1 Controller and Contact Details
Bachem Group (in the following “Bachem” or “we”) is the controller for the personal information we process, unless otherwise stated.
|Controller’s Contact Details||Contact Details inside European Union|
Tel.: +41 58 595 2021
E-Mail: [email protected]
Tel.: +41 58 595 2021
Email: [email protected]
2 GENERAL TERMS AND LEGAL BASIS FOR DATA PROCESSING
Bachem is committed to ensure that your privacy is protected in connection with information that we collect online and offline:
(i) through our websites;
(ii) in providing or obtaining products and services to and from our business partners;
(iii) through email messages that we send to you;
(iv) through the software applications made available by us for use on or through computers and mobile devices;
(v) through any offline business interactions you may have with us;
(vii) through SharePoint sites made available to our customers and third parties.
«Personal data» means data relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals. «Processing» means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.
Under the GDPR, the processing of personal data is not permitted unless there are legal grounds such as to execute a contract (article 6 (1)(b) GDPR), to fulfill legal obligations (article 6 (1)(c) GDPR), to fulfill vital interests of a natural person (article 6 (1)(d) GDPR) and with restrictions to safeguard the legitimate interest of our company (article 6 (1)(f) GDPR). If such legal grounds are not given, we rely on your consent for the processing (see for instance regarding the GDPR article 6 (1)(a) GDPR).
We will delete personal data as soon as the data is no longer needed. However, we may still process personal data if we are obliged to do so by laws or regulatory requirements by a national legislator or by regulations of the European Union.
3 WHAT DATA DOES BACHEM PROCESS?
Bachem only processes data or a category of data if it is strictly necessary for the intended purpose. In general, Bachem processes the following data categories:
(i) Identity data: first name, surname, date of birth, ID, age;
(ii) Contact details: e-mail, postal address, telephone number;
(iii) Job related data: function, role profession, occupation and company profile and address;
(iv) Location data;
(v) Technical data.
3.2 Data processed when providing and obtaining products and services
We collect data in relation to the conclusion or performance of a contract, for example data collected when you place orders in our online shop, information about the contracts and the services provided, as well as data from the period leading up to the conclusion of a contract, information required or used for performing a contract, and information about feedback, complaints, customer satisfaction surveys, customer history, powers of attorney, signature authorizations and declarations of consent. We generally collect this data from you when you make a purchase or as part of a registration, from contractual partners and from third parties involved in the performance of the contract, but also from other third-party sources such as from public sources, the Internet and social media.
We may also collect data from our shareholders and investors in relation to the exercise of their rights and events such as general meetings.
Please note that we do not collect the aforementioned data comprehensively for all contacts. The data collected in an individual case depends on the purpose of the processing activity.
If you register and create an account in our online shop, you will have the possibility to:
(i) Manage your address data, view your order portfolio, follow up on the order status, re-order previous orders, place orders without having to re-enter your ordering credentials, generate quotations and opt-in to newsletters
(ii) With the data you provide us, we will be able to take the necessary steps to enter into and fulfill a contract such as handle the ordering and payment process (article 6(1)(b) of the GDPR).
(iii) If you register for a customer account, generate a quote in our online shop or order from it you provide us with your: First Name, last name, company, department, TAX/VAT number, email address, password, address, country, city, ZIP / postal code, state/province, telephone, mobile number, fax, purchase order number (or reference), shipping account number.
We associate the following data to your identity or order when you order from our online shop, or when you register for an account:
(iv) Customer number, customer group, created from, associate website, details about an order (order number, order date, order total, order from
3.3 Data processed when you contact us
You have several means to contact us, so we can provide you with our service. Please contact us with the contact form on our company website whenever you need a quote, have a technical question, are interested in a topic related to us or our business, want to order, want literature, want us to contact you, need our annual report, want to contact the webmaster, want a brochure, want a catalog, want to give feedback, need an air waybill number, want to subscribe to press releases.
For customer support please use the contact form or the online live chat, on our online shop.
You can write an email for miscellaneous purposes to one of the e-mail addresses displayed on our website or in our online shop.
Depending on your choice why you contact us, the legal basis for processing your personal data is article 6(1)(a) of the GDPR, article 6(1)(b) of the GDPR, article 6(1)(c) of the GDPR or article 6(1)(f) of the GDPR.
You can subscribe to a free newsletter on our website, if you give us your consent to processing your data for this purpose (article 6(1)(a) of the GDPR). When registering for the newsletter (double opt-in), we require the following data from you: First name, last name, email-address, country, topic of newsletters you subscribed to.
We use analytics services to measure and analyze the use of our newsletter. The analytics services collect and analyze usage data such as the number of newsletter recipients who have opened the newsletter or clicked on certain articles. We receive evaluations based on this data. These allow us to optimize our newsletter and provide you with content that interests you.
You can inform us at any time that you wish to stop receiving our newsletter in the future. To do so, please use the unsubscribe link at the end of the newsletter. If you click on the unsubscribe link, we will no longer send you newsletters or measure and analyze your use of the newsletter in the future.
3.5 Technical data to provide you with access to our website and online shop
To provide you with our website and online service and to constantly improve it, we need to maintain and monitor the performance of our website and online shop to provide an appropriate layout of the website or to show you a website customized for your region. Under the GDPR, this is deemed our legitimate interest as a business (6(1)(f) of the GDPR). Therefore, when you access our website or online shop, our systems automatically collect the following technical data: IP address of your terminal device, logs with records of the use of our systems such as date and time of your access to our website, time zone difference to GMT, content of the accessed website (the very page), operating system and access status / HTTP-status code, volume of transferred data, referrer-URL, information concerning the type, language and version of the internet browser used.
Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data and, thus, potentially with an individual in relation to user accounts, registrations, access controls or the performance of a contract.
This technical data is stored in our system’s log files in anonymized form. We do not evaluate the data for marketing purposes in this context. Data in log files is deleted after 120 days at the latest. If certain parts of the data are subsequently processed, the IP addresses of the users are deleted or anonymized in order to render any linking with an individual impossible. Please note that, as this data collection is necessary for the operation of the website, there is no possibility of objection on the part of the user.
The cookies we use are essential to ensure our website’s or online shop’s functionality and are therefore in our legitimate interests as a business (article 6(1)(f) of the GDPR). They are referred to as “technical cookies”.
Please also consult our Transparency Notice on the integration of third-party services and our Cookie Banner.
3.7 Web analytics services
We use web analytics services (currently Google Analytics) to evaluate the use of the website and to obtain information for their optimization. The web analytics services we use collect and store user data by deploying cookies. Before they are transmitted to a server outside of Switzerland/EU/EEA, the IP addresses are shortened and thus anonymized. Accordingly, we do not transmit any personal data to the providers of the web analytics services abroad. Please also consult our Transparency Notice on the integration of third-party services and our Cookie Banner.
3.8 Advertising Technologies
We use advertising technologies on our website. This allows us to target users of our website with advertising that is relevant to them when they visit other websites . The advertising materials are displayed on the websites you visit based on an analysis of your previous use of our website. For this purpose, the providers of the advertising technologies set cookies when you visit our website. For further information please see our separate transparency notice.
3.9 Social plug-ins
The social plug-ins used on our website allow you to recommend and share our content on social networks such as LinkedIn, Facebook, Instagram. They permit us to measure the success of our ads and show our users our products in which they were previously interested. This may include information on the operating system, the browser, the website you previously visited (referrer URL), which offers you clicked on, and the date and time of your visit to our website.
You recognize the social plug-ins on our website by the logos of the respective social network. When you interact with the social plug-in, data is sent to the respective provider of the social network.
3.10 Use of our Social Media Pages
On our corporate social media pages (currently Facebook, Instagram, Twitter and LinkedIn) you will find posts about current developments at as well as our range of services.
These social media providers collect and analyze usage data such as the number of visitors and demographic information about the visitors to our social media pages. We receive evaluations from the social media providers based on this data. These contain only aggregated or otherwise sufficiently anonymized data. Only the respective provider can identify you on the basis of the usage data collected. Therefore, please observe the data protection information and privacy notices of the respective provider.
4 FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We process your personal data primarily to inform you about our range of services and to provide, document and invoice our services in accordance with our contractual and legal obligations.
In addition, we process your personal data for the following purposes:
(i) Answering to your inquiries and communicating with you;
(ii) Processing applications;
(iii) Provision of the website;
(iv) Analysis and optimization of the use of the website;
(v) Marketing and advertising;
(vi) Optimizing our posts on our social media company pages;
(vii) Providing information about new developments of Bachem, new products and new services;
(viii) Conducting events and contests in which you participate;
(ix) Fulfillment of legal obligations
(x) Enforcement of legal claims.
We have a legitimate interest in processing your personal data for the above purposes. Some processing is also necessary so that we can fulfill our contractual obligations to you or our legal obligations (e.g. storage obligations).
5 SHARING YOUR PERSONAL DATA
In relation to our contracts, the website, our services and products, our legal obligations or otherwise with protecting our legitimate interests and the other purposes set out in Section 3, we may disclose your personal data to third parties, in particular to the following categories of recipients:
(i) Bachem group companies: The Bachem group companies may use your data according to this Privacy Notice for the same purposes as we use it. We also disclose your data to other group companies for certain products and services, for example if certain products and services originate from other group companies where we only coordinate the performance. A list of our group companies can be found here. If you wish to object to the disclosure and use of data for marketing purposes, please contact us (Section 1).
(ii) Service providers: We work with service providers (suppliers) in Switzerland and abroad who process your data on our behalf as processors, or with us as joint controllers, or who process your data as individual controllers separate from us. Examples are IT providers, shipping companies, advertising service providers, banks, insurance companies, debt collection companies, credit information agencies, or address verification providers). In each case, we disclose to these service providers only the data they require for their services. If the service providers process your data as individual controllers, they inform about their activities in their own privacy statements.
(iii) Customers: If you act as an employee or representative for a company with which we have concluded a contract, performance of that contract may require that we share data about you with them, such as, for example, how you have used our services.
(iv) Advertising partners: we may share selected data with advertising partners in order for them to be able to carry out non-personal analyses in their fields (for example about the number of our customers who have viewed their advertising) and in order for them to use data for advertising purposes. Advertising partners may only display or provide you with advertising based on your data with your consent.
(v) Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests. These authorities act as separate controllers.
(vi) Other third parties: As part of our business development, we may sell parts of our businesses, or affiliates of the Bachem Group to third parties or enter into partnerships with such third parties. This may also result in the disclosure of data, including from you, for example as a representative of Bachem’s customers or suppliers. Further, as regards communicating with competitors, industry organizations, associations and other bodies, data may be exchanged that also affects you.
The aforementioned third parties may be located in Switzerland, the UK, the EU, the EEA, the US and Japan. Notwithstanding the foregoing, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe, even after sharing with the aforementioned third parties. Countries that are members of the EU or the EEA are deemed countries with an adequate level of data protection. For disclosure to other countries outside the EU and the EEA without adequate statutory data protection under the DPA or the GDPR, we have concluded the Standard Contractual Clauses issued by the EU Commission (with a Swiss Addendum) unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing. If you do not wish certain data to be shared, please let us know so that we can review if in order to determine to what extent we can accommodate your concern (Section 1).
Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.
Bachem shall ensure that any rectification or deletion request you have exercised will be communicated to such third parties, unless this proves impossible or involves disproportionate efforts.
6 RETENTION PERIOD
We generally keep order and contract related personal data for 10 years from the last exchange between us or from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.
Information related to a quote request is kept for no more than 4 months after we have handled your request.
Personal data stored in your registered account is deleted immediately when we delete your account upon your request.
For contacts used only for marketing and advertising, the retention period is usually much shorter, usually no more than 2 years from the last contact.
The data collected when you contact us we keep only as long as needed to fulfill your request, namely for miscellaneous queries not more than 4 months, requests for press releases and annual reports 5 years.
Data relating to you as a shareholder or investor is kept in accordance with corporate law, but in any case for as long as you are invested.
7 HOW DO WE PROTECT YOUR DATA?
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.
Technical and organizational security measures may include encryption and pseudonymization of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. We protect your data that is sent through our website in transit by appropriate encryption. However, we can only secure areas in our control.
We also require our data processors to take appropriate security measures.
However, security risks can never be excluded completely; residual risks are unavoidable. This applies, in particular, to communication via e-mail.
8 YOUR RIGHTS AS AN INDIVIDUAL
To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
(i) The right to obtain information about what personal data we process about you, the purpose and the means of processing it (access right);
(ii) The right to obtain, upon your requesant, a copy of your personal data in a commonly used format (access right);
(iii) The right to have your personal data corrected in the event it is inaccurate or incomplete;
(iv) The right to have your personal data deleted;
(v) The right to object to the processing of your personal data in the event that the data we have about you is inaccurate or if our processing is unlawful or if Bachem no longer needs the personal data;
(vi) The right to request information on third parties with whom Bachem has shared your personal data;
(vii) The right to request that your personal data which you have provided to Bachem is transferred to you in a structured, commonly used and machine-readable format;
(viii) The right to object to the processing of your data for purposes of direct marketing, including profiling;
(ix) The right to withdraw your consent at any time in the event our processing is based solely upon your consent.
Please note that legal requirements and exceptions may apply to all of these rights. To the extent permitted by law, we may refuse or limit your request to exercise these rights. You also have the right to file a complaint with the data protection supervisory authority of the country you reside in or from the Federal Data Protection and Information Commissioner (FDPIC).
You have the right to object to being subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. However, Bachem does not deploy any such automated processing or profiling.
9 ADDITIONAL INFORMATION REGARDING CALIFORNIA AND DO NOT SELL MY DATA
Given that we do not conduct business to consumer (B2C) with California residents to the extent that the prerequisites for applicability of the California Consumer Privacy Act of 2018 (“CCPA”) are fulfilled, we have no legal obligation to comply with the CCPA. Nevertheless, we would like to inform you that we do not “sell” and have not “sold” and will not personal information of you as defined in the CCPA.
10 UPDATE TO PRIVACY STATEMENT