Swiss Biohealth AG

Cookie Consent Policy

Biological Medical & Dental Clinic — Kreuzlingen, Switzerland

1. Introduction & Scope

This Cookie Consent Policy (the "Cookie Policy") explains how Swiss Biohealth AG ("we", "our", "us"), a biological medical and dental clinic established at Brückenstrasse 15, CH-8280 Kreuzlingen, Switzerland, uses cookies and comparable client-side technologies on our website and digital services (the "Site").

This Cookie Policy supplements and should be read together with our Privacy Policy, which sets out the controller’s identity, the legal bases for processing, retention periods, third-country transfer mechanisms, and your rights as a data subject. In the event of any inconsistency, the Privacy Policy takes precedence on matters of general data processing, while this Cookie Policy is the authoritative source for cookie-specific information.

It applies to all visitors to the Site, regardless of jurisdiction, and is designed to comply with:

       the Swiss Federal Act on Data Protection (revFADP), in force since 1 September 2023, together with Art. 45c of the Swiss Telecommunications Act (FMG / LTC);

       the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR");

       the United Kingdom General Data Protection Regulation as implemented by the Data Protection Act 2018 ("UK GDPR");

       the EU ePrivacy Directive (2002/58/EC, as amended); and

       relevant guidance of the Swiss Federal Data Protection and Information Commissioner (FDPIC), the European Data Protection Board (EDPB), and the United Kingdom Information Commissioner’s Office (ICO).

Where these frameworks differ, we apply the standard most protective of the visitor.

2. What Cookies Are

Cookies are small text files that a website places on your device (computer, tablet, smartphone) when you visit. They allow the Site to recognise your device, remember your preferences, support secure session management, and — where you have consented — measure how visitors use the Site or deliver tailored content.

In this Cookie Policy, the term "cookies" also covers comparable client-side technologies that store or access information on your device, such as pixels and tracking beacons, local storage and session storage, embedded software development kits (SDKs), and device or browser fingerprinting techniques where used. All such technologies are treated equivalently and require the same level of consent as cookies under the ePrivacy Directive and the Swiss telecommunications regime.

Cookies may be:

       first-party (set by the swiss-biohealth.swiss domain) or third-party (set by an external provider whose service is loaded on the Site);

       session (deleted when you close your browser) or persistent (stored for a defined period); and

       strictly necessary (no consent required) or non-essential (consent required before being set).

3. Types of Cookies We Use

We use five categories of cookies, mirroring the toggles displayed by our cookie consent tool. The banner described in Section 7 lets you accept or reject each non-essential category individually.

3.1 Strictly Necessary / Essential Cookies

       Purpose. To enable core Site functionality — secure session handling, cross-site-request-forgery protection, form submission, and the operation of our cookie consent tool.

       Examples on this Site. The Umbraco platform session cookie, the ASP.NET antiforgery token, the temporary-data cookie that supports multi-step forms, and the four consent-record cookies that remember your banner choices.

       Consent required? No. These cookies are placed on the basis of legitimate interest (Art. 6 §1 (f) EU/UK GDPR; Art. 31 §1 revFADP) and are exempt from prior consent under the strictly-necessary exemption in Art. 5(3) of the ePrivacy Directive.

       Retention. Predominantly session cookies. The four consent-record cookies are persistent for approximately 12 months.

       Third-party involvement. Limited to our consent management platform provider, Enzuzo Inc., and the sub-processors that support its CMP service (see Section 5).

3.2 Functional Cookies

       Purpose. To enable optional features the visitor has actively requested (e.g., embedded video playback, third-party support widgets) that are not strictly required for the Site to function.

       Examples on this Site. At the date of this Cookie Policy, no functional cookies are deployed. The category remains in this policy because the Enzuzo banner offers it as a separate toggle, and any functional cookie added in future would be classified here.

       Consent required? Yes. Set only after you grant consent in our cookie banner (Art. 6 §1 (a) GDPR / UK GDPR; Art. 31 §1 revFADP; Art. 5(3) ePrivacy Directive).

       Retention. A mix of session and persistent cookies. Persistent functional cookies typically expire within 12 months unless renewed by further interaction.

       Third-party involvement. None currently. If introduced, the third party will be listed in Section 5 and bound by data-processing terms aligned with the Privacy Policy.

3.3 Preferences Cookies

       Purpose. To remember choices that personalise the visitor’s experience but are not strictly required for any specific feature — for example, region, accessibility settings, or recently viewed treatment pages.

       Examples on this Site. At the date of this Cookie Policy, no preferences cookies are deployed. Locale switching between EN-US and DE-CH is handled via URL path (/de-de) rather than a cookie.

       Consent required? Yes. Set only after you grant consent in our cookie banner.

       Retention. A mix of session and persistent cookies; persistent preference cookies typically expire within 12 months.

       Third-party involvement. None currently.

3.4 Analytics / Performance Cookies

       Purpose. To help us understand — on an aggregated and, where possible, pseudonymised basis — how visitors find and use the Site, so that we can improve content quality, navigation, and accessibility.

       Examples on this Site. At the date of this Cookie Policy, no first-party or controller-deployed analytics cookies are set on the swiss-biohealth.swiss domain. (Enzuzo, our CMP processor, deploys product-improvement telemetry on its own .enzuzo.com domain as part of delivering the CMP service — see Section 3.1 and Section 5.)

       Consent required? Yes. Set only after you grant consent in our cookie banner.

       Retention. Predominantly persistent. Durations vary by provider but are configured to the shortest period reasonably required for the analytical purpose.

       Third-party involvement. None currently engaged for analytics on the swiss-biohealth.swiss domain.

3.5 Marketing / Targeting Cookies

       Purpose. To measure the effectiveness of marketing campaigns and — where applicable — to display relevant content on third-party platforms.

       Examples on this Site. At the date of this Cookie Policy, no marketing cookies are deployed.

       Consent required? Yes. Set only after you grant consent in our cookie banner. Consistent with the Privacy Policy, any profiling for marketing is performed only with prior consent.

       Retention. Persistent. Durations vary by provider.

       Third-party involvement. None currently.

Note on health data. Consistent with Sections 5 and 6 of the Privacy Policy, no medical, dental, or diagnostic data submitted via the Site is processed through cookies of any category. Where forms collect health information (e.g., medical history, diagnostic images), they operate on the explicit-consent regime described in Section 6 of the Privacy Policy and are not subject to this Cookie Policy.

4. Legal Basis for Using Cookies

The legal bases on which we set cookies are summarised below:

Cookie category

Swiss revFADP

EU GDPR / UK GDPR

ePrivacy Directive

Strictly Necessary

Legitimate interest (Art. 31 §1 revFADP)

Art. 6 §1 (f)

Exempt under Art. 5(3), 2nd sentence (strictly necessary exemption)

Functional

Consent (Art. 31 §1 revFADP)

Art. 6 §1 (a)

Art. 5(3) — prior consent

Preferences

Consent (Art. 31 §1 revFADP)

Art. 6 §1 (a)

Art. 5(3) — prior consent

Analytics

Consent (Art. 31 §1 revFADP)

Art. 6 §1 (a)

Art. 5(3) — prior consent

Marketing

Consent (Art. 31 §1 revFADP)

Art. 6 §1 (a)

Art. 5(3) — prior consent

 

We do not rely on legitimate interest for any non-essential cookie. This conservative approach satisfies the strictest of the three regimes (UK GDPR, EU GDPR, revFADP) and reflects the latest guidance of the ICO and the EDPB.

5. Third-Party Cookies & Processors

Third-party cookies are placed by providers other than Swiss Biohealth AG. Where we use such providers, we have entered into a data-processing agreement that obliges them to process data only on documented instructions and with appropriate technical and organisational measures, consistent with Sections 7 and 14 of the Privacy Policy.

Cross-border transfers

Cross-border transfers of cookie-related data follow the regime set out in Section 8 of the Privacy Policy:

       Switzerland → EEA. Covered by mutual adequacy.

       Switzerland or EEA → Canada. Covered by FDPIC and European Commission adequacy decisions for the Canadian commercial sector. Enzuzo Inc., our CMP provider, is a Canadian company.

       Switzerland or EEA → United States. Carried out under Standard Contractual Clauses (SCCs) plus a transfer impact assessment and supplementary safeguards. Enzuzo’s sub-processors (Intercom and PostHog) and elements of Enzuzo’s own infrastructure are hosted in the United States.

       Personal data of UK data subjects. Covered by the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, applied equivalently.

Cookie inventory

The complete inventory of cookies in use on this Site is set out in the table below. Our cookie banner displays the same information dynamically and reflects any updates between policy revisions. The definitive, real-time list is generated by Enzuzo and is accessible from the cookie banner via the "Cookie Settings" link in the Site footer.

Cookie / technology

Provider

Category

Purpose

Party

Duration

Country of processing

Transfer mechanism

.AspNetCore.

Antiforgery.{token}

Swiss Biohealth AG (Umbraco / ASP.NET)

Strictly Necessary

Cross-site request forgery (CSRF) protection on form submissions.

First party

Session

Switzerland

N/A (intra-jurisdictional)

.AspNetCore.

Mvc.Cookie

TempDataProvider

Swiss Biohealth AG (Umbraco / ASP.NET)

Strictly Necessary

Transfers transient data between requests during multi-step interactions.

First party

Session

Switzerland

N/A (intra-jurisdictional)

UMB_SESSION

Swiss Biohealth AG (Umbraco)

Strictly Necessary

Maintains the visitor’s server session for the Umbraco content management system.

First party

Session

Switzerland

N/A (intra-jurisdictional)

cookies-functional

Enzuzo Inc. (CMP)

Strictly Necessary

Records the visitor’s consent decision for the Functional category. Required to suppress the banner on subsequent pages and to demonstrate compliance with Art. 7 §1 GDPR / Art. 31 §1 revFADP.

First party

~12 months

Switzerland (cookie storage); Canada / USA (consent record)

Adequacy (CH → Canada); SCCs + safeguards (CH → USA)

cookies-preferences

Enzuzo Inc. (CMP)

Strictly Necessary

Records the visitor’s consent decision for the Preferences category.

First party

~12 months

Switzerland (cookie storage); Canada / USA (consent record)

Adequacy (CH → Canada); SCCs + safeguards (CH → USA)

cookies-analytics

Enzuzo Inc. (CMP)

Strictly Necessary

Records the visitor’s consent decision for the Analytics category.

First party

~12 months

Switzerland (cookie storage); Canada / USA (consent record)

Adequacy (CH → Canada); SCCs + safeguards (CH → USA)

cookies-marketing

Enzuzo Inc. (CMP)

Strictly Necessary

Records the visitor’s consent decision for the Marketing category.

First party

~12 months

Switzerland (cookie storage); Canada / USA (consent record)

Adequacy (CH → Canada); SCCs + safeguards (CH → USA)

intercom-device-id-

{workspace}

Intercom R&D Unlimited Co. (sub-processor of Enzuzo)

Strictly Necessary (CMP infrastructure)

Anonymous device identifier used by Intercom, embedded by Enzuzo to support its own customer-relations function inside the CMP service.

Third party (set on .enzuzo.com)

~9 months

USA / EEA

SCCs + safeguards

intercom-id-

{workspace}

Intercom R&D Unlimited Co. (sub-processor of Enzuzo)

Strictly Necessary (CMP infrastructure)

Anonymous user identifier used by Intercom, embedded by Enzuzo for its CMP-internal support function.

Third party (set on .enzuzo.com)

~9 months

USA / EEA

SCCs + safeguards

intercom-session-

{workspace}

Intercom R&D Unlimited Co. (sub-processor of Enzuzo)

Strictly Necessary (CMP infrastructure)

Short-lived session identifier used by Intercom inside the CMP service.

Third party (set on .enzuzo.com)

~7 days

USA / EEA

SCCs + safeguards

ph_phc_{key}

PostHog Inc. (sub-processor of Enzuzo)

Strictly Necessary (CMP infrastructure)

Pseudonymised distinct-visitor identifier used by PostHog, embedded by Enzuzo for product-improvement telemetry of its CMP service.

Third party (set on .enzuzo.com)

~12 months

USA

SCCs + safeguards

 

Notes on Enzuzo and its sub-processors

Enzuzo Inc. is our Consent Management Platform provider. Enzuzo is a Canadian company; its platform is hosted on North American cloud infrastructure. Data is processed in Canada and the United States. Sub-processors include US-based cloud providers. There is no Switzerland-based or EEA-based hosting tier by default.

Intercom and PostHog are sub-processors that Enzuzo embeds in its CMP service to support customer-relations (Intercom) and platform-improvement telemetry (PostHog). The cookies they set are placed on the .enzuzo.com domain when the Enzuzo banner loads in your browser. Because they form part of the consent-management infrastructure delivered by our processor, we classify them as Strictly Necessary (CMP infrastructure) for the purposes of the consent regime; you are informed of them here in the interests of full transparency.

6. Cookie Duration (Session vs Persistent)

Session cookies are temporary. They are stored only while the browser is open and are deleted automatically when the session ends. We use session cookies primarily for strictly necessary functions: server session continuity, antiforgery protection, and the temporary-data carrier used during multi-step forms.

Persistent cookies remain on your device for a defined period or until you delete them manually. We configure persistent cookies to the shortest duration consistent with their purpose. As deployed at the date of this Cookie Policy:

       the four Enzuzo consent-record cookies (cookies-functional, cookies-preferences, cookies-analytics, cookies-marketing) — approximately 12 months;

       Intercom identifiers on .enzuzo.com (CMP infrastructure) — approximately 9 months for the device and user identifiers; approximately 7 days for the session identifier;

       PostHog identifier on .enzuzo.com (CMP infrastructure) — approximately 12 months;

       functional, preferences, analytics, and marketing categories — no persistent cookies currently deployed.

Persistent cookies that store evidence of marketing consent are retained in line with the "until withdrawal + 3 years evidence period" rule in Section 11 of the Privacy Policy, in order to demonstrate compliance with the consent requirement under Art. 7 §1 GDPR / Art. 31 §1 revFADP.

7. Managing and Withdrawing Consent

Consent is requested through Enzuzo, our Consent Management Platform. On your first visit to the Site, the cookie banner:

       explains, in plain language, the categories of non-essential cookies in use;

       gives equal prominence to "Accept all", "Reject all", and granular per-category controls;

       treats inaction (e.g., scrolling, closing the banner) as a refusal of all non-essential cookies, in line with EDPB Guidelines 03/2022 on consent; and

       records the time, scope, and version of any consent you give, so that we can demonstrate compliance.

You can change or withdraw your consent at any time, and as easily as you gave it, by:

1.     clicking the "Cookie Settings" link in the Site footer to reopen the banner and adjust your choices; or

2.     clearing the consent cookies for the Site through your browser settings, which will cause the banner to reappear on your next visit.

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, in line with Art. 7 §3 GDPR / Art. 31 §1 revFADP.

8. Browser Controls

Independently of the cookie banner, most browsers allow you to view the cookies stored on your device, block cookies globally or per site, delete cookies on closing the browser, and enable a private/incognito mode that limits cookie persistence.

Manufacturer guidance is published by each browser vendor (e.g., Mozilla Firefox, Google Chrome, Apple Safari, Microsoft Edge). Please note that disabling strictly necessary cookies through the browser may impair core Site functionality, including form submission and the appointment-preparation tools described in Section 5 of the Privacy Policy.

We honour the Global Privacy Control (GPC) signal where transmitted by your browser and treat it as an objection to the setting of non-essential cookies for the corresponding browser/device.

9. Changes to This Cookie Policy

We may update this Cookie Policy to reflect changes in the cookies in use, the legal framework, or our internal practices. The current version is always available on our website, and the date of the last update is shown in Section 11 below. Material changes (for example, the introduction of a new category of cookies or a new third-party processor) will trigger a renewed banner prompt so that you can review and, where necessary, refresh your consent.

Earlier versions of this Cookie Policy are archived in line with our general retention regime and are available on request via the contact details in Section 10.

10. Contact Information

For questions about this Cookie Policy, your cookie consent, or the exercise of your rights:

       General contact: reception@swiss-biohealth.swiss

       Data Protection Officer (Switzerland / EU): Annalena Arndt (DDSK GmbH) — dpo@swiss-biohealth.swiss

       EU Representative (Art. 27 GDPR): DDSK GmbH, Dr-Klein-Str. 29, 88069 Tettnang, Germany — dpo@swiss-biohealth.swiss

       Postal address: Swiss Biohealth AG, Brückenstrasse 15, CH-8280 Kreuzlingen, Switzerland

       Telephone: +41 (0)71 678 2000

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern; the competent EU supervisory authority in your Member State of habitual residence; or, where applicable, the United Kingdom Information Commissioner’s Office (ICO).

11. Last Updated Date

This Cookie Policy was last updated on 30 April 2026.