Privacy Policy for Business Partners

The detailed meaning of the icons is available at https://privacy-icons.ch/en/

Alloga Ltd. is a member of the Galenica Group. The “Galenica Group” refers to Galenica Ltd. and its member companies. An overview can be found here: Organisation of the Galenica Group.
The companies of the Galenica Group use data concerning you or other persons (so-called “third parties”). In the following, we use the term “data” synonymously with “personal data”. Personal data means any information relating to an identified or identifiable person.
In this Privacy Policy, we describe how we process personal data from suppliers, service providers, clients and other business partners or their employees and other auxiliaries, whenever such processing is not obvious and the applicable data protection law requires information. If you are connected to us as an employee or other auxiliary person of one or more business partners, you will find information about our data processing in this Privacy Policy. If you use our online services (e.g. websites), you will find information about our data processing in this regard in section 6. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, additional privacy policies, forms and notices.
If you provide us with data about other persons, for example, if you provide us with information about them on behalf of another person, please ensure that these persons are aware of this Privacy Policy. In addition, only share their data with us if you are permitted to do so and if the data is accurate.

Alloga Ltd., Buchmattstrasse 10, 3401 Burgdorf (“we” or “us”) is responsible for the data processing described here.
If you have any questions, please contact dataprotection@alloga.ch.

Depending on the occasion and purpose, we process different categories of personal data. The most important categories are listed below, but this list may not be exhaustive.
We process data of the persons with whom we are in contact, such as name, contact details, job details and communication details, as well as details of executives, etc., as part of the general information regarding companies we work with.
We generally obtain your personal data from you but may also obtain it from other persons who work for your company. In addition, we may obtain personal data from third parties, such as entities you work for, or from our contractual partners, associations and publicly available sources, such as public registers or the internet (websites, social media, etc.).

Master data refers to the basic data that we need for the purpose of processing our business relationships, as well as for marketing and advertising purposes, and that relates directly to you and your characteristics. For example, we process the following master data:

• title, name, sex;
• address, contact details such as e-mail address and telephone and mobile number;
• information on language preferences;
• relationships with the company you work for;
• subscription authorisations;
• signatory powers, proxies and declarations of consent.

Contract data is information that arises regarding the conclusion or performance of the contract, e.g. information about contracts and the services to be provided or rendered, as well as data from prior to the conclusion of a contract, information about the conclusion of the contract itself (e.g. the date of conclusion and the subject matter of the contract), as well as the information required or used for its execution. For example, we process the following contract data:

• date, application process, information on the type and duration of and terms of the contract in question, details regarding the termination of the contract;
• contact details and delivery addresses;
• information on the use and offers of services;
• information on the goods purchased;
• details of payments and payment terms, invoices, reciprocal claims, contacts with customer service, objections, defects, returns, details regarding customer satisfaction, complaints, feedback, etc;
• in the case of online services, we also process access data and logins.

We receive this data from you, as well as from partners we work with. Again, this data may relate to your company, in which case it does not constitute “personal data”, but it may also relate to you if you work for a company or if you yourself purchase services from us.

Communication data is data related to our communication with you or with third parties about you, e.g. when you contact us via the contact form or other means of communication. Examples of communication data are:

• name and contact details, e.g. postal address, e-mail address and telephone number;
• content of correspondence (e.g. e-mails, written correspondence, telephone conversations, chat messages, etc.);
• responses to customer and satisfaction surveys;
• information concerning the type, time and, where applicable, the location of the communication and other metadata relating to it.

If we record telephone conversations, we will notify you at the beginning of each call. If you do not agree to the recording and storage of the conversation, you also have the option of terminating the conversation or contacting us via other communication channels.

Technical data is collected in connection with the use of our website. These include, e.g., the following data:
IP address of the end device and device ID;

• information about your device, its operating system or language settings;
• information about your internet provider;
• content or logs accessed in which the use of our systems is recorded;
• the date and time of your access to the website and your approximate location;
• information on the content accessed and files in the user account.

We may also assign you or your end device an individual code (e.g. by means of a cookie). This code is stored for a certain period of time, often only for the duration of your visit. As a rule, we cannot infer who you are from technical data.

In order to tailor our offers and services to you in the best possible way, we try to get to know you or your company better. For this purpose, we collect and utilise data about your behaviour. Behavioural data includes but is not limited to information about your use of our website. Information concerning the use of our websites and other online services can also be found in Section 6. We may also process your other interactions with us as behavioural data, and we may combine behavioural data with other data (e.g. with anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis.

We may also collect information from you in other situations. Data (such as files, evidence, etc.) that may relate to you is collected in connection with official or court proceedings. We may also collect data for health protection reasons (e.g. as part of security plans). We may receive or make photos, videos and sound recordings in which you may be identifiable (e.g. at events, by means of security cameras, etc.). We may also collect data about who enters certain buildings and when, or who has such access rights (including for access control purposes, based on registration data or visitor lists, etc.), who participates in events or promotions (e.g. competitions) and when, or who uses our infrastructure and systems and when.

We primarily use your data in relation to your purchase of goods or services or in connection with our relationships with our business partners. In such cases, we process your data in order to prepare for the conclusion of the contract and to implement the corresponding contract. In addition, we may process your data for the purposes specified in detail below and for other purposes that we inform you of separately or are obvious:

• to provide, improve and further develop our offerings and services. For this purpose, we may process data including but not limited to master data, contract data and behavioural data;
• to process contracts, including shipping and payment processing, to manage receiva-bles and to process returns, complaints and warranty claims. For this purpose, we may process data including but not limited to master, contract and communication data. Further information can be found in our GTC;
• for credit checks when selecting payment methods (purchase on account). In particular, we may process your master data and contract data for this purpose;
• In particular, we may process master, contract and communication data for communi-cating with you and with third parties, e.g. when processing your enquiries via customer service;
• to submit offers and to cultivate relationships, e.g. when referring to customer events, to send targeted information such as advertising about our and third-party products and services, as well as to design our product range and the presentation of our goods. For this purpose, master and contract data as well as behavioural data may be processed;
• to verify and comply with legal obligations. For this purpose, we may collect and pro-cess data including but not limited to master data and behavioural data;
• to detect, investigate and prevent misuse, criminal offences and other misconduct (e.g. conducting internal investigations and performing data analyses to combat fraud). For this purpose, we may, in particular, process master, contract and communication data as well as your other data;
• to assert and defend against legal claims in connection with legal disputes and official proceedings. For this purpose, we may, in particular, process master, contract and communication data, as well as your other data;
• for video surveillance and as part of other measures to ensure our IT, building and facili-ty security, as well as to protect our employees and other persons (e.g. access controls, visitor lists, network and email scanners, telephone recordings). For this purpose, we may process data including but not limited to master data and behavioural data;
• to manage, guarantee and improve our operations, particularly our IT, websites and apps, as well as for accounting, archiving, training and other administrative purposes. For this purpose, we may process master, contract data and behavioural data, as well as other data;
• for other purposes, e.g. in the context of corporate transactions and related investiga-tions and transfers of personal data and to safeguard other legitimate interests. All the aforementioned categories of personal data may be relevant for this purpose.

The comments in this section 6 relate mainly to our websites.

Every time our websites are used, technical data is generated for technical reasons and is temporarily stored in log files (as log data) (see section 4.4 above). We use this data to enable our websites to be utilised to ensure system security and stability and to optimise our websites, as well as for statistical purposes.
Our websites also use cookies, i.e. files that your browser automatically stores on your device. This enables us to distinguish individual visitors from others, but usually without identifying them. Cookies may also contain information about pages visited and the duration of the visit. Certain cookies (“session cookies”) are deleted when the browser is closed. Others (“permanent cookies”) remain stored for a certain period of time (usually a few days to two years) so that we can recognise visitors when they visit us later and store, for instance, your user preferences, such as the language you choose and your login details. We may also use other technologies to recognise website visitors. For example, data such as the characteristics of the device you are using or the identification number of your mobile device are stored.
We may use visible and invisible image elements in our websites and marketing emails. By retrieving them from our servers, we can determine if and when you have opened the e-mail. You can block this feature in your e-mail program.
6.2. How do we and our service providers process data in connection with our websites?
Using cookies and other technologies helps us to understand how you use our websites. This enables us to improve our online services and also to display offers tailored to you.
You can set your browser to reject cookies, store them only for one session, or delete them prematurely, or you can uninstall the relevant app if these adjustments cannot be made through its settings. Most browsers are preset to accept cookies. You can find more information on this in your browser's help pages (usually under the heading “Privacy”). If you block cookies, certain features (such as language selection, shopping cart, ordering processes) may no longer work.
Cookies and other technologies may also originate from third-party companies that provide us with certain features. These third-party companies may be located outside Switzerland and the EEA. Cookies and similar technologies from third-party providers may enable them to approach you with personalised advertising on our websites or on other websites and in social networks that also collaborate with these third parties and to measure how effective advertisements are (e.g. whether you arrive at our websites via an advertisement and what actions you then take on our websites). The relevant third-party providers may record website usage for this purpose and combine their records with further information from other websites. In this way, they can record user behaviour across several websites and end devices in order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person. Such processing of your personal data is carried out on the provider's own responsibility in accordance with its own privacy policy.
On our websites, we use, for example, Matomo (formerly Piwik), an open source web analytics platform and service from InnoCraft Ltd (New Zealand), to analyse and statistically evaluate the use of the website. Matomo uses cookies to collect information about your behaviour on our websites and the end device used (tablet, PC, smartphone, etc.), e.g. information about your browser, the websites from which you accessed our websites, the name of your provider, your IP address, date and time of access to the websites, pages visited and length of stay and, if applicable, visits to other websites and apps.
6.3. How do we process data via social media?
If we maintain our own presence as part of a third-party online service, the relevant provider collects and processes personal data when you use its platform. If you use such a site, the relevant provider, as its own controller, collects usage information in accordance with its own privacy policy.
If we maintain our own presence as part of a third-party online service (e.g. a fanpage), you can communicate with us or comment on or share content there. In doing so, we collect information that we use primarily for communication with you, for marketing purposes and for statistical eval-uations. Please note that the provider of the platform also collects and uses data (e.g. on user behaviour) itself, where applicable together with other data known to it (e.g. for marketing pur-poses or to personalise the platform content). Where we are jointly responsible with the provider, we will conclude a corresponding agreement with such provider. You may obtain information about the content of this agreement from the provider.

If you provide us with your e-mail address, mobile phone number or postal address as part of a purchase or purchase of a service, an order, a registration or participation in a competition, we will include this as part of your contact details. We may use this information to send you infor-mation about products, services and events. This may take the form of contacts (e.g. electroni-cally, by post, by telephone). You can decline such contacts at any time.

We comply with the principle of proportionality when disclosing data. Our employees process your data as part of their work activities.
We may disclose your data to other companies within and outside the Galenica Group insofar as we use services from these companies. These include companies of the Galenica Group, but also external service providers (e.g. IT service providers, freight forwarders for the shipment of goods, printing companies for the printing of postal items, consultants and service providers in other areas). In certain cases, data may also be disclosed to third parties to process it on their own responsibility or on joint responsibility, e.g. to

• Swiss and foreign authorities, public offices or courts in the event of proceedings or a surrender request;
• acquirers or interested parties in acquiring business units, companies or other parts of the Galenica Group;
• other parties in potential or pending legal proceedings.

Contracts are concluded with recipients of your data in accordance with the requirements of data protection law.

The recipients of your data process it in Switzerland. Data processing may also take place in the wider European Economic Area, in the USA and potentially worldwide. This applies particularly to countries in which service providers are located (such as Microsoft). If we transfer data to a country that lacks adequate statutory data protection, we ensure an adequate level of protection by means of appropriate contracts (namely based on the Standard Contractual Clauses of the European Commission, which are available for download here) unless a statutory exception applies (e.g. for consent, for the performance of contracts, for the establishment, exercise or enforcement of legal claims, for the protection of overriding public interests, for published data or for the protection of the vital interests of the data subjects). You may obtain a copy of the above-mentioned contractual guarantees at any time from the points of contact named in section 3.

We process and store your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or for the other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Data may be retained for the period in which claims may be asserted against us and to the extent that we are legally obligated to retain it or legitimate business interests require it to be retained (e.g. for evidentiary and documentation purposes). As soon as your data is no longer required for the aforementioned purposes, it will be deleted or anonymised.

We take appropriate technical (e.g. encryption, pseudonymisation, logging, access restriction, data backup, etc.) and organisational (e.g. instructions to our employees, confidentiality agreements, audits, etc.) security measures to maintain the security of your data, to protect it against unauthorised or unlawful processing and to prevent the risk of loss, accidental alteration, unwanted disclosure or unauthorised access. This includes, for example, issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls.

We process your data partially automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice on products and services.

You have the right of access to, rectification and deletion of your data, provided that there are no overriding interests on our part or to legal or regulatory obligations to the contrary. You can object to data processing, revoke consent and request the surrender of certain data.
In general, exercising your rights requires that you clearly prove your identity (e.g., by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert your rights, you may contact us at the points of contact specified in Section 3.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

This Privacy Policy is not part of a contract. We may amend this Privacy Policy at any time. The version published on our website is the current version.

Version of 27.08.2024