Privacy Policy

[borlabs-cookie type=“btn-cookie-preference“ title=“Change Cookie Settings“/]

This website is operated by HBImed AG. We appreciate your interest and your visit! The protection of personal data has always been very important to us. Therefore, we will explain below what information we collect when you visit our website. You will also learn what data is collected for what purpose and on what legal basis when you contact us, as well as what rights you have regarding the processing of personal data. As our internet offerings and the technologies used may evolve, we recommend that you reread the privacy policy from time to time.

As of: November 2020

a. Responsible Parties 

b. Legal basis for our data processing:

Using information when contacting HBimed AG

  • Use of Information: when contacting us in writing by mail, email, or fax
  • Use of information: when using contact and registration forms on our websites
  • Commercial and Business Services
  • Notice of revocation

II Collection of personal data when using our websites

  • Collection of personal data during purely informational use of our websites
  • Session cookies and persistent cookies
  • Video conferences, online meetings, webinars, and screen sharing
  • Promotional communication via email, mail, fax, or telephone
  • Plugins and embedded functions as well as content
  • Online marketing

III Order Data Processing and Information on External Links

  • Contract processor
  • Links to external websites

IV. Your Rights

  • Right to complain to the competent supervisory authority

a. Responsible Parties

Responsible for the processing of personal data is:

HBImed AG
Post Street 22
7000 Chur
Switzerland
Tel.: +41 71 931 40 20
Email: contact@hbimed.com

For specific questions about data protection and for further information regarding the processing of personal data, you can reach us at:

HBImed AG
Post Street 22
7000 Chur
Switzerland
E-Mail: datenschutz@hbimed.com

b. Legal basis for our data processing:

The legal basis for data processing arises from the provisions of Article 6 GDPR, with data processing primarily

  • based on consent, Art. 6 Para. 1 Sentence 1 lit. a GDPR
  • for the performance of the contract, Art. 6 para. 1 sentence 1 letter b GDPR
  • to fulfill legal obligations, Art. 6 para. 1 lit. c. GDPR
  • or for the protection of legitimate interests, Art. 6(1)(f) GDPR

occurs.

Using information when contacting HBImed AG

Use of Information: when contacting us in writing by mail, email, or fax

If you contact HBImed AG in writing by mail, email, or fax, the data you transmit (e.g., last name, first name, address, email address, telephone number) as well as the information contained in the message and any other personal data you transmit will be used for the purpose of contact and processing your request. If you contact us by phone, personal data will generally not be collected unless it is necessary for the processing of your request (callback, written communication, or similar). The processing of data via the methods mentioned here is voluntary and based on your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR.

Use of information: when using contact and registration forms on our websites

If you use a contact or registration form on one of our websites, the following personal details, marked with „X,“ are required for initial contact. Details marked with „–“ will not be requested at the corresponding point:

The data from the respective forms will be used to process your request, and your contact details will be stored by us in case of follow-up questions. The data you enter in the contact form will remain with us until you request deletion, withdraw your consent for storage, or the purpose for data storage ceases to apply. Mandatory legal provisions – especially retention periods – remain unaffected. Should we be unable to resolve your query via email in the case of support requests, we will offer telephone support and, if desired, online support via remote maintenance. This may require additional personal data, such as contact details for conducting video conferences and the use of third-party remote maintenance software. These are carefully selected by us, and data processing agreements have been concluded with them. In all cases, data processing is carried out with your consent based on Art. 6 (1) sentence 1 lit. a GDPR and is exclusively for the purpose of task fulfillment.

Commercial and Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as „contractual partners“) in the context of contractual and comparable legal relationships as well as associated measures and in the context of communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for the administrative tasks associated with this information as well as for business organization purposes. We only disclose the data of contractual partners to third parties within the scope of applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations, or if it is done with the consent of the data subjects (e.g., to involved telecommunication, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within this privacy policy.

We will inform contracting parties about the data required for the aforementioned purposes before or during data collection, e.g., in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

We delete data after the expiration of statutory warranty and comparable obligations, meaning generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for statutory archiving purposes (e.g., for tax purposes, generally 10 years). Data disclosed to us by the contractual partner within the scope of an order will be deleted according to the specifications of the order, generally after the end of the order.

To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms shall apply to the relationship between users and the providers.

Notice of revocation

In principle, you can revoke your consent to the use of the data mentioned above at any time. Further information on this and on your so-called data subject rights can be found in Section IV.

II Collection of personal data when using our websites

Collection of personal data during purely informational use of our websites 

You can visit our websites without providing personal information. If you use our website purely for informational purposes, meaning without registering or filling out forms, we only collect the personal data that your browser automatically transmits to our server and stores in protocol data, known as server log files. No website can function without this. Log files are stored to ensure the website's functionality. Additionally, we use the data to optimize the website and to ensure its stability and security. The following data is collected:

  • Name of the retrieved webpage
  • IP Address
  • Date and time of request
  • Transferred data volume and message about successful retrieval
  • Time zone difference to Greenwich Mean Time (GMT)
  • Websites from which the user's system reached our internet page
  • User's Internet Service Provider
  • User's operating system
  • Access status/HTTP status code
  • Browser type, language, and browser software version

Since the collection and storage of this data in log files is necessary for operating a website in the first place, users cannot object. The provider uses the log data only for statistical evaluations for the purpose of operation, security, and optimization of the offering. However, the provider reserves the right to review the log data retroactively if there is a justified suspicion of unlawful use due to concrete indications. No evaluation for marketing purposes takes place. This data is not merged with other data sources. The basis for data processing is Article 6(1)(f) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Session cookies and persistent cookies

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to and stored on your hard drive by the browser you use; and through which certain information flows to the party that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. Cookies are used on the one hand to make our website more user-friendly (e.g., storing login data, using a shopping cart, etc.), more effective, and more secure. On the other hand, they are used to collect statistical data on website usage and to analyze it for the purpose of improving the offering.

On our websites, we use Session Cookies. A session cookie is a temporary cookie and, as the name suggests, is time-limited. These contain data such as an identification number (so-called session ID). They allow the server to associate subsequent requests from the browser with the same user and/or are necessary for the functioning of certain features. These session cookies are automatically deleted as soon as the browser is closed. Other cookies remain stored on your end device until you delete them. These cookies allow us to recognize your browser on your next visit.

On the website https://www.hbimed.com/let's also use Permanent Cookies
Permanent cookies are set when you register as a customer on our website. When creating your user account, you will be asked if you wish to save your login details. This will result in your username and password (encrypted) being pre-filled when you log in on your next visit to the website. In this case, the cookie will only be deleted after 30 days. The use of cookies on the websites of BEE Medic GmbH is based on the legal grounds of Art. 6 para. 1 sentence 1 lit. f GDPR, stemming from the legitimate interest in the technically flawless presentation of our websites and the optimal provision of our services. Other cookies, e.g., cookies for analyzing your surfing behavior, will be treated separately below.

Both temporary and permanent cookies can be controlled and actively deleted by you at any time. Internet browsers are set to accept cookies by default. However, you can make corresponding changes in your browser settings. You can find more information on this in your browser's help function. Please note: this is up to you as an internet user, and you must take personal action here. Please also note that disabling/restricting cookies may cause problems when using websites, and for example, on our website https://www.hbimed.com/be able to use the customer account function only to a limited extent or not at all.

Video conferences, online meetings, webinars, and screen sharing

We use third-party platforms and applications (hereinafter referred to as “third parties”) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings. We comply with legal requirements when selecting third parties and their services.

Within this framework, data of the communication participants are processed and stored on the servers of third-party providers, insofar as they are part of communication processes with us. This data may include, in particular, login and contact details, visual and voice contributions, as well as chat inputs and shared screen content.

If users are referred to third-party providers, i.e., their software or platforms, within the scope of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. Therefore, we ask you to observe the privacy notices of the respective third-party providers.

Legal Basis Information: If we ask users for their consent to the use of third parties or specific functions (e.g., consent to record conversations), the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of third parties has been agreed upon within this framework. Otherwise, user data will be processed based on our legitimate interests in efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: File data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text inputs, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Communication partners, users (e.g., website visitors, online service users).
  • Purposes of processing: Contractual services and service, contact inquiries and communication, office and organizational procedures.
  • Legal basis: Consent (Art. 6(1) sentence 1 letter a GDPR), performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 letter b GDPR), Legitimate interests (Art. 6(1) sentence 1 letter f GDPR).

Services and Service Providers Used:

Newsletter and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as „newsletters“) only with the consent of the recipients or a legal permit. If the contents of the newsletter are specifically described in the context of a subscription, they are decisive for the users' consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you for a name, for the purpose of personal address in the newsletter, or for further details if they are necessary for the purposes of the newsletter.

Double opt-in procedure: Subscription to our newsletter is generally done using a double opt-in procedure. This means that after you subscribe, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent people from subscribing with someone else's email address. Newsletter subscriptions are logged to prove the subscription process in accordance with legal requirements. This includes storing the subscription and confirmation timestamp, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Erasure and restriction of processing: We may store the processed email addresses for up to three years based on our legitimate interests before deleting them, in order to prove a previously given consent. The processing of this data will be limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is simultaneously confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a block list (so-called „blacklist“).

The logging of the login procedure is carried out based on our legitimate interests for the purpose of proving its proper functioning. As far as we commission a service provider with the dispatch of emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Legal Basis Information: Newsletters are sent based on the recipients' consent or, if consent is not required, based on our legitimate interests in direct marketing, insofar as this is legally permitted, for example, in the case of advertising to existing customers. To the extent that we engage a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is logged based on our legitimate interests to demonstrate that it was carried out in compliance with the law.

Contents Information about us, our services, promotions, and offers.

  • Processed data types: File data (e.g., names, addresses), contact data (e.g., email, phone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).
  • Affected persons: Communication partner.
  • Purposes of processing: Direct marketing (e.g., by e-mail or mail).
  • Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • Possibility of objection (opt-out): You can unsubscribe from our newsletter at any time, i.e. withdraw your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact methods provided above, preferably email, for this purpose.

Services and Service Providers Used:

Promotional communication via email, mail, fax, or telephone

We process personal data for the purpose of advertising communications, which may take place through various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

The recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or objection, we can store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data will be limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

  • Processed data types: File data (e.g., names, addresses), contact data (e.g., email, phone numbers).
  • Affected persons: Communication partner.
  • Purposes of processing: Direct marketing (e.g., by e-mail or mail).
  • Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as „third-party providers”). These can include, for example, graphics, videos, or social media buttons, as well as posts (hereinafter collectively referred to as „content”).

Embedding always requires the third-party providers of these contents to process the users„ IP addresses, as they cannot send the contents to their browsers without the IP address. The IP address is therefore necessary for the display of these contents or functions. We endeavor to use only content whose respective providers only use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons„) for statistical or marketing purposes. Through the “pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymized information can also be stored in cookies on the users' devices and, among other things, contain technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online services, as well as be linked with such information from other sources.

Legal Basis Information: If we ask users for their consent to use third parties, the legal basis for data processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., our interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (data indicating the location of an end-user's terminal device), inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text inputs, photographs, videos).
  • Affected persons: User (e.g., website visitor, online service user).
  • Purposes of processing: Provision of our online offering and user-friendliness, contractual services and support, security measures, management and response to inquiries.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Services and Service Providers Used:

Online marketing

We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as „content“) based on users' potential interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called „cookie“) or similar procedures are used, by means of which information relevant to the user for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) is stored in the context of online marketing procedures, but rather pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in cookies or by means of similar procedures. These cookies can then generally be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data can be assigned to profiles. This is the case, for example, when users are members of a social network whose online marketing procedures we use, and the network links the users' profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example, through consent during registration.

We generally only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion tracking, we can check which of our online marketing measures have led to a so-called conversion, i.e., for example, to a contract with us. Conversion tracking is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Legal Basis Information: If we ask users for their consent to use third parties, the legal basis for data processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., our interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, online service users), prospective customers.
  • Purposes of processing: Tracking (e.g., interest/behavior-based profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavior-based marketing, profiling (creation of user profiles), conversion measurement (measurement of marketing measure effectiveness), reach measurement (e.g., access statistics, detection of returning visitors).
  • Security measures: IP Masking (IP Address Pseudonymization).
  • Legal basis: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • Possibility of objection (opt-out): We refer to the respective providers„ privacy notices and the opt-out options indicated for the providers. If no explicit opt-out option is provided, you have the possibility to disable cookies in your browser settings. However, this may restrict the functionality of our online offering. We therefore also recommend the following opt-out options, which are offered in summary for specific regions: a) Europe: https://www.youronlinechoices.eu. Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Transnational / Cross-regional https://optout.aboutads.info.

Services and Service Providers Used:

  • Google Analytics Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy https://policies.google.com/privacy; Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad display settings: https://adssettings.google.com/authenticated.
  • Google Ads and Conversion Tracking We use the online marketing method „Google Ads“ to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page equipped with a so-called „conversion tracking tag.“ We ourselves do not receive any information that would allow users to be identified. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy https://policies.google.com/privacy.

III Order Data Processing and Information on External Links

Contract processor

We may pass data to order processors (e.g., IT service providers for remote maintenance and support, hosting providers, in the context of product software development, service providers for generating release codes for the use of feedback animations, data centers, or for print and newsletter dispatch) who support us in contract processing and the fulfillment of legal obligations. These service providers are carefully selected and commissioned and are bound by our instructions. Separate data processing agreements have been concluded with all of them to ensure the protection of your personal data.

The processing of inquiries, orders, and course registrations is handled by BEE Medic GmbH Germany and BEE Medic GmbH Switzerland. Stored data includes first and last name, company, address, email, profession, and phone number.

Links to external websites

Our websites contain links to the websites of other companies. These are primarily relevant so that if you are interested in, for example, a seminar or supervision listed on our website, you can go directly to the provider of the offer. We do not transfer any personal data in this process. Please also be sure to note the data protection declarations of the providers or practices to which we link. We have no influence on data protection by these external providers.

IV. Your Rights

Under the GDPR, you have the following so-called data subject rights regarding your personal data:

  • Right of access, Article 15 GDPR
    You have the right to free access to your personal data, its origin, recipients, and purpose at any time, in accordance with the applicable legal provisions.
  • Right to Rectification, Art. 16 GDPR
    You have the option to have inaccurate personal data concerning you corrected.
  • Right to erasure („right to be forgotten“), Art. 17 GDPR
    The right to erasure includes the possibility to have data deleted. However, this is only possible if the personal data concerned is no longer necessary, is being processed unlawfully, the relevant consent has been withdrawn, and none of the legally regulated grounds for exclusion apply.
  • Right to restriction of processing, Art. 18 GDPR
    The right to restrict processing includes the data subject's ability to prevent further processing of personal data for the time being. A restriction is particularly possible during the review phase of other rights being exercised by the data subject.
  • Right to data portability, Art. 20 GDPR
    The right to data portability includes the ability for the data subject to receive their personal data in a common, machine-readable format in order to forward it to other controllers if necessary.
  • Right to object to processing, Art. 21 GDPR 
    You have the right to withdraw your consent at any time, free of charge, without affecting the lawfulness of processing based on consent before its withdrawal. If consent is withdrawn, we will cease the relevant data processing.

If you have reason to claim the rights mentioned here, please contact us in writing at:

HBImed AG
Post Street 22
7000 Chur
Switzerland
E-Mail: datenschutz@hbimed.com

Please note that only you personally can exercise corresponding rights, and this cannot be done on behalf of third parties. For example, if you are listed as a practice owner with us as a customer, the request must be made by you personally and not by secretarial staff. We ask for your understanding that the request should ideally be made in writing and signed, and we reserve the right to ask further questions if necessary to unequivocally verify your identity.
Further information on applicant rights can be found on our website under „Jobs“.

Right to complain to the competent supervisory authority

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR. The right to complain may be exercised in particular with a supervisory authority in the Member State of your habitual residence or place of the alleged infringement.

Home | Contact | Terms and Conditions | Imprint | Data Protection

HBimed AG
Poststrasse 22
7000 Chur
Switzerland

+41-71-9314020
info@hbimed.com