A. Controller

Responsible for the processing of personal data and thus the controller according to this Privacy Policy is Slim and More GmbH, Rämistrasse 5, 8001 Zurich, Switzerland (“Slim and More”). Our data protection officer can be contacted at the aforementioned postal address, by email at admin@slimandmore.ch, or by phone at +49 44 430 11 11.

B. Personal Data and Terms

Personal data is information that relates to an identified or identifiable natural person, such as name, address, telephone number, email address, date of birth, etc. (“Personal Data”).

Any handling of personal data, regardless of the means and procedures used, in particular the collection, acquisition, storage, use, processing, disclosure, archiving, or deletion of data, is considered processing (“processing” or “processed”).

A data subject is any natural person whose personal data is processed (“data subject”).

A controller is any private individual or federal body that alone or jointly with others decides on the purposes and means of processing (“controller”).

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller (“processor”).

C. Acquisition of personal data

You or the data subjects provide us with some of the personal data yourself by making it available to us, using our services, or contacting us via contact form, email, telephone, or in person. This includes, for example, name, contact details, date of birth, professional and business functions, health and physical situations and preferences, etc. We also process personal data that we receive from job applicants. We may also collect personal data ourselves, e.g., when you or the company you work for uses our services, or when we obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, press, internet, media, social media) (e.g., information from the media and internet, credit reports, your addresses and, if applicable, interests and other sociodemographic data). We may also receive data from other companies, authorities and other third parties (e.g., doctors, nutritionists, or beauty clinics) or your environment, or when you use our website (see section J). We collect the data mentioned in this paragraph for the purposes stated in section D, unless otherwise stated.

If you have given us your consent to process your personal data for specific purposes (e.g., for your consultation form, medical history form, or when registering to receive newsletters), we will process your personal data within the established framework and based on this consent. We may, where necessary, base the processing of personal data on other legal grounds. These include the fulfillment of a contract, the implementation of pre-contractual measures, or the protection of other legitimate interests (see section D).

If you are acting on behalf of a third party or providing us with information about a third party, you declare that you are an authorized representative or agent of that third party and/or that you have obtained all necessary consents from that third party to collect, process, use, and disclose their personal data to us or by us in accordance with the provisions of this Privacy Policy.

D. Purpose of Processing

We process your and other individuals’ personal data, to the extent permissible and deemed appropriate, for the following purposes (if you work for our customers or business partners, your personal data may also be affected in this capacity):

We use personal data in particular to fulfill the purposes of our organization, to provide our services, and to initiate and process agreements with our customers and business partners, as well as to comply with our legal obligations;

Providing and further developing our offerings, services, websites, and other platforms on which we are present;

Communicating with third parties and processing their inquiries (e.g., applications, media inquiries);

Customer acquisition;
… Ensuring our operations, particularly IT, our websites, apps, and other platforms;

Video surveillance to maintain house rules and other measures to ensure IT, building, and facility security and protect our employees and other individuals, as well as assets belonging to or entrusted to us.

E. Retention Period

Unless an explicit retention period is specified at the time of collection or in this Privacy Policy, we process and store personal data until it is no longer required to fulfill the purpose, unless statutory retention periods (e.g., retention periods under commercial and tax law) prevent deletion. Personal data may also be retained for the period during which claims can be asserted and to the extent we are otherwise legally obligated to do so or legitimate business interests require it (e.g., for evidentiary and documentation purposes).

F. Rights of the Data Subject

Consent granted can be revoked at any time; however, this will not affect data processing that has already taken place. In addition, depending on the circumstances and applicable data protection law, you have, in particular, the right to access, rectification, erasure, or restriction of processing of personal data, the right to object to processing, and the right to data portability. We are also entitled to assert the legally stipulated restrictions on your data subject rights, for example, if we are obliged to retain or process certain data, have an overriding interest in doing so, or require it to assert claims.

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority, provided that the applicable data protection law provides for such a right. The Swiss data protection authority is the Federal Data Protection and Information Commissioner (FDPIC).

Regarding your rights as well as further questions, suggestions, and comments on data protection, please contact the person responsible for data protection using the contact details provided above (see section A).

G. Security

We protect personal data through appropriate measures against loss, misuse, unauthorized access, disclosure, alteration, or destruction. For this purpose, we use suitable technical and organizational measures. However, we cannot guarantee the absolute security of the data.

Unless otherwise agreed, we assume no liability for violations of these security provisions unless they occur intentionally or through gross negligence.

H. Data Transfer

As part of our business activities, we also disclose personal data to third parties, to the extent permitted and deemed appropriate, whether because they process data for us or because they use the data for their own purposes. This applies in particular to the following parties:

Our service providers (e.g., banks, insurance companies), including contract processors (such as newsletter, cloud, or IT providers);
Doctors, nutritionists, or beauty clinics;
Domestic and foreign authorities, official bodies, or courts;
The public, including visitors to websites and social media;
other parties in potential or actual legal proceedings;

In this context, your personal data may be stored in Switzerland, as well as in other European countries and the USA where the service providers we use (such as Microsoft) are located. If personal data is processed outside Switzerland or the European Economic Area, we will take the steps required by applicable data protection law to ensure that your personal data is treated as safely and securely as it would be in Switzerland or within the European Economic Area, unless we can rely on an exception. An exception may apply in legal proceedings abroad, but also in cases of overriding public interest, if the performance of a contract requires such disclosure, or if you have consented.
I. Data processing through website use

During your visit to the website, general information is automatically collected (e.g., the date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the device (e.g., computer or mobile phone), the operating system used, accessed content, and the domain name of your Internet service provider). We use this data for the purposes stated in section D, in particular for marketing and administrative purposes and to ensure the functionality of the website. This data is also necessary to correctly provide and optimize the content of the website, to ensure the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need for criminal prosecution in the event of a cyberattack.

I. Data processing through website use

During your visit to the website, general information is automatically collected (e.g., the date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the device (e.g., computer or mobile phone), the operating system used, accessed content, and the domain name of your Internet service provider). We use this data for the purposes stated in section D, in particular for marketing and administrative purposes and to ensure the functionality of the website. This data is also necessary to correctly provide and optimize the website content, to ensure the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need for criminal prosecution in the event of a cyberattack.
1. SSL Encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”.
2. Server Log Files

The provider of this website automatically collects and stores information in so-called “server log files,” which your browser automatically transmits to us. In particular, the information listed under J above is transmitted.
3. Use of Cookies
3.1 Definition

Cookies are small files that are stored on your device when you use our website.
3.2 Necessary and Non-Necessary Cookies

Necessary cookies are files that are sent to the browser on your computer’s hard drive to ensure the website functions properly and to enable us to offer you certain features. They do not require the consent of website users.

We use non-necessary cookies to collect information about website visits. We also use non-necessary cookies to improve the user-friendliness of the website, for example, to tailor our offerings to customer needs and to make browsing the website as convenient as possible for you. We also use cookies to optimize our advertising. Non-necessary cookies require the consent of website users, depending on applicable law.
3.3 Session cookies and persistent cookies

So-called “session cookies” are automatically deleted after your visit. For example, we may use session cookies to save previously completed online forms or language settings across different pages of an internet session. We also use persistent cookies. These remain stored on your device after the end of the browser session until you delete them. When you visit our website again, your preferred entries and settings will be automatically recognized. Depending on the type of cookie, these cookies remain stored on your device for a specific period of time (e.g., two years) and are automatically deactivated after the programmed period has elapsed. They serve to make our website more user-friendly, effective, and secure. Thanks to these cookies, you can, for example, see information on the page that is specifically tailored to your interests.
3.4 Activating, deactivating, and deleting cookies

All web browsers offer the option of activating, deactivating, or deleting cookies by configuring the browser settings or options accordingly. If cookies are deactivated or deleted in whole or in part, not all website functions may be available.
3.5 Cookies and Personal Data

The cookies we use generally do not store any personal data. However, personal data that we or third parties commissioned by us store about you (e.g., if you have a user account with us or these providers) may be linked to the technical data or the information stored in and obtained from cookies, and thus possibly to you personally.

4. Pixels

We sometimes, and where permitted, incorporate visible and invisible image elements on our website, in our newsletters, and other marketing emails. By retrieving these from our servers, we can determine whether and when you have opened the website or email, so that we can measure and better understand how you use our offerings and tailor them to your needs. You can block this in your email program.
5. Web Analysis Services

We use analysis services from Yoast on our websites. These services are provided by third parties who may be located in Switzerland or another country. In this case, the service provider is Yoast BV, based in the Netherlands. If you have registered with the service provider yourself, the service provider may also know you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its privacy policy. The service provider only informs us how our respective website is used (no information about you personally).
6. Integration of Google Services

On our website, we use the following Google services, among others: Tag Manager and Analytics. The relevant Google company is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as a processor (both “Google”). Although we can assume that the data Google retrieves and stores when you use our website is not personal data, it is possible that Google can use this data, in conjunction with data specifically collected by Google, to draw conclusions about the identity of visitors for its own purposes and link this data to these individuals’ Google accounts. If you have registered with Google yourself, Google may also be able to recognize you. The processing of your personal data by Google is then under its responsibility in accordance with its privacy policy. For further information on data protection (in particular on the scope, nature, and purpose of data processing), please refer to the relevant Google privacy policy.

When using Google Analytics, we can measure and evaluate the use of the website (not in a personal way).

7. Links to other websites

The website contains links to other websites. We have no influence on whether their operators comply with applicable data protection regulations. We exclude any responsibility or liability for the third-party websites accessible via links.
8. Social Media and Presence

Plugins

Our website contains social media plugins from social networks such as Facebook, Twitter, YouTube, Pinterest, or Instagram. These are generally embedded in the website as graphic files. We have configured these elements to be deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where you are, and can use this information for their own purposes. The processing of your personal data is then the responsibility of that operator in accordance with its data protection regulations. We do not receive any information about you from them.

For further information on data protection (in particular on the scope, nature, and purpose of data processing), please refer to the privacy policies of the individual social media providers. There you will also find further information on your rights and setting options for protecting your privacy.

By logging out of your social network pages beforehand and deleting any cookies set (see section 3.4 above), you can prevent third-party providers from collecting information about you during your visit.

Presence

We may maintain an online presence on social networks and other platforms operated by third parties. We receive data from you and the platforms when you come into contact with us via our online presence (e.g., when you communicate with us, comment on our content, or visit our website). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g., your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing purposes and to control their platforms (e.g., which content they display to you).

For further information on the processing activities of the platform operators, please refer to the platform’s privacy policy. There you will also learn in which countries they process your data, what rights you have to information, erasure, and other data subject rights, and how you can exercise these rights or obtain further information. We currently use the following platforms:

Instagram
Facebook
YouTube
LinkedIn
TikTok

J. Final Provisions

This Privacy Policy is not part of a contract with you. We reserve the right to change the content of this Privacy Policy at any time and without notice. The current version published on our website applies. We therefore recommend that you consult this Privacy Policy regularly. In addition to this Privacy Policy, we may inform you separately about the processing of your data, for example, through additional separate privacy policies regarding specific relationship relationships.