Privacy policy

Thank you for visiting our website. We would like to inform you below about the processing of your personal data on our website.

Person in charge

SDS Swiss Dental Solutions AG

Konstanzerstrasse 11

8280 Kreuzlingen

Contact:

Oil.: +41 71 556 3670

E-Mail: info@swissdentalsolutions.com

Data Protection Advisor

DDSK GmbH

Annalena Arndt

Dr.-Klein-Str. 29

88069 Tettnang

E-Mail: datenschutz@swissdentalsolutions.com

The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR or Art. 5 DSG. The terms "user" and "website visitor" are used interchangeably in our privacy policy.

General information on data processing on the website

Automated data processing (log files, etc.)

Our site can be visited without any active personal information about the user. However, we automatically store access data (server log files) such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as for security reasons, e.g. to detect attacks on our website, the IP address of the device used for a period of 7 days. This data is not combined with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and misuse of the website.

Categories: Meta and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which the access is made (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent))

Purpose of processing: Prevention and detection of errors/malfunctions, detection of misuse of the website

Rechtsgrundlage: Legitimate interest pursuant to Art. 6 (1) (f) GDPR; Overriding interests pursuant to Art. 31 para. 1 FADP

Legitimate interests: Fraud prevention to detect misuse of the website

Necessary cookies (functionality, opt-out links, etc.)

In order to enable the use of the basic functions on our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard internet technology used to store and retrieve information for users of the website. Cookies represent information and/or data that can be stored, for example, on the user's device. With classic cookie technology, the user's browser is instructed to store a certain piece of information on the user's device when a particular website is accessed.

Strictly necessary cookies are used to provide a telemedia service expressly requested by the user, e.g.:

- Cookies for error analysis and security purposes

- Cookies for storing logins

- Cookies used to store data in online forms, provided that the form extends over several pages

- Cookies for storing (language) preferences

- Cookies to store items placed in the shopping cart by users in order to complete the purchase

- Cookies to store consent or withdrawal (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e. when the browser is closed.

Cookies can be deleted by users at a later date in order to remove data that the website has placed on the user's computer.

Opt out: Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge:

https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:

Hatpas://help.opera.com/en/latest/security-and-privacy/

Safari

Hatps://support.apple.com/de-de/hat201265

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR, Art. 31 (1) FADP), consent (Art. 6 (1) (a) GDPR, Art. 31 (1) FADP)

Legitimate interests: Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

Storage and processing of unnecessary information and data

Beyond what is necessary, user data may be processed by means of cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalized advertising, etc. In the process, data may be transmitted to third-party providers. The storage and further processing of user data, which is not absolutely necessary to provide the telemedia service, is then carried out on the basis of consent within the meaning of Art. 6 (1) (a) GDPR, Art. 31 (1) DSG.

Consent Management Platforms

We use a consent management procedure on our website in order to be able to verifiably store and manage the consent given by website visitors in accordance with data protection requirements. The consent management platform we use helps us to detect all cookies and tracking technologies and control them based on the consent status. At the same time, visitors to our website can use the consent management service integrated by us to manage the consents and preferences given (optional setting of cookies and other technologies that are not required) or revoke consent at any time via the button.

The status of the consent is stored on the server side and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of the declaration of consent is recorded.

Categories Data: Consent data (consent so-called consent ID and number, time of consent, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Accountability Fulfillment, Consent Management

Legal bases: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)

Cookiebot

Receiver: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Dänemark

Third-country transfers: On the basis of the FDPIC's adequacy decision for Denmark (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Content Management System (with data transmission)

Web-based application with data transmission to CMS providers through installed plugins

We use a so-called Content Management System (CMS) to edit, organize and display digital content on our website. The application is used web-based on the provider's servers.

With the help of the CMS, our website can be created, edited and managed and equipped with the necessary functions (e.g. forms, blogs, images and other digital content). In addition, the website designed by the CMS helps to make our website easier to find on the search engine results page (SERP) when queries are made by users.

The support of an integrated firewall within the CMS ensures that our website is protected from external attacks and thus prevents misuse of the website. This is done by the additional installation of so-called security plugins in our CMS. A plugin is third-party content that stores, logs and automatically transmits usage data of the website to the third-party provider. The plugin is used for error analysis and vulnerability identification.

In addition, we ensure that the CMS goes through regular updates and patches to ensure the security of our website, which is based on the CMS.

Categories Data: Usage data (e.g. websites visited, access time), meta and communication data (e.g. device information, anonymized IP address), interaction data (interest in content, etc.)

Purposes of processing: Creating, editing and managing page content, storing and archiving data, creating landing pages, statistics, reach measurement

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Elementor Ltd.

Receiver: Elementor Ltd., Ramat Gan, Tuval St 40, Ramat Gan, Israel

Third-country transfers: On the basis of the FDPIC's adequacy decision for the Land of Israel (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Wordpress

Receiver: Automattic Inc. 60 29th Street #343 San Francisco, CA 94110, USA

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://wordpress.com/support/data-processing-agreements/)

Directus Cloud

Receiver: MONOSPACE INC. /DBA/ Directus 223 Bedford Ave STE A #855 Brooklyn, NY 11211

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries[AA1]

Hosting (inkl. Content Delivery Network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialized service provider, we can provide our website efficiently. The data is not processed by the hosting provider used by us for its own purposes.

We also use a so-called Content Delivery Network (CDN) in order to be able to provide content from our website more quickly. For example, when website visitors access graphics, scripts, or other content, it is delivered quickly and in a streamlined manner using regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Categories Data: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Proper presentation and optimisation of the website, faster and location-independent accessibility of the website

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 FADP); legitimate interests (Art. 6 para. 1 lit. f) GDPR, Art. 31 para. 1 FADP)

Legitimate interests: Avoidance of downtime, high scalability, reduction of bounce rate on the website

Bootstrap CDN

Receiver: ProspectOne, Królewska 65A, 30-081 Karków, Poland

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Third-country transfers: On the basis of the FDPIC's adequacy decision for Poland (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Vercel Inc.

Receiver: Vercel Inc., 440 N Barranca Ave #4133 Covina, CA 91723

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries[AA2]

Hetzner

Receiver: 25, 91710 Gunzenhausen, Germany

Third-country transfers: On the basis of the FDPIC's adequacy decision for the country of Germany (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Website Support & Consulting, Web Agency

For the support and advice for services and applications on our website, we have commissioned a web agency. This supports us in all activities related to the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.

The inspection of personal data, such as data from forms or log data of website visitors, cannot be ruled out. The web agency therefore acts as a so-called processor for us and acts exclusively on our instructions. Data will not be processed for other purposes.

Categories Data:Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address), content data (e.g. text information)

Purposes of processing:Support in web analysis and optimisation, analysis of user behaviour on the website (website interaction) for web optimisation and reach measurement, checking the utilisation of the website

Legal bases: Legitimate interests (Art. 6 para. 1 lit. f) GDPR, Art. 31 para. 1 FADP)

Legitimate interests: Assistance and support in website maintenance through a high level of technical expertise, efficiency through outsourcing

W3

Receiver: W3 digital brands GmbH, Theodor-Heuss-Str. 1, 78467 Konstanz

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Web Analytics & Optimization

On our website, we use methods for analysing user behaviour and measuring reach. For this purpose, information about the behaviour, interests or demographic information about visitors is collected in order to determine whether and where our website needs to be optimised or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).

In addition, we can measure the click and scroll behavior of website visitors. Among other things, this helps us to identify when our website, its functions or content are busiest.

The collection of this data is made possible by the use of certain technologies (e.g. cookies). As part of client-side tracking, these are stored on users' end devices when they visit our website.

We take precautions to protect the identity of our website visitors. For the purposes described, we do not process any clear data of website visitors.

Categories Data: Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymized IP addresses, location data), contact data (e.g. e-mail address), content data (e.g. text information)

Purposes of processing: Checking the status of the achievement of goals (success monitoring) of all online activities: analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website, lead evaluation, increase in sales, budget control

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 FADP)

Google Tag Manager

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries (https://policies.google.com/privacy/frameworks?hl=de)

Google Analytics

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Google Enabled Universal Analytics

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Google Optimize

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Hotjar

Receiver: Hotjar Ltd., Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta

Third-country transfers: An adequacy decision has been taken by the FDPIC for the country of Malta. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Marketing online

Search Engine Marketing (Advertising in Search Engines)

We use methods for search engine marketing. Search engine marketing includes all measures that are suitable to improve the visibility of our website in the organic or non-organic search results of search engines, to increase our reach and thus to increase traffic (visitor traffic) to our website. In addition, we can generate new prospects (leads) with the help of search engine marketing.

Search engine advertising can be done on various external platforms or websites. The advertisements are shown to users in the form of text or display or video ads.

Using our tracking tool, we first create a campaign for search engine advertising and store various dimensions there that are to be recorded by the search engine provider we have selected, e.g. user location, device information and target groups (demographic characteristics). This allows us to gain further insights into the interests in our content/products and to identify trends if necessary.

Key Word Advertising

In addition, our ad is linked to special keywords (search words) that we have defined in advance and a link. The ad will then also appear to users who make a search query for a specific keyword that we have defined in advance. These are related to our products or services.

The procedure is implemented by means of a cookie or similar technology. When a visitor visits our website or searches for a specific keyword within the search engine used (e.g. Google), a cookie or similar technology is placed on the website visitor's device. This data can be, for example, the locations of users and device information, which is transmitted to the server of the search engine provider. The search engine provider aggregates this data and provides it to us automatically in the form of a statistical evaluation via a dashboard in our account with the search engine provider.

The statistics tell us which ad we clicked on, how often and at what prices. Because we incur costs with every click on an ad, these clicks on external platforms and websites are recorded via our tracking tool. The recording is used for budget control. We cannot identify individual users based on this information.

Conversion measurement (measuring the success of our ads)

We can determine the success of our advertisements on the basis of aggregated data that is made available to us by the search engine provider (so-called conversion measurement). This allows us to understand whether a marketing measure to a so-called event (e.g. Download pdf or play a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation is provided to us in the form of statistics via our tracking tool and is used to analyse the success of our online activities (success monitoring). It helps us to derive measures to improve the so-called customer journey.

Hint:

Data of the website visitor (e.g. Name and e-mail address) can be assigned directly if they are logged in to your search engine provider account. If an assignment via the profile is not desired, the website visitor must log out of the search engine provider before visiting our website.

Categories Data: User and interaction data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, anonymised IP addresses), location data if applicable

Purposes of processing: Increasing sales and reach, measuring conversions, targeting, identifying trends to develop marketing strategies

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

LinkedIn Ads (LinkedIn Insight Tag)

Receiver: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries (https://www.linkedin.com/legal/l/customer-sccs)

Google Ads

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Google Ad Manager

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Social Media Presence

We maintain a company profile on social networks and career platforms in order to increase visibility among potential customers and prospects and to make our company visible to the public.

Social networks help us to increase our reach and actively promote interaction and communication with users. Social media activity and communication is highly valued in attracting new customers and employees. Relevant information about our company can be shared via social media and the website, events can be published and important short-term announcements and job advertisements can be communicated. They also help us to get in touch with users quickly and easily.

Social media platform operators create so-called user profiles based on users' usage behaviour, such as the indication of interests (likes, shares). These are used to tailor advertisements to the interests of target groups. When users are active on social media channels, cookies or other technologies are regularly stored on users' devices, sometimes regardless of whether they are registered users of the social network.

Insights (Statistics)

The data evaluated by the social media platform operators is provided to us in the form of anonymized statistics, which means that they no longer contain any personal data of users. Based on the statistics, we can see, for example, how often and at what time our social media profile was visited. At present, it is not possible for fan page operators to disable this function. We therefore have no influence on the extent to which the data is processed by social media platforms.

Social Media Messenger

In connection with the use of social media, we may use the associated messengers in order to be able to communicate with users in an uncomplicated manner. The security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the social media platform operator can draw conclusions about whether and when users communicate with us. Location data may also be collected.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can result in risks for users because it makes it more difficult to enforce their rights.

Categories Data: User name (e.g. surname, first name), contact data (e.g. e-mail address), content data (e.g. text information, photographs, videos), usage and interaction data (e.g. websites visited, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, location data if applicable)

Purposes of processing: Increased reach, increased awareness, fast networking

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR, Art. 31 (1) FADP), consent (Art. 6 (1) (a) GDPR, Art. 31 (1) FADP)

Legitimate interests: Interaction and communication on social media presence, increase profits, insights into target groups, recruitment of employees

Instagram

Receiver: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Opt-out link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries

Facebook

Receiver: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Opt-out link: https://www.facebook.com/policies/cookies/

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries

Receiver: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Kununu

Receiver: NEW WORK AUSTRIA XING kununu onlyfly GmbH, Schottenring 2-6, 1010 Wien, Austria

Third-country transfers: An adequacy decision of the FDPIC for the country of Austria has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

YouTube

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Xing

Receiver: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Social Media Marketing

We use our social media channels to promote our products and services. Our goal is to address a broad community that we cannot reach via classic advertising channels, e.g. in offline marketing (e.g. flyers). Social media advertising is displayed to users in the form of text, display or video ads on their social media channels.

Targeting

As part of our social media channels, we use so-called targeting methods to track certain user activities (interactions) in order to ensure that our ads are delivered in a targeted manner. In doing so, we use the processes and technologies of various social media providers. A common technology is the so-called pixel.

We install this pixel in the source code of our website. This ensures that users' navigation is recorded. When users interact with our website or our advertisement on social media, the pixel records the people and the actions they take (e.g. clicks on ads, bounces on websites) and they store which pages and subpages have been viewed.

Products and services of our advertisements that have been viewed, but not purchased, are analysed using the technologies used. This is to display real-time and behavioral advertising to potential customers on various social media platforms.

Conversion measurement (measuring the success of our ads)

We can determine the success of our advertisements on the basis of aggregated data that is made available to us by the social media provider (so-called conversion measurement). This allows us to understand whether a marketing measure to a so-called event (e.g. Download pdf or play a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation is provided to us in the form of statistics via our tracking tool and is used to analyse the success of our online activities (success monitoring). It helps us to derive measures to improve the so-called customer journey.

Categories Data: Usage and interaction data (e.g. websites visited, interests, access times), Meta and communication data (e.g. device information, IP address, location data if applicable)

Purposes of processing: Expansion of reach, reach analysis and statistical evaluations, increase in sales

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Plugins and integrated third-party content

Our website includes functions and elements that are obtained from third-party providers. These include, for example, videos, representations, buttons, map services or articles (hereinafter referred to as content ). If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and linked to the website visitor's end device in the form of cookies or other technologies (e.g. pixels, Java script commands or web assembly) and transmitted to the server of the third-party provider used. As a result, the third-party provider receives usage and interaction data of the website visitor and provides it to us in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics, not clear data from users.

Without this editing process, it is not possible to load and display this third-party content.

In order to protect the personal data of website visitors, we have taken precautions to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

Categories Data: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, anonymized IP address)

Purposes of processing: Sharing posts and content, interest- and behavior-based marketing, analysis of statistics, cross-device tracking, increasing the reach of ads on social media

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Facebook Social Plugins

Receiver: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries

Google Fonts

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Google Maps

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

YouTube

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Google ReCaptcha

Receiver: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

Music and podcast (with data transmission)

On our website, we offer the possibility to use audio content for listening to or downloading. For this purpose, we use service providers who enable us to make this content available to visitors to our website.

If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and stored in the form of cookies or other technologies (e.g. pixels, Java script commands or web assembly) on the end device of the website visitor and user of the third-party content and transmitted to the third-party provider's server. As a result, the third-party provider receives usage and interaction data of the website visitor and provides it to us in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics, not clear data from users.

Without this editing process, it is not possible to load and display this third-party content.

We have integrated these third-party plugins into our CMS. The CMS provider also receives information about the data collected here.

Categories Data: Usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Marketing, increase in awareness, expansion of target group

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

Spotify

Receiver: Spotify AB, Regeringsgatan 19, Stockholm 111 53, Schweden

Third-country transfers: An adequacy decision has been taken by the FDPIC for the country of Sweden. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Vimeo

Receiver: Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries (https://www.vimeo.axdraft.com/)

Survey services (with data transfer)

We conduct surveys and interviews (hereinafter referred to as "Surveys") on our website from time to time. This helps us to improve our offerings and better respond to the needs of our customers. It is not necessary to be able to understand whether we can assign feedback to a specific person. Prior to the evaluation of the user survey, the data that we process for the provision and technical implementation of our surveys is anonymized. Participation in the survey is voluntary.

Categories Data: Meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times), master data (e.g. name, address), contact data (e.g. e-mail address, telephone number)

Purposes of processing: Marketing, customer loyalty and new customer acquisition, improvement and optimisation of the offer

Rechtsgrundlage: Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

SurveyMonkey

Receiver: SurveyMonkey Inc., 1 Curiosity Way, San Mateo, CA 94403, USA

Newsletter and mass communication (with tracking)

On our website, users have the option of subscribing to our newsletter or any notifications through various channels (hereinafter referred to as the newsletter). Within the framework of the legal provisions, we only send newsletters to recipients who have consented to receive the newsletter. We use a selected service provider to send our newsletter.

In order to subscribe to one of our newsletters, you must provide an e-mail address. We may collect additional data, such as: the name to provide our newsletters with a personal address.

Our newsletter will only be sent after the so-called double opt-in procedure has been completed. If website visitors decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and to prevent the sending of the newsletter from being triggered by a simple, possibly accidental click. You can stop subscribing to our newsletter at any time for the future. An unsubscribe link (opt-out link) is included at the end of each newsletter.

In addition, we are obliged to provide proof that our subscribers actually intended to receive the newsletter. For this purpose, we collect and store the IP address as well as the time of registration and logout.

Newsletter Tracking

Our newsletters are designed in such a way that we are able to gain insights into improvements, target groups or the reading behavior of our subscribers. This enables us to use a so-called web beacon or tracking pixel that reacts to interactions with the newsletter, for example whether links are clicked, the newsletter is opened at all or at what time the newsletter is read. For technical reasons, we may assign this information to individual subscribers.

Categories Data: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)

Purposes of processing:Marketing, customer loyalty and new customer acquisition, analysis and evaluation of the success of the campaign

Rechtsgrundlage:Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)

CleverReach

Receiver: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Mailchimp

Receiver: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries (https://mailchimp.com/de/legal/data-processing-addendum/)

Rapidmail

Receiver: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany

Third-country transfers: The FDPIC has taken an adequacy decision for the Land of Germany.https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Microsoft Dynamics 365

Receiver: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to third countries https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses)

Promotional communication

We also use the data provided to us, which we have received, for example, in the context of an order or commissioning of a service, etc., for advertising purposes, in particular to inform you about news from us or from our product portfolio on various channels. An advertising approach on our part takes place within the framework of the legal requirements and – if necessary afterwards – after obtaining consent. If the recipients of our advertising do not wish to receive this, they can inform us at any time and issue an objection or revocation. For this purpose, you can use the unsubscribe button in our e-mail. Only those users who have not already objected to a mailing in advance will receive our advertising approach.

We have commissioned a service provider to send the advertising approach. He acts exclusively on our instructions. The data will not be processed for purposes other than sending.

Categories Data: Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number if applicable)

Purposes of processing: Direct marketing

Rechtsgrundlage:Consent (Art. 6 para. 1 lit. a) GDPR Art. 31 para. 1 FADP), legitimate interests (Art. 6 para. 1 lit. f) GDPR Art. 31 para. 1 FADP)

Legitimate interests: Retention of existing contacts and acquisition of new contractual partners, information about similar goods and services

WhatsApp Broadcasts

Receiver: WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA

Third-country transfers: On the basis of the standard contractual clauses, including additional measures and risk analysis for the transfer to a third country (https://www.whatsapp.com/legal/business-data-transfer-addendum)

Sweepstakes and Contests

We use our online presence to run sweepstakes and/or contests. In doing so, we process the data of the campaign participants required for the implementation of the respective campaign. This also includes such data as we need to inform the winner and distribute the prize.

Depending on the nature of the Promotion, entries may be published by or about the Contest Entries, for example, when reporting on the Promotion or when a vote on a Participant's submission is part of the Promotion. The name of the participant will also be published. Which data we process in each individual case depends on the specific action carried out and on what data we receive from the participant.

The execution of the respective promotion on our presence in a social network is also subject to the terms of use and data protection of the respective network.

Categories Data: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photos, videos)

Purposes of processing: Implementation of the competition including distribution of prizes and announcement of the winner in various media

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Events & Events

On our website, visitors have the opportunity to register for events and functions. The information collected by us and required for the initiation and fulfilment of the contract is marked as mandatory information. The provision of additional data is voluntary.

Categories Data:Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), transaction data (bank details, invoices, payment history), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Contract initiation and execution

Legal bases:Contract initiation and execution (Art. 6 para. 1 lit. b) GDPR; Art. 31 (2) (a) GDPR), consent (Art. 6 (1) (a) GDPR; Art.31 para.1 FADP)

Shopware

Receiver: shopware AG, Ebbinghoff 10, 48624 Schöppingen

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

eCommerce and payment methods

Online Shop and Orders

We offer our customers the opportunity to use our online shop on our website and to purchase our products from here.

We collect the data required from users or buyers for the initiation and execution of the contract.

If users visit our online shop and add items to their shopping cart, cookies are stored on the user's device to ensure that the items remain in the shopping cart until the end of the ordering process. As part of the process, no data is transmitted to third parties by means of cookies. We have also not integrated any third-party elements via the shopping cart function.

Users or customers will receive an automatically generated e-mail from us after completing the order process, which confirms the successful execution of the order. Our customers will be informed about the status of their order (e.g. estimated delivery date) separately by e-mail, if necessary.

Categories Data: Master data (e.g. name, address, country), contact data (e.g. e-mail address), contract data (e.g. order history, payment data and means of payment), meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in products/services, access times), data of returns (e.g. information about the article, processing request)

Purposes of processing: Contract initiation and execution, interest-based advertising, customer account-related discounts, if applicable, direct marketing

Legal bases: Contract initiation and execution (Art. 6 para. 1 lit. b) GDPR; Art. 31 para. 2 lit. a FADP), legitimate interests (Art. 6 para. 1 lit. f) GDPR; Art.31 para.1 FADP)

Legitimate interests: Increasing sales, enabling the purchase of products in the online shop regardless of location and time is in the potential interest of users

WooCommerce

Receiver: Automattic Inc. 60 29th Street #343 San Francisco, CA 94110, USA

Shopware

Receiver: shopware AG, Ebbinghoff 10, 48624 Schöppingen

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Payment

In order to be able to make and receive payments or subsidies easily, we use banks and other credit institutions as well as various payment service providers.

In order to make transactions particularly convenient and uncomplicated for visitors to our website, payments to us can also be made via payment service providers. The payment service providers process the data required for the transaction. When using the payment service provider, we do not receive any of the data that visitors to our website have provided to them. When using a payment service provider, we only receive information with confirmation or negative information about the payment.

Categories Data:Master data (e.g. name, address), transaction data (bank details, invoices, payment history), contract data (e.g. subject matter of the contract, duration), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number)

Purposes of processing: Simplification of order and payment processing, outsourcing, data economy

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR; Art.31 para.1 FADP)

Legitimate interests: Simplification of workflows, resource-efficient fulfillment, service

PayPal

Receiver: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg

Third-country transfers: An adequacy decision has been taken by the FDPIC for the country of Luxembourg. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Internal area and digital services

Single sign-on procedure (authentication procedure)

In order to make it easier for users to log in to our website, we use so-called single sign-on procedures (hereinafter referred to as SSO). This allows users to log in to our website using the credentials of a single sign-on provider and does not need to maintain any other credentials.

The use of the single sign-on procedure requires that the user has created an existing user account with the respective provider, e.g. a social network.

If a user opens the login window on our website and selects the desired provider for registration, he or she will be redirected to the website of the selected provider, which will prompt the user to enter their login details. When the login data is entered, the provider stores information in the form of cookies or other technologies on the user's end device in order to authenticate the user with further information.

As soon as the provider has validated the user's login information, the provider sends a so-called token or certificate to the user's browser, which is automatically passed on to our website. This gives us the information about the successful authentication. The user is assigned an identification identifier, so-called ID, which is summarized together with other information and made available on our web server.

If the user is already logged in to the provider's website, registration via single sign-on is possible by pressing the corresponding button.

By logging in via the SSO procedure, we usually receive the user's e-mail address and username. We will not be able to view the password you have entered, nor will it be stored by us.

What other data we receive may vary and depends on the SSO procedure and provider used as well as the account settings made by the user. For data that is not required, e.g. profile information of the user of the social network, which is automatically provided to us in connection with the registration, the explicit consent of the users is required. This consent will be obtained prior to registration via the SSO procedure.

If a user logs on to our website via a single sign-on provider, the provider receives the information that and when a user has logged in via the procedure on our website.

Categories Data: User data (e.g. e-mail address, user name, user handles (e.g. authentication confirmation), meta and communication data (e.g. access times or date and time of the login), if applicable, profile details that have been publicly released by users (e.g. surname, first name, address, etc.)

Purposes of processing: Simplifying the registration process on our website if users do not wish to register on our website

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Auth0, Inc.

Receiver: Okta, Inc., 100 First Street, Floor 6, San Francisco, CA 94105, USA

Contact

We offer website visitors the opportunity to contact us directly or to obtain information through various contact methods. In order to have an overview of contacts with us, we use a management tool / our CRM system to process corresponding requests.

In the event of contact, we will process the data of the person making the enquiry to the extent necessary to answer or process the enquiry. Depending on how you contact us, the data processed may vary.

Categories Data: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing: Processing of enquiries

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR; Art. 31 para. 1 FADP), performance or initiation of a contract (Art. 6 para. 1 lit. b) GDPR Art. 31 para. 2 lit. a FADP)

Microsoft Dynamics 365

Receiver: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Downloads (white papers, product information)

We offer the possibility to make downloads on our website in order to provide our visitors with up-to-date or concerning information. In some cases, our visitors can download pdfs without this being recorded by our system. There is no tracking or statistical evaluation.

The download is then done via a download link, which is made available to our users by e-mail.

Categories Data: Meta and communication data (e.g. device information, IP addresses), usage data (e.g. access time)

Purposes of processing: Marketing, acquisition of new customers, increase in sales

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Microsoft Dynamics 365

Receiver: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Online meetings, webinars, online events

We make use of the possibility to hold online meetings and/or webinars as well as events or events. For this purpose, we use the offers of other providers, which we have carefully selected. In the case of the active use of such offers, data of the communication participants will be processed and stored on the servers of the third-party providers used, insofar as it concerns data required for the communication process. As part of the selection of providers, we ensure that communication via the selected services is end-to-end encrypted.

Categories Data:Master data (e.g. surname, first name), contact data (e.g. e-mail address), content data (e.g. text entries), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:Processing of enquiries, increasing efficiency, promoting cross-company and cross-site collaboration

Legal bases:Consent (Art. 6 para. 1 lit. a) GDPR; Art.31 para.1 FADP)

Microsoft Teams

Receiver: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Further information on data processing

Transmission

We transfer the personal data of website visitors for internal purposes (e.g. for internal administration) within the Group. The internal data transfer or disclosure of the data takes place to the extent necessary in compliance with the relevant data protection regulations.

In order to perform contracts or to comply with a legal obligation, it may be necessary for us to pass on personal data. If the necessary data is not provided to us, it may not be possible to conclude the contract with the data subject.

If your data is processed outside Switzerland, to so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR, Art. 16 FADP et seq. FADP. In doing so, we take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the transfer to a third country is specified in our privacy policy for the respective recipients.

Rechtsgrundlage: Legitimate interests (Art. 6 para. 1 lit. f) GDPR, Art. 31 para. 1 FADP)

Legitimate interests: So-called small group privilege, centralized management and administration in the company to exploit synergy effects, cost savings, increase in effectiveness

Receiver: SDS Deutschland GmbH, Bücklestrasse 5a, 78467 Konstanz

Third-country transfers: An adequacy decision of the FDPIC for the country of Germany has been issued. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)

Job processing

Recipients may work for us as so-called order processors. We have concluded so-called "order processing agreements" with them in accordance with Art. 28 (3) GDPR, Art. 9 DSG. This means that the processors are only allowed to process your personal data in a way that we have explicitly instructed them to do. Data processors take adequate technical and organisational measures to process your data securely and in accordance with our instructions.

Storage period

We retain visitor data for as long as necessary to provide our services or as provided by another law or regulation to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to comply with legal obligations (e.g. we are obliged to keep documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

Automated decision-making (including profiling)

We refrain from automated decision-making or profiling in accordance with Art. 22 GDPR, Art. 21 DSG.

Rights of data subjects

Right of access: In accordance with Art. 15 GDPR and Art. 25 DSG, data subjects have the right to request confirmation as to whether we are processing data concerning them. You may request access to this data as well as the further information listed in Art. 15 (1) GDPR and a copy of your data.

Right to rectification: In accordance with Art. 16 GDPR; Art. 32 para. 1 FADP gives you the right to request the correction or completion of the data concerning you and processed by us.

Right to erasure: Data subjects have the right to demand the immediate deletion of data concerning them in accordance with Art. 17 GDPR and Art. 32 DSG. Alternatively, they may be requested by us in accordance with Art. 18 GDPR; Art. 32 FADP to restrict the processing of their data.

Right to data portability: In accordance with Art. 20 GDPR and Art. 28 DSG, data subjects have the right to demand the provision of the data provided to us by them and to request their transmission to another controller.

Right to lodge a complaint:Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 GDPR and Art. 49 FADP.

Right to object: Insofar as personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, Art. 31 para. 1 DSG, data subjects have the right to object to the processing of their personal data insofar as there are reasons for doing so that arise from their particular situation or the objection is directed against direct marketing. In the latter case, data subjects have a general right to object, which will be implemented by us without specifying a particular situation.

Revocation

Some data processing operations are only possible with the explicit consent of the data subjects. You have the option of revoking your consent at any time without giving reasons. All you need to do is send an informal message by e-mail to: datenschutz@swissdentalsolutions.com. The consent to data processing operations on our website can be adjusted and revoked directly in our Consent Manager. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

External Links

On our website you will find links to the online services of other providers. We would like to point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.

Changes

We reserve the right to adapt the data protection information on our website at any time in the event of changes and in compliance with the applicable data protection regulations in order to ensure that they comply with data protection requirements.

This privacy policy has been prepared by

DDSK GmbH

www.ddsk.de