BB Biotech AG data privacy notice
1. Data privacy – general information
This notice explains how BB Biotech AG ("BB Biotech" and/or "we" and/or "our") process your personal data and the legal rights you have under applicable data protection laws and regulations. Do not use this website if you do not agree to be bound by the following terms and conditions.
2. Data controller
BB Biotech acts as the data controller with respect to the processing activities described in this privacy policy.
If you have any data protection concerns, you can contact us at the address indicated in section 10 below.
For certain processing activities, Bellevue Group AG resp. its subsidiary Bellevue Asset Management AG may act as a joint controller together with BB Biotech. The privacy notice of Bellevue Group AG is accessible here: https://www.bellevue.ch/ch-en/private/privacy-notice.
3. Collection of personal data
We primarily process the personal data that we receive from our clients, companies we invest in, suppliers and other business partners in the course of our business relationship and communication with them and other persons involved, or that we collect from users during the operation and use of our websites and other offers. To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from other companies affiliated with us (in particular from our subsidiaries and from Bellevue Group AG, its subsidiary Bellevue Asset Management AG and their affiliates), from authorities and other third parties (such as credit agencies).
The categories of personal data that we process about you may include, in particular, the following data:
- Contact information: in particular, first and last name, address, telephone number, e-mail address, gender, information related to your professional titles, functions and activities;
- Contract data, order and purchase data: in particular, payment data, payment details, transaction details, information in connection with queries and complaints, information on compliance with legal requirements, information from banks, insurance companies and other partners of us, information about you, which you or persons from your environment (employer, consultants, legal representatives, etc.) give us, so that we can conclude contracts with you, with the involvement of you or process them, etc.;
- Data related to investments and client relations: in particular, information related to investments and investment management, assets and asset management, transaction details, financial information, information in connection with queries and complaints, information on compliance with legal requirements, information from banks, insurance companies and other partners of us, information about you, which you or persons from your environment (employer, consultants, legal representatives, etc.) give us, so that we can conclude contracts with you, with the involvement of you or process them, etc.;
- Data related to shareholding: in particular, information related to number of shares, invitations to and participation in general shareholder's meetings etc.
- Data related to marketing: especially newsletter opt-ins and opt-outs, invitations and participation in events and special activities, personal preferences and interests;
- Data related to the use of our website, server protocol (whereby these are mostly non-personal data): in particular connection data, IP address and other identifiers (e.g. user name in social media, MAC address of the smartphone or computer, data from cookies and similar technologies), name of the owner to whom your IP address was assigned (usually your internet access provider), date and time of the visit to our website, duration of the visit to the website, requested Internet address (Uniform Resource Locator, URL), referrer URL (i.e. the Internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, and the search term used, location data, pages and content accessed, functions used, file transfer protocol used (such as HTTP/1.1);
- Communication data: Data exchanged in or in relation to contact with us, in particular preferred communication channel, communication by letter, telephone, fax, e-mail, text and picture messages, information provided by filling out a registration form;
- Data about your financial situation: In particular, creditworthiness data, scoring or rating data, payment experiences of third parties with you, debt and bankruptcy history, any recorded restrictions on the ability to act;
- Data from public registers, e.g. information from the commercial register;
- Information that we learn in connection with official and judicial proceedings;
- Information from the media and the Internet about your person if this is indicated in the specific case.
4. Sources of personal data
We may receive personal data from the following sources:
- Direct sources: In principle, we process personal data that we receive directly from you, for example in the course of our business relationship, the use of the website, on events of BB Biotech or by agents of BB Biotech or in direct communication via e-mail, telephone or other means.
- Indirect sources: In certain cases, we may indirectly collect personal data. This happens when someone else (e.g. an employee of yours) makes purchases for your benefit or for delivery to you or recommends you to us. In addition, we may purchase supplementary information from data sources (e.g. credit agencies, social media, and address dealers, other domestic and foreign companies affiliated with BB Biotech). We may obtain personal data from publicly accessible sources (e.g. from debt enforcement registers or debtor directories, land registers, commercial and association registers, the press, the Internet). In individual cases, it is possible that personal data is derived from the combination of various non-personal data.
5. Purposes of the data processing and possible legal bases
We may process personal data in accordance with applicable data protection law, in particular the provisions of the Swiss Data Protection Act ("FADP"), for the following purposes (the "Processing Purposes") and, if required under applicable data protection law, on the basis of the following legal bases:
5.1. For the performance of the contract
We process personal data in direct connection with the conclusion and processing of contracts with our clients, suppliers and business partners, in particular in the context of our investment activities and the purchase of products and services from our suppliers. This also includes, among other things, the handling of queries. The purposes of data processing and any further data protection information can be found in the respective contract documents, terms and conditions and/or conditions of participation.
5.2. To fulfill legal obligations
We process personal data in order to comply with our legal or regulatory obligations in Switzerland and abroad. If you work for one of our clients, suppliers or business partners, your personal data may also be affected in this capacity. Processing purposes include, but are not limited to:
- Documenting compliance with certain legal and regulatory requirements;
- Participating in investigations and proceedings, cooperating with and responding to inquiries from authorities and courts.
5.3. To safeguard legitimate interests
We also process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:
- Offer and further development of our offer: in particular, offering and further developing our products, services, websites, online services and other platforms on which we are present;
- Ensuring business operations: in particular, coordinating and optimizing activities and offers and ensuring efficient transaction processing which may involve several of our affiliates in Switzerland and abroad, communicating with other affiliates and third parties, processing inquiries (e.g. requests, advertisements, media inquiries);
- Ensuring IT security and IT operations: in particular, troubleshooting, operation and further development of our IT systems, our website and other platforms, identity checks, protection of IT assets, our employees and other persons, and assets (e.g., through network and mail scanners);
- Quality control: in particular, preparing reports on users, transactions, activities, services and other business aspects of BB Biotech for corporate management and development, preparing statistics, budgets, records and management and shareholder information, organizing business operations, project management, research, development and further development of services;
- Advertising and marketing: in particular market and opinion research, media monitoring, web analysis and tracking (e.g. by means of cookies), use, testing and optimization of demand analysis methods (e.g. tracking customer behavior, activities, preferences and needs), improving our visibility, publicizing the content of our services (e.g. by means of social media plug-ins), sending newsletters and advertising material (personalized offers, e.g. by means of web banner advertising), conducting events, investor relations;
- Client care: in particular, maintaining and developing client relationships, running investor programs, providing preferential services, managing the users of our website, communication, client service and support, also outside the scope of the execution of contracts;
- Risk management: in particular, consultation and exchange of data with credit information agencies to determine creditworthiness and default risks;
- Ensuring compliance: in particular, verification of compliance with legal and internal rules of BB Biotech;
- Implementation of corporate transactions: in particular, the sale or purchase of business units, companies or parts of companies and other transactions under company law, and the related transfer of personal data;
- Dealing with legal disputes: in particular assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Self-protection and protection of third parties: in particular, protection of third parties and our employees, our data, trade secrets and assets as well as assets that have been entrusted to us, safeguarding of house rights, security of our facilities and buildings (e.g. access controls, video surveillance);
- Prevention and investigation of criminal offenses and other misconduct: in particular, combating abuse, collecting evidence, conducting internal investigations, data analysis to combat fraud.
5.4. Based on your consent
If you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
6. Disclosure of personal data
Within BB Biotech, access to your personal data is granted to those persons that need them to fulfill the aforementioned Processing Purposes.
In addition, we may disclose personal data to the following categories of recipients, provided that the disclosure serves to fulfill the aforementioned Processing Purposes:
- Service providers (including data processors and vicarious agents), in particular in Switzerland and partly also abroad;
- Affiliates of BB Biotech, in particular in Switzerland and partly also abroad;
- Business partners, including suppliers and agents;
- Clients of BB Biotech;
- Industry organizations, associations, organizations and other bodies;
- Competitors;
- Acquirers or parties interested in acquiring business units, companies or other parts of BB Biotech or its affiliates;
- Parties to potential or actual legal proceedings;
- Local, national and foreign authorities, agencies and courts;
- The public, including visitors to websites and social media; (all collectively referred to as the "Recipients").
If we transfer personal data to third parties, the respective current data protection regulations of the third parties are also applicable. The third parties may be jointly responsible with us or act as order processors.
7. Transmission of personal data abroad
We may transfer personal data to Recipients in Germany, other countries of the EU and the EEA and in any other country of the world, in particular to all countries in which we are represented by group companies, branches or other offices and representatives (in particular UK, Curaçao) as well as to the countries in which our service providers process their data (such as countries of the EU and the United States).
Personal data may be transferred to a country without adequate legal data protection, provided that:
- We ensure adequate protection, namely by means of sufficient contractual guarantees such as the standard contractual clauses of the European Commission and binding corporate rules. You can obtain a copy of the contractual guarantees from the contact point mentioned above or find out from them where such a copy can be obtained. We reserve the right to redact such copies for data protection reasons or for reasons of confidentiality, or to supply only excerpts;
- You give your express consent;
- It is necessary for the execution of a contract with you or of a contract in your interest;
- It is necessary for the fulfillment of a legal obligation;
- It is necessary to safeguard overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or third parties;
- ·You have made the personal data generally accessible and do not expressly prohibit processing; or
- The personal data originate from a register provided for by law, which is public or accessible to persons with an interest worthy of protection, insofar as the legal requirements for inspection are met in the individual case.
8. Third-party websites
BB Biotech may provide links on its website to one or more third-party websites. BB Biotech has no control over these websites or their content or over the products/services that are offered on these websites. All access and usage of the websites called up through such links shall be subject to the terms and conditions and the privacy policies of the said websites and shall be at your own risk. BB Biotech assumes no responsibility for the data privacy and customer information policies of third-party websites that you access through a link on our website.
9. Cookies, tracking and other technologies related to the use of our website
BB Biotech’s website, like many other websites, uses so-called cookies and similar technologies that allow us to store information on your device or access information stored on your device. This allows us to better understand user behavior, e.g. to provide our services in a technically error-free, secure, user-friendly and demand-oriented manner.
Cookies and similar technologies generally do not provide personal data, but only anonymous traffic data related to your device (e.g., your IP address) and statistical data (e.g., number and type of website visits). However, to the extent that the identifiers collected are classified as personal data by applicable law, we treat them as such. In addition, we sometimes combine non-personal data collected using these technologies with other personal data held by BB Biotech. When we combine data in this way, we treat the combined data as personal data for the purposes of this Privacy Policy.
By using our websites, apps and consenting to receive newsletters and other marketing emails, you consent to the use of the above mentioned technologies. If you do not wish to do so, you can block or delete the cookies and similar technologies via the privacy settings of your browser and email program, whereby the deletion may under certain circumstances affect the use of our website.
9.1. Cookies:
Cookies are small text files that are stored in your computer’s temporary memory and on its hard drive when you visit certain web pages. Through the use of cookies, your browser receives an identifier and shows it on request to.
Most of the cookies we use are so-called session cookies. These save your entries while you navigate on the website within the same session. Session cookies are automatically deleted after your visit to our website. Permanent cookies, on the other hand, remain stored on your device for several sessions and allow us to recognize your browser the next time you visit the website (and, for example, to perform an automatic log-in or to display the website in your preferred language and according to your preferences). We use permanent cookies to remember your preferences (e.g., language, autologin), to help us understand how you use our services and content, and to provide you with customized offers and advertisements (which may also occur on other companies' websites; however, we do not tell them who you are, if we even know, because they only see that the same user is on their website who was on a particular page on ours). Some of the cookies are set by us, and some are set by contractors with whom we work. If you block cookies, certain functionalities (such as language selection) may no longer work. Permanent cookies are deleted when their expiration date is reached or if you delete them beforehand. Most browsers are set to accept cookies by default.
BB Biotech may use cookies on its website for the following additional purposes:
- Analysis: Analysis cookies enable us to identify and assess visitors to our website and track their visits. This helps us to improve and enhance the functioning of the BB Biotech website, for example, by determining whether visitors to the website can easily find information or which areas of our website are of the greatest interest to visitors.
- Terms and conditions of use: BB Biotech uses cookies on its website in order to record whether a website visitor has read a policy statement (e.g. this privacy notice) or given a declaration of consent (e.g. regarding the terms and conditions of use on our website). This helps us to improve the experience of visitors to our website, for example by ensuring that users are not repeatedly asked to give their consent to the same terms and conditions of use.
- Session management: The software that controls our website uses cookies for technical reasons necessary for the internal processes of our servers. For example, we use cookies in order to distribute requests over several servers, to authenticate users and to determine what functions of the website they can access, to verify the origin of requests, to record information about a user’s session and to determine what options or pages have to be displayed in order for the website to function.
- Functional purposes: Cookies for functional purposes store information that is needed by our applications for processing and operational purposes. For example, if transactions or requests comprise several work sequence phases within an application, cookies are used in order to temporarily store information from each phase, which facilitates the execution of the entire transaction or request.
Some of our web pages include content intended to be displayed with Adobe Flash Player, such as animations, videos and tools. The local flash memory (frequently referred to as “flash cookies”) can be used to improve your experience as a user of the website. The flash memory is stored on your device in almost exactly the same way as standard cookies but is managed directly from your flash software. If you would like to disable or delete information that is locally stored in the flash memory, please read the documentation on your flash software, which you can find at www.adobe.com. Please note that if flash cookies are disabled it may not be possible to use the full functionality of our website.
Most web browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message appears whenever you receive a new cookie.
Disabling cookies might prevent you from taking advantage of the full functionality of our website.
9.2. Google Analytics
We use Google Analytics on our website. This is a service of Google LLC in the USA (Google) (www.google.com), with which we can measure and evaluate the use of the website (not personal). Permanent cookies that Google sets are also used for this purpose. Google does not receive any personal data from us (and does not retain any IP addresses), but it can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by Google, and use this information for its own purposes (e.g. controlling advertising). If you have registered yourself with Google, Google also knows you. The processing of your personal data by Google then takes place under the responsibility of Google in accordance with its data protection provisions. Google only informs us how our website is used (no information about you personally).
Further information about the web analytics services used may be found on the website of Google Analytics. Instructions on how to prevent your information from being used by the web analytics service may be found at tools.google.com/dlpage/gaoptout.
9.3. Plug-ins (also social plug-ins, social media plug-ins or social share plug-ins)
You can recognize plug-ins by the corresponding network logo or the "Like" or "Share" buttons on our website. By clicking on the plug-in, you can share content from our website on social networks. The plug-in reports to the social network that your IP address is visiting our website. This can happen even if you are not logged into the social network or are not a member of the social network. If you are logged into the social network, the social network can assign your surfing behavior directly to your profile there.
The social network is responsible for the processing of your personal data transmitted with the plug-in and the data protection provisions of the respective social network apply. We do not obtain precise knowledge of the content and scope of the transmitted data and its use by the social network and do not exercise any influence on it. As a rule, this involves the following data: website visited, data transmitted by your browser (IP address, browser type and version, operating system, time) and your identification number in the social network, provided you are registered there as a user.
If you share content via a plug-in, you are not authorized to speak on our behalf. These are your own expressions, for which we are not responsible and liable.
10. Your data protection rights
Under certain conditions, you may enforce your data protection rights against us:
- Right to revoke your consent: You may revoke your consent to the processing of your data at any time, with effect from that time on. Revocation shall not affect the legal basis for any data processing prior to the revocation of your consent, nor will it affect the legal basis for data processing if justified by legal obligations or overriding interests.
- Right to information: you have the right to request information about the data we have collected concerning you.
- Right to rectification: At your request, we will rectify the data stored about you if it is inaccurate or incorrect.
- Right to erasure: If you wish, we will erase your data, unless there are other legal obligations (e.g. data retention requirements) or overriding legitimate grounds on our part (e.g. in defense of our rights and entitlements) that prevent us from doing so.
- Right to restrict processing: In accordance with the conditions stipulated in Art. 18 GDPR, you have the right to restrict the processing of your personal data.
- Right to object: You may also object to the processing of your personal data. The right of objection under Art. 21 GDPR, on grounds relating to your particular situation, pertains only to data processing for which the legal basis rests on a balancing of interests relating to profiling or direct marketing purposes. Upon objection, we will no longer process your data unless we are legally entitled to refuse the objection. If you have granted consent to direct marketing and no longer wish to be a recipient of direct marketing activities, you must withdraw your consent.
- Right to data portability: You also have the right to receive your data in a structured, commonly used and machine-readable format and to transmit your data to a third party.
- Right to lodge a complaint with a data protection authority: Furthermore, you have the right to lodge a complaint with any relevant data protection authority. We advise you to lodge a complaint first with our data protection officer, so that we can resolve your issue to your satisfaction as quickly as possible. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
- We will inform you separately about your rights in connection with any automated individual decision-making, insofar as this is required by law. For the establishment and implementation of the business relationship, we do not use any automated individual decision-making processes.
To exercise your rights, please contact us at:
Bellevue Group AG
Data Protection
Seestrasse 16
CH-8700 Küsnacht
E-Mail: dataprotection(at)bellevue.ch
BB Biotech has a data protection representative in the EU who serves as a point of contact for supervisory authorities and data subjects for all matters pertaining to EU data protection regulations:
VSG Datenschutzpartner UG
Am Kaiserkai 69
D-20457 Hamburg
info(at)datenschutzpartner.eu
https://datenschutzpartner.eu/
In addition, you can use any options embedded in our services, e.g. link in an e-mail to unsubscribe from a newsletter, privacy settings in your user account. The exercise of your rights generally requires that you can clearly prove your identity (e.g. by a copy of your ID where your identity is not otherwise clear or can be verified). We also draw your attention to the fact that by deleting your personal data, services are no longer available or can no longer be used, in whole or in part, and that the exercise of these rights may conflict with contractual agreements and this may have consequences such as the premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.
We reserve the right to restrict your rights within the framework of the applicable law and, for example, not to provide any or complete information or not to delete data.
11. Retention of data
We process and store personal data as long as it is necessary for the Processing Purpose for which we collected it (e.g. for the duration of the entire business relationship from the initiation and processing to the termination of a contract). In addition, there may be a contractual or legal obligation to retain or document data (e.g. in accordance with the Swiss Code of Obligations, Value Added Tax Act, etc.). It is possible that personal data will be stored for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). We thus store contract-related personal data in principle for the duration of the contractual relationship and for ten years beyond the termination of the contractual relationship.
If the personal data is no longer required for the fulfillment of the processing purpose, it will be deleted or anonymized as far as possible. Subject to an express written agreement, we are under no obligation to you to retain personal data for a specific period of time.
12. Data Security
We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as the issuance of warnings, training, IT and network security solutions, access controls and restrictions, encryption of data media and transmissions, pseudonymization, controls.
13. Profiling and automated decision making
We process your personal data partly automatically with the aim of evaluating certain personal aspects. We use this in particular to be able to inform and advise you about products in a targeted manner. In doing so, we use evaluation tools that enable us to provide needs-based communication and advertising, including market and opinion research.
For the establishment and implementation of the business relationship and also otherwise, we do not use any fully automated automatic decision-making (as regulated, for example, in Art. 22 GDPR). Should we use such procedures in individual cases, we will inform you separately and inform you of the associated rights, insofar as this is required under the applicable law.
14. Your obligations
Submission of your information is generally voluntary. You will incur no legal disadvantages if you do not give us any information about you.
However, in the context of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you do not usually have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). Also, the Website cannot be used if certain traffic-securing information (such as IP address) is not disclosed.
If you provide us with personal data of other persons (e.g. data of work colleagues), please make sure that these persons are aware of this privacy policy and only share their personal data with us if you are allowed to do so and if this personal data is correct.
Please note that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also appeal to your personal responsibility with regard to the handling of your personal data. To the extent permitted by law, we exclude liability for the security of data that you transmit to us via the Internet (e.g. by e-mail) or other electronic channels and for any direct or indirect damage. We ask you to choose other communication channels, should this appear necessary or reasonable for security reasons.
15. Modification of the privacy policy
BB Biotech reserves the right to change, revise, or amend this privacy notice, or to delete sections of it, at any time and without providing reasons. Any amendments shall apply from the date of publication. The current version published on our website (https://www.bbbiotech.ch/ch-en/private/data-protection) shall apply. BB Biotech therefore recommends that you periodically review its privacy policy for changes. If the privacy policy is part of an agreement with you, we can inform you about the change of the privacy policy by e-mail or by other suitable means.