We are subject to Swiss data protection law and possibly applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
Responsibility for the processing of personal data:
CANNAPHARM AG, Burgergasse 50, 3400 Burgdorf
We point out if there are other responsible parties for the processing of personal data in individual cases.
Personal data are all details relating to a specific or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes every handling of personal data, regardless of the means and methods used, for example, querying, matching, adjusting, archiving, storing, reading, disclosing, procuring, recording, collecting, deleting, revealing, sorting, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
We process personal data in accordance with Swiss data protection law, in particular, the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process – provided and as far as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:
We process those personal data that are required in order to carry out our activities and tasks continuously, user-friendly, safely, and reliably. Such personal data can particularly fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration that is necessary for the respective purpose or purposes or as required by law. Personal data that is no longer necessary for processing is anonymized or deleted.
We may have personal data processed by third parties. We may process personal data together with third parties or transfer it to third parties. Such third parties are primarily specialized providers whose services we use. We also ensure data protection with such third parties.
We only process personal data in principle with the consent of the persons concerned. If and insofar as processing is permitted for other legal reasons, we may waive the need to obtain consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.
In this context, we particularly process information that an affected person voluntarily transmits to us when making contact - for example, by mail, email, instant messaging, contact form, social media, or telephone. We may store such information, for example, in an address book or with similar tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these people and to ensure the accuracy of this personal data.
We also process personal data that we obtain from third parties, obtain from publicly accessible sources, or collect in the course of our activities and tasks, insofar as and insofar as such processing is permitted for legal reasons.
We process personal data in principle in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, in particular, to process or have it processed there.
We can export personal data to all states and territories on Earth as well as elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and - insofar as the General Data Protection Regulation (GDPR) applies - according to the decision of the European Commission, ensures adequate data protection.
We can transfer personal data to countries whose law does not ensure adequate data protection if data protection is guaranteed for other reasons, in particular, based on standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the explicit consent of the persons concerned or a direct connection with the conclusion or execution of a contract. Upon request, we are happy to provide affected persons with information about any guarantees or provide a copy of any guarantees.
We grant all claims to affected individuals according to applicable data protection law. In particular, affected individuals have the following rights:
We can postpone, limit, or deny the exercise of the rights of affected individuals within the legally permissible framework. We can inform affected individuals about any conditions that may need to be met to exercise their data protection claims. For example, we can refuse information, citing trade secrets or the protection of other individuals. We can also refuse the deletion of personal data, citing legal storage obligations.
We may, in exceptional cases, charge for the exercise of rights. We inform affected individuals in advance about any potential costs.
We are obliged to identify affected individuals who request information or assert other rights using appropriate measures. Affected individuals are obliged to cooperate.
Affected individuals have the right to enforce their data protection claims through legal action or to file a complaint with a competent data protection supervisory authority.
The supervisory authority for private responsible parties and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected individuals have – if and to the extent that the General Data Protection Regulation (GDPR) applies – the right to lodge a complaint with a competent European data protection supervisory authority.
We take appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is subject – as is essentially any digital communication – to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence agencies, police stations, and other security authorities.
Cookies can be temporarily stored in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow a browser to be recognized on the next visit to our website and, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing.
For every access to our website, we can record the following information if it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website including the amount of data transferred, the last webpage accessed in the same browser window (referer or referrer).
We store such information, which can also represent personal data, in server log files. This information is necessary to provide our website permanently, user-friendly, and reliably and to ensure data security and thereby especially protect personal data – also by third parties or with the help of third parties.
We may use counting pixels on our website. Counting pixels are also called web beacons. Counting pixels – also from third parties whose services we use – are small, usually invisible images that are automatically retrieved when visiting our website. Counting pixels can capture the same information as server log files.
We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
We use services from specialized third parties to be able to carry out our activities and operations permanently, user-friendly, securely and reliably. With such services, we can, among other things, embed functions and content into our website. For technical reasons, when such content is embedded, the used services temporarily capture at least the Internet Protocol (IP) addresses of the users.
For necessary security-relevant, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to offer the respective service.
We use in particular:
We use services from specialized third parties to utilize the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
We recommend muting the microphone by default during participation in audio or video conferences depending on the life situation and blurring the background or displaying a virtual background.
We use in particular:
We use services from third parties to embed selected fonts as well as icons, logos, and symbols into our website.
We use in particular:
We use extensions for our website to utilize additional functions.
We created this privacy statement with the We can adjust and supplement this privacy statement at any time. We will inform about such adjustments and supplements in a suitable form, in particular by publishing the current privacy statement on our website.