Your Privacy is Our Concern
General Information about Data Processing
1. Scope of Processing Personal Data
We only collect and use our users' personal data insofar as this is necessary to provide a functional website as well as our content and services. Our users' personal data is only collected and used with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.
2. Legal Basis for Processing Personal Data
Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6 Para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data. Art. 6 Para. 1 (b) of GDPR serves as the legal basis for processing personal data required for the fulfilment of a contract where the data subject is a contractual party. This also applies to processing operations that are required to carry out pre-contractual measures. Art. 6 Para. 1 (c) of GDPR serves as the legal basis insofar as processing personal data is required for the fulfilment of a legal obligation to which our company is subject. Art. 6 Para 1 (d) of GDPR serves as the legal basis in the event that the vital interests of the data subject or another natural person require the processing of personal data. Art. 6 Para. 1 (f) of GDPR serves as the legal basis for processing if processing is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest. The contents of this Website, and the information contained herein, are published solely for information purposes, and shall not be deemed exhaustive. They do not constitute a legal opinion or any other form of professional advice, and they are not designed for commercial purposes or for the purpose of establishing customer relations. healiva® SA shall not be held liable for any actions or omissions driving from the use of the information and articles contained in this Website.
The Website and its contents are protected by national and international copyright law, and are the exclusive property of healiva® SA brand and of the respective authors. Consequently, the partial or complete reproduction other than for purely personal purposes, the public disclosure, or in any case the dissemination, of said contents, requires prior authorisation from healiva® SA. healiva® SA shall not be held liable for, nor does it approve as such, any contents supplied by third parties and accessible from this Website.
3. Processing Methods
Personal data shall be processed by the personnel appointed by healiva® SA, and if necessary by the firm’s professionals. Personal data may also be processed by third parties, providers of external services (e.g. technical assistance), acting on behalf or in the name of Healiva SA and duly appointed as data processor, and who shall process the data in accordance with the purpose for which the data were originally collected.
4. Scope of Communication of Personal Data
Personal data shall be processed using automated means, on the basis of logics strictly related to the purposes of processing, and for the time strictly necessary to achieve the purposes for which such data have been collected. Collected information shall be stored in a safe place.
5. Navigation Data
These is navigation data that the computer systems acquire automatically during use of the Website, such as the IP address, URI (Uniform Resource Identifier) addresses, together with details of the requests sent to the Websites' server, which make navigation possible. Navigation data may also be used to compile anonymous statistics, which make it possible to understand how the Website is used, and to improve the structure thereof. Finally, navigation data may also be used in order to check for any illegal operations, as in the case of cyber crimes, to the detriment of the Website.
6. Data Provided by the User
Any communication sent to the contacts indicated on the Website implies the acquisition of the e-mail address and of the other personal data contained in the communication. Without prejudice to the points made in regard to navigation data and cookies, users are free to supply their personal data in contacts and/or communications with healiva® SA. Failure to supply such data may make it impossible to receive a response.
7. Deletion of Data and Duration of Storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address and the data collected within the scope of the double opt-in (IP address, date and time of registration) are therefore stored for as long as the subscription to the newsletter is active. Other personal data collected in the course of the registration process will generally be deleted after a period of seven days. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period if this has been foreseen by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of data for the conclusion or fulfilment of a contract.
Categories, Type And Purposes Of The Processed Data
The following data is stored and transmitted in the cookies:
The user's data is saved anonymously in the user session without assigning a user ID until the order is completed.
This way, the following data can be transmitted:
Entered search terms
Frequency of page views
Use of website functions
The user data are not assigned to the user. The data is not stored together with other personal user data.
We need cookies for remembering search terms and evaluating the analytics related to the usage of the website. Users are anonymous for healiva® SA unless they provide a network name that clearly identifies them.
What Types of Cookies are there?
Analytical cookies allow us to track the number of visitors to our website anonymously to monitor and enhance the browsing experience.
Our site uses “Google Analytics”, a third-party cookie managed by Google Inc.
You can deactivate this cookie by clicking here; rest assured that deactivation will in no way hamper your use of our site.
You can choose whether to accept or block cookies through your browser settings.
All major browsers allow users to choose their cookie settings. Below are links to instructions for managing and deleting the cookies from some:
Your Online choices
We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation, and unauthorised access. All of our employees and all of the third parties involved in processing data are obliged to comply with the Swiss Federal Data Protection Act (DPA) and treat personal data confidentially. When personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised according to technological developments. We also use a secure data connection (https) to transmit data in the shop area of our website.
There are several contact forms on our website that can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
The user can revoke his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. In such cases, the conversation cannot be continued. The user can revoke his/her consent at any time by email, telephone, fax, or letter. All personal data stored in the course of establishing contact is deleted in this case.
Confirmation of Contact/Customer Information
As a result of establishing contact with us through a contact form on the Internet, by email, or in personal form (visit, call, visit to a trade fair), during which your transmitted personal data is stored, we will send you a confirmation of the contact in the form of customer information. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user can revoke his/her consent to the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. In such cases, the conversation cannot be continued. The user can revoke his/her consent at any time by email, telephone, fax, or letter. All personal data stored in the course of establishing contact will be deleted in this case.
Webinars provide the opportunity for communication between us and a group of people who register online for a digital conference for the purpose of procuring information. When you register for a webinar, the following data is required to support the process:
Use of Twitter
Use of LinkedIn
Web Tracking - Google Analytics
Objecting to data collection
Rights of the Data Subject
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Rights to Information
You can ask the responsible person to confirm whether your personal data is processed by us. If such processing has taken place, you can request the following information from the responsible person:
The purposes for which the personal data is processed.The categories of personal data processed.
The recipients or categories of recipients to whom the personal data about you has been or will be disclosed.
The planned duration of the storage of your personal data or, if specific information about this cannot be provided, criteria for determining the storage period.
The existence of a right of rectification or deletion of your personal data, of a right to the restriction of processing by the data controller, or of a right to objection to such processing.
The existence of a right of appeal to a supervisory authority.
The planned duration of the storage of your personal data or, if specific information about this cannot be provided, criteria for determining the storage period.
All available information about the origin of the data if the personal data is not collected from the data subject.
The existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees in accordance with Art. 46 of GDPR in connection with the transmission.
2. Right to Rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.
3. Right to Limitation of Processing
You may request that the processing of personal data concerning you be restricted under the following circumstances:
If you dispute the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of the personal data.
The processing is unlawful and you refuse the deletion of the personal data and instead request that the use of the personal data be restricted.
The data controller no longer needs the personal data for the purposes of processing, but you do need it to assert, exercise, or defend legal claims.
If you have filed an objection to the processing in accordance with Art. 21 Para. 1 of GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state. If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to Deletion - Deletion Obligation
You may request the data controller to delete your personal data without delay and he/she is obliged to delete this data without delay if one of the following reasons applies:
Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
You revoke your consent, on which the processing was based in accordance with Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of GDPR, and there is no other legal basis for the processing.
You file an objection against the processing in accordance with Art. 21 Para. 1 of GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with Art. 21 Para. 2 of GDPR.
Your personal data has been processed unlawfully.
The deletion of your personal data is required to fulfill a legal obligation under European Union law or the law of the member states to which the data controller is subject.
Your personal data has been collected in relation to information society services offered in accordance with Art. 8 Para. 1 of GDPR.
Information to Third Parties
If the data controller has made your personal data public and is obliged to delete it in accordance with Art. 17 Para. 1 of GDPR, he/she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
The right to deletion does not exist insofar as the processing is necessary, for example:To exercise freedom of expression and information.
To fulfill a legal obligation required for processing under the law of the European Union or of member states to which the data controller is subject or to carry out a task in the public interest or in the exercise of official authority conferred on the data controller.
For reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of GDPR.
For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Para. 1 of GDPR, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing.
To assert, exercise, or defend legal claims.
5. Right to be Informed
If you have exercised your right to have the data controller correct, delete, or restrict data processing, he/she is obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by the data controller about such recipients.
6. Right to Data Transferability
You have the right to receive such personal data as relates to you that you provided to the data controller in a structured, common, and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was made available, provided that:
Processing is based on consent in accordance with Art. 6 Para. 1 (a) of GDPR or Art. 9 Para. 2 (a) of GDPR or on a contract in accordance with Art. 6 Para. 1 (b) of GDPR.
Processing is carried out using automated methods.
In exercising this right, you also have the right to request that your personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability shall not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of an official authorisation conferred on the data controller.
7. Right of Objection
You have the right to file an objection at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art 6. Para. 1 (e) or (f) of GDPR; this also applies to profiling based on these provisions. The data controller shall no longer processes your personal data unless he/she can prove compelling and legitimate grounds for processing, which outweigh your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims. If your personal data is processed for direct marketing purposes, you have the right to file an objection at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option to exercise your right of objection in connection with the use of information society services by means of automated processes using technical specifications, notwithstanding Directive 2002/58/EC.
8. Right to Revoke the Data Protection Declaration of Consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of processing carried out on the basis of the consent until revocation.
9. Automated Decision-Making in Individual Cases Including Profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effects against you or significantly impairs you in a similar manner. This is not the case if the decision
is necessary for the conclusion or performance of a contract between you and the data controller.
is admissible under European Union legislation or that of the member states to which the data controller is subject and where such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests.
is made with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Para. 1 of GDPR, unless Art. 9 Para. 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his/her own position, and to challenge the decision.
10. Right of Appeal to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state where you reside, your place of work, or the location of the suspected infringement, if you believe that the processing of your personal data is contrary to the GDPR.
Changes to Data Protection Regulations
The data controller for the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
healiva® SA - Corso Elvezia 4, 6900 Lugano, Ticino, Switzerland
T: +41 76 709 44 16