Effective Date: May 1, 2018
Cederberg GmbH (“Cederberg”) respects the privacy rights of individuals with regards to their personal data. This Privacy Notice explains the types of personal data we may collect from patients, customers, healthcare professionals, business partners, contractors, consultants and employees and how we use it and protect it.
If you have any questions regarding this Privacy Notice or wish to access or correct personal data that we have collected from you, then please contact our Data Protection Officer at email@example.com.
Cederberg is a Swiss healthcare company specialising in healthcare product development, marketing and distribution as well as consultancy. This Privacy Notice applies to all Cederberg’s activities that might involve personal data. These data may be collected or provided through Cederberg’s activities and services including websites, social media pages, or patient, customer, healthcare professional, business partner, contractor, consultant or employee interactions.
Why we collect data
We collect personal data in order to fulfil business transactions with customers and for financial accounting purposes. We also collect personal data in order to fulfil legal and regulatory obligations including procedures associated with the safety of healthcare products, medical information and product complaints. We also use personal data to operate effectively and to improve our services.
These data may come from a number of sources. For example, personal data may be obtained as follows;
- to enable us to fulfil product orders through our websites, email or via telephone
- through registrations, participation in special offers, promotions, competitions, or surveys
- in connection with general enquiries through our website contact form or if you contact us directly by email or by telephone
- in connection with product returns, product safety, medical information or product complaints
- provision of data directly to us at one of our commercial stands at public or professional events
- through public sources of healthcare professional data for legitimate marketing purposes
- to verify the registration of healthcare professionals
- through public sources of business contact data for legitimate business purposes
- through interactions with employees, contractors or consultants for payroll, payment, Human Resources (HR) and related activities.
We may also receive data about you by tracking how you interact with our services. For example, using technologies such as cookies. We may also obtain data from third-parties (other companies). For example, if you order products from our website or third-party websites we may receive details such your name and address in order for us to fulfil the order. We may also receive details relating to the status or confirmation of your payment and contact information such as an email address and / or telephone number for use in resolving any queries relating to the order.
The type of personal data we collect depends on the activity interactions you have with us or the service that you use. These may include:
- name, address, email address, telephone number in association with a product order or delivery.
- name, address, email address, telephone number and other similar contact data in association with a general enquiry.
- data about you that is related to patient safety and reporting of adverse events/adverse incidents, medical information enquiries, product complaints and/or that may be required by laws that apply to us.
- data related to your healthcare if you enquire about products.
- data necessary to process payments. Payments for website orders are collected through third-party platforms such as PayPal and personal data are used for preparation and reconciliation of financial accounts. For website payments we do not hold data relating to your credit card or bank account. For payments arranged through direct contact we may receive your bank or credit card details.
- We may hold data relating to how often you order products and what products you ordered
- for employees, contractors, consultants and partners we may receive your bank account details in order for us to make payments to you.
- data about our interactions and meetings, such as when you contact us for information, support or place an order.
- passwords, password hints and similar security information used for authentication and account access on our websites.
- data provided by you publicly on social media platforms
- data about you such as your age, gender, country of origin or residence, and preferred language.
- data about your location, including geolocation data and / or IP address.
- to send administrative information to you, for example, information regarding changes to products or services we provide.
- to offer special programs, activities, events or promotions.
- as necessary to enforce our terms and conditions, to protect our operations or those of any of our affiliates / partners or to protect our rights, privacy, safety or property.
In some cases, we may augment the information we hold about you with information we receive from third-parties or with information which is publicly or commercially available and is obtained by legal means for which consent has been given.
If any of our processing operations constitute automated decision making then these will be supported by internal procedures to ensure compliance with the legal requirements.
Who we share personal data with
We share your personal data to complete business transactions and/or to provide a product or service that you have requested including for payment processing, order fulfilment, customer service, etc. We require that our service providers adhere to appropriate restrictions on access and use of your personal data.
We also share data with affiliates, subsidiaries, consultants or contractors working on our behalf such as for financial accounting and reconciliation, or when required by law or to respond to legal process, or regulatory procedures related to patient safety and reporting of adverse events/adverse incidents, medical information enquiries or product complaints.
We may also share personal data in the event of a merger, acquisition, joint venture, or sale of all or part of our business.
We do not share information that can identify you with our advertisers and advertising networks. We only share anonymous information about our users which has been aggregated for the purposes of statistical analysis. We may also use such anonymous aggregated information to help advertisers reach the kind of audience they want to target. We may make use of the information we have collected from you to enable us to display our adverts on to a targeted audience.
We will also share your information with third-parties where we believe, in good faith, that it is necessary to protect our rights, property, safety or reputation or the rights, property, safety or reputation of any of our customers or partners.
How we store data
We use a variety of procedures to protect your personal data from unauthorized access, use and disclosure. We use SSL encryption on websites where you make purchases from us and information that you provide associated with orders placed via our websites is stored either on secure servers operated by third parties operators such a PayPal and /or on our own encrypted databases. In addition, we store your personal data on computer systems that are password protected and have encrypted access controls where this is appropriate.
The information we collect about you may be transferred outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our partners, contractors or suppliers.
We have notified the Information Commissioner's Office (the ICO) that information may be transferred outside the EEA. We comply with the provisions of the General Data Protection Regulation to ensure that adequate protection is provided to any personal data which we store or process outside the EEA
Where we share information with our suppliers or trusted third party partners who transfer or process the data outside the EEA, we make sure that your information is protected by only transferring it to third-parties who are committed to GDPR compliance.
We only keep your information for as long as it is needed to provide you with the services you have requested unless a longer retention period is required or permitted by law.
How you can access your data
You have choices about the data we collect. If you are asked to share your personal data with us you may decline. However, your choice not to share your personal data with us may mean that you will not be able to use our products or services etc.
You have a right to know and enquire about what personal data we have collected about you and the right to request correction or deletion of these personal data. If you would like to make a request regarding personal data that we hold on you please contact our Data Protection Officer at firstname.lastname@example.org or writing to our registered office at Cederberg GmbH, Neuhofweg 4, Binningen, 4102 Switzerland. You may also ask us to make any necessary changes to that information to make sure that it is accurate and up to date.
You may also ask us to delete or restrict the processing of your personal data. We will provide you with access to your personal data and offer to or delete such information at your request if it is not otherwise required to be retained by law or for our legitimate business purposes. We may challenge requests that are unreasonably repetitive, require disproportionate technical effort or jeopardize the privacy of others. Before fulfilling your request we may need to verify your identity.
If you have a complaint, please contact our Data Protection Officer at email@example.com or writing to our registered office at Cederberg GmbH, Neuhofweg 4, Binningen, 4102 Switzerland, in the first instance, so that they can do their very best to sort out the problem. You can also contact the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. http://www.ico.org.uk.
While in some instances we may collect personal data about children with the consent of a parent or guardian for the provision of our services such as medical information or adverse event / adverse incident reporting activities we do not otherwise knowingly solicit data from, or market to, children. If a parent or guardian becomes aware that his or her child has provided us with personal information, he or she should contact us as described in the “How to Contact Us” section below.
In the event your personal data is accessed, lost, or stolen by an unauthorized third party, we will exercise commercially reasonable efforts to notify you to the extent required by law and disclose to you the personal data that was accessed/disclosed using the contact information provided to us or by other reasonable means.
We may collect certain personal data from you to enable you to use online social media features. We may also use these tools to post or share personal data with others. When using social media, you should be very vigilant about what personal data you choose to share with others.
Cookies and similar technologies
We may partner with third-party service providers to provide advertisements regarding goods or services that may be of interest to you when you access and use our services and third party-sites. Some of these on our services or on third party sites may be personalized, meaning that they are intended to be relevant to you based on what we, or the online advertising network, know about you or your computer's browsing activity on both the service and third-party sites.
However, you may prefer to disable cookies in your browser. We suggest consulting the Help section of your browser or visiting www.allaboutcookies.org. delete cookies, please look at your particular browser for options. For more information about Google Analytics, or to opt out of Google Analytics, please go to https://tools.google.com/dlpage/gaoptout.
In general, the internet is not a secure means of communication. We cannot fully guarantee the security of any information entered over this media and will not be responsible for any damages you or others may suffer as a result. Although we have implemented security controls we cannot guarantee the security of your information. It is also important for you to remember to protect against unauthorized access to your passwords. If you believe that you may disclosed a password used on one of our websites then please notify us immediately as described in the “How to Contact Us” section below.
Our site may contain links to websites of our partners, affiliates or other sources. If you follow a link to any of these websites please note that these are independent websites and have their own privacy policies.
How to Contact Us
We welcome any questions or comments you may have regarding this Privacy Notice or its implementation. Any such questions or comments should be submitted using the contact information below. We will use reasonable efforts to resolve or address your concern.
Cederberg GmbH, Neuhofweg 4, Binningen, 4102 Switzerland. Tel: +41 (0)61 422 1459. Email: firstname.lastname@example.org.
Updates to our Privacy Notice
We may update this Privacy Notice from time to time. Please check this Privacy Notice periodically for changes. If we make any changes, the updated Privacy Notice will be posted on our websites, with a revised effective date, and, where appropriate, notified to you by e-mail.
Your continued use of our services following the posting of changes to the Privacy Notice will mean you accept those changes.