object to the processing of their data for the future.
• Data Disclosure and Data Transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects about any conditions that must be met for the exercise of their data protection rights. For example, we may partially or fully refuse information with reference to trade secrets or the protection of other individuals. We may also partially or fully refuse the erasure of personal data based on legal retention obligations.

We may exceptionally require costs for the exercise of rights. We will inform data subjects in advance about any possible costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures within a legally permissible framework. Data subjects are obligated to cooperate.

5.2 Right to Complain

Data subjects have the right to enforce their data protection claims in court or lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority to the extent the General Data Protection Regulation (GDPR) is applicable.

6. Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risks. However, we cannot guarantee absolute data security.

Access to our website is provided through transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Our digital communication is subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, other European countries, the United States of America (USA), and other states, just as generally all digital communication is. We have no direct influence over the processing of personal data by intelligence agencies, police authorities, and other security authorities.

7. Use of the Website

7.1 Cookies

We may use cookies. Cookies - both first-party cookies and third-party cookies from services we use - are data stored in the browser. Such stored data need not be limited to traditional text-form cookies.

Cookies can be stored in the browser as "session cookies" or as so-called permanent cookies for a specific period. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, in particular, recognizing a browser on the next visit to our website and thereby measuring the reach of our website, for example. Permanent cookies can also be used for online marketing.

Cookies can be deactivated or deleted in the browser settings at any time, in whole or in part. Our website may not be fully available without cookies. We ask for the express consent to the use of cookies - at least when and to the extent required.

For cookies used for success and reach measurement or for advertising, a general objection ("opt-out") is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server Log Files

We may record the following information for each access to our website if it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, last visited website in the same browser window (referer or referrer).

We store such information, which can also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably, as well as to ensure data security and thus particularly the protection of personal data - also through third parties or with the assistance of third parties.

7.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also called web beacons. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as in server log files.

8. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the respective operators of such platforms also apply. These provisions provide information, especially about the rights of data subjects directly towards the respective platform, including the right to information.

9. Third-Party Services

We use services from specialized third parties

• Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General Privacy Information: "Privacy and Security Principles", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Privacy Guide for Google Products", "How We Use Data from Websites or Apps Where Our Services Are Used" (provided by Google), "Types of Cookies Used by Google and Other Technologies", "Personalized Advertising" (Activation / Deactivation / Settings).
• Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Great Britain, and Switzerland; General Privacy Information: "Privacy at Microsoft", "Privacy and Trust Center", Privacy Statement, Privacy Dashboard (Data and Privacy Settings).

9.1 Digital Infrastructure

We use services from specialized third parties to access the required digital infrastructure related to our activities. This includes hosting and storage services from selected providers.

Specifically, we use:

• METANET: Hosting; Provider: METANET AG (Switzerland); Privacy Information: Privacy Policy, "Technical and Organizational Measures".

9.2 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings, conduct online classes, and host webinars. For participation in audio and video conferences, the legal texts of individual services, such as privacy policies and terms of use, also apply.

Depending on the situation, we recommend muting the microphone by default and blurring the background or using a virtual background when participating in audio or video conferences.

Specifically, we use:

• Microsoft Teams: Platform for audio and video conferences among other things; Provider: Microsoft; Teams-specific information: "Privacy and Microsoft Teams".

9.3 Map Material

We use services from third parties to embed maps on our website.

Specifically, we use:

• Google Maps including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: "How Google Uses Location Information".

9.4 Fonts

We use services from third parties to embed selected fonts, icons, logos, and symbols on our website.

Specifically, we use:

• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Privacy and Data Collection".

9.5 E-Commerce

We operate e-commerce and use third-party services to successfully offer services, content, or goods.

In particular, we use:

• PepperShop: Online shop platform; Provider: Glarotech GmbH (Switzerland); Privacy information: Privacy Policy.

9.6 Payments

We use specialized service providers to securely and reliably process payments from our customers. For payment processing, the legal texts of the individual service providers such as General Terms and Conditions (GTC) or privacy policies apply additionally.

10. Website Extensions

We use extensions for our website to enable additional features.

In particular, we use:

• Google reCAPTCHA: Spam protection (distinguishing between desired human comments and undesired bot comments and spam); Provider: Google; Google reCAPTCHA specific details: "What is reCAPTCHA?".

11. Success and Reach Measurement

We attempt to determine how our online offering is used. In this context, we can measure the success and reach of our activities and efforts, as well as the impact of third-party links on our website. We can also, for example, experiment and compare how different parts or versions of our online offering are used (the "A/B test" method). Based on the results of success and reach measurement, we can fix errors, strengthen popular content, or make improvements to our online offering.

For success and reach measurement, the Internet Protocol (IP) addresses of individual users are stored in most cases. IP addresses are fundamentally truncated ("IP masking") in this case to follow the principle of data minimization through the corresponding pseudonymization.

Cookies may be used in success and reach measurement, and user profiles may be created. Any potentially created user profiles may, for example, include information about the individual pages visited or content viewed on our website, details about screen size or browser window, and the - at least approximate - location. Potentially created user profiles are fundamentally pseudonymized and are not used to identify individual users. Certain third-party services where users are logged in may potentially link the use of our online offering to the user account or profile with the respective service.

In particular, we use:

• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics specific details: Measurement across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transferred to Google in the USA, "Privacy", "Browser add-on to deactivate Google Analytics".

12. Final Provisions

We can adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate form, especially by publishing the current privacy policy on our website.