Privacy Policy

1. The Privacy Policy at a glance

The detailed meaning of the icons is available at https://privacy-icons.ch/en/ .

2. What is this Privacy Policy all about?

In this Privacy Policy, we describe how we process your data when you purchase our services or products, use our websites, when you are otherwise in contact with us as part of a contract, communicate with us or otherwise deal with us. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, additional privacy policies, forms and notices.

In the following, we use the term “data” synonymously with “personal data”. Personal data means any information relating to an identified or identifiable person. If you provide us with data about other persons, for example, if you provide us with information about them on behalf of another person, please ensure that these persons are aware of this Privacy Policy. In addition, only share their data with us if you are permitted to do so and if the data is accurate.

3. Who is responsible for processing your data?

MediService ltd, Ausserfeldweg 1, 4528 Zuchwil (“we” or “us”) is responsible for the data processing described here.

Please note that other companies in the Galenica Group may also process your data as data controllers. This is particularly the case where one of these companies processes your data in connection with its own legal obligations or its own contracts with you, or where you exchange data directly with such a company. Please therefore observe the data protection information of this company.

If you have any questions, please contact dataprotection@mediservice.ch.

4. What data do we process?

Depending on the occasion and purpose, we process different categories of personal data. The most important categories are listed below, but this list may not be exhaustive.

We generally obtain your personal data from you. In addition, we may obtain personal data from third parties, such as our contractual partners or publicly available sources, such as public registers or the internet (websites, social media, etc.).

4.1. Master data
Master data refers to the basic data that we need for the purpose of processing our business relationships, as well as for marketing and advertising purposes, and that relates directly to you and your characteristics. For example, we process the following master data:

• title, surname and first name, sex and date of birth;
• address, contact details such as e-mail address and telephone and mobile number;
• information on language preferences;
• details of your health and accident insurance;
• customer history;
• signatory powers and declarations of consent.

4.2. Contract data
Contract data is information that arises regarding the conclusion or performance of the contract, e.g. information about contracts and the services to be provided or rendered, as well as data from prior to the conclusion of a contract, information about the conclusion of the contract itself (e.g. the date of conclusion and the subject matter of the contract), as well as the information required or used for its execution. For example, we process the following contract data:

• date, application process, information on the type and duration of and terms of the contract in question, details regarding the termination of the contract;
• contact details and delivery addresses;
• information on the use and offers of services;
• information on the goods purchased;
• details of payments and payment terms, invoices, reciprocal claims, contacts with customer service, objections, defects, returns, details regarding customer satisfaction, complaints, feedback, etc.;
• in the case of online services, we also process access data and logins.

We receive this data from you, as well as from partners we work with.

4.3. Communication data
Communication data is data related to our communication with you or with third parties about you, e.g. when you contact us via the contact form or other means of communication. Examples of communication data are:

• name and contact details, e.g. postal address, e-mail address and telephone number;
• content of correspondence (e.g. e-mails, written correspondence, telephone conversations, chat messages, etc.);
• responses to customer and satisfaction surveys;
• information concerning the type, time and, where applicable, the location of the communication and other metadata relating to it.

4.4. Technical data

Technical data is collected in connection with the use of our website. These include, e.g., the following data:

• IP address of the end device and device ID;
• information about your device, its operating system or language settings;
• information about your internet provider;
• content or logs accessed in which the use of our systems is recorded;
• the date and time of your access to the website and your approximate location;
• information on the content accessed and files in the user account;
• further information generated when utilising the user account, such as sending the access code via a push message for logging into your user account via the website.

We may also assign you or your end device an individual code (e.g. by means of a cookie). This code is stored for a certain period of time, often only for the duration of your visit. As a rule, we cannot infer who you are from technical data unless you register for the newsletter, e.g. on our website. In this case, we may connect technical data with master data – and thus with you personally.

4.5. Behavioural data
In order to tailor our offers and services to you in the best possible way, we try to get to know you better. For this purpose, we collect and utilise data about your behaviour. Behavioural data includes but is not limited to information about your use of our website. Information concerning the use of our websites and other online services can also be found in Section 6. We may also process your other interactions with us as behavioural data, and we may combine behavioural data with other data (e.g. with anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis if you do not object to this.

4.6. Preference data
Preference data provide us with information about your likely needs and which services might be of interest to you (e.g. when selecting topics for the newsletter). We therefore also process data on your interests and preferences. For this purpose, we can link behavioural data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behaviour.

4.7. Health data
Health data is information about your state of health (e.g. about your diagnoses, examination results, personal or family history, diseases, risk factors, forms of therapy or vaccinations) and your treating doctors. It also includes information about individuals who report adverse events (e.g. side effects) to us about themselves (or others) or report a special case scenario (e.g. exposure during pregnancy, lactation, overdose, lack of efficacy, etc.) or make medical enquiries or complaints about product quality, including health care professionals and carers. This enables us to respond to enquiries and to obtain additional information if necessary.

4.8. Other data
We may also collect information from you in other situations. Data (such as files, evidence, etc.) that may relate to you is collected in connection with official or court proceedings. We may receive or make photos, videos and sound recordings in which you may be identifiable (e.g. at events, by means of security cameras, etc.). We may also collect data about who enters certain buildings and when, or who has such access rights (including for access control purposes, based on registration data or visitor lists, etc.), who participates in events or promotions (e.g. competitions) and when, or who uses our infrastructure and systems and when.

5. For what purposes do we process your data?

We primarily use data that we receive directly from you or your healthcare professional, e.g. in connection with an order for goods or planned/provided services and when you communicate with us. Data about you may also be collected from other sources. These include credit reports and similar information from credit agencies, information from financial service providers if you make payments, and information about you that other persons provide to us, e.g. in the context of official or court proceedings or in the context of communication with us.

We process your data primarily in connection with deliveries, the purchase of goods in our local pharmacy or online via our customer portal and the provision of services. In addition, we may process your data for the purposes specified in detail below and for other purposes that we inform you of separately or are obvious:

• to provide, improve and further develop our offerings and services. For this purpose, we may process data including but not limited to master data, contract data, health data, technical data, behavioural data and preference data;
• to process contracts, including shipping and payment processing, billing with health insurers, to manage receivables and to process returns, complaints and warranty claims. For this purpose, we may process data including but not limited to master, contract, health and communication data. Further information can be found in our GTC ;
• for credit checks when selecting payment methods (purchase on ac-count). In particular, we may process your master data and con-tract data for this purpose;
• in particular, we may process master, contract, health and communication data for communicating with you and with third parties, e.g. in the event of queries to your treating doctor or when processing your enquiries via customer service;
• to submit offers and to cultivate relationships, e.g. when refer-ring to customer events, to send targeted information about our and third-party products, services and customised offers, as well as to design our product range and the presentation of our goods. Data on your ordering and purchasing behaviour, your use of our websites and health data may be used for this purpose. This data may be linked to your personal data if you do not object to this. For this purpose, master data, contract data, technical data as well as behavioural data and preference data may be processed;
• to send reminders as healthcare services, such as notifying you of the expiry of a repeat prescription for prescription medication or of a repeat vaccination. In particular, we may process your mas-ter, contract, health and communication data for this purpose;
• for anonymous statistics and analyses based on data, including health data. To do this, we first anonymise your data. In particu-lar, this may involve your master data and contract data as well as technical data, behavioural and preference data;
• to provide, manage and personalise our websites. Please also see Section 6. We may process your technical data in particular, but also your behavioural and preference data;
• for market and opinion research and media monitoring, we mainly process your contract, behavioural and preference data, but also your technical data;
• to verify and comply with legal obligations. For this purpose, we may collect and process data including but not limited to master data, health data and behavioural data;
• to detect, investigate and prevent misuse, criminal offences and other misconduct (e.g. conducting internal investigations and performing data analyses to combat fraud). For this purpose, we may, in particular, process master, contract, health and communication data as well as your other data;
• to assert and defend against legal claims in connection with legal disputes and official proceedings. For this purpose, we may, in particular, process master, contract, health and communication data, as well as your technical and other data;
• as part of other measures to ensure our IT, building and facility security, as well as to protect our employees and other persons (e.g. access controls, visitor lists, network and email scanners, telephone recordings). For this purpose, we may process data including but not limited to master data, technical data and other data;
• to manage, guarantee and improve our operations, particularly our IT, websites as well as for accounting, archiving, training and other administrative purposes. For this purpose, we may process master, contract data and behavioural data, as well as other data;
• to ensure data quality in our systems, e.g. to prevent multiple or inconsistent recording, we process your master data and technical data in particular;
• for other purposes, e.g. in the context of corporate transactions and related investigations and transfers of personal data and to safeguard other legitimate interests. All the aforementioned categories of personal data may be relevant for this purpose.

6. How do we and third parties process data in connection with your use of websites?
The comments in this Section 6 relate mainly to our websites.

6.1. What data is generated when you use our websites?
Every time our websites are used, technical data is generated for technical reasons and is temporarily stored in log files (as log data) (see Section 4.4 above). We use this data to enable our websites to be utilised to ensure system security and stability and to optimise our websites, as well as for statistical purposes.

Our websites also use cookies, i.e. files that your browser automatically stores on your device. This enables us to distinguish individual visitors from others, but usually without identifying them. Cookies may also contain information about pages visited and the duration of the visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“permanent cookies”) remain stored for a certain period of time (usually a few days to two years) so that we can recognise visitors when they visit us later and store, for instance, your user preferences, such as the language you choose and your login details. We may also use other technologies to recognise website visitors. For example, data such as the characteristics of the device you are using or the identification number of your mobile device are stored.

We may use visible and invisible image elements in our websites, newsletters and marketing emails. By retrieving them from our servers, we can determine if and when you have opened the e-mail. You can block this feature in your e-mail program.

6.2. How do we and our service providers process data in connec-tion with our websites?
Using cookies and other technologies helps us to understand how you use our websites and newsletters. This enables us to improve our online services and also to display offers tailored to you.

You can set your browser to reject cookies, store them only for one session, or delete them prematurely, or you can uninstall the relevant app if these adjustments cannot be made through its settings. Most browsers are preset to accept cookies. You can find more information on this in your browser's help pages (usually under the heading “Privacy”). If you block cookies, certain features (such as language selection, shopping cart, ordering processes) may no longer work.

Cookies and other technologies may also originate from third-party companies that provide us with certain features. These third-party companies may be located outside Switzerland and the EEA. Cookies and similar technologies from third-party providers may enable them to approach you with personalised advertising on our websites or on other websites and in social networks that also collaborate with these third parties and to measure how effective advertisements are (e.g. whether you arrive at our websites via an advertisement and what actions you then take on our websites). The relevant third-party providers may record website usage for this purpose and combine their records with further information from other websites. In this way, they can record user behaviour across several websites and end devices in order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person. Such processing of your personal data is carried out on the provider's own responsibility in accordance with its own privacy policy.

On our websites, we use, for example, Matomo (formerly Piwik), an open source web analytics platform and service from InnoCraft Ltd (New Zealand), to analyse and statistically evaluate the use of the website. Matomo uses cookies to collect information about your behaviour on our websites and the end device used (tablet, PC, smartphone, etc.), e.g. information about your browser, the websites from which you accessed our websites, the name of your provider, your IP address, date and time of access to the websites, pages visited and length of stay and, if applicable, visits to other websites and apps.

6.3. How do we process data via social media?
If we maintain our own presence as part of a third-party online service (e.g. a YouTube channel), you can communicate with us or comment on or share content there. In doing so, we collect information that we use pri-marily for communication with you, for marketing purposes and for statis-tical evaluations. Please note that the provider of the platform also collects and uses data (e.g. on user behaviour) itself, where applicable together with other data known to it (e.g. for marketing purposes or to personalise the platform content). Where we are jointly responsible with the provider, we will conclude a corresponding agreement with such pro-vider. You may obtain information about the content of this agreement from the provider.

7. How do we process data in connection with information and marketing?

If you provide us with your e-mail address, mobile phone number or postal address as part of a purchase or purchase of a service, an order, a reg-istration or participation in a competition, we will include this as part of your contact details. We may use this information to send you infor-mation about products, services and events. This may take the form of newsletters and other contacts (electronically, by post, by telephone). You can decline such contacts at any time.

8. Who do we disclose your data to?

We comply with the principle of proportionality when disclosing data. Our employees process your data as part of their work activities.

We may disclose your data to other companies within and outside the Galenica Group insofar as we use services from these companies. These include companies of the Galenica Group, but also external service providers.

In certain cases, data may also be disclosed to third parties to process it on their own responsibility or on joint responsibility, e.g. to

• your doctor to clarify queries about your therapy and medication;
• health insurers for the purpose of billing your order and in con-nection with the provision of our related services to third par-ties (e.g. when supporting doctors in connection with applications for reimbursement of costs for individual cases - in this context, the surname, first name, postcode and location of the prescribing service providers are disclosed to the manufacturers of the medi-cines to be reimbursed);
• Swiss and foreign authorities, public offices or courts in the event of proceedings or a surrender request;
• acquirers or interested parties in acquiring business units, companies or other parts of the Galenica Group;
• other parties in potential or pending legal proceedings.

Contracts are concluded with recipients of your data in accordance with the requirements of data protection law.

We may also disclose your data (e.g. name and address or affiliation to a specific customer segment) to other companies in the Galenica Group for advertising purposes but excluding health data and other particularly sensitive personal data. You have the option of objecting to this disclosure at any time by notifying us (Section 3).

9. Where do we process your data?

The recipients of your data process it in Switzerland. Data processing may also take place in the wider European Economic Area, in the USA and potentially worldwide. This applies particularly to countries in which service providers are located (such as Microsoft). If we transfer data to a country that lacks adequate statutory data protection, we ensure an adequate level of protection by means of appropriate contracts (namely based on the Standard Contractual Clauses of the European Commission, which are available for download here) unless a statutory exception applies (e.g. for consent, for the performance of contracts, for the establishment, exercise or enforcement of legal claims, for the protection of overriding public interests, for published data or for the protection of the vital interests of the data subjects). You may obtain a copy of the above-mentioned contractual guarantees at any time from the points of contact named in Section 3.

10. How long do we process your data?

We process and store your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or for the other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Data may be retained for the period in which claims may be asserted against us and to the extent that we are legally obligated to retain it or legitimate business interests require it to be retained (e.g. for evidentiary and documentation purposes; for the fulfilment of our retention obligations as healthcare professionals, this includes your patient file including prescriptions, generally for 10 years). As soon as your data is no longer required for the aforementioned purposes, it will be deleted or anonymised. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system protocols, logs).

11. How do we protect your data?

We take appropriate technical (e.g. encryption, pseudonymisation, logging, access restriction, data backup, etc.) and organisational (e.g. instructions to our employees, confidentiality agreements, audits, etc.) security measures to maintain the security of your data, to protect it against unauthorised or unlawful processing and to prevent the risk of loss, accidental alteration, unwanted disclosure or unauthorised access. This includes, for example, issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.

12. What applies to profiling?

We process your data partially automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice on products and services.

13. What rights do you have in relation to the processing of your data?

You have the right of access to, rectification and deletion of your data, provided that there are no overriding interests on our part or to legal or regulatory obligations to the contrary. You can object to data processing, revoke consent and request the surrender of certain data.

In general, exercising your rights requires that you clearly prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert your rights, you may contact us at the points of contact specified in Section 3.

In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).


14. Can this Privacy Policy be amended?

This Privacy Policy is not part of a contract. We may amend this Privacy Policy at any time. The version published on our website is the current version.

Version of 2024, August 1st