The protection of your personal data (also referred to below as ‘data’) and your privacy is important to us. We are committed to handling your personal data responsibly. ‘Personal data’ refers to any information which identifies you or makes you identifiable, such as your first name and surname, address and email address.
It goes without saying that, when we process your personal data, we comply with the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Swiss Federal Act on Data Protection (VDSG) and other applicable data protection regulations, such as the EU General Data Protection Regulation (GDPR).
In this privacy statement, bio-familia provides information on what we do with your data when you visit our website, use our services, otherwise interact with us under a contract, communicate with us or engage with us in any other way. In addition, we can provide information on the processing of your data in separate documents, e.g. in declarations of consent, contractual terms, additional privacy policies, forms and notices.
Please read our privacy statement carefully. If you have any questions or comments regarding this privacy statement, you can direct them to the address provided in section 1 at any time.
The controller for the data processing described in this privacy statement is:
6072 Sachseln Switzerland
Phone: +41 (0)41 666 25 55
If you have any questions about data protection and the processing of your personal data, or if you wish to request information, please get in touch. You can contact us at firstname.lastname@example.org.
Certain service providers act as their own controllers, e.g. PayPal and credit card providers, if you use them. Here, too, these service providers’ privacy statements should be heeded.
On our website, we process data from the following categories, among others:
We also process the following data as part of customer relationships and business relationships:
We usually collect personal data from you directly. In addition, we obtain personal data via our address buyers, sponsorship partners, etc.
On our website and when providing our services, we process your data for the following purposes in particular:
Our standard legal basis for processing your personal data is usually:
An additional legal basis for processing your personal data is our overriding interests in processing this data, which include the following:
If required, we seek consent from you. If you have given your consent electronically by ticking a box, we will log the declaration of consent; in doing so, we may store your account name, the place on the page and the date and time. You can withdraw your consent or object to the processing at any time and in any format. A notice of withdrawal of consent and/or objection to processing should be sent to the address provided in section 1.
a.) When you visit the website
When you visit our website, the browser on your device that you use to access the website sends information to our website server. This information is temporarily stored in a log file. We collect the following information without any action on your part, and this information is automatically deleted after one month:
We process the above-mentioned data for the following purposes:
The data processing is based on our legitimate interest in processing the data. We will never use data collected in this way to identify you personally.
b.) When you use our contact form
We provide a contact form on our website, which you can use to contact us with any questions that you may have. The form requires you to enter a valid email address, your first name and surname, telephone number and message, so that we know who submitted the enquiry and are able to respond. All other details are provided voluntarily.
We process this personal data on the basis of our legitimate interest in corresponding with you and for the purposes of processing and your enquiry and resolving it.
You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the address provided in section 1.
We use various collaborative tools for telephone conferences, online meetings and video conferences (summarised below as ‘online meeting’). Various types of data are processed when these tools are used. The scope of the data depends on factors such as the data stated before or during participation in an online meeting. This data includes, for instance,
If online meetings are to be recorded, this is stated transparently in advance and, where necessary, consent is sought. Please send your withdrawal to the address provided in section 1 or to the following email address: email@example.com.
We have an overriding interest in processing this data. In these instances, our overriding interest lies in conducting the meetings effectively. Otherwise, the contract forms the legal basis for data processing relating to online meetings, provided that the meeting was conducted within the framework of contractual relationships.
d.) When you subscribe to our electronic newsletter
You can subscribe to our newsletter on our website.
If you have subscribed to our newsletter, we will use your email address to send you information about us and our offers, products and promotions. Please provide your first name, surname and title so we can address the newsletter to you personally. By subscribing to the newsletter, you authorise us to send regular newsletters to the address you have provided.
Subscribing to the newsletter is subject to a double opt-in procedure. This means that after you subscribe and tick the check box, you will receive an email prompting you to click on a link to confirm your subscription.
We perform statistical evaluations of user behaviour in relation to the newsletter in order to optimise the newsletter.
Each newsletter contains a web beacon, which is a pixel-sized file that is tracked by the server of the distribution platform when you open the newsletter. Initially, when you access the newsletter, technical information – such as information about your browser and system, your IP address and the date and time you accessed the newsletter – is collected. This information is used to make technical improvements to services on the basis of technical data, or to target groups and their reading habits on the basis of the locations of their visits (which can be determined with IP addresses). The web beacon also collects information about whether the newsletter was opened, when it was opened and what links you clicked on. Although this information can be associated with individual newsletter recipients for technical reasons, neither we nor the distribution platform intend to monitor individual users. Rather, the purpose of the evaluations is to identify the reading habits of our users and adapt our content to them, or to send various types of content in line with the interests of our users.
You can unsubscribe from the newsletter and withdraw your consent at any time. To do so, click on the link in the newsletter. The link to unsubscribe from the newsletter can be found at the bottom of every newsletter. You can also send a notice of your withdrawal of consent to the address provided in section 1.
e.) When you sign up for competitions
From time to time, we run competitions or similar promotions. We use the following personal data to run the competitions or promotions:
Personal data is processed solely in order to run the competition, to pick the winners and to send the prize. In some cases, we might share your personal data with other competition partners, e.g. to deliver the prize to you.
So that any claims made by a competition participant can be verified, participants' data is stored for six months after the competition and then erased.
This does not apply if you have separately given your express consent to the use of the aforementioned personal data and any other personal data for marketing (emails, newsletters etc.) or other purposes.
Naturally, participation in a competition and the related collection of data are voluntary. For more detailed information, see our terms of participation for each competition.
f.) When you place an order in the familia online shop
Müesli, merchandise and a range of other products can be purchased from the familia online shop.
To place an order, you can either set up a login or check out as a guest. If you create an account, you can set a password. If you visit our online shop again in future, you can log in with your username and password. Your password is encrypted and cannot be accessed by us.
The following details are needed for the purposes of registration and order shipping:
We use the personal data collected when you register and place an order for the sole purpose of processing your order properly. This data processing is carried out on the basis of our legitimate interest in processing your order.
If you have an account, your personal data and order data will be stored in your customer account. You can view and edit the data at any time.
You can object to the data being used for the above purpose at any time. You can send a notice of your withdrawal of consent to the address provided in section 1.
You can close your customer account at any time as soon as you have no outstanding orders. You can send your request to the address provided in section 1.
For more information about the online shop, see the GTCs for our online shop.
g.) When customer data is used for marketing purposes
We reserve the right to process your personal data for other purposes. However, we will inform you before we do so and, if necessary, will obtain your consent.
We will also use your personal data for the following purposes:
You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. You can send your objection to the address provided in section 1.
h.) When we provide other services
Additionally, we will process your personal data to the extent necessary in each case in order to perform our contractual or pre-contractual services for you, and to perform any other services you request. The services will always be performed on your direct behalf. As such, data will be collected from you personally or in consultation with you.
The personal data processed includes:
All personal data is collected from the data subject personally or in consultation with them.
The personal data will be deleted once it is no longer needed to comply with contractual or legal obligations; the need to retain the data is checked at irregular intervals.
i.) Product reviews and satisfaction surveys
From time to time, we conduct surveys on our products and services so we can improve the customer experience and respond to customer needs. To do so, we need your name or a pseudonym; this is displayed along with your country of origin.
You can object to the data being used for the above purpose at any time. You can send a notice of your withdrawal of consent to the address provided in section 1.
j.) Application process
If you apply for a job with us, we process the personal data we receive from you during the application process. This includes:
In addition, we process all the paperwork you submit in conjunction with your application, such as your cover letter, CV, references, certificates, diplomas and other documents provided. Furthermore, you can send us additional information on a voluntary basis.
This data is stored, evaluated, processed or transmitted only as part of your application. Besides this, we can process your personal data for statistical purposes (e.g. reporting). In this case, however, conclusions cannot be drawn about an individual.
We use a service provider to process applications; this service provider ensures that personal data is processed securely and confidentially. To this end, you need to set up a user account and provide your email address and a password. If you have not logged in to your user account for more than six months, we will delete this, and all the data it contains, with irrevocable effect.
Data obtained from applications will be stored in our system for four months after the application, so that we can respond to any queries. After this point, your content data (but not your user account) will be automatically anonymised.
Your applicant data is stored separately from the other user data and is not combined with it.
Our (pre-)contractual obligations during the application process and our legitimate interest in processing your application serve as the legal basis for the processing of your applicant data.
However, you can object to this data processing at any time and withdraw your application. Please send your objection/withdrawal to the address provided in section 1.
If we conclude an employment contract with you, the data transmitted will be used to fulfil the employment relationship in compliance with the legal requirements.
We will delete this data after three years if you have given us your consent to store your details for the purposes of further application processes with us and contacting you in the future if needed. You can withdraw this consent at any time. Please address your withdrawal to the address provided in section 1 or to the email address specified in the job advertisement.
Cookies are used with the aim of improving your experience when using our website. We use session cookies to detect that you have already visited individual pages on our website. Session cookies are deleted automatically once you leave our site.
We also use temporary cookies to optimise the usability of the website. These cookies are stored on your device for a fixed period of time. If you visit our website again to use our services, the fact that you previously visited and what details and settings you used will be automatically detected so that you do not need to enter these details again.
If these cookies contain personal data, their use is based on our legitimate interests. Our interest in the specified purposes, and particularly in optimising our website, is legitimate within the meaning of the above-mentioned regulation.
Most browsers are set to accept cookies by default. If you do not want this, you can set your browser to inform you whenever cookies are set and enable you to accept cookies only in specific cases, or to block all cookies in general. You can also set your browser to clear the cookies automatically whenever you close the window. Furthermore, you can erase cookies that are already on your computer at any time using a browser or other software. The necessary steps to manage and erase cookies depend on the browser you use. For guidance, please refer to the help menu in your browser.
The links below provide information about how to change the cookie settings in the most commonly used browsers:
We use the services of SWAT.IO ("The Socialists" Social Software Development GmbH, Andreasgasse 6, Top 1, 1070 Vienna). We use the SWAT.IO social media management tool to ensure consistent management of our social media profiles and activities. Each individual interaction we have with users is automatically recorded, which allows us to respond quickly and efficiently to customer queries. We can also filter mentions of our company or products on the social media platforms we use and contact the specific users concerned or target them with content. This gives us a detailed insight into customer opinions. The tool also enables us to create our own campaign pages and to show personalised, interest-based ads and measure results.
The collected data will only be processed in an anonymised format unless an exemption applies. You can find more information at https://swat.io/en/legal/
Our use of SWAT.IO is for the aforementioned purposes. Data is processed outside of and separately from our corporate website and social media page, and we are therefore not able to make any statement regarding the lawfulness of the processing performed by SWAT.IO.
If you object to the use of your data by SWAT.IO, require information on the data stored or would like to exercise one of your other rights, please contact SWAT.IO by email at firstname.lastname@example.org. You can find further information on data protection at SWAT.IO here (https://swat.io/en/legal/).
a.) Google services
We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA or, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’):
By its own admission, Google can process personal data for advertising products in any country where Google or its sub-processors have facilities. Information on the locations of Google’s data centres can be accessed via www.google.com/about/datacenters/locations/.
Google may use the following sub-processors: https://business.safety.google/adssubprocessors/. Google ensures that it adheres to a suitable level of data protection by relying on the EU’s standard contractual clauses (see https://business.safety.google/processorterms/).
Google Analytics 4
Our website uses Google Analytics 4, a web analytics service provided by Google that makes it possible to analyse your use of our website.
Google Analytics 4 anonymises IP addresses by default. This means that Google shortens your IP address within Switzerland or the EU/EEA before it is transmitted. Only in exceptional cases is the full IP address sent to a Google server and shortened there.
We have concluded a data processing agreement with Google to ensure that our website visitors’ data is protected and not disclosed to unauthorised third parties. Google uses the European Commission’s standard contractual clauses when transmitting data to the USA, with the aim of ensuring compliance with the European level of data protection. Additional legal information on Google Analytics 4, including a copy of the standard contractual clauses, can be found here.
Demographic details: Google Analytics 4 uses the specific ‘demographic details’ feature to generate statistics on the age, gender and interests of website visitors. This occurs through the analysis of advertising and information from third-party providers. In turn, this enables target audiences to be identified for marketing activities. However, the data that is collected cannot be allocated to a specific person and is deleted once it has been stored for two months.
Google Signals: This website can use Google Signals to expand Google Analytics 4 and enable cross-device reports to be created. If you have opted in to personalised ads and linked your device to your Google account, Google can analyse your cross-device usage behaviour for the use of Google Analytics 4 and generate database models, including on cross-device conversions. We do not receive personal data from Google, just statistics. If you want to stop cross-device analysis, you can deactivate the ‘personalised ads’ feature in the settings of your Google account. To do so, follow the instructions on this page.
UserIDs: The website can use the UserIDs feature to supplement Google Analytics 4. If you have set up an account on this website and log into this account on various devices, your activities, including conversions, can be analysed across devices.
Google uses this information to evaluate your [pseudonymous] use of our website, compile reports on website activity and provide us with other services relating to website activity and internet usage. According to Google, your IP address sent by your browser through Google Analytics will not be associated with any other data held by Google. When you visit our website, your user behaviour in the form of events (e.g. page visits, purchasing activities incl. sales, interaction with the website or your click path) and other data such as your approximate location (country and city), technical information on your browser and the end devices you use or the referrer URL, i.e. the website/advertising medium via which you accessed our website, is recorded.
If you enable cookie storage, Google Analytics will keep your data for two months. Once this period has expired, the relevant data will be automatically deleted. An overview of the data used in Google Analytics and the measures taken by Google to protect your data can be found on the Google Analytics help website.
Google Tag Manager
We use Google Tag Manager to integrate Google analytics and marketing services into our website and manage them. Google Tag Manager is a solution that enables us to manage website tags from a dashboard. The tool itself which implements the tags is a cookie-free domain and does not collect any personal data. However, the tool activates other tags which may in turn collect data. However, Google Tag Manager does not access such data itself.
If you have deactivated cookies at domain or cookie level, the deactivation will also apply to all tracking tags implemented with Google Tag Manager.
In some cases, our website uses script and font libraries (Google Fonts) to display our content correctly and in a visually appealing manner on all browsers. Google Fonts are downloaded to your browser cache so that you do not have to load them repeatedly. If your browser does not support Google Fonts or if it blocks access, content will be displayed in a standard font.
Accessing script or font libraries automatically establishes a connection to the operator of the library. When this happens, it is theoretically possible for Google to collect personal data (such as your IP address) and transmit it to the USA.
We also use Google Ads conversion tracking to record and analyse statistics on our website and to optimise the content we offer you. Google Ads sets a cookie on your device if you get to our website by clicking on a Google advertisement.
These cookies deactivate after 30 days and are not used for the purpose of personal identification. If you visit certain pages of the website of a Google Ads customer and the cookie is still valid, Google and the customer can recognise that you clicked on the ad and were redirected to that page.
Every Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of Google Ads customers. The information collected by the conversion cookie helps Google Ads customers who have opted to use conversion tracking to compile conversion statistics. The Google Ads customers find out how many users have clicked on their ad and have been directed to a page with a conversion tracking tag. However, they do not receive any information that would enable them to identify the individual user.
We use Google Ads to reach users who have already visited our website. This way, we can show our adverts to target groups who have already shown an interest in our products or services.
You can object to personalised advertising by Google. To do so, you must open the link https://adssettings.google.com and save your preferred settings in every browser you use.
b.) Moat Analytics
Our website uses the service Moat Analytics / Moat Ads from Oracle America, Inc., 500 Oracle Parkway, CA 94065 Redwood Shores, USA, email: email@example.com, website: https://www.oracle.com/. Data is processed on the basis of our legitimate interest.
Through the MediaMath service, we can collect data from you on the website and evaluate the data in order to send you personalised adverts.
Our website uses plugins from the AddThis service, which is operated by AddThis, LLC, 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182, USA (‘AddThis’). AddThis provides website creation and design tools (www.addthis.com) designed to make it easier for visitors to the website to share the current page with other users by email or on social networks. You can identify the plugins by the ‘Tweet’, ‘Email’, ‘LinkedIn’ and ‘g+1’ buttons embedded on some pages of our website.
We do not process the data in question or share the data with third parties. Furthermore, you can object to the collection and storage of data by AddThis at any time, with future effect, by downloading an opt-out cookie. To do so, visit http://www.addthis.com/privacy/opt-out.
d.) Adobe Analytics (Omniture)
Our website uses Adobe Analytics (Omniture), a web analytics service provided by Adobe Inc., 345 Park Avenue, San Jose, California 95110-2704, USA or, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Adobe Systems Software Ireland Limited, Ireland, 4–6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland (‘Adobe’).
Adobe Marketing Cloud makes it possible to analyse visitor traffic on the website. The analyses allow for instant analysis of visitor traffic. User behaviour is displayed in such a way that we gain an overview of online user activity on our website. For that purpose, data is displayed on interactive dashboards and converted into reports. As a result, it is possible for us to receive information in real time and identify emerging problems more quickly. Compliance with data protection regulations remains our top priority, however.
The collected data is not personal in nature, and is merely used to generate anonymised user profiles for the purposes of optimising and improving our website.
This evaluation requires cookies to be installed on your computer. The information collected this way is stored on Adobe servers, including in the USA. We have configured the servers to ensure that the information sent to Adobe is anonymised before it is geolocated. The information is anonymised by replacing the last octet of the IP address. Additionally, we have implemented settings to anonymise your IP address before it is processed for geolocation and coverage measurement respectively.
Adobe will use this information to evaluate your use of our website, compile reports on website activity and provide us with other services relating to website activity and Internet usage. Your IP address sent by your browser through Adobe Analytics will not be associated with any other data held by Adobe.
You can change the settings in your browser to block the cookies. However, please note that you might not be able to use all features of our website if you do so. Furthermore, you can prevent Adobe from collecting and processing data by clicking on the opt-out button at https://www.adobe.com/uk/privacy/opt-out.html to install an opt-out cookie. If you clear the cookies from your system, you will have to open the link and click on the button again to install a new opt-out cookie.
For more information about data processing and data protection at Adobe, visit http://www.adobe.com/uk/privacy/policy.html.
e.) Meta Custom Audiences and Lookalike Audiences
Our website uses Meta Custom Audiences and Meta Lookalike Audiences from the social network Meta, 1601 South California Avenue, Palo Alto, CA 94304, USA (‘Meta’) (formerly Facebook). These services allow us to deliver personalised, interest-based ads on Facebook and Instagram to specific groups of visitors to our website who also use Facebook.
You can object to our use of Meta Custom Audiences and Meta Lookalike Audiences at any time by sending a notice to the address provided in section 1.
You can also object to the use of the Custom Audiences and Lookalike Audiences services on the Meta website. After logging in to your Meta account, go to the settings for Facebook ads.
We use Hotjar, a service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com). Hotjar is a tool for analysing user behaviour on our website. It enables us to record data such as your mouse and scroll movements and clicks. Hotjar can also determine how long your mouse pointer remained on a particular area. It uses this information to create heatmaps to show which website areas website visitors like to look at the most.
In addition, we can determine how long you stayed on a page and when you left it. We can also tell when you stopped inputting information into a contact form (known as ‘conversion funnels’).
Furthermore, Hotjar can be used to obtain feedback from website visitors directly. This feature serves to improve the website operator’s offering on the website.
In particular, cookies can determine whether our website was accessed with a certain end device or whether Hotjar features were deactivated for the relevant browser. Hotjar cookies remain on your end device until you delete them. Hotjar states that it stores users’ IP addresses in anonymous form. To this end, it only collects the first three octets of the IP address, so it can determine the user’s country. It does not store the remaining characters. In addition, Hotjar states that it stores all the data it obtains on servers in Ireland.
We have concluded a data processing agreement with Hotjar to impose Europe’s strict data protection requirements.
If you would like to opt out of data collection by Hotjar, click the link below and follow the instructions on that page: https://www.hotjar.com/opt-out.
Please note that you need to deactivate Hotjar separately for each browser or end device.
Data that you enter when you visit our pages on social media platforms, such as comments, images, videos, likes, public posts and contact details, is processed and published by the respective social media platform. The privacy policies of the social media platform operators describe the collection and storage of your data, as well as the nature and purpose of the use of your data by these platform operators. These privacy policies can be accessed via the following links:
We use the data that you enter when you visit our pages on social media platforms for the following purposes:
Our website merely incorporates these plugins as an external link. Therefore, your personal data will not be processed until you click on the embedded plugins. You will then be redirected to that provider’s page. We have no control over the nature and scope of the data collected by the social networks. If you do not want these providers to obtain your data, please do not click on the plugins.
We process data on the grounds of your consent, the performance of a contract and our legitimate interests. Our legitimate interest consists in our interest in public relations and communication.
As a rule, we treat your personal data as confidential and will only disclose it if you have given your express consent, we have a legal obligation or right to do so or the disclosure is necessary in order to assert our rights, especially to enforce claims arising from the contractual relationship.
In addition, we will share your personal data with third parties if it is necessary or prudent to do so for the purposes of using the website or providing any services you have requested (including outside of the website).
We will share your personal data with the following categories of recipient:
It goes without saying that we adhere to the legal regulations concerning the disclosure of personal data to third parties when we share data with third parties. Where we use processors to provide our services, we take suitable legal precautions and implement appropriate technical and organisational measures to protect your personal data in a manner consistent with the relevant statutory regulations.
We primarily process and store personal data in Switzerland and the European Economic Area (EEA). However, depending on the situation, data could be processed and stored in any country in the world, e.g. via our service providers’ sub-contractors or in the case of proceedings involving foreign courts or authorities.
If we share personal data with third parties abroad (i.e. outside of Switzerland and the European Economic Area (EEA)), we ensure that the third parties are subject to the same data protection obligations as we are. If the country in question does not have an adequate level of data protection, but we do not have a suitable alternative, we ensure that your personal data is afforded an adequate level of protection.
We ensure this by concluding standard contractual clauses from the EU Commission (accessible here) with the relevant companies and/or by entering into other guarantees that align with the applicable data protection legislation. Where this is not possible, we base the transmission of data on the necessity of disclosure for the performance of a contract.
We will only process and store your personal data for the necessary period of time to accomplish the stated purpose, or where we are required to do so by laws or regulations to which we are subject. If the purpose for which the data were collected ceases to exist or if a prescribed retention period expires, your data will be blocked or erased routinely and in line with the statutory regulations.
Additionally, we will delete your data if you ask us to do so and we have no legal or other duty to retain or back up the personal data in question.
We take technical and organisational security precautions to protect your data against manipulation, loss, destruction or hacking, and to guarantee the protection of your rights and compliance with the relevant data protection regulations.
The measures we have implemented are designed to ensure the confidentiality and integrity of your data as well as the availability and resilience of our systems and services when we process your data. Furthermore, their purpose is to ensure that the availability of your data can be quickly restored and to provide access to the data in the event of a physical or technical incident.
We use the widespread TLS (Transport Layer Security) process on our website in combination with the highest level of encryption supported by your browser, which is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. The key or padlock symbol in the status bar of your browser shows you whether pages on our website are using encrypted data transmission.
The protection of our own internal data is also very important to us. Our employees, volunteers and service providers are under the obligation to maintain confidentiality and adhere to the provisions of the data protection legislation. Furthermore, they are only granted access to personal data to the necessary extent.
You have the following rights with regard to your personal data:
We need to identify you (e.g. with a copy of your ID document, if required) to prevent data from being used unlawfully.
Please note that these rights are subject to conditions, exceptions and restrictions (e.g. to protect third parties, to preserve business secrets or to uphold our professional duty of confidentiality).
For enquiries regarding your rights, please contact the address provided in section 1 or the following email address: firstname.lastname@example.org.
Furthermore, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of personal data relating to you infringes the data protection regulations.
The latest version at the time of use always applies. We reserve the right to revise this privacy statement at any time.