Privacy Statement

The protection of your personal data (also referred to below as ‘data’) and your privacy is important to us. We are committed to handling your personal data responsibly. ‘Personal data’ refers to any information which identifies you or makes you identifiable, such as your first name and surname, address and email address.

It goes without saying that, when we process your personal data, we comply with the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Swiss Federal Act on Data Protection (VDSG) and other applicable data protection regulations, such as the EU General Data Protection Regulation (GDPR).

In this privacy statement, bio-familia provides information on what we do with your data when you visit our website, use our services, otherwise interact with us under a contract, communicate with us or engage with us in any other way. In addition, we can provide information on the processing of your data in separate documents, e.g. in declarations of consent, contractual terms, additional privacy policies, forms and notices.

Please read our privacy statement carefully. If you have any questions or comments regarding this privacy statement, you can direct them to the address provided in section 1 at any time.

1. Name and address of the controller

The controller for the data processing described in this privacy statement is:

bio-familia AG
Brünigstrasse 141
6072 Sachseln
Switzerland

Phone: +41 (0)41 666 25 55

If you have any questions about data protection and the processing of your personal data, or if you wish to request information, please get in touch. You can contact us at datenschutz@bio-familia.com.

Certain service providers act as their own controllers, e.g. PayPal and credit card providers, if you use them. Here, too, these service providers’ privacy statements should be heeded.

2. What personal data do we process?

On our website, we process data from the following categories, among others:

Contact data: this includes surnames, first names, email addresses, postal addresses and phone numbers,
Data from online forms: this includes contact details and other information requested,
Verification data: this includes usernames and passwords for our online shop,
Content data: this includes text entries,
Usage data: this includes the websites visited, access times, click behaviour, interest in content,
Metadata/communications data: this includes IP addresses, dates, times, pages visited, device information,
Meeting metadata: this includes participant IP addresses, device/hardware information,
Server log files: this includes the browser type and version, the operating system used, the referrer URL, the host name of the accessing computer and the time of the server request,
Marketing data: this includes lead data (contact/sales opportunities) and any marketing messages transmitted,
Newsletter data: this includes personal data and email addresses, (un-)subscribe data and opening rates,
Applicant data: this includes your personal details, your education, work experience, skills, notes on your previous role(s) and your availability, notice period, and the usual contact details such as your postal address, email address and phone number.

We also process the following data as part of customer relationships and business relationships:

Contractual data: this includes the services used, payment information,
Customer data: this includes personal details, customer numbers, customer types, customer histories, data on goods or services purchased, order dates, payment dates.

3. Who do we receive your personal data from?

We usually collect personal data from you directly. In addition, we obtain personal data via our address buyers, sponsorship partners, etc.

4. For what purposes do we process the data?

On our website and when providing our services, we process your data for the following purposes in particular:

To enable visits to our website,
To enable the use of our contact form,
To enable the use of Microsoft Teams,
To manage subscriptions to our electronic newsletter,
To manage competition entries,
To take orders via the bio-familia online shop,
To use data for marketing purposes,
To provide other services,
To conduct product reviews and satisfaction surveys,
To conduct application processes.

5. On what legal basis do we process personal data?

Our standard legal basis for processing your personal data is usually:

The conclusion or performance of a contract with you or the handling of your corresponding preliminary enquiries,
Your consent, which you can revoke at any time,
A balance of interests; you may, however, be able to object to this in certain situations,
A legal obligation, which may also impact the balance of interests.

An additional legal basis for processing your personal data is our overriding interests in processing this data, which include the following:

To provide customer support and maintain our business relationships (e.g. contact maintenance, communication with our business partners),
To perform our advertising and marketing activities,
To use the opportunity to get to know the users of our website and online services better,
To improve and refine our products and services (e.g. IT security in connection with the use of our website, improving our range of online services).

If required, we seek consent from you. If you have given your consent electronically by ticking a box, we will log the declaration of consent; in doing so, we may store your account name, the place on the page and the date and time. You can withdraw your consent or object to the processing at any time and in any format. A notice of withdrawal of consent and/or objection to processing should be sent to the address provided in section 1.

6. Scope and purpose of the processing of personal data

a) When you visit the website

When you visit our website, the browser on your device that you use to access the website sends information to our website server. This information is temporarily stored in a log file. We collect the following information without any action on your part, and this information is automatically deleted after one month:

IP address of the device used
Date and time of access
Name and URL of the file accessed
Website from which the page was accessed (referrer URL)
Device type and operating system in use on your device
Name of your access provider
Browser type and version, as well as other information transmitted by your browser (such as geographical origin, language settings, add-ons used, screen resolution, etc.).

We process the above-mentioned data for the following purposes:

To successfully establish a connection to the website
To optimise use of our website
To evaluate system security and stability
For other administrative purposes.

The data processing is based on our legitimate interest in processing the data. We will never use data collected in this way to identify you personally.

b) When you use our contact form

We provide a contact form on our website, which you can use to contact us with any questions that you may have. The form requires you to enter a valid email address, your first name and surname, telephone number and message, so that we know who submitted the enquiry and are able to respond. All other details are provided voluntarily.

We process this personal data on the basis of our legitimate interest in corresponding with you and for the purposes of processing and your enquiry and resolving it.

You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the address provided in section 1.

c) Communication

We use various collaborative tools for telephone conferences, online meetings and video conferences (summarised below as ‘online meeting’). Various types of data are processed when these tools are used. The scope of the data depends on factors such as the data stated before or during participation in an online meeting. This data includes, for instance,

First and last names, participants’ names if applicable, company email address,
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location,
Audio, video or chat content,
Meeting name and, if applicable, the password required to participate in the meeting,
Profile image, if applicable,
Any other personal data provided by the data subjects during the meeting.

If online meetings are to be recorded, this is stated transparently in advance and, where necessary, consent is sought. Please send your withdrawal to the address provided in section 1 or to the following email address: datenschutz@bio-familia.ch.

We have an overriding interest in processing this data. In these instances, our overriding interest lies in conducting the meetings effectively. Otherwise, the contract forms the legal basis for data processing relating to online meetings, provided that the meeting was conducted within the framework of contractual relationships.

d) When you subscribe to our electronic newsletter

You can subscribe to our newsletter on our website.

If you have subscribed to our newsletter, we will use your email address to send you information about us and our offers, products and promotions. Please provide your first name, surname and title so we can address the newsletter to you personally. By subscribing to the newsletter, you authorise us to send regular newsletters to the address you have provided.

Subscribing to the newsletter is subject to a double opt-in procedure. This means that after you subscribe and tick the check box, you will receive an email prompting you to click on a link to confirm your subscription.

We perform statistical evaluations of user behaviour in relation to the newsletter in order to optimise the newsletter.

Each newsletter contains a web beacon, which is a pixel-sized file that is tracked by the server of the distribution platform when you open the newsletter. Initially, when you access the newsletter, technical information – such as information about your browser and system, your IP address and the date and time you accessed the newsletter – is collected. This information is used to make technical improvements to services on the basis of technical data, or to target groups and their reading habits on the basis of the locations of their visits (which can be determined with IP addresses). The web beacon also collects information about whether the newsletter was opened, when it was opened and what links you clicked on. Although this information can be associated with individual newsletter recipients for technical reasons, neither we nor the distribution platform intend to monitor individual users. Rather, the purpose of the evaluations is to identify the reading habits of our users and adapt our content to them, or to send various types of content in line with the interests of our users.

You can unsubscribe from the newsletter and withdraw your consent at any time. To do so, click on the link in the newsletter. The link to unsubscribe from the newsletter can be found at the bottom of every newsletter. You can also send a notice of your withdrawal of consent to the address provided in section 1.

e) When you sign up for competitions

From time to time, we run competitions or similar promotions. We use the following personal data to run the competitions or promotions:

Title, surname, first name
Address
Email address

Personal data is processed solely in order to run the competition, to pick the winners and to send the prize. In some cases, we might share your personal data with other competition partners, e.g. to deliver the prize to you.

So that any claims made by a competition participant can be verified, participants' data is stored for six months after the competition and then erased.

This does not apply if you have separately given your express consent to the use of the aforementioned personal data and any other personal data for marketing (emails, newsletters etc.) or other purposes.

Naturally, participation in a competition and the related collection of data are voluntary. For more detailed information, see our terms of participation for each competition.

f) When you place an order in the familia online shop

Müesli, merchandise and a range of other products can be purchased from the familia online shop.

To place an order, you can either set up a login or check out as a guest. If you create an account, you can set a password. If you visit our online shop again in future, you can log in with your username and password. Your password is encrypted and cannot be accessed by us.

The following details are needed for the purposes of registration and order shipping:

Title, surname, first name
Address
Email address
And your phone number (optional) in case we have any queries

We use the personal data collected when you register and place an order for the sole purpose of processing your order properly. This data processing is carried out on the basis of our legitimate interest in processing your order.

If you have an account, your personal data and order data will be stored in your customer account. You can view and edit the data at any time.

You can object to the data being used for the above purpose at any time. You can send a notice of your withdrawal of consent to the address provided in section 1.

You can close your customer account at any time as soon as you have no outstanding orders. You can send your request to the address provided in section 1.

For more information about the online shop, see the GTCs for our online shop.

g) When customer data is used for marketing purposes

We reserve the right to process your personal data for other purposes. However, we will inform you before we do so and, if necessary, will obtain your consent.

We will also use your personal data for the following purposes:

to maintain a customer relationship with you;
to notify existing business customers (B2B) about certain services on occasion; and
to recommend offers and products that might interest you.

You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. You can send your objection to the address provided in section 1.

h) When we provide other services

Additionally, we will process your personal data to the extent necessary in each case in order to perform our contractual or pre-contractual services for you, and to perform any other services you request. The services will always be performed on your direct behalf. As such, data will be collected from you personally or in consultation with you.

The personal data processed includes:

Master data: this includes data such as names, addresses,
Contact data: this includes data such as email addresses, phone numbers,
Contractual data: this includes data such as the services used, subject matter of the contract, contractual communication, names of contacts,
Payment data: this includes data such as bank details, payment histories.

All personal data is collected from the data subject personally or in consultation with them.

The personal data will be deleted once it is no longer needed to comply with contractual or legal obligations; the need to retain the data is checked at irregular intervals.

i) Product reviews and satisfaction surveys

From time to time, we conduct surveys on our products and services so we can improve the customer experience and respond to customer needs. To do so, we need your name or a pseudonym; this is displayed along with your country of origin.

You can object to the data being used for the above purpose at any time. You can send a notice of your withdrawal of consent to the address provided in section 1.

j) Application process

If you apply for a job with us, we process the personal data we receive from you during the application process. This includes:

Your personal details,
Your education,
Your work experience,
Your skills,
Notes on your previous role(s) and
Your availability/notice period,
The usual contact details, such as your postal address, email address and phone number.

In addition, we process all the paperwork you submit in conjunction with your application, such as your cover letter, CV, references, certificates, diplomas and other documents provided. Furthermore, you can send us additional information on a voluntary basis.

This data is stored, evaluated, processed or transmitted only as part of your application. Besides this, we can process your personal data for statistical purposes (e.g. reporting). In this case, however, conclusions cannot be drawn about an individual.

We use a service provider to process applications; this service provider ensures that personal data is processed securely and confidentially. To this end, you need to set up a user account and provide your email address and a password. If you have not logged in to your user account for more than six months, we will delete this, and all the data it contains, with irrevocable effect.

[Note: delete the above section if a service provider is not used; if a service provider e.g. Umantis, is used, consider a separate privacy policy if applicable]

Data obtained from applications will be stored in our system for four months after the application, so that we can respond to any queries. After this point, your content data (but not your user account) will be automatically anonymised.

Your applicant data is stored separately from the other user data and is not combined with it.

Our (pre-)contractual obligations during the application process and our legitimate interest in processing your application serve as the legal basis for the processing of your applicant data.

However, you can object to this data processing at any time and withdraw your application. Please send your objection/withdrawal to the address provided in section 1.

If we conclude an employment contract with you, the data transmitted will be used to fulfil the employment relationship in compliance with the legal requirements.

We will delete this data after three years if you have given us your consent to store your details for the purposes of further application processes with us and contacting you in the future if needed. You can withdraw this consent at any time. Please address your withdrawal to the address provided in section 1 or to the email address specified in the job advertisement.

7. What are cookies and how are they used?

Our website uses cookies and similar technology (for the sake of simplicity, we use ‘cookies’ as an umbrella term). Cookies are small files that a website downloads to your computer, tablet or smartphone when you visit it. This way, the site can ‘remember’ certain inputs and settings (such as login, language, font size and other display preferences) over a certain period of time and you will not need to re-enter the information every time you visit the site again or navigate the portal.

Cookies are used with the aim of improving your experience when using our website. We use session cookies to detect that you have already visited individual pages on our website. Session cookies are deleted automatically once you leave our site.

We also use temporary cookies to optimise the usability of the website. These cookies are stored on your device for a fixed period of time. If you visit our website again to use our services, the fact that you previously visited and what details and settings you used will be automatically detected so that you do not need to enter these details again.

In addition, we use cookies to record and analyse statistics on website usage in order to optimise the content we offer you and to present you with offers that match your interests.

If these cookies contain personal data, their use is based on our legitimate interests. Our interest in the specified purposes, and particularly in optimising our website, is legitimate within the meaning of the above-mentioned regulation.

Most browsers are set to accept cookies by default. If you do not want this, you can set your browser to inform you whenever cookies are set and enable you to accept cookies only in specific cases, or to block all cookies in general. You can also set your browser to clear the cookies automatically whenever you close the window. Furthermore, you can erase cookies that are already on your computer at any time using a browser or other software. The necessary steps to manage and erase cookies depend on the browser you use. For guidance, please refer to the help menu in your browser.

You can reject the use of cookies by adjusting your browser settings accordingly. Please note, however, that this could impact your usage of our website. Further information about cookies, including managing, rejecting or deleting them, can be found on https://allaboutcookies.org/.

The links below provide information about how to change the cookie settings in the most commonly used browsers:

8. What is SWAT.IO and how is it used?

We use the services of SWAT.IO ("The Socialists" Social Software Development GmbH, Andreasgasse 6, Top 1, 1070 Vienna). We use the SWAT.IO social media management tool to ensure consistent management of our social media profiles and activities. Each individual interaction we have with users is automatically recorded, which allows us to respond quickly and efficiently to customer queries. We can also filter mentions of our company or products on the social media platforms we use and contact the specific users concerned or target them with content. This gives us a detailed insight into customer opinions. The tool also enables us to create our own campaign pages and to show personalised, interest-based ads and measure results.

The collected data will only be processed in an anonymised format unless an exemption applies. You can find more information at https://swat.io/en/legal/

Our use of SWAT.IO is for the aforementioned purposes. Data is processed outside of and separately from our corporate website and social media page, and we are therefore not able to make any statement regarding the lawfulness of the processing performed by SWAT.IO.

If you object to the use of your data by SWAT.IO, require information on the data stored or would like to exercise one of your other rights, please contact SWAT.IO by email at office@socialisten.at. You can find further information on data protection at SWAT.IO here (https://swat.io/en/legal/).

9. What analytics and marketing tools are used?

a) Google services

We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’):

Google Analytics 4
Google Tag Manager
Google Fonts
Google Ads

Google usually uses cookies. The cookies used by Google enable us to analyse how you use our website. The information generated by the cookie about your use of our website (including your IP address) is transmitted to a Google server in Ireland or the USA and stored there.

By its own admission, Google can process personal data for advertising products in any country where Google or its sub-processors have facilities. Information on the locations of Google’s data centres can be accessed via www.google.com/about/datacenters/locations/.

Google may use the following sub-processors: https://business.safety.google/adssubprocessors/. Google ensures that it adheres to a suitable level of data protection by relying on the EU’s standard contractual clauses (see https://business.safety.google/processorterms/).

Further information on how Google processes personal data and on privacy settings can be found in Google’s privacy policy and privacy settings.

Google Analytics 4

Our website uses Google Analytics 4, a web analytics service provided by Google that makes it possible to analyse your use of our website.

Google Analytics uses cookies stored on your end device (laptop, tablet, smartphone, etc.), so that your use of our website can be analysed. This enables us to evaluate users’ behaviour on our website and use the statistics/reports obtained to make our offering more interesting.

Google Analytics 4 anonymises IP addresses by default. This means that Google shortens your IP address within Switzerland or the EU/EEA before it is transmitted. Only in exceptional cases is the full IP address sent to a Google server and shortened there.

We have concluded a data processing agreement with Google to ensure that our website visitors’ data is protected and not disclosed to unauthorised third parties. Google uses the European Commission’s standard contractual clauses when transmitting data to the USA, with the aim of ensuring compliance with the European level of data protection. Additional legal information on Google Analytics 4, including a copy of the standard contractual clauses, can be found here.

Demographic details: Google Analytics 4 uses the specific ‘demographic details’ feature to generate statistics on the age, gender and interests of website visitors. This occurs through the analysis of advertising and information from third-party providers. In turn, this enables target audiences to be identified for marketing activities. However, the data that is collected cannot be allocated to a specific person and is deleted once it has been stored for two months.

Google Signals: This website can use Google Signals to expand Google Analytics 4 and enable cross-device reports to be created. If you have opted in to personalised ads and linked your device to your Google account, Google can analyse your cross-device usage behaviour for the use of Google Analytics 4 and generate database models, including on cross-device conversions. We do not receive personal data from Google, just statistics. If you want to stop cross-device analysis, you can deactivate the ‘personalised ads’ feature in the settings of your Google account. To do so, follow the instructions on this page.

UserIDs: The website can use the UserIDs feature to supplement Google Analytics 4. If you have set up an account on this website and log into this account on various devices, your activities, including conversions, can be analysed across devices.

Google uses this information to evaluate your [pseudonymous] use of our website, compile reports on website activity and provide us with other services relating to website activity and internet usage. According to Google, your IP address sent by your browser through Google Analytics will not be associated with any other data held by Google. When you visit our website, your user behaviour in the form of events (e.g. page visits, purchasing activities incl. sales, interaction with the website or your click path) and other data such as your approximate location (country and city), technical information on your browser and the end devices you use or the referrer URL, i.e. the website/advertising medium via which you accessed our website, is recorded.

If you enable cookie storage, Google Analytics will keep your data for two months. Once this period has expired, the relevant data will be automatically deleted. An overview of the data used in Google Analytics and the measures taken by Google to protect your data can be found on the Google Analytics help website.

Google Tag Manager

We use Google Tag Manager to integrate Google analytics and marketing services into our website and manage them. Google Tag Manager is a solution that enables us to manage website tags from a dashboard. The tool itself which implements the tags is a cookie-free domain and does not collect any personal data. However, the tool activates other tags which may in turn collect data. However, Google Tag Manager does not access such data itself.

If you have deactivated cookies at domain or cookie level, the deactivation will also apply to all tracking tags implemented with Google Tag Manager.

For more information about Google Tag Manager, see the terms of use.

Google Fonts

In some cases, our website uses script and font libraries (Google Fonts) to display our content correctly and in a visually appealing manner on all browsers. Google Fonts are downloaded to your browser cache so that you do not have to load them repeatedly. If your browser does not support Google Fonts or if it blocks access, content will be displayed in a standard font.

Accessing script or font libraries automatically establishes a connection to the operator of the library. When this happens, it is theoretically possible for Google to collect personal data (such as your IP address) and transmit it to the USA.

You can object to data processing by Google Fonts by deactivating JavaScript in your browser or installing a JavaScript blocker. Please note that this might limit the features and functionality of the website.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google's privacy policy at https://policies.google.com/privacy.

Google Ads

We also use Google Ads conversion tracking to record and analyse statistics on our website and to optimise the content we offer you. Google Ads sets a cookie on your device if you get to our website by clicking on a Google advertisement.

These cookies deactivate after 30 days and are not used for the purpose of personal identification. If you visit certain pages of the website of a Google Ads customer and the cookie is still valid, Google and the customer can recognise that you clicked on the ad and were redirected to that page.

Every Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of Google Ads customers. The information collected by the conversion cookie helps Google Ads customers who have opted to use conversion tracking to compile conversion statistics. The Google Ads customers find out how many users have clicked on their ad and have been directed to a page with a conversion tracking tag. However, they do not receive any information that would enable them to identify the individual user.

We use Google Ads to reach users who have already visited our website. This way, we can show our adverts to target groups who have already shown an interest in our products or services.

You can object to personalised advertising by Google. To do so, you must open the link https://adssettings.google.com and save your preferred settings in every browser you use.

For more information about terms of use and data protection in connection with Google AdWords, visit https://policies.google.com/technologies/ads?hl=us

b) Moat Analytics

Our website uses the service Moat Analytics / Moat Ads from Oracle America, Inc., 500 Oracle Parkway, CA 94065 Redwood Shores, USA, email: mail@legislator.de, website: https://www.oracle.com/. Data is processed on the basis of our legitimate interest.

Through the MediaMath service, we can collect data from you on the website and evaluate the data in order to send you personalised adverts.

For more information about how to withdraw your consent, see either the consent form itself or the bottom of this privacy policy.

For more information about how the transferred data is handled, please see the privacy policy of the provider at https://www.oracle.com/legal/privacy/privacy-policy.html. The provider also provides an opt-out tool at https://www.oracle.com/legal/privacy/privacy-policy.html.

c) AddThis

Our website uses plugins from the AddThis service, which is operated by AddThis, LLC, 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182, USA (‘AddThis’). AddThis provides website creation and design tools (www.addthis.com) designed to make it easier for visitors to the website to share the current page with other users by email or on social networks. You can identify the plugins by the ‘Tweet’, ‘Email’, ‘LinkedIn’ and ‘g+1’ buttons embedded on some pages of our website.

AddThis also provides tools to help website operators analyse and improve how their website is used or to make it possible to address users directly. To do so, AddThis also uses cookies and web beacons (small images known as tracking pixels) which make it possible to record and analyse log files. When you use an AddThis plugin, your browser will establish a direct connection with the AddThis servers and potentially the chosen social network. The data generated (such as the date and time of use or browser language) will be transmitted to and processed by AddThis. If you send content from our website to social networks, a relationship can be established between your visit to our website and your profile on the social network in question. For more information about data processing and data protection at AddThis, visit http://www.addthis.com/privacy/privacypolicy.

We do not process the data in question or share the data with third parties. Furthermore, you can object to the collection and storage of data by AddThis at any time, with future effect, by downloading an opt-out cookie. To do so, visit http://www.addthis.com/privacy/opt-out.

d) Adobe Analytics (Omniture)

Our website uses Adobe Analytics (Omniture), a web analytics service provided by Adobe Inc., 345 Park Avenue, San Jose, California 95110-2704, USA or, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Adobe Systems Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland (‘Adobe’).

Adobe Marketing Cloud makes it possible to analyse visitor traffic on the website. The analyses allow for instant analysis of visitor traffic. User behaviour is displayed in such a way that we gain an overview of online user activity on our website. For that purpose, data is displayed on interactive dashboards and converted into reports. As a result, it is possible for us to receive information in real time and identify emerging problems more quickly. Compliance with data protection regulations remains our top priority, however.

The collected data is not personal in nature, and is merely used to generate anonymised user profiles for the purposes of optimising and improving our website.

This evaluation requires cookies to be installed on your computer. The information collected this way is stored on Adobe servers, including in the USA. We have configured the servers to ensure that the information sent to Adobe is anonymised before it is geolocated. The information is anonymised by replacing the last octet of the IP address. Additionally, we have implemented settings to anonymise your IP address before it is processed for geolocation and coverage measurement respectively.

Adobe will use this information to evaluate your use of our website, compile reports on website activity and provide us with other services relating to website activity and Internet usage. Your IP address sent by your browser through Adobe Analytics will not be associated with any other data held by Adobe.

You can change the settings in your browser to block the cookies. However, please note that you might not be able to use all features of our website if you do so. Furthermore, you can prevent Adobe from collecting and processing data by clicking on the opt-out button at https://www.adobe.com/uk/privacy/opt-out.html to install an opt-out cookie. If you clear the cookies from your system, you will have to open the link and click on the button again to install a new opt-out cookie.

For more information about data processing and data protection at Adobe, visit http://www.adobe.com/uk/privacy/policy.html.

e) Meta Custom Audiences and Lookalike Audiences

Our website uses Meta Custom Audiences and Meta Lookalike Audiences from the social network Meta, 1601 South California Avenue, Palo Alto, CA 94304, USA (‘Meta’) (formerly Facebook). These services allow us to deliver personalised, interest-based ads on Facebook and Instagram to specific groups of visitors to our website who also use Facebook.

Meta Custom Audience and Meta Lookalike Audience pixels are integrated into our website. These pixels contain a JavaScript code that is used to store personal data relating to website use. This includes your IP address, the browser you use, and the start page and landing page. This information is transferred to Meta servers in the USA, where it is automatically compared to determine whether there is a Meta cookie on your device. The Meta cookie is used to automatically determine whether you are in our relevant target audience. If you are in the target audience, you will be shown our ads on Facebook and Instagram. This process means that you are not personally identified by us when comparing the data.

You can object to our use of Meta Custom Audiences and Meta Lookalike Audiences at any time by sending a notice to the address provided in section 1.

You can also object to the use of the Custom Audiences and Lookalike Audiences services on the Meta website. After logging in to your Meta account, go to the settings for Facebook ads.

You can find more information on privacy practices at Meta in its privacy policy.

f) Adform

We use Hotjar, a service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com). Hotjar is a tool for analysing user behaviour on our website. It enables us to record data such as your mouse and scroll movements and clicks. Hotjar can also determine how long your mouse pointer remained on a particular area. It uses this information to create heatmaps to show which website areas website visitors like to look at the most.

In addition, we can determine how long you stayed on a page and when you left it. We can also tell when you stopped inputting information into a contact form (known as ‘conversion funnels’).

Furthermore, Hotjar can be used to obtain feedback from website visitors directly. This feature serves to improve the website operator’s offering on the website.

Hotjar uses cookies and tracking codes to collect user data for website operators. The tracking codes collect data, including:

The IP address of the end device,
The type of end device,
The size of the end device’s screen,
The geographical location,
The language used on the website,
The referring domain and
The date and time of the website visit.

In particular, cookies can determine whether our website was accessed with a certain end device or whether Hotjar features were deactivated for the relevant browser. Hotjar cookies remain on your end device until you delete them. Hotjar states that it stores users’ IP addresses in anonymous form. To this end, it only collects the first three octets of the IP address, so it can determine the user’s country. It does not store the remaining characters. In addition, Hotjar states that it stores all the data it obtains on servers in Ireland.

We have concluded a data processing agreement with Hotjar to impose Europe’s strict data protection requirements.

If you would like to opt out of data collection by Hotjar, click the link below and follow the instructions on that page: https://www.hotjar.com/opt-out.

Please note that you need to deactivate Hotjar separately for each browser or end device.

Further information on Hotjar and the data it collects can be found in Hotjar’s privacy policy, accessible via the link below: https://www.hotjar.com/privacy.

10. How do we process personal data on our social networks and how are social media plugins used?

Data that you enter when you visit our pages on social media platforms, such as comments, images, videos, likes, public posts and contact details, is processed and published by the respective social media platform. The privacy policies of the social media platform operators describe the collection and storage of your data, as well as the nature and purpose of the use of your data by these platform operators. These privacy policies can be accessed via the following links:

We use the data that you enter when you visit our pages on social media platforms for the following purposes:

To share your data on our social media pages if this is a feature of the social media platform concerned
To communicate with you via the social media platform
To run competitions.

Our website merely incorporates these plugins as an external link. Therefore, your personal data will not be processed until you click on the embedded plugins. You will then be redirected to that provider’s page. We have no control over the nature and scope of the data collected by the social networks. If you do not want these providers to obtain your data, please do not click on the plugins.

We process data on the grounds of your consent, the performance of a contract and our legitimate interests. Our legitimate interest consists in our interest in public relations and communication.

11. Is personal data disclosed to third parties?

As a rule, we treat your personal data as confidential and will only disclose it if you have given your express consent, we have a legal obligation or right to do so or the disclosure is necessary in order to assert our rights, especially to enforce claims arising from the contractual relationship.

In addition, we will share your personal data with third parties if it is necessary or prudent to do so for the purposes of using the website or providing any services you have requested (including outside of the website).

We will share your personal data with the following categories of recipient:

IT service providers
Third parties to whom we have outsourced services such as payment processing and newsletter distribution
Third parties whom we engage to perform other services that we offer our customers, such as advisors, law firms and trustees
Third parties involved in the conducting or organising events
Government authorities and courts, if necessary

It goes without saying that we adhere to the legal regulations concerning the disclosure of personal data to third parties when we share data with third parties. Where we use processors to provide our services, we take suitable legal precautions and implement appropriate technical and organisational measures to protect your personal data in a manner consistent with the relevant statutory regulations.

12. Is it transmitted abroad?

We primarily process and store personal data in Switzerland and the European Economic Area (EEA). However, depending on the situation, data could be processed and stored in any country in the world, e.g. via our service providers’ sub-contractors or in the case of proceedings involving foreign courts or authorities.

If we share personal data with third parties abroad (i.e. outside of Switzerland and the European Economic Area (EEA)), we ensure that the third parties are subject to the same data protection obligations as we are. If the country in question does not have an adequate level of data protection, but we do not have a suitable alternative, we ensure that your personal data is afforded an adequate level of protection.

We ensure this by concluding standard contractual clauses from the EU Commission (accessible here) with the relevant companies and/or by entering into other guarantees that align with the applicable data protection legislation. Where this is not possible, we base the transmission of data on the necessity of disclosure for the performance of a contract.

13. How long is data retained for?

We will only process and store your personal data for the necessary period of time to accomplish the stated purpose, or where we are required to do so by laws or regulations to which we are subject. If the purpose for which the data were collected ceases to exist or if a prescribed retention period expires, your data will be blocked or erased routinely and in line with the statutory regulations.

Additionally, we will delete your data if you ask us to do so and we have no legal or other duty to retain or back up the personal data in question.

14. What data security measures are taken?

We take technical and organisational security precautions to protect your data against manipulation, loss, destruction or hacking, and to guarantee the protection of your rights and compliance with the relevant data protection regulations.

The measures we have implemented are designed to ensure the confidentiality and integrity of your data as well as the availability and resilience of our systems and services when we process your data. Furthermore, their purpose is to ensure that the availability of your data can be quickly restored and to provide access to the data in the event of a physical or technical incident.

We use the widespread TLS (Transport Layer Security) process on our website in combination with the highest level of encryption supported by your browser, which is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. The key or padlock symbol in the status bar of your browser shows you whether pages on our website are using encrypted data transmission.

The protection of our own internal data is also very important to us. Our employees, volunteers and service providers are under the obligation to maintain confidentiality and adhere to the provisions of the data protection legislation. Furthermore, they are only granted access to personal data to the necessary extent.

15. What are your rights?

You have the following rights with regard to your personal data:

Right of access: You have the right to know why your personal data is needed, what happens to the data and how long the data is stored for.
Right to rectification: You have the right to amend, rectify, erase or block your personal data at any time;
Right to erasure: You have the right to demand the erasure of your personal data at any time;
Right to data portability: You have the right to request all of your personal data from the controller and have the data transmitted to another controller in full.
Right to object: You can object to the processing of your data. We will respect your wishes unless we have a legitimate reason to process the data.
Right to withdraw consent: If you consent to our processing of your personal data, you have the right to withdraw that consent and have your personal data erased.

We need to identify you (e.g. with a copy of your ID document, if required) to prevent data from being used unlawfully.

Please note that these rights are subject to conditions, exceptions and restrictions (e.g. to protect third parties, to preserve business secrets or to uphold our professional duty of confidentiality).

For enquiries regarding your rights, please contact the address provided in section 1 or the following email address: datenschutz@bio-familia.ch.

Furthermore, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of personal data relating to you infringes the data protection regulations.

16. Validity and amendments to this privacy statement

The latest version at the time of use always applies. We reserve the right to revise this privacy statement at any time.