We are pleased to welcome you to our website. Below we would like to inform you about the processing of your personal data on our website.
Controller
SDS Swiss Dental Solutions AG
Konstanzerstrasse 11
8280 Kreuzlingen
The data controller for processing activities on this website is:
SDS Swiss Dental Solutions AG
Konstanzerstrasse 11
8280 Kreuzlingen
Tel.: +41 71 556 3670
Email: datenschutz@swissdentalsolutions.com
Contact:
Tel.: +41 71 556 3670
Email: info@swissdentalsolutions.com
Definitions
The technical terms used in this Privacy Policy are to be understood as defined in Article 4 of the GDPR or Article 5 of the Swiss Data Protection Act (DSG). The terms „user“ and „website visitor“ are used interchangeably in this Privacy Policy.
General Information on Data Processing on the Website
Automated Data Processing (Log Files, etc.)
Our website can be accessed without actively providing personal information. However, with each visit, access data (server log files) is automatically stored, such as the name of the Internet Service Provider, the operating system used, the website from which the user visits us, the date and duration of the visit, or the name of the requested file. Additionally, for security purposes, such as detecting attacks on our website, the IP address of the device used is stored for seven days. This data is not combined with other data sources. We process and use this data for the following purposes:
- Provision of the website
- Prevention and detection of errors/malfunctions
- Prevention of misuse of the website
Categories of data:
- Meta and communication data (e.g., IP address, date and time of access, HTTP request type, referrer URL, browser used, and operating system of the accessing device)
Purpose of processing:
- Prevention and detection of errors/malfunctions
- Detection of misuse of the website
Legal basis:
- Legitimate interests pursuant to Article 6(1)(f) GDPR; overriding interests pursuant to Article 31(1) DSG
Legitimate interests:
- Fraud prevention and detection of website misuse
Necessary Cookies (Functionality, Opt-Out Links, etc.)
To enable the basic functionality of our website and provide the requested service, we use cookies. Cookies are a standard internet technology for storing and retrieving information about users of a website. Cookies represent information and/or data that can be stored on the user’s device. Using traditional cookie technology, the user’s browser is instructed to save specific information when visiting a particular website.
Necessary cookies are used to provide telemedia services explicitly requested by the user, such as:
- Cookies for error analysis and security purposes
- Cookies for storing logins
- Cookies for storing data in online forms that span multiple pages
- Cookies for storing (language) settings
- Cookies for storing items added to the shopping basket to complete purchases
- Cookies for storing consent or withdrawal (opt-in, opt-out)
Some cookies (known as session cookies) are deleted after the browser session ends, i.e., when the browser is closed.
Cookies can also be deleted by users retrospectively to remove data stored by the website on their computer.
Opt-Out Links:
- Firefox
- Google Chrome
- Microsoft Edge
- Opera
- Safari
Legal basis:
Legitimate interests (Article 6(1)(f) GDPR, Article 31(1) DSG); consent (Article 6(1)(a) GDPR, Article 31(1) DSG)
Legitimate interests:
- Storing opt-in preferences
- Ensuring website functionality
- Maintaining user status across the website
Storage and Processing of Non-Essential Data
Beyond the necessary scope, the processing of users‘ data using cookies, similar technologies, or application-specific technologies may occur, e.g., for tracking or personalised advertising purposes. Data may also be transferred to third-party providers. The storage and further processing of user data that is not essential for providing the telemedia service are carried out based on consent within the meaning of Article 6(1)(a) GDPR and Article 31(1) DSG.
Consent Management Platforms (CMP)
We use a consent management platform on our website to document and manage user consent in compliance with legal data protection requirements. The platform helps us recognise all cookies and tracking technologies and manage them according to users‘ consent status. Website visitors can also manage or withdraw their consents via the embedded consent management service at any time.
The consent status is stored server-side and/or in a cookie (known as an opt-in cookie) or a similar technology to associate the consent with a user or device. The time of consent declaration is also recorded.
Categories of data:
- Consent data (e.g., consent ID and number, time of consent, opt-in or opt-out)
- Meta and communication data (e.g., device information, IP addresses)
Purpose of processing:
- Fulfilment of accountability obligations
- Consent management
Legal basis:
- Legal obligation (Article 6(1)(c) GDPR in conjunction with Article 7 GDPR)
Cookiebot
To manage the use of cookies and similar technologies (tracking pixels, web beacons, etc.) and their consents, we use the consent tool „Real Cookie Banner.“ Details about how „Real Cookie Banner“ operates can be found here.
Legal basis:
- Article 6(1)(c) GDPR and Article 6(1)(f) GDPR
Legitimate interests:
- Managing cookies and similar technologies
- Managing related consents
Recipient:
- devowl.io GmbH, Tannet 12, 94539 Grafling, Germany
Third-country transfer:
- None, as data processing occurs exclusively within the EU
Privacy Policy: https://devowl.io/en/privacy-policy/
Content Management System (with Data Transfer)
Our website uses a content management system (CMS) for editing, organising, and displaying digital content. The CMS operates on the provider’s servers via a web-based application.
The CMS enables the creation, editing, and management of website content and equips the site with necessary features (e.g., forms, blogs, images, and other digital content). It also improves the website’s visibility on search engine results pages (SERP).
An integrated firewall ensures protection against external attacks, preventing website misuse. Security plugins within the CMS store, log, and transfer usage data to third-party providers for error analysis and vulnerability detection. Regular updates and patches are applied to ensure the security of the CMS and the website.
Categories of data:
- Usage data (e.g., visited pages, access times)
- Meta and communication data (e.g., device information, anonymised IP address)
- Interaction data (e.g., interest in content)
Purpose of processing:
- Creation, editing, and management of website content
- Storage and archiving of data
- Creation of landing pages
- Statistics and reach measurement
Legal basis:
- Consent (Article 6(1)(a) GDPR, Article 31(1) DSG)
Elementor Ltd.
Recipient: Elementor Ltd., Tuval St 40, Ramat Gan, Israel
Data Transfer to Third Countries: Based on the adequacy decision of the Swiss Federal Data Protection and Information Commissioner (FDPIC) for Israel (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://elementor.com/about/privacy/
WordPress
Recipient: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA
Data Transfer to Third Countries: Based on standard contractual clauses, including additional safeguards and a risk analysis for third-country transfers (https://wordpress.com/support/data-processing-agreements/)
Privacy Policy: https://automattic.com/de/privacy/
Directus Cloud
Recipient: MONOSPACE INC. /DBA/ Directus, 223 Bedford Ave STE A #855, Brooklyn, NY 11211, USA
Data Transfer to Third Countries: Based on standard contractual clauses, including additional safeguards and a risk analysis for third-country transfers
Privacy Policy: https://directus.io/privacy
Hosting (including Content Delivery Network)
Our website is hosted by an external service provider. Data from visitors to our website, particularly log files, is stored on the servers of our service provider. By using a specialised service provider, we can ensure efficient delivery of our website. The data processed by the hosting provider is not used for its own purposes.
We also utilise a Content Delivery Network (CDN) to deliver website content faster. For example, when visitors access images, scripts, or other content, these are optimally and swiftly provided via regionally and internationally distributed servers. When accessing these files, a connection is established with the CDN provider’s servers, which involves the processing of visitor data, such as IP addresses and browser information.
Categories of Data:
User data (e.g. visited pages, content interests, access times), meta and communication data (e.g. device information, IP addresses)
Purposes of Processing:
Proper display and optimisation of the website, faster and location-independent website accessibility
Legal Basis:
Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG); legitimate interests (Art. 6(1)(f) GDPR; Art. 31(1) DSG)
Legitimate Interests:
Avoiding downtime, high scalability, reducing bounce rates on the website
Bootstrap CDN
Recipient: ProspectOne, Królewska 65A, 30-081 Kraków, Poland
Legal Basis: Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG)
Data Transfer to Third Countries: Based on the adequacy decision of the Swiss FDPIC for Poland (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
Vercel Inc.
Recipient: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA
Legal Basis: Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG)
Data Transfer to Third Countries: Based on standard contractual clauses, including additional safeguards and a risk analysis for third-country transfers
Privacy Policy: https://vercel.com/legal/privacy-policy
Hetzner
Recipient: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Data Transfer to Third Countries: Based on the adequacy decision of the Swiss FDPIC for Germany (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://www.hetzner.com/de/legal/privacy-policy/
Website Support and Consultation, Web Agency
We have commissioned a web agency for the support and consultation of services and applications on our website. This agency assists us with all tasks related to the design and functionality of our website. In this context, the selected agency receives access credentials to our website to make necessary adjustments and changes, such as form designs or other programming tasks.
The processing of personal data, such as form data or protocol data from website visitors, cannot be excluded. Therefore, the agency acts as a data processor on our behalf and processes data solely on our instructions. Data processing for other purposes does not occur.
Categories of Data:
Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email addresses), content data (e.g. text entries)
Purposes of Processing:
Support with web analysis and optimisation, analysis of user behaviour on the website (website interaction) for optimisation and reach measurement, monitoring website performance
Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR; Art. 31(1) DSG)
Legitimate Interests:
Support and assistance in website management by leveraging high-level expertise, efficiency through outsourcing
W3
Recipient: W3 digital brands GmbH, Theodor-Heuss-Str. 1, 78467 Konstanz, Germany
Third-country transfer: An adequacy decision by the Swiss Federal Data Protection and Information Commissioner (FDPIC) is in place for Germany. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy policy: https://w3-digitalbrands.com/datenschutz
Web Analysis and Optimisation
We use methods on our website to analyse user behaviour and measure reach. This involves collecting information about visitors‘ behaviour, interests, or demographic data to determine whether and where our website requires optimisation or adaptation (e.g., forms on the website, improved placement of buttons or call-to-action elements).
Additionally, we may measure the click and scroll behaviour of website visitors. This helps us identify when our website, its functions, or its content is most frequently accessed.
The collection of this data is enabled by specific technologies (e.g., cookies) used during client-side tracking, which are placed on users‘ devices when they visit our website.
We take measures to protect the identity of our website visitors. The purposes described do not involve processing the clear data of website visitors.
Data Categories:
- Usage data (e.g., visited websites, interest in content, access times)
- Demographic data (age, gender)
- Meta and communication data (e.g., device information, anonymised IP addresses, location data)
- Contact data (e.g., email address)
- Content data (e.g., textual input)
Purposes of processing:
Assessing the achievement of objectives (success monitoring) of all online activities.
Analysing website usage behaviour (website interaction) for optimisation and reach measurement.
Monitoring website capacity, lead evaluation, revenue growth, and budget control.
Legal basis:
Consent (Art. 6 Para. 1 lit. a GDPR; Art. 31 Para. 1 FADP).
Google Tag Manager
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR; Art. 31 Para. 1 FADP).
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for the transfer (https://policies.google.com/privacy/frameworks?hl=de).
Privacy policy: https://policies.google.com/privacy?hl=en-US
Google Analytics
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR; Art. 31 Para. 1 FADP).
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for the transfer (https://policies.google.com/privacy/frameworks?hl=de).
Privacy policy: https://policies.google.com/privacy?hl=en-US
Google Universal Analytics (activated)
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR; Art. 31 Para. 1 FADP).
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for the transfer (https://policies.google.com/privacy/frameworks?hl=de).
Privacy policy: https://policies.google.com/privacy?hl=en-US
Google Optimize
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR; Art. 31 Para. 1 FADP).
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for the transfer (https://policies.google.com/privacy/frameworks?hl=de).
Privacy policy: https://policies.google.com/privacy?hl=en-US
Hotjar
Recipient: Hotjar Ltd., Level 2, St. Julian’s Business Centre, 3 Elia Zammit Street, St. Julian’s STJ 1000, Malta
Third-country transfer: An adequacy decision by the FDPIC is in place for Malta (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf).
Privacy policy: https://www.hotjar.com/legal/policies/privacy
Online Marketing
Search Engine Marketing (Advertising on Search Engines)
We employ methods for search engine marketing. This includes measures to improve the visibility of our website in organic or non-organic search results, increase our reach, and boost website traffic. Search engine marketing also allows us to generate new leads.
Search engine advertisements may appear on various external platforms or websites as text, display, or video ads.
Using our tracking tool, we first create a campaign for search engine advertising, defining various dimensions to be captured by the chosen search engine provider, such as users‘ locations, device information, and target groups (demographic characteristics). This allows us to gain further insights into interests in our content/products and potentially identify trends.
Keyword Advertising
Our advertisements are also linked to specific keywords we define in advance. These ads appear to users making queries containing these keywords, which are associated with our products or services.
This process is implemented using cookies or similar technologies. When a visitor accesses our website or searches for a particular keyword on the search engine (e.g., Google), a cookie or similar technology is placed on their device. These data, such as user location and device information, are transmitted to the search engine provider’s server, aggregated, and presented to us in a statistical dashboard format.
The statistics inform us about how often and at what cost our advertisements were clicked. Since each click generates costs for us, these are tracked via our tool for budget control. Individual users cannot be identified from this information.
Conversion Tracking (Measuring the Success of Our Ads)
We can assess the success of our advertisements using aggregated data provided by the search engine provider (so-called conversion tracking). This helps us determine whether a marketing action led to an event (e.g., PDF download or video play) or a conversion (e.g., product purchase or website registration). The evaluation, provided in a statistical format via our tracking tool, helps us analyse our online activities and improve the customer journey.
Note:
Visitors‘ data (e.g., name and email address) can be linked to their account with the search engine provider if logged in. If such linking is not desired, visitors should log out of the search engine provider’s account before visiting our website.
Categories of data:
User and interaction data (e.g., visited websites, interest in content, access times), meta and communication data (e.g., device information, anonymised IP addresses), location data, where applicable.
Purposes of processing:
Revenue and reach growth, conversion tracking, audience creation, and trend identification for developing marketing strategies.
Legal basis:
Consent (Art. 6 Para. 1 lit. a GDPR, Art. 31 Para. 1 FADP).
LinkedIn Ads (LinkedIn Insight Tag)
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for the transfer (https://www.linkedin.com/legal/l/customer-sccs).
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Google Ads
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Google Ad Manager
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Social Media Profiles
We maintain corporate profiles on social media networks and career platforms to enhance visibility among potential clients and prospects, as well as to raise public awareness of our business.
Social media platforms help us expand our reach and actively promote interaction and communication with users. This activity plays a significant role in attracting new customers and employees. Via these platforms and our website, we share relevant information about our company, publish event updates, communicate urgent news, and advertise job openings. Furthermore, social media allows us to engage with users quickly and effortlessly.
Social media platform operators create user profiles based on behaviour, such as expressed interests (likes, shares). These profiles are used to tailor advertisements to specific target groups. When users engage on social media channels, cookies or other technologies are often stored on their devices, even if they are not registered users of the platform.
Insights (Statistics)
Data processed by social media platform operators is provided to us in anonymised statistical form, meaning it no longer contains personal user data. These statistics help us, for example, determine how often and when our social media profile is visited. Currently, page administrators cannot deactivate this functionality. Consequently, we have no influence over how much data is processed by social media platforms.
Social Media Messengers
In connection with social media use, we may utilise corresponding messenger services for straightforward communication with users. The security of specific services depends on user account settings. Even with end-to-end encryption, platform operators may infer that and when users communicate with us, and they may also collect location data.
Depending on where the social network operates, user data may be processed outside the European Union or the European Economic Area. This may pose risks to users as enforcing their rights can become more difficult.
Data categories:
- Usernames (e.g., first and last name)
- Contact information (e.g., email addresses)
- Content data (e.g., text, images, videos)
- Usage and interaction data (e.g., visited websites, interests, likes, shares, access times)
- Meta and communication data (e.g., device details, IP address, location data)
Processing purposes:
- Increasing reach
- Enhancing visibility
- Rapid networking
Legal bases:
- Legitimate interests (Art. 6(1)(f) GDPR, Art. 31(1) DSG)
- Consent (Art. 6(1)(a) GDPR, Art. 31(1) DSG)
Legitimate interests:
- Interaction and communication on social media
- Increasing profit
- Gaining insights into target audiences
- Attracting new employees
Individual Social Media Platforms
Instagram
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Opt-out link: https://www.instagram.com/accounts/privacy_and_security/
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis.
Privacy Policy: https://help.instagram.com/519522125107875
Facebook
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Opt-out link: https://www.facebook.com/policies/cookies/
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis.
Privacy Policy: https://www.facebook.com/privacy/explanation
LinkedIn
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis (https://www.linkedin.com/legal/l/customer-sccs)
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Kununu
Recipient: NEW WORK AUSTRIA XING kununu onlyfly GmbH, Schottenring 2-6, 1010 Vienna, Austria
Third-country data transfer: Adequacy decision from the FDPIC for Austria (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://privacy.xing.com/en/privacy-policy
YouTube
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-country data transfer: Based on Standard Contractual Clauses, including additional measures and risk analysis (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en
Xing
Recipient: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Third-country data transfer: Adequacy decision from the FDPIC for Germany (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://privacy.xing.com/en/privacy-policy
Social Media Marketing
Through our social media channels, we promote our products and services. Our goal is to reach a broad audience that cannot be targeted effectively through traditional offline channels (e.g., flyers). Social media advertisements appear in the form of text, display, or video ads on users’ feeds.
Targeting
Within the scope of our social media channels, we use targeting methods to track certain user activities (interactions) and ensure that our advertisements are delivered to specific target audiences. To achieve this, we employ the procedures and technologies of various social media providers. A common technology used is the so-called pixel.
This pixel is embedded in the source code of our website. It ensures that users‘ navigation is recorded. When users interact with our website or our social media ads, the pixel captures the individuals and the actions they perform (e.g., clicks on ads, page exits) and stores which pages and subpages were accessed.
Products and services that have been viewed but not purchased are analyzed using the implemented technologies. This helps display real-time, behavior-based advertisements to potential customers across various social media platforms.
Conversion Measurement (Measuring the Success of Our Advertisements)
We determine the success of our advertisements using aggregated data made available to us by the social media provider (so-called conversion measurement). This allows us to understand whether a marketing activity has led to an event (e.g., PDF download or video playback) or a conversion (e.g., product purchase or website registration). The evaluation is provided to us in the form of a statistic through our tracking tool and serves to analyze the success of our online activities (performance control). It helps us derive measures to improve the so-called customer journey.
Data Categories:
Usage and interaction data (e.g., visited websites, interests, access times), meta and communication data (e.g., device information, IP address, possibly location data)
Processing Purposes:
Expanding reach, reach analysis, statistical evaluations, increasing sales
Legal Bases:
Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)
Plugins and Integrated Third-Party Content
Our website includes functions and elements provided by third parties. These may include videos, displays, buttons, map services (Maps), or posts (hereinafter referred to as content). When these third-party contents are accessed by website visitors (e.g., click, play, etc.), information and data are collected and linked to the visitor’s device using cookies or other technologies (e.g., pixels, JavaScript commands, or WebAssembly). The third-party provider thereby receives usage and interaction data from the website visitor and provides us with this information in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics but no clear data about users.
Without this processing, loading and displaying these third-party contents would not be possible.
To protect the personal data of website visitors, we have implemented safeguards to prevent the automatic transfer of such data to the third-party provider. Data is only transmitted when users actively use the buttons and click on the third-party content.
Data Categories:
Usage data (e.g., visited websites, interests, access times), meta and communication data (e.g., device information, anonymized IP address)
Processing Purposes:
Sharing posts and content, interest- and behavior-based marketing, statistical evaluations, cross-device tracking, increasing the reach of social media ads
Legal Bases:
Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)
Facebook Social Plugins
Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers
Privacy Policy: https://www.facebook.com/privacy/explanation
Google Fonts
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Google Maps
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
YouTube
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Google ReCaptcha
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://policies.google.com/privacy/frameworks?hl=en)
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Music and Podcasts (with Data Transfer)
We offer the option to listen to or download audio content on our website. For this purpose, we use service providers that enable us to provide this content to website visitors.
When these third-party contents are accessed by website visitors (e.g., click, play, etc.), information and data are collected and linked to the visitor’s device using cookies or other technologies (e.g., pixels, JavaScript commands, or WebAssembly). The third-party provider thereby receives usage and interaction data from the website visitor and provides us with this information in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics but no clear data about users.
Without this processing, loading and displaying these third-party contents would not be possible.
These third-party plugins have been integrated into our CMS. The CMS provider also receives information about the data collected here.
To protect the personal data of website visitors, we have implemented safeguards to prevent the automatic transfer of such data to the third-party provider. Data is only transmitted when users actively use the buttons and click on the third-party content.
Data Categories:
Usage data (e.g., visited websites, interests, access times), meta and communication data (e.g., device information, IP addresses)
Processing Purposes:
Marketing, increasing brand awareness, expanding target audience
Legal Bases:
Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)
Spotify
Recipient: Spotify AB, Regeringsgatan 19, Stockholm 111 53, Sweden
Third-Country Transfer: An adequacy decision by the FDPIC for Sweden is in place (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/
Vimeo
Recipient: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://www.vimeo.axdraft.com/)
Privacy Policy: https://vimeo.com/privacy
Survey Services (with Data Transfer)
From time to time, we conduct surveys and polls on our website (hereinafter referred to as “surveys”). These help us improve our offerings and better meet the needs of our customers. It is not necessary for us to identify the feedback of specific individuals. Before evaluating the user survey, the data we process for providing and technically executing our surveys is anonymized. Participation in the survey is voluntary.
Data Categories:
- Meta and communication data (e.g., device information, IP address)
- Usage data (e.g., interests, access times)
- Master data (e.g., name, address)
- Contact data (e.g., email address, phone number)
Processing Purposes:
Marketing, customer retention and acquisition, improving and optimizing offerings
Legal Basis:
Consent (Art. 6 para. 1 lit. a) GDPR, Art. 31 para. 1 DSG)
SurveyMonkey
Recipient: SurveyMonkey Inc., One Curiosity Way, San Mateo, CA 94403, USA
Third-Country Transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (https://www.surveymonkey.com/mp/legal/transfer/)
Privacy Policy: https://www.surveymonkey.com/mp/legal/privacy-policy/
Newsletter and Broad Communication (with Tracking)
On our website, users have the option to subscribe to our newsletter or notifications via various channels (hereinafter referred to as the newsletter). We send newsletters in compliance with legal requirements only to recipients who have consented to receive them. For sending our newsletters, we use a selected service provider.
To subscribe to our newsletter, providing an email address is required. Additionally, we may collect further information, such as a name, to personalize our newsletters.
Our newsletter is only sent after successfully completing the double opt-in process. If website visitors opt to subscribe, they will receive a confirmation email to prevent misuse of incorrect email addresses and to ensure that accidental clicks do not trigger the newsletter subscription. Subscriptions to our newsletter can be canceled at any time. An unsubscribe link (opt-out link) is included at the end of every newsletter.
We are also required to prove that our subscribers genuinely opted to receive the newsletter. To this end, we collect and store the IP address as well as the date and time of subscription and cancellation.
Newsletter Tracking
Our newsletters are designed to provide insights into improvements, target audiences, or the reading behavior of our subscribers. This is facilitated by a web beacon or tracking pixel that monitors interactions with the newsletter, such as whether links were clicked, the newsletter was opened, or when it was read. For technical reasons, we may associate this information with individual subscribers.
Data Categories:
- Personal details (e.g., name, address)
- Contact information (e.g., email address, phone number)
- Metadata and communication data (e.g., device information, IP address)
- Usage data (e.g., interests, access times)
Purposes of Processing:
Marketing, customer retention, acquiring new customers, and analyzing campaign success.
Legal Basis:
Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG).
Service Providers for Newsletter Delivery:
Eventkingdom
Recipient: EventKingdom GmbH, Landsberger Str. 302, 80687 Munich, Germany
Transfer to Third Countries: No transfer to third countries, as processing occurs within the EU.
Privacy Policy: Eventkingdom Privacy Policy.
CleverReach
Recipient: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.
Third-country transfer: Adequacy decision by the FDPIC for Germany. (Link to PDF)
Privacy policy: CleverReach Privacy Policy.
Mailchimp
Recipient: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers. (Mailchimp DPA)
Privacy policy: Mailchimp Privacy Policy.
Rapidmail
Recipient: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany.
Third-country transfer: Adequacy decision by the FDPIC for Germany. (Link to PDF)
Privacy policy: Rapidmail Privacy Policy.
Microsoft Dynamics 365
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (Microsoft Compliance).
Privacy policy: Microsoft Privacy Statement.
Promotional Communication
We use data provided to us, such as during an order or service request, for promotional purposes. This includes informing users via various channels about updates or our service portfolio. Promotional communication is carried out in accordance with legal regulations and – where required – with prior consent. If recipients no longer wish to receive such communication, they can notify us at any time to revoke or object. This can also be done via the unsubscribe button in our emails. Promotional messages are only sent to those who have not previously objected to receiving them.
We use a service provider for sending promotional messages. This provider operates solely on our instructions and does not process data for any purposes other than delivering the messages.
Data Categories:
Personal details (e.g., name, address)
Contact information (e.g., email address, possibly phone number)
Purposes of Processing:
Direct marketing.
Legal Basis:
Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG) and legitimate interests (Art. 6(1)(f) GDPR; Art. 31(1) DSG).
Legitimate Interests:
Maintaining existing relationships, acquiring new contacts or partners, and informing about similar goods and services.
WhatsApp Broadcasts
Recipient: WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Third-country transfer: Based on standard contractual clauses, including additional measures and risk analysis for third-country transfers (WhatsApp Data Transfer Addendum).
Privacy policy: WhatsApp Privacy Policy.
Competitions and Contests
We use our online platforms to conduct competitions and/or contests. For these events, we process the necessary data of participants, including information required to notify winners and distribute prizes.
Depending on the type of event, participants‘ entries or related information may also be published, such as during event coverage or when voting on submissions is part of the contest. In such cases, the participant’s name may also be disclosed. The specific data processed depends on the event and the information provided by the participant.
Competitions conducted on our social media platforms are also subject to the terms and privacy policies of the respective networks.
Data Categories:
- Personal details (e.g., name, address)
- Contact information (e.g., email address, phone number)
- Content data (e.g., text entries, photos, videos)
Purposes of Processing:
Running the competition, distributing prizes, and announcing winners in various media.
Legal Basis:
Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG).
Events and Occasions
Visitors to our website have the option to register for events and occasions. Information required for the initiation and fulfilment of the contract is marked as mandatory. Providing additional data is voluntary.
Categories of Data:
- Master data (e.g. name, address)
- Contact details (e.g. email address, phone number)
- Transactional data (e.g. bank details, invoices, payment history)
- Meta and communication data (e.g. device information, IP addresses)
Purposes of Processing:
Contract initiation and fulfilment.
Legal Bases:
Contract initiation and fulfilment (Article 6(1)(b) GDPR; Article 31(2)(a) FADP), consent (Article 6(1)(a) GDPR; Article 31(1) FADP).
Shopware
Recipient: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany.
Third-country Transfer: An adequacy decision from the FDPIC for Germany exists. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://www.shopware.com/de/datenschutz/
eCommerce and Payment Processing
Online Shop and Orders
We offer customers the option to use our online shop via our website to purchase products. We collect the necessary data from users or buyers for contract initiation and fulfilment.
When users visit our online shop and place items in their basket, cookies are stored on their device to ensure that items remain in the basket until the checkout process is completed. No data transfer to third parties occurs via these cookies. Additionally, no third-party elements are embedded into the shopping cart feature.
Upon completing an order, users receive an automatically generated email confirming the successful transaction. Customers may also be informed separately via email about the status of their order (e.g. estimated delivery date).
Categories of Data:
- Master data (e.g. name, address, country)
- Contact details (e.g. email address)
- Contract data (e.g. order history, payment data and methods)
- Meta and communication data (e.g. device information, IP addresses)
- Usage data (e.g. visited websites, interest in products/services, access times)
- Returns data (e.g. item details, processing requests)
Purposes of Processing:
Contract initiation and fulfilment, interest-based advertising, account-related discounts, direct marketing.
Legal Bases:
Contract initiation and fulfilment (Article 6(1)(b) GDPR; Article 31(2)(a) FADP), legitimate interests (Article 6(1)(f) GDPR; Article 31(1) FADP).
Legitimate Interests:
Increasing sales, enabling location- and time-independent product purchases in the online shop aligns with potential user interests.
WooCommerce
Recipient: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
Third-country Transfer: Based on Standard Contractual Clauses with additional measures, including a risk assessment for the transfer. (https://wordpress.com/support/data-processing-agreements/)
Privacy Policy: https://automattic.com/de/privacy/
Payment Providers
To facilitate payments or funding, we use various payment providers in addition to banks and financial institutions. Payments to us can also be made conveniently via payment service providers. These providers process the necessary data for the transaction.
When using a payment service provider, we do not receive the details submitted by users. Instead, we are only informed of the confirmation or rejection of payment.
Categories of Data:
- Master data (e.g. name, address)
- Transaction data (e.g. bank details, invoices, payment history)
- Contract data (e.g. contract subject, duration)
- Meta and communication data (e.g. device information, IP address)
- Contact details (e.g. email address, phone number)
Purposes of Processing:
Simplified order and payment processing, outsourcing, data minimisation.
Legal Bases:
Legitimate interests (Article 6(1)(f) GDPR; Article 31(1) FADP).
Legitimate Interests:
Streamlining workflows, efficient fulfilment of services.
PayPal
Recipient: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
Third-country Transfer: An adequacy decision from the FDPIC for Luxembourg exists. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Privacy Policy: https://www.payone.com/DE-de/datenschutz
Internal Area and Digital Services
Single Sign-On (SSO) Procedure
To simplify the login process, we use Single Sign-On (SSO) procedures. This allows users to log in to our website using the credentials of an SSO provider, such as a social network, without needing to maintain additional login details.
When selecting an SSO provider, users are redirected to the provider’s website to enter their login credentials. Once validated, a token or certificate is sent to the user’s browser and forwarded to our website, enabling successful authentication.
We typically receive the user’s email address and username during this process, but passwords remain unseen and are not stored by us. The data we receive depends on the SSO provider, the procedure used, and the account settings chosen by the user.
Categories of Data:
User data (e.g. email address, username, authentication confirmation), meta and communication data (e.g. login date and time), and public profile details if explicitly consented to (e.g. name, address).
Purposes of Processing:
Simplified registration on our website.
Legal Bases:
Consent (Article 6(1)(a) GDPR; Article 31(1) FADP).
Auth0, Inc.
Recipient: Okta, Inc., 100 First Street, Floor 6, San Francisco, CA 94105, USA.
Third-country Transfer: Based on Standard Contractual Clauses with additional measures, including a risk assessment for the transfer. (https://www.okta.com/trustandcompliance/)
Privacy Policy: https://www.okta.com/privacy-policy/
Contact Requests
Our website offers visitors the option to contact us directly or access various contact methods. We use a management tool/CRM system to track and process such requests.
The data processed depends on the nature of the contact and is handled to the extent necessary to respond to or process the request.
Categories of Data:
- Master data (e.g. name, address)
- Contact details (e.g. email address, phone number)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. interests, access times)
- Meta and communication data (e.g. device information, IP address)
Purposes of Processing:
Responding to inquiries.
Legal Bases:
Consent (Article 6(1)(a) GDPR; Article 31(1) FADP), contract fulfilment or initiation (Article 6(1)(b) GDPR; Article 31(2)(a) FADP).
Microsoft Dynamics 365
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third-country transfer: Based on the Standard Contractual Clauses, including additional measures and risk analysis for third-country transfer https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses
Privacy Statement: https://privacy.microsoft.com/en-gb/privacystatement
Downloads (Whitepapers, Product Information)
We provide the option to download content from our website to supply our visitors with current or relevant information. Some visitors may download PDFs without our system recording this action. No tracking or statistical evaluation takes place.
The download occurs through a download link provided to our users via email.
Data Categories: Meta and communication data (e.g., device information, IP addresses), usage data (e.g., access time)
Purpose of Processing: Marketing, acquiring new customers, increasing revenue
Legal Basis: Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG)
Microsoft Dynamics 365
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third-country transfer: Based on the Standard Contractual Clauses, including additional measures and risk analysis for third-country transfer https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses
Privacy Statement: https://privacy.microsoft.com/en-gb/privacystatement
Online Meetings, Webinars, Online Events
We take advantage of the opportunity to hold online meetings and/or webinars as well as events or gatherings. For this, we use the services of other providers, whom we have carefully selected. When actively using such services, data from communication participants is processed and stored on the servers of the third-party providers, as long as they are required for the communication process. In selecting these providers, we ensure that communication via the selected services is end-to-end encrypted.
Data Categories: Master data (e.g., first name, surname), contact data (e.g., email address), content data (e.g., text inputs), meta and communication data (e.g., device information, IP addresses)
Purpose of Processing: Processing requests, increasing efficiency, promoting cross-company or cross-site collaboration
Legal Basis: Consent (Art. 6(1)(a) GDPR; Art. 31(1) DSG)
Microsoft Teams
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third-country transfer: Based on the Standard Contractual Clauses, including additional measures and risk analysis for third-country transfer https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses
Privacy Statement: https://privacy.microsoft.com/en-gb/privacystatement
Further Information on Data Processing
Data Transfer
We transfer personal data of website visitors for internal purposes (e.g., internal administration) within the corporate group. Internal data transfer or disclosure of data occurs to the necessary extent in compliance with applicable data protection regulations.
To fulfil contracts or legal obligations, it may be necessary to share personal data. If the required data is not provided to us, the contract with the individual may not be concluded.
If data is processed outside of Switzerland in so-called third countries (e.g., the USA), we ensure compliance with the requirements of Art. 44 ff. GDPR, Art. 16 DSG and take additional measures to ensure the highest possible protection for the personal data of affected individuals. The guarantee applicable to each third-country transfer will be named in our privacy statement under the respective recipients.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR, Art. 31(1) DSG)
Legitimate Interests: So-called small group privilege, centralised administration within the company to utilise synergy effects, cost savings, efficiency increase
Recipient: SDS Deutschland GmbH, Bücklestrasse 5a, 78467 Konstanz
Third-country transfer: An adequacy decision by the Federal Data Protection and Information Commissioner (EDÖB) for Germany is in place. (https://www.newsd.admin.ch/newsd/message/attachments/62783.pdf)
Order Processing
Engaged recipients may act as data processors on our behalf. We have entered into „Order Processing Agreements“ in accordance with Art. 28(3) GDPR, Art. 9 DSG. This means that data processors may only process your personal data in the manner we have explicitly instructed. Data processors take appropriate technical and organisational measures to process your data securely and in accordance with our instructions.
Storage Duration
We store the data of visitors for as long as necessary to provide our services or as required by laws or regulations we are subject to. In other cases, we delete personal data once the purpose has been fulfilled, except for data that we must retain to comply with legal obligations (e.g., we are required to retain documents such as contracts and invoices for a certain period due to tax and commercial law retention periods).
Automated Decision-Making (Including Profiling)
We refrain from automated decision-making or profiling in accordance with Art. 22 GDPR, Art. 21 DSG.
Rights of Data Subjects
Right to Access: Under Art. 15 GDPR, Art. 25 DSG, data subjects have the right to request confirmation on whether we are processing data about them. They can request information on this data as well as the further information listed in Art. 15(1) GDPR and a copy of their data.
Right to Rectification: Under Art. 16 GDPR, Art. 32(1) DSG, data subjects have the right to request the rectification or completion of their personal data processed by us.
Right to Erasure: Under Art. 17 GDPR, Art. 32 DSG, data subjects have the right to request the immediate deletion of their data. Alternatively, they can request the restriction of processing under Art. 18 GDPR, Art. 32 DSG.
Right to Data Portability: Under Art. 20 GDPR, Art. 28 DSG, data subjects have the right to request the provision of their data made available to us and to request its transmission to another data controller.
Right to Lodge a Complaint: Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them, as per Art. 77 GDPR, Art. 49 DSG.
Right to Object: If personal data is processed based on legitimate interests under Art. 6(1)(f) GDPR, Art. 31(1) DSG, data subjects have the right to object to the processing of their personal data where there are reasons related to their particular situation or if the objection is directed against direct marketing. In the latter case, data subjects have an absolute right to object, which will be implemented by us without the need for a specific situation to be stated.
Withdrawal
Certain data processing activities are only possible with the explicit consent of the data subjects. You have the right to withdraw your consent at any time, without providing a reason. To do so, simply send an informal notification via email to: datenschutz@swissdentalsolutions.com. Consent for data processing activities on our website can be directly adjusted and withdrawn in our Consent Manager.
The lawfulness of the data processing carried out before the withdrawal remains unaffected by the withdrawal.
External Links
Our website contains links to the online offerings of other providers. Please note that we have no influence on the content of the linked websites or on whether their providers comply with data protection regulations.
Changes
We reserve the right to adjust our privacy notices on our website at any time, in line with any changes and in accordance with the applicable data protection regulations, to ensure compliance with data protection laws.
This privacy statement was created by:
SDS Swiss Dental Solutions AG
Konstanzerstrasse 11
8280 Kreuzlingen
Tel.: +41 71 556 3670
Email: datenschutz@swissdentalsolutions.com