consisting of Dottikon ES Holding AG, Dottikon Exclusive Synthesis AG and Dottikon ES Management AG (hereinafter "DOTTIKON ES").
1. General Provisions
DOTTIKON ES (hereinafter also referred to as "we" or "us") collects and processes personal data of (a) customers, suppliers, and their subcontractors who request or obtain services or products from us or offer or deliver their services or products to us, (b) job applicants or future employees, (c) visitors to our website, as well as other visitors of our site or in the context of physical or virtual events and activities, and (d) other interested parties who contact, interact, or collaborate with us through various channels (collectively referred to as "Business Partners", also referred to as "you" or "your"). We use the term "Data" synonymously with personal data or personally identifiable information. These terms and those used below generally correspond to the applicable statutory definitions, unless otherwise understood in the relevant context, with priority given to the definitions contained in the Swiss Federal Act on Data Protection ("FADP").
Dottikon Exclusive Synthesis AG, Hembrunnstrasse 17, 5605 Dottikon, Switzerland (the "Controller") is responsible for the processing of Data by DOTTIKON ES. You can contact us regarding your Data protection concerns and to exercise your rights under Section 10 at the address provided above. Other group companies of DOTTIKON ES Group not mentioned above are independent controllers.
3. Purpose of Processing
We process Data for the following purposes if you communicate with us as a Business Partner or interact with us in any other way. These purposes are based on legitimate interests held by you, us, third parties, or the public. Further information with regard to the online area can be found beginning in Section 11. You can find further information on the legal basis for our processing in Section 5.
- Compliance with Legal and Regulatory Requirements: We process your Data in order to comply with laws, directives, and recommendations of authorities, as well as both internal and external regulations. We process Data to comply with these obligations and to detect and prevent potential breaches. These obligations may relate to Swiss law but also to foreign provisions, self-regulation provisions, industry standards, and our own corporate governance and instructions, as well as requests from official or other supervisory bodies. This includes but is not limited to implementing the requirements of good manufacturing practice in the manufacture of active pharmaceutical ingredients and medicinal products (ICH Q7 and other requirements of health authorities such as Swissmedic, FDA, and EMA) and complying with occupational safety and Data safety, as well as operating licenses. We also process Data in order to comply with the statutory disclosure obligations for listed companies and to support our shareholders. We also process Data in order to comply with statutory obligations to combat money laundering, corruption, and terrorism, as well as in relation to the Known Consignor security program. In certain cases, we are obligated to make inquiries about Business Partners or to provide information or reports to authorities (e.g. based on supervisory and tax law obligations or sanction lists). This also includes the receipt and processing of complaints and other reports, the monitoring of communications and sites, internal investigations, or the disclosure of documents to an authority, e.g. a supervisory or law enforcement authority or an appointed private body, if we have sufficient grounds or are required by law to do so.
- Security: We process your Data to ensure your safety and ours, to prevent damage to human beings, animals, and the environment, and to prevent any misuse. Therefore, we also process Data to ensure operational security (e.g. property monitoring and access control), health protection (e.g. first aid), IT security, to prevent damage, theft, fraud, and misuse, and for evidentiary purposes (e.g. incident logging). Access controls include both the control of access to electronic systems (e.g. logging into user accounts) and physical access control (e.g. access logs to premises or visitor lists). For security purposes, we also use surveillance systems (e.g. security cameras and Data movement monitoring). The processing also includes training, monitoring, and enforcement of security requirements (e.g. by means of disciplinary measures).
- Communication: We process your Data in relation to our communication and interaction with you, particularly to respond to inquiries and concerns or queries related to them, as well as in processing inquiries and notifications from us addressed to you.
- Performance of Contracts: We enter into a wide variety of contracts with our Business Partners in relation to our business activities. We process your Data for initiating, forming, administering, processing, performing, and terminating such contractual relationships. In this context, we process your Data to manage the business relationship and to provide, maintain, record, request, and enforce contractual services. This also includes the purpose of the Data processing in relation to the application process, in which we check your Data for suitability for employment with us. If an employment contract is made with you, your Data will be further processed during the employment relationship.
- Management and Administration: We process your Data for the purposes of management and administration in relation to our business activities. This includes but is not limited to documentation on compliance with legal and regulatory requirements, communication, for security-related precautions and determinations, contract processing, business development, risk and quality management, protection of our rights, as well as the maintenance, processing and archiving of this Data.
- Business Development: We process your Data for marketing and business development purposes and for efficient and effective relationship management (e.g. in order to provide our Business Partners with information about our services and products or news in a targeted manner). This can be done, for example, in the form of information letters, addresses, inquiries or other contacts via different channels. We further process your Data in order to advise on and improve the services and products in relation to costs and benefits, in line with market needs. In doing so, we analyze which services and products are required or offered by which Business Partners and in what manner. This gives us an indication of the market acceptance of existing services and products or offers and the market potential of new services and products or offers and allows us to provide better and more value-added business support.
- Risk and Quality Management: We process your Data for purposes of our risk and quality management, for training purposes and for prudent and sustainable corporate governance and development. In this way, the probability of the occurrence and the extent of possible events are assessed and appropriate measures are derived to control or reduce the risks of business operations and to assure or improve the quality of services and products. For example, as part of our financial administration, we also monitor our debtors and creditors with the aim of ensuring solvency and preventing crime and misuse.
- Protection of Rights: We process your Data to safeguard our rights in order to enforce claims before, in or outside of court and claims brought before authorities in Switzerland and abroad, or to defend ourselves against claims, for example by securing evidence, conducting legal investigations, and participating in court or administrative proceedings.
- Other Purposes: We also process your Data for purposes notified to you separately. As part of our corporate governance and development, we may sell or acquire businesses, parts of businesses, or companies to others or enter into partnerships, which may also lead to the sharing and processing of Data pertaining to Business Partners. Safeguarding other legitimate interests is also one of the other purposes that cannot be defined exhaustively.
It should be made clear at this point that we do not sell your Data or offer it for sale.
4. Processed Data
We process various categories of Data about you for the purposes referred to in Section 3. This Data includes Data in acoustic, visual, tangible, or intangible form and is processed in physical or electronic format. The main categories that may be considered and are not mutually exclusive, depending on how we interact with you, are as follows:
- Master Data: This includes basic Data, such as form of address, name, contact data (e.g. telephone number, postal and email address), and further information (e.g. about role and function, date of birth, nationality, details of associated persons, interaction history, powers of attorney, official documents, payment information, signature authorizations, and statements of consent). In certain cases, this may also include health data (e.g. allergies, infection risks, health history) and information about third parties (e.g. contact persons).
- Contract Data: This includes Data generated in relation to entry into a contract or the processing, performance, and administration of a contract (e.g. information on the formation, responsibility, nature and content, as well as adaptation and enforcement of contracts that are necessary or used for the processing, as well as for security and liquidity checks).
- Communications Data: This includes Data stemming from communications with us (e.g. if you are in contact with us via the contact form, by email, telephone, by letter, or in conversation). Communication Data may contain metadata.
- Technical Data: This includes Data that is technically necessary for the functioning of our systems, such as the IP address, device ID, individual codes (e.g. in the form of a cookie, see Section 11) and information about the operating system of your end device, the date, region and time of use as well as the type of browser on your end device, logs concerning the use of our systems and other technical Data.
- Registration Data: This includes Data used for registration or access control (e.g. registration for sending information, events or activities, contests, visitor, entry or access registration).
- Behavioral and Preference Data: This includes Data about behavior, likes and preferences, whereabouts and movements, as well as interaction with our profiles on third-party systems (e.g. social media) and participation in events and activities.
- Image and Audio Data: This includes Data from images, video, and audio recordings (e.g. recordings of site visits by security cameras, recordings of events and activities).
- Other Data: This includes Data from official or court proceedings (e.g. files, evidence), share registers concerning our shareholders, and other Data that does not pertain to any of the above categories but arises from a processing purpose specified below.
Much of the Data referred to in this Section 4 is disclosed to us by you or a third party associated with you (e.g. in the context of communication, interaction with us, in relation to contracts, when using the website). You or the third party are not obligated to disclose your Data, except in individual cases (e.g. in the context of binding legal and regulatory obligations). When you interact with us as a Business Partner, you must provide us with Data as part of your contractual obligation, as this is the only way we can meet the expectations of the interaction. Otherwise, the interaction is made more difficult or even impossible and must be terminated. We collect some of the Data referred to in this Section 4 or have it collected when you interact with us. To the extent permitted, we collect such Data ourselves (e.g. by monitoring access) or obtain it from publicly available sources (e.g. industry-specific databases, debt collection registers, land registers, commercial registers, media, and the Internet) or from other companies within our Group, from authorities, persons close to you, and other third parties (e.g. references, credit reporting agencies, associations, intermediaries, contractual partners, and internet analysis services).
5. Basis for Data Processing
We process Data for the purposes described in Section 3 in order to pursue the related purposes and take appropriate measures, particularly if this is necessary for the initiation, conclusion, management, performance, or termination of a contract with a Business Partner or for the safeguarding of legitimate interests, is based on consent or is necessary in order to comply with Swiss or foreign legal provisions. You may revoke your consent at any time by notifying us in writing (see contact details in Section 2). Where you have a user account, you can also revoke your consent or contact us via the unsubscribe links. As soon as we have received and processed the notice of revocation of your consent, we will, as per your revocation, no longer process your Data for the purposes to which you originally consented unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing performed based on your consent prior to its revocation. In individual cases, other legal grounds may apply.
6. Disclosure to Third Parties
In relation to our contracts, our websites, our services and products, our legal obligations or otherwise in order to safeguard our legitimate interests and the further purposes listed in Section 3, we also transfer your Data defined in Section 4 to third parties, particularly to the following categories of recipients:
- Service Providers: To enable us to focus efficiently and effectively on our services and products, as well as on our core competencies, and to supplement our resources with specialist and technical expertise in a targeted manner, we procure services from third parties in Switzerland and abroad in certain areas. These service providers receive from us the Data necessary to perform their service for the purpose of processing on our behalf, under joint responsibility or on their own responsibility. These services concern e.g. payment, insurance, IT, communication, health, security, printing, shipping, and legal services. Our processors are obligated to process Data exclusively in accordance with our instructions and to take appropriate Data security measures. Other Business Partners may also process Data regarding the use of their services and other Data as independent controllers for their own legitimate interests. Such service providers provide information about their independent Data processing in their own privacy policies (e.g. providers of tools that we have integrated into our website).
- Customers and Suppliers: This includes customers, suppliers, and other Business Partners who purchase our services and products, offer their services and products to us, or otherwise interact with us. If you yourself work for or with such a Business Partner on our behalf, we may transmit Data about you to them or to other Business Partners in this regard. These Business Partners are independent controllers for the processing of your Data and provide information about their Data processing in their own privacy policies.
- Public Authorities: These include public offices, courts and other authorities in Switzerland and abroad to which we disclose Data directly or indirectly, particularly if we are obligated or entitled by law or regulation to do so or if this appears necessary in order to safeguard our interests and those of third parties. This includes but is not limited to legal duties to provide information, to report and to cooperate, as well as regulatory requirements and investigations, as well as in-court and out-of-court proceedings. The authorities process these Data on their own responsibility.
- Other Persons: This refers, inter alia, to persons involved in administrative or judicial proceedings, external payees, as well as other third parties in agency relationships or other cases in which their involvement results from the purposes set out in Section 3. Unless we are materially involved in these data collection operations, these other persons are solely responsible for them. In case of concerns and in order to assert your data protection rights, please contact these other persons directly.
All of these categories of recipients may, in turn, involve third parties so that your Data can also be accessible to them. We may restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. public authorities or banks).
7. Disclosure of Data Abroad
As explained in Section 6, we also disclose Data to third parties. They are not only located in Switzerland. Nevertheless, your Data will continue to be subject to adequate data protection in European countries (EU and EEA). Other countries currently do not have laws in place that, from the perspective of the FADP or the EU General Data Protection Regulation, guarantee an adequate level of data protection for the disclosure of Data. Your Data may also be processed in such countries, particularly in the USA, Canada, Albania, Japan, Singapore, Taiwan, China, India, and the Philippines, but in exceptional cases in any country in the world.
One way to ensure adequate data protection is, for example, the use of data protection agreements with the recipients of your Data in third countries, who must ensure the necessary data protection accordingly. For this purpose, we use the revised standard contractual clauses of the European Commission or similar instruments. Please note that such pre-contractual steps compensate in part for legal protection that is deficient or lacking, but they cannot entirely exclude all risks. An exception may apply, in particular, in the case of legal proceedings conducted abroad, but also in cases of overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if the Data in question is made publicly available by you and you have not objected to the processing of such Data. Please also note that Data exchanged over the Internet is often transmitted via third countries. Your Data may therefore also be transferred abroad even if the sender and recipient are located in the same country.
8. Duration of Data Processing and Retention
We process your Data for as long as our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidentiary purposes require it, or for as long as storage is required for technical reasons. Data processing for the purposes of documentation and evidence-gathering include our interests in documenting processes, interactions, and other facts in the event of legal claims, inconsistencies, for the purposes of maintaining the security of our IT and other infrastructure, and to demonstrate good corporate governance and compliance. Retention may be required for technical reasons if certain Data cannot be separated from other Data and we therefore have to store it together with that other Data (e.g. in the case of backups or document management systems). Unless required for technical reasons, we will delete or anonymize your Data after the last use and expiration of the storage or processing period in accordance with our usual procedures, legal, regulatory, and contractual requirements (generally, at least after thirteen , ten  or five  years; for certain other Data shorter periods apply). Otherwise, access will be restricted through technological means.
9. Data Protection and Security
We take appropriate security measures to maintain the confidentiality, integrity, and availability of your Data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, accidental alteration, unwanted disclosure, and unauthorized access. Technical and organizational security measures may include measures such as data encryption and pseudonymization, logging, access restrictions, storage of backup copies, instructions to our employees, confidentiality agreements, and monitoring. We protect your Data transmitted via our website during transport by means of appropriate encryption mechanisms. However, we can only secure areas that we control. We also require our processors, where possible, to take appropriate security measures. However, security risks cannot generally be completely ruled out. Residual risks are unavoidable.
Applicable data protection law grants you the right to object to the processing of your Data in certain circumstances, particularly for direct marketing purposes, direct marketing profiling, and other legitimate interests in the processing.
In accordance with and insofar as provided by applicable law (as is the case where the EU General Data Protection Regulation [GDPR] applies), you have the rights of access, rectification, and erasure of your Data, the right to restriction of processing or the right of objection against our Data processing, in addition to the right to receive certain Data for transfer to another controller. Please note, however, that we reserve the right to invoke the applicable legal restrictions on our part. In particular, we may need to further process your Data in order to fulfill a contract with you, to safeguard our own legitimate interests or those of third parties, such asserting, exercising, or defending against legal claims, or to comply with legal obligations. Therefore, to the extent permitted by law, particularly to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may also reject your request in whole or in part. If this results in costs for you, we will inform you in advance. We have already provided information about the possibility of revoking your consent in Section 5. Please note that the exercise of these rights may conflict with your contractual obligations, and this may result in consequences such as early contract termination or costs. In order to assert your rights, you may contact us in writing at the address shown in Section 2. The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by means of a copy of your ID card, where your identity cannot otherwise be clearly verified). In addition, every data subject has the right to enforce his/her rights in court or to file a complaint with the appropriate data protection authority. The appropriate data protection authority in Switzerland is the Federal Data Protection and Information Commissioner. You also have these rights with respect to third parties who work with us on their own authority. Please contact them directly if you wish to exercise any rights in relation to their processing.
When you access and use our website, we may place something called cookies – small text files – or similar tools on your computer. We use these cookies to recognize you as a user of the website, to customize content, improve the performance of the site, and improve its ease of use.
We only use functional cookies. Functional cookies serve a variety of purposes for the presentation, functionality, and performance of a website and, in particular, to improve visitors' experience and enjoyment of the website. They enable a website to store information already provided (e.g. username, location, or language selection) and offer you enhanced, more personal features. Functional cookies are used, for example, to remember things such as your login credentials. These cookies cannot track your movements on other websites. We use such functional cookies, and they may be placed by us or by a third party on our behalf.
12. Google Analytics
13. Plug-ins and Links
We use the plug-ins and links described below on our website. Every provider is responsible for guaranteeing that the operation of their website adheres to data protection guidelines. If you use the services or links to the social networks independently or in conjunction with our website, the social networks and, if applicable, the services will evaluate your use. In this case, information about the use of the plug-in and, if applicable, the links will be forwarded to the social networks and, if applicable, the services.
- Social Media and Video Portals: Our website uses links to social networks and plug-ins from video portals. Where possible, we implement the "extended privacy mode," which means that no information about you is transmitted to these services if you do not select the relevant content. However, if you access the corresponding content on our website, your browser establishes a direct connection to the servers of these video portals. Your Data (including your IP address) is transmitted by your browser directly to and stored on a server of the corresponding service (including in the USA). Further information on the purpose and scope of Data collection and processing by these providers can be found in their own privacy policies. There you will also find more information about your rights and settings for protecting your privacy. We currently use plug-ins from YouTube and Vimeo for the purpose of embedding videos in our website.
Last updated: 24.01.2024