INSTYTUTUM AG is a company registered in Switzerland with the main office at Gubelstrasse 12, 6300 Zug, Switzerland, company registration number: CHE-440.903.330 (hereinafter — we, our, us) that operates this Website (hereinafter — Website).
1. Information we collect
1.1. While using our Website, you may decide to provide us with certain information about you by completing online forms, registering on our Website, making orders, contacting us, etc. The types of personal information you may provide to us include, but not limited to: name, contact information (address, e-mail address, telephone number, fax number), billing information (such as your payment card number, expiration date, delivery address, and billing address), username and, personal preferences, interests in and use of various products and services, content of communication with us, and photos in case of use of the Personalized Care Program. You do not have to provide listed above and below personal data to access the Website but certain functionality will not otherwise be available to you.
1.2. Once you visit our Website we may automatically collect some information that cannot be readily used to identify you, e.g. the domain name and IP address of your computer, type of browser you are using, operating system and platform, technical information, geographical location information about your visit to our Website (length of visit, products you viewed, page response time, navigation paths, as well as information about the timing, frequency, and pattern of your service use, etc.). We may use this information, individually or in the aggregate, for technical administration of our Website, analytic tracking system, research, and development. The legal basis for this processing is our legitimate interests, for monitoring and improving our Website and services.
2. Processing of personal information
We protect your data by limiting access to your data only to persons that need access to conduct or facilitate any transaction between you and us, or persons that otherwise need to complete activities outlined in this section.
2.1. We may process your information included in your personal profile on our Website. The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. We do not knowingly collect information about people under 18 years old. The profile data may be processed for the purposes of enabling and monitoring your use of our Website and services, creating and managing your personal profile, operating our Website, providing our services, ensuring the security of our Website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests for the proper administration of our Website and business.
2.2. We may process information that you post for publication on our Website or through our services. The publication data may be processed for the purposes of enabling such publication and administering our Website and services. The legal basis is our legitimate interests for the proper administration of our Website and business.
2.3. We may process information contained in any inquiry you submit to us regarding goods and/or services. The inquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis is our legitimate interests for the proper administration of our Website and business.
2.4. We may process information relating to our customer relationships, including customer contact information. The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications, assisting with product selection and making recommendations to you, and promoting our products and services to customers. The legal basis for this processing is the proper management of our customer relationships.
2.5. We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our Website. The transaction data may include your contact details, your card details, and the transaction details. The transaction data may be processed for the purpose of accepting of your orders and fulfillment of agreements between you and us, processing your payment, supplying the purchased goods and services and keeping proper records of those transactions. The legal basis is our legitimate interests for the proper administration of our Website and business.
2.7. In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3. Use of The Personalized Care Program
4. Providing your personal data to others
We do not rent lists, sell or otherwise disclose personal information we collect, except as described hereunder. We may share your personal to complete the activities outlined in this section.
4.1. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company, and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2. We may disclose your personal data to our service providers who perform services on our behalf based on our instructions, insurers and professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice and provision of services.
We may share your personal data with our service providers who are involved in our business processes.
Examples of personal data usage by our service providers:
- We pass your delivery address and telephone number to our warehouse to complete, fulfill, manage and communicate with you about your orders;
- We pass your delivery address and telephone number to our shipping service providers in case they need to contact you directly if there is a problem with your delivery. Our shipping service providers are FedEx, DHL, UPS, USPS. Privacy Policies of our service providers are available at their Websites accordingly;
- We pass certain personal information to payment management companies to enable them to verify your credit or debit card details (as stated in paragraph 4.3.);
- We pass your personal information to service providers that assist us with our marketing and data analytics efforts to inform you and make recommendations about our products and INSTYTUTUM Offerings, including sales, special offers, and new Website features and to send you other promotional communication. Our marketing and data providers are Google and Mailchimp. Privacy Policies of our service providers are available at their Websites accordingly.
We do not authorize these service providers, insurers and professional advisers to use or disclose personal information except as necessary to perform services on our behalf or comply with legal requirements.
4.3. Financial transactions relating to our Website and services are handled by our payment services providers Six Payment Services, PayPal and American Express. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:
- Six Payment Services: https://www.six-payment-services.com/en/services/legal/privacy-statement.html
- PayPal: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
- American Express Company: https://www.americanexpress.com/us/content/legal-disclosures/privacy-center.html
Additional information is available upon request. Please contact us via mail at the address listed in Section 14 “Contact Us,” or call us at 41415112050
4.4. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5. Service Providers
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
5.1.1 Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
5.2 Behavioral Remarketing
5.2.1 Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
AdRoll remarketing service is provided by Semantic Sugar, Inc.
You can opt-out of AdRoll remarketing by visiting this AdRoll Advertising Preferences web page: https://app.adroll.com/optout
6. International transfers of your personal data
In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
6.1. We share your personal data with third parties outside the European Economic Area (EEA) in order to perform third party services on our behalf that comply with legal requirements. Transfers to each of these countries will be protected by appropriate safeguards namely the use of standard data protection clauses, adopted or approved by the European Commission.
6.2. The hosting facilities for our Website are situated in the USA, Chicago, Singlehop datacenter services. Transfers to hosting facilities are protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
7. Retaining and deleting personal data
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
7.1. We may keep your personal information only for so long as is necessary or where we have a legitimate interest to continue doing so. Where We no longer requires information to be in a format where you can be identified personally, e.g. where we keep information for analytical and research purposes or transaction information, we will remove any personal details about you.
7.3. Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
8.1. We may update this policy from time to time by publishing a new version on our Website.
9. Your rights and responsibilities
In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
9.1. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.
You can access your personal data by entering your personal account/cabinet when you are logged in on our Website (https://instytutum.com/account/).
9.2. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
9.3. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; For compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
9.4. In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
9.5. To help us protect your privacy, be sure: not to share your user ID or password with anyone else; to log off the Website when you are finished; to provide us true, accurate and complete information; not to use our Website if you are younger than 18 years old; not to provide us information about anyone else unless you have their permission to do so.
9.6. Should you wish to know more about what information we hold about you including making changes to, or requesting the deletion of, information that we hold about you, you are also entitled by law to make a Data Subject Request. You can make such a request by emailing us at [email protected] Please note that we may need to exclude certain information as part of your request, e.g. in order to protect the privacy of other individuals or if we are permitted to exclude the information for legal or other reasons.
9.7. Please be advised that deleting your personal information will limit our ability to contact you in connection with the INSTYTUTUM offerings, which may limit your ability to utilize the INSTYTUTUM offerings.
9.8. California Privacy Rights. California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt-out of such sharing. If you are a California resident and would like a copy of this notice or to opt-out, please send us a request to [email protected].
10.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
10.2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11. Cookies that we use
12. Cookies used by our service providers
12.3. Analytics cookies allow us to understand more about how many visitors we have to the Website, how many times they visit our Website and how many times a user viewed specific webpages within our site. Although analytics cookies allow us to gather specific information about the pages that you visit and whether you have visited our Website multiple times, we cannot use them to find out details such as your name or address.
13. Managing Cookies
13.1. If you do not want to accept cookies from our Website, you can change your browser settings so that cookies are not accepted. If you choose to do this, please be aware Website may no longer function as intended.
13.2. All popular browsers (e.g. Chrome, Internet Explorer, Firefox, Opera and Safari) allow you to amend your cookie settings so that cookies are no longer enabled across all Websites that you visit. You can find information explaining how to disable cookies for the main browsers in the ‘Where to find information about controlling cookies’ section at the Information Commissions Website https://ico.org.uk/your-data-matters/online/cookies/.
14. How to contact us
For questions regarding the processing of your personal data please contact:
INSTYTUTUM AG, Gubelstrasse 12, 6300 Zug, Switzerland,
Tel.: +41 41 511 20 50, e-mail: [email protected]
We always welcome and greatly appreciate your feedback, any comments or suggestions, which may contribute to a better quality of our work.
Thank you for choosing INSTYTUTUM
Effective date: of May 24, 2018