We are subject to Swiss data protection law and, where applicable, foreign data protection law, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The European Commission acknowledges that Swiss data protection law provides adequate data protection.
1. Contact Addresses
Responsibility for the processing of personal data:
We will inform you if there are other controllers responsible for the processing of personal data in individual cases.
2. Definitions and Legal Bases
Personal data means any information relating to an identified or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data.
The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
If and to the extent the General Data Protection Regulation (GDPR) is applicable, we process personal data based on at least one of the following legal bases:
- Article 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Article 6(1)(f) GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, unless the fundamental rights and freedoms of the data subject prevail. Legitimate interests include, in particular, our interest in exercising our activities and operations permanently, user-friendly, safely, and reliably and being able to communicate about them, ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.
- Article 6(1)(c) GDPR for the necessary processing of personal data for compliance with a legal obligation to which we are subject under any applicable law of member states of the European Economic Area (EEA).
- Article 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Article 6(1)(a) GDPR for the processing of personal data with the data subject’s consent.
- Article 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.
3. Nature, Scope, and Purpose
We process personal data that is necessary to carry out our activities and tasks permanently, in a user-friendly, secure, and reliable manner. Such personal data may include categories of inventory and contact data, browser and device data, content data, meta and peripheral data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.
We may have personal data processed by third parties. We may process or transmit personal data jointly with third parties. Such third parties may include specialized providers whose services we use. We also ensure data protection with such third parties.
We process personal data only with the consent of the data subjects unless the processing is permissible for other legal reasons. Processing without consent may, for example, be permissible for the performance of a contract with the data subject and for corresponding pre-contractual measures, to safeguard our predominant legitimate interests when processing is apparent from the circumstances or after prior notification.
In this context, we particularly process information voluntarily provided by data subjects when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book, a Customer-Relationship-Management (CRM) system, or similar tools. When we receive data about other persons, the transmitting parties are obliged to ensure data protection for these individuals and to ensure the accuracy of this personal data.
Furthermore, we also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and tasks, provided that such processing is permissible for legal reasons.
4. Personal Data Abroad
We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, especially for the purpose of processing them there.
We may export personal data to all countries and territories, provided that the local laws in accordance with the decision of the Swiss Federal Council ensure adequate data protection and, if applicable, the decision of the European Commission ensures adequate data protection in accordance with the General Data Protection Regulation (GDPR).
We may transfer personal data to countries where the local laws do not ensure adequate data protection, provided that data protection is ensured for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, for example, the explicit consent of the individuals concerned or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide affected individuals with information about any guarantees or supply a copy of such guarantees.
5. Rights of Affected Individuals
5.1 Data Protection Rights
We grant affected individuals all rights in accordance with the applicable data protection law. Affected individuals have the following rights, in particular:
- Access: Affected individuals have the right to request information about whether we process personal data about them and, if so, what personal data it concerns. They will also receive the necessary information to assert their data protection rights and ensure transparency. This includes information about the processed personal data itself, but also details such as the purpose of processing, the duration of retention, any disclosure or transfer of data to other countries, and the source of the personal data.
- Rectification and Restriction: Affected individuals can have incorrect personal data corrected and request restrictions on the processing of their data.
- Erasure and Objection: Affected individuals can request the deletion of personal data (“Right to be Forgotten”) and object to the processing of their data.
- Data Disclosure and Data Portability: Affected individuals can request the disclosure of their personal data or the transfer of their data to another data controller.
We may, within the legally permissible framework, postpone, restrict, or deny the exercise of the rights of affected individuals. We may inform affected individuals about any requirements that need to be fulfilled for the exercise of their data protection rights. For example, we may partially or entirely deny access to information citing business secrets or the protection of other individuals. Similarly, we may partially or entirely refuse the erasure of personal data based on legal retention obligations.
We may exceptionally impose costs for the exercise of these rights. We will inform affected individuals in advance about any possible costs.
We are obligated to identify affected individuals who request information or assert other rights through appropriate measures. Affected individuals are required to cooperate.
5.2 Right to Lodge a Complaint
Affected individuals have the right to enforce their data protection rights through legal proceedings or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private entities and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Affected individuals also have the right, if and to the extent that the General Data Protection Regulation (GDPR) applies, to lodge a complaint with a competent European data protection supervisory authority.
6. Data Security
We implement appropriate technical and organizational measures to ensure data security that is appropriate for the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication, like any digital communication in general, is subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct control over the processing of personal data by intelligence services, law enforcement agencies, and other security authorities.
7. Website Usage
Cookies can be temporarily stored in the browser as “session cookies” or for a specific period as so-called “persistent cookies.” “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies, in particular, allow the browser to be recognized on the next visit to our website, thereby enabling us to measure the reach of our website, for example. However, persistent cookies can also be used for online marketing purposes.
For cookies used for success and reach measurement or advertising, a general objection (“opt-out”) is possible for numerous services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
7.2 Server Log Files
For each access to our website, we may collect the following information, provided they are transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed, including transmitted data volume, and the last webpage accessed in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to permanently, user-friendly, and reliably provide our website and to ensure data security, particularly the protection of personal data – even by third parties or with the help of third parties.
7.3 Counting Pixels
We may use counting pixels (also known as web beacons) on our website. Counting pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Counting pixels can capture the same information as in server log files.
8. Notifications and Communications
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
8.1 Success and Reach Measurement
Notifications and communications may contain web links or counting pixels that record whether an individual notification was opened and which web links were clicked. Such web links and counting pixels may also capture the usage of notifications and communications on a personal level. We require this statistical measurement of usage for success and reach measurement to effectively and user-friendly send notifications and communications based on the needs and reading habits of recipients in a permanent, secure, and reliable manner.
8.2 Consent and Objection
You must explicitly consent, in general, to the use of your email address and other contact information, unless the use is permissible for other legal reasons. For obtaining consent, we use the “Double Opt-in” process whenever possible. This means you will receive an email with a web link that you must click to confirm your consent, thereby preventing misuse by unauthorized third parties. We may log such consents, including the Internet Protocol (IP) address, date, and time, for evidential and security reasons.
You can, in general, object to receiving notifications and communications, such as newsletters, at any time. By exercising this right of objection, you can simultaneously object to the statistical measurement of usage for success and reach measurement. Necessary notifications and communications related to our activities and operations remain reserved.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
10. Third-Party Services
We use services from specialized third parties to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. With such services, we can embed features and content into our website. During such embedding, the used services capture the Internet Protocol (IP) addresses of users for technical reasons, at least temporarily.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data to provide the respective service.
We particularly use:
10.1 Digital Infrastructure
We use services from specialized third parties to utilize the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We particularly use:
10.2 Map Material
We use services from third parties to embed maps into our website.
We particularly use:
- Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google Uses Location Information”.
We use services from third parties to embed selected fonts as well as icons, logos, and symbols into our website.
We particularly use:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: “Privacy and Google Fonts”, “Privacy and Data Collection”.
11. Success and Reach Measurement
We use services and programs to determine how our online offerings are used. Within this framework, we can, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. Additionally, we may experiment and compare how different versions of our online offerings or parts of our online offerings are used (A/B testing method). Based on the results of success and reach measurement, we can, in particular, rectify errors, reinforce popular content, or make improvements to our online offerings.
When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (“IP masking”) to follow the principle of data minimization through pseudonymization and thereby improve the data protection of users.
When using services and programs for success and reach measurement, cookies may be used, and user profiles can be created. User profiles may include, for example, visited pages or viewed content on our website, information about screen size or browser window, and at least approximate location. User profiles are generally created solely in pseudonymized form. We do not use user profiles for identifying individual users. Certain third-party services, where users are logged in, may potentially link the use of our online offering to the user account or profile with the respective service.
We particularly use:
- AWStats: Success and reach measurement; Developer: AWStats (free open-source software); Data protection information: Analysis of server log files on our own server infrastructure, “What is AWStats / Features Overview”.
12. Concluding Provisions
(This text has been automatically translated into English. The source in the original language can be found here: https://www.augenblick.ch/datenschutz)