The protection of your personal data is very important to us. Please read this data protection declaration carefully to find out more about when personal data is collected when using our Internet website and how we store and process these data.
This data protection declaration applies to the Internet pages https://www.ypsomed.com, https://yds.ypsomed.com as well as http://www.mylife-diabetescare.com and to the data collected via these pages, and also if you use our services and offers via these pages. From these Internet pages, you can, among others, access the Internet pages of other companies of the Ypsomed Group and our mylife online shops. The data protection declarations available on these Internet pages apply.
Responsible body
The responsible body in the sense of the EU General Data Protection Regulation (GDPR) and other data protection regulations is
Ypsomed AG
Brunnmattstrasse 6
P.O. Box
3401 Burgdorf / Switzerland
Telephone+41 (0)34 424 41 11
E-mail: info@ypsomed.com
CEO: Simon Michel
You can contact our data protection officer by mail at the address provided or directly by e-mail at privacy@ypsomed.com.
Personal data is all information that allows identification of your person. For example, this includes the name, address, telephone number, e-mail or IP address.
Handling of personal data
Personal Data
Personal data is all information that allows identification of your person. This includes your contact data such as name, address, telephone number, e-mail, but also your IP address.
When accessing our Internet pages, registering in online portals and using our web services (orders, web surveys, registration for events, etc.), we collect personal data about you. We process personal data in accordance with data protection regulations and only to the extent necessary to provide the services or content you have requested.
Safety
We ensure the necessary technical and organisational security measures and adequately protect your personal data from unauthorised access and misuse.
During transmission, we protect your data using an encryption method (e.g. SSL) via HTTPS. In addition, we secure our servers using firewalls and virus protection, create regular back-ups and work with role and authorisation concepts.
Our employees are obliged to observe the applicable data protection regulations when handling personal data.
Automatically collected data
Server log files
Description, scope and purpose of data processing
Our Internet pages log all enquiries and accesses of visitors to our Internet pages automatically and save these data as so-called server log files.
Server log files are used to track your activities on our Internet pages and to locate any errors in the functions of the site. The following data are logged automatically:
- Website accessed
- Time of access
- Volume of transmitted data in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used
- User data, when logging into a user account
- Error reports
- Error sources (which module created the error)
We use the collected data anonymously for statistical evaluations and to improve our Internet pages. However, we do reserve the right to check the server log files retrospectively if concrete indications point to illegal use. For security reasons, you therefore have no option of rejecting the collection of this data.
Access to the server log files is restricted to a few system administrators of Ypsomed and our service provider e3N (e3N GmbH & Co. KG, Göttelmannstrasse 13A, D-55130 Mainz).
Legal basis for data processing:
The legal basis for the temporary storage of data and server log files is our legitimate interest in maintaining the functionality of the Internet page, Art. 6 para. 1 lit. f GDPR.
Duration of storage:
The log files of the web and mail servers are irrevocably deleted after 7 days.
Cookies
Some of our Internet pages use cookies. This standard technology hides small text files that are temporarily or permanently stored on your hard drive. Cookies are used to better match the offer on our website to your interests or provide improvements in general on the basis of statistical evaluations.
You can deactivate the storage of cookies in your browser settings in whole or in part if you want to prevent your visit to our Internet website from being tracked. Ask your browser provider how you can delete and block cookies or search for a help function in your browser. However, we wish to point out that you may not be able to use all functions of our Internet website after deactivation.
Description and scope of data processing
If you allow the use of cookies through your browser settings, the following cookies may be used on our Internet pages:
| Name | Type | Source | Intended use | Duration of storage |
|---|---|---|---|---|
| PHPSESSID | Technical | ypsomed.com | This cookie serves as an identification feature for the duration of your visit to our Internet pages | Session |
| FE_USER_AUTH | Technical | ypsomed.com | This stores the registration information when you access an area of our website that is protected by a login. | 5 hours |
| cookieconsent_status | Technical | ypsomed.com | This stores the status of your consent for setting cookies on the current domain. | Session |
| _ga | Analytic | ypsomed.com | It assigns a randomly generated number to the user's device. This is used to detect when our website is accessed again via this device. | 2 years |
| _utma | Analytic | ypsomed.com | It analyses how often a user accesses our website via this device. | 2 years |
| _utmb | Analytic | ypsomed.com | It places a time stamp as soon as a user accesses the website. | 30 minutes |
| _utmc | Analytic | ypsomed.com | It places a time stamp as soon as a user leaves the website. | Session |
| _utmt | Analytic | ypsomed.com | It decreases the "request rate" | 10 minutes |
| _utmz | Analytic | ypsomed.com | It analyses where you come from to our website (link from campaign, website, etc.) | 6 months |
Analytical Cookies
For cookies, which enable an analysis of your behaviour or the viewing of individualised content and offers, we obtain your consent when you call up our website. This consent forms our legal basis for the use of analytical cookies.
Further information on analytical cookies can be found in Section Google Analytics with anonymisation function as well as Newsletter and media distribution list.
Purpose and legal basis for data processing:
We cannot offer some functions of the website without the use of cookies. For example, in order for a user area to function, the user must be recognised even after a page change.
The cookies we use are cookies that are technically necessary. The legal basis for the use of these cookies is our legitimate interest in maintaining the functionality of the Internet page. The legal basis is Art. 6 f GDPR.
Use of various Google services
On our website we use various Google services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google").
Google stores cookies on your terminal when using Google services via your Internet browser. Here we cannot exclude the possibility that Google may use servers in the USA for this purpose. However, Google has submitted to both the EU-US Privacy Shield as well as the Swiss-US Privacy Shield. According to information provided by Google, Google uses the collected data for the provision of the service and to ensure that the service functions properly.
If you are logged in to Google, your information will be directly assigned to your Google Account. If you do not wish to be assigned to your profile on Google, you must log out before activating Google services. Google stores your data (even for users not logged in) as user profiles and uses them for the purposes of demand-oriented advertising, market research and/or demand-oriented design of its website, unless expressly denied by Google in the case of individual services. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. For more information, please refer to the description of each Google service as well as Google privacy policy.
Google Analytics with anonymisation function
Google Analytics' cookies allow us to analyse how you use our website. In this way we can constantly optimise our offer and improve the quality of our website and its contents. The cookies in question are given in the table above.
The information generated by the cookies, such as the time, place and frequency of your visit to our website, including your IP address, is transmitted anonymously to Google in the USA and stored. IP addresses are shortened by the additional code "_gat._anonymizeIP" on our Internet pages and are thus automatically anonymised before they are transmitted to Google.
Google evaluates the information about your use of our website on our behalf and generates reports on the activities on our website and provides us with other services associated with Internet use. According to the company, Google does not associate the IP address with any other data held by Google.
You can disable Google Analytics by clicking on the following link: javascript:gaOptout(). This installs an opt-out cookie on your device. This opt-out cookie will prevent Google Analytics from collecting cookies for this website and for this browser in the future as long as the cookie remains installed in your browser.
As an alternative, you can prevent the storage of cookies by setting your browser software accordingly. Also install the browser plugin available at the following link: Browser Add-On for deactivating Google Analytics. This will prevent the collection and forwarding of data relating to your use of the website (including your IP address) as well as the processing of this data by Google.
Google Tag Manager
In connection with Google Analytics we also use the Google Tag Manager. This service is used for the flexible integration of so-called "tags", which transmit the desired analysed data to Google Analytics using code positions. The Tag Manager does not collect or access any personally identifiable information. The data are always anonymised.
Integration of Google Maps
The offer of Google Maps is also used on our website. This allows us to display an interactive map directly on the website and enables you to conveniently use the map function.
Description and scope of processing:
By visiting the website, Google receives information that you have called up the corresponding website. In addition, the data mentioned under Section 3.1 will be transmitted. This is regardless of whether Google provides a user account with which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly matched to your account. If you do not wish to be matched to your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an analysis is carried out in particular (even for users not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
For more information on the purpose and scope of data collection and processing by Google, please see Google's privacy policy. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: https://policies.google.com/privacy?hl=en. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
Legal basis for processing:
The legal basis for the processing of personal data is Art. 6 Sec. 1 lit. f GDPR.
Purpose of data processing:
The integration of Google Maps serves solely to offer you a route planner to our business location. The use of the convenient route planner is only possible with the integration of Google Maps and the corresponding data processing. For this purpose, our legitimate interest also lies in the processing of personal data.
Duration of storage:
The data you enter in the route planner will not be stored by us. If you wish to have your data deleted by Google, please refer to the Google data protection declaration given above.
Data which you transmit to us
For certain offers and services on our website, you must provide us with personal data about yourself and for the fulfilment of the respective offer/service requested.
Processing orders
Description and scope of data processing
You have the option of ordering information brochures and products from our online offer. If you place an order, we require your contact data to process shipping. We process these data only for the registration and processing of your order and store them in the customer system on the SAP server of Ypsomed AG in Switzerland.
Purpose and legal basis for data processing:
The purpose of processing is to comply with your request and to send you the desired information and brochures. This enables us to fulfil our contractual obligations or to take pre-contractual measures.
Contact form and service phone
Description and scope of data processing
For your questions and concerns you can contact us via a contact form or by phone. The following data are collected via the contact form: first and last name, country, e-mail, message text. If you call us, your name and, if applicable, other contact data such as your callback number or e-mail address, which you provide us via the telephone, as well as the reason for your call and the date and time of your call, will be recorded and stored by our employees on the service telephone. We use your data exclusively to process your enquiry or concern. By submitting your contact request using the form on our Internet page, you give us your consent that we may process personal data about you to answer your request. We store the data in the customer system on the SAP server of Ypsomed AG in Switzerland.
Legal basis for data processing:
The legal basis for processing your data is your consent, Art. 6 para. 1 lit. a GDPR. If you call us and we do not obtain separate consent, we base the processing of your data on our legitimate interest to be able to process and respond to your request/concern as requested or to fulfil our contractual obligations, Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR.
Duration of storage:
The data will be deleted as soon as they are no longer necessary for the purpose of their processing. This is the case in the context of your enquiries when the relevant facts have been completely clarified, unless contractual or statutory obligations prevent deletion.
Newsletter and media distribution list
Description and scope of data processing
When you register for our newsletter, we collect your e-mail address as well as your surname, first name and interest group. We use the data transmitted by you for the provision of information about Ypsomed or our products in the form of a newsletter. Distribution is by E-mail via the service provider Evalanche (SC-Networks GmbH, Enzianstrasse 2, Starnberg, Germany).
Legal basis for data processing:
The legal basis for processing is your consent when registering for our newsletter, Art. 6 para. 1 lit. a GDPR.
Duration of storage:
If you unsubscribe from a newsletter, your profile will remain in our newsletter database as long as you are still subscribed to other Ypsomed newsletters. Your profile will only be deleted if you have unsubscribed from all newsletters or if you expressly request deletion via our contact form.
User account
Access to certain Internet pages is protected by a password. In order to gain access to such pages, you must register in advance and provide us with further information (e.g. profession, therapy details, etc.) in connection with the desired service.
Description and scope of data processing
The data you provide will only be used for the registration and authentication of your person. If required by law, we will verify your information before we send you access data.
Legal basis for data processing:
The legal basis for the processing of your data is your consent when registering for the user account, Art. 6 para. 1 lit. a GDPR.
Duration of storage:
The data of your user account is hosted on servers in Germany. The operation and hosting of the SAAS solution is guaranteed by the provider maxcluster (maxcluster GmbH, Technologiepark 8, Paderborn, Germany).
You can cancel your user accounts at any time. In this case we delete your data on the web server, unless contractual or legal obligations preclude deletion.
Online job application
Description and scope of data processing
Online form
If you are interested in one of our job vacancies, you can send us your complete documents via an online application form. You will be asked for the following data via the application form: title, first and last name, country, e-mail address, job reference, application documents (motivation letter, curriculum vitae, certificates), optional: address, telephone number, remarks/questions.
Applications that you submit using the online application form are sent via a secure link to the address of the Human Resources Department referred to in the job advertisement. The web server itself does not store any personal data and application documents from the web form.
Application by e-mail
You can also send your application documents directly by e-mail. To do this, use the e-mail address declared in the job advertisement. Please note that an unencrypted transmission by e-mail takes place in this case and that your data could under circumstances be viewed by third parties.
Legal basis for data processing:
Depending on the outcome of the further application process, your documents will be used to establish an employment relationship and to implement pre-contractual measures. This gives us the legal basis for processing your data. The legal basis is Art. 6 para. 1 lit. b GDPR.
Duration of storage:
The application documents are kept in the inbox of the Human Resources Department during the recruitment process and deleted after completion of the application process. When you are employed by Ypsomed, we record your data in Ypsomed's personnel system and the statutory retention obligations during and after termination of an employment relationship apply.
Forwarding of personal data to third parties
If necessary, we share your personal data for the processing of orders, the clarification of enquiries or in connection with technical maintenance work with companies within the Ypsomed Group as well as external service providers insofar as this is necessary to process the contract or if you have consented explicitly. We only disclose as much information as is necessary for this purpose and for completing the order. For example, when ordering products it is necessary for us to pass on your name and address to our shipping agents, to logistics providers, or to pass your bank account details to our bank.
Ypsomed remains responsible for the control and correct processing of the data, even if they are forwarded to companies of the Ypsomed Group or external third parties for the handling of business processes. We ensure that the companies of the Ypsomed Group comply with data protection regulations with the required contractual agreements and also oblige our distribution partners as well as the suppliers commissioned by us, to respect data protection and data security and to only process the data as is necessary to fulfil their task.
Your rights
Right to information, correction and deletion
You can request information in writing at any time as to whether and which personal data we process from you for which purpose, who is the recipient of your data, if any, how long the data is stored, where the data originates from, what rights you are entitled to and whether automated decision making including profiling is thus carried out. Furthermore, you can request the correction or completion as well as the deletion of your data. To do this, please send us a message to the above contact address.
We will endeavour to correct/complete or delete your data immediately upon request. Deletion may be prevented by the necessity to keep the data for the fulfilment of a legal obligation (e.g. tax or commercial retention obligations), for reasons of public interest or for the assertion, exercise or defence of legal claims.
Children
We do not want to process personal data of children without permission. Persons under 16 years of age are expressly advised that they must obtain the consent of their legal guardian to transfer their personal data.
If we become aware that a user is a minor and he/she has provided us with personal data without the verifiable consent of a legal guardian, we will delete these data from our databases immediately. Legal guardians have the option of viewing the information provided by the child and/or request deletion at any time. Until the request for correction or deletion is placed, the provisions of this data protection declaration shall apply.
Right to restriction and data transmission
You have the right to request that the processing of your personal data be restricted, provided that the legal requirements are met.
You may request your personal data that you have provided to us in a structured, common and machine-readable format or have it transferred to another responsible person.
Right of revocation
You can revoke all declarations of consent you have given us for the processing of your personal data at any time without giving reasons. The processing of the data remains lawful until revocation of consent.
Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is performed based on Art. 6 Sec. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
Right of complaint
You can lodge a complaint with the data protection supervisory authority of your usual place of residence or workplace or our registered office if you have doubts that your data are being processed in a legally compliant manner.
Links
The Ypsomed Internet website may contain links to external pages. If you use one of these links, please be aware that this data protection declaration no longer applies to the external site and that Ypsomed does not monitor these sites. You can obtain information on the external Internet site about the applicable data protection regulations there.
Changes to this data protection declaration
This data protection declaration must be amended from time to time so that it meets the legal requirements or so that changes to our services and offers are implemented in the data protection declaration. We reserve the right to change this at any time. The respective current version can always be found here in the same place. Please consult the data protection declaration regularly when you visit our Internet site.