1. Data protection policy

This data protection policy describes how Theia Group and its daughter companies (Hader Solutions & Distribution Ltd & HL Technology SA) collect, use and protect your personal data. This policy follows the European Data Protection Regulation (RGPD) and the Swiss Data Protection Act (LPD).

2. What are personal data

This is any data relating to an identified or identifiable individual or associated or associable with an individual. This means that data that directly identifies you, such as your name, is personal data. Data that does not identify you personally, but can reasonably be used to identify you, such as personal telephone number, personal e-mail address are also personal data. Company-related data (company e-mail, company number) are not personal data.

3. What personal data we collect and where it comes from

The data collected by the Theia Group is gathered either through direct communication (e.g. exchange of business cards), through social networks, or through information entered when requesting information on the website.

These data are:

Contact details: First name, last name, private address (if required for commercial purposes), e-mail (company or private), telephone number (if required for commercial purposes).

Image: Image of persons

Payment data: Data linked to your private bank account (if required in the commercial exchange).

As mentioned above, company-related information (company bank account, company contact details, company telephone number) does not form part of personal data.

4. Purpose of personal data collection and use

The purpose of retrieving this data is to manage:

Relations between Theia Group companies and their stakeholders. Which involves:

  • Prospecting
  • Market analysis
  • Invoicing
  • Communication (e-mails, minute-meetings, etc.)
  • Support
  • Contract definition
  • Product delivery


For quality management purposes, in particular:

  • Product traceability
  • Documentary validation

    For marketing purposes:
  • Communication on social networks / website (as agreed between the parties)

 

The companies of the Theia Holding Group do not use systems that make automated individual decisions that may have a significant effect (particularly legal or economic) on you. 

5. Personal data received from other sources

Personal data may be collected via social networks. The management of data collected by these platforms is defined in the personal data management policy of each site.

6. Transfer of personal data

Your personal data is intended for the authorized staff of the Theia Group and its subsidiaries, its subcontractors, or customers when they are involved in achieving the purposes mentioned above. Your data may be communicated to:

Service providers. Theia Group may engage third parties to act as service providers and perform certain tasks on its behalf. These may include the transportation of products sold by Theia Group companies. Or the processing and storage of data, including personal data, in connection with your use of our services and the delivery of products. Theia Group service providers are obliged to process personal data in accordance with the Data Protection Act.

Customer. Theia Group sells medical products worldwide. In this context, the Group's companies are obliged to provide proof of traceability of the products manufactured to customers. Only personal data required for traceability compliance is provided.

7. Transfer of personal data abroad

We work with service providers and partners abroad and may therefore transmit certain personal data to them when circumstances so require, e.g. to provide proof of product traceability, to manage non-conformity or to send quality documents.

We also use cloud services provided by foreign service providers. We endeavor to store data in Switzerland, but sometimes this is not possible. In such cases, we give preference to European Union countries and countries offering an adequate level of protection.

We therefore transfer personal data:

  • Switzerland or Ireland, as we are economically active there;
  • In Europe and the United Kingdom, notably for technical or operational reasons;
  • Worldwide for product traceability purposes.

 

8. Personal data protection

The Theia Group uses administrative, physical, and technical security measures to protect your personal data, taking into account the nature and processing of personal data, as well as threats. We are constantly seeking to improve these security measures in order to guarantee the safety of your personal data.

Your personal data is stored in accordance with EN ISO 13485 regulations for traceability management. This corresponds to 15 years after the last device has been placed on the market. Some data may be kept longer, depending on applicable regulations.

9. Your privacy rights

Concerning your personal data, you have the right to:

  • Request information about your personal data processed by us, and a copy of said data;
  • Ask us to correct or complete incorrect or incomplete data;
  • Ask us to delete your data, unless a legal basis or our legitimate interest obliges or authorizes us to retain your data;
  • Ask us to restrict the processing of your data, if permitted by law;
  • Tell us at any time to revoke your consent to the processing of data for which your consent has been requested;
  • Ask us not to use your personal data for promotional and advertising purposes. You may at any time refuse the processing of your personal data for promotional or advertising purposes;
  • Ask us for your data in a portable format when your data is processed automatically, on the basis of your consent or a contract;
  • Contact a data protection supervisory authority;

 

To assert your rights, please contact request (at) theia-holding.ch, specifying which right you wish to assert.