Last updated: January 15, 2025
Haelixa AG ("Haelixa," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, and share personal data when you visit our website at haelisa.com, use our molecular traceability platform, or otherwise interact with us as a business or individual.
This policy is written in accordance with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP / nFADP effective September 1, 2023), and other applicable data protection laws.
The data controller responsible for your personal data is:
Haelixa AG
Technoparkstrasse 1
8005 Zurich, Switzerland
Email: privacy@haelisa.com
Phone: +41 44 500 1234
For all data protection enquiries and requests to exercise your rights, please contact us at privacy@haelisa.com.
When you contact us, request a demonstration, or engage with our services, we may collect:
When you visit haelisa.com, we automatically collect certain technical and usage information, including:
When your organization engages Haelixa under a service agreement, we may receive:
Such enterprise data is processed under the terms of our Data Processing Agreement (DPA) entered into with each enterprise client.
We use your data to deliver, manage, and support the Haelixa molecular traceability platform and related laboratory services. This includes account creation and management, responding to technical support requests, processing service orders, and issuing invoices.
We use contact information to respond to your enquiries, provide quotations, deliver requested product demonstrations, and communicate about ongoing service relationships. We will not send marketing communications without a lawful basis for doing so.
We analyze website usage data to understand how visitors interact with our site, identify technical issues, and improve the quality of our content and user experience. This processing is based on our legitimate interest in maintaining an effective digital presence.
We process personal data as necessary to comply with applicable laws, regulations, and legal proceedings; to enforce our contractual rights; to prevent fraud and abuse; and to ensure the security and integrity of our information systems.
For clients using our platform in regulated industries (pharmaceuticals, medical devices, food safety), we may process technical data to support regulatory audit trails and compliance documentation as required by applicable regulations including GMP, GLP, FDA 21 CFR Part 11, and EU Annex 11.
Under the GDPR and Swiss FADP, we process personal data on one or more of the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Fulfilling a service contract or pre-contractual steps | Contract performance (Art. 6(1)(b) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
| Website analytics, security, legitimate business interests | Legitimate interests (Art. 6(1)(f) GDPR) |
| Optional marketing communications | Consent (Art. 6(1)(a) GDPR) |
| Defending or pursuing legal claims | Legitimate interests / Legal obligation |
We share personal data with carefully vetted third-party service providers who assist in operating our business, including:
All service providers are subject to Data Processing Agreements ensuring they process data only on our instructions and in compliance with applicable data protection law.
We may share data with legal counsel, insurers, and financial advisors as necessary to protect our legitimate business interests, including pursuing or defending legal claims.
Where required by law or lawful request from a competent authority, we will disclose personal data to regulatory bodies, law enforcement, or courts.
In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data held by us may be transferred to the acquirer, subject to appropriate confidentiality protections.
Haelixa does not sell, rent, or trade personal data to third parties for their own marketing purposes under any circumstances.
Haelixa is headquartered in Switzerland. Some of our service providers operate from countries outside the European Economic Area (EEA) or Switzerland. When personal data is transferred to countries without an adequate level of data protection as determined by the European Commission or Swiss Federal Council, we ensure appropriate safeguards are in place, such as:
Switzerland has been recognized by the EU as providing an adequate level of data protection. For further information about international transfers, please contact privacy@haelisa.com.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention periods are:
| Data Category | Retention Period |
|---|---|
| Customer and prospect contact data | Duration of relationship + 3 years |
| Contract and transaction records | 10 years (Swiss statute of limitations) |
| Website analytics data | 26 months (anonymized after 12 months) |
| Authentication event logs (enterprise) | As agreed in enterprise DPA (typically 7 years) |
| Correspondence and support records | 5 years from last interaction |
Under the GDPR and Swiss FADP, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@haelisa.com. We will respond to all legitimate requests within 30 days. In complex cases we may extend this by a further 60 days, notifying you of the extension within the first 30 days.
Haelixa implements technical and organizational security measures appropriate to the risk of processing, including:
Despite these measures, no internet transmission or storage system is completely secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately at security@haelisa.com.
Our website uses cookies and similar local storage technologies to enhance your browsing experience and analyze website usage. We do not use advertising or cross-site tracking cookies. For detailed information, please see our Cookie Policy.
Our services are directed exclusively at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify existing clients of material changes by email and will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
Data Protection Officer
Haelixa AG
Technoparkstrasse 1, 8005 Zurich, Switzerland
Email: privacy@haelisa.com
Phone: +41 44 500 1234
You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or with the supervisory authority of your EU member state.