We are pleased that you are interested in the services and offerings of HAARKLINIK (Zurich) or HAARKLINIK GmbH (Bern) (hereinafter referred to collectively or individually asHAARKLINIK).
This Privacy Policy explains how and why we process your personal data (including sensitive personal data) when you use our shared website (haar-klinik.ch; hereinafter: the “Website”) and our services (i.e., collect, store, use, and, where applicable, disclose such data). In addition, this policy provides you with an overview of your rights regarding the processing of your data, as well as your options for controlling its management.
As a general rule, we only process and use your personal information to provide and improve our products and services, to process any contractual relationship with you or to protect other legitimate interests in accordance with this Privacy Policy.
HAARKLINIK and HAARKLINIK GmbH are jointly responsible for data protection. If you have any questions about this privacy policy or other data protection-related inquiries, wish to request information, or would like to request the deletion or correction of your data, please contact us directly via email at the respective locations:
· Zurich: info@haar-klinik.ch | HAARKLINIK , Pfingstweidstrasse 60a, 8005 Zurich
· Bern: bern@haar-klinik.ch | HAARKLINIK GmbH, Sternengässchen 2, 3011 Bern
2.1. When visiting our website
You generally visit our website anonymously. However, as with most websites, visitor information that your browser automatically sends is collected via web server technology (so-called log data). This log data includes, among other things, your computer’s IP (Internet Protocol) address, information about your browser type and version, your Internet service provider, the subpages of our website you visit, the time and date of your visit, the time spent on these pages, and other statistical data.
This information is collected and processed primarily to enable the technical operation of our website (establishing a connection), to ensure the security and stability of our systems, to analyze interest in our services, and to optimize them (e.g., through marketing measures or personalized advertising based on your cookie consent).
2.2. When booking a free hair analysis
When you book a free hair analysis on our website, we use the booking pop-up provided by the service provider Calendly. To complete the booking and add you to our customer relationship management (CRM) system, we ask for the following basic information:
· First Name / Last Name
· Email address
· Phone number
· Age (optional)
· ZIP code (optional)
Using this data, the automation service Zapier will automatically create a customer profile for you in our central CRM system, HubSpot. This customer profile serves as the basis for future customer relationship management, appointment scheduling, and, in the event of an order, contract processing.
You can only book an appointment if you expressly accept the Privacy Policy and the Terms and Conditions (T&C).
Without this consent, the appointment cannot be scheduled.
2.3. When filling out the questionnaire via Typeform (processing of health data)
To ensure we can provide you with a range of cosmetic treatments tailored to your needs and the condition of your scalp and hair, as well as a no-obligation assessment, we will direct you to a digital questionnaire on our website after you book your appointment.
The information requested there (e.g., detailed information about the progression of your scalp and hair issues, such as hair loss, your general state of health, and any medications you may be taking) constitutes personal data requiring special protection (health data) as defined by the Swiss Data Protection Act (DSG).
Completing this questionnaire is voluntary. However, without this information, we cannot provide you with an optimal personalized analysis, prognosis, or advice tailored to your needs. The processing of this particularly sensitive personal data is based on your explicit consent, which must be provided before submitting the questionnaire. This sensitive health data will not be disclosed to unauthorized third parties.
2.4. When ordering products and billing via Bexio
If you are satisfied with your personalized treatment plan and would like to order the corresponding products, we will also collect your home and shipping addresses. This information is processed in our bexio accounting software for proper invoicing, bookkeeping, and contract processing.
If you choose an online payment option such as Google Pay, Apple Pay, or a credit card to purchase a product, the payment will be processed through the respective provider’s online payment system. In this case, your personal and payment data will be processed directly by the provider of the respective payment system. We do not have access to or store your payment data.
If you select the "invoice" or "installment" payment option, we will forward the data required for invoicing to the factoring company HeyLight, to which the purchase price claim is also assigned. In some cases, HAARKLINIK may process HAARKLINIK or installment payments directly; in such cases, the data will not be transferred to HeyLight . The information required for billing includes first name/last name, address, email address, phone number, and order details (products ordered, invoice amount, order date). Your sensitive health data (questionnaire data) will, of course, not be shared for this purpose.
We store information about your orders in the HubSpot CRM system and in our Bexio accounting software for any follow-up orders, as well as for our own marketing and analytical purposes.
2.5 Before-and-after photographs
As part of the consultation and treatment process, photographs of your hair and/or scalp may be taken or provided by you. These images are used solely for the purpose of documenting the course of treatment, evaluating treatment results, and providing personalized customer care. The photographs will be treated confidentially and will not be used for advertising purposes unless separate, explicit consent has been provided.
3. Direct marketing and online advertising
HAARKLINIK authorized to use your data for customer-related advertising and informational purposes. This applies in particular to HAARKLINIK own informational and marketing activities HAARKLINIK email, telephone, mail, text or image messages, or other digital communication channels. We may also use this data to provide you with personalized information and advertising through our website.
The email address you provide us serves as a digital address that allows us to send you marketing and other information from and about HAARKLINIK that may be of interest to you. You can unsubscribe from these or other communications from us at any time by following the opt-out instructions in the email we send you.
4. Newsletters and marketing emails
The email address you provide when booking an appointment or undergoing a hair analysis may be HAARKLINIK by HAARKLINIK to HAARKLINIK you information about similar products, services, care tips, and offers from HAARKLINIK .
You may object to receiving such communications at any time or unsubscribe via the unsubscribe link included in every email.
These marketing emails are sent via the professional email service provider Brevo (formerly Sendinblue; provider: Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France). The contact data required for this is automatically transmitted from our HubSpot CRM system to Brevo.
You can easily unsubscribe from the newsletter and stop receiving marketing emails at any time by clicking the "unsubscribe" link at the bottom of each email. Alternatively, you can also notify us of your request to unsubscribe by emailing info@haar-klinik.coh or bern@haar-klinik.ch.
5. Do we share information with third parties?
HAARKLINIK will HAARKLINIK sell, rent, or otherwise trade the personal data you provide.
HAARKLINIK (Zurich) and its affiliate HAARKLINIK GmbH (Bern) are jointly managed centrally in certain areas; therefore, certain information HAARKLINIK to HAARKLINIK may be shared between these two companies for internal administrative and customer service purposes.
HAARKLINIK share your data with third-party companies that assist us in operating our website, conducting our business, integrating automated systems, or processing contracts, for the purposes of evaluating, improving, and tailoring our offerings and services to your needs, as well as for customer care and the personalization and optimization of informational and promotional content. We work exclusively with trusted third-party companies that are committed to treating your data confidentially and complying with applicable data protection regulations.
In addition, we only share data with partner companies if and to the extent necessary for them to perform their tasks and for the fulfillment of the contract. We use the following service providers and data processors in the course of our business activities:
· HubSpot Inc. (U.S.): A central CRM and marketing tool for managing customer profiles and consolidating data.
· Typeform S.L. (Spain/EU): As a technical service provider for the collection of our digital hair analysis questionnaire.
· Dropbox Inc. (USA): We use Dropbox for the structured storage of client files, as well as for storing documents, before-and-after photographs, and other treatment-related records. This may also include sensitive personal data, particularly photographs and information regarding individual hair and scalp conditions. Access to this data is restricted to authorized employees and is used exclusively for the provision of our services and for customer support.
· Twilio Inc. (USA): A communications service provider for the automated sending of appointment confirmations, reminders, and other SMS notifications. For this purpose, we process, in particular, phone numbers, appointment information, and, where applicable, other data necessary for communication.
· Brevo / Sendinblue (France/EU): An email marketing and newsletter tool that syncs recipient data from HubSpot to send emails.
· bexio AG (Switzerland): Accounting and ERP software for invoicing and proper bookkeeping.
· Zapier Inc. (U.S.): A central automation service for securely transferring data between systems (e.g., Calendly, Typeform, HubSpot, and bexio).
· Calendly LLC (USA): As a technical service provider responsible for providing the online appointment booking pop-up.
· Google LLC (USA): We use Google Ads to display and optimize our advertisements. If you have consented to marketing cookies in the cookie banner, we may use Google Enhanced Conversions. In this process, contact information you provide (e.g., email address or phone number) is pseudonymized using a cryptographic method (hashing) before being transmitted to Google in order to measure and improve the effectiveness of our advertising campaigns.
In addition, we may use Google Ads Customer Match. This allows us to send contact information for prospective and existing customers (e.g., email addresses)—which was provided to us in connection with an inquiry, appointment booking, hair analysis, or business relationship—to Google in hashed form. Google compares this data with existing Google accounts to create ad audiences, expand existing audiences, or deliver more targeted ads. The data is HAARKLINIK exclusively for HAARKLINIK own marketing purposes and is not shared with other advertisers.
In addition, we use Google Workspace and Google Calendar for internal appointment scheduling and to send calendar invitations to customers. In doing so, we may process names, email addresses, phone numbers, and appointment details.
If you select the payment option "Purchase with installment plan" or "On account" when purchasing a product and/or treatment package, the personal data required for billing will be shared with the factoring company HeyLight (HeyLight AG, Rue du Nant 8, 1207 Geneva, Switzerland), to which the purchase price claim is assigned. The information required for billing includes first name/last name, address, email address, phone number, and order details (products ordered, invoice amount, order date). Your sensitive health data (information regarding hair loss) will, of course, not be shared for this purpose.
In addition to the cases described above, we may also share your information if you have given your express consent or if disclosure is necessary to comply with the law, to enforce our rights under the contractual relationship, or to protect safety.
Finally, in the event of a sale, merger, or other restructuring of HAARKLINIK , personal data may be transferred to the legal successor HAARKLINIK part of that process.
6. Do we share information with other countries?
HAARKLINIK headquartered in Switzerland. However, as part of our business operations, we also use specialized cloud and software service providers whose headquarters or servers are located abroad (particularly in the U.S. or the EU) (see Section 5).
Since the EU recognizes Switzerland as a third country with an adequate level of data protection (and vice versa), data transfers to service providers within the EU (such as Brevo in France or Typeform in Spain) are permitted without any additional legal hurdles.
If data is transferred to a country that does not have an adequate level of legal data protection (such as the United States), HAARKLINIK ensures HAARKLINIK protection of your personal data through the following measures:
· Standard Contractual Clauses (SCCs): By entering into Standard Contractual Clauses issued by the European Commission and recognized by the Federal Data Protection Commissioner (FDPIC) with the third-party service providers located abroad.
· Swiss-US Data Privacy Framework: In cases where the data recipient is based in the United States (such as HubSpot, Zapier, Calendly, and Google), we ensure that the service providers are certified under the Swiss-US Data Privacy Framework. This agreement guarantees an adequate level of data protection for Switzerland, as recognized by the FDPIC.
7. Cookies and Similar Technologies
Our website uses cookies and similar technologies. Cookies are small text files that your web browser automatically stores on your computer or mobile device when you visit our website. Cookies do not damage your device or transmit malware to us.
Cookies help in a variety of ways to make your visit to our website easier, more enjoyable, more effective, and more secure. We use functional cookies to ensure the functionality of our portal (e.g., to provide our online appointment booking pop-up from Calendly). We also use performance and analytics cookies (e.g., from HubSpot and Google) to track, on a statistical basis, how often certain pages or offers are visited, and to continuously optimize the user-friendliness of our website. By using marketing cookies (e.g., from Google Ads), we can also use the choices you make as preferences to offer you targeted, personalized advertising that is relevant to you.
Most common web browsers automatically accept cookies by default. You can configure your browser at any time to prevent cookies from being set automatically or to display a notification each time a new cookie is about to be stored. You can delete cookies that have already been set at any time through your browser.
In addition to your browser settings, we use a cookie banner (consent management tool) on our website. When you visit our website for the first time, you will be asked whether you expressly consent to the use of marketing and analytics cookies or whether you wish to decline them. If you decline cookies or do not make a selection, only strictly necessary (functional) cookies will be loaded. Please note that if you reject cookies, certain features of our website (such as the appointment booking pop-up) may be available only to a limited extent or not at all.
8. Tracking and Web Analytics Services
The use of our digital services is measured and analyzed using various technical systems provided by the web analytics service Google Analytics. Google Analytics is a service provided by Google Ireland Ltd. (based in Ireland), which relies on Google LLC (based in the United States).
Google Analytics helps us measure traffic on our website and track anonymous usage of our content so that we can continuously improve the user experience. The following information, among other things, may be collected:
· The type and version of the browser used, as well as the operating system
· The referrer URL (the website from which you arrived at our website)
· The subpages you visit and the clicks you make on our website
· The time, date, and duration spent on each page
· The approximate geographic location of the access (anonymized IP address)
By default, Google Analytics 4 collects IP addresses only in truncated and anonymized form, making it impossible to directly identify you. This data is not combined with other data held by Google.
This tracking is enabled strictly in accordance with Google Consent Mode v2. If you do not explicitly consent to tracking in our cookie banner, no data will be transmitted to Google Analytics. You can also opt out of data collection at any time by installing the browser add-on provided by Google to disable tracking: https://tools.google.com/dlpage/gaoptout
9. Links to other websites
Our website may contain links to third-party websites that are not HAARKLINIK or controlled by HAARKLINIK . HAARKLINIK no influence over, and assumes no responsibility or liability for, the content, privacy policies, or practices of third-party websites. We recommend that you carefully read the privacy policies of any external websites you visit.
10. How long do we retain your data?
We retain personal data only for as long as necessary for the respective processing purposes or as required by statutory retention obligations.
- Invoices, booking documents, and accounting-related records: up to 10 years
- Customer files and treatment records: for the duration of the customer relationship and beyond, to the extent necessary to safeguard legitimate interests or to defend against potential claims
- Marketing and communication data: until you revoke your consent or object to further use
- Data from prospective customers who did not enter into a contract: up to 10 years, to the extent necessary for statistical evaluations, marketing analyses, the documentation of inquiries, or other legitimate business interests.
Upon expiration of the respective retention periods, the data will be deleted or anonymized.
If you submit an explicit request for deletion before this period expires, we will delete your data early. However, early deletion applies only to data that is no longer strictly necessary for accounting purposes (invoices must be retained for 10 years by law) or to defend against liability claims.
11. Data Security
We implement appropriate technical and organizational security measures (TOM) to protect your personal data against tampering, loss, or unauthorized access by third parties. Our security measures are continuously updated and improved in line with technological advancements.
Please note that the transmission of information over the Internet is never completely secure. We disclaim liability for data loss or unauthorized access to the extent permitted by law; this does not affect our liability for damages resulting from gross negligence or willful misconduct.
12. What are your rights?
You have the right to exercise your data protection rights under the Swiss Data Protection Act (DSG) at any time. These include, in particular:
· Right of access: You have the right to request information about whether we process personal data about you and, if so, what data we process.
· Correction: You can have incorrect or incomplete data corrected.
· Deletion and Restriction: You may request the deletion of your data. Please note that we are not permitted to delete data prematurely if we require it to comply with legal obligations (e.g., the 10-year retention requirement for invoices) or to defend against liability claims (see Section 10). In such cases, the data will be restricted for other purposes.
· Data access and portability: You have the right to request that we provide you with the data you have submitted to us in a commonly used electronic format or to have it transferred to a third party.
· Objection: You may object to the processing of your data for marketing and promotional purposes at any time.
To exercise your rights, please send us proof of identity (e.g., a copy of your ID) by email to info@haar-klinik.ch or bern@haar-klinik.ch, or by mail to the address for your respective location (Zurich or Bern) listed in Section 1.
In addition, you have the right to file a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC) (Feldeggweg 1, CH-3003 Bern).
13. Governing Law and Jurisdiction
This Privacy Policy is governed exclusively by Swiss law. Mandatory data protection claims and the rights of data subjects are governed by the applicable legal provisions.
The exclusive venue for any disputes arising out of or in connection with this Privacy Policy is the registered office of HAARKLINIK (Zurich, Switzerland) or HAARKLINIK GmbH (Bern, Switzerland), depending on which company the treatment or contractual relationship is with. Mandatory statutory places of jurisdiction (e.g., at the consumer’s place of residence) remain reserved.
14. Changes to this Privacy Policy
As our website evolves, new tools are introduced, and legal requirements change, we may need to update this Privacy Policy from time to time. The most current version is always available on our website. In the event of significant changes, we will notify individuals registered in our customer database via email.
Date of this Privacy Policy: June 2026