The responsible body within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is
In cooperation with our hosting providers, we make every effort to protect the databases as much as possible against unauthorised access, loss, misuse or corruption.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have vulnerabilities. A complete data protection against access by third parties is not possible.
By using this website, you agree to the collection, processing and use of data in accordance with the following description. In general, this website can be visited without registration. Data such as pages called up or names of files called up, date and time are stored on the server for statistical purposes without these data being directly related to your person. Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis. The data will not be passed on to third parties without your agreement.
BY USING THE SERVICES, YOU AGREE TO THESE TERMS; IF YOU DO NOT AGREE, DO NOT USE THE SERVICES.
Processing of personal data
Personal data is all information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, irrespective of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data – insofar and to the extent that the EU GDPR is applicable – in accordance with the following legal principles in connection with Art. 6 Para. 1 GDPR:
lit. a) Processing of personal data with the consent of the person concerned.
lit. b) Processing of personal data for the purpose of fulfilling a contract with the data subject and for carrying out appropriate pre-contractual measures.
lit. c) Processing of personal data for the fulfilment of a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR is applicable in whole or in part.
lit. d) Processing of personal data to protect vital interests of the data subject or of another natural person.
lit. f) Processing of personal data to safeguard the legitimate interests of us or of third parties, except where such interests are overridden by fundamental freedoms and rights or by the interests of the data subject. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for as long as is necessary for the respective purpose or purposes. In the case of longer-term storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
• Use of our offers
Depending on the specific offer that you use via OneTwenty, certain elements of your personal data required for the use of the offer and for the implementation of the contract (including payment processing) will be gathered. In addition, we may process personal data (e.g. on your specific usage patterns) in order to become more familiar with you and inform you of further offers in the future, which we will be able to tailor more closely to your requirements based on the information we have on you already. In certain circumstances, we may also use your personal data for statistical purposes, albeit solely on an anonymous basis, so that your identity cannot be deduced.
In the above-mentioned situation, for example, we will process the following personal data provided by you during registration or during your use of the app:
• Personal data (e.g. name, age, gender, contact details, e-mail address, etc.);
• Data about the self-care program that you have chosen;
• Measurement data that you enter in connection with the offer selected or a specific treatment (e.g. your current state of health, general treatment data, information on whether or not you are pregnant, information on your cardiovascular circulation, diabetes, blood pressure, blood sugar levels, etc.);
• Information on your dietary habits (e.g. nutrition plan, recipes selected, products selected, special diets, etc.);
• Information on activities entered via OneTwenty and measurement data connected with them (e.g. jogging activity, fitness training, etc.);
• Information on your behaviour in other areas of life (e.g. sleeping habits, etc.);
• Information as to whether you use the services of our cooperation partners (e.g. pharmacists, insurers);
• Additional information may be gathered depending on the offer;
• Communication: notices regarding technical issues or changes to the Products, some of which you cannot opt out;
• Product satisfaction data: We collect data on your satisfaction with the Products. Such data will be processed to analyse user satisfaction and to improve our Products. Such data will only be stored for as long as it is necessary for the purpose the data was obtained for.
As a matter of principle, we will process only the personal data which you provide us. You are under no obligation to provide us with any given information, unfortunately we will often be unable to offer you the full extent of our services unless you disclose certain personal data and allow us to process that data.
If we need to process special categories of personal data that require particular protection, we will ask for your express consent before doing so.
Compliance with legal requirements
We also process personal data in order to comply with legal provisions. These include regulatory provisions in particular, as well as disclosing documents to a public authority if we have good reason to do so or if we are compelled to do so by law.
Parties to whom your personal data may be disclosed
We may disclose your personal data to third parties if we wish to retain the services of the latter (“order data processors”), for example with regard to IT services (e.g. data hosting services, cloud services, the sending of e-mail newsletters, data analysis and data enhancement, etc.).
We will select our order data processors and conclude suitable contractual agreements to ensure that your personal data is protected for the entire period during which it is processed, including by third parties. Our order data processors are under a duty not to process personal data other than on instruction from and as instructed by us.
We may furthermore disclose your personal data to other third parties (including) for their own purposes. This is done either on an anonymous basis, so that your identity cannot be deduced, or solely with your express consent, for example if you wish to share your personal data with specific recipients, if you are complying with a request for treatment or if you are making use of an offer from one of our cooperation partners (e.g. pharmacists). In these cases, the recipient of your personal data is, where applicable, responsible in its own right for processing that data, and as such sets out its own data protection provisions to define how it processes your personal data.
We may additionally disclose your personal data to third parties (e.g. authorities in Switzerland and abroad) where required to do so by law. We furthermore reserve the right to process your personal data if so required to comply with a judicial order or to enforce or defend against a legal claim, or if we deem it necessary for any other legal grounds.
To the extent that we need a legal basis on which to process your personal data, we will rely on the following legal bases:
• Your authorization, where required for the specific processing in question;
• The performance of the contract with you;
• Our justified interests;
• The enforcement, exercise or defence against legal claims.
• What are your rights in terms of the processing of your personal data?
You may object to your data being processed at any time and are generally free to revoke your authorization to your data being processed. In particular, you are entitled to object to your data being processed in connection with direct advertising (e.g. against e-mail marketing).
You furthermore have the following rights:
• Right to be informed: You have the right to be informed of how we are processing your personal data and of the rights you have in connection with the processing of your personal data.
• Right to access: You have the right to access the personal data that we have on record for you, free of charge and at any time, if we process that data. This means that you have the right to check which personal data of youwe are processing.
• Right to correct: You have the right to rectify any incorrect or incomplete personal data concerning you. In this case, we will inform the recipients of the data concerned of any corrections that are made, unless this is impossible or would involve disproportionate effort or expense.
• Right to delete: You have the right to have your personal data deleted on request, provided that we are no longer required to store it by law.
• Right to restrict processing: Subject to certain conditions, you have the right to request that the processing of your personal data be limited.
• Right to have data transferred: You have the right to obtain the personal data that you have provided to us, in a legible format and free of charge, or to have us transfer that data to another responsible party.
• Right to lodge a complaint: You have the right to lodge a complaint with the competent data protection authority against the manner in which your personal data is processed.
• Right to withdraw: As a matter of principle, you have the right to withdraw any given consent at any time. Any data processing activities previously carried out based on your original consent will not however thereby become unlawful.
For how long do we store your personal data?
We store and process your personal data for as long as is necessary for the purpose for which we collected it. As a general rule, we store your personal data for the period for which you have installed the App and your account on your terminal or for which your account with us is active. If you delete your account in the App from your terminal, all information concerning you will be permanently deleted or anonymized, unless we have a justified interest in storing your personal data for a longer period (e.g. for evidentiary or security reasons, to guard against legal claims or to comply with legal obligations).
How do we protect your personal data?
We take appropriate security measures of a technical nature (e.g. encryption, access restriction, data backup, etc.) and of an organisational nature (e.g. instructions to our employees, etc.) to guarantee the security of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risk of loss, unintentional modification, undesired disclosure or unauthorised access. As a general rule, however, security risks cannot be completely excluded; certain residual risks are unavoidable.
Modifications to this data privacy notice
This data privacy notice may be adapted over time, especially if we change our data processing procedures or if new legal provisions come into effect. We will actively inform persons whose contact details are registered with us in the event of any significant changes, where this is possible without disproportionate effort or expenditure. As a general rule, however, the version of the data privacy notice in force when the processing concerned began shall apply.
This website uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of your browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.
If SSL encryption is activated, the data you send to us cannot be read by third parties.
If you would like to receive the newsletter offered on this website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected. We use these data exclusively for sending the requested information and do not pass them on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example by clicking on the „unsubscribe“ link in the newsletter.
This website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad served by Google. These cookies expire after 30 days and are not personally identifiable. If the user visits certain pages on our site and the cookie hasn’t expired, we and Google can tell that the user clicked the ad and was redirected to that page. Each Google AdWords customer receives a different cookie. As a result, cookies cannot be tracked across the websites of AdWords customers. The information collected through the conversion cookie is used to compile conversion statistics for advertisers who have opted in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can refuse to accept cookies by changing your browser settings to disable automatic placement of cookies or to set your browser to block cookies from the domain „googleleadservices.com“. Please note that you may not delete the opt-out cookies unless you wish to record measurement data. If you have deleted all your cookies in your browser, you have to set the respective opt-out cookie again.
This WebSite uses features from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already being transferred to Facebook in the process. If you have a Facebook account, this data can be linked to it. If you do not want this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a „Like“ or „Share“ button are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.
On this website we use social plugins from the social network Pinterest, which is operated by Pinterest Inc. 808 Brannan Street San Francisco, CA 94103-490, USA („Pinterest“). When you call up a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin transmits protocol data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Pinterest functions, the type and settings of your browser, the date and time of your request, your use of Pinterest and cookies.
External payment service providers
This website uses external payment service providers, through whose platforms the users and we can carry out payment transactions. For example via
• PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
• Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
• American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
• Bexio AG (https://www.bexio.com/de-CH/datenschutz)
• Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
• Apple Pay (https://support.apple.com/de-ch/ht203027)
• Google Pay (https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de)
• Stripe (https://stripe.com/ch/privacy)
• Klarna (https://www.klarna.com/de/datenschutz/)
• Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
• Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.
Within the framework of the performance of contracts, we appoint payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU- GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. f. EU- GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient related data. These details are required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard we refer to the general terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the respective payment service providers, which can be accessed within the respective website or transaction applications, apply to the payment transactions. We also refer to these for further information and the assertion of rights of revocation, information and other rights of affected persons.
If you have a Vimeo user account and do not want Vimeo to collect information about you through this web site and link it to your membership information stored at Vimeo, you must log out of Vimeo before visiting this web site.
In addition, Vimeo calls up the tracker Google Analytics via an iFrame in which the video is viewed. This is Vimeo’s own tracking system to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. In addition, you can prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.