Privacy Policy
1. What is the purpose of this privacy policy?
Neurolite AG (hereinafter also "we", "us") collects and processes personal data that concerns you or other persons (so-called "third parties"). We use the term "data" here as synonymous with "personal data" or "personally identifiable information".
In this privacy policy, we describe what we do with your data when you use neurolite.ch, cefaly.ch, flow-neuroscience.neurolite.ch, tms-therapie.ch, or other websites operated by us (hereinafter collectively "website"), access our services or products, otherwise engage with us in connection with a contract, communicate with us, or otherwise interact with us. If applicable, we will inform you through a timely written notification about additional processing activities not mentioned in this privacy policy. We may also inform you separately about the processing of your data, e.g., in consent forms, terms and conditions, additional privacy policies, forms, and notices.
If you provide us with data about other individuals such as family members, colleagues, etc., we assume that you are authorized to do so and that this data is correct. By providing data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.
This privacy policy is based on the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA"), and the revised Swiss Data Protection Act ("revDPA"). Whether and to what extent these laws apply depends on the individual case.
2. Who is responsible for processing your data?
Neurolite AG, based at Hühnerhubelstrasse 79, 3123 Belp, Switzerland, is responsible for the data processing described in this privacy policy, unless otherwise communicated in a specific case.
You can reach us for your privacy concerns and the exercise of your rights under section 11 as follows:
Neurolite AG
Hühnerhubelstrasse 79
CH-3123 Belp
info@neurolite.ch
3. What Data Do We Process?
We process different categories of data about you. The most important categories are as follows:
Technical Data: When you use our website or other electronic services, we collect the IP address of your device and other technical data to ensure the functionality and security of these services. These data also include logs that record the use of our systems. We generally retain technical data for six months. To ensure the functionality of these services, we may also assign you or your device an individual code (e.g., in the form of a cookie, see section 12). In principle, technical data alone do not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls, or contract processing, they may be linked with other data categories (and thus potentially with your person).
Registration Data: Certain services and offerings (e.g., login areas on our website, newsletter distribution) can only be used with a user account or registration, which can be done directly with us or through our external login providers. In doing so, you must provide us with certain data, and we collect data about the use of the service or offering. If you redeem a voucher with us, we may require certain data from you at the time of redemption. If we issue a voucher for one of our contractual partners, we may transmit certain of your registration data to the respective contractual partner or receive such data from them (see section 7).
Communication Data: If you contact us via contact form, email, phone, chat, letter, or other communication channels, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record or monitor telephone calls or video conferences, e.g., for training and quality assurance purposes, we will specifically inform you of this. Such recordings may only be made and used in accordance with our internal policies. You will be informed whether and when such recordings take place, e.g., by a notice during the respective video conference. If you do not want a recording, please inform us or terminate your participation. If you only do not want a recording of your image, please turn off your camera. If we need to establish your identity, e.g., for a request for information made by you, we collect data to identify you (e.g., a copy of an ID). Emails in personal mailboxes and written correspondence are generally retained for at least 10 years.
Master Data: We refer to master data as basic data that we require in addition to contract data (see below) for processing our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations, and consent declarations. We process your master data if you are a customer or another business contact, or if you act on behalf of such a person (e.g., as a contact person of a business partner) or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g., in the context of marketing and advertising). We receive master data from you directly (e.g., when making a purchase or as part of a registration), from entities you work for, or from third parties such as our contractual partners, associations, and address brokers, as well as from publicly accessible sources such as public registers or the internet. We generally retain these data for ten years from the last exchange with you, at a minimum from the end of the contract. This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or due to technical reasons.
Contract Data: These are data that arise in connection with contract conclusion or execution, such as information about contracts and the services to be provided or provided, as well as data from the pre-contractual phase, the information required for processing, and responses (e.g., complaints or satisfaction information, etc.). We generally collect these data from you, from contractual partners, and from third parties involved in contract execution, as well as from third-party sources (e.g., providers of credit rating data) and publicly accessible sources. We generally retain these data for ten years from the last contract activity, at a minimum from the end of the contract. This period may be longer if required for evidence purposes or to comply with legal or contractual requirements or due to technical reasons.
Behavioral and Preference Data: Depending on our relationship with you, we strive to understand you better and tailor our products, services, and offerings to you. To this end, we collect and use data about your behavior and preferences. We do this by analyzing information about your behavior within our environment, and we may supplement this information with data from third parties – including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. Some of the data processed for this purpose are already known to us (e.g., when you use our services), or we obtain these data by recording your behavior (e.g., how you navigate our website). We anonymize or delete these data when they are no longer meaningful for the pursued purposes.
Other Data: We also collect data from you in other situations. In connection with administrative or judicial proceedings, for example, data (such as files, evidence, etc.) may be generated that also relate to you. For health protection reasons, we may also collect data (e.g., within the framework of protection concepts). We may receive or create photos, videos, and audio recordings in which you are recognizable (e.g., at events, through security cameras, etc.). We may also collect data about who enters certain buildings at what time or has corresponding access rights (including access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns, or who uses our infrastructure and systems at what time. The retention period for these data depends on the purpose and is limited to what is necessary. This ranges from just a few days to reports on events with images that may be retained for several years or longer.
Many of the data mentioned in this section 3 are provided to us directly by you (e.g., via forms, in communication with us, in connection with contracts, when using the website, etc.). You are not obliged to provide these data, subject to individual cases, e.g., in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or use services, you must provide us with data within the scope of your contractual obligations under the relevant contract, particularly master, contract, and registration data. When using our website, the processing of technical data is unavoidable. If you want access to certain systems or buildings, you must provide us with registration data.
Unless prohibited, we also obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media, or the internet, including social media) or receive data from other companies, authorities, and other third parties (such as credit agencies, associations, contractual partners, etc.).
4. For What Purposes Do We Process Your Data ?
We process your data for the purposes explained below. Further information for the online sector can be found in sections 12 and 13. These purposes or the underlying objectives represent legitimate interests of ours and, if applicable, those of third parties. You can find further information on the legal bases of our processing in section 5.
We process your data for purposes related to communication with you, in particular to respond to inquiries, to assert your rights (section 11), and to contact you in case of follow-up questions. For this purpose, we mainly use communication data and master data, and in connection with offers and services used by you, also registration data. We retain these data to document our communication with you, for training purposes, quality assurance, and follow-ups.
We process data for the initiation, management, and execution of contractual relationships.
We process data for marketing purposes and relationship management, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and third parties. This can take place, for example, in the form of newsletters and other regular contacts (electronically, by mail, by phone), through other channels for which we have your contact information, but also as part of individual marketing campaigns (e.g., events) and may also include complimentary services (e.g., invitations, vouchers, etc.). You can reject such contacts at any time (see the end of this section 4) or refuse or revoke your consent to being contacted for advertising purposes. With your consent, we may target our online advertising on the internet more specifically to you (see section 12).
We further process your data for market research, to improve our services and operations, and for product development.
We may also process your data for security purposes and access control.
We process personal data to comply with laws, instructions, and recommendations from authorities, as well as internal regulations ("compliance").
We also process data for the purposes of our risk management and as part of prudent corporate governance, including business organization and corporate development.
We may process your data for other purposes as well, e.g., in the context of our internal processes and administration.
5. On What Basis Do We Process Your Data?
If we ask for your consent for certain processing activities (e.g., for processing particularly sensitive personal data and for marketing mailings), we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by sending us a written notice (by mail) or, unless otherwise specified or agreed, by email with effect for the future; our contact details can be found in section 2. For revoking your consent regarding online tracking, see section 12. If you have a user account, revocation or contacting us may also be possible via the relevant website or service. Once we receive the notification of your revocation, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out based on your consent before the revocation.
Where we do not ask for your consent for processing, we base the processing of your personal data on the necessity of the processing for the initiation or execution of a contract with you (or the entity you represent) or on the fact that we or third parties have a legitimate interest in doing so. This applies particularly to pursue the purposes described in section 4 and the associated objectives and to implement corresponding measures. Our legitimate interests also include compliance with legal regulations, provided these are not already recognized as a legal basis under applicable data protection laws (e.g., under the GDPR, the law in the EEA and Switzerland). This also includes the marketing of our products and services, the interest in better understanding our markets, and the secure and efficient operation and further development of our company, including its operational business.
If we receive sensitive data (e.g., health data, information on political, religious, or philosophical beliefs, or biometric data for identification), we may also process your data based on other legal grounds, such as in the case of disputes where processing is necessary for potential legal proceedings or the assertion or defense of legal claims. In individual cases, other legal bases may apply, which we will communicate to you separately if required.
6. What applies to profiling an automated individual decisions ?
We may assess certain of your personal characteristics for the purposes mentioned in Section 4 based on your data (Section 3) through automated processes ("profiling"), if we want to determine preference data, but also to identify abuse and security risks, perform statistical evaluations, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, as well as basic and contract data, and the associated technical data, to better understand you as a person with your various interests and other characteristics.
In both cases, we ensure the proportionality and reliability of the results and take measures against the misuse of these profiles or profiling. If these could have legal effects or significant disadvantages for you, we generally provide for a manual review.
7. To whom do we disclose your data?
In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to safeguard our legitimate interests and the other purposes listed in Section 4, we also transfer your personal data to third parties, particularly to the following categories of recipients:
Service providers: We collaborate with service providers in Switzerland and abroad who process data about you on our behalf or jointly with us, or who receive data about you from us for their own purposes (e.g., IT providers, shipping companies, advertising service providers, login service providers, debt collection companies, credit agencies, or address verification services). For the service providers used for the website, see Section 12. Key IT service providers for us are Microsoft and Alphabet, in debt collection, the company Inkassomed, and in security, Barracuda.
In order for us to provide our products and services efficiently and focus on our core competencies, we source services from third parties in numerous areas. These services include, for example, IT services, the sending of information, marketing, sales, communication or printing services, organization and execution of events and receptions, debt collection, credit agencies, address verification (e.g., to update address records in case of moves), fraud prevention measures, and services from consulting firms, lawyers, banks, insurers, and telecommunications companies. We provide these service providers with the data necessary for their services, which may concern you as well. These service providers may also use such data for their own purposes, such as data on outstanding claims and your payment behavior in the case of credit agencies, or anonymized data for service improvement. We also conclude contracts with these service providers that include provisions for data protection, unless this is already provided by law. Our service providers may also process data, such as how their services are used, and other data that arises during the use of their services, as independent controllers for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers inform about their independent data processing in their own privacy statements. More information on how Microsoft processes data can be found here: https://privacy.microsoft.com/en-us/privacystatement.
Contract partners, including customers: This primarily refers to customers (e.g., service recipients) and other contract partners, as this data transfer arises from these contracts. For example, they receive registration data for issued and redeemed vouchers, invitations, etc. If you are active for such a contract partner, we may also transmit data about you to them in this context. Further recipients include contract partners with whom we cooperate. We require these partners to send you advertising or use your data only if you have agreed to it (for the online area, see Section 12). Our online advertising contract partners are listed in Section 12.
Authorities: We may disclose personal data to authorities, courts, and other government agencies in Switzerland and abroad if we are legally obligated or authorized to do so or if it appears necessary to safeguard our interests. These authorities process data about you that they receive from us, under their own responsibility.
Other persons: This refers to other cases where the inclusion of third parties arises from the purposes according to Section 4, e.g., service recipients, media, and associations we are involved with, or if you are part of one of our publications.
Other recipients include delivery addresses or external payment recipients different from you, other third parties also in the context of representation relationships (e.g., if we send your data to your lawyer or bank), or individuals involved in administrative or court procedures. If we cooperate with media and transmit material (e.g., photos), you may also be affected. The same applies to the publication of content (e.g., photos, interviews, quotes, etc.) on the website or in other publications by us.
In the context of corporate development, we may sell or acquire businesses, parts of businesses, assets, or companies or enter into partnerships, which may also result in the disclosure of data (including yours, e.g., as a customer or supplier, or as a supplier representative) to the persons involved in these transactions. In our communication with competitors, industry organizations, associations, and other bodies, there may also be an exchange of data that affects you.
All these categories of recipients may themselves involve third parties, so your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not by others (e.g., authorities, banks, etc.).
We also allow certain third parties to collect personal data about you on our website and at events we host (e.g., media photographers, providers of tools we have integrated into our website, etc.). If we are not significantly involved in these data collections, these third parties are solely responsible for them. For concerns and the assertion of your data protection rights, please contact these third parties directly. See Section 12 for the website.
8. Do your personal data also reach abroad?
As explained in Section 7, we also disclose data to other entities. These are not only located in Switzerland. Therefore, your data may also be processed in Europe, and in exceptional cases, in any country worldwide.
If a recipient is in a country without adequate legal data protection, we contractually obligate the recipient to comply with the applicable data protection standards, unless they are already subject to a legally recognized framework to ensure data protection and we cannot rely on an exemption. An exception may apply, for example, in legal proceedings abroad, or if overriding public interests require such disclosure, if contract performance necessitates it, if you have consented, or if the data is made publicly available by you and you have not objected to its processing.
Please also note that data exchanged over the Internet is often routed through third countries. Therefore, your data may also reach abroad even if the sender and recipient are in the same country.
9. How long do we protect your data?
We process your data as long as it is necessary for our processing purposes, the legal retention periods, and our legitimate interests in processing for documentation and proof purposes, or as long as storage is technically required. Further information on the specific storage and processing duration can be found in Section 3 for the individual data categories or in Section 12 for the cookie categories. If no legal or contractual obligations oppose it, we delete or anonymize your data after the storage or processing duration expires within our usual procedures.
10. How do we protect your date?
We take appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to prevent risks such as loss, accidental alteration, unintended disclosure, or unauthorized access.
11. Which rights do you have?
The applicable data protection law grants you the right, under certain circumstances, to object to the processing of your data, especially for direct marketing purposes, profiling for direct advertising, and other legitimate interests in processing
To facilitate your control over the processing of your personal data, you have the following rights in connection with our data processing, depending on the applicable data protection law:
– The right to request information from us about whether and which data we are processing about you;
– The right to have data corrected if it is incorrect;
– The right to request the deletion of data;
– The right to request the provision of certain personal data in a commonly used electronic format or its transfer to another data controller;
– The right to withdraw consent, where our processing is based on your consent;
– The right to request additional information necessary to exercise these rights
If you wish to exercise the above rights, please contact us in writing, in person at our premises, or—unless otherwise specified or agreed—by email. You can find our contact details in section 2. In order to prevent misuse, we must be able to identify you (e.g., with a copy of your ID, if no other method is available). You also have these rights in relation to other entities that work with us independently. Please contact them directly if you wish to exercise your rights regarding their data processing. Information about our key cooperation partners and service providers can be found in section 7, and further details in section 12.
Please note that these rights are subject to conditions, exceptions, or limitations under applicable data protection laws (e.g., to protect third parties or trade secrets). We will inform you accordingly, if necessary.
If you are dissatisfied with how we handle your rights or data protection in general, please let us know (see section 2). Especially if you are located in the EEA or Switzerland, you also have the right to lodge a complaint with the data protection authority in your country. A list of authorities in the EEA is available here: https://edpb.europa.eu/about-edpb/board/members_en
12. Do we use online tracking and online advertising technologies?
On our website, we use various technologies that allow us—and third parties engaged by us—to recognize you during your use of the site and, in some cases, track you across multiple visits. This section provides information about these technologies.
At its core, this is about distinguishing your access (via your system) from that of other users so that we can ensure the website functions properly, and to enable analysis and personalization. It is not our intention to identify you personally—although this could be possible if we, or third parties engaged by us, are able to identify you by combining tracking data with registration data.
Even without registration data, the technologies used are designed to recognize you as an individual visitor each time you access the site, for example by having our server (or the servers of third parties) assign a specific identification number to you or your browser (known as a "cookie").
We use such technologies on our website and allow certain third parties to do so as well. Depending on the purpose of these technologies, we may ask for your consent before they are used. You can configure your browser to block, mislead, or delete certain cookies or alternative technologies. You can also extend your browser with software that blocks tracking by specific third parties. For more information, please refer to your browser’s help pages (usually under the keyword “privacy”) or the websites of the third parties listed below.
The following types of cookies (including technologies with similar functionality such as fingerprinting) are distinguished:
– Necessary Cookies: Some cookies are essential for the proper functioning of the website or specific features. For example, they ensure that you can navigate between pages without losing information entered into a form. They also ensure that you remain logged in. These cookies are temporary (“session cookies”). If you block them, the website may not function properly.
Other cookies are necessary for the server to remember decisions or inputs you have made beyond a single session (i.e., a single visit to the website), if you make use of such functions (e.g., selected language, given consent, the automatic login feature, etc.). These cookies may have an expiration date of up to 24 months.
– Performance Cookies: In order to optimize our website and related offerings and better tailor them to the needs of users, we use cookies to record and analyze how our website is used—potentially even beyond a single session. We do this by using third-party analytics services, which are listed below. Performance cookies also have an expiration date of up to 24 months. For more details, please refer to the websites of the third-party providers.
– Marketing Cookies: We and our advertising partners are interested in displaying targeted advertising—that is, showing ads primarily to those we want to reach. Our advertising partners are listed below. For this purpose, we and our advertising partners also use cookies—provided you give your consent—which can record the content you have accessed or contracts you have concluded. This enables us and our advertising partners to display advertising that we believe may be of interest to you, both on our website and on other websites that show advertising from us or our partners.
– These cookies have expiration periods ranging from a few days to up to 24 months, depending on the situation. If you consent to the use of these cookies, you will see advertising tailored to you. If you do not consent, you will not see fewer ads—but rather ads that are not personalized.
We may also integrate additional third-party services into our website, particularly from social media providers. These providers can detect that you are visiting our website. If you have an account with the social media provider, they may associate this information with your account and thereby track your use of online services. These social media providers process this data under their own responsibility.
Currently, we use services from the following providers and advertising partners (insofar as they use your data or set cookies on your device for advertising purposes):
– Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our data processor. For this purpose, Google Ireland relies on Google LLC (based in the USA) as its sub-processor (together referred to as “Google”). Using performance cookies (see above), Google tracks the behavior of visitors on our website (e.g., duration of visit, frequency of page views, geographical origin of access, etc.) and generates reports for us based on this data regarding website usage.
Although we assume that the information we share with Google does not constitute personal data for Google, it is possible that Google may use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles, and link this data to the Google accounts of those individuals.
If you consent to the use of Google Analytics, you explicitly agree to this type of data processing, which also includes the transfer of personal data (in particular, usage data related to the website and app, device information, and individual IDs) to the USA and other countries.
You can find more information about Google Analytics' data protection here:
https://support.google.com/analytics/answer/6004245
13. What data do we process on our pages on social networks?
We may operate pages and other online presences (such as “fan pages,” “channels,” “profiles,” etc.) on social networks and other platforms operated by third parties, and collect data about you as described in Section 3 and below. We receive this data from you and from the platforms when you interact with us via our online presence (e.g., by communicating with us, commenting on our content, or visiting our pages).
At the same time, the platforms analyze your use of our online presences and link this data with other information they already have about you (e.g., your behavior and preferences). These platforms process this data for their own purposes under their own responsibility—particularly for marketing and market research purposes (e.g., to personalize advertising) and to manage their platforms (e.g., to determine what content is shown to you).
We process this data for the purposes described in Section 4, in particular for communication, marketing purposes (including advertising on these platforms—see Section 12), and market research. The relevant legal bases for such processing can be found in Section 5. Content that you publish yourself (e.g., comments on a post) may be shared or redistributed by us (e.g., in our advertising on the platform or elsewhere). We or the platform operators may also delete or restrict content from or addressed to you in accordance with the respective usage policies (e.g., inappropriate comments).
For further information about how the platform operators process your data, please refer to their privacy policies. There you will also find information about the countries where your data is processed, your rights (e.g., access, deletion), and how to exercise them or obtain more details.
We currently use the following platforms:
– LinkedIn, YouTube, Facebook, Instagram
14. Can this Privacy Policy be changed?
This Privacy Policy is not part of any contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current and applicable version.
Last updated: January 31, 2025