Privacy policy Pharmalex

Bern, April 13, 2023

The protection of your personal data is important to us, which is why we are pleased to explain to you in this data protection declaration how Advokatur Pharmalex GmbH, Bern, processes your personal data.

Personal data is any information relating to an identified or identifiable natural person. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data.

If you provide us with personal data of other persons (e.g. family members, data of colleagues), you must ensure that these persons are aware of this privacy policy. Only share such personal data with us if you are allowed to do so and if this personal data is correct.

This privacy policy is not exhaustive. Please also note any other documents that regulate data protection at Pharmalex GmbH. Our privacy policy is primarily based on the revised Swiss Data Protection Act (DSG). However, it also takes into account the EU General Data Protection Regulation ("GDPR"). Whether and to what extent the DSG or the DSGVO is applicable depends on the individual case.

1. person in charge

Person responsible for data protection:

Pharmalex GmbH
Effingerstrasse 6a
3011 Bern
+41 31 320 10 20

You can send us your data protection concerns either by mail to the above address or by e-mail to:

info@pharmalex.ch

2. what personal data is collected and for what purposes?

We primarily process personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved, or that we collect from users in the course of operating our websites, apps and other applications.

2.1. visit our website

When visiting our website, its server temporarily stores information about user accesses. This information includes:

• The IP address, MAC address of the smartphone or computer

• Date and time of access

• The name and URL of the retrieved file

• The website from which the access is made (referrer URL)

• The browser used

• The operating system of the computer used and the name of the access provider of the users

We use this data to ensure a smooth connection, the comfortable use of the website, the evaluation of system security and stability, and for other administrative purposes.

2.2 Use of the contact form

On our website you will find a contact form. You can use it to contact us. To use the contact form, your first name, last name and e-mail address are required.

We use this data to process your request.

If no mandate or other contractual relationship is established with you, this data will be deleted after 30 days.

2.3 Communication via e-mails

Data transmitted to us by unencrypted e-mail communication is stored on Microsoft's servers in Switzerland. This storage is based on Microsoft's processing procedures.

We recommend that any communication with us is encrypted only. We use S/MIME encryption for this purpose. The documents encrypted in this way can only be read by Pharmalex, since the encryption takes place locally and not on Microsoft's server.

2.4 Use of cookies on our website

We use "cookies" and similar technologies on our websites to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This allows us to recognize you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser to reject cookies, store them for one session only, or otherwise delete them early. Most browsers are preset to accept cookies.

We use persistent cookies to help us better understand how you use our offerings and content. Certain of the cookies are set by us, and certain are also set by contractors with whom we work. If you block cookies, certain functionalities (such as language selection) may no longer work.

2.5 Use of web analytics tools on our website

We sometimes use Google Analytics on our website. Web analytics tools are a third-party service that may be located in any country in the world. This service allows us to measure and evaluate the use of the website (non-personal). In the case of Google Analytics, the service provider is Google Ireland (based in Ireland); Google Ireland relies on Google LLC (based in the USA) as an order processor (both "Google", www.google.com).

Google Analytics also uses permanent cookies that are set by the service provider. We have configured the service so that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have turned off the "Data Forwarding" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. Insofar as you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider then takes place under the responsibility of the service provider in accordance with its data protection provisions. The service provider only informs us how our respective website is used (no information about you personally).

Through the web analysis tools, we ensure the needs-based design and ongoing optimization of our website. The measures allow us to statistically record and evaluate the use of our website, which corresponds to our legitimate interests.

2.6 Use of social media plug-ins

We use so-called plug-ins from social networks such as Facebook, Twitter, YouTube, Pinterest or Instagram on our website. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are disabled by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations. We do not receive any information about you from him.

2.7 Other purposes of data processing

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners and to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.

In addition, we also process personal data of you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we have a legitimate interest corresponding to the purpose, provided that the attorney-client privilege does not prevent this:

• Offer and further develop our offers, services and websites, apps and other platforms on which we are present;

• Examination and optimization of procedures for needs analysis for the purpose of direct customer contact as well as collection of personal data from publicly available sources for the purpose of customer acquisition;

• Assertion of legal claims and defense in connection with legal disputes and official proceedings;

• Warranties of our operations, especially IT, our websites, apps, and other platforms;

• Video surveillance to maintain house rules and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);

Insofar as you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters or carry out a background check), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis and we would require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

3. disclosure of your data to third parties

We will only disclose your personal data to third parties if you expressly consent to this, if there is a legal obligation or permission to do so, if the disclosure is necessary for the assertion, exercise or defense of legal claims or if the disclosure of data is necessary for the processing of contractual relationships with you.

4. security of your data

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse. When accessing our website, the SSL encryption process is used.

5. obligation to provide personal data

In the context of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations. Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent) or to process it.

Also, the website cannot be used if certain information to secure the traffic (such as IP address) is not disclosed.

6. your rights as a data subject

Within the scope of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, restriction of data processing and objection to our data processing as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability).

Please note that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims. If you incur costs, we will inform you in advance.

We have already informed you about the possibility of revoking your consent in section 2.7. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your ID card, where your identity is otherwise not clear or cannot be verified). To exercise your rights, you can contact us at the address given in section 1.

In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

7. changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies.

Last revision: August 2023.