BioVersys AG
Privacy Notice
With this privacy policy, BioVersys AG (Hochbergstrasse 60C, 4057 Basel, Switzerland) and BioVersys SAS (c/o Institut Pasteur de Lille, 1 rue du Professeur Calmette, 59800 Lille, France) (hereinafter referred to as we or BioVersys) inform you how we collect, use and disclose Personal Data. This is not an exhaustive description; other data protection declarations or general terms and conditions and similar documents may govern specific matters. Personal Data is understood to be all information that relates to a specific or identifiable person.
1. Responsible Person and Contact Person
The responsible person for the data processing described here is primarily the BioVersys company with which a business relationship exists or which is evident from the circumstances. However, the other group companies of BioVersys may also process Personal Data as data controllers, i.e. for their own purposes.
If no business relationship is maintained with a BioVersys company and no BioVersys company is clearly identifiable as the responsible party, the following company is deemed to be the responsible party:
BioVersys AG
Hochbergstrasse 60C
4057 Basel
Switzerland
If you have any data protection concerns, you can contact us at the following address:
BioVersys AG
Data Protection
Hochbergstrasse 60C
4057 Basel
Switzerland
Phone: +41 (0)61 551 51 20
E-mail: dpo@bioversys.com
2. Collection and processing of Personal Data
We primarily process the Personal Data that we receive from our customers, suppliers and other business partners in the course of our business relationship and communication with them and other persons involved, or that we collect from users during the operation and use of our websites and other applications and offers. To the extent permitted, we also obtain certain data from publicly accessible sources (e.g., commercial registers, debt collection registers, land registers, press, Internet) or receive such data from other companies affiliated with us (in particular from other companies of BioVersys in Switzerland and abroad), from authorities and other third parties (such as credit agencies).
The categories of Personal Data that we process about you may include, in particular, the following data:
- Contact information: in particular, first and last name, address, contact person, telephone number, e-mail address, gender, information related to your professional functions and activities;
- Professional information: in particular, education, professional and other experience, credentials, applications, references, previous employment;
- Personal information: information about your personal life and health;
- Contract data, order and purchase data: in particular invoice and delivery address, products ordered and purchased, turnover data, information in connection with queries, complaints and differences about products or the contracts concluded for them; information on compliance with legal requirements, information from banks, insurance companies, distributors and other contractual partners of us for the use or provision of services; information about you, which you or persons from your environment (employer, consultants, legal representatives, etc.) give us, so that we can conclude agreements with you, with the involvement of you or process them;
- Data related to marketing: especially newsletter opt-ins and opt-outs, invitations and participation in events and special activities, personal preferences, interests, and memberships;
- Data related to the use of our website, server protocol (whereby these are mostly non-Personal Data): in particular connection data, IP address and other identifiers (e.g., user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), date and time of the visit to our website, duration of the visit to the website, requested Internet address (Uniform Resource Locator, URL), referrer URL (i.e. the Internet address of the website from which you accessed our website, if applicable with the search term used), browser type, language and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used;
- Communication data: Data exchanged in or in relation to contact with us, in particular preferred communication channel, communication by letter, telephone, fax, e-mail, text and picture messages, comments to our blog or other posts, communication in relation with our online presence in social media networks and platforms;
- Data about financial situation: In particular, creditworthiness data, scoring or rating data, payment experiences of third parties with you, debt and bankruptcy history, any recorded restrictions on the ability to act;
- Data from public registers, e.g., information from the commercial register;
- Information that we learn in connection with official and judicial proceedings;
- Information from the media and the Internet.
3. Sources of Personal Data
We may receive personal information from the following sources:
- Direct sources: In principle, we process Personal Data that we receive directly from you, for example in the course of our business relationship, the use of the website, on events of BioVersys or in direct communication via e-mail, telephone or other means.
- Indirect sources: In certain cases, we may indirectly collect Personal Data. This may happen, for example, when someone else (e.g., an employee of yours) recommends you to us. In addition, we may purchase supplementary information from data sources (e.g., credit agencies, social media, and address dealers, other domestic and foreign companies within BioVersys). We may obtain Personal Data from publicly accessible sources (e.g., from debt enforcement registers or debtor directories, land registers, commercial and association registers, the press, the Internet). In individual cases, it is possible that Personal Data is derived from the combination of various non-Personal Data.
4. Purposes of the Data Processing and Possible Legal Bases
We may process Personal Data in accordance with applicable data protection law, in particular the provisions of the Swiss Data Protection Act (DPA), for the following purposes (all together Processing Purposes) and, if necessary under applicable data protection law, on the basis of the following legal bases:
- For the performance of the contract
We process Personal Data in direct connection with the conclusion and processing of contracts with our customers, suppliers and business partners, in particular in the context of our trading in high, medium and low voltage cables, accessories and services, the implementation of training and further education events and the purchase of products and services from our suppliers. This also includes, among other things, the collection of payments, the handling of queries and warranty cases, as well as the execution of any recalls regarding the products supplied by us, our suppliers and other third parties involved. The purposes of data processing and any further data protection information can be found in the respective contract documents, terms and conditions and/or conditions of participation.
- To fulfill legal obligations
We process Personal Data in order to comply with our legal or regulatory obligations at home and abroad. If you work for one of our customers, suppliers or business partners, your Personal Data may also be affected in this capacity. Processing purposes include, but are not limited to:
- Documenting compliance with certain legal and regulatory requirements;
- Participating in investigations and proceedings, cooperating with and responding to inquiries from authorities and courts.
- To safeguard legitimate interests
We also process Personal Data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:
- Offer and further development of our offers: in particular, offering and further developing our products, services, and websites, and for research and development of our products and product candidates;
- Ensuring business operations: in particular, coordinating and optimizing activities and offers and ensuring efficient transaction processing involving various BioVersys group companies in Switzerland and abroad, communicating with other group companies and third parties, processing inquiries (e.g., support requests, advertisements, media inquiries);
- Ensuring IT security and IT operations: in particular, troubleshooting, operation and further development of our IT systems, our website, web store and other platforms, identity checks, protection of IT assets, our employees and other persons, and assets (e.g., through network and mail scanners);
- Quality control: in particular, preparing reports on users, transactions, activities, services and other business aspects of BioVersys for corporate management and development, preparing statistics, budgets, records and management information, organizing business operations, project management, research, development and further development of services;
- Advertising and marketing: in particular market and opinion research, media monitoring, web analysis and tracking (e.g., by means of cookies), use, testing and optimization of demand analysis methods (e.g., tracking customer behavior, activities, preferences and needs), improving our visibility, publicizing the content of our services (e.g., by means of social media plug-ins), sending newsletters and advertising material (personalized offers, e.g., by means of web banner advertising), conducting training courses, events and competitions, customer acquisition, maintaining our online presence within social media networks and platforms;
- Service and support: in particular, maintaining and developing client relationships, providing preferential services, granting special conditions and promotions, conducting and managing training, education and certification, managing the users of our website, communication, client service and support, also outside the scope of the execution of agreements;
- Risk management: in particular, consultation and exchange of data with credit information agencies to determine creditworthiness and default risks, decision as to whether you can conclude a purchase contract (e.g., in the web store) and use the option of purchase on account;
- Ensuring compliance: in particular, verification of compliance with legal and internal rules of BioVersys;
- Implementation of corporate transactions: in particular, the sale or purchase of business units, companies or parts of companies and other transactions under company law, and the related transfer of Personal Data;
- Dealing with legal disputes: in particular assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Self-protection and protection of third parties: in particular, protection of third parties and our employees, our data, trade secrets and assets as well as assets that have been entrusted to us, safeguarding of house rights, security of our facilities and buildings (e.g., access controls, video surveillance);
- Prevention and investigation of criminal offenses and other misconduct: in particular, combating abuse, collecting evidence, conducting investigations, data analysis to combat fraud.
- Based on your consent
If you have given us consent to process your Personal Data for certain purposes (for example, when you register to receive newsletters), we process your Personal Data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
5. Cookies, tracking and other technologies related to the use of our website
We typically use cookies and similar technologies on our websites that allow us to store information on your device or access information stored on your device. This allows us to better understand user behavior, e.g., to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner:
- Cookies: These are small text files that are stored in the cookie file on your computer's hard drive when you visit our website. Through the use of cookies, your browser receives an identifier and shows it on request to.
Most of the cookies we use are so-called session cookies. These save your entries while you navigate on the website within the same session (e.g., so that your shopping cart contents are not lost). Session cookies are automatically deleted after your visit to our website. Permanent cookies, on the other hand, remain stored on your device for several sessions and allow us to recognize your browser the next time you visit the website (and, for example, to perform an automatic log-in or to display the website in your preferred language and according to your preferences). We use persistent cookies to remember your preferences (e.g., language, autologin), to help us understand how you use our services and content, and to provide you with customized offers and advertisements (which may also occur on other companies' websites; however, we do not tell them who you are, if we even know, because they only see that the same user is on their website who was on a particular page on ours). Some of the cookies are set by us, and some are set by contractors with whom we work. If you block cookies, certain functionalities (such as language selection, shopping cart, ordering processes) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default.
- Analysis-Tools: We use Google Analytics on our website. This is a service of Google LLC in the USA (Google) (www.google.com), with which we can measure and evaluate the use of the website (not personal). Permanent cookies that Google sets are also used for this purpose. Google does not receive any Personal Data from us (and does not retain any IP addresses), but it can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by Google, and use this information for its own purposes (e.g., controlling advertising). If you have registered yourself with Google, Google also knows you. The processing of your Personal Data by Google then takes place under the responsibility of Google in accordance with its data protection provisions. Google only informs us how our website is used (no information about you personally).
Cookies and similar technologies generally do not provide Personal Data, but only anonymous traffic data related to your device (e.g., your IP address) and statistical data (e.g., number and type of website visits). However, to the extent that the identifiers collected are classified as Personal Data by applicable law, we treat them as such. In addition, we sometimes combine non-Personal Data collected using these technologies with other Personal Data held by BioVersys. When we combine data in this way, we treat the combined data as Personal Data for the purposes of this Privacy Policy.
Content from third parties, such as videos from YouTube, RSS feeds or graphics from other websites may be included in our website and other online services. Images are delivered by Ewww.io CDN (see privacy policy). This usually presupposes that the third party providers perceive user IP addresses. However, we do not obtain precise knowledge of the content and scope of the transmitted data and its use by the third party provider and do not exercise any influence on it. The data protection provisions of the respective third party provider apply to the processing of user Personal Data by such third party provider.
By using our websites, apps and consenting to receive newsletters and other marketing emails, you consent to the use of the above mentioned technologies. If you do not wish to do so, you can block or delete the cookies and similar technologies via the privacy settings of your browser and email program, whereby the deletion may under certain circumstances affect the use of our website.
6. Disclosure of Personal Data
Within BioVersys, access to your data is granted to those persons that need them to fulfill the aforementioned processing purposes.
In addition, we may disclose Personal Data to the following categories of recipients, provided that the disclosure serves to fulfill the aforementioned processing purposes:
- Service providers (including data processors and vicarious agents) within BioVersys as well as external third parties, in Switzerland and abroad;
- Group companies of BioVersys, Switzerland and abroad;
- Business partners, including dealers, suppliers and agents;
- Customers of BioVersys;
- Industry organizations, associations, organizations and other bodies;
- Acquirers or parties interested in acquiring business units, companies or other parts of BioVersys;
- Parties to potential or actual legal proceedings;
- Local, national and foreign authorities, agencies and courts;
- The public, including visitors to websites and social media;
All collectively referred to as the Recipient.
If we transfer Personal Data to third parties, the respective current data protection regulations of the third parties are also applicable. The third parties may be jointly responsible with us or act as data processors.
7. Transmission of Personal Data abroad
We may transfer Personal Data to recipients in other countries of the EU and the EEA, the U.S., and in any other country of the world, in particular to all countries in which we are represented by group companies, branches or other offices and representatives (in particular Switzerland and France; cf. https://www.bioversys.com/contact/) as well as to the countries in which our service providers process their data (such as countries of the EU or the EEA).
Personal data may be transferred to Recipients in countries without adequate data protection legislation, provided that:
- We ensure adequate protection, namely by means of sufficient contractual guarantees such as the standard contractual clauses of the European Commission or binding corporate rules. You can obtain a copy of the contractual guarantees from the contact mentioned above or find out from this contact where such a copy can be obtained. We reserve the right to redact such copies for data protection reasons or for reasons of confidentiality or to supply only excerpts;
- You give your express consent;
- It is necessary for the execution of a contract with you or of a contract in your interest;
- It is necessary for the fulfillment of a legal obligation;
- It is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties;
- You have made the Personal Data generally accessible and do not expressly prohibit processing; or
- The Personal Data originate from a register provided for by law, which is public or accessible to persons with an interest worthy of protection, insofar as the legal requirements for inspection are met in the individual case.
8. Duration of the retention of Personal Data
We process and store Personal Data as long as it is necessary for the Processing Purpose for which we collected it (e.g., for the duration of the entire business relationship from the initiation and processing to the termination of a contract). In addition, there may be a contractual or legal obligation to retain or document data (e.g., in accordance with the Swiss Code of Obligations, Value Added Tax Act, etc.). It is possible that Personal Data will be stored for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g., for evidence and documentation purposes). We thus store contract-related Personal Data in principle for the duration of the contractual relationship and for ten years beyond the termination of the contractual relationship. The Personal Data collected in relation with Google Analytics will usually be deleted or anonymized after 26 months.
If the Personal Data is no longer required for the fulfillment of the processing purpose, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain Personal Data for a specific period of time.
9.Data Security
We take appropriate technical and organizational security measures to protect your Personal Data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.
10. Profiling and Automated Decision Making
We process your Personal Data partly automatically with the aim of evaluating certain personal aspects. We use this in particular to be able to inform and advise you about products in a targeted manner. In doing so, we use evaluation tools that enable us to provide needs-based communication and advertising, including market and opinion research.
For the establishment and implementation of the business relationship and also otherwise, we do not use any fully automated automatic decision-making (as regulated, for example, in Art. 22 GDPR). Should we use such procedures in individual cases, we will inform you separately and inform you of the associated rights, insofar as this is required under the applicable law.
11. Rights of the Data Subject
You have the following rights:
- Information about Personal Data concerning you;
- Correction, deletion or destruction of Personal Data
- Objection to the processing of Personal Data;
- Revocation of consent if the processing of Personal Data is based on your consent. The revocation is possible at any time and is effective for the future. The revocation does not affect the lawfulness of the data processing that took place until the revocation.
- Data output and transmission in certain cases and in a common electronic format that allows further use and transmission;
- We will inform you separately about your rights in connection with any automated individual decision-making, insofar as this is required by law. For the establishment and implementation of the business relationship, we do not use any automated individual decision-making processes. We do not consider the decision as to whether you can conclude a purchase contract in the online store and use the option of purchase on account as an automated individual decision within the meaning of Art. 22 GDPR.
To exercise your rights, please contact the contact mentioned above. In addition, you can use any options embedded in our services, e.g., a link in an e-mail to unsubscribe from a newsletter, privacy settings in your user account. The exercise of your rights generally requires that you can clearly prove your identity (e.g., by a copy of your ID where your identity is not otherwise clear or can be verified). We also draw your attention to the fact that by deleting your Personal Data, services are no longer available or can no longer be used, in whole or in part, and that the exercise of these rights may conflict with contractual agreements and this may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
We reserve the right to restrict your rights within the framework of the applicable law and, for example, not to provide any or complete information or not to delete data.
You have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
12. Obligations of the data subject
In the context of our business relationship, you must provide the Personal Data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.
If you provide us with Personal Data of other persons (e.g., data of colleagues), please make sure that these persons are aware of this privacy policy and only share their Personal Data with us if you are allowed to do so and if this Personal Data is correct.
Please note that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your Personal Data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g., by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons.
13. Modification of the privacy policy
BioVersys may amend this privacy policy at any time without prior notice. The current version published on our website (https://www.bioversys.com/) shall apply.
If the privacy policy is part of an agreement with you, we can inform you about the change of the privacy policy by e-mail or by other suitable means.