Privacy Policy

This privacy policy applies to all users of this website (www.swisskern.com) and/or customers of Biokern AG (Swisskern).

Biokern AG pays strict attention to the protection of your data. We process your data in accordance with the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). This Privacy Policy applies to the use of all data collected by us or provided by you for the use of the website. Please read this Privacy Policy carefully. Here you will find information on the collection and processing of your data on our website.

This privacy policy applies only to data processing on this website. It does not apply to the websites of third parties that can be accessed from this website, including links that we offer to social media sites.

This Privacy Policy applies to users in Switzerland and the EU. If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection (FADP); if you are located in the EU, we process your data on the basis of the European General Data Protection Regulation (GDPR).

This Privacy Policy uses the terms of the Swiss DPA for
better readability, but means the following terms of the GDPR if EU law is
applicable:

The data controller decides alone or jointly with others on the purposes and means of processing personal data. The controller of this website is:

Biokern AG

Rütistrasse 55

9050 Appenzell

info@swisskern.com

Below we provide you with an overview of the legal bases of the GDPR on the basis of which we process personal data.

If you consent to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR for special categories of data in accordance with Art. 9 para. 1 GDPR. If you give your express consent for the transfer of personal data to third countries, the data processing takes place also, on the basis of Art. 49 para. 1 lit. a GDPR. Consent can be withdrawn at any time.

If your data is required to fulfil a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. We process data that is required to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data may also be processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

When you use the website, we may collect the following personal data:

o Name.
o Address data.
o Age.
o Financial data.
o Contact information such as e-mail address and telephone number and other data provided in the registration forms.
o Automatically collected technical data.

5.1. Data that you provide to us voluntarily

If you contact us via the website or by telephone, post, e-mail or other means of communication (e.g. contact form), we will process the data you provide in order to deal with your request. Depending on the request, we base this on your consent, our legitimate interest, a legal obligation or the fulfilment of the contract or pre-contractual measures (see section 3).

If you order products on our website or create an account to order our products on the website, we process your data in order to offer and sell our products to you. In doing so, we rely on our legitimate interest and on the processing for the fulfilment of the contract or for pre-contractual measures (see section 3). Please note that a user account is not mandatory for a one-off order, but we require one for a subscription.

If you make payments to us via the website or by other means, we will process your data for the purpose of contract processing. In doing so, we rely on our legitimate interest, legal obligations and processing for the fulfilment of the contract or for pre-contractual measures (see section 3). Depending on the payment preferences selected, the privacy policy of the respective payment provider may also apply (e.g. PayPal or Apple Pay).  

If you choose to receive marketing communications from us (in the form of our newsletter), we will process your data to inform you about our services and activities. In doing so, we rely on your consent and/or our legitimate interest (see section 3).

5.2. Automatically collected data

We automatically collect some information about your visit to the site. This information helps us to improve the content and navigation of the website. Specifically, we collect your IP address, the data, the technical characteristics of the device you use to access the website and the way in which you use and interact with our content. We base this on our legitimate interest (see section 3).

We collect this data automatically via cookies, in accordance with the cookie settings of your browser. Further information on cookies and their use on our website can be found in section 13.

5.3. Detailed purposes of data use

Some or all of the above data may be processed by us in order to provide you with the best possible service and user experience while using our website. In particular, the data may be used by us for the following purposes:

o Processing sales.

o Keeping internal records.

o Improving our products.

o Improving our website.

o Customer services.

o Handling legal disputes.

o Customer satisfaction survey.

o Customer relationship history.

o Maintaining our relationship with you, including notifying you of changes to the Website.

o Creation of customer or consumer profiles.

Your data may be processed manually and/or electronically.

We may share your data with the following third parties for the purposes mentioned:

o Our group companies.

o Independent payment service providers who process payments made via the Website. The independent payment service provider will manage and protect your data in accordance with its own privacy policy - our access to this data is limited.

o Competent authorities in accordance with applicable law - for the prosecution of criminal offenses or the collection of taxes or fees.

o Forwarders, transport companies, postal companies, logistics companies, suppliers in the context of fulfilling our obligations.

o Data may be passed on if we involve third parties (e.g. service provider, hosting, development partners) as part of the fulfilment of our contractual obligations (so-called contract data processors). They may only process the data within the scope of our instructions and only within the scope of this privacy policy. In particular, they may not use the data for their own purposes.

7.1. Shopify

We use the service of Shopify International Limited, Victoria Buildings, 1-2 Haddington Road Dublin 4, D04 XN32, Ireland (hereinafter referred to as Shopify) to offer and sell our goods on the website. Shopify processes your contact and financial data for us as an order processor in order to process contracts via our website.

Shopify also uses its own cookies to improve and secure our website. You can prevent the storage of cookies by selecting the appropriate settings in your browser (see section 13).

Shopify also processes your data in the USA, among other places. There is no adequate level of data protection in the USA (see section 8). Shopify uses so-called standard contractual clauses (SCC - in accordance with Art. 46 para. 2 and 3 GDPR) to guarantee an adequate level of data protection even when processing data in the USA. You can find more information on the contract addendum here: https://www.shopify.com/legal/dpa  

You can find more information on data processing by Shopify in Shopify's privacy policy (https://www.shopify.com/de/legal/privacy)

7.2. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, the data processing of Google Analytics is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your use in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is our legitimate interests (in accordance with EU law pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR). The IP address transmitted by your browser as part of Google Analytics is and then only processed in the shortened form so that it cannot be linked to a specific person. 

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (not yet in force): https://www.dataprivacyframework.gov/. We also ensure an adequate level of data protection through contractual agreements with Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and stored on your computer. You may prevent the use of Google Analytics either by editing your cookie preferences via the cookie icon in the footer of the website or via the use of the following browser extension, compatible with Chrome, Safari, Firefox and Microsoft Edge: https://chromewebstore.google.com/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en&pli=1

This will store a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your end device, these opt-out cookies will also be deleted, i.e. you must set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.

7.3. Meta Pixel (Facebook)

We use "Facebook Pixel" from Meta-Platforms, Inc, 1601 Willow Road, Menlo Park, CA-94025, USA (hereinafter "Meta"). We do this in order to track your behaviour as a visitor to our website on our and other websites across devices and also to be able to assign you to a target group, and also to be able to place target group-oriented advertisements (so-called "Facebook Ads") with the help of the data obtained from this.

In Switzerland, the European Union (EU) and the European Economic Area (EEA), Facebook Pixel, Facebook Custom Audiences and Facebook Ads are offered as services by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The processing of data on our website, i.e. the collection and transmission of data to Meta, this is done in accordance with the principles of Art. 6 to 8 GDPR and on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR if you have given it via our cookie banner. This consent is voluntary and can be revoked at any time via the gear icon at the bottom left of the website. If you consent, your browser will establish a direct connection to Meta's servers when you visit our website, which enables Meta to read a variety of personal data from your device and possibly also to store data, in particular cookies, on your device. By integrating the Facebook pixel, Meta receives in particular the information that you have selected an advertisement placed by us or have accessed the corresponding website of our Internet presence.

With this information, Meta enables us to place even more targeted advertising. If you are registered with a Meta service (e.g. Facebook) and are logged in, Meta can assign the click on our advertisement and the visit to our website to your Facebook user account. Meta can link this data with other data from other sources and use it to create a comprehensive, cross-device profile about you as a user. Even if you are not registered with Facebook or have not logged in, it is possible for Meta to find out and store your IP address and other identifying features.

In particular, the following data is collected via the Facebook pixel and transmitted to Meta:

o Device information

o Usage data

o Cookie data

o Data about your activities and interactions on our website

o Data about your activities on other websites, e.g. purchases made, and advertisements viewed

With the help of the Meta Pixel, we want to ensure that our advertisements correspond to the potential interests of users and are not considered annoying. We have no influence over the extent of any further processing of your data by Meta. Information about Meta's data processing can be found at https://www.facebook.com/policies/cookies/. Data processing may also take place outside Switzerland, the EU or the EEA in third countries. There is a risk that authorities in third countries may access the data for security and monitoring purposes without you being informed or having the right to appeal. We therefore take measures in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection despite these risks. Facebook/Meta (USA) is certified in accordance with the Data Privacy Framework.

7.4. Klaviyo

Klaviyo Inc (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") uses cookies to personalize marketing communications and track user engagement with email campaigns and newsletters. These cookies enable companies to deliver targeted content, recommend products based on user preferences and analyse the effectiveness of email marketing strategies. In addition, they help with the segmentation of target groups and the automation of personalized marketing workflows. Your personal data such as your IP address, the type of browser and device used, and the time of use are recorded. Pseudonymized usage profiles can be created from the data obtained in this way, whereby the data collected is not used to identify you personally. Rather, the data collected is used for statistical analysis to improve the services of e-mail campaigns and newsletters.

Please note that your data may be transferred to Klaviyo servers in the USA and stored there. Klaviyo is self-certified under the EU-US Data Privacy Framework (DPF) and adheres to the privacy principles of the DPF. To the extent and as long as the DPF is recognized as a valid transfer mechanism in the country/region concerned, personal data originating from the EEA, the United Kingdom or Switzerland or otherwise covered by the GDPR will be transferred on the basis of the DPF.

Your personal data will be processed on the basis of Art. 6 para. 1 lit. f GDPR (overriding legitimate interests in a targeted, effective advertising and user-friendly newsletter system). You are entitled to object to this processing at any time for reasons arising from your particular situation.

Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/data-processing-agreement and at https://www.klaviyo.com/legal/privacy-notice   

7.5. Youtube

We use YouTube on our website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube". YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Through certification in accordance with the EU-US Data Privacy Framework ("DPF") https://www.dataprivacyframework.gov/garantiert Google, and thus also its subsidiary YouTube, ensures that the data protection requirements of the EU are also complied with when processing data in the USA.

We use YouTube in connection with the "extended data protection mode" function in order to be able to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the "Enhanced Privacy Mode" function means that the data described in more detail below is only transmitted to the YouTube server when you actually start a video.

Without this "extended data protection mode", a connection to the YouTube server in the USA is established as soon as you access one of our web pages on which a YouTube video is embedded.

This connection is necessary in order to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least store your IP address.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and to analyse user behaviour, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by changing the settings in your Internet browser. You can find more information on this above under "Cookies".

Google provides further information about the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://policies.google.com/privacy available data protection information.

7.6. Vimeo

We embed videos from Vimeo, a service of Vimeo, LL C, 555 West 18th Street, New York, New York 10011, USA, on our website. In some cases, user data is processed on servers in the USA. Vimeo states that it complies with the provisions of the EU-US Privacy Shield Framework, the UK Extension of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set out by the US Department of Commerce regarding the collection, use and retention of personal data from the EEA, the UK and Switzerland respectively. The Swiss-US data protection framework is not yet in force, which is why a transfer to an unsafe third country may take place in this context.

When you visit a page on which a Vimeo video is embedded, a connection to the Vimeo servers in the USA is established and your IP address and the date and time of your visit are recorded. If you have a Vimeo account and are logged in when you visit our site, Vimeo can assign the information to your personal user account. You can prevent this by either logging out before visiting our site or by changing the settings in your user account. If you do not agree to this processing, you must adjust the cookies in your browser accordingly or only accept technically necessary cookies.

If you actively click on a Vimeo video, Vimeo's privacy policy applies, which can be found at the following link: http://vimeo.com/privacy.  Vimeo is solely responsible for this data processing.

In principle, we process your data in Switzerland or in the EU. However, we can also process your data (or have it processed) in other countries around the world. If we have your data processed in third countries that do not have an adequate level of data protection under Swiss or European data protection law, we guarantee data protection, for example through specific contracts. Most relevant companies (i.e. Shopify, Google Analytics, etc.) guarantee in Data Processing Addendums, that they comply with EU-legislation. i.e. Addition to Shopify data processing - Shopify USA

For our data processing, tools (Shopify, Google Analytics, Meta Pixel, Klaviyo) are integrated from companies that process data partly in the USA. You can find more information on the services in the respective sub-chapters in section 7. We would like to point out that the USA is not a safe third country within the meaning of Swiss and EU data protection law but see section 7 on the individual services with regard to certifications and additional contracts. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may, in exceptional cases, process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing operations.

We use appropriate technical and organisational measures to protect your data, for example: 

o Your account is activated by activating a confirmation link that is sent to your e-mail address.

o The payment details are encrypted using SSL technology. This is recognisable by the icon in the form of a padlock or a lock (or both), which identifies secure Internet addresses.

The technical and organisational measures include measures to combat data protection breaches. If you suspect inappropriate use or loss of your data or unauthorised access, please report this to us immediately at our e-mail address (see section 2).

Unless a longer data retention period is provided for or authorised by law, we will only store your data in our systems for the period necessary to fulfil the purposes described in this Privacy Policy or until you request the deletion of the data. We expressly reserve the right to comply with statutory retention obligations.

You have the following rights in relation to your data:

o Right to information - You have the right to request information about which of your personal data we process. You also have the right to have your data disclosed in accordance with the law.

o Right to rectification - You have the right to rectification and completion of your data.

o Right to erasure and restriction of data processing - You have the right to request the erasure of your data or the restriction of its processing.

o Right to data portability - You have the right to request the transfer of your data in a common format in accordance with legal requirements.

o Right to object - You have the right to object to our use of your data, even if we are using it for our legitimate interests.

o Right to withdraw consent - You have the right to withdraw consent at any time. 

To request information, exercise your rights set out above or withdraw your consent to the processing of your data (where consent is our legal basis for processing your data), you can contact us via the Contact e-mail address in section 2.

Please note that statutory exceptions apply to the exercise of these rights. Where we are authorised to do so, we may refuse your request for certain reasons. If we refuse your request, we will inform you of the reason.

You also have the right to lodge a complaint with the competent data protection authority. In Switzerland, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC); in the EU, you can lodge a complaint with the data protection authority of the EU country in which you are located.

It is important that the data in our possession is accurate and up to date. We ask you to keep us informed if your data changes during the period in which we hold it.

This website may at times contain links to third party websites. We have no control over these third-party websites and are not responsible for their content. This privacy policy does not extend to the use of these third-party websites. It is recommended that you read the privacy policy of the respective third-party websites before using them.

Cookies are small pieces of data that are placed on your computer by this website when you visit certain parts of the website and/or use certain features of the website.

This website may store or access certain cookies on your computer. Biokern AG uses cookies to improve your user experience on the website and to improve our product range and for the purpose of distinguishing you from other users of the website and remembering your preferences. Biokern AG has carefully selected these cookies - you will find a list of the cookies used at the end of this privacy policy (Section 16).

All cookies used by this website are used in accordance with the applicable EU cookie law and the relevant national regulations.

Before the website stores cookies on your computer, a box will appear asking for your consent to store these cookies. By giving your consent to the storage of cookies, you enable Biokern AG to offer you a better customer experience and service. You can, if you wish, refuse your consent to the storage of cookies; in this case, however, some functions of the website may not work or may not work as intended. 

You can activate or deactivate cookies in your internet browser. The majority of Internet browsers are set to accept cookies. For further details, please refer to the help menu of your internet browser.

You can choose to delete cookies at any time; however, you may lose all information that enables you to access the website as quickly and efficiently as possible, such as personalisation settings.

We recommend that you ensure that your internet browser is updated and consult the manual of the developer of your internet browser if you are not sure whether you should change the privacy settings.

For more general information on cookies, including how to disable them, please refer to www.aboutcookies.org. You will also find details on how to delete cookies from your computer.

If a court or a competent authority is of the opinion that a provision/part of a provision of this Privacy Policy is invalid, illegal or inapplicable, this provision or the relevant part of the provision shall be deemed deleted to the extent requested. The validity and applicability of the other provisions of this Privacy Policy shall not be affected.

Biokern AG reserves the right to amend this Privacy Policy as deemed necessary or as required by law. The current version of the privacy policy applies.