General Data
We process general personal data about you, such as your name and contact details.
Privacy notice - Collection, processing and use of personal data
The privacy notice describes how and why we collect, process and use personal data. The responsible handling of data is important to us. We are constantly making adjustments to protect personal data even better.
Privacy notice
1. What is this privacy notice about?
Kai Schmidt Fotentia (hereinafter also referred to as "we", "us") collects and processes personal data that concern you or other persons (referred to as "Third Parties"). We use the term "Data" here synonymously with "Personal Data" or "personal identifiable data". "Personal Data" means relating to identified or identifiable individuals, which means that the relevant data, in combination with additional data, make it possible to draw conclusions about the identity of these individuals. "Sensitive Personal Data" s a subset of personal data that is specially protected under applicable data protection law. This includes, for example, data revealing racial or ethnic origin, health data, religious or philosophical beliefs, biometric data for identification purposes, and information relating to trade union membership. In Section 3, you will find information about the data we process in accordance with this privacy notice. "Processing" means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure. In this privacy notice, we describe what we do with your data when you use fotentia.com ("website"), obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with us. When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this privacy notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices. If you disclose data to us or share data with us about other individuals, we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this privacy notice. This privacy notice is aligned with the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection ("revDPA"). However, the application of these laws depends on each individual case.
2. Who is the controller for processing your data?
Kai Schmidt Fotentia, Langgrütstrasse 178, CH-8047 Zurich ("Fotentia") is the controller for processing under this privacy notice, unless we tell you otherwise in an individual case, for example in additional privacy notices, on a form or in a contract. For each processing activity there are one or several parties that are responsible for ensuring that the processing complies with data protection law. This party is called the controller. It is responsible, for example, for responding to access requests (Section 10) or for ensuring that personal data is processed securely and not used in an unlawful manner. Additional parties may be joint controllers for the processing set out in this privacy notice if they participate in determining the purpose or means of the processing. If you wish to receive information about the controllers for a specific processing activity, you are welcome to ask us as part of your access right (Section 10). Fotentia remains your primary contact, even if there are other joint controllers. In Section 3, Section 6 and Section 11, you will find additional information about third parties with whom we work together and who are controllers for their processing. If you have any questions for these third parties or if you wish to exercise your rights, please contact them directly. You may contact us for data protection concerns and to exercise your rights under Section 10 as follows:
Kai Schmidt Fotentia
Langgrütstrasse 178
CH-8047 Zurich
3. What data do we process?
Technical Data: When you use our website, we may collect the IP address of your device and other technical data to ensure the functionality and security of these services. We generally keep technical data for 6 months. To ensure the functionality of these services, we may also assign an individual code to you or your device (e.g., in the form of a cookie, see Section 11). Technical data alone generally do not allow conclusions about your identity. However, as part of user accounts, registrations, access controls, or the processing of contracts, they may be linked with other categories of data (and thus possibly with your person). Technical data include, among other things, the IP address and information about the operating system of your device, the date, the region and the time of use, and the type of browser with which you access our electronic offers. This can help us to transmit the correct formatting of the website or to display a website adapted to your region. Based on the IP address, we know through which provider you access our offers (and thus also the region), but we usually cannot deduce who you are.We collect data about access to the site and store it as "Server Log Files". The following data are logged:
- Time of access
- Accessed pages/files
- Source/referral from which you reached the page
- Used browser, version and operating system
- IP address
Generally, these data are stored for 4 weeks and then automatically deleted. Such storage in so-called Server Log Files is necessary for technical reasons and to ensure system security. These data are exclusively evaluated anonymously for statistical purposes and to improve the quality of our website. There is no assignment of these data to a specific or identifiable natural person either by us or by third parties on our behalf. Personal user profiles are also not created using this data. The legal basis for data processing is the pursuit of legitimate interests (art. 6 para. 1 lit. f GDPR). The legitimate interest lies in the continuous improvement, as well as the safe and uninterrupted operation of our website.
Registration data: Certain offerings, for example prize competitions, and services can only be used with a user account or registration, which can happen directly with us or through our third-party login service providers. In this regard you must provide us with certain data, and we collect data about the use of the offering or service. We generally keep registration data for 12 months from the date the use of the service ceases or the user account is closed.
Communication data: When you contact us via the contact form, by email, phone, letter, or other communication methods, we collect the data exchanged between you and us, including your contact details and the peripheral details of the communication. The legal basis for storing these contact details, which you voluntarily provide, is the pursuit of legitimate interests. We use this data purposefully for contacting you and, if necessary, responding to your inquiry, as well as for technical administration. We generally process personal data to carry out our services or as part of contract initiation. Since email communication does not occur over a secure data connection, please refrain from sending confidential information via email. Our CRM system, Bitrix24 (Sec. 6), combines your contact details with your data from project inquiries and existing relationships for all services, enabling us to advise you optimally. The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. You may object to the use of your personal data for marketing purposes at any time. Likewise, you can revoke any separately granted consent. If we record or listen in on telephone calls or video conferences, for example, for training and quality assurance purposes, we will specifically inform you. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed whether and when such recordings take place, e.g., through a notification during the respective video conference. If you do not wish to be recorded, please inform us or terminate your participation. If you only wish to prevent the recording of your image, please turn off your camera. Emails in personal mailboxes and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally retained for 24 months. Communication data includes your name and contact details, the nature, location, and time of the communication, and usually also its content (i.e., the content of emails, letters, etc.). This data may also include information about third parties.
Master data: As master data, we refer to the basic data that, in addition to contract data (see below), we need for the processing of our contractual and other business relationships, or for marketing and advertising purposes. This includes your name, contact details, and information such as your role and function, bank account details, date of birth, customer history, powers of attorney, signature authorizations, and declarations of consent. We process your master data if you are a customer or other business contact, or act on behalf of one (e.g., as a contact person of a business partner), or because we want to address you for our own purposes or those of a contractual partner (e.g., in the context of marketing and advertising). We receive master data from you directly (e.g., during a purchase or registration), from entities for which you work, or from third parties such as our contractual partners, associations, address dealers, and from publicly accessible sources like public registers or the internet (websites, social media, etc.). We usually store this data for 10 years from the last exchange with you, but at least until the end of the contract. This period may be longer if necessary for evidentiary reasons, to comply with legal or contractual requirements, or due to technical reasons. For pure marketing and advertising contacts, the period is usually much shorter, often no more than 2 years since the last contact. Master data includes, for example, details such as name, address, email address, phone number, and other contact information, gender, date of birth, nationality, information about connected individuals, websites, profiles in social media, photos and videos, copies of identification documents; furthermore, information about your relationship with us (customer, supplier, visitor, recipient of services, etc.), information about your status with us, allocations, classifications, and distribution lists, information about our interactions with you (possibly a history thereof with corresponding entries), reports (e.g., from the media) or official documents (e.g., commercial register excerpts, permits, etc.) concerning you. As payment information, we collect, for example, your bank details, account number, and credit card information. Also included in the master data are consent or blocking notes, as well as information about third parties, e.g., contact persons, recipients of services, advertising recipients, or representatives. For contact persons and representatives of our customers, suppliers, and partners, we process as master data, for example, name and address, information about role, function in the company, qualifications, and possibly information about superiors, employees, and subordinates, and information about interactions with these people. Master data is not comprehensively collected for all contacts. The specific data we collect depends particularly on the purpose of the processing.
Contract data:Contract data includes information about the conclusion of the contract, your contracts, for example, the type and date of conclusion, information from the application process (such as an application for our products or services), and information about the respective contract (e.g., its duration) and the execution and management of the contracts (e.g., information related to billing, customer service, support in technical matters, and enforcement of contractual claims). Contract data also includes information about defects, complaints, and adjustments of a contract, as well as information on customer satisfaction, which we may collect through surveys. Furthermore, contract data includes financial data such as information about creditworthiness (i.e., information that allows conclusions about the likelihood of claims being settled), reminders, and debt collection. We receive this data partly from you (e.g., when you make payments), but also from credit reporting agencies and debt collection companies, and from publicly accessible sources (e.g., a commercial register)
Behavioral and preference data: Depending on our relationship with you, we try to understand you better and tailor our services and offers to suit you. To this end, we collect and use data about your behavior and preferences. We do this by analyzing information about your behavior in our area and may supplement this information with data from third parties - including publicly accessible sources. Based on this, we can calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose are sometimes already known to us (e.g., when you use our services), or we obtain this data by recording your behavior. We anonymize or delete these data when they are no longer meaningful for the purposes pursued, which can be between 2-3 weeks and 24 months (for product and service preferences) depending on the type of data. This period may be longer if necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons. How tracking on our website works is described in Section 11. Behavioral data includes information about specific actions, e.g., your response to electronic communications (e.g., whether and when you opened an email) or your location, as well as your interaction with our social media profiles. Preference data give us insights into your needs, which products or services may interest you, or when and how you are likely to respond to messages from us. We obtain this information from the analysis of existing data, such as behavioral data, so that we can get to know you better, tailor our advice and offers more accurately to you, and generally improve our offers. To enhance the quality of our analyses, we may link this data with additional data obtained from third parties, such as address dealers, offices, and publicly accessible sources like the internet. Behavioral and preference data can be evaluated on a personal basis (e.g., to show you personalized advertising), but also non-personally (e.g., for market research or product development). Behavioral and preference data can also be combined with other data.
Other data: We also collect data from you in other situations. In connection with governmental or judicial proceedings, for example, data such as files, evidence, etc., may be generated that could relate to you. For reasons of health protection, we may also collect data (e.g., in the context of protection concepts). We may receive or produce photos, videos, and audio recordings in which you can be identified (e.g., at events, etc.). We can also collect data about who participates in events or activities (e.g. prize competitions) and when, or who uses our infrastructure and systems and when.
Many of the data mentioned in this Section 3 are provided to us by you directly (e.g., through forms, during communication with us, in connection with contracts, when using the website, etc.). You are not obliged to provide this data, except in individual cases, such as under legal obligations. If you want to enter into contracts with us or claim services, you must also provide us with data as part of your contractual obligation, particularly master, contract, and registration data, according to the relevant contract. When using our website, the processing of technical data is inevitable. If you want access to certain systems, you must provide us with registration data. However, for behavioral and preference data, you generally have the option to object or not give consent. We only provide certain services if you transmit registration data to us, because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically required, or because we want to communicate with you. If you or a person you represent (e.g., your employer) want to enter into or fulfill a contract with us, we must collect corresponding master, contract, and communication data from you, and we process technical data if you want to use our website or other electronic offers for this purpose. If you do not provide us with the data necessary for the conclusion and execution of the contract, you must expect that we may reject the conclusion of the contract, you may commit a breach of contract, or we may not fulfill the contract. Similarly, we can only send you a response to a request from you if we process the corresponding communication data and - if you communicate with us online - also technical data. The use of our website is also not possible without receiving technical data. As far as it is not prohibited, we also obtain data from publicly accessible sources (e.g., debt collection registers, land registers, commercial registers, media, or the internet including social media) or receive data from other companies within our group, from authorities, and from other third parties (such as credit reporting agencies, address dealers, associations, contractual partners, internet analysis services, etc.). The categories of personal data that we receive from third parties about you include, in particular, information from public registers, information we learn in connection with governmental and judicial proceedings, information related to professional functions and activities (so that, for example, we can enter into and process business with your employer), information about you in correspondence and meetings with third parties, credit reports (if we do business with you personally), information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can enter into or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information to comply with legal requirements such as for fraud, money laundering, and terrorism prevention and export restrictions, information from banks, insurers, and our sales and other contractual partners for the use or provision of services by you (e.g., payments, purchases, etc.), information from media and the internet about you (if this is indicated in the specific case, e.g., in the context of an application, marketing/sales, press review, etc.), your address and possibly interests and other sociodemographic data (especially for marketing and research), and data related to the use of third-party websites and online offers, where this use can be attributed to you.
4. For what purposes do we process your data?
We process your data for the purposes we explain below. For additional information on the online area, please refer to Sections 11 and 12. These purposes or the underlying objectives represent legitimate interests of us and possibly third parties. Further information on the legal basis of our processing can be found in Section 5. We process your data for purposes related to communication with you, especially to respond to inquiries and assert your rights (Section 10), and to contact you in case of follow-up questions. For this, we primarily use communication data and master data. We store this data to document our communication with you, for training purposes, quality assurance, and for follow-up inquiries. This concerns all purposes related to communication between you and us, whether in customer service or in consulting, for authentication in case of website use, or for training and quality assurance (e.g., in the area of customer service). We further process communication data so that we can communicate with you via email, phone, messenger services, chat, social media, letter, and fax. Communication with you usually takes place in connection with other processing purposes, e.g., so that we can provide services or respond to an information request. Our data processing also serves as proof of communication and its contents. We process data for the recording, management, and handling of contractual relationships. We enter into contracts of various kinds with our business and private customers, suppliers, subcontractors, or other contractual partners, such as partners in projects or parties in legal disputes. In this context, we process master data, contract data, and communication data and, depending on the circumstances, also registration data of the customer or persons to whom the customer provides a service. In this case, we process data for the execution of the contract with these recipients, but also with the contract partners they have invited. In the context of business initiation, personal data - especially master data, contract data, and communication data - is collected from potential customers or other contractual partners (e.g., in an order form or contract) or results from communication. Also, in connection with contract conclusion, we process data to check creditworthiness and to open the customer relationship. Partly, these details are checked for compliance with legal requirements. In the course of handling contractual relationships, we process data for the management of customer relationships, for the provision and enforcement of contractual services (which also includes the involvement of third parties such as advertising service providers, banks, insurers, or credit reporting agencies, who can then provide us with data in return), for consulting, and for customer care. Also, the enforcement of legal claims from contracts (collections, legal proceedings, etc.), as well as accounting, termination of contracts, and public communication, are part of the processing.
We process data for marketing purposes and for relationship management, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and third parties (e.g., advertising contractual partners). This can happen, for example, in the form of newsletters and other regular contacts (electronically, by mail, by phone), through other channels for which we have your contact information, and also as part of individual marketing actions (e.g., events, prize competitions, etc.). You can reject such contacts at any time (see the end of this Section 4) or refuse or revoke consent to contact for advertising purposes. Finally, we also want to enable our contractual partners to address our customers and other contractual partners for advertising purposes (refer to Section 6). For example, we transmit information, advertising, and product offers from us and third parties within and outside of Fotentia (e.g., advertising contractual partners) to you with your consent, as printed matter, electronically, or by phone. For this purpose, we mainly process communication and registration data. Like most companies, we personalize messages so that we can send you individual information and offers that meet your needs and interests. For this, we link data that we process about you and determine preference data and use this data as the basis for personalization (refer to Section 3). Relationship management also includes the - possibly personalized based on behavioral and preference data - approach to existing customers and their contacts. In the context of relationship management, we can also operate a Customer Relationship Management system ("CRM"), in which we store the data necessary for relationship management for customers, suppliers, and other business partners, e.g., about contact persons, the relationship history (e.g., about products and services received or delivered, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.), and other information. All these processes are important not only for us to effectively advertise our offers but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible.
We further process your data for market research, to improve our services and our operations, and for product development. We strive to continuously improve our products and services (including our website) and to quickly respond to changing needs. For these purposes, we particularly process master data, behavioral and preference data, as well as communication data and information from customer surveys, polls, and studies, and further information, e.g., from the media, social media, the internet, and other public sources. Where possible, we use pseudonymized or anonymized information for these purposes. We may also utilize media monitoring services or conduct media monitoring ourselves, processing personal data to engage in media work or to understand and respond to current developments and trends.
We may also process your data for security purposes and access control. We continuously review and improve the adequate security of our IT and other infrastructures. Like all companies, we cannot exclude data security breaches with absolute certainty, but we do our part to reduce the risks. Therefore, we process data, for example, for monitoring, controls, analyses, and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes, and in the context of security backups.
We process personal data to comply with laws, directives, and recommendations from authorities and internal regulations ("Compliance"). This includes, for example, legally regulated measures against money laundering and terrorism financing. In certain cases, we may be obliged to conduct specific investigations on customers ("Know Your Customer") or report to authorities. Also, fulfilling reporting, information, or notification obligations, for example in connection with supervisory and tax obligations, requires data processing or brings it with it, such as fulfilling archiving obligations and preventing, detecting, and investigating crimes and other offenses. This includes receiving and processing complaints and other reports, monitoring communication, internal investigations, or disclosing documents to an authority if we have a sufficient reason or are legally obligated to do so. Personal data may also be processed in external investigations, e.g., by a law enforcement or supervisory authority or a commissioned private entity. For all these purposes, we particularly process your master data, your contract data, and communication data, and possibly also behavioral data and data from the category of other data. The legal obligations may involve Swiss law but also foreign regulations to which we are subject, as well as self-regulation, industry standards, our own "Corporate Governance", and official instructions and requests.
We also process data for purposes of our risk management and as part of prudent corporate management, including operational organization and corporate development. For these purposes, we particularly process master data, contract data, registration data, and technical data, but also behavioral and communication data. In planning our resources and organizing our operations, we must evaluate and process data on the use of our services and other offers or exchange information about them with others (e.g., outsourcing partners), which may include your data. The same applies to services provided to us by third parties. In the context of corporate development, we may enter into partnerships, which can also lead to the exchange and processing of data.
We may process your data for further purposes, e.g., as part of our internal operations and administration or for training and quality assurance purposes. These additional purposes include training and educational purposes, administrative purposes (such as managing master data, accounting, data archiving, and the review, management, and continuous improvement of IT infrastructure), protecting our rights (e.g., to enforce claims legally, in court or out-of-court, and before authorities domestically and abroad, or to defend ourselves against claims, for example, through evidence preservation, legal investigations, and participation in court or official proceedings), and evaluating and improving internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. Preserving further legitimate interests also belongs to the additional purposes, which cannot be conclusively named.
5. On what basis do we process your data?
Where we ask for your consent for specific processing (e.g., for the processing of particularly sensitive personal data, for marketing mailings, for the creation of personalized movement profiles, and for advertising control and behavioral analysis on the website), we will inform you separately about the respective purposes of the processing. Consents can be revoked at any time by written notification (by post) or, unless otherwise indicated or agreed, by email to us, effective for the future; our contact details can be found in Section 2. Where you have a user account, a revocation or contact with us can also be carried out via the respective website or other service. As soon as we receive notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for it. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, particularly to pursue the purposes and associated objectives described above under Section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with legal regulations, to the extent that they are not already recognized as a legal basis by the applicable data protection law (e.g. the law in the EEA and Switzerland under GDPR). This also includes the marketing of our products and services, the interest in better understanding our markets, and running and further developing our company, including the operational business, safely and efficiently. If we receive sensitive data (e.g., information on political, religious, or philosophical beliefs), we may also process your data based on other legal grounds, e.g., in the case of disputes due to the necessity of processing for a potential legal process or the enforcement or defense of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you as necessary separately.
6. With whom do we share your data?
In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the further purposes listed in Section 4, we also transmit your personal data to third parties, particularly to the following categories of recipients:
Service Providers: We collaborate with service providers both domestically and internationally, who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us in their own responsibility (e.g., developers, IT providers, advertising services, login service providers, banks, insurance companies, collection agencies, credit reporting agencies, or address verifiers). To efficiently provide our services and focus on our core competencies, we utilize services from third parties in numerous areas. These services include, for example, IT services, the dispatch of information, marketing, sales, communication, or printing services, organization and execution of events and receptions, collections, credit reporting agencies, address verification (e.g., to update address records in case of relocations), fraud prevention measures, and services from consulting firms, lawyers, banks, insurers, and telecommunication companies. We disclose to these service providers the data necessary for their services, which may include your data. These service providers may also use such data for their purposes, e.g., information about outstanding claims and your payment behavior in the case of credit reporting agencies, or anonymized data to improve services. Additionally, we enter into agreements with these service providers that include provisions for data protection, to the extent that such protection is not already provided by law. Our service providers may process data, such as how their services are used and other data that arises in the course of using their service, as independent controllers for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers inform about their independent data processing in their own privacy policies. We use the hosting service Vercel (Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, U.S.A.) to provide our website. Vercel also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the lawfulness and security of data processing. Vercel uses so-called Standard Contractual Clauses (Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in countries outside of the European Union, Iceland, Liechtenstein, Norway, i.e. in the USA) or data transfer there. Standard Contractual Clauses ("SCC") are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Vercel undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. The data processing terms ("Data Processing Addendum") which correspond to the Standard Contractual Clauses, and the Privacy Policy are made available on the Vercel's website. We use the Customer Relationship Management system Bitrix24 (Bitrix, Inc., 700 North Fairfax St., Suite 614-B, Alexandria, VA 22314, USA) to link your contact details with your data from project inquiries and existing relationships. Our data is processed in the AWS Cloud in Frankfurt (AWS eu-central-1). We use Web3Forms (web3forms.com) for the technical implementation of the contact form and the transmission of the checklist for knowledge management on the website. Web3Forms uses AWS Cloud infrastructure. The data from the contact form is only forwarded and not stored. Web3Forms processes data also in the USA. We use the API of the American company OpenAI (OpenAI OpCo LLC, 3180 18th Street, San Francisco, CA, USA) to generate personalized texts in the evaluation of our knowledge management checklist. No data that could identify you are transmitted to OpenAI. We only transmit inputs from the checklist. OpenAI also processes data in the USA.To secure our contact form, we use hCaptcha by Intuition Machines, Inc. Intuition Machines also processes data in the USA. As the basis for data processing by recipients located in third countries (outside of the European Union, Iceland, Liechtenstein, Norway, and especially in the USA) or for data transfer to these countries, Intuition Machines uses so-called Standard Contractual Clauses (Article 46, Paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses ("SCC") are template agreements provided by the EU Commission designed to ensure that your data still complies with European data protection standards when transferred to third countries (such as the USA) and stored there. Through these clauses, Intuition Machines commits to maintaining the European level of data protection when processing your relevant data, even if the data are stored, processed, and managed in the USA.
Contractual partners including customers: This primarily refers to customers (e.g., service recipients) and other contractual partners of ours, as this data transfer arises from these contracts. The recipients also include contractual partners with whom we cooperate or who advertise for us, to whom we therefore transmit data about you for analysis and marketing purposes. We require these partners to send you advertising or to display it based on your data only if you have consented to it. If you act as an employee for a company with which we have entered into a contract, the execution of this contract may lead to us informing the company, for example, about how you have used our service. Cooperation and advertising contractual partners receive from us selected master, contract, behavioral, and preference data, so that they can conduct non-personalized evaluations in their area (e.g., about the number of our customers who have seen their advertising) and can also use data for advertising purposes (including targeted communication with you). For instance, advertising contractual partners should have the opportunity to communicate with suitable other customers of ours and send them advertising.
Authorities: We may transfer personal data to offices, courts, and other authorities domestically and abroad if we are legally obliged or authorized to do so, or if it seems necessary to protect our interests. The authorities process data about you in their own responsibility that they receive from us.Examples include criminal investigations, police measures (e.g., health protection concepts, violence prevention, etc.), regulatory requirements and investigations, court proceedings, reporting obligations, and pre-litigation and out-of-court procedures, as well as legal information and cooperation duties. Data disclosure may also occur when we seek information from public bodies, for example, to establish a right to information or because we need to specify about whom we require information (e.g., from a register).
Other individuals: This refers to other cases where the involvement of third parties arises from the purposes outlined in Section 4, for example, recipients of services, media, and associations in which we participate, or if you are part of one of our publications. Other recipients include, for example, delivery addresses specified by you or third-party payment recipients, other third parties also in the context of representation relationships (e.g., if we send your data to your lawyer or bank), or individuals involved in administrative or court proceedings. If we collaborate with the media and provide them with material (e.g., photos), you may also be affected. The same applies to the publication of content (e.g., photos, interviews, quotes, etc.) on our website or in other publications of ours. In the context of communication with our competitors, industry organizations, associations, and other bodies, there may also be an exchange of data that concerns you.
All these categories of recipients may in turn involve third parties, so that your data can also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.). We reserve the right to disclose your data, even if they concern confidential information, unless we have explicitly agreed with you that we will not disclose these data to certain third parties, unless we are legally obligated to do so. Regardless, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe after disclosure. For disclosures to other countries, the provisions of Section 7 apply. If you do not want certain data to be disclosed, please inform us so that we can determine whether and to what extent we can accommodate your request (Section 2). In many cases, the disclosure of confidential data is necessary to execute contracts or provide other services. Non-disclosure agreements typically do not exclude such data disclosures, nor does the disclosure to service providers. However, according to the sensitivity of the data and other circumstances, we ensure that these third parties handle the data appropriately. We cannot comply with your objection to data transfer where such data disclosures are necessary for our activities. We also allow certain third parties to collect personal data from you on our website and at our events (e.g. media photographers, providers of tools we have integrated into our website, etc.). To the extent that we are not significantly involved in these data collections, these third parties are solely responsible. For concerns and the assertion of your data protection rights, please contact these third parties directly.
7. Is your personal data disclosed abroad?
As explained in Section 6, we also disclose data to other entities. These are not only located in Switzerland. Therefore, your data may be processed in Europe as well as in the USA; in exceptional cases, it could be in any country worldwide. If a recipient is in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised Standard Contractual Clauses of the European Commission, which can be accessed) here, unless they are already subject to a legally recognized framework ensuring data protection, and unless we can rely on an exception provision. An exception may particularly apply in legal proceedings abroad, but also in cases of overriding public interest, or if contract execution requires such disclosure, if you have consented, or if it concerns data you have made publicly available and have not objected to its processing. Many states outside of Switzerland, the EU, and the EEA currently do not have laws that ensure a level of data protection considered adequate from the perspective of the DPA or GDPR. The aforementioned contractual arrangements can partially compensate for this weaker or absent legal protection. However, contractual arrangements cannot eliminate all risks (especially those of state access abroad). You should be aware of these residual risks, even if the risk in individual cases may be low and we take further measures to minimize it. Please also note that data exchanged over the Internet often pass through third countries. Therefore, your data may end up abroad even if the sender and recipient are in the same country.
8. How long do we process your data?
We process your data for as long as our processing purposes, legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require, or as long as storage is technically necessary. Further information on the respective storage and processing duration can be found for each data category in Section 3. If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the expiry of the storage or processing duration as part of our usual procedures. Documentation and evidence purposes include our interest in documenting processes, interactions, and other facts in the event of legal claims, discrepancies, purposes of IT and infrastructure security, and proof of good corporate governance and compliance. Technically necessary storage may occur when certain data cannot be separated from other data, and we must therefore store them together (e.g. in the case of backups or document management systems).
9. How do we protect your data?
We implement appropriate security measures to preserve the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counter the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access. These security measures, both technical and organizational in nature, can include measures such as encryption and pseudonymization of data, logging, access restrictions, storing security backups, instructions to our employees, confidentiality agreements, and controls. We protect the data transmitted via our website on the transport path using suitable encryption mechanisms. However, we can only secure areas that we control. We also oblige our processors to implement appropriate security measures. Nonetheless, it is generally not possible to completely eliminate security risks; residual risks are unavoidable.
10. What are your rights?
The applicable data protection law grants you the right under certain circumstances to object to the processing of your data, especially for purposes of direct marketing, direct advertising, and other legitimate interests in processing. To facilitate your control over the processing of your personal data, depending on the applicable data protection law, you also have the following rights in connection with our data processing:
- the right to request information from us about whether and what data we process from you;
- the right to request that we correct data if it is incorrect;
- the right to request the deletion of data;
- the right to request the release of certain personal data in a common electronic format or their transfer to another controller;
- the right to revoke consent, insofar as our processing is based on your consent;
- the right to request further information necessary for exercising these rights;
If you wish to exercise the above rights towards us, please contact us in writing, or, unless otherwise indicated or agreed, by email; our contact details can be found in Section 2. You also have these rights against other entities that work independently with us - please contact them directly if you wish to exercise rights in connection with their processing. Information on our important cooperation partners and service providers can be found in Section 6. Please note that these rights are subject to conditions, exceptions, or restrictions under the applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly, if necessary. In particular, we may need to continue processing and storing your personal data to fulfill a contract with you, to protect our own legitimate interests, such as asserting, exercising, or defending legal claims, or to comply with legal obligations. To the extent legally permissible, especially to protect the rights and freedoms of other affected persons and to preserve legitimate interests, we may therefore wholly or partially reject a data subject's request (e.g. by redacting certain content affecting third parties or our trade secrets). If you disagree with our handling of your rights or data protection, please inform us (Section 2). Particularly if you are in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority of your country.
11. Do we use online tracking and online advertising techniques?
On our website, we do not use techniques that allow us to recognize you and track your activities across multiple visits. We only use technically necessary cookies, for example, to determine the language of the website. Cookies are individual codes (e.g., a serial number) that our server or a server of our service providers or advertising partners transmits to your system when connecting to our website, and that your system (browser, mobile) receives and stores until the programmed expiration date. Necessary Cookies: Some cookies are essential for the functioning of the website itself or certain features. For example, they ensure that you can navigate between pages without losing information entered in a form. These cookies exist only temporarily ("Session Cookies"). Other cookies are necessary so that the server can store decisions or inputs you have made beyond a session (i.e. a visit to the website), such as your chosen language. We use Vercel Web Analytics from Vercel (Section 6). This service uses only anonymized data and does not use performance or marketing cookies.
12. What data do we process on our social network pages?
We may link to our appearances on various social media platforms at some places on our website. Since social media platforms are only linked, no data is transmitted to the social media platforms when visiting our website. We may operate pages and other online presences on social networks and other platforms operated by third parties (such as "Fanpages", "Channels", "Profiles", etc.) and collect the data about you as described in Section 3 and subsequently. We receive this data from you and the platforms when you interact with us through our online presence (e.g. when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms analyze your use of our online presences and link this data with other known data about you (e.g. regarding your behavior and preferences). They also process this data for their own purposes in their own responsibility, particularly for marketing and market research purposes (e.g. to personalize advertising) and to manage their platforms (e.g. what content they show you). We receive data about you when you communicate with us through online presences or view our content on the corresponding platforms, visit our online presences, or are active in them (e.g. publish content, post comments). These platforms also collect, among others, technical data, registration data, communication data, behavioral and preference data from or about you (for the terms, see Section 3). Regularly, these platforms statistically evaluate the way you interact with us, how you use our online presences, our content, or other parts of the platform (what you view, comment on, "like", share, etc.) and link this data with further information about you (e.g., information about age and gender and other demographic data). This way, they also create profiles about you and statistics on the use of our online presences. They use these data and profiles to show you our or other advertising and other content on the platform personalized and to control the behavior of the platform, but also for market and user research and to provide us and other entities with information about you and the use of our online presence. We can partially control the evaluations that these platforms create regarding the use of our online presences. We process these data for the purposes described in Section 4, particularly for communication, marketing purposes, and market research. The corresponding legal bases can be found in Section 5. Content published by you (e.g. comments on an announcement), we may redistribute ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments). For more information on the processing by the platform operators, please refer to the privacy notices of the platforms. There you can also find out in which countries they process their data, what rights to information, deletion, and other affected rights you have, and how you can exercise them or obtain further information.
13. Can we update this privacy notice?
We may adjust this privacy policy at any time. The version published on this website is always the current version.
Last update:
March 25, 2024