1 Controller and Contact Details
Bachem Group (in the following “Bachem” or “we”) is the controller for the personal information we process, unless otherwise stated.
|Controller’s Contact Details||Contact Details inside European Union|
Tel.: +41 58 595 2021
|Bachem AG c/o Loeba Treuhand GmbH
Tel.: +41 58 595 2021
2 GENERAL TERMS AND LEGAL BASIS FOR DATA PROCESSING
Bachem is committed to ensure that your privacy is protected in connection with information that we collect online and offline:
(i) through our websites;
(ii) in providing products and services to our customers;
(iii) in providing or obtaining products and services to and from our business partners;
(iv) through email messages that we send to you;
(v) through the software applications made available by us for use on or through computers and mobile devices;
(vi) through any offline business interactions you may have with us;
(viii) through SharePoint sites made available to our customers and third parties.
«Personal data» means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals. «Processing» means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.
Under the GDPR, the processing of personal data is not permitted unless there are legal grounds such as to execute a contract (article 6 (1)(b) GDPR), to fulfill legal obligations (article 6 (1)(c) GDPR), to fulfill vital interests of a natural person (article 6 (1)(d) GDPR) and, with restrictions, to safeguard the legitimate interest of our company (article 6 (1)(f) GDPR). If such legal grounds are not given, we rely on your consent for the processing (see for instance regarding the GDPR, article 6 (1)(a) GDPR).
We will delete personal data as soon as the data is no longer needed. However, we may still process personal data if we are obliged to do so by laws or regulatory requirements by a national legislator or by regulations of the European Union. For further information regarding the storage of data please refer to Section 6 below.
3 WHAT DATA DOES BACHEM PROCESS?
Bachem only processes data or a category of data if it is strictly necessary for the intended purpose. In general, Bachem processes the following data categories:
(i) Identity data: first name, surname, date of birth, ID, age;
(ii) Contact details: e-mail, postal address, telephone number;
(iii) Job related data: function, role profession, occupation and company profile and address;
(iv) Location data;
(v) Technical data.
3.2 Data processed when providing and obtaining products and services
We collect data in relation to the conclusion or performance of a contract, for example data collected when you place orders in our online shop, information about the contracts and the services provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback, complaints, customer satisfaction surveys, customer history, powers of attorney, signature authorizations and declarations of consent. We generally collect this data from you when you make a purchase or as part of a registration, from contractual partners and from third parties involved in the performance of the contract, but also from other third-party sources such as from public sources, the Internet and social media, to the extent permitted by law. When we collect data from third parties, we collect the categories of data listed in the Transparency Notice.
We may also collect data from our shareholders and investors in relation to the exercise of their rights and events such as general meetings.
Please note that we do not collect the aforementioned data comprehensively for all contacts. The data collected in an individual case depends on the purpose of the processing activity.
If you register and create an account in our online shop, you will have the possibility to:
(i) Manage your address data, view your order portfolio, follow up on the order status, re-order previous orders, place orders without having to re-enter your ordering credentials, generate quotations and opt-in to newsletters.
(ii) With the data you provide us, we will be able to take the necessary steps to enter into and fulfill a contract such as handle the ordering and payment process (see for instance regarding the GDPR, article 6(1)(b) of the GDPR).
(iii) If you register for a customer account, generate a quote in our online shop or order from it you provide us with your: First Name, last name, company, department, TAX/VAT number, email address, password, address, country, city, ZIP / postal code, state/province, telephone, mobile number, fax, purchase order number (or reference), shipping account number.
We associate the following data to your identity or order when you order from our online shop, or when you register for an account:
(iv) Customer number, customer group, created from, associate website, details about an order (order number, order date, order total, order from.
3.3 Data processed when you contact us
You have several means to contact us, so we can provide you with our service. Please contact us with the contact form on our company website whenever you need a quote, have a technical question, are interested in a topic related to us or our business, want to order, want literature, want us to contact you, need our annual report, want to contact the webmaster, want a brochure, want a catalog, want to give feedback, need an air waybill number, want to subscribe to press releases.
For customer support please use the contact form or the online live chat, on our online shop.
You can write an email for miscellaneous purposes to one of the e-mail addresses displayed on our website or in our online shop.
Depending on your choice why you contact us, the legal basis for processing your personal data lies in your consent (see for instance regarding the GDPR, article 6(1)(a) of the GDPR), the performance of a contract (for instance, article 6(1)(b) of the GDPR), the compliance with a legal obligation (for instance, article 6(1)(c) of the GDPR) or the safeguarding of the legitimate interests of our company (for instance, article 6(1)(f) of the GDPR).
You can subscribe to a free newsletter on our website, if you give us your consent to processing your data for this purpose (see for instance regarding the GDPR, article 6(1)(a) of the GDPR). When registering for the newsletter (double opt-in), we require the following data from you: First name, last name, email-address, country, topic of newsletters you subscribed to.
We use analytics services to measure and analyze the use of our newsletter. The analytics services collect and analyze usage data such as the number of newsletter recipients who have opened the newsletter or clicked on certain articles. We receive evaluations based on this data. These allow us to optimize our newsletter and provide you with content that interests you.
You can inform us at any time that you wish to stop receiving our newsletter in the future. To do so, please use the unsubscribe link at the end of the newsletter. If you click on the unsubscribe link, we will no longer send you newsletters or measure and analyze your use of the newsletter in the future.
3.5 Technical data to provide you with access to our website and online shop
To provide you with our website and online service and to constantly improve it, we need to maintain and monitor the performance of our website and online shop to provide an appropriate layout of the website or to show you a website customized for your region. This is deemed our legitimate interest as a business (see for instance regarding the GDPR, (6(1)(f) of the GDPR). Therefore, when you access our website or online shop, our systems automatically collect the following technical data: IP address of your terminal device, logs with records of the use of our systems such as date and time of your access to our website, time zone difference to GMT, content of the accessed website (the very page), operating system and access status / HTTP-status code, volume of transferred data, referrer-URL, information concerning the type, language and version of the internet browser used.
Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data and, thus, potentially with an individual in relation to user accounts, registrations, access controls or the performance of a contract.
This technical data is stored in our system’s log files in anonymized form. We do not evaluate the data for marketing purposes in this context. Data in log files is deleted after 120 days at the latest. If certain parts of the data are subsequently processed, the IP addresses of the users are deleted or anonymized in order to render any linking with an individual impossible. Please note that, as this data collection is necessary for the operation of the website, there is no possibility of objection on the part of the user.
The cookies that are essential to ensure our website’s or online shop’s functionality are in our legitimate interests as a business (see for instance regarding the GDPR, article 6(1)(f) of the GDPR). They are referred to as “technical cookies” or “functional cookies”.
Please also consult our Transparency Notice on the integration of third-party services and our Cookie Banner.
3.7 Web analytics services
Whilst we may assume that the information shared by us with our web analytics services is not personally identifiable to them, it is possible that the web analytics services could use the collected data to draw inferences about visitors’ identities, create personal profiles, and, in the case of Google Analytics, link the information with their Google accounts for Google’s own purposes. If you consent to the use of Google Analytics, you explicitly consent to any such processing by Google, including the transfer of your personal date to the USA and other countries, where it might be subject to local lawful access, it being understood that you can withdraw your consent at any moment for the future. For more information regarding the data processing by Google, please visit Google’s website (https://policies.google.com/technologies/partner-sites?hl=en). Please also consult our Transparency Notice on the integration of third-party services and our Cookie Banner.
3.8 Advertising Technologies
We use advertising technologies on our website. This allows us to target users of our website with advertising that is relevant to them when they visit other websites. The advertising materials are displayed on the websites you visit based on an analysis of your previous use of our website. For this purpose, the providers of the advertising technologies set cookies when you visit our website. For further information please see our separate Transparency Notice.
3.9 Social plug-ins
The social media plug-ins used on our website allow you to recommend and share our content on social networks such as LinkedIn, Facebook, Instagram. They permit us to measure the success of our ads and show our users our products in which they were previously interested. This may include information on the operating system, the browser, the website you previously visited (referrer URL), which offers you clicked on, and the date and time of your visit to our website.
3.10 Use of our Social Media Pages
On our corporate social media pages (currently Facebook, Instagram, Twitter and LinkedIn) you will find posts about current developments at as well as our range of services.
These social media providers collect and analyze usage data such as the number of visitors and demographic information about the visitors to our social media pages. We receive evaluations from the social media providers based on this data. These contain only aggregated or otherwise sufficiently anonymized data. Only the respective provider can identify you on the basis of the usage data collected. Therefore, please observe the data protection information and privacy notices of the respective provider.
4 FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We process your personal data primarily to inform you about our range of products and services and to provide, document and invoice our products and services in accordance with our contractual and legal obligations.
In addition, we process your personal data for the following purposes:
(i) Answering to your inquiries and communicating with you;
(ii) Processing applications;
(iii) Provision of the website;
(iv) Analysis and optimization of the use of the website;
(v) Marketing and advertising;
(vi) Optimizing our posts on our social media company pages;
(vii) Providing information about new developments of Bachem, new products and new services;
(viii) Conducting events and contests in which you participate;
(ix) Fulfillment of legal obligations
(x) Enforcement of legal claims.
We have a legitimate interest in processing your personal data for the above purposes. Some processing is also necessary so that we can fulfill our contractual obligations to you or our legal obligations (e.g. storage obligations).
5 SHARING YOUR PERSONAL DATA
In relation to our contracts, the website, our services and products, our legal obligations or otherwise with protecting our legitimate interests and the other purposes set out in Section 3 and 4, we may disclose your personal data to third parties, in particular to the following categories of recipients:
(i) Bachem group companies: The other Bachem group companies in Switzerland or abroad may use your data according to this Privacy Notice for the same purposes as we use it. We also disclose your data to other Bachem group companies for certain products and services, for example if certain products and services originate from other group companies where we only coordinate the performance. A list of our group companies can be found here. If you wish to object to the disclosure and use of data for marketing purposes, please contact us (Section 1).
(ii) Service providers: We work with service providers (suppliers) in Switzerland and abroad who process your data on our behalf as processors, or with us as joint controllers, or who process your data as individual controllers separate from us. Examples are IT providers, shipping companies, advertising service providers, banks, insurance companies, debt collection companies, credit information agencies, or address verification providers). In each case, we disclose to these service providers only the data they require for their services. If the service providers process your data as individual controllers, they inform about their activities in their own privacy statements.
(iii) Customers: If you act as an employee or representative for a company with which we have concluded a contract, performance of that contract may require that we share data about you with them, such as, for example, how you have used our services.
(iv) Advertising partners: we may share selected data with advertising partners in Switzerland or abroad in order for them to be able to carry out non-personal analyses in their fields (for example about the number of our customers who have viewed their advertising) and in order for them to use data for advertising purposes. Advertising partners may only display or provide you with advertising based on your data with your consent, which can be withdrawn at any time for the future.
(v) Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities act as separate controllers.
(vi) Other third parties in Switzerland or abroad: As part of our business development, we may sell parts of our businesses, or affiliates of the Bachem Group to third parties or enter into partnerships with such third parties. This may also result in the disclosure of data, including from you, for example as a representative of Bachem’s customers or suppliers. Further, as regards communicating with competitors, industry organizations, associations and other bodies, data may be exchanged that also affects you.
All aforementioned Bachem group companies and third parties may be located in Switzerland, the UK, the EU, the EEA, the US and Japan or any other country worldwide. Notwithstanding the foregoing, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe, even after sharing with the aforementioned third parties. Countries that are members of the EU or the EEA are deemed countries with an adequate level of data protection. For disclosure to other countries outside the EU and the EEA without adequate statutory data protection under the FDPA or the GDPR, we have concluded the Standard Contractual Clauses issued by the EU Commission (with a Swiss Addendum) unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing. If you do not wish certain data to be shared, please let us know so that we can review if in order to determine to what extent we can accommodate your concern (Section 1).
Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.
Bachem shall ensure that any rectification or deletion request you have exercised will be communicated to such third parties unless this proves impossible or involves disproportionate efforts.
6 RETENTION PERIOD
The personal data collected by us is only stored for as long as the purposes of processing set forth herein, legal retention obligations and/or our overriding legitimate interests in documentation and keeping evidence require it, or as long as there exists a corresponding technical requirement. As soon as the personal data collected by us is no longer required for the above-mentioned purposes and no contrary legal obligations exist anymore, it will be deleted or anonymized as a matter of principle and as far as possible.
In particular, we apply the following retention periods. We generally keep order and contract related personal data for 10 years from the last exchange between us or from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.
Information related to a quote request is kept for no more than 4 months after we have handled your request.
Personal data stored in your registered account is deleted immediately when we delete your account upon your request.
For contacts used only for marketing and advertising, the retention period is much shorter, usually no more than 2 years from the last contact.
The data collected when you contact us we keep only as long as needed to fulfill your request, namely for miscellaneous queries not more than 4 months, requests for press releases and annual reports 5 years.
Data relating to you as a shareholder or investor is kept in accordance with corporate law, but in any case, for as long as you are invested.
7 HOW DO WE PROTECT YOUR DATA?
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.
Technical and organizational security measures may include encryption and pseudonymization of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. We protect your data that is sent through our website in transit by appropriate encryption. However, we can only secure areas in our control.
We also require our data processors to take appropriate security measures.
However, security risks can never be excluded completely; residual risks are unavoidable. This applies, in particular, to communication via e-mail.
8 YOUR RIGHTS AS AN INDIVIDUAL
To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
(i) The right to obtain information about what personal data we process about you, the purpose and the means of processing it (access right);
(ii) The right to obtain, upon your request, a copy of your personal data in a commonly used format (right of data portability);
(iii) The right to have your personal data corrected in the event it is inaccurate or incomplete;
(iv) The right to have your personal data deleted;
(v) The right to object to the processing of your personal data in the event that the data we have about you is inaccurate or if our processing is unlawful or if Bachem no longer needs the personal data;
(vi) The right to request information on third parties with whom Bachem has shared your personal data
(vii) The right to request that your personal data which you have provided to Bachem is transferred to you in a structured, commonly used and machine-readable format;
(viii) The right to object to the processing of your data for purposes of direct marketing, including profiling;
(ix) The right to withdraw your consent at any time for the future in the event our processing is based solely upon your consent.
Please note that legal requirements and exceptions may apply to all of these rights. To the extent permitted by law, we may refuse or limit your request to exercise these rights. You also have the right to file a complaint with the data protection supervisory authority of the country you reside in or with the Swiss Federal Data Protection and Information Commissioner (FDPIC).
To exercise your rights, it is typically necessary to provide proof of your identity, such as a copy of your identification documents. If you wish to assert these rights, please contact us using the contact details listed in section 1 above.
You have the right to object to being subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. However, Bachem does not deploy any such automated processing or profiling.
9 ADDITIONAL INFORMATION REGARDING CALIFORNIA AND DO NOT SELL MY DATA
Given that we do not conduct business to consumer (B2C) with California residents to the extent that the prerequisites for applicability of the California Consumer Privacy Act of 2018 (“CCPA”) are fulfilled, we have no legal obligation to comply with the CCPA. Nevertheless, we would like to inform you that we do not “sell” and have not “sold” and will not personal information of you as defined in the CCPA.
10 UPDATE TO PRIVACY STATEMENT
Version effective as of August 16, 2023