Privacy Policy

1. Introduction

Thank you for visiting our website. Data protection is of the utmost importance to us. This Privacy Policy provides comprehensive information about our data processing practices. It describes what we do with your data when you visit our website, purchase our services or products, are otherwise in a contractual relationship with us, communicate with us, or otherwise interact with us.

Pursuant to Article 13 of the Swiss Federal Constitution and the federal data protection provisions (Data Protection Act, DPA), every person has the right to privacy and to protection against the misuse of their personal data (i.e. all information by which they can be personally identified). We comply with these provisions. Personal data is treated as strictly confidential and in accordance with statutory data protection regulations and this privacy policy.

In close cooperation with our hosting providers, we endeavour to protect the databases as effectively as possible against unauthorised access, loss, misuse or falsification.

Further data protection provisions and other legal documents, such as General Terms and Conditions (GTC), Terms of Use or Terms and Conditions of Participation, may apply to specific or additional activities and operations.

2. What types of personal data do we process?

Depending on the specific purpose, we process the following types of personal data in particular:

  • Master data and contact details (e.g. name, address, email, telephone number; where applicable, details of function/role for business contacts and specialists);
  • Content data (voluntary information provided in forms/enquiries, message content);
  • Account and online shop data (when using our online shop/logins: login credentials, accesses, order/transaction and delivery information);
  • Contract, sales and payment data (e.g. contract details, relationship history, products purchased/delivered, invoice/payment information);
  • Usage data (e.g. websites visited, interest in content, access times);
  • Metadata/communication data (e.g. browser or device data, IP addresses);
  • Location data (where applicable when using our services);
  • Application data (e.g. CV, references, correspondence that you send to us as part of an application);
  • Any other information relating to you that you provide to us.

3. For what purpose do we process your personal data?

We process personal data in particular for the following purposes:

  • Communication and handling of enquiries (e.g. via contact form, email, telephone, social media);
  • Operation, security and optimisation of our websites (including the creation of server log files, web analytics, etc.);
  • Provision of the online shop and processing of orders (account creation/management, order and delivery processing, customer service);
  • Operation of the professionals’ area (authentication and access to protected content via swiss-rx-login);
  • Conducting further training, seminars and courses (Academy), including registration and attendance management;
  • Sending newsletters and other direct communications/marketing materials (where legally permissible and/or with consent), including profiling for offer and product development as well as CRM-supported relationship management (e.g. invitations to events);
  • Conducting competitions and surveys (including contacting winners and evaluating non-anonymous survey responses);
  • Fulfilment of obligations under pharmaceutical legislation (e.g. pharmacovigilance: recording, evaluating and, where required by law, reporting suspected cases of adverse drug reactions to Swissmedic; Processing of product complaints/quality reports);
  • Compliance and whistleblowing (processing of reports via our whistleblowing/complaints channels; defence against/enforcement of legal claims; compliance with legal/regulatory requirements);
  • Operation of our social media presence (interaction with users; reach/usage analyses of the platforms).

4. On what legal basis do we process your personal data?

The legal basis for the processing of your personal data depends in each individual case on the respective purpose of the data processing. The following are particularly relevant:

  • Where required by law, your explicit consent, which you may withdraw at any time;
    • the conclusion or performance of a contract with you, or the implementation of pre-contractual measures, in particular in connection with medical advice and the provision of services;
    • the protection of our legitimate interests, in particular to pursue the purposes and associated objectives described above under point 3;
    • the fulfilment of legal obligations.

If the processing of your personal data is based on your consent or our legitimate interests, you may withdraw your consent at any time or object to such processing by contacting us directly at [email protected]. Please note, however, that the withdrawal of your consent has no effect on data processing that has already taken place.

5. How do we protect your personal data?

The security of your personal data is important to us. We take appropriate and suitable technical and organisational measures to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure or access. These security measures include, for example, IT and network security solutions, encryption of data storage media and data transfers, access controls and restrictions, the issuance of guidelines, confidentiality agreements and audits. The security measures are regularly reviewed and adapted to the state of the art. We also require our data processors to implement appropriate security measures. However, security risks cannot generally be completely ruled out; residual risks are unavoidable.

6. What are cookies and when are they used?

In certain cases, we use cookies and similar technologies. Cookies are text files that are placed on and stored on your device (laptop, tablet, smartphone, etc.) via your browser. These do not cause any damage to your device and cannot execute programs or contain viruses. Cookies serve to make our website more user-friendly, effective and secure.

We use various cookies on our website and allow certain third parties to do so as well. These third parties may be based anywhere in the world, in particular in the USA. When you visit our website, you will be informed about the use of cookies via a cookie banner, which refers to this privacy policy. Depending on the purpose of these cookies, we will ask for your consent before they are used. You can also disable or delete cookies in your browser settings at any time, either in full or in part. The procedure for managing and deleting cookies depends on the browser you are using. You can find information on this in your browser’s help menu (usually under the heading ‘Privacy’). Certain features on our website, services and tools are only available through the use of cookies. If cookies are disabled, certain website features, services, applications and tools may not be available.

7. What data do we collect and for what purpose?

7.1. Server log files

When you visit our website, our servers temporarily store information about each visit in a log file. These may contain the following data:

  • Browser type and version;
  • Operating systems used;
  • Referrer URL (the previously visited website);
  • Host name of the accessing computer;
  • Date and time of the server request;
  • Internet Protocol address (IP address);
  • Amount of data transferred;
  • Other similar data and information used for security purposes in the event of attacks on our IT systems.

This data is collected and processed for the purpose of enabling the use of our website (including establishing a connection), ensuring long-term system security and stability, and for error and performance analysis, and enables us to improve and protect our services.

In the event of an attack on the website’s network infrastructure or if there is suspicion of other unauthorised or abusive use of the website, the IP address and other data will be analysed for the purposes of investigation and defence and, where necessary, used in criminal proceedings to identify the users concerned and to take civil and criminal action against them.

Finally, when you visit our website, we use cookies as well as applications and tools that rely on the use of cookies. In this context, the data described here may also be processed.

7.2. Cloudflare

We use the Content Delivery Network (CDN) provided by Cloudflare Inc. (101 Townsend St. San Francisco, CA 94107, USA) (‘Cloudflare’) on our website. Cloudflare Inc.’s CDN, a network of regionally distributed and interconnected servers, enables us to deliver larger media files on our website more quickly and thus improve the performance of our website by accessing the content from the CDN server closest to the user’s location when data is retrieved. To ensure this functionality, your IP address must be transmitted to Cloudflare. Furthermore, Cloudflare also obtains information about the data retrieved by your browser via the CDN. This data, processed during the use of the CDN, is used exclusively to maintain the functionality of the CDN and is subsequently deleted.

Cloudflare processes some of your data in the USA. An adequacy decision by the Federal Council and the European Commission exists for data transfers to the USA under the Swiss-US and EU-US Data Privacy Framework (DPF). Cloudflare is certified under this framework. In addition, we have entered into so-called standard contractual clauses with Cloudflare to oblige Cloudflare to maintain an adequate level of data protection. Further information on data protection at Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

7.3. Contacting us

You have the option of contacting us (e.g. via the contact form, email, telephone or social media). In this case, the information you provide will be processed for the purpose of handling your enquiry and its resolution.

You have the right to object to any further processing of your data. In this case, the data will be deleted and the enquiry will not be processed further. If the data is already being processed in other contexts as a result of your contact with us, such as on the basis of a contract concluded in the meantime, the principles applicable to the relevant context shall apply to the objection regarding data processing.

The data you send to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected. Your data is stored in our internal Schwabe Pharma CRM system.

7.4. Webshop login

When using our webshop and creating a login, you create an account. We collect your name, address, email address, telephone number, billing and delivery addresses. We store login details, access data, transactions, changes and activities relating to your use of the webshop.

The purpose of processing this data is to make the webshop available, to take your order and to process your order. The processing of your personal data serves to initiate and fulfil the contract with you.

7.5. Newsletter

You can subscribe to our newsletter. We use the tools Brevo and ActiveCampaign to send and manage our newsletter. In doing so, we collect and store email addresses and – if provided by you – your first name and surname. We use this data exclusively to send you relevant information about our offers, events or news, and only for as long as you remain subscribed to the newsletter. Your data will neither be sold nor disclosed without authorisation.

By registering, you give us your consent to process the data provided for the purpose of sending the newsletter. You may withdraw your consent to the processing of your email address for the purpose of receiving the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message via the contact details provided. This does not affect the lawfulness of the processing carried out on the basis of your consent up to the time of your withdrawal.

7.6. Competitions

If you take part in a competition organised by us, we collect the personal data necessary to run the competition. This usually includes your name and contact details. We may pass on your personal data to our competition partners, e.g. to send you your prize. Winners may be published on the website, stating their name and place of residence. Participation in competitions and the associated data collection is, of course, voluntary. You will find detailed information in the terms and conditions for the respective competition.

7.7. Surveys

If you wish to take part in our surveys, you will be informed separately about the processing of your data. Participation in surveys is voluntary and based on your consent. If you take part in an anonymous survey, no information will be stored that allows conclusions to be drawn about the participants. Non-anonymous surveys are only conducted with your express consent. You may withdraw your consent at any time by notifying us.

If you take part in a non-anonymous survey, or if you deliberately waive your anonymity, your data and your answers will be stored in the system. Any personal information you disclose whilst answering the questions is regarded as having been provided voluntarily, and a link between your details and your identity is only possible in the case of non-anonymous surveys or if you deliberately waive your anonymity.

Personal data will not be passed on to third parties unless this is explicitly stated in the survey description or you have given your express consent.

7.8. Job Applications

If you apply for a position with us, we will process the personal data you provide to us as part of the application process (e.g. your name, address, email address, and the documents and certificates you submit). We use the system provided by Abacus Research AG (Switzerland) for applicant management.

We use this data, as well as any other data you have voluntarily provided, to assess your application. Application documents from unsuccessful applicants will be deleted once the application process has concluded, unless you have explicitly consented to a longer retention period or we are legally obliged to retain them for a longer period.

7.9. Specialist Staff Login

Professionals can register on our website to gain access to a restricted area. The login for professionals takes place via swiss-rx-login.ch. We use the data entered for this purpose (in particular master data, connection and device-related information) solely to enable secure access to the restricted area and providing the content available therein.

We will store the data collected during registration for as long as you remain registered on this website, after which it will be deleted. Statutory retention periods remain unaffected.

7.10. Participation in training courses, seminars and workshops

The personal data you provide to us as part of a registration will only be used to process your registration and participation. By registering for the relevant training course, you agree that your contact details – generally surname, first name and email address – may be processed for the purpose of participating in the training course. Please refer to the relevant training course description for further information.

7.11. Marketing purposes

All data you provide to us while using our services may be used for marketing purposes on the basis of our legitimate interests. This includes communication regarding specific products or services, or customer-friendly service and communication.

As part of relationship management, we may also operate a Customer Relationship Management (CRM) system in which we store the data necessary to maintain relationships with customers, suppliers and other business partners, e.g. regarding contact persons, relationship history (e.g. regarding products and services purchased or supplied, interactions, etc.), interests, preferences, marketing activities (newsletters, invitations to events, etc.) and other details.

You have the right to object to the processing of your data for marketing purposes at any time. Access is restricted to authorised staff.

7.12. Profiling

If you use our website or publicly accessible services (e.g. contact form, competition or online registration) and provide personal or company data, we may create personal profiles from this data.

We analyse this data from various sources and according to specific criteria. The information derived from this is used in particular to identify which products might be of interest to specific individuals. In addition, this information is used for product development.

7.13. Artificial Intelligence

We may use artificial intelligence (AI) to support our existing activities. Artificial intelligence applications may also process personal data, but this is not always the case. We are aware that the use of artificial intelligence in data processing can entail certain risks and uncertainties. We therefore have internal guidelines in place to ensure the legally responsible use of AI.

We remain responsible for any content generated or decisions made by AI on our behalf, and where a decision has significant implications for the data subject, we ensure that it can be reviewed by a human. If an AI system we use interacts directly with you, we will inform you of this.

7.14. Analytics and marketing/tracking tools

7.14.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For users whose habitual residence is in the European Economic Area or Switzerland, Google states that Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the data controller responsible for your data.

Google Analytics uses cookies and similar technologies that are stored on your computer and enable an analysis of your use of the website. With Google Analytics 4, IP address anonymisation is enabled by default. This ensures that your IP address is masked, meaning that all data is generally transmitted to Google anonymously. Only in exceptional cases is the full IP address transmitted to a Google server and truncated there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services relating to website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. According to Google, it will under no circumstances associate your IP address with any other data held by Google.

You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection and processing of data by Google by downloading and installing the browser add-on available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can opt out of Google Analytics for display advertising and customise the ads on the Google Display Network by visiting the ad settings: https://adssettings.google.de.

Data transfers to Google (USA) are carried out on the basis of the adequacy decision by the Federal Council and the European Commission regarding the Swiss-US and EU-US Data Privacy Framework. Google is certified under this framework. In addition, so-called standard contractual clauses have been concluded with Google to oblige Google to maintain an adequate level of data protection. Further information on data protection at Google can be found at: https://policies.google.com/privacy.

7.14.2. Google reCAPTCHA

This website uses the reCAPTCHA service to detect bots, e.g. when entering data into online forms. The query serves the purpose of distinguishing whether the input is made by a human or through automated, machine processing. This check involves sending your IP address and, where applicable, other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and processed there. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://policies.google.com/privacy.

7.14.3. Google Maps

This website uses Google Maps via an API. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer. If you do not want Google to collect, process or use data about you via this website, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

Further information on the terms of use and data protection for Google Maps can be found at http://www.google.com/intl/de_de/help/terms_maps.html or at https://policies.google.com/privacy.

7.14.4. YouTube

This website embeds videos from YouTube. YouTube is a video portal operated by the American company Google LLC. When you play a YouTube video on our website, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. This information (including your IP address) is usually transmitted to a Google server in the USA and stored there. If you are logged into your YouTube account at the same time, you allow YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.

7.14.5. Google Web Fonts

This website uses so-called web fonts provided by Google to ensure consistent font display. When you visit the site, your browser loads the required web fonts into your browser cache to display text and fonts correctly. To do this, your browser must connect to Google’s servers. In doing so, Google becomes aware that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy.

7.14.6. Google Ads Conversion Tracking

This website uses the online advertising programme Google Ads and, within this framework, conversion tracking (visit action analysis). This integration enables us to determine, for example, how clicks on Google adverts lead to conversions and similar actions on our website. The collected, non-personalised information is used to generate statistics for Google Ads customers. No personalised data is passed on to Google.

If you have arrived at our website via an advert placed by Google, Google Ads will set a cookie on your computer (‘conversion cookie’). The conversion tracking cookie is set when a user clicks on an advert placed by Google. These cookies have a limited validity period, do not contain any personal data and therefore do not serve to identify individuals. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the advert and was redirected to that page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

Further information on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy.

7.14.7. Google Marketing Platform – GMP (formerly DoubleClick)

This website uses GMP, a web analytics service provided by Google. This service helps optimise our integration with Google Ads. It sets cookies when you view an advert or click on one of our advertising banners. This is done to display banners that are more relevant to you. It records whether you have viewed one of our adverts, clicked on it, or completed a conversion on our website. The information stored locally in the cookie regarding your use of our website is transmitted to Google.

Further information on the Google Marketing Platform can be found at https://marketingplatform.google.com/about/.

7.15. Social Media

In addition to our website, we maintain presences on various social media platforms, which you can access via the relevant buttons on our website. If you visit such an online presence, data may be transmitted to the social network provider. Please note that user data may also be transmitted to servers in a third country and may therefore be processed outside Switzerland or the EU.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For these purposes, cookies are usually stored on users’ computers, in which users’ usage behaviour and interests are recorded. Furthermore, data may also be stored in user profiles regardless of the devices used by the users (in particular if users are registered and logged in to the respective platforms).

For a detailed description of the respective forms of processing and the options to object (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks. There you will also find out in which countries they process your data, what rights to information, erasure and other data subject rights you have, and how you can exercise these or obtain further information. We maintain social media profiles on Facebook, Instagram, YouTube and LinkedIn.

8. To whom do we disclose your personal data?

As a general rule, we do not disclose your data to third parties. However, disclosures may be made if we deem this necessary to comply with applicable laws and regulations, in the context of legal proceedings, at the request of the competent courts and authorities, or due to other legal obligations, in order to protect and defend our rights or our property.

In order to provide our services, to comply with contractual or legal requirements, or for the other purposes set out in this privacy policy, it may be necessary for us to disclose your personal data to the following categories of recipients:

  • affiliated companies within the Group;
    • service providers for IT services (data management, data storage/hosting, technical support, cloud services, newsletter distribution, data analysis and processing, etc.), advertising and marketing services, corporate administration; service providers for the organisation and running of events, service providers in the field of recruitment, HR or other services;
    • retailers, transport companies, suppliers, subcontractors and other business partners;
    • customers, where necessary;
    • public authorities, government agencies or courts;
    • the media;
    • the general public, including visitors to websites and social media;
    • other parties in potential or actual legal proceedings.

Recipients may be located domestically or abroad (anywhere in the world). In particular, you should expect your data to be transferred to all countries in which the Schwabe Group is represented, as well as to other countries in Europe and the USA where the service providers we use are located (such as Google). If we transfer data to a country without adequate legal data protection, we require the recipient to take appropriate measures to protect personal data (e.g. by agreeing to so-called EU Standard Clauses, other safeguards or on the basis of legitimate grounds).

9. How long do we retain your personal data?

We retain your personal data for as long as is necessary to fulfil our contractual and legal obligations or for the purposes pursued by the processing, and beyond that in accordance with statutory retention periods.

We delete your personal data as soon as it is no longer required and, in any event, upon expiry of the statutory retention period.

10. What rights do you have?

You have the following rights under the data protection law applicable to you and to the extent provided for therein:

  • the right to request information from us as to whether and which data we process about you;
  • the right to have data corrected if it is inaccurate;
  • the right to request the erasure of data;
  • e right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller, where technically feasible;
  • the right to withdraw consent, insofar as our processing is based on your consent;
  • the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct marketing and other legitimate interests in the processing;
  • the right to receive, upon request, any further information necessary for the exercise of these rights;
  • the right to present your point of view in the event of automated individual decision-making and to request that the decision be reviewed by a natural person.

You also have the right to enforce your claims in court or to lodge a complaint with the competent data protection authority.

To exercise these rights, please send us an email to the following address: [email protected].

Please note that these rights are subject to conditions, exceptions or restrictions (e.g. where we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are permitted to rely on this), or require such data to assert claims). We will inform you accordingly where applicable.

11. Who is responsible for data processing

The controller responsible for the processing of your data is:

Schwabe Pharma

comprising the companies Schwabe Pharma AG and OPS drogerie GmbH

Erlistrasse 2

6403 Küssnacht a.R.

12. Data Protection Officer

Enquiries regarding the processing of your data or the exercise of any rights may be addressed to the following:

Email: [email protected]

13. Changes

We expressly reserve the right to supplement or amend this privacy policy at any time. The version published on our website at any given time shall apply.