Data Protection Statement of Labro AG

Ver­sion ef­fect­ive as of 5th of Janu­ary 2024

With this Data Pro­tec­tion State­ment we, the Labro AG (here­in­after Labro AG, we or us), de­scribe how we col­lect and fur­ther pro­cess per­son­al data. This Data Pro­tec­tion State­ment is not ne­ces­sar­ily a com­pre­hens­ive de­scrip­tion of our data pro­cessing. It is pos­sible that other data pro­tec­tion state­ments or Gen­er­al Terms and Con­di­tions, Con­di­tions of Par­ti­cip­a­tion or sim­il­ar doc­u­ments are ap­plic­able to spe­cif­ic cir­cum­stances.

The term "per­son­al data" in this Data Pro­tec­tion State­ment to shall mean any in­form­a­tion that iden­ti­fies, or could reas­on­ably be used to identi­fy any per­son.

If you provide us with per­son­al data of other per­sons (such as fam­ily mem­bers, work col­leagues), please make sure the re­spect­ive per­sons are aware of this Data Pro­tec­tion State­ment and only provide us with their data if you are al­lowed to do so and such per­son­al data is cor­rect.

This Pri­vacy No­tice is aligned with the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion («GDPR»), the Swiss Data Pro­tec­tion Act («DPA») and the re­vised Swiss Data Pro­tec­tion («re­vDPA»). How­ever, the ap­plic­a­tion of these laws de­pends on each in­di­vidu­al case.

Con­trol­ler / Data Pro­tec­tion Of­ficer / Rep­res­ent­at­ive

The "con­trol­ler" of data pro­cessing as de­scribed in this data pro­tec­tion state­ment (i.e. the re­spons­ible per­son) is Labro AG. You can no­ti­fy us of any data pro­tec­tion re­lated con­cerns using the fol­low­ing con­tact de­tails:

Labro AG
Ham­mer­gut 9
6330 Cham

Our rep­res­ent­at­ive in the EEA ac­cord­ing to art. 27 GDPR is: Da­mi­en Rot­tet, da­mi­en@la­

Col­lec­tion and Pro­cessing of Per­son­al Data

We primar­ily pro­cess per­son­al data that we ob­tain from our cli­ents and other busi­ness part­ners as well as other in­di­vidu­als in the con­text of our busi­ness re­la­tion­ships with them or that we col­lect from users when op­er­at­ing our web­sites, apps and other ap­plic­a­tions.

In­so­far as it is per­mit­ted to us, we ob­tain cer­tain per­son­al data from pub­licly ac­cess­ible sources (e.g., debt re­gisters, land re­gis­tries, com­mer­cial re­gisters, press, in­ter­net) or we may re­ceive such in­form­a­tion from af­fil­i­ated com­pan­ies of Labro AG, from au­thor­it­ies or other third parties (such as e.g., cred­it rat­ing agen­cies, list brokers). Apart from data you provided to us dir­ectly, the cat­egor­ies of data we re­ceive about you from third parties in­clude, but are not lim­ited to, in­form­a­tion from pub­lic re­gisters, data re­ceived in con­nec­tion with ad­min­is­trat­ive or court pro­ceed­ings, in­form­a­tion in con­nec­tion with your pro­fes­sion­al role and activ­it­ies (e.g., in order to con­clude and carry out con­tracts with your em­ploy­er), in­form­a­tion about you in cor­res­pond­ence and dis­cus­sions with third parties, cred­it rat­ing in­form­a­tion (if we con­duct busi­ness activ­it­ies with you per­son­ally), in­form­a­tion about you given to us by in­di­vidu­als as­so­ci­ated with you (fam­ily, con­sult­ants, legal rep­res­ent­at­ives, etc.) in order to con­clude or pro­cess con­tracts with you or with your in­volve­ment (e.g. ref­er­ences, your de­liv­ery-ad­dress, powers of at­tor­ney), in­form­a­tion re­gard­ing legal reg­u­la­tions such as anti-money laun­der­ing and ex­port re­stric­tions, bank de­tails, in­form­a­tion re­gard­ing in­sur­ances, our dis­trib­ut­ors and other busi­ness part­ners for the pur­pose of or­der­ing or de­liv­er­ing ser­vices to you or by you (e.g., pay­ments made, pre­vi­ous pur­chases), in­form­a­tion about you found in the media or in­ter­net (in­so­far as in­dic­ated in the spe­cif­ic case, e.g. in con­nec­tion with job ap­plic­a­tions, media re­views, mar­ket­ing/sales, etc.), your ad­dress and any in­terests and other socio-demo­graph­ic data (for mar­ket­ing pur­poses), data in con­nec­tion with your use of our web­sites (e.g., IP ad­dress, MAC ad­dress of your smart­phone or com­puters, in­form­a­tion re­gard­ing your device and set­tings, cook­ies, date and time of your visit, sites and con­tent re­trieved, ap­plic­a­tions used, re­fer­ring web­site, loc­al­iz­a­tion data).

Pur­pose of Data Pro­cessing and Legal Grounds

We primar­ily use col­lec­ted data in order to con­clude and pro­cess con­tracts with our cli­ents and busi­ness part­ners, as well as in order to com­ply with our do­mest­ic and for­eign legal ob­lig­a­tions. You may be af­fected by our data pro­cessing in your ca­pa­city as an em­ploy­ee of such a cli­ent or busi­ness part­ner.

In ad­di­tion, in line with ap­plic­able law and where ap­pro­pri­ate, we may pro­cess your per­son­al data and per­son­al data of third parties for the fol­low­ing pur­poses, which are in our (or, as the case may be, any third parties') le­git­im­ate in­terest, such as:

  • provid­ing and de­vel­op­ing our products, ser­vices and web­sites, apps and other plat­forms, on which we are act­ive;
  • com­mu­nic­a­tion with third parties and pro­cessing of their re­quests (e.g., job ap­plic­a­tions, media in­quir­ies);
  • re­view and op­tim­iz­a­tion of pro­ced­ures re­gard­ing needs as­sess­ment for the pur­pose of dir­ect cus­tom­er ap­proach as well as ob­tain­ing per­son­al data from pub­licly ac­cess­ible sources for cus­tom­er ac­quis­i­tion;
  • ad­vert­ise­ment and mar­ket­ing (in­clud­ing or­gan­iz­ing events), provided that you have not ob­jec­ted to the use of your data for this pur­pose (if you are part of our cus­tom­er base and you re­ceive our ad­vert­ise­ment, you may ob­ject at any time and we will place you on a black­list against fur­ther ad­vert­ising mail­ings);
  • mar­ket and opin­ion re­search, media sur­veil­lance;
  • as­sert­ing legal claims and de­fense in legal dis­putes and of­fi­cial pro­ceed­ings;
  • pre­ven­tion and in­vest­ig­a­tion of crim­in­al of­fences and other mis­con­duct (e.g. con­duct­ing in­tern­al in­vest­ig­a­tions, data ana­lys­is to com­bat fraud);
  • en­sur­ing our op­er­a­tion, in­clud­ing our IT, our web­sites, apps and other ap­pli­ances;
  • ac­quis­i­tion and sale of busi­ness di­vi­sions, com­pan­ies or parts of com­pan­ies and other cor­por­ate trans­ac­tions and the trans­fer of per­son­al data re­lated thereto as well as meas­ures for busi­ness man­age­ment and com­pli­ance with legal and reg­u­lat­ory ob­lig­a­tions as well as in­tern­al reg­u­la­tions of Labro AG.

If you have given us your con­sent to pro­cess your per­son­al data for cer­tain pur­poses (for ex­ample when re­gis­ter­ing to re­ceive news­let­ters or car­ry­ing out a back­ground check), we will pro­cess your per­son­al data with­in the scope of and based on this con­sent, un­less we have an­oth­er legal basis, provided that we re­quire one. Con­sent given can be with­drawn at any time, but this does not af­fect data pro­cessed prior to with­draw­al.

Cook­ies / Track­ing and Other Tech­niques Re­gard­ing the Use of our Web­site

We typ­ic­ally use "cook­ies" and sim­il­ar tech­niques on our web­sites, which allow for an iden­ti­fic­a­tion of your browser or device. A cook­ie is a small text file that is sent to your com­puter and auto­mat­ic­ally saved by the web browser on your com­puter or mo­bile device, when you visit our web­site. If you re­vis­it our web­site, we may re­cog­nize you, even if we do not know your iden­tity. Be­sides cook­ies that are only used dur­ing a ses­sion and de­leted after your visit of the web­site ("ses­sion cook­ies"), we may use cook­ies in order to save user con­fig­ur­a­tions and other in­form­a­tion for a cer­tain time peri­od (e.g., two years) ("per­man­ent cook­ies"). Not­with­stand­ing the fore­go­ing, you may con­fig­ure your browser set­tings in a way that it re­jects cook­ies, only saves tem for one ses­sion or de­letes them pre­ma­turely. Most browsers are pre­set to ac­cept cook­ies. We use per­man­ent cook­ies for the pur­pose of sav­ing user con­fig­ur­a­tion (e.g., lan­guage, auto­mated log in), in order to un­der­stand how you use our ser­vices and con­tent, and to en­able to show you cus­tom­ized of­fers and ad­vert­ise­ment (which may also hap­pen on web­sites of other com­pan­ies; should your iden­tity be known to us, such com­pan­ies will not learn your iden­tity from us; they will only know that the same user is vis­it­ing their web­site has pre­vi­ously vis­ited a cer­tain web­site). Cer­tain cook­ies are sent to you from us, oth­ers from busi­ness part­ners with which we col­lab­or­ate. If you block cook­ies, it is pos­sible that cer­tain func­tions (such as, e.g., lan­guage set­tings, shop­ping bas­ket, or­der­ing pro­cesses) are no longer avail­able to you.

In ac­cord­ance with ap­plic­able law, we may in­clude vis­ible and in­vis­ible image files in our news­let­ters and other mar­ket­ing e-mails. If such image files are re­trieved from our serv­ers, we can de­term­ine wheth­er and when you have opened the e-mail, so that we can meas­ure and bet­ter un­der­stand how you use our of­fers and cus­tom­ize them. You may dis­able this in your e-mail pro­gram, which will usu­ally be a de­fault set­ting.

By using our web­sites and con­sent­ing to the re­ceipt of news­let­ters and other mar­ket­ing e-mails you agree to our use of such tech­niques. If you ob­ject, you must con­fig­ure your browser or e-mail pro­gram ac­cord­ingly.

We may use Google Ana­lyt­ics or sim­il­ar ser­vices on our web­site. These are ser­vices provided by third parties, which may be loc­ated in any coun­try world­wide (in the case of Google Ana­lyt­ics Google Ire­land Ltd. (loc­ated in Ire­land), Google Ire­land re­lies on Google LLC (loc­ated in the United States) as its sub-pro­cessor (both «Google»), and which allow us to meas­ure and eval­u­ate the use of our web­site (on an an­onym­ized basis). For this pur­pose, per­man­ent cook­ies are used, which are set by the ser­vice pro­vider. We have con­figured the ser­vice so that the IP ad­dresses of vis­it­ors are trun­cated by Google in Europe be­fore for­ward­ing them to the United States and then can­not be traced back. We have turned off the «Data shar­ing» op­tion and the «Sig­nals» op­tion. Al­though we can as­sume that the in­form­a­tion we share with Google is not per­son­al data for Google, it may be pos­sible that Google may be able to draw con­clu­sions about the iden­tity of vis­it­ors based on the data col­lec­ted, cre­ate per­son­al pro­files and link this data with the Google ac­counts of these in­di­vidu­als for its own pur­poses. If you have re­gistered with the ser­vice pro­vider, the ser­vice pro­vider will also know your iden­tity. In this case, the pro­cessing of your per­son­al data by the ser­vice pro­vider will be con­duc­ted in ac­cord­ance with its data pro­tec­tion reg­u­la­tions. The ser­vice pro­vider only provides us with data on the use of the re­spect­ive web­site (but not any per­son­al in­form­a­tion of you).

In ad­di­tion, we use plug-ins from so­cial net­works such as Face­book, Twit­ter, You­tube, Pin­terest or In­s­tagram on our web­sites. This is vis­ible for you (typ­ic­ally based on the re­spect­ive sym­bols). We have con­figured these ele­ments to be dis­abled by de­fault. If you ac­tiv­ate them (by click­ing on them), the op­er­at­ors of the re­spect­ive so­cial net­works may re­cord that you are on our web­site and where on our web­site you are ex­actly and may use this in­form­a­tion for their own pur­poses. This pro­cessing of your per­son­al data lays in the re­spons­ib­il­ity of the re­spect­ive op­er­at­or and oc­curs ac­cord­ing to its data pro­tec­tion reg­u­la­tions. We do not re­ceive any in­form­a­tion about you from the re­spect­ive op­er­at­or.

Data­trans­fer and Trans­fer of Data Abroad

In the con­text of our busi­ness activ­it­ies and in line with the pur­poses of the data pro­cessing set out in Sec­tion 3, we may trans­fer data to third parties, in­so­far as such a trans­fer is per­mit­ted and we deem it ap­pro­pri­ate, in order for them to pro­cess data for us or, as the case may be, their own pur­poses. In par­tic­u­lar, the fol­low­ing cat­egor­ies of re­cip­i­ents may be con­cerned:

  • our ser­vice pro­viders (with­in Labro AG or ex­tern­ally, such as e.g. banks, in­sur­ances), in­clud­ing pro­cessors (such as e.g. IT pro­viders);
  • deal­ers, sup­pli­ers, sub­con­tract­ors and other busi­ness part­ners;
  • cli­ents;
  • do­mest­ic and for­eign au­thor­it­ies or courts;
  • the media;
  • the pub­lic, in­clud­ing users of our web­sites and so­cial media;
  • com­pet­it­ors, in­dustry or­gan­iz­a­tions, as­so­ci­ations, or­gan­iz­a­tions and other bod­ies;
  • ac­quirers or parties in­ter­ested in the ac­quis­i­tion of busi­ness di­vi­sions, com­pan­ies or other parts of Labro AG;
  • other parties in pos­sible or pending legal pro­ceed­ings;

to­geth­er Re­cip­i­ents.

Cer­tain Re­cip­i­ents may be with­in Switzer­land but they may be loc­ated in any coun­try world­wide. In par­tic­u­lar, you must an­ti­cip­ate your data to be trans­mit­ted to coun­tries in Europe and the USA where our ser­vice pro­viders are loc­ated (such as Mi­crosoft, Google, Meta, etc.).

If a re­cip­i­ent is loc­ated in a coun­try without ad­equate stat­utory data pro­tec­tion, we re­quire the re­cip­i­ent to un­der­take to com­ply with data pro­tec­tion (for this pur­pose, we use the re­vised European Com­mis­sion’s stand­ard con­trac­tu­al clauses, which can be ac­cessed here:, un­less the re­cip­i­ent is sub­ject to a leg­ally ac­cep­ted set of rules to en­sure data pro­tec­tion and un­less we can­not rely on an ex­cep­tion. An ex­cep­tion may apply for ex­ample in case of legal pro­ceed­ings abroad, but also in cases of over­rid­ing pub­lic in­terest or if the per­form­ance of a con­tract re­quires dis­clos­ure, if you have con­sen­ted or if data has been made avail­able gen­er­ally by you and you have not ob­jec­ted against the pro­cessing.

Re­ten­tion Peri­ods for your Per­son­al Data

We pro­cess and re­tain your per­son­al data as long as re­quired for the per­form­ance of our con­trac­tu­al ob­lig­a­tion and com­pli­ance with legal ob­lig­a­tions or other pur­poses pur­sued with the pro­cessing, i.e. for the dur­a­tion of the en­tire busi­ness re­la­tion­ship (from the ini­ti­ation, dur­ing the per­form­ance of the con­tract until it is ter­min­ated) as well as bey­ond this dur­a­tion in ac­cord­ance with legal re­ten­tion and doc­u­ment­a­tion ob­lig­a­tions. Per­son­al data may be re­tained for the peri­od dur­ing which claims can be as­ser­ted against our com­pany or in­so­far as we are oth­er­wise leg­ally ob­liged to do so or if le­git­im­ate busi­ness in­terests re­quire fur­ther re­ten­tion (e.g., for evid­ence and doc­u­ment­a­tion pur­poses). As soon as your per­son­al data are no longer re­quired for the above-men­tioned pur­poses, they will be de­leted or an­onym­ized, to the ex­tent pos­sible. In gen­er­al, short­er re­ten­tion peri­ods of no more than twelve months apply for op­er­a­tion­al data (e.g., sys­tem logs).

Data Se­cur­ity

We have taken ap­pro­pri­ate tech­nic­al and or­gan­iz­a­tion­al se­cur­ity meas­ures to pro­tect your per­son­al data from un­au­thor­ized ac­cess and mis­use such as in­tern­al policies, train­ing, IT and net­work se­cur­ity solu­tions, ac­cess con­trols and re­stric­tions, en­cryp­tion of data car­ri­ers and trans­mis­sions, pseud­onymisa­tion, in­spec­tions.

Ob­lig­a­tion to Provide Per­son­al Data To Us

In the con­text of our busi­ness re­la­tion­ship you must provide us with any per­son­al data that is ne­ces­sary for the con­clu­sion and per­form­ance of a busi­ness re­la­tion­ship and the per­form­ance of our con­trac­tu­al ob­lig­a­tions (as a rule, there is no stat­utory re­quire­ment to provide us with data). Without this in­form­a­tion, we will usu­ally not be able to enter into or carry out a con­tract with you (or the en­tity or per­son you rep­res­ent). In ad­di­tion, the web­site can­not be used un­less cer­tain in­form­a­tion is dis­closed to en­able data traffic (e.g. IP ad­dress).

Your Rights

In ac­cord­ance with and as far as provided by ap­plic­able law (as is the case where the GDPR is ap­plic­able), you have the right to ac­cess, rec­ti­fic­a­tion and eras­ure of your per­son­al data, the right to re­stric­tion of pro­cessing or to ob­ject to our data pro­cessing, in par­tic­u­lar for dir­ect mar­ket­ing pur­poses, for pro­fil­ing car­ried out for dir­ect mar­ket­ing pur­poses and for other le­git­im­ate in­terests in pro­cessing in ad­di­tion to right to re­ceive cer­tain per­son­al data for trans­fer to an­oth­er con­trol­ler (data port­ab­il­ity). Please note, how­ever, that we re­serve the right to en­force stat­utory re­stric­tions on our part, for ex­ample if we are ob­liged to re­tain or pro­cess cer­tain data, have an over­rid­ing in­terest (in­so­far as we may in­voke such in­terests) or need the data for as­sert­ing claims. If ex­er­cising cer­tain rights will incur costs on you, we will no­ti­fy you there­of in ad­vance. We have already in­formed you of the pos­sib­il­ity to with­draw con­sent in Sec­tion 3 above. Please fur­ther note that the ex­er­cise of these rights may be in con­flict with your con­trac­tu­al ob­lig­a­tions and this may res­ult in con­sequences such as pre­ma­ture con­tract ter­min­a­tion or in­volve costs. If this is the case, we will in­form you in ad­vance un­less it has already been con­trac­tu­ally agreed upon.

In gen­er­al, ex­er­cising these rights re­quires that you are able to prove your iden­tity (e.g., by a copy of iden­ti­fic­a­tion doc­u­ments where your iden­tity is not evid­ent oth­er­wise or can be veri­fied in an­oth­er way). In order to as­sert these rights, please con­tact us at the ad­dresses provided in Sec­tion 1 above.

In ad­di­tion, every data sub­ject has the right to en­force his/her rights in court or to lodge a com­plaint with the com­pet­ent data pro­tec­tion au­thor­ity. The com­pet­ent data pro­tec­tion au­thor­ity of Switzer­land is the Fed­er­al Data Pro­tec­tion and In­form­a­tion Com­mis­sion­er (

Amend­ments of this Data Pro­tec­tion State­ment

We may amend this Data Pro­tec­tion State­ment at any time without prior no­tice. The cur­rent ver­sion pub­lished on our web­site shall apply. If the Data Pro­tec­tion State­ment is part of an agree­ment with you, we will no­ti­fy you by e-mail or other ap­pro­pri­ate means in case of an amend­ment.