6.1 What data do we collect from you and from whom do we receive this data?

Primarily, we process personal data that you provide to us or that we collect during the operation of our website. Occasionally, we also receive personal data about you from third parties. This can include the following categories:

• Personal details (name, address, date of birth, etc.);
• Contact details (mobile number, email address, etc.);
• Financial data (e.g., account details);
• Online identifiers (e.g., cookie ID, IP addresses).

6.2 Under what conditions do we process your data?

We process your data in good faith and according to the purposes outlined in this privacy policy. We ensure transparent and proportionate processing.

If we are exceptionally unable to adhere to these principles, data processing can still be lawful if there is a justification. Possible justifications include:

• Your consent;
• The performance of a contract or pre-contractual measures;
• Our legitimate interests, provided your interests do not outweigh them.

6.3 How can you withdraw your consent?

If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have another justification.

You can withdraw your consent at any time by sending an email to the address provided in the imprint. Previously conducted data processing is not affected by the withdrawal.

6.4 In which cases can we share your data with third parties?

a. General Principle We may need to use the services of third parties or affiliated companies and assign them to process your data (so-called processors). Categories of recipients include:

• Accounting, fiduciary, and auditing companies;
• Consulting firms (legal advice, taxes, etc.);
• IT service providers (web hosting, support, cloud services, web design, etc.);
• Payment service providers;
• Providers of tracking, conversion, and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection requirements and treat your personal data confidentially.

In some cases, we may also be required to disclose your personal data to authorities.

b. Disclosure to Partners and Cooperating Companies We sometimes work with different companies and partners who post their offers on our website. It is recognizable to you as a third-party offer (marked as “advertisement”).

If you take advantage of such an offer, we will transmit your personal data to the respective partner or cooperating company (e.g., name, function, communication, etc.) whose offer you want to use. These partners and cooperating companies are independently responsible for the received personal data. After the data transmission, the privacy policies of the respective partners apply.

c. Visiting Our Social Media Channels We have embedded links to our social media channels on our website. This is visible to you (typically through corresponding symbols). Clicking on the symbols will redirect you to our social media channels.

In this case, the social media providers learn that you are accessing their platform from our website. The social media providers can use the collected data for their own purposes. We point out that we have no knowledge of the content of the transmitted data and their use by the operators.

d. Data Transfer Abroad In some cases, your personal data may be transferred to companies abroad as part of order processing. These companies are obligated to data protection to the same extent as we are. The transfer can take place worldwide.

If the level of data protection does not match that of Switzerland, we conduct a preliminary risk assessment and ensure contractually that the same level of protection as in Switzerland is guaranteed (e.g., using the new standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we take additional technical measures to protect your data. You can retrieve the standard contractual clauses of the EU Commission under the following link.

6.5 How long do we keep your data?

We store personal data only as long as necessary to fulfill the purposes for which the data was collected.

Data that we store during your visit to our website are kept for twelve months. An exception applies to analysis and tracking data, which can be stored longer.

We store contract data longer, as we are legally required to do so. We must keep business communication, concluded contracts, and booking records for up to 10 years. If we no longer need such data from you for service provision, the data will be locked and used only for accounting and tax purposes.

6.6 How do we protect your data?

We will store your data securely and take all reasonable measures to protect your data from loss, access, misuse, or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it will be necessary to forward your requests to affiliated companies. Even in these cases, your data will be treated confidentially.

Within our website, we use the SSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser.

6.8 What rights do you have?

a. Right of Access You can request information about the data we have stored about you at any time. Please send your information request along with proof of identity to info@beach-pharmacy.com.

You also have the right to receive your data in a common file format if we process your data automatically and if:

• You have given your consent for the processing of these data; or
• You have disclosed the data in connection with the conclusion or execution of a contract.

We can restrict or deny the information or data release if it conflicts with our legal obligations, legitimate own or public interests, or the interests of a third party.

Processing your request is subject to the legal processing period of 30 days. However, we may extend this period due to high request volumes, legal or technical reasons, or because we need more information from you. You will be informed of the extension in a timely manner, at least in text form.

b. Deletion and Correction You can request the deletion or correction of your data at any time. We may deny the request if legal regulations require us to retain the data longer or unchanged, or if there is a legal basis opposing your request.

Please note that exercising your rights may conflict with contractual agreements and have corresponding impacts on contract execution (e.g., early contract termination or cost consequences).

c. Legal Recourse If you are affected by the processing of personal data, you have the right to enforce your rights legally or file a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch.

7.1 Provision of the Website and Creation of Log Files

What information do we receive and how do we use it?
By visiting beach-pharmacy.com, certain data is automatically stored on our servers or on servers of services and products we obtain and/or have installed for system administration, statistical, security, or tracking purposes. This includes:

• The name of your internet service provider;
• Your IP address (possibly);
• The version of your browser software;
• The operating system of the computer used to access the URL;
• The date and time of access;
• The website from which you visited the URL;
• The search words you used to find the URL.

Why are we allowed to process this data?
This data cannot be assigned to a specific person, and there is no merging of this data with other data sources. The log files are stored to ensure the functionality of the website and to ensure the security of our IT systems. This constitutes our legitimate interest.

How can you prevent data collection?
The data is only stored for as long as is necessary to achieve the purpose of its collection. Accordingly, the data is deleted at the end of each session. The storage of log files is essential for the operation of the website, so you have no opportunity to object.

7.2 Web Beacons

How do web beacons work?
We may use web beacons on our website. Web beacons, also known as tracking pixels, are small, typically invisible images that are automatically retrieved when you visit our website. Web beacons, including those from third parties whose services we use, can collect the same information as server log files. We use them for the same purposes as log files—you cannot prevent data collection.

7.3 Evaluations

Your personal data may be automatically processed to evaluate certain personal aspects. Such evaluations are used to inform and advise you specifically about certain services or products from us. To this end, we use evaluation tools that enable us to communicate according to needs and to take appropriate advertising measures, including market and opinion research.

7.4 Contact

Contact Form What information do we receive and how do we use it?
You can contact us via an electronic contact form on our website. The data you provide in the input form, such as your name and email address, is transmitted to us and stored.

Why are we allowed to process this data?
The justification is the performance of pre-contractual measures and our legitimate interest in processing the request.

Email What information do we receive and how do we use it?
You can contact us via email. If you do, the following data will be processed:

• Email address;
• Content, subject, and date of your email;
• Contact details you provide (e.g., name, phone number, address).

Why are we allowed to process this data?
Your information is stored to process the request and for follow-up questions. The justification is pre-contractual measures or our legitimate interest in processing the request.

Security Note Please note that emails can be read or altered unauthorized and unnoticed during transmission. Emails may be rejected by the spam filter if they are identified as spam.

7.5 Success and Reach Measurement

How does success and reach measurement work?
Our notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked. These web links and tracking pixels can also capture the usage of notifications and communications personally.

Why are we allowed to process this data?
We need this statistical recording of usage for success and reach measurement to provide notifications and communications effectively and user-friendly, permanently, securely, and reliably, based on the needs and reading habits of the recipients.

7.6 Cookies

How do cookies work?
Our website uses cookies. Cookies are data sets that are stored on your device’s operating system via the browser when you visit our website. Cookies do not harm your computer and do not contain viruses.

What information do we receive and how do we use it?
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies allow us to recognize your browser on your next visit. As a result, we can save certain settings (such as language settings or location data) so that you do not have to re-enter them every time you visit the website.

Why are we allowed to use cookies?
We use cookies to make our website more user-friendly, effective, and secure. The use of cookies and the processing of your data in this regard are based on our legitimate interest in the aforementioned purposes.

How can you prevent data collection via cookies?
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. You can delete them completely or deactivate or restrict their transmission by changing the settings in your browser. If you deactivate cookies for our website, you may no longer be able to use all the functions of the website fully.

7.7 reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow St, Dublin 4, Ireland, with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, collectively referred to as “Google.”

What data do we process?
Google reCAPTCHA is a verification service for websites to distinguish human users from bots. Specifically, the following information may be collected:

• IP address
• Technical information such as browser, operating system, or screen resolution
• Interactions with the CAPTCHA

The IP address is anonymized by Google reCAPTCHA so that it is no longer possible to associate it with a person. When a visitor first visits our website, Google reCAPTCHA can generate an ID to recognize the visitor on a subsequent visit.

For what purpose do we process the data?
The IP address is processed to analyze the visitor’s rough location and to prevent potentially suspicious activity, such as recognizing IP addresses associated with spam or other unwanted behavior. Technical information is processed to adjust the CAPTCHA to the device or browser and to detect deviations from usual usage behavior. Interactions with the CAPTCHA are processed to record behavior patterns to distinguish human behavior from automated bots. The goal of Google reCAPTCHA is to protect input forms from bots and spam while reliably allowing inputs from humans. The data collected is not used to identify you personally.

To whom do we pass on the data?
Our data sharing follows our explanations on data sharing. As Google is a transnational company, your data can be transferred worldwide by Google. Specifically, it can be transferred to the USA to Google’s headquarters, a country where the legislation does not ensure adequate data protection.

7.8 PrivacyBee

We use PrivacyBee on our website, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland. PrivacyBee is used to recognize all privacy-relevant services and generate an individual privacy policy for the website.

What data do we process?
PrivacyBee is a service for generating privacy policies, which is then integrated into our website via JavaScript. The following data is processed for providing this service:

• IP address
• Browser type and version
• Operating system
• Date and time of access to our privacy policy

For what purpose do we process the data?
Collecting this data enables us to correctly display the privacy policy on your device configuration and ensure the contents are accurate and up-to-date.

To whom do we pass on the data?
Our data sharing follows our explanations on data sharing. The data collected through the use of PrivacyBee remains with PrivacyBee.

How can you prevent the processing of your data?
To prevent the processing of your data by PrivacyBee, you can disable JavaScript in your browser. However, please note that if you disable JavaScript, not all functions of our website may be fully usable. We do not offer a specific opt-out option for the PrivacyBee service itself as it is essential for providing our privacy policy.