Privacy Statement of the Neuroth Group
For us – the Neuroth Group* – the trust that our customers and business partners place in us is essential, which is why we pay great attention to a secure and sensitive handling of your data.
Consequently, the following principles apply to the Neuroth Group:
- The legal requirements for data protection are consistently implemented.
- We adhere to the international standards of information security.
- We attach great importance to ensuring that our guidelines on data protection are transparent and comprehensible to all those concerned.
Naturally, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (TCA) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR). We process your personal data exclusively in accordance with applicable regulations. This website is operated by
Neuroth Hörcenter AG
Alpenstrasse 15, 6300 Zug
VAT No.: CHE-107.418.051. Neuroth Hörcenter AG is therefore to be regarded as the data controller of this website.
The masculine form used in this statement for the purpose of better readability always refers to both genders.
- Objective and scope of this Privacy Statement
In particular with regard to the respect of private and family life, everyone has the right to confidential treatment of personal data to the extent that there is a legitimate interest to protect it.
This Privacy Statement is binding for all employees of the Neuroth Group and comes into force upon adoption and publication by the Neuroth Group’s management. It applies to the handling of all personal data, in particular data relating to customers and business partners.
- Lawfulness of data processing
Processing of personal data is lawful only if and to the extent that at least one of the following applies:
- The data subject has given consent.
- Processing of data is necessary to take certain steps prior to entering into a contract or for the performance of a contract.
- Processing is ordered or permitted by a legal provision.
- Processing serves to protect a legitimate interest, e.g. the enforcement of open claims. This does not apply if there is an indication that interests of the data subject worthy of protection outweigh the interest in the processing, especially if the data subject is a child. This must be examined individually for each processing procedure.
Only employees of the Neuroth Group who have been explicitly entrusted with the collection, processing or use of certain personal data are authorised to do so within the scope of fulfilling their tasks.
Any employee of the Neuroth Group is strictly forbidden from using personal data for private purposes or from making it available to any unauthorised person.
- Contract data processing
In the case of data processing by order, a processor (formerly “service provider”) is commissioned to carry out the data processing without being assigned responsibility for the associated business process. Therefore, the following measures must be followed when placing an order:
- Prior to a contractual agreement, it must be verified whether the contractor can guarantee the organizational requirements and security measures necessary for the processing.
- A written contract is required in which the conditions regarding data protection and information security as well as relevant rights of control are agreed upon. In particular, it must be established that the data may only be processed in accordance with the client’s instructions.
- Transfer of personal data
The transfer of personal data to a third party requires a legal basis. This may also result from the fulfilment of a contractual obligation towards the data subject or from consent granted by the data subject. Prior to the transfer of data, appropriate data protection and information security measures must be ensured and agreed with the recipient.
For data protection purposes, other Group companies are considered to be third parties.
Any transfer to governmental institutions or authorities shall be made exclusively on the basis of the relevant legal provisions.
- Rights of data subjects
As a data subject, you have a right to information at the time of data collection.
5.1. Information about the collection and processing of your data
We process such personal data that you have made available to us as a user of our website and/or as a customer and/or as an interested party, for example in the context of an inquiry or registration or in the context of the conclusion of a contract. The following personal data are processed by us:
Customer master data:
Title, first name, surname, date of birth, AHV (social security) number, address (postcode, city, mailing address), e-mail address, telephone contact details (private/office), social insurance carrier, supplementary insurance
Other business contact details (press distribution list / suppliers / service providers):
Title, first name, surname, date of birth, address (postcode, city, mailing address), e-mail address, telephone contact details (private/office), media outlet, department, company, function, main topics covered (health/chronicle, business/careers, all mailings)
Other data (customer file):
Contact person, legal representative, loan agreement and date of purchase, service date, job description, offers, customer letters, service and repair work, data in connection with the customer loyalty programme “Customers refer friends” – if you participate in it, advertising consent data as well as other data that you have communicated to us separately.
Other personal data, especially data of special categories (sensitive data):
Medical orders or findings, fitting report, biometric data collected during hearing tests and impression taking.
The processing of your personal data is carried out due to and in connection with the fulfilment of the contract in the course of the adaptation and production of medical aids (hearing aids, hearing protection, visual aids or similar) as well as the fulfilment of the contract in the course of the purchase and sale of such products, including accessories and various services by the Neuroth Group. This also includes the processing of your personal data in connection with the billing of services to the respective social insurance carriers.
This data processing is based on the following legal grounds:
- the consent you have granted us in accordance with Art. 6 para. 1 (a) GDPR as an interested party in the context of a registration for our offer and/or
- your data disclosure or the (biometric) data collected in the course of an adaptation of our products (hearing tests and measurements, eye tests etc.), so that we can process your order and continue to support you to your fullest satisfaction, as well as in the context of the contract initiation and fulfilment pursuant to Art. 6 para. 1 (b) GDPR and/or
- legal obligations pursuant to Art. 6 para. 1 (c) GDPR, which we must fulfil, such as legally required retention and documentation obligations, implementation and administration of accounting arrangements with social welfare agencies and/or
- marketing and advertising as per Art. 6 para. 1 (f) GDPR (legitimate interest), so that we can provide you as a customer with the best possible service at all times and offer our services and products.
We will only pass on or transfer personal data to third parties if this is necessary for the purpose of executing the contract or for invoicing purposes or if you as a user of our website and/or interested party and/or customer have given your prior consent.
Stored personal data will be deleted if you, as a user of our website and/or interested party and/or customer, revoke your consent to data processing, if your data is no longer required to fulfil the purpose for which it was stored, or if the storage of your data is or becomes inadmissible for other legal reasons. Data for accounting purposes, bookkeeping purposes and to comply with other legal obligations (documentation obligation in the health sector) are not affected by a request for deletion.
Note on data processing in the context of the purchase of products and goods (especially regarding our online store): There is no obligation to provide us with the personal data that we ask you for. However, if you do not provide your personal data, you will not be able to use all the functions of the online store, nor will you be able to order goods or services from our online store. Should the provision of your data be legally binding in certain cases, we will inform you of this separately.
5.2. Disclosure of data and transfer
Your data will be disclosed to external institutions in accordance with the statutory regulations for the settlement of accounts with social insurance carriers. If necessary and in case of need, your personal data will furthermore be disclosed to the authorities, and in case of dispute also to legal representatives and the courts.
Furthermore, your data will be transferred to the following companies or institutions on the basis of the stated legal grounds for the stated purposes:
- Sub-contractors for the production of the medical aids, provided that your data cannot at least be pseudonymised, in connection with the fulfilment of the contract pursuant to Art. 6 para. 1 (b) GDPR,
- Your employer in connection with protective regulations under labour law, e.g. hearing protection, and thus due to legal obligations pursuant to Art. 6 para. 1 (c) GDPR,
- Doctors and other health care professionals (nursing homes, etc.) for the purpose of fulfilling legal obligations pursuant to Art. 6 para. 1 (c) GDPR, in particular the obligation to retain records, documentation, etc.,
- Marketing agencies for advertising purposes from and in connection with the fulfilment of the contract or if you have provided us with an advertising consent form,
- IT service providers employed by us
Regarding the online store: Transfer of data to the transport company commissioned with the delivery of goods (logistics company or delivery service provider), to companies belonging to our group or to the financial service provider, as far as the transfer is necessary for the delivery of goods or for payment purposes. The legal basis for the transfer of data is Art. 6 para. 1 (b) GDPR. As a matter of principle, your personal data will not be transferred to a third country or to an international organisation, unless this organisation provides appropriate guarantees to the Neuroth Group regarding compliance with the provisions of the GDPR.
Should any of the above recipients be located outside your country or process your personal data there, the following applies: The level of data protection in other countries may not be the same as in your country. However, we will only transfer your personal data to countries for which the European Commission has decided that they offer an adequate level of data protection. Alternatively, we will take measures to ensure that all recipients have an adequate level of data protection. For example, we conclude standard contract clauses (2010/87/EC and/or 2004/915/EC) for this purpose.
5.3. Data storage, data access and data security
Your data will be stored in personal form until the end of the business relationship or until the expiration of the warranty, guarantee, statute of limitations and statutory storage and documentation obligations applicable to us; furthermore, until the end of any legal disputes in which your data is required as evidence.
Access to your data is granted to the persons within our company who are involved in the handling and the process. These include in particular:
- the specialist institute or hearing centre or branch office serving you, as well as our service centre,
- marketing and customer service,
- production and operations,
- accounting and billing; and
- controlling, if applicable.
Your data is protected against unauthorized access by encrypted transmission, encrypted storage, a role authorisation concept, a data backup concept and physical protection measures for the servers. These security measures are continuously revised according to technological developments. Special rules and guidelines, to which all employees of the Neuroth Group must adhere, apply to mobile devices owned by the Neuroth Group.
5.4. Assertion of your rights as a data subject
As a data subject, you are entitled to the rights and remedies set forth below. To assert your rights and if you have any questions, please contact
Neuroth Hörcenter AG
Alpenstrasse 15, CH-6300 Zug
Alternatively, you can also contact our data protection officer:
Mag. Philip Neubauer
Am Eisernen Tor 2/II, A- 8010 Graz
It may be necessary for you to prove your identity to us in a suitable form in order to prevent unauthorised third parties from being given information about your data and/or unauthorised changes and/or unauthorised deletions being made.
In the event that you exercise your rights, we must immediately, but at the latest within one month after receipt of your request, comment on or respond to your request or announce whether and why the period for comment is extended to two months.
a) Right of access
Upon request, we must inform you whether we process any of your personal data.
b) Right to rectification and erasure
Should your data processed by us not be correctly recorded, please inform us so that we can immediately correct and/or complete and/or restrict it.
In the event that you no longer wish us to process your data, we kindly request that you inform us. We will, of course, delete your data immediately and inform you accordingly. If mandatory legal and in particular statutory reasons prevent deletion, we will inform you of this immediately.
c) Right to restriction
You can request that we restrict the processing of your data if
- you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data,
- the processing of the data is unlawful, but you refuse to have it deleted and instead demand a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
d) Right to data portability
Upon your request, we will transfer the personal data collected from you to a third party that you have indicated to us, in which case the data will be transferred in a commonly used electronic format.
e) Right to object
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. We will subsequently no longer process your personal data, unless we can prove compelling reasons for the necessity of processing which are more important than your interests, rights and freedoms or the data processing serves the assertion, exercise or defence of our legal claims.
You may object at any time with effect for the future, especially with regard to data processing for the purpose of direct marketing.
f) Right to lodge a complaint
If you are of the opinion that in processing your data we are violating Swiss or European data protection law, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to lodge a complaint with the Swiss data protection authorities.
- Use of the Neuroth Group’s web pages
Simply viewing the Neuroth Group web pages does not result in us storing any personal data about you. If any personal data are collected on our website, this will, to the extent possible, always be on a voluntary basis. Please read the following privacy notice. Keep in mind that you can prevent the storage of cookies yourself and that you can delete any cookies which have already been set at any time, if you wish to do so. If necessary, you can also make use of your options to prevent or restrict the use and processing of data by third parties.
a) (Online) input forms
You can see from the respective input forms available on our web pages which data you are providing to us. Accordingly, we collect, process and store personal data from you (such as your name, address, telephone number, customer number or email address) in the following cases:
- if you participate in a raffle, so that we can send you a prize,
- when you register for a hearing test, in order to contact you to make an appointment,
- when you order goods or products via our online store,
- if you subscribe to our newsletter so that we can inform you about topics related to better hearing and/or hearing protection as well as about the companies of the Neuroth Group.
Certain applications temporarily log your IP address. It is not possible for us to link your IP address to other personal data, except in the cases described above where you yourself have provided us with your data.
All data entered by you in (online) forms will be transmitted to and stored on a NEUROTH Group server. By sending such forms, you grant us your permission to contact you by e-mail or in other ways, if so indicated by you, for the stated purpose.
In connection with the newsletter registration using the newsletter registration form and the newsletter dispatch, your e-mail data will be forwarded to the e-mail marketing provider “eworx Network & Internet GmbH”, Hanriederstrasse 25, 4150 Rohrbach-Berg, Austria. This data is stored and processed solely for the purpose of sending customized and relevant content to the recipients. This data is processed exclusively within the European Union or Switzerland in accordance with EU data protection regulations.
The legal basis for the processing of data in connection with the newsletter is Art. 6 para. 1 (a) GDPR.
A cookie is a data file which, if permitted by your browsing preferences, is stored on your computer when you visit our web pages or perform certain actions. Cookies contain information that we have sent to your computer and save certain settings and data that are exchanged with our system via your browser.
We use so-called session cookies that are stored during your visit to our web pages and then deleted when you end your browser session. We also use permanent cookies that stay on your computer or end device even after you have ended your browser session. Permanent cookies contain an identification number with which we can identify your computer. We can then use these to improve our services when you visit our web pages again. It is not possible for us to link personal data to this identification number.
We also use both cookies provided by us (first-party cookies) and cookies provided by third parties (third-party cookies).
We use our cookies to process data on the following legal grounds and for the following purposes:
- We use all other cookies based on your consent.
A revocation of consent has no influence on the legality of the processing of data that took place on the basis of your consent prior to your revocation.
Please note, however, that certain cookies are required to guarantee basic functions of the web pages. Some of our web pages may not work properly if you do not accept cookies.
Below, you will also learn how you can prevent certain cookies from being set.
c) Use of data in respect of Facebook services
Facebook is a service offered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304 – USA. Headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 – Ireland
d) Conversion measurement with the Facebook pixel / Facebook Custom Audiences
We use the Facebook Pixel provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. This enables us to track the activity of our users after they have seen or clicked on a Facebook advertisement and to assess the effectiveness of Facebook advertising for statistical and market research purposes. Data collected in this way is anonymous and does not give us access to personal information about individual users. However, this data is stored and processed by Facebook, which we inform you about according to our state of knowledge. Facebook is able to link such data with your Facebook account and use it for its own promotional purposes, in accordance with the Facebook data use policy https://m.facebook.com/about/privacyshield/. It is open to you to allow Facebook and its affiliates to place advertisements on Facebook and elsewhere. To this end, a cookie may also be installed on your computer.
This consent may only be given by users who are older than 13 years of age. If you are younger than this, we suggest you seek advice from your parents or guardians. Please click here, if you wish to withdraw your consent: https://www.facebook.com/settings?tab=ads
We also use the Custom Audiences function provided by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA, on our website, specifically the “Custom Audiences from File” procedure. As the recipient of a newsletter, your e-mail address is uploaded to Facebook in encrypted form. This helps us to determine the recipient of our Facebook ads and to ensure that the ads are displayed only to those who are interested. We have no influence on the quantity, quality or storage duration of the transferred data. Facebook may pass on your data to third parties. Facebook is a participant of the Privacy Shield Agreement and is certified for data processing according to European standards. You can deactivate Facebook Custom Audiences by logging onto your Facebook account and setting this under the following link: https://www.facebook.com/settings/?tab=ads#.
- Facebook Pixel: https://www.facebook.com/business/help/651294705016616
Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google”) has agreed to comply with the Privacy Shield Agreement published by the US Department of Commerce between the EU and the United States on the collection, use and storage of personal data from the Member States of the EU. Google, including Google Inc. and its wholly owned subsidiaries in the United States, has declared by means of certification (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) that it complies with the relevant principles of the Privacy Shield. This applies to all Google services listed below.
g) Doubleclick by Google
h) Conversion Tracking
Our web pages also use Google Conversion Tracking, in which Google Adwords sets a cookie on your computer if you have been directed to our web pages via a Google ad. These cookies lose their validity after 30 days and are not used to acquire personal identification data. If a user visits a particular page of our website and if the cookie has not yet expired, we and Google will be able to see that the user clicked on the advertisement and has been forwarded to that page. Each Google AdWords client is allocated a different cookie, and so cookies cannot be tracked via AdWords clients’ websites. Information collected by conversion cookies is used to provide aggregate conversion statistics to AdWord clients who use conversion tracking. AdWords clients are informed about the total number of users who have clicked on the advertisement and have been forwarded to a page with a conversion tracking tag. However, they do not receive any information enabling them to identify individual users. If you do not wish to participate in the tracking procedure, you also have the option to reject the placement of the cookie necessary for this procedure by changing your browser settings to deactivate the automatic placement of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”. Google’s privacy statement on conversion tracking can be found here (http://www.google.com/intl/de/policies/privacy/).
Our web pages use AdRoll retargeting technology (AdRoll, 972 Mission St, 3rd Floor, San Francisco, CA 94103, USA.) This makes it possible to specifically target Internet users who have already shown an interest in our website and offers with advertising. We know from studies that displaying personalised advertising tailored to the interests of the Internet user is more appealing than advertising that does not have such a personal connection. In the case of retargeting, advertising is displayed on the basis of a cookie-specific analysis of prior user behaviour. It goes without saying that no personal data will be stored in this context either and that the retargeting technology will be used in compliance with the applicable statutory data protection regulations.
You can find out more about the privacy statement and policy in general and opt out of the anonymous analysis of your surfing behaviour. To do so, please follow this link: http://www.adroll.com/about/privacy.
j) Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and make it possible to analyse your use of this website. We process your data on the basis or our overriding legitimate interest in creating website access statistics that are cost-efficient and easy to use (Art. 6 para. 1 (f) GDPR).
The information about your use of this website generated by the cookie (including your IP address and the URLs of the websites you visit) is transferred to a Google server in the United States and stored there. We do not store any of your data that is collected in connection with Google Analytics.
This website uses the possibility of IP anonymisation offered by Google Analytics (anonymizeIP code). Your IP address is therefore truncated/anonymised by Google as soon as Google receives your IP address. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide further services to the website operator in connection with website and Internet use. Google Analytics will not associate any IP address transmitted by your browser with any other data held by Google.
We use the following Google Analytics functions for display advertising, i.e. for remarketing, reports on impressions in the Google Display Network and Google Analytics reports on performance by demographic characteristics and interests. You can deactivate Google Analytics for display advertising or adjust the advertising on the Google Display Network by going to Display Settings, or by using the Ads Preferences Manager.
You may prevent the storage of cookies by adjusting your browser software accordingly; however, please note that in this case you may not be able to take advantage of the full functionality of this website. Moreover, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent data collection by Google Analytics by visiting the following website and downloading the browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie is placed that prevents your data from being collected when you visit this website in the future. If you do not wish to accept cookies in general, please change your browser settings accordingly. Please note that this may limit the functionality of the website.
- Organization of data protection within the Neuroth Group
Each board member or managing director of the Neuroth Group companies is responsible for ensuring that within the respective company personal data is processed in accordance with data protection regulations.
For the operative implementation of data protection within the Neuroth Group, there is a Group Data Protection Coordinator as well as a Data Protection Advisory Board, which consists of representatives from the areas of IT, Production or Operations, Human Resources, Sales and Legal Support.
The core tasks of the data protection division include:
- implementation of preventive measures, e.g. training and guidelines,
- data protection management, i.e. ensuring that operating processes comply with data protection regulations,
- responding to requests from authorities,
- handling all customer inquiries regarding data protection,
- audits and controls from a data protection perspective.
Compliance with the data protection guidelines and the applicable data protection laws is reviewed regularly. Improper collection, processing or use of personal data will be sanctioned.
This Privacy Statement will be published on the Internet as well as the Neuroth Group Intranet and is effective from 17 May 2018. We will always keep the Privacy Statement up to date. We therefore reserve the right to change it from time to time and to make subsequent changes in the collection, processing or use of your data. The current version of the Privacy Statement is always available on the Internet and the Neuroth Group Intranet.
* Companies of the Neuroth Group:
- Neuroth AG
- Neuroth Hörcenter GmbH
- Audio lab Austria GmbH
- Neuroth Hörakustik Anstalt
- Neuroth Hörcenter AG
- NEUROTH trgovina d.o.o.
- NEUROTH slusni aparati d.o.o.
- NEUROTH slusna pomagala d.o.o.
(As at 10 June 2020)