Data privacy

Data Protection: Data Controller.

The responsible party within the meaning of data protection laws, in particular the Swiss Federal Act on Data Protection (Swiss DSG, 01.09.2023) and the EU General Data Protection Regulation (EU GDPR), is:

JAKSCH LIFESCIENCE CONSULTING GmbH*

An der Aare 2

4663 Aarburg

Switzerland

Phone: +41 62 791 09 71

E-Mail: info@jlsc.ch

Website: https://www.jlsc.ch

*Also referred to as “we,” “us,” or “our” in this data privacy.

General Information.

Based on Article 13 of the Swiss Federal Constitution, every person has the right to protection of their privacy as well as protection against misuse of their personal data. We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.

Our website and associated landing pages can be used without registration. BY USING OUR WEBSITE AND LANDING PAGES, YOU CONSENT TO COLLECTING, PROCESSING, AND USE OF DATA IN ACCORDANCE WITH THE FOLLOWING DESCRIPTION. When you use our website and landing pages, we only collect and process anonymised, impersonal usage data. Data such as the pages accessed or the name of the file(s) accessed, and the date and time of the access are stored on the server for statistical purposes without this data being directly related to your person. Besides, we may request you to voluntarily provide personal data (name, address, e-mail address, function, and company) on particular occasions, with the specific purposes described in this document, and complying with national and international legislation.

Processing of Personal Data.

Definitions.

The following terms are applicable in the present document and defined by Art. 5 of the Swiss DSG and Art. 4 of the EU GDPR:

• Personal data is any information relating to an identified or identifiable person. In other words, the data that can identify you.
• The data subject is a person whose personal data is processed. In other words, you.
• Controller means a private or legal person who determines the purpose and the means of processing personal data. In other words, we, the JAKSCH LIFESCIENCE CONSULTING GmbH (JLSC) act as controller.
• Processor means a private or legal person that processes personal data on behalf of the controller. This refers to us or our trusted third-party associates.
• Processing includes any handling of your personal data, regardless of the means and procedures used, particularly the collection, storage, keeping, use, modification, disclosure, archiving, deletion, or destruction of the data.
• Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
• High-risk profiling (Swiss DSG) means profiling that poses a high risk to the data subject’s personality or fundamental rights by matching data that allow an assessment to be made of essential aspects of the personality of a natural person.

The Swiss Federal Act on Data Protection (Swiss DSG).

Following the Swiss DSG, we process your data lawfully, in good faith, and proportionately to meet specific purposes. The Swiss DSG generally allows us to process personal data without any specific legal basis. However, we must request your consent to process personal data according to Swiss law when the following cases apply:

• Processing sensitive personal data (Art. 5, Swiss DSG).
• High-risk profiling by a private person.
• Cross-border disclosure of personal data to States for which adequacy by the Swiss Federal Council is not decided (Art. 17 paragraph 1a, as a derogation to Art. 16, Swiss DSG).

We also must inform you – and we do so via this document - whether we collect your data or not; for which purpose; if we disclose data abroad; and with which State your data is shared (Art. 19, Swiss DSG).

The European General Data Protection Regulation (EU GDPR).

Furthermore, to the extent and insofar as the EU GDPR is applicable (Art. 3 paragraph 2a, EU GDPR), we process your personal data in accordance with the “lawfulness of processing” principle following the legal bases defined in Art. 6, EU GDPR:

• Consent (Art. 6 paragraph 1a, EU GDPR): The data subject has given their consent to processing personal data relating to them for a specific purpose or purposes.
• Performance of a contract and pre-contractual requests (Art. 6 paragraph 1b, EU GDPR): Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
• Legal obligation (Art. 6 paragraph 1c, EU GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Protection of vital interests (Art. 6 paragraph 1d, EU GDPR): Processing is necessary to protect the vital interests of the data subject or another natural person.
• Legitimate interests (Art. 6 paragraph 1f, EU GDPR): Processing is necessary to protect the legitimate interests of the controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Insofar processing of special categories of personal data is performed within the meaning of Art. 9 paragraph 1 of GDPR, and based on:

• Application procedure as a pre-contractual or contractual relationship (Art. 9 paragraph 2b, EU GDPR): personal data is from applicants so that the data controller or the data subject can exercise the rights accruing to them under labour law and social security and social protection law and fulfil their obligations.
• Protection of vital interests (Art. 9 paragraph 2c, EU GDPR): in case of protection of vital interests of the applicants or other persons.
• Preventive or occupational medicine (Art. 9 paragraph 2h, EU GDPR): for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care, or treatment in the health or social sector or for the management of systems and services in the health or social sector.
• Consent (Art. 9 paragraph 2a, EU GDPR): In the case of communication of special categories of data based on voluntary consent.

Data We Collect.

We collect personal data directly from people when obtaining business cards, processing subscriptions, and registrations to our online assets, processing registration to events, and establishing business relationships. While accessing our services, we may ask you to provide us with specific personal data that can be used to contact or identify you. Personal data we may request includes, but is not limited to:

• Name and surname.
• E-Mail address.
• Phone number.
• Company details.
• Preferences and interests.
• Knowledge and competence.
• Payment information.
• Usage Data.

Usage data refers to the information we collect about how visitors interact with our website, landing pages, and additional web assets. These data provide insights to assess and evaluate the effectiveness of the content we publish on our web assets. Examples of usage data include, but are not limited to:

• Page views
• Unique visitors
• Bounce rate
• Time on the page (or web asset)
• Language preference
• Conversion rate
• Click-through rate
• Referral sources
• User interactions
• User feedback

In addition to this, we may also collect data indirectly from public sources, social media, and recruitment services. We collect such information to better understand and improve our services to our clients, prospects, subscribers, and individuals, to satisfy legal obligations, or to pursue our legitimate interests.

Use of Your Personal Data.

Regarding the use of your personal data, we employ a range of data processing activities with the following purposes:

Ensuring service provision and maintenance: This involves monitoring and tracking the usage of our services to ensure their continuous availability and optimal performance.

Implementation and fulfilment of contractual agreements: We undertake the necessary actions to implement, develop, comply with, execute, and conclude contracts for the services, products, or items agreed upon, as well as any other contractual agreement established with you.

Communication with you: We may contact you through email, telephone calls, video conferences, or other electronic communication methods to provide updates and informative messages regarding the functionalities, products, or contracted services. This includes important security updates when necessary or reasonable for their implementation, authenticating registered users and subscriptions, and job offers.

We shall remind you that no electronic method of communication and transmission over the Internet or method of electronic storage are 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Candidate evaluation: During the hiring process, we may request that you take some questionnaires to assess knowledge requirements. JLSC does not make any hiring decisions solely based on automatized decision-making, and humans review all applications.

Provision of news, special offers, and general information: We aim to keep you informed about our services, products, and events that are similar to those you have already purchased or shown interest in.

Handling of requests and inquiries: We manage and address your specific requests and inquiries submitted to us in a timely and efficient manner.

Account management: We process your registrations as a user of our training services or events, both in-person and online.

Business transfers: In the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, we may utilize your information to evaluate and execute such transactions. This includes scenarios such as bankruptcy, liquidation, or similar proceedings, where personal data about our service users may be transferred as part of the assets involved.

Other purposes: We may employ your information for additional objectives, such as data analysis, identification of usage trends, assessment of the effectiveness of our promotional campaigns, and continuous improvement of our services, products, marketing strategies, and overall user experience.

Relevant Legal Basis.

In accordance with Art. 19 Swiss DSG, we inform you that while the Swiss DSG allows data processing without any legal basis, we implement the following measures in all our data processing activities.

• We follow the data protection principles in accordance with Art. 6, Swiss DSG.
  • We process data lawfully.
  • We process data in good faith and proportionately.
  • We collect personal data for specific purposes.
  • We destroy or anonymise personal data once no longer required for the intended purpose of processing.
  • We take all the appropriate measures to correct, delete, or destroy incorrect or incomplete data within the extend of the purpose for which they were collected or processed.
  • If your consent is required, it is only valid if given voluntarily for one or more specific purposes.
  • We must request your consent for the processing of the following data:
    • Sensitive personal data.
    • High-risk profiling.
    • Cross-border disclosure of personal data to States for which adequacy by the Swiss Federal Council is not decided (Art. 17 paragraph 1a, as a derogation to Art. 16, Swiss DSG).
• We implement data protection by design and data protection by default as laid in Art. 7 Swiss DSG.
• We select third-party data processors that guarantee data security in accordance with Art. 8 and Art. 9, Swiss DSG.

In addition, compliant with Art. 13 EU GDPR, we inform you about the legal basis of our data processing activities. If the legal basis is not mentioned in the privacy policy, the following applies:

• The legal basis for obtaining consent is Art. 6, paragraph 1a and Art. 7, EU GDPR.
• The legal basis for data processing to fulfil our services, implement contractual measures, and respond to inquiries is Art. 6 paragraph 1b, EU GDPR.
• The legal basis for data processing to fulfil our legal obligations is Art. 6 paragraph 1c, EU GDPR.
• The legal basis for processing to protect our legitimate interests is Art. 6 paragraph 1f, EU GDPR.
• In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 paragraph 1d, EU GDPR serves as the legal basis.
• The legal basis for the processing of special categories of personal data following Art. 9 paragraph 1 of EU GDPR (e.g., health data, such as severely disabled status or ethnic origin) is requested based on the following:
  • Application procedure as a pre-contractual or contractual relationship (Art. 9 paragraph 2b, EU GDPR).
  • Protection of vital interests (Art. 9 paragraph 2c, EU GDPR).
  • Preventive or occupational medicine (Art. 9 paragraph 2h, EU GDPR).
  • Consent (Art. 9 paragraph 2a, EU GDPR).

Retention of Your Personal Data.

We value the importance of data protection and its alignment with our Privacy Policy. Accordingly, we will only keep your personal data for as long as it is necessary to fulfil the purposes outlined in this policy.

• Purpose-driven processing: We process your personal data for specific purposes and retain it only for as long as necessary to fulfil those purposes. These include:
  • Implementation and fulfilment of contractual agreements.
  • Direct communications about updates and informative messages regarding the functionalities, products, or contracted services.
  • Provision of news, special offers, and general information.
  • Handling requests and inquiries.
  • Account management.
• Compliance with legal obligations: In situations where legal or other obligations impose longer storage periods upon us, we diligently adjust our data processing practices to align with these requirements. We restrict processing accordingly, ensuring we fulfil our obligations while safeguarding your data.
• Usage Data for internal analysis: For the purpose of internal analysis, we retain usage data, which aids us in enhancing the security and functionality of our services. Typically, usage data is retained for shorter periods. However, in circumstances where it contributes to strengthening our service's security, improving its functionality, or when legally obligated to retain it for extended periods, we do so with the utmost care and compliance.

Data Security and Safety Measures.

General.

We make every effort to protect the personal data itself as well as against possible unauthorized access, loss, misuse, or falsification. Your personal data and its security are paramount to us. We value the importance of safeguarding your personal information and have taken comprehensive measures to protect it. However, we shall remind you that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

We go beyond reactive measures and integrate data protection into our operations. From the early stages, we prioritize data protection by incorporating privacy-friendly designs and default settings. Our protective measures encompass a range of actions, including controlling physical and electronic access to the data, as well as monitoring and managing data access, input, and disclosure. We also ensure data availability and maintain separation between different datasets. Additionally, we have established protocols that guarantee your rights as a data subject, including the ability to exercise control over your data, request its deletion, and promptly respond to any data threats that may arise.

SSL/TLS Encryption.

To ensure a safe browsing experience, we utilize SSL/TLS encryption protocols. Our website and landing pages use SSL/TLS encryption for security reasons and to protect the transmission of confidential content. This means that when you interact with our website, the data transmitted between your device and our servers is encrypted, safeguarding it from unauthorized access. Your personal data and usage data remain confidential and secure during transmission. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser line.

Transmission of Personal Data.

We process data at our operating offices and in collaboration with third-party processors, which might be located outside of Switzerland. This means the data protection laws in these locations may differ from those in your jurisdiction.

The recipients of this data may include service providers responsible for IT tasks or providers of integrated services and content on our website. Rest assured, we take all necessary steps to ensure that your data is treated securely and in alignment with our Privacy Policy. We will only transfer your Personal Data to an organization or country if we have adequate controls in place to protect your data. We strictly adhere to legal requirements and prioritize processors located in States for which the Federal Council has decided that an adequate level of data protection is guaranteed (Art. 16, Swiss DSG and Annex 1 SR 235.11, Datenschutzverordnung). In the absence of a decision by the Federal Council for a particular State where the third-party processor might be located, we establish appropriate contracts or agreements with the recipients of your data to safeguard your information (Art. 16 paragraph 2b, Swiss DSG and Annex 1 SR 235.11, Datenschutzverordnung). In addition, we also ensure that these countries have recognized data protection standards in place as per EU GDPR. This includes using EU Commission-approved standard protection clauses or relying on certifications and binding internal data protection regulations (Art. 44 to 49 EU GDPR).

BY AGREEING TO THIS POLICY, YOU UNDERSTAND AND ACCEPT THAT YOUR INFORMATION MAY BE TRANSFERRED AND STORED OUTSIDE SWITZERLAND OR THE EUROPEAN UNION.

Cookies and Tracking Technology Data Privacy Policy.

Cookies are small text files that are created by our websites and stored on your device’s browser (such as your computer or smartphone) when you visit them. They store small bits of information about your interactions with the site. They allow the website to remember your preferences and tailor the content just for you. They help make your online experience more personal.

• Temporary cookies (also known as session or session cookies): Temporary cookies are small pieces of data that are stored on your device while you are using our website. They are automatically deleted as soon as you leave the website or close your browser.
• Permanent cookies: Unlike temporary cookies, permanent cookies remain on your device even after you close your browser. They are used to remember your login status or display personalized content when you revisit a website. Advertisers may also use permanent cookies to store information about your interests for marketing purposes.
• First-party cookies: First-party cookies are created by the website under JLSC’s responsibility. They are used to improve your browsing experience on that specific website.
• Third-party cookies: Third-party cookies are primarily used by advertisers (also known as third parties) to collect and track user information. These cookies are placed on your device by third parties.
• Necessary cookies (also referred to as essential or absolutely necessary cookies): Some cookies are essential for a website to function properly. They may be required to save your login information, store user preferences, or ensure the security of the website.
• Statistics, marketing, and personalization cookies: Cookies are often used to gather information about user behaviour on websites. This includes measuring website traffic, analysing user interests, and creating user profiles. These profiles support the delivery of personalized content based on your potential interests. This process is commonly known as "tracking." If we use cookies or tracking technologies, we will provide you with separate information in our privacy policy or when obtaining your consent.

Tracking technologies include various methods that we use to monitor and analyse your interactions with our websites. These technologies go beyond cookies and provide deeper insights into your online interactions.

• Click redirects: the practice of redirecting a user's click from one webpage to another. When you click on a link or button on a website, a redirect can be set up to send you to a different webpage. This clicking event is registered to track:
  • Advertising: to track and attribute clicks and conversions.
  • Affiliate Marketing: to track and attribute clicks and conversions.
  • Mobile Optimization: to optimize the browsing experience for mobile users.
  • Content Distribution: to distribute content across different platforms.
  • Website Maintenance or Updates: During website maintenance or updates, click redirects can be employed to temporarily send users to a different webpage or display a maintenance message, ensuring a seamless user experience.
• Web Tags: These are small pieces of code or script embedded within a webpage or email. They serve to collect and transmit data about your interaction with our websites to various analytics platforms. These are also known as pixel tags, site tags, or web beacons. We commonly use them to:
  • Tracking website visits and interactions.
  • Monitor click-throughs and conversions.
  • Targeting advertisements.
• Social plugins: these are services that certain social networks provide for advertising purposes or for user analysis (e.g., Facebook or LinkedIn Like button). By using social plugins, JLSC receives data about your usage behaviour. You can deactivate social plugins (e.g., by activating the "Do Not Track" function of the respective Internet browser).

Cookies and tracking technologies alone do not furnish us with information that can personally identify you. To facilitate the analysis of usage data, we may gather additional markers such as IP addresses; however, this is solely for the purpose of tracking the number of visitors and unique visitors on our websites and landing pages. It's important to note that we do not single out individual visitors across any of our web assets.

BY NAVIGATING THROUGH OUR WEBSITES AND LANDING PAGES, YOU PROVIDE YOUR CONSENT FOR US TO IMPLANT ESSENTIAL COOKIES ONTO YOUR COMUPUTER OR INTERNET-ENABLES DEVICE. The legal foundation for processing your usage data using cookies and tracking technologies is founded upon either your explicitly granted consent, our legitimate interests, or the necessity of using cookies to fulfill our contractual commitments.

Should we be processing usage data based on your consent, you retain the option to exercise an "opt-out" at any point. This grants you the ability to retract your consent or raise objections to the processing of your usage data in accordance with the rights of data subjects as detailed within this data privacy statement.

Third Party Data Processors.

Social Media.

JLSC operates in the following social media pages:

• LinkedIn (https://www.linkedin.com/legal/privacy-policy).

LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland.

• Xing (https://privacy.xing.com/en/privacy-policy).

New Work SE

Am Strandkai 1

20457 Hamburg, Germany.

• Facebook (https://www.facebook.com/privacy/policy/).

Facebook Inc.

1601 S. California Ave, Palo Alto,

CA 94304, USA.

We use these social media pages to post updates, news, dedicated professional content, job offers, and advertisements. We utilize target group specifications provided by the social media operators for advertising objectives. Our processing activities solely involve employing anonymous target group specifications. These specifications encompass general demographic particulars, industries, interests, and affiliations. The social media platform's operators employ these specifications to deliver fitting advertisements to its user base. This practice is substantiated by the consent procured from the social media platform's members, forming the legal foundation for such activities.

Suppose you choose to register using these social media services or grant us access in any other way. In that case, we might gather personal information that is already available and linked to your social media service account. This could include details like your name, email address, and affiliation. Besides, the information you provide while interacting with our social media pages, including comments, videos, images, likes, and public messages, is processed by the social media platform. We retain the right to content removal if circumstances require. If it aligns with the social media platform's features and our interests, we might display your content on our social media account. The legal grounds for this are established under Article 6, paragraph 1f, EU GDPR.

In addition to our own data processing activities, the social media platform functions as an independent data controller, conducting its own data processing operations. However, our control over this process is limited.

Google Maps.

This website uses Google Maps to display interactive maps directly on the site. This makes it easy for you to use the map feature. When you visit the site, Google is informed that you've accessed a specific section of our site. This happens whether you have a Google user account and are logged in or not. If you're logged in to Google, your activity is linked to your account. To keep your activity separated from your Google profile, you should log out before using the map. Google saves your information as usage profiles, which it uses for advertising, market research, and improving its website. This analysis is done to provide tailored ads, even for users who aren't logged in, and to let others on the social network know about your actions on our site. Further information on the purpose and scope of data collection and its processing by Google, as well as further information on your rights in this regard and setting options for protecting your privacy, can be found at https://policies.google.com/privacy.

Google Analytics.

We use the services of the web analysis service Google Analytics:

• Google Inc.,

1600 Amphitheater Parkway Mountain View,

CA 94043, USA.

Google Analytics uses so-called "cookies". The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

If IP anonymization is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you, however, that in this case, you will, if applicable, not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Further information about data processing by Google Analytics can be found under the following link: https://policies.google.com/privacy?hl=en-GB.