PRIVACY STATEMENT
Information on collecting, processing and using personal data in Online Platform of Valartis Group AG.
1. Introduction
We respect and protect your privacy. For this reason, we tell you in this privacy statement what information we collect when you are using Online Platform and for what purposes we use it. We also tell you about your data protection rights and let you know to whom you can turn if you have any questions.
2. What is personal data?
Personal data is data that can be assigned to your person. Such data includes not only your name, address, email address and telephone number but also which portal pages you have viewed and visited. Personal data is collected, used or processed by us only if this is permitted by law or you have consented thereto.
3. Who are we?
The Company (data controller):
Valartis Group AG
Rue de Romont 29/31
1700 Fribourg
Data processor on behalf of the Company and operator of Online Platform:
Bischoff Creatives GmbH
Nordstrasse 63
8006 Zürich
4. To whom does this privacy statement apply?
This privacy statement applies to all users of Online Platform. More specifically these users are:
- The Company’s shareholders
5. What data is collected, processed and used in Online Platform and for what purposes is this done?
The following personal data is collected, processed and used:
- portal users’ access data and activity logs
- usernames and passwords for individual registrations and electronic logins into Online Platform
- shareholder and contact data (e.g. address data including email address,)
- for the documentation of your online registration for the general meeting
- for the documentation of online orders
- for the documentation concerning your representation by means of power of attorney at the general meeting by the authorised representative and any instructions you have issued
- for any making contact in the event of contact and service enquiries connected with the general meeting
- access log/server log data
This data does not usually enable the user to be identified and for us it is not assignable to any specific individuals. None of this data will be merged with other data sources. This data is used exclusively for the purposes of the portal’s operation, security and optimisation. We reserve the right, however, to review access log data at a later date and to forward it to authorised third parties if there is good reason to suspect that Online Platform is being used unlawfully.
6. On what legal basis do we process or use your data?
The legal basis for data processing and use is the contractually regulated data processing in accordance with data protection legislation.
Once you have granted consent to process personal data for specific purposes, it is lawful to process and use this data. You may withdraw your consent at any time. Consent may be withdrawn by sending an email to support@vvote.ch. Withdrawal of consent affects neither the lawfulness of the data processed until the time of withdrawal nor the lawfulness of data processing operations based on other legal bases.
7. Who receives your data and why?
We will use your personal data (including the accrued access log data) or forward it to third parties only insofar as this is necessary to comply with laws, provisions or legal requirements, particularly to protect data or to protect the integrity of the Online Platform or to support investigations by the enforcement authorities or investigations into matters concerning public security and insofar as we are obliged to do so by law or by court order.
A legal obligation to forward your personal data to external authorities arises in respect of the following recipients in particular:
- public bodies, supervisory authorities and agencies, e.g. tax authorities
- judicial/enforcement authorities, e.g. police, prosecution department, courts
- lawyers and notaries, e.g. in insolvency proceedings
- auditors
If we forward your personal data to any external service provider for order fulfilment, such service provider is bound by the provisions of the Federal Act on Data Protection (FADP), other relevant data protection laws and the underlying contracts.
Within the framework of using Online Platform and in light of the foregoing, we will forward your personal data, proxy and voting instructions only to the independent voting representative and, when the general meeting is being held, to the Company.
8. Use of cookies
Cookies are small text files that are downloaded to your computer when you visit Online Platform. The cookies stored are sent to Online Platform at the time of each new visit to recognise your computer when Online Platform is used.
Persistent cookies
We use persistent cookies (stored beyond the browser session) to store user settings, e.g. your location and/or language setting. This means you will not have to reconfigure your settings whenever you visit Online Platform. The data stored in a persistent cookie when Online Platform is first visited is transmitted to the server whenever Online Platform is revisited.
Session cookies
We use session cookies to identify you beyond the individual browser request as a user logged into Online Platform. This is provided you have successfully logged in using your username and password. Thus, a browser setting is ended automatically after a certain time (timeout) or by logging out. Session cookies are therefore deleted when your browser session ends.
Cookies from third-party providers are not used in Online Platform.
9. Data security
We have taken extensive technical and organisational security measures to protect your personal data stored with us against unauthorised access and abuse, loss, destruction, alteration or distribution of your data by authorised individuals.
Our security procedures are regularly reviewed and optimised in line with technological advances. Our employees receive regular training and are under a duty to maintain data secrecy.
Access to your user account is possible only after your personal username and password have been entered. You should at all times treat your access information as confidential and close the browser window whenever you have ended communication with us, particularly if you use the computer together with others.
When data is transferred, we provide you with SSL (Secure Sockets Layer) security procedures in conjunction with 256-bit encryption. This technique provides the highest possible security and is therefore for example also used by banks for data protection in online banking. You can see that encrypted data is being transmitted when you see a locked key or lock symbol in the status bar at the bottom of your browser or in your browser’s address line. To enable this secure data communication, it is necessary for technical reasons, for the duration of the connection on your computer, to permit session cookies, which are automatically deleted once the connection has ended.
Your data will be stored exclusively on servers in Switzerland.
10. Your rights
Your right to access, be informed and rectify data
At your express request in writing, we grant you at any time access to the personal data which we have stored concerning your person. In a few cases we are unable or not permitted to grant access. If this is legally permissible, we always in this case promptly let you know the reasons for the refusal. You have the right to file a complaint.
Should your details be incorrect or no longer correct, you may have the data rectified. Should your data be incomplete, you may have it completed.
Please note that we can exclusively rectify or complete personal data which has been collected by us directly. Data transmitted to us by third parties (e.g. shareholder data) may be rectified or completed only via your custodian bank.
Your right to have your personal data deleted.
You can have your personal data deleted immediately for the following reasons:
- If your personal data is no longer needed for the purposes for which we collected it
- If you withdraw your consent and there is no other legal basis
- If you object to processing and there are no compelling reasons worthy of protection for any processing
- If your personal data has been processed unlawfully
- If your personal data needs to be deleted to comply with legal requirements
Please note that any entitlement to deletion depends on whether there is good reason to make processing of the data necessary.
Your right to have processing of your personal data restricted
You have the right to have processing of your personal data restricted for the following reasons:
- If the accuracy of your personal data is disputed by you and we had the option of reviewing its accuracy
- If processing does not take place lawfully and you ask for restricted use instead of deletion
- If we no longer need your data for the purposes of processing but you need it for asserting, exercising or defending against legal claims
11. Deletion and retention periods for your data
We do not store your data longer than we need it for processing purposes.
If the data is no longer necessary for executing contractual or legal obligations, it is deleted at regular intervals unless its retention – limited in time – continues to be necessary. The following reasons are examples of this:
- Execution of burden of proof and retention obligations under company, trading or tax legislation
- Obtaining evidence for legal disputes in the context of legal provisions related to limitation periods
12. Other information and contact details
If you have any questions concerning Online Platform, and particularly concerning collecting, processing or using your personal data and withdrawing consents granted, please contact support@vvote.ch.
13. Amendments, corrections or updates of this privacy statement
From time to time it may be necessary for us to amend this privacy statement. We therefore advise you to read this privacy statement at regular intervals. Rest assured, however, that amendments will not enter into force retroactively and that we will not change the way in which data collected earlier is handled.
As of: April 2023