Privacy Policy

With this privacy policy, we, DiNABIOS AG, inform which personal data we process for what, how and where, in particular in connection with our dinaqor.com website and our other offers. With this privacy policy, we also inform you about the rights of persons whose data we process.


For individual or additional offers and services, special, supplementary or additional data protection declarations as well as other legal documents such as general terms and conditions (GTC), terms of use or conditions of participation may apply. Our offer is subject to Swiss data protection law as well as any applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

1. Contact addresses

Responsibility for the processing of personal data:

DiNABIOS AG
Wagistrasse 25
8952 Schlieren ZH
Switzerland

contact (at) dinabios.com

Further information about our company can be found in the imprint details on our website at the Imprint.

We point out if there are other persons responsible for the processing of personal data in individual cases.

2. Processing of personal data

2.1 Terms

Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.


European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to personal data processing as processing of personal data.

2.2 Legal basis

We process personal data in accordance with the Swiss data protection law such as, in particular, the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).

We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases: 

  • Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of pre-contractual measures.
  • Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to provide our offer permanently, in a user-friendly, secure and reliable manner and to be able to advertise for it as required, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.
  • Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
  • Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task that is in the public interest.
  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect vital interests of the data subject or another natural person.

2.3 Nature, scope and purpose

We process those personal data that are necessary to provide our offer permanently, user-friendly, secure and reliable. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data and usage data, location data, sales, contract and payment data. 


We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data whose processing is no longer required will be anonymized or – if and to the extent that the GDPR is applicable – deleted. Persons whose data we process generally have a right to deletion. 


As a matter of principle, we process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example, for the performance of a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information. 


In this context, we process in particular information that a data subject voluntarily and personally provides to us when contacting us – for example, by letter, e-mail, contact form, social media or telephone – or when registering for a user account. If you transmit personal data to us via third parties, you are obliged to ensure data protection vis-à-vis such third parties and to ensure the accuracy of such personal data. 

We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of providing our services, if and to the extent that such processing is permitted for legal reasons.

2.4 Processing of personal data by third parties, also abroad

We may have personal data processed by commissioned third parties or process it jointly with third parties or with the help of third parties or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties. If personal data of you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing contractual processing relationships.


Such third parties are generally located in Switzerland and in the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth as well as elsewhere in the universe, provided that their data protection law ensures adequate data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent that the Data Protection Regulation (GDPR) is applicable – according to the assessment of the European Commission, or if adequate data protection is ensured for other reasons, such as by a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or by a corresponding certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the data protection requirements for this, such as the express consent of the data subject, are met.

2.5 No automated decision making (including profiling)

We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

2.6 No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.

2.7 Legal obligation to transmit certain data

We may, under certain circumstances, be subject to a special statutory or legal obligation to make the lawfully processed personal data available to third parties, in particular public bodies.

3. Rights of data subjects

Data subjects whose personal data we process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.

As a data subject, you have the right

– to request information about your data processed by us (if the GDPR applies in accordance with Article 15 GDPR). In particular, you can request at least information about the controller responsible for the processing, the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or opposition, the existence of a right of complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;

– to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (“data portability”) (pursuant to Article 20 GDPR, if the GDPR applies);

– to demand the correction of inaccurate or the completion of your data stored by us without delay, if the GDPR applies (in accordance with Article 16 GDPR);

– to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims, if the GDPR applies (pursuant to Article 17 GDPR);

– to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful, if the GDPR applies (in accordance with Article 18 GDPR);

– –object to the processing in accordance with Article 21 GDPR (if the GDPR applies), provided that the processing is based on Article 6 (1) p. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing;

– in accordance with Article 7 (3) of the GDPR, if the GDPR applies, to revoke your consent given once  – i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes – at any time vis-à-vis us, if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future and

– to complain to a data protection supervisory authority about the processing of your personal data in our company (if the GDPR applies in accordance with Article 77 GDPR at the supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement). The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request.

5. Use of the website

5.1 Cookies

We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using on your hard drive by means of a characteristic string of characters and stored, and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies again:

  • Functional Cookies: These are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;
  • Statistic Cookies: These let us understand how you use our website (e.g. which pages you visit), to provide statistics on how our website is used, improve the website by identifying any errors, and performance issues;
  • Marketing Cookies: These are used to create profiles to send advertising, or to track the user on the website or across several websites for similar marketing purposes.

The data processed by technical cookies are necessary for the purpose of providing access to our website and safeguarding our legitimate interests (if the GDPR applies, in line with Article 6 para. 1 sentence 1 lit. b GDPR and Article 6 para. 1 sentence 1 lit. f GDPR). Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is – as far as the GDPR applies – only permitted with your express and active consent. In addition, if the GDPR applies, we will only share your personal data processed through cookies with third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Policy.

In the case of cookies used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, website last accessed in the same browser window (referer or referrer).


We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our online offer permanently, user-friendly and reliably and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties. The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection. If the GDPR is applicable the legal basis is Article 6 para. 1 sentence 1 lit. f GDPR. Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.

5.3 Transfer of personal data to third parties; basis for justification

The following categories of recipients, which are usually commissioned processors (a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider), whereby zn terms of data protection law, a commissioned processor is in particular not a third party), may receive access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the disclosure is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not order processors; We use in particular:
    • Manitu: Hosting; Provider: manitu GmbH, Welvertstraße 2, 66606 St. Wendel, Germany; Data protection information: Privacy policy;
    • Google Tag Manager: We use Google Tag Manager to integrate and manage services for analytics or advertising from Google as well as from third parties on our website. This is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible. No cookies are used, but cookies may be used as part of the services integrated and managed with it. Please also refer to the privacy policy of Google Ireland Limited for further details.
  • Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. c GDPR;
  • Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. b or lit. f GDPR.

In addition, if the GDPR applies, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

6. Social Media

6.1 General

We maintain publicly accessible profiles in various social networks. Your visit to these profiles initiates a variety of data processing operations. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you or only to a limited extent if you do not provide us with your personal data.

When you visit our profiles, your personal data will be collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile in the respective social network. In doing so, personal data may also be processed outside of Switzerland and the European Economic Area (EEA). The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us.

We are present on social media platforms and other online platforms in order to communicate with interested persons and to inform them about our offer. In doing so, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply in each case. These provisions inform in particular about the rights of data subjects, which include in particular the right to information. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection statements of the respective operator:

6.2 General information on the collection of personal data when contacting us via our profiles on social networks

If you use our profiles on social networks to contact us (for example, by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you.

The legal basis for the data collection is thus  – if the GDPR applies – Article 6 para. 1 sentence 1 lit. a) and b) GDPR. We delete stored data as soon as their storage is no longer necessary or you request us to delete them; in the case of statutory retention obligations, we limit the processing of the stored data accordingly.

The following categories of recipients, which are usually commissioned processors (a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider), whereby zn terms of data protection law, a commissioned processor is in particular not a third party), may receive access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the disclosure is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not order processors; Please also refer to section 8.;
  • Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. c GDPR;
  • Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then – if the GDPR applies – Article 6 para. 1 sentence 1 lit. b or lit. f GDPR.

In addition, if the GDPR applies, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

6.3 Supplementary information about the collection of personal data when visiting our profile on the social network LinkedIn.

We can only see the public information of your LinkedIn profile. You decide which this is specifically in your LinkedIn settings. As the operator of a LinkedIn page, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our LinkedIn page. We do not have access to the usage data that LinkedIn collects to create these statistics. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our LinkedIn page according to the target group. The legal basis for the data processing is therefore – if the GDPR applies – Article 6 para. 1 sentence 1 lit. f) GDPR. In addition, LinkedIn uses so-called cookies that are stored on your end device when you visit our LinkedIn page, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our LinkedIn page. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you advertising (within and outside of Instagram) tailored to these. Cookies remain on your terminal device until you delete them. For details, please see LinkedIn’s privacy policy.

7. Success and reach measurement

Pirsch Analytics

For web analytics, we use Pirsch Analytics. Pirsch Analytics is a cookie-free web analytics software that was developed according to the Privacy by Design principle. To analyze visitor flows, Pirsch Analytics uses a hashing algorithm to generate a 16-digit number as the visitor ID when the page request is received. The input values are the IP address, the user agent, the date and a salt.

The visitor’s IP address is not persisted in whole or in part, and is anonymized completely and non-reversibly by the hash. The inclusion of the date and the use of one salt per website ensures that website visitors cannot be recognized for more than 24 hours and cannot be tracked across multiple websites. A rough localization

8. Plug-ins and Tools

Ninja Firewall

We have integrated Ninja Firewall on this website. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza 367 – 375 Queen&lsquo;s Road Central Sheung Wan, Hong Kong (hereinafter referred to as &ldquo;Ninja Firewall&rdquo;).</p> <p>Ninja Firewall protects our website against undesirable access or malicious cyber-attacks. For this purpose, Ninja Firewall collects IP address, request, referrer, and the time of page access. Ninja Firewall is installed locally on our servers and does not transmit any personal data to the provider of the tool or other third parties.</p> <p>We have enabled IP anonymization for Ninja Firewall, so that the tool only collects the IP address in a shortened form.

The use of Ninja Firewall is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of his website against cyberattacks.</p>

9. Final provisions

We have created this privacy policy with the data protection generator of Datenschutzpartner.

In the context of the further development of data protection law and technological or organizational changes, our Data Protection Information are regularly reviewed to determine whether they need to be adapted or supplemented. You will be informed of any changes in particular on our website at this page.