1. Purpose of this data protection policy
Every person has a legally protected right to the protection of his privacy and protection against the misuse of his personal data. Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data are processed. Processing covers any handling of personal data, irrespective of the means and procedures used, in particular the collection, deletion, destruction, disclosure, modification, retention, storage and use of personal data.
This data protection policy is intended to inform the website user, referred to below as “user”, about the processing of his personal data on this website, particularly about the purposes, legal bases and scope of data processing, the recipients, retention periods and the website user’s rights. By using this website, the user confirms that he gives consent for the collection, processing and use of data as described below.
2. Data controller / contact details
The legally responsible data controller in the sense of data protection legislation, who is responsible for processing personal data on this website, is the company whose contact details are provided at https://www.pandinavia.ch/de/impressum/ on the website.
In case of any concerns relating to data protection, the user can contact the data controller in writing using the following e-mail address:
3. Purpose of processing
This website is intended to make information about the data controller’s activity available to the user and, if the website has a portal function, to allow it to exchange information and complete transactions with the data controller via the internet. Unless expressly stated to the contrary, the website is not intended to collect the user’s personal data (below: “user data”) in a targeted way and use it for other person-specific purposes or pass it on to third parties.
Consequently the purpose of processing of user data via the website is to allow the user to access the corresponding information and services with minimum technical difficulty and to provide a pleasant user experience.
4. Legal bases
The processing of user data in connection with this website is subject to the Swiss Data Protection Act (FADP).
In the case of third-party services that process user data outside Switzerland, data protection legislation of other countries may be applicable in some circumstances, including but not limited to the EU GDPR within the territory of the EU/EEA. A statement to this effect is made in the descriptions of third-party services included in this data protection policy.
5. Principles of data processing
User data are processed by the data controller in accordance with legal principles including the following:
- Processing is carried out in good faith and must be proportionate;
- Data are only processed for purposes that are identifiable to the user and only insofar as is compatible with these purposes;
- Data are destroyed or anonymised as soon as they are no longer necessary for the purpose of processing, unless there are legally prescribed grounds for an exception to this;
- Data that are recognisably incomplete or incorrect are corrected or deleted;
- The user’s consent for data processing is only valid if given voluntarily after the user has been appropriately informed;
- The principles of “Privacy by Design” and “Privacy by Default” are followed.
6. Scope of data processing
As a rule, the user can visit any page on this internet site without providing any personal information.
The exceptions to this are areas of the website and services on the website that require a name, address or other user data for a specific purpose, for example digital service portals that are only accessible via a login. See below under User Account.
The data controller reserves the right to keep limited records on the use of the website for statistical purposes (for example to find out on which days it is accessed particularly frequently, or which offers are being used), and access data are retained for this purpose in a log file that could be used to identify the user. Specifically, the following data are collected:
- The user’s IP address
- Date and time of access
- Name of the file viewed
- Access status (accessed, partly accessed, not accessed etc.)
- Page from which the access occurred
- Web browser used
- Operating system used
These data are stored in the log files of the data controller’s IT system. These data are not stored together with other personal data about the user. The system must collect these data to permit the transfer of information from the website to the user’s device. These data also allow the data controller to optimise the website, safeguard the security of the system and prevent misuse (e.g. in the form of automated mass requests, spam etc.).
Due to anonymisation of IP addresses, the data cannot be traced back to specific users. The user-specific IP address is therefore not linked to other data, and it cannot be used and is not used for any person-specific purpose.
Access to user data is only available to a small number of individuals who provide technical support for the secure servers, and these are specifically authorised by the data controller and contractually obliged to maintain confidentiality.
If the user sends requests to the data controller using a contact form, the information he enters on the request form, including his contact details, is stored for the purpose of processing the request and in case of follow-up questions. These data are not transmitted to others without the user’s consent.
If the user wishes to receive the newsletter offered on the website, he will be asked for an e-mail address and also for information that will make it possible to check that he is the owner of the e-mail address provided and gives his consent to receive the newsletter. These data are used exclusively to send the requested information and are not transmitted to third parties. The user can, at any time, withdraw his previously granted consent to the storage of the data and the e-mail address and to their use to send the newsletter, for example by clicking the “unsubscribe” link in the newsletter.
Comment function on this website
To allow the comments function on the website to be used, in addition to the user’s comments, additional data are stored, including the time when the comment was written, the user’s e-mail address and, if the user is not posting anonymously, his chosen username. The comments function stores the IP addresses of users who write comments. Since comments are not checked by the website operator before being released, the data controller requires these data so that it can take action against the author in case of any legal violation. The user can subscribe for comments after registering. He will receive a confirmation e-mail to check that he is the owner of the e-mail address provided. He can unsubscribe from this function at any time using a link in the information e-mail.
Order processing in the online shop with a customer account
The data controller processes user data in the context of orders placed in its online shop, to allow users to select and order the products and services of their choice, as well as to facilitate payment for said products and services and their delivery or provision, respectively.
The data processed include master data (file data), communication data, contract data and payment data, and the data subjects include customers, interested parties and other commercial parties involved. The purpose of processing the data is for contractual performance in the context of operation of an online shop, billing, delivery and provision of customer services. For this purpose, we use session cookies, e.g. to store the contents of the shopping trolley, and permanent cookies, e.g. to store the login status.
The data marked as mandatory are required for setup and performance of the contract. The data are only disclosed to third parties in relation to delivery, payment, or where this is legally permitted or mandatory. The data are only processed in third countries if this is necessary to fulfil the contract (e.g. at the customer’s request, in relation to delivery or payment).
Payments via the website
Credit card payments made via the website are made via Saferpay (Worldline AG) and encrypted using SSL technology. Worldline processes user data on behalf of the data controller in connection with payments made by the user. User data are only used to process the user’s payment instruction, and they are not made available to any third party other than the financial institutions responsible for the specific type of payment. “Worldline” or “Saferpay” may appear on the user’s credit card or bank account statement when he has placed an order with the data controller.
Other contracted services
The data controller processes user data as well as data from other contractual partners and interested parties, and also from other ordering parties, customers, principals, clients or contractual partners (all referred to as “contractual partners”) for work in performance of a contract or for pre-contractual work. The data processed for this, the nature, scope and purpose of the data and the requirement to process the data are determined by the underlying contractual relationship.
The data processed include the contact details of the contractual partner (e.g. names and addresses), contact details (e.g. e-mail addresses and telephone numbers) and contract data (e.g. the services requested, the content of the contract, communication about the contract, names of contact persons) and payment data (e.g. bank details, payment history).
The data controller does not, in principle, process sensitive personal user data, unless such data are involved in processing that is either ordered or contractually required.
The data controller processes data required to set up the contract and perform the contractual work, and states that the information is necessary if this is not obvious to the contractual partner. Disclosure to external persons or companies only takes place when it is necessary in the context of a contract. During processing of the data provided to the data controller in the context of a contract, the data controller shall act in accordance with the instructions of the person placing the order and in accordance with the law.
Administration, financial accounting, office organisation, contact management
The data controller processes user data for the purpose of administrative tasks such as the organisation of the data controller’s business, financial accounting and compliance with the data controller’s legal obligations, for example concerning archiving. In this context, it processes the same data that it processes in the context of providing its contracted services. Users and other customers, interested parties and commercial partners and visitors to the website are the data subjects in this data processing. The purpose of processing the data and the underlying interests are for administration, financial accounting, office organisation, archiving of data, i.e. tasks relating to the data controller’s business operations, carrying out tasks and providing services. In this context, the data controller shall disclose or transfer data to the tax authorities, to consultants such as tax advisers or company auditors, and to other fee offices and payment service providers.
The data controller also stores information about suppliers, organisers and other commercial partners, on the basis of its own commercial interests, for example so that they can be contacted again in future. In principle, the data controller retains most of these data, which is related to its business operations, on a permanent basis.
7. Service portal / user account
Users of this website may, depending on which module they have received, set up and use a user account or login to manage the services provided via the website. The necessary mandatory information about users is transmitted during the registration process.
The personal data collected in the context of the service portal and the linked user account are only used and retained by the data controller for the purpose of providing access to areas of the website and services on the website, e.g. for purposes referred to in additional data protection provisions, or for purposes that are evident from the content of the area of the website in question.
User accounts are not made public and cannot be indexed by search engines. Providing personal profile data (e.g. e-mail address/mobile phone number and password) allows the user to access his own data that has been recorded and stored, and he can complete, alter or delete these data at any time. If the user has closed his user account, his data relating to the user account will be deleted, unless its retention is necessary due to legal archiving obligations or the data controller’s own overriding interests. It is the responsibility of the user to save his own data that have been stored in the user account in the event of closure of the user account. The data controller is entitled, in the event of closure of the user account, to delete irrevocably all the data saved by the user during the contract.
During registration, on the occasion of subsequent logins and during use of online services provided by the data controller, the latter will record the IP address and the time when the individual user activity occurs. The corresponding user data are retained on the basis of the legitimate interests of both the data controller and the user in protection against misuse and other unauthorised use. These data will not be passed on to third parties unless this is necessary in order to assert the data controller’s legal rights in relation to abusive or illegal behaviour by the user, or unless there is a legal obligation to do so.
8. Retention / archiving
The data controller does not have a general duty to retain user data. It is primarily the user’s responsibility to ensure the availability of data of relevance to him and to archive said data if appropriate.
The data controller shall delete the user data as soon as their retention is no longer necessary for the purpose of processing, and at the latest after ten years, unless statutory archiving obligations or overriding interests of the data controller require a longer archiving period.
After an order has been executed, invoiced, and paid for, the data controller shall continue to store data collected in connection with the placement of the order in the online shop for as long as required by tax, commercial or other regulations. As a rule, such data will be retained for 10 years after the transaction on the basis of legal requirements, and in the case of repeated transactions by the same user, until 10 years after the last transaction.
9. Confidentiality / disclosure to third parties
Unless expressly stated in this data protection policy, for example in relation to data processing by contractors or in relation to third-party services, or unless it is evidently intended to be disclosed, user data will be treated as confidential and no user data will be transmitted or sold to third parties to use for their own purposes. The exception to this is mandatory disclosure to third parties when required by law, for example when ordered by a government body or a court.
10. Disclosure to foreign countries
The data on the website, including user data, are stored and processed on secure servers in Switzerland or in countries of the EU/EEA. Unless expressly indicated in this data protection policy, specifically in regard to third-party services, user data will not be transmitted to countries outside the EU/EEA.
Note concerning transfers of data to the USA (United States of America)
The data controller points out that in cases where data are transferred to the USA, there is a risk that the data will be accessed by US authorities in accordance with US law. Such access is without differentiation, restriction or exception on the basis of the aims being pursued, and there is no objective criterion that would allow the restriction of access to the data on the part of US authorities and the later use thereof to specific and strictly limited purposes that would be able to justify the access to these data and interventions associated with its use. Please also note that data subjects from Switzerland do not have access to legal remedies in the USA comparable to the situation under the FADP, under which they can access the data in question and have the data corrected or deleted, and please note as well that no effective legal protection is provided by the courts against the general access rights of the US authorities. We are explicitly informing the user of this legal and practical situation so that he can make an appropriate, well-informed decision on whether to give consent for his data to be processed in the USA.
11. Data processing by contractors
The data controller is entitled to arrange for the user’s personal data to be processed under contract by external service providers or contractors. Said external service providers or contractors must, however, be legally or contractually bound to comply with data protection legislation and maintain confidentiality to the same extent as the data controller. They are not allowed to process the user data beyond the limits permissible for the data controller himself. The data controller is also obliged to satisfy himself, on a regular basis, that parties charged with processing order data are capable of guaranteeing data security.
The data controller will provide the user, on request, with a current list of parties that process order data contracted by the data processor for the purposes of to operating the website and the extent of the processing of personal data carried out by said parties, unless this is precluded by overriding interests.
12. Data security (TOM)
To ensure data security, the data controller and its contractors shall make use of technical and organisational measures (TOMs) in accordance with the current state of technology. On request, and as long as the data security of other users is not jeopardised, the data controller shall provide the user with further details on the TOMs that are in place.
For security purposes and in order to protect the transmission of data, this website uses SSL/TLS encryption to protect confidential content such as requests sent to us, as the operator of the website, by the user. You can identify an encrypted connection by the fact that the address line of the browser is changed from “http://” to “https://” and by the padlock symbol on your browser bar. When SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
Nevertheless, it cannot be guaranteed that information or personal data sent from the user’s side using unencrypted online forms, e-mails or FTP uploads cannot be viewed or altered by unauthorised persons. Such transmissions are in principle carried out at the user’s own risk and with no guarantee at all on the part of the data controller.
Some of the cookies used by the data controller on the website are session cookies. These are deleted automatically after the end of the user’s visit. Other cookies remain on the user’s device until he deletes them. These cookies allow the data controller to recognise the user during his next visit. It contains an identification number that the data controller can use to identify the computer requesting to view the site. This allows the data controller to improve the services it provides if the user visits the website multiple times. It is not possible to match personal data to this identification number.
The user should be aware that, for technical reasons, some functions of the website may not be fully available if cookies have been deactivated or deleted.
14. Use of third-party services
The data controller uses content or services provided by third party providers within the website to enable the integration of their content and services, such as videos or fonts, into the website (these are collectively referred to below as “content”). This integration requires that the user’s IP address be recorded by third party providers of this content, since they could not send the content to the browser without the IP address. The IP address is therefore necessary in order to display the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags may evaluate information, such as the amount of visitor traffic on the pages on this website. This information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, and the time of the visit, as well as other information on the use of our online offering, and this information may be linked with similar information from other sources. Certain third-party services may also collect other information about the user and use said information for the third-party provider’s own purposes and, possibly, process it in other countries.
Insofar as the data controller uses the third-party services listed in the appendix, the user gives his consent for the use of said services and to the associated processing of data by third parties, to use of the data by third parties for their own purposes, to transmission of data to other countries in this connection, and to the terms and conditions of use and data protection policies of the third parties involved.
In particular, the user acknowledges that the data controller cannot accept any liability for the processing of personal data in the context of such third-party services, since the data controller has no ability to influence this. The data controller endeavours only to use content from providers that only use the IP address for delivering content, but it cannot guarantee this because it cannot influence it. Such third-party services and the extent of the processing of user data associated with them are constantly changing due to updates, bug fixes, new releases and other software modifications. The corresponding descriptions of third-party services in this data protection policy are therefore only intended as an overall guideline for the user on the content and extent of data processing by such services and on the opportunities that exist to opt out. The data controller shall make efforts to update the descriptions on a regular basis but cannot provide any guarantee that the information is up to date at all times. It recommends that the user ask the corresponding third-party service providers regularly about the content of such services and the scope of the associated processing of user data.
The list provided in the appendix provides an overview of third-party providers and their content, as well as links to their data protection policies, which contain further information on the processing of data and the opportunities that exist to opt out, some of which have already been mentioned here.
15. The user’s rights
Subject to the exceptions prescribed by law or contractually agreed, the user has the following rights in regard to user data:
- The right to be informed about data processing (Art. 19, FADP)
- The right to information (Art. 25 FADP)
- The right to have data corrected (Art. 6 para 5 FADP; Art. 32 para 1 FADP)
- The right to have data deleted (“right to be forgotten”; Art. 6 para 4 FADP; Art. 32 para 2 (c) FADP)
- The right to opt out and to restrict (“block”) or stop the processing of data (Art. 30 para 2 (b); 32 para 2 (a, b) FADP)
- The right to withdraw his consent for the processing of data (Art. 30 para 2 (b) FADP)
- The right to data transfer and data portability (Art. 28 FADP)
- The right to be informed about automated individual decisions (Art. 21 FADP)
In a case of withdrawal of consent for processing of user data, of a request for restriction of data processing or of a request for the deletion of user data, the data controller will delete the user data unless this is precluded by legal archiving obligations or by the data controller’s own overriding interests. In this case the data controller shall restrict the use of user data to the purposes required by law. This does not affect user data required for delivery of an order or for commercial purposes. In all these cases, the user accepts that the provision of personalised services will not be possible or will be restricted.
Regarding questions about processing of personal data or other matters relating to data protection, the user can contact the data controller using the contact details shown above under the heading “Data controller / contact details”. To prevent misuse, the data controller will, however, only respond to questions about data protection in writing and upon presentation of proof of identity (a copy of your passport or ID document). This information is free of charge and is usually provided within 30 days.
16. Responsible supervisory authorities
The authority responsible for matters relating to data protection in connection with the processing of user data by private entities is the Federal Data Protection and Information Commissioner, FDPIC, if the data relate to persons in Switzerland or are processed from inside Switzerland. He can investigate infringements of data protection regulations, either ex officio or in response to a complaint, and may order the data processing to be wholly or partly altered, suspended or stopped. He also advises private individuals on questions relating to data protection, provides data subjects with information on request on how to exercise their rights, and may bring complaints in the competent criminal courts.
The contact details of the FDPIC are available at https://www.edoeb.admin.ch.
17. Jurisdiction / applicable legislation
Unless stated to the contrary in mandatory legislation, Swiss law is exclusively applicable, excluding the conflict-of-laws provisions. The exclusive jurisdiction is without prejudice to the mandatory place of jurisdiction based on the registered office of the data controller.
Appendix: Third-party services used
Use of Google Maps
This website uses the Google Maps service. This allows us to display interactive maps for you directly on the website and allows you to use the map function in a convenient way. When you visit the website, Google is informed that you have viewed the corresponding sub-page of our website. This takes place independently of whether Google provides a user account through which you are logged in, or whether a user account exists. If you are logged into Google, your data are linked directly to your account. If you do not want your data to be linked to your Google profile, you must log out before pressing the button. Google saves your data as user profiles and uses the data for advertising, market research and/or to structure its website according to demand. In particular, it is used (even for users who are not logged in) to provide advertising matched to demand and to inform other users of the social network about your activities on our website. You have the right to opt out of the creation of this user profile, and you must contact Google in order to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and opportunities to stop it to protect your privacy, can be found at: www.google.de/intl/de/policies/privacy.
This website uses Google conversion tracking. If you arrived at our website via an advertisement displayed by Google, Google AdWords has placed a cookie in your computer. The cookie for conversion tracking is put in place when a user clicks on an advertisement displayed by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits specific pages on our website and the cookie has not yet expired, we and Google can recognise that the user has clicked on the advertisement and has been brought to this page. Every Google AdWords customer receives a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. The information collected using the cookie is used for producing conversion statistics for AdWords customers that have chosen to use conversion tracking. The customers are informed of the total number of users who have clicked on their advertisement and have been directed to a page with a conversion tracking tag. They do not, however, receive any information that allows personal identification of users.
If you do not wish to participate in tracking, you can reject the cookie that is required for this - either using your browser settings, which generally deactivates the automatic placement of cookies, or by configuring your browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that you should not delete the opt-out cookies until and unless you want measurement data to be recorded. If you delete all the cookies in your browser, you will have to place the relevant opt-out cookie again.
Use of Google Remarketing
This website uses the remarketing function from Google Inc. The purpose of this function is to present website visitors within the Google advertising network with advertisements personalised for their interests. A cookie is stored in the browser of the website visitor, making it possible to recognise the visitor when they view websites that are within the Google advertising network. On these pages, advertisements containing content previously viewed by the user on websites that use the Google remarketing function can be presented to the user.
Use of Google Maps reCAPTCHA
This website uses the reCAPTCHA service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). The purpose of the query is to identify whether the data are being entered by a human being or by an automated, mechanical process. The query includes sending Google the IP address and possibly further data required by Google for the reCAPTCHA service. Your response is transmitted to Google and is used by Google for this purpose. Within the member states of the European Union or in other European Economic Area treaty states, your IP address is, however, first truncated by Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of this service. The IP address transmitted by your browser in the context of reCaptcha is not linked to other data held by Google. It is also possible that your data may be transmitted to the USA during this process. An adequacy decision of the European Commission known as “Privacy Shield” is in place for transmission of data to the USA. Google subscribes to “Privacy Shield” and has agreed to be subject to its rules. By responding to the query you give your consent for processing of your data. Data processing takes place with your consent on the basis of Art. 6 (1) a of the GDPR. You can withdraw your consent at any time, without affecting the lawfulness of the processing that has occurred on the basis of your consent before it was withdrawn.
More information about Google reCAPTCHA and the related data protection policy can be found at: https://policies.google.com/privacy?hl=de
Data protection policy for Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the data controller for this website is outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are referred to below as “Google”.
The statistics obtained in this way allow us to improve our offering and present it in a way that is more helpful for you as the user. This website also uses Google Analytics for cross-device analysis of visitor flows, which is done via a user ID. If you have a Google user account, you can deactivate cross-device analysis of your use in the account settings under “my data”, “personal data”.
The legal basis for the use of Google Analytics is Art. 6 sect. 1 para 1 (f) GDPR. The IP address transmitted by your browser in the context of Google Analytics is not linked to other data by Google. Please note that on this website Google Analytics has been extended with the code "_anonymizeIp();” to guarantee anonymised collection of IP addresses. As a result, IP addresses are subsequently processed in truncated form and they cannot be linked back to an individual. If a personal reference is added to the data collected about you, this reference is immediately excluded and the personal data are therefore immediately deleted.
Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to create reports on website activities and to provide additional services to the website operator in connection with use of the website and use of the internet. In the exceptional cases where personal data are transferred to the USA, Google has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can also prevent the use of Google Analytics by clicking on this link: deactivate Google Analytics. This causes an opt-out cookie to be saved to your data storage medium that prevents processing of personal data by Google Analytics. Please note that if you delete all cookies from your device, these opt-out cookies are also deleted, so you must install the opt-out cookies again if you still want to prevent collection of these data. The opt-out cookies are installed separately on each browser and computer/device and must therefore be activated separately for each browser, computer or other device.
Data protection policy for Google Ads
Based on the marketing tools that are used, your browser makes a direct connection with Google’s server. Due to the integration of Google Ads, Google is informed that you have viewed the corresponding part of our website or have clicked on one of our advertisements. If you are registered for a Google service, Google can link the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out your IP address and record it.
You can avoid participating in this tracking process in various ways:
by configuring the corresponding settings in your browser software; in particular, blocking third party cookies means that you will not receive advertisements from third party providers;
by deactivating cookies for conversion tracking, by configuring your browser so that cookies from the domain www.googleadservices.com are blocked, https://adssettings.google.com, but this configuration is deleted when you delete your cookies;
by deactivating personalised advertisements from providers who are part of the “About Ads” self-regulation campaign, via the link https://www.aboutads.info/choices, but this configuration is deleted when you delete your cookies;
by permanently deactivating it in your browsers Firefox, Internet Explorer or Google Chrome via the link at https://www.google.com/settings/ads/plugin.
Please note that if you do this you may not be able to make full use of all the functions that are on offer here.
The legal basis for the processing of your data is a balance of interests on the basis that the processing of your personal data as set out above does not result in any overriding detrimental effect on your interests (Art. 6 sect. 1 para. 1 (f) GDPR). You can find out more about Google Ads from Google at https://ads.google.com/intl/de_DE/home/, and on data protection by Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.
Data protection policy for the use of Google Web Fonts
This website uses so-called web fonts to consistently display fonts provided by Google. When you view a site your browser loads the necessary web fonts into its browser cache to display texts and fonts correctly. If your browser does not support web fonts, one of your computer’s standard fonts will be used.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface that allows us to integrate Google Analytics and other Google marketing services in our online offering. The tag manager itself, which implements the tags, does not process any of the user’s personal data. Please refer to the following information about Google services to find out about the processing of the user’s personal data. Use policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
Data protection for Hubspot
In this process, some user data are linked to you personally (for example after data are entered on a registration form) and stored in our CRM. This allows us to send you information and offers that are personalised to suit your interests.
In this process, your personal data may possibly also be transferred to Hubspot servers in the United States (USA). An appropriate level of security is ensured, since HubSpot, Inc. is a member of the EU-US data protection shield agreement and is certified to be compliant with this.
We use Hubspot to provide you with personalised information and offers. Consequently we have a legitimate interest in processing these data in the sense of Art. 6 sect. 1 (f) of the GDPR. The legal basis for the processing of your personal data by us in connection with the use of Hubspot is Art. 6 sect. 1 (f) of the GDPR.
During our use of Hubspot we store your personal data for as long as is necessary to send you personalised information and offers.
The provision of personal data collected via Hubspot is not legally or contractually required, nor is it necessary for the conclusion of a contract. If you do not wish to make these data available, we will not be able to send you personalised information and offers.
You can find more information about the use of data by Hubspot in the Hubspot data protection policy at: https://legal.hubspot.com/de/privacy-policy.
You can opt out of the use of your data at any time, for example by sending an e-mail to our e-mail address in this data protection policy.
HubSpot is certified under the terms of the “EU-U.S. Privacy Shield Framework” and is subject to the TRUSTe’s Privacy Seal and the “U.S.-Swiss Safe Harbor” framework.
- More information about HubSpot’s data protection policy
- More information about HubSpot in regard to the EU data protection provisions
- More information about cookies that HubSpot places on a visitor’s browser
- More information about the cookies on HubSpot websites
Data protection policy for Facebook
This website uses functions provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When our pages are viewed using Facebook plugins, a connection is created between your browser and Facebook’s servers. Data are immediately transferred to Facebook at that time. If you have a Facebook account, these data may be linked to it. If you do not want these data to be linked to your Facebook account, please log out of Facebook before visiting our website. Interactions, particularly the use of comments functions or clicks on a “like” or “share” button are also disclosed to Facebook. Find out more at https://de-de.facebook.com/about/privacy.
Data protection policy for Twitter / X
This website uses functions provided by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When our pages are viewed using Twitter plugins, a connection is created between your browser and Twitter’s servers. Data are immediately transferred to Twitter at that time. If you have a Twitter account, these data may be linked to it. If you do not want these data to be linked to your Twitter account, please log out of Twitter before visiting our website. Interactions, specifically clicking on a “retweet” button, are also disclosed to Twitter. Find out more at https://twitter.com/privacy.
Data protection policy for Instagram
Some functions of the Instagram service are integrated on our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link to the content on our pages by clicking the Instagram buttons. This allows Instagram to link the visit to our pages to your user account. Please note that as a provider of web pages, we do not receive any information about the content of the data transmitted or how they are used by Instagram.
More information about this can be found in the Instagram data protection policy: http://instagram.com/about/legal/privacy/
Data protection policy for LinkedIn
This website uses functions provided by the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time a call from one of our pages contains LinkedIn functions, a connection is made to LinkedIn servers is made. LinkedIn is informed that you have visited our web pages with your IP address. If you click the LinkedIn “recommend” button and you are logged in to your account with LinkedIn, LinkedIn can link your visit to our website to you and your user account. Please note that as a provider of web pages, we do not receive any information about the content of the data transmitted or how they are used by LinkedIn.
More information about this can be found in the LinkedIn data protection policy: https://www.linkedin.com/legal/privacy-policy
External payment service providers
This website uses external payment service providers to enable users and us to carry out payment transactions. For example via
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.
The purpose of our use of payment service providers is for the performance of contracts, on the basis of the Swiss Federal Act on Data Protection and, insofar as necessary, on the basis of Art. 6 sect. 1 (b) EU GDPR. We also use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Federal Act on Data Protection and, insofar as necessary, according to Art. 6 sect. 1 (f) EU GDPR, to provide effective and secure payment options for our users.
The data processed by the payment service providers include file data such as name and address, bank details, and including account numbers or credit card numbers, passwords, TANs and checksums and information about contracts, amounts and recipients. This information is necessary in order to carry out the transactions. The data entered are, however, only processed and stored by the payment service provider. We, as an operator, do not receive any information on (bank) accounts or credit cards, only information on confirmation (acceptance) or refusal of the payment. In some circumstances, the data are transmitted by the payment service provider to credit reporting agencies. These data are transmitted for the purpose of identity and credit score checking. Please also refer to the terms and conditions and data protection policies of the payment service providers.
The payments are governed by the terms and conditions and the data protection policies of the individual payment service providers that can be used from within the relevant website or transaction applications. Please refer to these if you require further information and for information on the right to opt out, the right to information and a data subject’s other rights.
Newsletter – Mailchimp
The newsletter is sent using the sending service provider ‘Mailchimp‘, a newsletter sending platform from US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the sending platform’s data protection policy here. The Rocket Science Group LLC d/b/a Mailchimp is certified under the Privacy Shield agreement and therefore offers a guarantee that the European level of data protection will be maintained (PrivacyShield). The sending platform is used on the basis of our legitimate interests in accordance with Art. 6 sect. 1 (f) GDPR and an order processing contract in accordance with Art. 28 sect. 3 para 1 of the GDPR.
The sending platform may use data about the recipients in a pseudonymised form, i.e. a form not linked to a user, to optimise or improve its own services, for example for technical optimisation of the sending process and presentation of the newsletter, or for statistical purposes. The sending platform does not, however, use data relating to our newsletter recipients to write to them itself or to disclose their data to third parties.
Newsletter by WhatsApp
You can also obtain our free newsletter via the WhatsApp instant messaging service. WhatsApp is a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA, both referred to below simply as “WhatsApp”. Processing of user data partly takes place on WhatsApp servers in the USA.
Through its certification under the EU-US Privacy Shield data protection system, however, WhatsApp guarantees that compliance with the EU data protection regulations continues during processing of data in the USA. WhatsApp also provides additional information about data protection.
You need a WhatsApp user account to receive our newsletter by WhatsApp. Details of the data recorded by WhatsApp at the time of registration can be obtained from WhatsApp’s data protection policy as mentioned above.
If you subscribe to our newsletter via WhatsApp, the mobile phone number you enter during the subscription process is processed by WhatsApp. Your IP address and subscription date and time are also stored. Later in the subscription process you will be asked for your consent for sending of the newsletter, its content will be described in detail and you will be referred to this data protection policy.
The legal basis for sending the newsletter and analysing the data is Art. 6 sect. 1 (a) GDPR.
You can withdraw your consent for sending the newsletter at any time with immediate effect, in accordance with Art. 7 sect. 3 GDPR. All you have to do is inform us that you wish to withdraw your consent. You can also use the configuration settings in the WhatsApp software on your device to block the newsletter so you will not receive it..
Use of Adobe Fonts
We use Adobe Fonts for the visual layout of our website. Adobe Fonts is a service provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which gives us access to the font library. In order to integrate the fonts that we use, your browser must make a connection to an Adobe server in the USA and download the font required for our website. As a result Adobe will be informed that our website has been viewed from your IP address. You can find more information about Adobe Fonts in Adobe’s data protection information, which can be viewed here: Adobe Fonts
Data protection policy for YouTube
Some functions of the Youtube service are integrated on our website. YouTube belongs to Google Ireland Limited, a company registered and run in accordance with Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services within the European Economic Area and Switzerland.
Your legal agreement with YouTube consists of the terms and conditions that can be found via the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These provisions form a legally binding agreement between you an “YouTube” concerning the use of services. Google’s data protection policy states how YouTube handles your personal data and protects your data when you use the service.
Data protection policy for Vimeo
This website integrates plugins from the Vimeo video portal, which is provided by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time you view a page that includes one or more Vimeo video clips, a direct link is created between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. When you interact with the Vimeo plugin (e.g. clicking on the start button), this information is also transmitted to Vimeo and stored there. More detailed information about the collection and use of your data by Vimeo, can be found in Vimeo’s data protection policy.
If you have a Vimeo user account and you do not want Vimeo to collect information about you via this website and link it to your Vimeo member data, you must log out of Vimeo before visiting this website.
Vimeo also invokes the Google Analytics tracker, via an iFrame in which the video is viewed. This is Vimeo’s own tracker and we have no access to it. You can prevent tracking by Google Analytics by using the deactivation tool that Google provides for some internet browsers. You can also prevent collection of the data produced by Google Analytics about your use of the website (including your IP address) by Google and processing of these data by Google by downloading and installing the browser plugin that is available from the following link:
Male pronouns are used for the sake of simplicity, but this refers to all genders.
 SR 235.1. References to the FADP relate to the fully revised edition that came into force on 1.9.2023. References prior to 1.9.2023 refer to the previous edition of the Act.