Privacy policy

Privacy policy

With this privacy policy, we inform you about the processing of personal data in the context of the use of our website. The abbreviation DSGVO stands for EU General Data Protection Regulation and concerns persons in the EU who visit our site (hereinafter “persons from the EU”). The abbreviation DSG stands for Swiss Data Protection Act and concerns persons in Switzerland who visit our site (hereinafter “persons from Switzerland”).Name and address of the controller

Responsible in terms of data protection legislation and other provisions with data protection character is the:

Cannabis Research Association
P.O. Box
Langstrasse 20
8004 Zurich
Tel: +41 44 515 31 90


We will provide you with information about the purposes of data processing. If consent is required for the processing of personal data, we will inform you. In the case of personal data requiring special protection, such as personality profiles, we provide for explicit consent (double opt-in).

Your rights

Right to information

According to Art. 8 DSG / Art. 15 DSGVO, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have a right to information about this personal data and to further information mentioned in Art. 8 DSG / Art. 15 DSGVO.

Right to rectification

According to Art. 5 DSG / Art. 16 DSGVO, you have the right to demand that we correct incorrect personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

Right to deletion

EU persons have the right to request that we delete personal data concerning them without delay. We are obliged to delete personal data without delay, provided that the relevant requirements of Art. 17 DSGVO are met. For details, please refer to Art. 17 of the GDPR. Persons from Switzerland also have the possibility of requesting the deletion of data in the cases provided for by law, e.g. if data is no longer required / necessary or consent to processing has been revoked.

Right to restriction of processing

In accordance with Art. 18 DSGVO, persons from the EU have the right, under certain conditions, to demand that we restrict the processing of your personal data.

Right to data portability

According to Art. 20 DSGVO, EU persons have the right to receive the personal data concerning them that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and the processing is carried out with the aid of automated procedures.

Right of objection

According to Art. 21 GDPR, EU individuals have the right to object to the processing of personal data concerning them which is carried out on the basis of Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions. If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

Call your rights

If you wish to exercise any right to which you are entitled, please contact us as data controller at the contact details provided above or use one of the other ways we offer and send this notice. If you have any questions about this, please contact us.

Right of complaint Supervisory authority

EU individuals have the right to complain to the supervisory authority pursuant to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. Persons from Switzerland may avail themselves of the legal remedies provided for in Art. 15 / 25 / 27 / 29 FADP.

Server Log Files

When you access our website, the company commissioned by us to operate the website processes and stores, in addition to technical information about the terminal device you are using (operating system, screen resolution and other, non-personal characteristics) and the browser (version, language settings), in particular the public IP address of the computer with which you are visiting our website, together with the date and time of access. The IP address is a unique numeric address under which your terminal device sends data to or retrieves data from the Internet. As a rule, we or our service provider do not know who is behind an IP address, unless you provide us with data during the use of our website that enables us to identify you. Furthermore, a user may be identified if legal action is taken against the user (e.g. in the event of attacks against our website) and we become aware of the user’s identity in the course of the investigation. Therefore, as a rule, you do not have to worry that we can assign your IP address to you.

Our service provider uses the processed data in a non-personal manner for statistical purposes so that we can understand which end devices are used with which settings for visiting our website in order to optimize it for them if necessary. These statistics do not contain any personal data. The basis for the compilation of the statistics is our interest in the improvement and economic operation of our business (legal basis DSGVO: Art. 6 para. 1 lit. f).

The IP address is further used so that you can technically access and use our website and to detect and defend against attacks against our service provider or our website. Unfortunately, there are always attacks to cause harm to the operators of websites or their users (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other unlawful purposes). Such attacks would impair the intended functionality of the data center of the company commissioned by us, the use of our website or its functionality, as well as the security of visitors to our website. The processing of the IP address including the time of access takes place to defend against such attacks. Through our service provider, we pursue the legitimate interest with this processing to ensure the functionality of our website and to ward off illegal attacks against us as well as the visitors of our website. Basis for processing at the improvement and economic operation of our business (legal basis DSGVO: Art. 6 para. 1 lit. f).

The stored IP data is deleted (by anonymization) when it is no longer needed for the detection or defense of an attack.


We use cookies and similar technologies (local storage) for the operation of our website to ensure the technical functionality of our website, to understand how visitors use our website and to store preferences that a user has made in his browser.

A cookie is a small text file that is stored on your terminal device when you call up our website through your browser. If you visit our website again later, we can read these cookies again. Cookies are stored for different lengths of time. You always have the option in your browser to set which cookies it should accept, but this may result in our website no longer functioning properly. Furthermore, you can delete cookies independently at any time. If you do not do this, we can specify when saving how long a cookie should be stored on your computer. A distinction must be made here between so-called session cookies and persistent cookies. Session cookies are deleted from your browser when you leave our website or you exit the browser. Persistent cookies are stored for the duration that we specify when we save them.

We use cookies for the following purposes:

– Technically necessary cookies that are mandatory for the use of the functions of our website (e.g. recognition of whether you have logged in). Without these cookies, certain functions could not be provided.

– Functional cookies, which are used to technically perform certain functions that you want to use.

– Analytics cookies, which are used to analyze your user behavior.

– Third-party cookies. Third-party cookies are stored by third parties whose features we include on our website to enable certain functions. They can also be used to analyze user behavior.

Most browsers that our users use allow you to set which cookies should be stored and allow you to delete (certain) cookies. If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, this may mean that our website can no longer be used to its full extent. Here you can find information on how to adjust cookie settings for the most common browsers:

– Google Chrome(

– Internet Explorer(

– Firefox(

– Safari(

Analysis tool “Google Analytics

We may use Google Analytics, a service of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, as part of an order processing via Google Tag Manager. Google uses a so-called “cookie” as a processor for this purpose. This is a small text file that is stored on your computer by your browser. By means of this cookie, Google receives information about which website you have accessed and, in addition, in particular the following information: browser type/version, operating system used, technical information about the operating system and the browser, and the public IP address of the computer you are using. We use Google Analytics in such a way that your IP address is only used in anonymized form. This anonymization takes place in the European Union or a Member State of the EEA, as notified by Google. Only in exceptional cases should the full IP address be transmitted to a Google server in the USA and only shortened there. According to Google, anonymization takes place before the IP address is stored on a permanent data carrier for the first time. For details, please refer to Google’s privacy policy, available at

Google Analytics allows us to compile usage statistics for our website in non-personal form, as well as demographic data about visitors and their user behavior. Furthermore, statistics are compiled to help us better understand how our website is found in order to improve our search engine optimization and advertising efforts. With this processing, we pursue the legitimate interest of being able to improve our website and our advertising measures (legal basis DSGVO: Art. 6 para. 1 lit. f.

You can find information on how to object to the use of Google Analytics at

As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data within this website in the future (the opt-out only works in this browser and only for this domain). In the process, an opt-out cookie is placed on your device. If you delete your cookies in this browser, you must click this link again.

Click here to opt out of Google Analytics

Google is a member of the PrivacyShield agreement and has concluded an order processing agreement with us for Google Analytics. The pseudonymous data is deleted after 14 months.

Application possibilities (by e-mail)

We are pleased that you are interested in us and that you are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

The basis for the processing of your personal data is our interest (legal basis DSGVO: Art. 6 para. 1 lit. f) in the implementation of the application process and, if necessary, in the assertion or defense of claims.

Data of applicants will be deleted within 6 months in case of rejection.

If you are awarded a position during the application process, the data from the applicant data system will be transferred to our HR information system.

In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process.

Disclosure of data to third parties

As a matter of principle, we do not pass on the personal data provided to us to third parties, i.e. in particular. not to third parties for advertising purposes.

However, for the operation of these Internet pages or for the provision of products / services, we work together with third parties. In the process, it may happen that such third parties obtain knowledge of personal data. We select our service providers carefully – especially with regard to data protection and data security – and take all measures required by data protection law for permissible data processing.Data transfer upon conclusion of contract for services and digital content

When you purchase a service / digital content, we process the data you provide for the conclusion of the contract and its execution. To the extent necessary, data will be transferred to service providers for the shipping and billing of your purchase. The basis of the processing is the fulfillment of the contract (legal basis DSGVO: Art. 6 para. 1 lit. b)

We also process this data to detect and prevent fraud attempts (legal basis DSGVO: Art. 6 para. 1 lit. f). Our aim is to protect ourselves from fraudulent transactions.

Data stored in connection with the conclusion of a contract for the purchase of a service / digital content will be deleted after expiry of the statutory retention period. Insofar as legal recording and storage obligations (e.g. storage of invoices according to tax law) exist due to the processing of a purchase contract, these are applied (legal basis according to DSGVO: Art. 6 para. 1 lit. c.).

We delete or anonymize the data when it is no longer required for the performance of the respective contract and there are no longer any legal retention obligations.

linkedin plugin

Social plugins (“plugins”) from linkedin are used on our site. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. This plugin is used based on our legitimate interest in analyzing, improving and economically operating our business.

The linkedin plugin is easily recognizable by the typical identifiers like the logo (l).

When you click on a linkedin button, a direct connection to linkedin servers is established and at least the following information is transmitted: Information that you are on our website; association of your activity with your linkedin account.

We do not know with certainty how long linkedin stores data and to what extent it is processed or passed on. The purpose and scope of the data collection and the further processing and use of the data by linkedin can be found in linkedin’s privacy policy:

LinkedIn is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(

Google Maps

We use a map from Google Maps, a service of Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, on the “Contact Us” page for the visual representation of where our company is located. When you visit this website, your IP address is transmitted to Google. The IP address is a unique numeric address under which this computer sends or retrieves data to the Internet. Google’s general privacy policy applies here, which can be accessed at Our legitimate interest in using Google Maps is to help visitors to our website find our company so that we are easier to reach. The legal basis of the processing is Art. 6 para. 1 f. GDPR.

You can refuse your consent to data processing by opting out. More at

Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law:

Adaptation data protection notice

We always keep this data protection notice up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data. The current version of the data protection declaration can always be accessed at the following address.

Cannabis Research Association
Langstrasse 20
8004 Zurich