Version dated September 1, 2023
Dascoli is, among other things, the operator of Stauffacher Apotheke. This statement is not exhaustive; specific matters may be regulated by other privacy policies, terms and conditions, or similar documents. Personal data refers to all information relating to a specific or identifiable person.
1. Data Controller
Responsible for the data processing described here is Dascoli. If you have privacy concerns, you can contact us as follows:
Dascoli Pharma AG
Phone: 044 422 66 88
2. Collection and Processing of Personal Data
We primarily process the personal data we directly receive from you, such as in connection with the purchase of goods in our local pharmacy, ordering goods by phone, fax, or online through our website or online shop, using a loyalty program, or communicating with us.
The personal data we process includes, but is not limited to:
Phone numbers (landline and/or mobile)
Social security numbers
Any other information listed or stored on the health insurance card
Health data (especially related to medication use or acquisition, prescription/receipt from doctors, and the provision of services)
3. Purposes of Data Processing and Legal Bases
We use the personal data we collect primarily to conclude and fulfill contracts with our customers and business partners. This includes providing our services as a pharmacy, such as selling, manufacturing, and trading pharmaceutical and other hygiene and health products, as well as related advisory services. We also process personal data for the purpose of providing further education activities (especially training and courses in the field of medical therapy) and for operating wholesale with pharmaceutical products. Additionally, we process personal data to comply with our legal obligations in Switzerland and abroad.
Furthermore, we process your personal data, as permitted and deemed appropriate by us, for the following purposes, in which we (and sometimes third parties) have a legitimate interest:
Contract processing, including shipping and payment processing, billing with health insurers, debt collection, and handling returns, complaints, and warranty cases
Credit checks when selecting payment methods (purchase on account)
Conducting loyalty programs
Communication with you and third parties, e.g., for inquiries to your treating physician
Advertising and marketing purposes (including events), provided you have not objected to the use of your personal data (if we send you advertising as an existing customer, you can object at any time; we will then add you to a blocking list against further advertising)
Sending reminders as health services, such as reminders for the expiration of a long-term prescription for prescription medications or the repetition of a vaccination
For anonymous statistics and evaluations based on personal data, including health data
Providing, managing, and personalizing our website
Detecting, investigating, and preventing misuse, crimes, and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention)
Asserting legal claims and defending against legal disputes and administrative proceedings
Video surveillance and other measures to ensure our IT, building, and plant security, as well as the protection of our employees and other persons (e.g., access controls, visitor lists, network and mail scanners, phone recordings)
Managing, ensuring, and improving our business, especially IT, website, accounting, archiving, training, and other administrative purposes
Ensuring data quality in our systems, e.g., preventing multiple or inconsistent entries
As part of corporate transactions and related investigations and transfers of personal data
If you have given us consent to process your personal data for specific purposes (e.g., when registering to receive newsletters), we will process your personal data within the scope and based on this consent, provided we do not have another legal basis and require one. You can revoke your consent at any time, but this does not affect data processing that has already occurred.
4. Cookies/Tracking and Other Technologies Related to the Use of Our Website
We typically use "cookies" and similar techniques on our website to identify your browser or device. A cookie is a small file sent to your computer or mobile device by your web browser when you visit our website. When you revisit the website, we can recognize you, even if we do not know who you are. In addition to session cookies used only during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period (e.g., two years) ("persistent cookies"). However, you can configure your browser to reject cookies, store them only for a session, or delete them prematurely. Most browsers are set to accept cookies. We use persistent cookies to store user settings (e.g., language, auto-login), better understand how you use our offers and content, and display personalized offers and advertisements to you (which may also occur on other companies' websites; however, they will not know who you are if we do not know, as they will only see that the same user who was on our website is on theirs). Some of the cookies are set by us, and some are set by partners we work with. If you block cookies, certain functionalities (such as language selection, shopping cart, ordering processes) may no longer work.
We may include visible and invisible image elements in our newsletters and other marketing emails, as far as permitted, through which we can determine if and when you opened the email. This allows us to measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are preset to do so.
By using our website and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, you must adjust your browser or email programs accordingly.
5. Data Disclosure and Data Transfer Abroad
In the course of our business activities and for the purposes mentioned in Section 3, we may disclose information to third parties, whether because they process it for us or because they want to use it for their own purposes. This includes, in particular, the following entities:
Your treating physician for clarification of inquiries regarding your treatment
Health insurers for billing your order
Service providers, including data processors (e.g., IT providers)
Dealers, suppliers, subcontractors, and other business partners
National and international authorities, offices, or courts
Buyers or potential buyers of Dascoli or business units or other parts thereof
Other parties in potential or actual legal proceedings
All collectively referred to as recipients.
These recipients may be located partially within the country but may be anywhere on earth. You must be aware that your personal data may be transferred to other countries in Europe and the USA, where our service providers are located (e.g., Microsoft, SAP).
If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection laws (for this purpose, we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?). This is unless the recipient is already subject to a legally recognized framework for ensuring data protection, and we cannot rely on an exemption. Exceptions may apply, especially in foreign legal proceedings, or in cases of overriding public interest, if contract processing requires such disclosure, if you have consented, or if it concerns personal data made publicly accessible by you, to which you have not objected.
6. Duration of Personal Data Storage
We process and store your personal data as long as necessary for the fulfillment of our contractual and legal obligations or the purposes pursued with the processing, i.e., for the duration of the entire business relationship (from initiation, execution to termination of a contract) and beyond in accordance with legal retention and documentation obligations. It is possible that personal data may be stored for the time during which claims can be asserted against our company and to the extent we are otherwise legally obligated or have legitimate business interests (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized, to the extent possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less apply.
7. Data Security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of storage media and transmissions, pseudonymization, and controls.
8. Obligation to Provide Personal Data
In the context of our business relationship, you must provide the personal data necessary for the initiation and execution of a business relationship and the fulfillment of associated contractual obligations (you generally do not have a legal obligation to provide us with personal data). Without this personal data, we will generally not be able to conclude or process a contract with you (or the entity or person you represent). The website also cannot be used if certain information for the security of data traffic (such as IP address) is not disclosed.
We partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, in particular, to inform and advise you on products in a targeted manner. We use evaluation tools that allow us to conduct needs-based communication and advertising, including market and opinion research.
10. Rights of the Data Subject
Subject to applicable data protection law and as provided therein, you have the right to information, correction, deletion, restriction of data processing, and objection to our data processing, especially for direct marketing purposes, profiling conducted for direct advertising, and other legitimate interests in processing. You also have the right to receive certain personal data for transmission to another controller (so-called data portability). Please note that we reserve the right to assert the legally prescribed restrictions ourselves, for example, if we are obliged to retain or process certain personal data, if we have a predominant interest in doing so (if we are allowed to rely on it), or if we need it to assert claims. If costs are incurred for you, we will inform you in advance. We have already informed you about the possibility of revoking your consent in Section 3. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights usually requires you to clearly prove your identity (e.g., by providing a copy of an ID card where your identity is not clear or cannot be verified). To exercise your rights, you can contact us at the address specified in Section 1.
Every data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).