The website of conventionTEAM AG (hereafter referred to as “CTAG”) is subject to Swiss data protection law, including in particular the Swiss Federal Act on Data Protection (DPA) along with any applicable foreign data protection law, such as for example the General Data Protection Regulation (GDPR) of the European Union (EU). The EU has recognised that Swiss data protection law guarantees an adequate level of data protection.

Our website may be accessed by transport encoding (SSL/TLS).

Thank you for taking an interest in our company. Data protection is particularly important for us. As a matter of principle, the CTAG website can be used without providing any personal data.

However, should a data subject wish to receive particular services from our company through our website, it may be necessary to process personal data. If any personal data have to be processed but there is no legal basis for such processing, we shall in general obtain the consent of the data subject.

Personal data, such as for example the name, address, email address or telephone number of a data subject, are processed at all times in accordance with statutory data protection requirements. By this Privacy Statement, our company would like to inform the general public of the nature, scope and purpose of the personal data collected, used and processed by us. In addition, this Privacy Statement also informs data subjects of their rights. As the controller, CTAG has put in place numerous technical and organisational measures in order to ensure that the personal data processed through this website are protected as seamlessly as possible. However, as a general matter online data transfers can feature security vulnerabilities, with the result that it is not possible to guarantee absolute protection. For this reason, each data subject may choose to transmit personal data to us using alternative means, such as over the telephone.

1.   Name and address of the controller

The controller for all legal purposes (hereafter, the “operator”) is: conventionTEAM AG
Oberseeburg 10
6006 Lucerne
Tel.: +41 (0) 41 371 18 60
Email: info@conventionteam.ch

2.   General information concerning data processing

Whenever our website is visited, we collect and use in the first instance only the data referred to in section 3. Other than this, as a matter of principle we only process the personal data of our users where this is necessary in order to provide a properly functioning website along with our content and services. As a rule, personal data are only collected from our users and processed with the consent of the specific individual user. An exception applies in situations in which it is not possible to obtain consent in advance due to practical reasons and the data processing is permitted by law.

1.1.  Legal basis for the processing of personal data

If we obtain the consent of the data subject for the processing of personal data, the legal basis for the processing of personal data is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR).

The legal basis for the processing of personal data that is necessary for the performance of a contract to which the data subject is party is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (b) of Article 6(1) GDPR. This also applies to processing that is necessary for the implementation of pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (c) of Article 6(1) GDPR.

If processing is necessary in order to protect a legitimate interest of our company or of a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (f) of Article 6(1) GDPR.

1.2.  Erasure of data and duration of storage

The personal data of the data subject are erased or made unavailable as soon as the purpose for which they were stored no longer applies. Data may also be made unavailable if provided for under European or national legislation within EU regulations, laws or other provisions to which the controller is subject. Data may also be made unavailable or erased upon expiry of a storage period provided for under the above-mentioned provisions, unless the further storage of the data is required in order to enter into a contract or for the performance of a contract.

3.   Provision of the website and creation of log files

3.1.  Description, purpose and scope of data processing

Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • information concerning the browser type and version used
    • the user’s operating system
    • the user’s IP address
    • the data and time of access
    • the websites from which the user’s system was directed to our website
    • the websites that were visited by the user’s system from our website
    • username (if the user is logged in)

The IP address must be stored temporarily by the system in order to enable the website to be displayed on the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. Log files contain IP addresses or other data that can be attributed to a particular user. This may be the case for instance if the link to the website that directed the user to the website or the link to the website subsequently visited by the user contains personal data.

Data are also stored in log files on our system. These data are not stored alongside other personal data of the user. Data are stored in log files in order to ensure the proper functioning of the website. In addition, we require the data in order to optimise the website and to ensure the security of our computer systems. No data are assessed for marketing purposes in this regard.

3.2.  Legal basis for data processing

The legal basis for the temporary storage of data and log files is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (f) of Article 6(1) GDPR.

3.3.  Duration of storage

Data are erased as soon as they are no longer required in order to fulfil the purpose for which they were stored. Technical server log files are automatically erased after 365 days.

3.4.  Ability to object to processing and to remove data stored

The collection of data in order to display the website and the storage of data in log files is absolutely necessary in order operate the website. It is not therefore possible for the user to object to such processing.

4.   Usage of cookies

This website uses cookies. Cookies are text files that are lodged and stored on a computer system through an internet browser.

Numerous websites and servers use cookies. A large number of cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It is made up of a string of characters by which websites and servers can be attributed to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish between the data subject’s individual browser and other internet browsers containing other cookies. A particular internet browser can be recognised again and identified by the unique cookie ID.

The usage of cookies makes it possible to provide the visitors to this website with more user- friendly services, which would not be possible without cookies.

Cookies enable the information and content contained on our website to be optimised in line with the user’s own requirements. Cookies allow us, as mentioned above, to establish whether a user has previously visited our website. The purpose of this recognition is to make it easier for users to interact with our website. For example, the user of a website that uses cookies does not have to enter his or her access credentials again each time he or she visits the website, because this

information is retrieved from the website and the cookie stored on the user’s computer system. A further example is the cookie used for a basket in an online shop. The online shop notes the item that a customer has placed in the virtual basket using a cookie.

The data subject can prevent cookies from being saved by our website at any time by adjusting the appropriate settings on the internet browser used and thus object to the storage of cookies until further notice. In addition, any cookies that have previously been saved may be erased at any time using an internet browser or other software. This is possible in all commonly used internet browsers. However, if the data subject disables cookies in the internet browser used, in some cases it may not be possible to use all functions of our website to the full.

4.1.  Description, purpose and scope of data processing

Our website uses cookies. A cookie may be stored on the user’s operating system whenever he or she user visits a website. This cookie contains a specific string of characters that will enable the browser to be identified unequivocally if the website is subsequently visited.

We use cookies in order to make our website more user friendly. The user data collected by cookies that are technically necessary are not used in order to generate user profiles.

We also use cookies on our website in order to analyse users’ browsing habits. The following data may be transmitted on this website:

  • search terms entered
    • frequency with which pages are visited
    • usage of website functions

Analysis cookies are used for the purpose of enhancing the quality of our website and its content. Analysis cookies help us to establish how the website is used, and thus enable us to continuously optimise our content.

4.2.  Legal basis for data processing

The legal basis for the processing of personal data and the usage of cookies is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (f) of Article 6(1) GDPR.

4.3.  Duration of storage, ability to object to processing and to remove data stored

Cookies are stored on the user’s computer and transmitted by it to this website. This means that, as the user, you also have full control over how cookies are used. You can disable or limit the transmission of cookies by adjusting the settings in your internet browser. You can delete cookies that have previously been saved at any time. This can also occur automatically. If cookies are disabled for our website, it is possible that it will no longer be possible to use all functions of the website in full.

5.   Contact forms and email contact

5.1.  Description, purpose and scope of data processing

Our website contains contact forms, which may be used in order to contact us electronically. If a user takes advantage of this option, the data entered into the input mask is transmitted to us and stored. These data include:

  • company name (optional)
    • form of address / title (optional)
    • surname / first name
    • address (optional)
    • post code / locality (optional)
    • country (optional)
    • email address
    • telephone
    • fax
    • message

The following data are also stored at the time the message is sent:

  • the user’s IP address
    • the date and time of registration

The personal data from the input mask is processed by us solely for the purposes of dealing with the issue raised in the contact. If we are contacted by email, the requisite legitimate interest in processing the data is also to deal with the issue raised when contacting us. The other personal data processed during the transmission serve the purpose of preventing the abuse of the contact form and ensuring the security of our computer systems.

No data are disclosed to third parties in this regard. The data are used exclusively for processing the conversation between us.

5.2.  Registration form for conferences

In order to register for a conference certain personal data must necessarily be provided in relation to the arrangement of the conference. However, we only use these data in order to process your registration. In the event that any hotel reservations are made through our website the following data will be forwarded to the hotels (surname, first name, institution/company, postal address, telephone number, email address, date of arrival, date of departure, room category).

You will then receive an email confirmation for the conference, and also for the hotel reservation if applicable, for which we shall require your email address.

The information will not be disclosed to any third party.

5.3.  Abstracts

The abstracts provided by you will be collected by us and stored in the back office under the contact person. The abstracts will thereafter be forwarded to the publisher Dermatologica Helvetica – which will then publish your work as a supplement to the Dermatologica Helvetica conference issue.

5.4.  Legal basis for data processing

The legal basis for the processing of the data is, where consent has been provided by the user, the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (a) of Article 6(1) GDPR.

The legal basis for the processing of personal data transmitted in relation to email communication is the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (f) of Article 6(1) GDPR. If the purpose of the email contact is the conclusion of a contract, the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (b) of Article 6(1) GDPR constitutes an additional legal basis for processing.

5.5.  Duration of storage

Data are erased as soon as they are no longer required in order to fulfil the purpose for which they were stored. This is only the case for the personal data provided in the input mask in the contact form and any data sent by email if the relevant conversation with the user has ended. The conversation will be deemed to have ended if it is clear from the circumstances that the issue in question has been conclusively clarified.

5.6.  Ability to object to processing and to remove data stored

The user has the ability to withdraw his or her consent at any time to the processing of data. If the user contacts us by email (contact form), he or she may object at any time to the storage of his personal data. Should he or she do so, it will not be possible to continue the conversation and consent must be withdrawn over the telephone.

In such an eventuality, all personal data stored in relation to the contact will be erased.

6.   Rights of the data subject

If your personal data are processed, you have the status of a “data subject” for the purposes of the Swiss Federal Act on Data Protection (DPA) and, if and insofar as applicable, the GDPR and have the following rights against us as the controller. In order to exercise your rights, please contact us stating your concern.

6.1.  Right of access

Each data subject has the right to obtain at any time from the controller access free of charge to the personal data concerning him or her that have been stored and to receive a copy of these data. You can obtain from the controller confirmation as to whether or not any personal data concerning you are being processed by us.

6.2.  Right to rectification

Each data subject has the right to obtain the erasure of personal data concerning him or her without undue delay. In addition, the data subject has the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3.  Right to restriction of processing

Each data subject has the right to obtain from the controller the restriction of processing where any of the prerequisites laid down by law in the Swiss Data Protection Act (DPA) or, if and insofar as applicable, in Article 18(1) GDPR applies.

6.4.  Right to erasure

Each data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where any of the grounds set forth in the Swiss Data Protection Act (DPA) or, if and insofar as applicable, in Article 17(1) GDPR applies.

6.5.  Right to data portability

Each data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided where the processing is based on consent pursuant to the Swiss Data Protection Act (DPA) or, if and insofar as applicable, point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means.

6.6.  Right to object

Each data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the Swiss Data Protection Act (DPA) or, if and insofar as applicable, on points (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on those provisions.

In the event of any objection, the company will no longer process the personal data, unless we are able to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If the company processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

6.7.  Right to withdraw consent under data protection law

Each data subject has the right to withdraw at any time his or her consent to the processing of personal data.

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.8.  Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the Swiss Data Protection Act (DPA) or, if and insofar as applicable, the GDPR.

7.   Saferpay

If you have decided to use the Saferpay payment method, the payment will be processed through the payment services provider SIX Payment Services Ltd, Hardturmstrasse 201, 8005 Zurich, Switzerland, to which we pass on the information provided by you in relation to the order along with information concerning your order (name, email address, postal address, account number, sort code, credit card number if applicable, invoice amount, currency and transaction number). Your data are disclosed exclusively for the purpose of payment processing through the payment services provider SIX Payment Services Ltd.

The Privacy Statement of SIX Payment Services Ltd may be consulted here: https://www.six- payment-services.com/en/services/legal/privacy-statement.html

8.   Links to other websites

The website may occasionally contain links (interactive references) to third party websites, for which conventionTEAM AG bears no responsibility. ConventionTEAM AG has no influence whatsoever over the content and design of the linked external pages or websites to which the user is directed through these links. The relevant providers are exclusively responsible for the content and design of these websites and for compl