Privacy policy

This Privacy Policy provides information about how we process personal data in connection with our activities and operations, including our website. In particular, we explain what personal data we process, how we process it, and where we process it. We also provide information about the rights of individuals whose data we process. We may publish additional privacy policies or other information regarding data protection for specific or additional activities and operations.

1. Contact Information

The data controller is:

Zahnkronenhalle GmbH
Rämistrasse 2
CH-8001 Zurich
+41 44 221 21 21
info@zahnkronenhalle.ch

In specific cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties. We are happy to provide data subjects with information regarding the respective responsibility upon request.

2. Definitions and Legal Basis

2.1 Definitions

Data Subject: A natural person whose personal data we process.

Personal data: All information relating to an identified or identifiable natural person.

Sensitive personal data: Data regarding trade union, political, religious, or ideological views and activities; data regarding health, sexual life, or membership in an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data regarding criminal or administrative sanctions or proceedings; and data regarding social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, saving, modifying, disseminating, linking, destroying, and using personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

3. Nature, Scope, and Purpose of Personal Data Processing

We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The processed personal data may fall, in particular, into the categories of browser and device data, content data, communication data, metadata, usage data, master data (including inventory and contact data), location data, transaction data, contract data, and payment data. The personal data may also constitute special-category personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is permitted.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to comply with legal obligations or to safeguard legitimate interests. We may also request consent from data subjects even when their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, in particular in accordance with statutory retention and statute of limitations periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include, in particular, specialized providers whose services we utilize.

We may disclose personal data, for example, to banks and other financial service providers, government agencies, educational and research institutions, consultants and attorneys, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media outlets, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

5. Communication

We process personal data to communicate with individuals as well as with government agencies, organizations, and companies. In doing so, we process, in particular, data that a data subject provides to us when contacting us, for example, by mail or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data about other individuals to us are obligated to independently ensure the data protection of those data subjects. In particular, they must ensure that such data is accurate and may be transmitted.

6. Job Applications

We process personal data regarding applicants to the extent necessary to assess their suitability for employment or for the subsequent performance of an employment contract. The required personal data is derived in particular from the information requested, for example in the context of a job posting. We may publish job postings with the assistance of suitable third parties, for example in electronic and print media or on job portals and recruitment platforms.

We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, and other application documents, as well as online profiles.

7. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. Through our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the personal data processed, without, however, being able to guarantee absolute data security.

Access to our website and our other digital presence is secured via transport encryption (SSL/TLS, specifically using the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn users before visiting a website without transport encryption.

Our digital communications—like all digital communications in general—are subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the processing of personal data by intelligence agencies, police departments, and other security authorities. Nor can we rule out the possibility that a data subject may be specifically monitored.

8. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process it there or have it processed there.

We may disclose personal data to any country on Earth or elsewhere in the universe, provided that the local law ensures adequate data protection in accordance with a decision by the Swiss Federal Council.

We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that adequate data protection is ensured for other reasons, in particular based on standard data protection clauses or other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific legal requirements for data protection are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards or supply a copy of such safeguards.

9. Rights of Data Subjects

9.1 Data Protection Rights

We grant data subjects all rights in accordance with applicable law. Data subjects have the following rights in particular:

  • Right of access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data being processed as such, as well as details regarding the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
  • Rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
  • Right to express one’s own point of view and human review: Data subjects may, in the case of decisions based exclusively on automated processing of personal data that have legal consequences for them or significantly affect them (automated individual decisions), express their own point of view and request a review by a human.
  • Erasure and objection: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
  • Data disclosure and data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may defer, restrict, or refuse the exercise of data subjects’ rights within the legally permissible scope. We may inform data subjects of any conditions that must be met for the exercise of their data protection rights. For example, we may refuse to provide information in whole or in part, citing confidentiality obligations, overriding interests, or the protection of other individuals. We may also, for example, refuse to delete personal data in whole or in part, particularly by citing statutory retention obligations.

We may, in exceptional cases, charge a fee for the exercise of these rights. We will inform data subjects in advance of any such costs.

We are obligated to identify data subjects who request information or assert other rights through appropriate measures. Data subjects are required to cooperate.

9.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal channels or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, the recognition of a browser upon the next visit to our website and thereby, for example, the measurement of our website’s reach. Permanent cookies can also be used, for example, for online marketing.

Cookies can be fully or partially deactivated, restricted, or deleted at any time in the browser settings. Browser settings often also allow for automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request—at least to the extent required by applicable law—your express consent to the use of cookies.

10.2 Logging

For every visit to our website and our other digital presence, we may log at least the following information, provided that this information is transmitted to our digital infrastructure during such visits: Date and time, including time zone; IP address; access status (HTTP status code); operating system, including user interface and version; browser, including language and version; specific subpages of our website accessed, including the amount of data transferred; the last webpage accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to ensure that our digital presence is available on a permanent, user-friendly, and reliable basis. The information is also necessary to ensure data security—including through third parties or with the assistance of third parties.

10.3 Web Beacons

We may incorporate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are typically small, invisible images or JavaScript scripts that are automatically retrieved when you access our digital presence. Tracking pixels can capture at least the same information as is recorded in log files.

11. Third-Party Services

We use services from specialized third parties to ensure that we can carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. These services allow us, among other things, to embed functions and content into our website. When such embedding occurs, the services used collect users’ IP addresses—at least temporarily—for technically necessary reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data required to provide the respective service.

Digital Infrastructure

We use services from specialized third parties to access the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

METANET: Hosting; Provider: METANET AG (Switzerland); Data protection information: Privacy Policy, “Technical and Organizational Measures.”

12. Final Notes on the Privacy Policy

We may update this Privacy Policy at any time. We will notify you of updates in an appropriate manner, in particular by publishing the current version of the Privacy Policy on our website.