Data protection

We take the topic of data protection very seriously. Here you will find important information regarding your personal data protection.

1. Name and Address of the Data Controller

The data controller according to the GDPR is:

Medicel AG
Dornierstrasse 11
9423 Altenrhein
Switzerland

2. Data Protection Officer

The data protection officer of the data controller can be reached at:

Medicel AG
Attn: Data Protection Officer
Dornierstrasse 11

9423 Altenrhein Switzerland
Tel: +41 71 727 10 50
E-Mail: info@medicel.com

3. Preamble

The protection of your personal data and the preservation of your privacy are very important to us as the data controller. You need to know what information about you is collected through our website www.medicel.com and the associated services (referred to as "our Service" shortly) and how your information is used. This privacy notice informs you about this.

Therefore, compliance with the provisions of the EU General Data Protection Regulation (GDPR) as well as all other locally applicable data protection regulations is a matter of course for us. It is important for us to inform you about which personal data is collected and processed and what options you have. This privacy notice provides you with answers to the most important questions.

Your data will be stored, processed, and used in accordance with this privacy notice and the applicable legal data protection regulations. Our employees and agents who process your inquiries are bound by confidentiality.

4. Your Rights

If personal data about you is processed, you are a data subject within the meaning of the GDPR. You have the following rights against us as the data controller:

  • You have the right to know whether and which personal data we process about you.
  • You have the right to rectification and erasure of this personal data.
  • You have the right to restrict the processing of your personal data.
  • You also have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This does not apply if a legal provision obliges or authorizes us to collect, process, or use this data.
  • Furthermore, you can generally revoke your consent previously given for the collection, processing, and use of your personal data for the future. Revoking your consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • You also have the right to data portability.
  • For the exercise of your rights or for information and/or explanations about your rights, please contact our data protection officer by email or post (contact details under the section "Data Protection Officer"). Upon request, we will provide you with information about your personal data in our database. This information is provided free of charge.
  • Furthermore, you have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.
  •  

5. What Data is collected and stored?


The data collected and stored depends on the services you use on our platform. Data or categories of data:
As with any website, our server automatically and temporarily collects the following information in the server log files that are transmitted by the browser, unless you have disabled this:

  • Domain name or IP address of the requesting computer
  • File requests of the client (file name and the associated data of the complete internet address)
  • The HTTP response code
  • The internet page from which you visit us (referrer URL)
  • Date and time of the server request
  • Browser type and version
  • Operating system of the requesting computer
  • Cookies (see the "Cookie" section below and our Cookie Policy for more details) are also used
    to collect anonymous traffic data from users of our website. This anonymous traffic data can be used for market research purposes and demand-oriented design of our website.

For customer inquiries, the following data is collected from the customer. Mandatory information
necessary for processing is marked separately during input, additional information is optional:

  • Email
  • Phone
  • Email for electronic invoicing
  • Company name
  • Owner's name
  • Industry
  • Position
  • Company street & number
  • Company postcode
  • Company location
  • State/Province of the company
  • Company country
  • Billing and delivery address(es)
  • Products and services you order or purchase
  • Your feedback (including public feedback) on our products and services in the form of ratings, customer reviews, or customer satisfaction

 

Affected groups of persons:

  • Users of the homepage
  • Our customers
  • Employees of our customers
  • Contractual partners of our customers
  • Our employees


6. Purpose of data collection and storage and how they are used

We primarily use the personal data collected by us to conclude and fulfill contracts with our customers and business partners, to purchase products and services from our suppliers and subcontractors, and to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, you may also be affected by this in your capacity. Furthermore, we process personal data about you and other persons, as far as permitted and appropriate, also for the following purposes, where we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Offering and further development of our offers, services, and websites, apps, and other platforms on which we are present;
  • Communication with third parties and processing their inquiries (e.g. applications, media inquiries);
  • Testing and optimization of procedures for needs analysis for direct customer contact as well as collection of personal data from publicly accessible sources for customer acquisition purposes;
  • Advertising and marketing (including events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, and we will put you on a blacklist against further advertising mailings);
  • Market and opinion research, media monitoring;
  • Enforcement of legal claims and defense in connection with legal disputes and administrative proceedings;
  • Prevention and investigation of crimes and other misconduct (e.g. conducting internal investigations, data analysis for fraud prevention);
  • Ensuring the operation of our business, in particular IT, our websites, apps, and other platforms;
  • Video surveillance to safeguard property rights and other measures for IT, building, and system security and protection of our employees and other persons and our property or entrusted assets (such as access controls, visitor lists, network and mail scanners, telephone recordings);
  • Purchase and sale of business areas, companies or parts of companies and other corporate transactions and related transfer of personal data as well as measures for business control and for compliance with legal and regulatory obligations as well as internal regulations.

If you have given us consent to process your personal data for specific purposes (e.g. when you sign up to receive newsletters or undergo a background check), we will process your personal data based on this consent, provided that we do not have another legal basis and one is required. Consent given can be revoked at any time, but this does not affect data processing that occurred before the revocation.

7. Cookies and Other Technologies Related to the Use of Our Website

This website uses cookies. These are small text files that allow for the storage of specific user-related information on the user's device while the user is using the website. Cookies enable, in particular, the
determination of the frequency of use and the number of users of the pages, the analysis of user behaviour patterns on the pages, and also the creation of a more user-friendly offering. Cookies are stored beyond the end of a browser session and can be retrieved again when the page is revisited. If you do not wish for this to happen, you should configure your internet browser to refuse the acceptance of cookies.

 

8. Recipients of Data or Categorys of Recipients

We disclose personal data of customers to the extent described below:

  • Departments of Medicel AG and affiliated companies and their employees;
  • Other companies within the Halma plc group of companies;
  • Technical services, as necessary for the fulfilment of the contractual relationship;
  • Data processors and other service providers and contractual partners (e.g. logistics partners), as necessary for the fulfilment of the contractual relationship, and
  • Public authorities in accordance with prevailing legal obligations;

who are either subject to this privacy notice or implement measures that provide at least as much protection as described in this privacy notice.

Service Providers and Contractual Partners:

We engage other companies and individuals to perform tasks on our behalf. Examples include fulfilling orders for products and services, deliveries, sending letters or emails, maintaining our
customer lists, analysing our databases, assisting with advertising efforts, providing search results and links, processing payments, transmitting content, evaluating credit risks, and providing customer service. These third-party service providers and contractual partners have access to personal data necessary for fulfilling their tasks. However, they are not allowed to use it for other purposes. Furthermore, they are obliged to treat the data in accordance with this privacy notice and relevant data protection laws.

Protection of the Data Controller:

We disclose personal data about customers if we are legally obligated to do so or if such disclosure is necessary to enforce our terms and conditions or other agreements, or to protect our rights, the rights of our customers, and the rights of third parties.
In all other cases, we will inform you if personal data is to be disclosed to third parties. This gives you the opportunity to decide that your data should not be shared with a third party.

9. Legal Bases for Data Processing by the Data Controller

Where we obtain the consent of the data subject for processing personal data, this consent serves as the legal basis.

For the processing of personal data required for the performance of a contract to which the data subject is a party, the performance of the contract serves as the legal basis. This also applies to processing operations required for the execution of pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this legal obligation serves as the legal basis.

Where the vital interests of the data subject or another natural person require the processing of personal data, these vital interests serve as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, this legitimate interest serves as the legal basis for the processing.


10. Data Transfer and Cross-Border Data Transfer


As part of our business activities and purposes, and where permitted and appropriate, we disclose information to third parties, either because they process it for us or because they wish to use it for their own purposes. This includes in particular the following entities:

  • Service providers including data processors (e.g. IT providers)
  • Retailers, suppliers, subcontractors, and other business partners
  • Customers
  • Domestic and foreign authorities, public offices, or courts
  • Media
  • The public, including visitors to websites and social media platforms
  • Competitors, industry organizations, associations, organizations, and other bodies
  • Acquirers or potential acquirers of business divisions, companies, or other parts of Medicel AG
  • Other parties involved in actual or potential legal proceedings
  • Other companies of the Medicel AG Group or holding company Halma plc

All together, these recipients are located partially within our country and can be located anywhere around the world. Especially considering the transmission of your data outside of Switzerland, where Medicel AG is represented by group companies, branches, or other offices, as well as to other countries in Europe and the USA, where the service providers we use are located.

If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection laws (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be found here: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized framework for data protection and we cannot rely on an exception. An exception may apply, especially in cases of legal proceedings abroad, overriding public interests, or if the transfer is necessary for contractual performance, when you have given your consent, or when the data is publicly available and you have not objected to its processing.

11. Data Processing by Data Processors

Disclosure to external service providers can take place as part of data processing on behalf of us, in accordance with Article 28 of the GDPR. These data processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR, and are regularly monitored. Upon request, we can provide you with a list of all data processors.

12. Data Deletion and Duration of Storage

We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations or for the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from initiation, processing to termination of a contract) and additionally in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for a period during which claims against our company can be asserted, and to the extent that we are otherwise legally obligated to do so or legitimate business interests require it (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized to the extent possible. For operational data (e.g., system logs), basic retention periods of twelve months or less applies.

13. Data Security

We implement current technical and organizational security measures to protect the data managed by us against accidental or intentional manipulation, loss, destruction, or unauthorized access by individuals. For example:

  • To secure the transmission of your information, we use Secure Sockets Layer Software (SSL). This software encrypts the data transmitted by you.
  • We maintain physical, electronic, and procedural security measures related to the collection, storage, and disclosure of personal data of our customers. These security measures include requesting proof of your identity before disclosing personal data to you.

Our security measures are continuously improved in line with technological advancements.

14. Changes to this Privacy Notice

We reserve the right to modify this privacy notice at any time by publishing the revised version. The respective changes will be announced here, allowing you to stay informed at all times.

Revised: August 2023