Our Commitment to Privacy. DR. SCHÄR AG/S.p.A. and its parent and affiliated companies (individually and collectively, "DR. SCHÄR” or "we”) cares about your privacy. DR. SCHÄR, as data Controller (in the following referred to, and as hereafter more specifically defined and discussed, as: "Controller”) has determined to comply with GDPR 2016/679 (General Data Protection Regulation, the European regulation on personal data protection, in the following referred to as "GDPR”) as required with respect to all applicable European consumers and website users.
information about your personal data processing that are of interest for you.
2.1. The information we collect
2.2. Data provided voluntarily by users
2.3. Website browsing data
1. DATA CONTROLLER AND DATA PROCESSORS
As a result of users browsing the Website and using its
services, personal data may be processed that concern identified or identifiable
To exercise the rights provided by the law and better specified above, you can contact the Data Controller or the DPO at the addresses listed below.
Information on the Data Controller:
The Data Controller is Dr. Schär SpA / AG, with registered office in Winkelau 9, 39014 Postal (BZ), Italy, Tel. +39 0473/293 300 E-mail firstname.lastname@example.org.
Information on the Data Protection Officer:
The Data Controller has also appointed a Data Protection Officer (DPO), available at its headquarters (Winkelau 9, 39014 Postal (BZ), Italy, Tel. +39 0473/293 300) or by writing to email@example.com.
Your personal data may be disclosed to DR. SCHAR's worldwide affiliates, and their employees, agents, service providers or external collaborators of the Data Controller who are administrative, sales, legal or accounting employees, IT administrators or service providers, depending on how your data is processed and which from time to time are , working under the Data Controller's direct or indirect authority.
2. PERSONAL DATA PROCESSED
2.1. THE INFORMATION WE COLLECT
The information we collect from visitors to Dr.
Schär's site helps us improve our site and provide better service to you. We
collect, use, disclose, transfer, and store personal data (such as your name,
mailing address, email address, phone, and fax numbers) when needed to provide
our services and for our operational and business purposes as described in this
such as financial and bank account numbers.
We want to be clear about our privacy practices so that you can make informed choices about the use of your information, and we encourage you to contact us at firstname.lastname@example.org at any time with questions or concerns.
2.2. INFORMATION YOU VOLUNTARILY PROVIDE TO US
Generally, you can visit Dr.
Schär's site without providing any personal or sensitive personal data. However,
on some pages, we collect personal data in order to provide a service or carry
out a transaction requested by you. See below for what personal data is
collected and how it is used. We may also ask for feedback relating to our goods
or services. Participation is voluntary and you are not required to provide this
information. There generally is no negative effect on you if you choose not to
provide your personal data. However, since personal data may be needed to
process an order, if you choose not to participate, we may not be able to
perform a requested service or complete a transaction.
2.3. WEBSITE BROWSING DATA
The computer systems and
software procedures used to operate this Website will collect some personal data
whose transmission is implicit when you use Internet communication protocols.
This information is not collected to be associated with identified data
subjects, but by their very nature they could allow us, through their processing
and association with data held by third parties, to personally identify users.
This category of data includes IP addresses or domain names of computers used by
persons who log onto the Website, the URI (Uniform Resource Identifier)
addresses of the resources requested, the time of the request, the method used
to submit the request to the server, the size of the file received in reply, the
number code indicating the status of the reply given by the server (successful,
error, etc.) and other parameters that refer to the user's operating system and
computer environment. This data is used for the purpose of obtaining anonymous
statistical information on the Website usage and to make sure it is functioning,
to allow - given the system architecture used - the proper provision of the
services, for security reasons and to ascertain responsibility in case of
hypothetical computer crimes against the Website or third parties. The data are
usually deleted after seven days.
From time to time, we may use
a standard feature found in browser software called a "cookie" used to store and
manage user preferences, deliver targeted advertising, enable content, and
tracking technologies is standard across websites and apps through which
information is collected about your online activities across applications,
website, or other servicers. You can choose to accept or decline cookies and,
while most web browsers automatically accept cookies, you can usually modify
your browser setting to decline cookies if you prefer. This may prevent you from
taking full advantage of our sites.
- What is a cookie? A cookie is a small text file that is
placed on a computer or other device and is used to identify the user or
device and to collect information. Cookies help to track user trends and
patterns and also relieve users from having to re-enter their preferences on
certain areas of the site where they have previously entered preference
The specific consent of the user is not generally required for "technical cookies", i.e. those used for the sole purpose of sending a communication over an electronic communications network, or as strictly necessary in order to provide a service explicitly requested by the user. In other words, these cookies are indispensable to provide access to the website or are required to perform tasks requested by the user.
Technical cookies (i.e. those that are required for website tasks) may include, without limitation:
- "cookie analytics", when used directly by the website operator to collect information in aggregate form on the number of users and on how they visit the website;
- navigation or session cookies (for user authentication);
- functionality cookies, which allow users to browse the website based on the selected criteria (e.g. language, products selected for purchase) in order to improve the service provided to them.
"Profiling cookies", vice versa, i.e. those used to
create user profiles and to send advertising messages in line with the
preferences expressed by users when browsing the web, require the user's prior
- Types of cookies used by the Website and option to (de-)select them
The Website uses the following cookies, offering users the option to (de-)select them, except for third-party cookies (for which the user must refer directly to the relevant selection and de-selection modalities of the respective cookies, see the links here below):
- Technical navigation or session cookies that are strictly necessary to provide access to the Website or to allow users to make use of the contents and services they request.
- Technical cookie analytics that help the Data Controller understand how users browse the website. These cookies are not used to collect information about the user's identity, nor any personal data. The information is processed in aggregate and anonymous form.
- Technical functionality cookies that are used to provide specific
website features and a series of selected criteria (e.g. language, products
selected for purchase) in order to improve the service provided by the
IMPORTANT: if you disable technical and/or functional cookies, the Website may be inaccessible or certain services or functions may be unavailable or not function properly and you may be forced to change or to manually enter some information or preferences each time you visit the Website.
Links to the privacy policies of the third
parties that install cookies
Google, YouTube: https://www.google.com/intl/it_it/policies/technologies/cookies/
- How to view and change cookie settings on
With specific reference to the "Google Analytics" cookie, you can install a specific add-on to disable it, downloading it at the following link: https://tools.google.com/dlpage/gaoptout
- What is a web beacon? A web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel that is placed on a website or in an email that is used to monitor the behavior of the user visiting the website or opening the email. It is often used in combination with cookies. We may use web beacons to access cookies and to count users who visit our site or open email messages. We may collect this information to improve the delivery of our web pages to you and to measure traffic on our site. We sometimes also may use the non-identifying and aggregate information that is collected as described above to enhance the design of our site and to help us understand the needs of our visitors.
- What is a "Share" button? Our website may also contain "Share" buttons. Any user who
wishes to share content in this manner must have already provided login
credentials to the "Share" site. We do not collect any user login
information for third-party "Share" sites including those listed below. We
have no influence regarding the scope of the data which is collected with
the aid of the "Share" buttons, and therefore can only provide you with
information for the third-party sites that may be integrated into our
website. At this moment our website doesn't use a "Share"
3. THE BANNER AT FIRST ACCESS
We have prepared a banner at the user's first access to
the website and, additionally, has installed a specific cookie that retains the
user's preference in terms of cookie installation for 365 days. This means that
users will see the cookie banner on our website only once, and if you wish to
change your cookie preferences, you may do so by following the instructions
provided in the paragraph entitled "How to view and change cookies through your
4. PURPOSE, METHOD OF PROCESSING, SECURITY AND PLACE OF DATA PROCESSING
How we use your information. We will
obtain your consent to collect, use or disclose personal data except where we
are authorized or required by law to do so without consent. California
consumers may click [here] for a more fulsome review of how we use your personal
In general, consent may be express or implied. We process personal data for these service- and business-related purposes:
- Account creation: We use personal data such as your name, email address, mailing address, and phone number to set up and administer your account and to provide customer support and training, send important account and service information, and to allow us to communicate with you. To verify that you are a customer, we may also ask for your system's serial number.
- Sales orders and service: We use personal data such as your name, email address, mailing address, phone number, and financial and bank information including credit card numbers in order to provide service for a product or for product orders.
- Product registration and warranty: We may use personal data such as your name, email address, mailing address, phone number and product purchase information for registration and to replace or issue a refund to you (via coupon or otherwise) any products you have a problem or are not fully satisfied with, as well as to communicate to you regarding these services.
- Marketing purposes: We use personal data such as your name, email address, mailing address, and phone number to send marketing communications and to respond to inquiries about our companies, our products, services, and events to you across various platforms, such as email, phone, text messaging, direct mail and online. We may also collect information about the quality and success of our email marketing (e.g., by analyzing the opening or click rates of our emails). The provision of your personal data for this purpose is optional and requires your specific consent. Lacking such consent, you will be able to use the service requested, but the Data Controller will not send you further advertising messages. Once you have granted consent for us to contact you for advertising or marketing purposes, you can revoke it at any time for all these communication methods or only for one or some of them.
- Career and applicant purposes: We use personal data such as name, email address, mailing address, and phone number to communicate during the recruitment process regarding potential careers at Dr. Schär and SCHÄR Group.
- Profiling purposes (e.g. creation, with the aid of electronic
tools, of user profiles based on your preferences, habits and consumption
choices): Such profiling activities may be carried out by means of
cookies or other online profiling technologies, e.g. trackers, and/or by
cross-linking personal data collected in connection with the provision of
services and the relevant use of multiple features chosen from among those
made available to the user.
The provision of your personal data for profiling purposes is optional and requires your prior and specific consent. In the absence of such consent, you may benefit from the service requested, but the Data Controller will not be able to profile you and send you communications in line with your preferences. We also inform you that you may at any time decide to withdraw the consent you previously granted for user profiling, carried out by the Data Controller by information cross-linking or other profiling technologies, by notifying the Data Controller informally by sending an e-mail to: email@example.com .
- Legal obligations: We may be required to use and retain personal data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or to combat fraud. We may also use personal data to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
When we share personal data. Dr. Schär will not provide personal data to any third party or use the information for an undisclosed purpose except as otherwise noted at the point where the information is collected and where necessary to provide services or conduct our business operations as described below. We share personal data in accordance with data privacy and security requirements, and we occasionally will share non-personal, anonymized, and statistical data with third parties. We make appropriate efforts to ensure that the entities we share personal data with do not further distribute the information such as entering into non-disclosure agreements. California consumers may click [here] for a more fulsome review of with whom Dr. Schär shares your personal information.
- Within Dr. Schär and SCHÄR Group: SCHÄR Group is comprised of a global operation with offices and locations around the world. They are supported by a variety of global teams and functions situated in other organizations within the SCHÄR Group. Personal data may be shared with Dr. Schär and with the SCHÄR Group if needed to provide services or fulfill product orders, for account administration, to facilitate sales and marketing, for customer and technical support, and to promote business and product development. Visit https://www.drschaer.com/us/locations to see a list of SCHÄR Group locations where we may process personal data.
- With third-party service providers: We have third-party service providers around the world. Personal data will be made available to these parties only when necessary to fulfill the services they provide to us such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use personal data we make available to them for any purpose other than to fulfill their obligations to SCHÄR Group.
- With third parties for legal reasons: We will share personal data when we believe we are
legally required to, such as:
- Under applicable law or by legal process such as a court order.
- To prevent physical harm or property damage, and to protect our rights, users, systems and services.
- As part of an investigation of suspected or actual unlawful conduct.
- To comply with and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence.
- All personal data input by you through the use of this site is submitted directly to Dr. Schär's (and/or its third party service providers') data centers in the EU . By submitting your personal data through this site, you are hereby consenting to the transfer of your personal data to the EU.
- Your personal data submitted through this site may be shared with the local sales office of Dr. Schär relevant to your geographical location in order to provide you with services, products and support specific to your location, and it is likely that any marketing communications will be sent to you by the local sales office in your region.
How we secure personal data. Dr. Schär takes the security of personal data it collects and retains seriously. We are committed to safeguarding it and protecting against unauthorized access to, or use of, our information assets and any other anticipated threats or hazard to the security and integrity of such assets. Measures we take to safeguard personal data include appropriate policies and procedures to address risk management, appropriate restrictions on access to personal data; monitoring and physical measures for the secure storage and transfer of personal data; training for employees and contractors with access to personal data; and vendor risk management requiring contractual obligations to protect any personal data with which they are entrusted in accordance with our security policies and procedures.
How long we keep personal data. Dr. Schär has policies and procedures relating to the retention of personal data based upon a classification scheme consisting of business functions and process areas, and the classification and types of the data and records. We retain personal data for as long as we reasonably require it for business and legal purposes. In determining data retention periods, Dr. Schär considers contractual and legal obligations, and the expectations and requirements of customers, vendors, suppliers and others who share their personal data with us. When we no longer need personal data, we securely delete or destroy it.
Our Special Commitment to Children's Privacy. Protecting the privacy of the very young is especially important. For that reason, we do not knowingly collect personal data from children under the age of 13. This website is not intended for anyone under the age of 18. If you are younger than 18, you may not use this website.
Do Not Track. "Do Not Track" is a privacy preference that you can set in most browsers that sends a signal to a website that you do not want the website operator to track certain browsing information about you. However, because our site is not configured to detect Do Not Track signals from a user's computer, we are unable to respond to Do Not Track requests at this time.
this site. On return visits to our site, please remember to review the Privacy
Policy which may have changed, since continued use of our site after any posted
revision indicates your consent to our use of your information in accordance
5. YOUR RIGHTS
Your right to access, correct, or delete your personal data. We respect your right to access and control your personal data, and we will endeavor to respond to requests for information about personal data and, where applicable will correct, amend, or delete your personal data.
- Access to personal data: We will comply with requests for access to your personal data, subject to any relevant legal requirements and exemptions. We will make commercially reasonable efforts to provide you reasonable access to any of your personal data we maintain within 30 days of your access request. If we cannot honor your request within the 30-day period, we will inform you when we will be able to provide access. In the unlikely event that we cannot provide you access to this information, we will explain why we cannot do so. We will ask for proof of your identity in order to confirm your identity and that you are seeking access to personal data belonging to you, and also sufficient information about your interaction with us so that we can locate any relevant data. We may also charge a fee for providing you with a copy of your data (except where this is not permissible under local law). There will generally be no fee or charge for processing or responding to verified requests unless a request is excessive, repetitive, or manifestly unfounded. If Dr. Schär determines that a request warrants a fee, it will provide a cost estimate to the requestor prior to assessing the fee and satisfying the request.
- Correction to and deletion of personal data: In some jurisdictions, you have the right to correct or amend your personal data if it is inaccurate or requires updating, and also the right to request deletion of your personal data. Due to legal requirements and other obligations and factors, this is not always possible. Remember that account information may be corrected, deleted, or updated by using the "Contact Us" option within the relevant service. For inquiries of this nature, please contact us at firstname.lastname@example.org.
- Opting out: To opt out of marketing email, you can use the unsubscribe link found in the email communication you receive from us. You may also use the "Contact Us" option within the relevant service to opt out and elect not to receive further emails from us. Please provide the email address from which you are receiving electronic communications.
- Choices: Some personal data is necessary in order to provide certain services. However, you may choose to limit Dr. Schär's use of your personal data by adjusting your browser settings, opting out, or you may contact us at email@example.com for more information regarding your choices. Since personal data may be needed to process an order, if you choose not to participate, we may not be able to perform a requested service or complete a transaction.
Filing a Complaint. You may also lodge a complaint with the Italian Control Authority, if you believe that your data has been illegitimately processed. Please contact us at firstname.lastname@example.org with any requests related to your personal data.
6. HOW TO CONTACT US
If you have questions or concerns about this Privacy
Policy or our privacy practices, you may wish to contact the data controller.
California residents only - please click [here] for information on
- You may contact us via email at email@example.com.
- For marketing preferences and services support relating to updating your account information or email marketing preferences, or for technical support or other help with services, please use the "Contact Us" option for the relevant service.
7. CALIFORNIA CONSUMER INFORMATION - THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
California Consumer Information. This
section supplements the information above and applies solely to California
consumers. This section is to comply with the California Consumer Privacy Act
(CCPA) that provides California residents the right to access and control their
"Personal Information,” which is defined by the CCPA as information that
identifies, relates to, describes, references, is capable of being associated
with, or could reasonably be linked, directly or indirectly, with a particular
Dr. Schär will endeavor to respond to California consumers' requests for information about their Personal Information and, where applicable and subject to compliance and legal obligations, will opt out of the sale, correct, amend, or delete a California consumers' Personal Information.
Dr. Schär employees who are also California residents should refer to internal privacy policies regarding CCPA compliance, and inquiries directed to the Dr. Schär Human Resources Manager.
For non-Dr. Schär employee California residents, there are only two instances where California consumer Personal Information is collected directly by Dr. Schär: (i) for job applicants, and (ii) in connection with DR. SCHÄR- and FLAVIS-branded consumer products and services. Dr. Schär also is a service provider to certain nationwide retail stores and other partners to manufacture and fulfill DR. SCHÄR and FLAVIS product orders.
Therefore, outside of job applicants, the collection and/or processing of California consumers' Personal Information regulated by the CCPA is limited to interactions between California consumers and Dr. Schär, and as a manufacturer and service provider to certain retail stores and other partners to fulfill DR. SCHÄR and FLAVIS product orders.
California Resident Personal Information collected by SCHÄR Group. During the last twelve (12) months, Dr. Schär has collected the following categories of Personal Information from California consumers:
|Identifiers||A real name, Internet Protocol address, email address, other similar identifiers.||YES|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.||YES|
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|Biometric Information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health, or exercise data.||YES|
|Internet or other similar network activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement||YES|
|Geolocation data||Physical location or movements.||NO|
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information||NO|
|Professional or employment-related information||Current or past job history or performance evaluations||YES|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|Inferences drawn from other personal information||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitude.||NO|
Personal information as defined by the CCPA does not include:
- Publicly available information from government records.
- De-identified or aggregated California consumer's Personal Information.
- California consumer Personal Information excluded
from the CCPA's scope such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIS) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Dr. Schär obtains the categories of Personal Information listed above from
the following categories of sources:
- Directly from California consumers. For example, from forms submitted on Dr. Schär's websites for customer service transactions with the service center, entries into sweepstakes and contests, and job applications.
- Directly and indirectly from California consumers. For example, website usage details collected automatically.
- From third parties in connection with the services Dr. Schär performs for them or for potential employment or engagement services. For example, to fulfill product orders, or from recruiting firms, employment agencies, background check providers, former employers, credit reference agencies, or other background check agencies.
- From third party data resellers through contact lists that Dr. Schär may have purchased or rented for purposes of sending marketing-type communications.
- From social media platforms, such as Facebook, Twitter, YouTube, Pinterest and Instagram.
- To fulfill or meet the reason for which the information is provided. For example, if a name and contact information is provide to ask a question about a SCHÄR Group consumer product, Dr. Schär may use that Personal Information to respond to the inquiry. If the information is provided to purchase a product or service, it will be used to process payment, facilitate delivery, and may be maintained for service inquiries.
- To provide information about SCHÄR Group products, services and related support that is requested.
- To provide email communications, event registrations and other notices about SCHÄR Group products and services or news that may be of interest.
- For entry into a sweepstakes or contest at the California consumer's request.
- To consider California consumers for potential employment or engagement.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described at the point where Personal Information is collected or as otherwise set forth in the CCPA.
Dr. Schär will not collect additional categories of Personal Information or
use the Personal Information collected for materially different, unrelated, or
incompatible purposes without providing notice to the California consumer,
unless required or permitted by applicable laws.
- California Customer Records personal information categories
- Professional or employment-related information
- SCHÄR GROUP
- Service providers
- Third parties to whom the California consumer or its agents authorize disclosure of Personal Information in connection with products or services we provided to the California consumer.
Dr. Schär does not sell personal information.
California Consumers' Rights and
Choices. The CCPA provides California consumers with specific rights
regarding their Personal Information. This section describes California
consumers' rights and explains how to exercise those rights.
- Access to Specific Information and Data Portability
Rights. California consumers have the right to request certain information be
disclosed to them about Dr. Schär's collection and use of their Personal
Information over the last twelve (12) months. Once the request is received and
identity is verified, Dr. Schär will disclose to the California consumer:
- The categories of Personal Information collected about the California consumer.
- The categories of sources for the Personal Information collected about the California consumer.
- The business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom the Personal Information is shared.
- The specific pieces of Personal Information collected about the California consumer (also called a data portability request).
- If the California consumer's Personal Information
was sold or disclosed for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Note that specific Social Security numbers, driver's license numbers or California identification card numbers, financial account numbers, health insurance or medical identification numbers or information, account passwords or security questions and answers will not be disclosed to any California consumer.
- Deletion Rights Requests. The CCPA provides California consumers the right to request deletion of their Personal Information collected and retained, subject to certain exceptions. Once a request is received from a California consumer and identity is verified, the Personal Information will be deleted, and any service providers who may have the Personal Information will be directed to delete as well, unless an exception applies. Requests to delete require confirmation of deletion instructions. Dr. Schär may deny a deletion request if retaining the Personal Information is necessary for Dr. Schär or its service providers to:
- Complete the transaction for which the Personal Information was collected, provide a good or service that was requested, take actions reasonably anticipated within the context of an ongoing business relationship, or otherwise perform a contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if the California consumer previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on the California consumer's relationship with Dr. Schär.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which the Personal Information was provided by the California consumer.
- Exercising Access, Data Portability and Deletion Rights. Only a California consumer or a
person registered with the California Secretary of State that is authorized to
act on a California consumer's behalf ("Authorized Agent”) may make a request
to exercise the access, data portability and deletion rights described above.
Requests may also be made on behalf of a minor child. Requests for access or
data portability may only be made twice within a 12-month period. The request
- provide sufficient information that allows Dr. Schär to reasonably verify the requester is the person about whom the Personal Information is collected or an Authorized Agent and
- describe the request with sufficient detail that allows Dr. Schär to properly understand, evaluate, and respond to it.
Requests should be made to the entity that collected the California consumer's Personal Information. If Dr. Schär determines that another entity collected the Personal Information and shared it to Dr. Schär as a service provider or in connection with a promotional alliance, the requester will be directed to submit the request to the entity that collected the Personal Information.
California consumers or Authorized Agents may submit
requests under the CCPA to Dr. Schär by:
- sending an E-mail to firstname.lastname@example.org
California consumers may learn more about their rights under the CCPA by
or send inquiries to Dr. Schär at email@example.com.
Dr. Schär cannot respond to requests or provide Personal Information if it is unable to verify a requester's identity or authority to make the request and confirm the Personal Information relates to the requester. Making a request does not require you to create an account with Dr. Schär. Personal Information provided to for identity verification for such requests will only be used to verify the requester's identity or authority make the request.
- Response Timing and Format. Dr. Schär endeavors to respond to verified requests from California consumers within 45 days of receiving the request. If more time is required to comply with the request, Dr. Schär will inform the requester of the need for an extension (up to an additional 45 days) and the reason in writing. If the requester has registered for an on-line account with Dr. Schär, a response will be delivered to that account. If the requester does not have an account with Dr. Schär, a response will be sent via email or regular mail, at the requester's option. Disclosures will only cover the 12-month period preceding the verified request. If Dr. Schär is unable to comply with a request, it will explain the reasons why. For verified data portability requests, requesters will be able to select a format to provide the Personal Information in that is readily usable and should allow the requester to transmit the information from one entity to another without hindrance.
There is no fee or charge for processing or responding to verified requests
unless a request is excessive, repetitive, or manifestly unfounded. If Dr. Schär
determines that a request warrants a fee, it will explain that decision to the
requester and provide a cost estimate prior to complying with the request.
- Identity Verification Requirements. The CCPA requires a verification process to confirm the identity of a California consumer who is exercising their rights as described above. Requests for additional information for verification purposes will be sent via email or regular mail, at the California consumer's preference. If an Authorized Agent is being utilized for a request under the CCPA, Dr. Schär will require proof of the Authorized Agent's authority for the particular California consumer and the identity verification will occur directly with the California consumer about whom the request is being made. If verification is necessary and the California consumer or its Authorized Agent making the request cannot or does not provide the additional requested information, the request may be denied.
Taking into consideration the type, sensitivity, and value of the Personal
Information, the risk of harm posed by any unauthorized access or deletion, the
likelihood that fraudulent or malicious actors might seek the information,
whether the identity verification process is sufficient robust to protect
against fraudulent requests or being spoofed or fabricated, the nature of the
transaction between the California consumer and Dr. Schär, and available
technology for verification:
- Verification for Password-Protected Accounts. Verification may include using the existing authentication practices for the account.
- Verification for Non- Account Holders:
- Requests to know categories of Personal Information: The CCPA requires the identity of the California consumer be verified to a reasonable degree of certainty, and may include matching at least two data points provided by the California consumer with data points maintained by Dr. Schär, and which Dr. Schär believes to be reliable for verification purposes.
- Requests to know specific pieces of Personal Information: The CCPA requires the identity of the California consumer be verified to a reasonably high degree of certainty, and may include matching at least three pieces of Personal Information provided by the California consumer with data points maintained by Dr. Schär, and which Dr. Schär believes to be reliable for verification purposes. Additionally, the California Consumer must complete and submit a declaration under the penalty of perjury with an original signature that the California consumer making the request is the consumer whose Personal Information is the subject of the request.
- Requests to Delete. The verification required for a request to delete depends on the sensitivity of the Personal Information and the risk of harm to the California consumer posed by the unauthorized deletion.
- Non-Discrimination. Dr. Schär will not
discriminate against a California consumer for exercising any rights under the
CCPA. Unless permitted by the CCPA, Dr. Schär will not:
- deny goods or services to a California consumer in response to that consumer exercising any rights under the CCPA,
- charge different prices or rates for goods or services to such consumer for such reason, including through granting discounts or other benefits, or imposing penalties, or
- provide a different level or quality of goods or services to such consumer for such reason.
Dr. Schär may offer certain financial incentives permitted by the CCPA that
may result in different prices, rates, or quality levels. Any
CCPA-permitted financial incentive offered will reasonably relate to a
California consumer's Personal Information's value and contain written terms
that describe the program's material aspects. Participation in a financial
incentive program requires a California consumer's prior opt in consent, which
may be revoked at any time.
Thank you for visiting Dr. Schär's website.
© 2020 Dr. Schär AG. All rights reserved.