Privacy Policy

1. Name and address of the Data Controller

The Data Controller within the meaning of the GDPR and the FADP is


CANDULOR AG
Boulevard Lilienthal 8
8152 Glattpark (Opfikon)
Switzerland
Phone: +41 44 809 90 00
E-mail: info@candulor.ch

The Data Protection Officer of the Data Controller can be reached at:

CANDULOR AG
attn. Data Protection Officer
Boulevard Lilienthal 8
8152 Glattpark (Opfikon)
Switzerland
Phone: +41 44 809 90 00
E-mail: dataprotection@candulor.ch

The protection of your personal data and of your private life are very important to us as Data Controller in terms of data protection. You need to know what information about you is collected through our website www.candulor.com and related services (our “Service” for short) and how your information is used. This privacy policy gives you this information.

Therefore, we obviously comply with the provisions of the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (FADP) as well as all other locally applicable data protection regulations. It is important to us to inform you about what personal data are collected and processed and what options you have. This privacy policy gives you answers to the most important questions.

Der hier verwendete Begriff «Verarbeitung» nach DSGVO ist deckungsgleich mit dem Begriff «Bearbeitung» nach DSG.

Your data will be stored, processed and used in accordance with this privacy policy and the relevant statutory data protection regulations.

Our employees and agents who process your enquiries are obliged to maintain confidentiality

If your personal data are processed, you are a data subject within the meaning of the GDPR and the FADP. You have the following rights against us as the Data Controller:

(1) You have a right to obtain confirmation as to whether and which personal data we process in relation to you. (GDPR and FADP)

(2) You have a right to rectification and erasure of this personal data. (GDPR and FADP)

(3) You have a right to restriction of processing of your personal data. (GDPR and FADP)

(4) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. This does not apply if a legal provision obliges or entitles us to collect, process or use this data. (GDPR and FADP)

(5) Furthermore, you may withdraw any consent you have previously given to the collection, processing and use of your personal data at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of such consent until the withdrawal. (GDPR and FADP)

(6) You also have a right to data portability.

(7) To exercise your rights or for information and/or explanations of your rights, please contact our data protection officer by e-mail or by post (for contact details, see under “Data Protection Officer"). We will be happy to provide you with access to your personal data in our database upon request. The information is free of charge. (GDPR and FADP)

(8) In addition, you have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data. (GDPR and FADP)

(1) “Customer Portal” means the online tool accessible via www.candulor.com through which you can access the following “Services”.

(2) “Services” means all the services we offer through our “Customer Portal”. Depending on whether the service is available in the respective country, the following services can be currently used on this platform:

a. “Customer enquiries” about our products and services: This Service allows our customers to provide their contact details and request information about our products and Services.

b. “Webshop”: The Webshop allows our registered customers to order online the products available online in the respective country and have them delivered to the desired address.

c. “SSOP”: The Swiss School of Prosthetics by Candulor enables customers to book online and onsite courses and seminars available in the respective country, both for a fee and free of charge.

d. “Event Registration”: This service allows customers to register for marketing events available in their country, such as roadshows, trade fairs, product demonstrations, KunstZahnWerk competition, competitions/prize draws and request free product samples.

e. “Scan & Order Registration”: This service allows our customers to register as a customer and to link the dental cabinets purchased to the customer ID in order to coordinate dental orders independently.

f. "ToothScout App": This service enables users to create a personal profile and patient files. This allows type-appropriate tooth shapes to be selected and stored in the patient file. This data are the property and responsibility of the user. CANDULOR does not have access to patient data.

g. "Newsletter": To stay informed, interested parties can subscribe to our Candulor and/or SSOP newsletter. You may revoke your consent at any time in the future. To withdraw your consent, please send an e-mail to dataprotection@candulor.ch or click on the unsubscribe link at the bottom of our newsletter.

h. “eIFU”: The eIfU functionality delivers the instructions for use for each product. By subscribing to changes, we send a notification whenever a document has been updated.

Which data is collected and stored depends on which services you use on our platform.

(1) Data or categories of data:

(a) As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been deactivated by you:

- domain name or IP address of the requesting computer

- file requests of the client (file name and the corresponding data of the complete Internet address)

- the HTTP response code

- the Internet page from which you are visiting us (referrer URL)

- date and time of the server request

- operating system used by the requesting computer

- cookies (see cookie below and our cookie policy for more details) are also used to collect anonymous traffic data from users of our website. This anonymous traffic data may be used for market research purposes and the demand-oriented design of our website.

(b) When using the platform for customer enquiries, the following data are collected from the customer. Mandatory details required for processing are marked separately when entering, further information is voluntary:

- E-mail

- Gender

- First name & Surname

- Phone

- Fax

- Company name

- Street & house number of the company

- Company postcode

- Company location

- Company country

(c) When using the “Webshop” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:

- Invoice and delivery address(es)

- Products and services you order or purchase

- Customer number

- Province of the company

- Preferred communication channel

(d) When using the “SSOP” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:

- Invoice address

- Courses/seminars that you order or book

- Your feedback on our products and services in the sense of ratings, customer reviews or customer satisfaction

(e) When using the "Event Registration" service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:

- Function

(f) When using the "Scan & Order Registration" service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:

- Candulor Customer Code

- Tooth cabinet code

- Products you purchase

(g) When using the "ToothScout App" service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:

- Function

- Candulor ID

(2) Data subject groups:

(a) Users of the homepage

(b) Our customers

(c) Employees of our customers

(d) Contractual partners of our customers

(e) Our employees

We process your personal data to operate, provide and improve our services. These purposes include:

· Information about our products and services requested by the interested parties and customers. We use your personal data to send you the information you have requested via the desired communication channel.

· Purchase and supply of products and services. We use your personal data to take and process orders, deliver products (whether chargeable or free of charge) and provide services (whether chargeable or free of charge), develop and assess the need for new products and services, develop, test and launch new products and services, process payments and communicate with you about orders, products and services (e.g. transactional communications or requests for feedback in terms of ratings, customer reviews, customer satisfaction, needs assessment, development, testing and launch of purchased products or services). Furthermore, we use your personal data to fulfil our legal (e.g. warranty) and contractual (e.g. guarantee contract) obligations within the scope of the purchase, guarantee or service contract.

· Providing, troubleshooting and improving our services. We use your personal data to provide features, analyse services and products, troubleshoot and improve the usability and effectiveness of our services.

· Recommendations and personalisation. If you have consented to this, we will process your personal data to recommend functionality, products and services that may be of interest to you, to identify your preferences and to personalise your experience of our services.

· Compliance with legal obligations. In certain cases we are subject to legal obligations to collect and process your personal data. For example, we collect data from buyers regarding their registered office, tax number (if required) and their bank account information for identity verification and other purposes.

· Communication with you. If you have consented to this or if another legal basis (e.g. contract or legitimate interest) allows this, then we will use your personal data to communicate with you via various channels (e.g. by phone, email, chat, messenger, SMS, fax, in person, by post or other communication tools) regarding our products and services.

· Advertisements and marketing. If you have consented to this, we will use your personal data already collected and other data such as your interactions with our and other’s services (such as social media platforms), content or services, which we will automatically evaluate to serve interest-based ads for products and services or, if you have consented, to send you information about products and services from us and our affiliateshttps://www.ivoclar.com/en_li/tools/group-companiesthat may be of interest to you by email or through communications. We use data that personally identifies you to display interest-based advertising.

· Reminder of a shopping basket that has not been completed. If you have agreed to this, you will be informed by e-mail that you have products or services in your shopping basket in our Webshop without having completed the purchase.

· Fraud prevention and credit risks. We process personal data to prevent or detect fraud and abuse to protect the security of our customers, our business and third parties. To assess and deal with credit risks, we also use scoring procedures where appropriate and work with external partners.

· Review and supplement our data. We process personal data in order to check the accuracy of these data and to supplement them if necessary. To this end, we also collect publicly available data on social media platforms and, where appropriate, we work with external partners that provide us with data.

· Purposes for which we seek your consent. We may ask for your consent to process your personal data for a specific purpose, which we will communicate to you. If you consent to the processing of your personal data for a specific purpose, you may freely withdraw your consent at any time and we will stop processing your data for that purpose.

On our website you will find links to social networks such as Facebook, YouTube, LinkedIn and Instagram. Only when you have clicked on the respective button, data (original page, user name if you are logged into the respective service, IP address) will be transmitted to the platform operator. Please refer to the privacy policy of the respective platform operator for information on its collection and use of data.

We disclose customers’ personal data to the extent described below:

· Departments of CANDULOR AG and affiliated companieshttps://www.ivoclar.com/en_li/tools/group-companiesand their employees,

· technical services, insofar as necessary for the fulfilment of the contractual relationship,

· data processors and other service providers and contractual partners, to the extent necessary for the fulfilment of the contractual relationship, and

· public bodies under overriding legal obligations

weiter, die entweder dieser Datenschutzrichtlinie unterliegen oder Massnahmen umsetzen, die mindestens ebenso viel Schutz bieten, wie die in dieser Datenschutzrichtlinie beschrieben.

Service provider and contractual partner:

We engage other companies and individuals to perform tasks for us. Examples include, but are not limited to, fulfilling orders for products and services, deliveries, sending letters or emails, maintaining our customer lists, analysing our databases, supporting promotional activities, providing search results and links (including paid offers and links), processing payments (direct debit and bill payment), transmission of content, assessing credit risk and providing customer service. These third party service providers and contractors have access to personal data needed to perform their tasks. However, they may not use them for other purposes. Furthermore, they shall process the data in accordance with this privacy policy and the relevant data protection laws.

Protection of the Data Controller:

We disclose personal data about customers when we are required to do so by law or when such disclosure is necessary to enforce our general terms and conditions or other agreements or to protect our rights and the rights of our customers and third parties. This also includes data exchange with companies to prevent and minimise misuse and credit card fraud.

In all other cases, we will inform you if personal data are to be transferred to third parties. This gives you the opportunity to decide that your data should not be shared with the third party.

Data transfer to countries outside the European Economic Area:

When transferring personal data to third parties in countries outside the European Economic Area (EEA), we always ensure that the transfer of data is in accordance with this privacy policy and applicable data protection laws.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, this consent shall serve as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the performance of the contract shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this legal obligation serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, those vital interests shall serve as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, this legitimate interest shall serve as the legal basis for the processing.

We store your personal information to enable you to use our services on an ongoing basis. We will retain your information for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes for ten years. The personal information will be erased or blocked as soon as the purpose of the retention ceases to apply. In addition, retention may take place if this has been provided for or prescribed by the legislator in decrees, laws or other regulations to which the data controller is subject. Data will also be blocked or erased if a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the execution or performance of a contract.

We will inform you of further retention durations. For example, we keep your order summaries so that you can review past purchases and the addresses to which you have sent your orders (and repeat orders if you wish) and so that we can improve the relevance of the products and content we recommend. We store the personal data collected each time our platform is called up and files are transferred for a maximum period of one year. These data are stored for reasons of data security - in particular, to defend against attempted attacks on our web servers - as well as to ensure the stability and operational security of our systems.

We use up-to-date technical and organisational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. E.G.:

· To protect the security of your information during transmission, we use Secure Sockets Layer software (SSL). This software encrypts the data that you transmit.

· We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information of our customers. These security measures include asking you to provide proof of your identity before we disclose any personal information to you.

Our security measures are continuously improved in line with technological developments.

A transfer to external service providers may take place within the framework of commissioned processing under according to GDPR and FADP. These processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and the FADP and are regularly monitored.

The following Data Processors have been engaged for the platform:

- Netigate (Survey tool)

- EasyLMS (for SSOP exams)

- Mailchimp

– Sweap

- Pimcore (Cloud)

If necessary, other Data Processors can be added. Upon your request, we will provide you with a list of all Data Processors.

Some of our affiliates and contractors are located in countries with a different level of data protection. This is particularly the case for countries that do not belong to the European Economic Area (EEA). A full list of our affiliated companies can be found here: https://www.ivoclar.com/en_li/tools/group-companies

The transfer of personal data to countries outside the EEA will only take place under the following conditions:

- if the European Commission takes a so-called adequacy decision on the third country pursuant to Article 45 GDPR, i.e. has declared that the third country provides a level of data protection adequate to that of the EU or Switzerland or that the recipient state ensures adequate protection (Art. 16, Para. 1 of the FADP); or

- without an adequacy decision but with a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission or Switzerland in the currently applicable version) have been agreed in a legally binding manner with the recipient of the data; or

- without an adequacy decision and without a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission or Switzerland in the currently applicable version) and additional safeguards have been agreed in a legally binding manner with the recipient of the data. Additional safeguards may include binding internal data protection rules (e.g. intercompany agreements with third party effect, Binding Corporate Rules) or a positive law enforcement report, a risk assessment questionnaire with a low risk result or a declaration not to be subject to US FISA 702. You can request a copy of these agreements from the Data Controller or the Data Protection Officer; or

- if you have expressly consented to the proposed data transfer or we are entitled to transfer for another reason mentioned in Article 49 GDPR or the FADP.

Your personal data will only be forwarded to the extent necessary to fulfil our obligations, in particular within the Ivoclar Group. We will not sell, license or rent your personal data to parties other than those already mentioned without your consent. We will disclose your information if we have a good faith belief that disclosure is necessary to comply with the law, for law enforcement purposes or to comply with a court order, or to protect the rights, property or safety of another person, including our own property or rights.

In some cases, e.g. if there is a corresponding court order, we are legally required to transmit data to a requesting public authority or a third party. This may also be without being allowed to inform you.

This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.

For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object.

https://fuse.ivoclar.com/de/5rat9XCVP2

The website uses Dynatrace as a monitoring tool for technical issues users could experience. Dynatrace is a US company located in Waltham. The solution tracks technical errors and stores an anonymized user session recording if errors appear.

For more information, please refer to the data compliance declaration of Dynatrace: https://www.dynatrace.com/news/blog/dynatrace-compliance-general-data-protection-regulation-eu- citizens/?_ga=2.240076480.2120944121.1672732636- 569994417.1672732636&_gac=1.216845156.1672816654.CjwKCAiAwc- dBhA7EiwAxPRylEMMIZSMLTplLPToXiMj_CNTbq_ylLis70- zANsk5WjGdyXvG5hMYBoC1Q8QAvD_BwE

The representative corresponding to Art 27 DSGVO of Candulor AG in the EC is Candulor Dental GmbH, Am Riederngraben 6, 78239 Rielasingen-Worblingen, Germany, phone +49 7731 79783-0, info@candulor.de.

We may amend this privacy policy at any time by publishing the amended version. The respective changes will be announced here so that you can find out about them at any time.

Überarbeitet: April 2024