General data protection declaration of THE SMELL & TASTE LAB Sàrl

1. What is the purpose of this data protection declaration?

Data protection is a top priority for THE SMELL & TASTE LAB Sàrl (hereinafter referred to as “TSTL” or “we”, “us” or “our”). That’s why we take the protection of your personal data very seriously. In this data protection declaration, we explain how we collect and process personal data. It is by no means an exhaustive description; where applicable, other data protection declarations (e.g. our data protection declaration for employees) or any general terms and conditions or contracts regulate specific facts relating to data protection.
Personal data” refers to data relating to an identified or identifiable natural person (art. 5 let. a DPA). Processing” refers to any operation relating to personal data, regardless of the means and procedures used, in particular the collection, recording, storage, use, modification, communication, archiving, erasure or destruction of data (art. 5 let. d DPA). For ease of reference, we use the general term “data” to refer to “personal data” or “personal data”.
If you do not agree with this declaration, you must refrain from accessing the website and from using or requesting our services and products.

2. Who is responsible for processing your data?

THE SMELL & TASTE LAB Sàrl, rue Cramer 6, 1202 Geneva, is responsible for the data processing described in this data protection declaration.
You can contact us for any queries relating to data protection and the exercise of your rights in accordance with article 12 below at the following address:

THE SMELL & TASTE LAB Sàrl

Rue Cramer 6

1202 Genève

contact@thestlab.com

3. What data do we process and for what purposes?

a) In general

We primarily process personal data that we receive from our customers and other business partners in the course of our business relationships, as well as from other persons involved in these relationships, or that we collect from our users in the course of operating our website and any other applications.

b) Technical data

We collect and store technical information that your browser automatically transmits to us in “server log files” (log files) when you visit our website (www.thesmellandtastelab.com). This includes the following data:
– browser type and version
– operating systems used;
– referrer URL (the previously visited website);
– host name of the computer accessing the site;
– date and time of server request;
– IP address ;
– quantity of data transmitted;
– other data and similar information used for risk prevention in the event of an attack on our computer systems.

To ensure the functionality of our website, we may also assign you or your terminal an individual code (e.g. in the form of a cookie – see our cookie policy). In principle, technical data cannot be used to deduce your identity. It is deleted by us after 3 to 6 (three to six) months at the latest.

We use technical data for the following purposes:
– to enable the display, operation and functioning of the website;
– to ensure system stability and security;
– improve and protect our services and products;
– for statistical purposes in the event of an attack on the network infrastructure on which the site is made available.

c) Personal data voluntarily provided by you

We collect and process the data you voluntarily submit to us via an online form directly on our website, via our contact e-mail address, in the context of competitions, via any other applications linked to our website, by telephone or in any other way. This information includes the following personal data:
– Contact e-mail address: e-mail address and any information provided by the contact; Company…
As a general rule, we do not keep this data for more than 5 (five) years from the last contact with you, or at least from the end of our contractual relationship. This period may be longer insofar as it is necessary for reasons of proof or compliance with legal or contractual requirements, or for technical reasons.

We use the data you voluntarily provide for the following purposes:
– to offer you our services and/or products in the best possible way and to provide you with information about them;
– to establish, manage and execute contractual relations (e.g. when purchasing products);
– to process your complaints and provide you with a satisfactory response;
– for marketing and customer relationship management purposes. This takes the form, for example, of sending you our newsletter or other regular contacts (by e-mail, post, telephone, etc.), other channels for which we have your contact details, but also as part of individual advertising campaigns (e.g. events, competitions, prize draws, etc.) and may also involve free services (e.g. invitations, vouchers, free samples, etc.);

– to offer you new services and information and to provide you with personalized services and information that may be of interest to you;
– to carry out market research, to improve our services or products and to develop new products and/or services;
– to comply with legal or other regulatory requirements, or with our internal rules;
– to justify, exercise and/or defend actual or potential legal claims, as well as to exercise our rights in any proceedings or investigations of any kind whatsoever;
– for other legitimate purposes, if the processing in question arises from the circumstances or was indicated at the time of collection.

d) Personal data of business partners and contractual data

As part of our collaboration with business partners, we process the personal data of end users and contact persons at customers, prospects, distributors, suppliers and partners (hereinafter individually referred to as “business partner”):
– first and last name, contact details (such as: business address, telephone number, cell phone number, e-mail address), date of birth, customer history, powers of attorney, signature authorizations and declarations of consent ;
– organizational information, including position, function and company name;
– payment and bank details, such as information needed to process payment transactions or prevent fraud, including credit card information and card verification numbers;
– data relating to the conclusion or execution of a contract, for example: data relating to contracts and services to be provided or supplied, as well as data relating to the phase prior to the conclusion of a contract, data necessary or used for the purposes of its execution, including data relating to possible reactions or returns (for example: complaints, data relating to satisfaction, etc.) ;
– other information whose processing is necessary in the context of a project or the management of a contractual relationship with us, or which is provided voluntarily by business partners (for example: in connection with orders placed, requests for information or project details);
– personal data collected from publicly available sources (including corporate or professional social networks and websites), public registers, information databases or credit bureaus; and
– information legally required as part of compliance processes, such as: date of birth, nationality, place of residence, identity card numbers, information relating to relevant legal proceedings and other disputes involving business partners.

As a general rule, we retain such data for 10 (ten) years from the last exchange with the business partner concerned, but at the very least from the end of the corresponding contractual relationship. This period may be longer insofar as this is necessary for reasons of proof, compliance with legal or contractual requirements, or for technical reasons. For contacts of a purely marketing and advertising nature, the period is normally shorter, generally not more than 5 (five) years from the last contact.

We process this data for the following purposes:
– to communicate with business partners about products, services and projects (for example: to process business partner requests or provide technical information about products or services) ;
– to plan, execute and manage the (contractual) business relationship between the business partner and us (for example: to process orders for products and services, to collect payments, for accounting and billing purposes, and to carry out deliveries, maintenance activities or repairs);
– to create a personal profile containing business information about interactions between you and us, in order to provide you and the company you work for with relevant information and tailored service and product offers, and to improve our personal communications with you;

– for marketing and customer relationship management purposes. This may take the form, for example: of sending our newsletter or other regular contacts (by e-mail, post, telephone), other channels for which we have your contact details, but also as part of individual advertising campaigns (e.g. events, competitions, prize draws, etc.) and may also involve free services (e.g. invitations, vouchers, free samples, etc.) ;
– to carry out market research, improve our services or products and develop new products;
– to maintain and protect the security of our products and services and of our website, and to prevent and detect security risks, fraudulent activities or other criminal or malicious activities;
– to comply with any legal requirements (e.g. tax and commercial data retention obligations) or regulatory requirements (e.g. industry standards), as well as to meet any compliance requests (in particular to prevent economic crime or money laundering);
– to resolve disputes, enforce existing contracts and assert, exercise and defend our legal rights and claims;
– to substantiate, exercise and/or defend actual or potential legal claims, as well as to exercise our rights in any proceedings or investigations whatsoever;
– for other legitimate purposes, if the processing in question arises from the circumstances or was indicated at the time of collection.

e) Processing of personal data in connection with job applications

If you apply for a vacancy with us, we process your personal data as specified in the data protection declaration of the chosen application platform or in accordance with our data protection declaration for employees (available on request by contacting us using the contact details given in point 2).

4. On what basis do we process your data?

The processing of the data mentioned in point 3 is based on the following legal grounds:
– your consent (e.g. when you subscribe to our newsletter and other marketing communications). You can revoke your consent at any time by sending us written notification (by post) or, unless otherwise indicated or agreed, by e-mail, which will be effective for the future; you will find our contact details in point 2 above. Upon receipt of your withdrawal of consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis. Withdrawal of your consent does not affect the lawfulness of processing carried out on the basis of that consent up to the time of withdrawal;
– for the conclusion, management or performance of a contract with you or with the intention of concluding a contract with you (for example: when purchasing a product or service);
– to protect our legitimate interests (for example: the marketing of our products and services; the interest in better understanding our markets and in managing and developing our business, including its operations, in a safe and efficient manner; the protection and security of our services, systems, assets; compliance with legal, regulatory and contractual obligations; the establishment, exercise or defense of legal rights and claims) ;
– to meet obligations imposed by law or the authorities (e.g. in connection with investigations or legal proceedings, requests from tax or customs authorities, etc.).

5. No profiling

We do not make decisions about you on the basis of automated processing of your data that would have legal effects on you.

6. To whom do we transfer your data?

We may transfer your data to the following categories of potential recipients, in accordance with the purposes and legal bases described above:
– TSTL branches and/or affiliates ;
– service providers: who process personal data on our behalf and according to our instructions (e.g. IT, hosting and support service providers, shipping companies, advertising service providers, etc.);

– customers, contractors, suppliers;
– public authorities: we may transmit personal data to administrations, courts and other authorities in Switzerland and abroad if we are legally obliged or authorized to do so, or if it seems necessary to protect our interests;
– acquirers or persons interested in acquiring business units, companies or other parts of TSTL;
– Other persons: These are other cases where the involvement of third parties arises from the purposes described in point 3 above. For example: benefit recipients, associations of which we are a member, the media, etc.

All these categories of recipients may in turn call on third parties, so that your data may also be accessible to them. We may restrict processing by certain third parties (e.g. IT service providers), but not others (e.g. authorities, banks, etc.).

7. Is your data transferred abroad?

The personal data mentioned in point 3 and processed by us is stored in Switzerland. However, as indicated in point 6, the processing of your data may require it to be transferred to third parties. These third parties are not necessarily all located in Switzerland. It is therefore possible that some of your data may be transferred abroad.

If data is transferred to a country that does not offer an adequate level of data protection, we will ensure that the recipient or our partners and service providers undertake to comply with the European Union’s standard contractual clauses before the data is transferred, if necessary with additional measures.

We would also like to inform you that, due to technical rules intrinsically linked to the operation of the network, it cannot be ruled out that the transmission of personal data via the Internet between persons or entities located in the same country may transit through other countries. Such transits are beyond our control.

If you would like further information on our security measures concerning data transfers abroad, please contact us at the address given in point 2.

8. How long do we keep your data?

As a general rule, we process your data for as long as required by the purposes for which it is to be processed, or as long as storage is technically necessary. In addition, we process and store personal data for a longer period if we are obliged to do so (e.g. due to legal or contractual retention and documentation obligations) or if we have a legitimate interest in doing so (e.g. for evidentiary reasons, to assert, exercise or defend legal claims until the expiry of the statute of limitations, which is generally five to ten years).

In addition, the specific storage and processing periods for the various categories of data are set out in point 3 above and in our cookie policy respectively.

If there is no legal or contractual obligation to do so, we will delete or anonymize your data after the storage or processing period has expired in accordance with our usual procedures.

9. Security

TSTL has taken organizational, technical and legal measures to ensure the security and confidentiality of your data. These measures aim to protect your data against unauthorized or illegal processing, accidental loss, alteration, disclosure or unauthorized access. These measures are taken according to the risks presented to you by the processing carried out and the sensitive or non-sensitive nature of the data concerned. We are constantly striving to improve these measures in order to preserve the security of your personal data.

Please note that e-mail is not a secure means of communication. If you choose to communicate personal data (in particular sensitive data) with TSTL, such communication takes place under your own and sole responsibility. We therefore assume that persons who communicate with TSTL by e-mail agree to this method of communication and consent to the use of e-mails by TSTL to respond to their inquiries and other requests.

We may use external service providers to collect and process your data. However, they are obliged to comply strictly with our instructions when processing your personal data. Moreover, they are themselves legally bound to take adequate security measures to guarantee the security and confidentiality of your data.

10. Third-party privacy statements

Please note that by clicking on a link to a third-party site (such as Google, social networks or other websites), you will be redirected to a site that we do not control. In such cases, our privacy statement no longer applies. Your activities and interactions on another website are subject to the individual terms of use, declarations and data protection policies of the relevant third-party provider. Furthermore, we cannot guarantee the accuracy of these external links.

We strongly encourage you to carefully read the terms of use and data protection statements of other websites before providing any personal information through them. Please note that we cannot be held responsible in any way for the information and processing of your personal data on these third-party sites.

11. Data relating to children

Our website is designed and intended primarily for adults. We do not knowingly collect personal data from children under the age of 16, unless we have obtained the prior explicit consent of their legal representative.

12. What are your rights?

Data protection law gives you the right, under certain conditions, to object to certain processing of your data or to request that it be restricted.

To enable you to exercise due control over the processing of your personal data by us, you have the following rights:
– the right to request information about your personal data processed by us, and a copy of said data;
– the right to ask us to correct or complete your data if it is incorrect or incomplete;
– the right to ask us to delete your data, unless a legal basis or our legitimate interest obliges or authorizes us to retain your data for longer;
– the right to ask us to restrict the processing of your data;
– the right to withdraw consent insofar as this concerns processing for which your consent was required;
– the right to notify us at any time of your opposition to any further processing, unless, for example, a legal basis or our legitimate interest obliges or authorizes us to continue the processing;
– the right to request your data in a portable format when your data is processed automatically, on the basis of your consent or a contract.

If you wish to exercise the aforementioned rights against us, please contact us in writing or by e-mail at the address given in point 2. In order to prevent misuse, we must be able to identify you (e.g. by means of a copy of your identity card, unless you can be identified in some other way). Please note that the exercise of your rights may be subject to conditions, exceptions or limitations under applicable data protection legislation.
Where you wish to dispute the way in which we process your data or your request to exercise your rights, respectively to lodge a denunciation or complaint you may contact the Federal Data Protection and Information Commissioner (FDPIC) in Bern (where the processing in question falls under the DPA) or a supervisory authority in an EEA country (where the processing falls under the RGPD).

13. Changes to our privacy policy

We reserve the right to adapt, as necessary, this data protection declaration at any time. The version published on this website will always be considered the current version.

Last update: November 15, 2023