Privacy policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender-specific.

Status: September 3, 2024

Person responsible

Pascale Sennhauser
Winterthur, Schweiz

E-mail address: pascale.sennhauser@hotmail.ch

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data.
• Contact details.
• Content data.
• Usage data.
• Meta, communication and process data.

Categories of affected persons

• Communication partner.

Purposes of the processing

• Communication.
• Organizational and administrative procedures.
• Feedback.
• Provision of our online services and user-friendliness.

Relevant legal bases

Relevant legal basis according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection (“Swiss FADP” for short). Unlike the FADPO, for example, the Swiss FADP does not generally require that a legal basis for the processing of personal data be specified and that the processing of personal data be carried out in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 of the Swiss FADP). In addition, personal data will only be obtained by us for a specific purpose that is recognizable to the data subject and will only be processed in a manner that is compatible with this purpose (Art. 6 para. 3 of the Swiss FADP).

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or there is no further legal basis for the processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there is more than one indication of the retention period or deletion period for a date, the longest period is always decisive.

If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the deadline is the date on which the termination or other termination of the legal relationship takes effect.

We only process data that is no longer stored for the originally intended purpose, but due to legal requirements or other reasons, for the reasons that justify its storage.

Further information on processing operations, procedures and services:

• Storage and deletion of data: The following general time limits apply to the storage and archiving in accordance with the Swiss law:
  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
  • 10 years - Data necessary for the consideration of potential claims for damages or similar contractual claims and rights, as well as for the processing of related inquiries based on past business experience and standard industry practices, will be stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is relevant in certain cases (Art. 127, 130 OR). Claims for rent, lease and capital interest as well as other periodic services, from the supply of food, for catering and for debts to landlords, as well as from handicraft work, retail sale of goods, medical care, professional work of lawyers, legal agents, procurators and notaries and from the employment relationship of employees expire after five years (Art. 128 OR).

Rights of the data subjects

Rights of data subjects under the Swiss FADP:

As a data subject, you have the following rights in accordance with the provisions of the Federal Act on Data Protection:

• Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to exercise your rights under this law and to ensure transparent data processing..
• Recht auf Datenherausgabe oder -übertragung: You have the right to request that the personal data you have provided to us be made available to you in a commonly used electronic format.
• Right to rectification: You have the right to request the correction of incorrect personal data concerning you.
• Right to object, erasure and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed.

Contact and request management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the data of the inquiring persons will be processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
• Persons concerned: Communication partner.
• Purposes of the processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.
• Storage and deletion: Deletion according to the information in the section “General Information on data storage and erasure”.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) FADPO). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) FADPO).

Further information on processing operations, procedures and services:

• Contact form:: When contacting us via our contact form, by e-mail or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This generally includes details such as name, contact information and any other information that is provided to us and is required for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) FADPO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) FADPO).

Modification and updating

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Insofar as the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are primarily intended to aid understanding.

• Inventory data: Inventory data includes essential information that is necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, e-mail addresses), dates of birth and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between people and services, facilities or systems by enabling clear assignment and communication.
• Content data: Content data includes information that is generated in the course of creating, editing and publishing content of all kinds. This category of data can include texts, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information and publication dates.
• Contact details: Contact data is essential information that enables communication with people or organizations. It includes telephone numbers, postal addresses and email addresses, as well as communication tools such as social media handles and instant messaging identifiers.
• Meta, communication and process data: Meta data, communication data and procedural data are categories that contain information about the way in which data is processed, transmitted and managed. Meta data, also known as data about data, includes information that describes the context, origin and structure of other data. It can include information on file size, creation date, the author of a document and change histories. Communication data records the exchange of information between users via various channels, such as e-mail traffic, call logs, messages in social networks and chat histories, including the persons involved, time stamps and transmission paths. Procedural data describes the processes and procedures within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs used to track and review operations.
• Usage data: Usage data refers to information that records how users interact with digital products, services or platforms. This data includes a wide range of information that shows how users use applications, which functions they prefer, how long they stay on certain pages and which paths they use to navigate through an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information and location data. It is particularly valuable for analysing user behaviour, optimizing user experiences, personalizing content and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences and potential problem areas within digital offerings.
• Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Responsible person: The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, analysis, storage, transmission or deletion.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke Translated from German with deepl.com