Data Protection
Privacy Policy of Dascoli Pharma AG, Zurich, Switzerland
Version dated September 1, 2023
In this privacy policy, we, Dascoli Pharma AG, Münchhaldenstrasse 10, 8008 Zurich, Switzerland, registered in the Commercial Register of the Canton of Zurich under number CHE-172.957.423 (hereinafter Dascoli, we, or us), explain how we collect and process personal data.
Dascoli is, among other things, the operator of Stauffacher Apotheke. This statement is not exhaustive; specific matters may be regulated by other privacy policies, terms and conditions, or similar documents. Personal data refers to all information relating to a specific or identifiable person.
If you provide us with personal data of other individuals (e.g., family members), please ensure that these individuals are aware of this privacy policy, and only provide us with their personal data if you are authorized to do so and if the information is accurate.
This privacy policy is designed to comply with the requirements of the Swiss Data Protection Act ("DSG"). However, the applicability of these laws depends on the individual case.
1. Data Controller
Responsible for the data processing described here is Dascoli. If you have privacy concerns, you can contact us as follows:
Dascoli Pharma AG
Münchhaldenstrasse 10
8008 Zurich
Phone: 044 422 66 88
Email: hallo@dascoli-pharma.ch
2. Collection and Processing of Personal Data
We primarily process the personal data we directly receive from you, such as in connection with the purchase of goods in our local pharmacy, ordering goods by phone, fax, or online through our website or online shop, using a loyalty program, or communicating with us.
The personal data we process includes, but is not limited to:
-
Names
-
Addresses
-
Email addresses
-
Phone numbers (landline and/or mobile)
-
Birthdates
-
Social security numbers
-
Any other information listed or stored on the health insurance card
-
Health data (especially related to medication use or acquisition, prescription/receipt from doctors, and the provision of services)
-
IP addresses
3. Purposes of Data Processing and Legal Bases
We use the personal data we collect primarily to conclude and fulfill contracts with our customers and business partners. This includes providing our services as a pharmacy, such as selling, manufacturing, and trading pharmaceutical and other hygiene and health products, as well as related advisory services. We also process personal data for the purpose of providing further education activities (especially training and courses in the field of medical therapy) and for operating wholesale with pharmaceutical products. Additionally, we process personal data to comply with our legal obligations in Switzerland and abroad.
Furthermore, we process your personal data, as permitted and deemed appropriate by us, for the following purposes, in which we (and sometimes third parties) have a legitimate interest:
-
Contract processing, including shipping and payment processing, billing with health insurers, debt collection, and handling returns, complaints, and warranty cases
-
Credit checks when selecting payment methods (purchase on account)
-
Conducting loyalty programs
-
Communication with you and third parties, e.g., for inquiries to your treating physician
-
Advertising and marketing purposes (including events), provided you have not objected to the use of your personal data (if we send you advertising as an existing customer, you can object at any time; we will then add you to a blocking list against further advertising)
-
Sending reminders as health services, such as reminders for the expiration of a long-term prescription for prescription medications or the repetition of a vaccination
-
For anonymous statistics and evaluations based on personal data, including health data
-
Providing, managing, and personalizing our website
-
Detecting, investigating, and preventing misuse, crimes, and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention)
-
Asserting legal claims and defending against legal disputes and administrative proceedings
-
Video surveillance and other measures to ensure our IT, building, and plant security, as well as the protection of our employees and other persons (e.g., access controls, visitor lists, network and mail scanners, phone recordings)
-
Managing, ensuring, and improving our business, especially IT, website, accounting, archiving, training, and other administrative purposes
-
Ensuring data quality in our systems, e.g., preventing multiple or inconsistent entries
-
As part of corporate transactions and related investigations and transfers of personal data
If you have given us consent to process your personal data for specific purposes (e.g., when registering to receive newsletters), we will process your personal data within the scope and based on this consent, provided we do not have another legal basis and require one. You can revoke your consent at any time, but this does not affect data processing that has already occurred.
4. Cookies/Tracking and Other Technologies Related to the Use of Our Website
We typically use "cookies" and similar techniques on our website to identify your browser or device. A cookie is a small file sent to your computer or mobile device by your web browser when you visit our website. When you revisit the website, we can recognize you, even if we do not know who you are. In addition to session cookies used only during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period (e.g., two years) ("persistent cookies"). However, you can configure your browser to reject cookies, store them only for a session, or delete them prematurely. Most browsers are set to accept cookies. We use persistent cookies to store user settings (e.g., language, auto-login), better understand how you use our offers and content, and display personalized offers and advertisements to you (which may also occur on other companies' websites; however, they will not know who you are if we do not know, as they will only see that the same user who was on our website is on theirs). Some of the cookies are set by us, and some are set by partners we work with. If you block cookies, certain functionalities (such as language selection, shopping cart, ordering processes) may no longer work.
We may include visible and invisible image elements in our newsletters and other marketing emails, as far as permitted, through which we can determine if and when you opened the email. This allows us to measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are preset to do so.
By using our website and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, you must adjust your browser or email programs accordingly.
We may use Google Analytics or similar services on our website. This is a third-party service that can be located anywhere in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland), and Google Ireland relies on Google LLC (based in the USA) as a data processor (both "Google"), www.google.com), allowing us to measure and evaluate the use of the website (non-personalized). This also involves using persistent cookies set by the service provider. We have configured the service to shorten the IP addresses of visitors from Google in Europe before forwarding them to the USA, making them untraceable. We have disabled the settings "Data Sharing" and "Signals." While we assume that the information we share with Google is not personal data for Google, it is possible that Google may draw conclusions about the identity of visitors, create personal profiles, and link this data to the Google accounts of these individuals. If you have registered with the service provider, the service provider knows you. The processing of your personal data by the service provider then takes place under the responsibility of the service provider in accordance with its privacy policy. The service provider only informs us about how our respective website is used (no information about you personally).
We may also use plugins from social networks such as Facebook, Twitter, Youtube, Pinterest, or Instagram on our website. This is visible to you (typically through corresponding symbols). We have configured these elements to be deactivated by default. If you activate them (by clicking), the operators of the respective social networks may register that you are on our website and where, using this information for their purposes. The processing of your personal data then takes place under the responsibility of this operator in accordance with its privacy policy. We do not receive any information about you from them.
5. Data Disclosure and Data Transfer Abroad
In the course of our business activities and for the purposes mentioned in Section 3, we may disclose information to third parties, whether because they process it for us or because they want to use it for their own purposes. This includes, in particular, the following entities:
-
Your treating physician for clarification of inquiries regarding your treatment
-
Health insurers for billing your order
-
Service providers, including data processors (e.g., IT providers)
-
Dealers, suppliers, subcontractors, and other business partners
-
National and international authorities, offices, or courts
-
Buyers or potential buyers of Dascoli or business units or other parts thereof
-
Other parties in potential or actual legal proceedings
-
All collectively referred to as recipients.
-
These recipients may be located partially within the country but may be anywhere on earth. You must be aware that your personal data may be transferred to other countries in Europe and the USA, where our service providers are located (e.g., Microsoft, SAP).
If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection laws (for this purpose, we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?). This is unless the recipient is already subject to a legally recognized framework for ensuring data protection, and we cannot rely on an exemption. Exceptions may apply, especially in foreign legal proceedings, or in cases of overriding public interest, if contract processing requires such disclosure, if you have consented, or if it concerns personal data made publicly accessible by you, to which you have not objected.
6. Duration of Personal Data Storage
We process and store your personal data as long as necessary for the fulfillment of our contractual and legal obligations or the purposes pursued with the processing, i.e., for the duration of the entire business relationship (from initiation, execution to termination of a contract) and beyond in accordance with legal retention and documentation obligations. It is possible that personal data may be stored for the time during which claims can be asserted against our company and to the extent we are otherwise legally obligated or have legitimate business interests (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized, to the extent possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less apply.
7. Data Security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of storage media and transmissions, pseudonymization, and controls.
8. Obligation to Provide Personal Data
In the context of our business relationship, you must provide the personal data necessary for the initiation and execution of a business relationship and the fulfillment of associated contractual obligations (you generally do not have a legal obligation to provide us with personal data). Without this personal data, we will generally not be able to conclude or process a contract with you (or the entity or person you represent). The website also cannot be used if certain information for the security of data traffic (such as IP address) is not disclosed.
9. Profiling
We partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, in particular, to inform and advise you on products in a targeted manner. We use evaluation tools that allow us to conduct needs-based communication and advertising, including market and opinion research.
10. Rights of the Data Subject
Subject to applicable data protection law and as provided therein, you have the right to information, correction, deletion, restriction of data processing, and objection to our data processing, especially for direct marketing purposes, profiling conducted for direct advertising, and other legitimate interests in processing. You also have the right to receive certain personal data for transmission to another controller (so-called data portability). Please note that we reserve the right to assert the legally prescribed restrictions ourselves, for example, if we are obliged to retain or process certain personal data, if we have a predominant interest in doing so (if we are allowed to rely on it), or if we need it to assert claims. If costs are incurred for you, we will inform you in advance. We have already informed you about the possibility of revoking your consent in Section 3. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights usually requires you to clearly prove your identity (e.g., by providing a copy of an ID card where your identity is not clear or cannot be verified). To exercise your rights, you can contact us at the address specified in Section 1.
Every data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
11. Changes
We may adjust this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of changes by email or in another suitable manner in the event of an update.