The Webiste is subject to Swiss data protection laws as well as any applicable foreign data protection legislation, in particular of the European Union (EU), i.e., the General Data Protection Regulation (GDPR). The European Commission acknowledges that an adequate level of data protection is guaranteed under Swiss data protection legislation.
Data Protection Representation in the European Economic Area (EEA)
We have the following data protection representation pursuant to Art. 27 GDPR in the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for enquiries in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
2. Processing of Personal Data
Personal Data means any information relating to an identified or identifiable natural person. A Data Subject is a person whose Personal Data is processed. Processing comprises any handling of Personal Data, irrespective of the means and procedures applied, in particular the storage, disclosure, procurement, collection, erasure, retention, modification, destruction and utilization of Personal Data.
2.2 Legal Basis
We process Personal Data in line with Swiss data protection legislation, including, in particular, the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
Where and to the extent that the General Data Processing Regulation (GDPR) is applicable, we process Personal Data at least in accordance with one of the following legal bases:
- Point (b) of Art. 6(1) GDPR for the necessary Processing of Personal Data in order to perform a contract with the Data Subject and to implement pre-contractual measures.
- Point (f) of Art. 6(1) GDPR for the necessary Processing of Personal Data for the purposes of our or third-party legitimate interests, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the Data Subject. Legitimate interests particularly include our interest to be able to provide the Website in a permanent, user-friendly, secure and reliable way and to advertise it when necessary, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss laws.
- Point (c) of Art. 6(1) GDPR for the necessary Processing of Personal Data in order to fulfil a legal obligation to which we are subject under any applicable legislation of member states in the European Economic Area (EEA).
- Point (e) of Art. 6(1) GDPR for the necessary Processing of Personal Data for the performance of a task carried out in the public interest.
- Point (a) of Art. 6(1) GDPR for the necessary Processing of Personal Data with the consent of the Data Subject.
- Point (d) of Art. 6(1) GDPR for the necessary Processing of Personal Data in order to protect the vital interests of the Data Subject or of any other natural person.
2.3 Nature, Scope and Purpose
We process any Personal Data that is necessary in order to provide our Website in a permanent, user-friendly, secure and reliable way. Such Personal Data may fall into the categories of inventory and contact data, content data, meta and/or marginal data as well as usage data, location data, contractual data and payment data. Personal Data the Processing of which is necessary will be marked accordingly.
We process Personal Data for any duration that is required for the respective purpose or the respective purposes or by law. Any Personal Data whose Processing is no longer necessary will be anonymized or erased.
In principle, we process Personal Data only after the Data Subject has given its consent, unless Processing is permissible for any other legal grounds, for example for the performance of a contract with the Data Subject and for corresponding pre-contractual measures in order to safeguard our prevailing legitimate interests, since such Processing is apparent from the circumstances or after prior information.
Within this framework, we process, in particular, information provided by a Data Subject to us voluntarily and by himself/herself upon establishment of contact, for example by postal mail, e-mail, contact form, social media or telephone. We may retain such information, for example, in an address book, in a customer relationship management system (CRM system) or using comparable aids. Where you transfer Personal Data about third parties to us, you are obliged to guarantee data protection towards such third parties and to ensure that such Personal Data are accurate.
Moreover, we process Personal Data we receive from third parties, procure from publicly accessible sources or collect upon provision of the Website where and to the extent that such Processing is permitted on legal grounds.
2.4 Processing of Personal Data by Third Parties
We may engage third parties, especially processors, to process Personal Data or process or transfer Personal Data to third parties jointly with and with the help of third parties. Such third parties include, in particular, providers whose services we use. We guarantee reasonable data protection also at such third parties.
Such third parties are located, in principle, in Switzerland as well as in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein. Nonetheless, such third parties may also be located in other countries in the world or elsewhere in the universe, where their data protection legislation according to the Federal Data Protection and Information Commissioner (FDPIC) and, where and to the extent that the General Data Protection Regulation (GDPR) is applicable, according to the assessment of the European Commission, guarantees reasonable data protection, or if reasonable data protection is guaranteed for other reasons, for example by an adequate contractual agreement, especially based on standard contractual clauses, or by an adequate certification. At third parties in the United States of America (USA), the certification under the Privacy Shield can guarantee reasonable data protection. In exceptional cases, such third party may be located in a country without appropriate data protection where the relevant preconditions under privacy law, such as the explicit consent of the Data Subject, are met.
3. Rights of Data Subjects
Data Subjects, whose Personal Data we process, have the rights granted under the Swiss data protection legislation. This includes the right of access as well as the right to rectification, erasure or blocking of the Personal Data processed.
Where and to the extent that the General Data Protection Regulation (GDPR) is applicable, Data Subjects, whose Personal Data we process, may request a confirmation free of charge as to whether we process their Personal Data and, if yes, access to information concerning the Processing of their Personal Data, may have the Processing of their Personal Data restricted, may exercise their right to data portability and may have their Personal Data rectified, erased (“right to be forgotten”), blocked or completed.
Where and to the extent that the GDPR is applicable, Data Subjects, whose Personal Data we process, may revoke a consent given at any time with effect for the future and may object to the Processing of their Personal Data at any time.
Data Subjects, whose Personal Data we process, have the right to lodge a complaint with a competent supervisory authority. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data Security
We take reasonable and adequate technical and organizational measures to guarantee data protection and, in particular, data security. Our employees are obliged to treat Personal Data in a confidential manner and receive regular trainings on data protection, including data security. However, Processing of Personal Data on the Internet may always be subject to security loopholes despite such measures. Therefore, we cannot ensure absolute data security.
Access to the Website is provided by transport encryption (SSL / TLS with HTTPS).
Just as, in principle, any use of the Internet, access to the Website is subject to random mass surveillance without suspicion as well as to other monitoring measures taken by security authorities in Switzerland, in the European Union (EU), in the United States of America (USA) and in other countries. We have no direct influence on the relevant Processing of Personal Data by intelligence agencies, police services and other security authorities.
Cookies may be temporarily retained as “session cookies” in your browser when you visit our Website or as “permanent cookies” for a specific period. “Session cookies” are erased automatically when you close your browser. Permanent cookies enable us, in particular, to recognize your browser the next time you visit our Website, allowing us, for example, to measure the outreach of our Website. Nonetheless, permanent cookies may also be used for purposes such as online marketing.
For cookies used for success and outreach measurement or for advertising, a general objection (“opt-out”) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) may be possible for numerous services.
5.2 Server Log Files
We may collect the following information regarding any access to our Website where such information is transferred by your browser to our server infrastructure or can be identified by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version of our Website, including the amount of data transferred, last website accessed in the same browser window (referrer).
We retain information in server log files that may also represent Personal Data. Such information is required in order to provide the Website in a permanent, user-friendly and reliable way and to ensure data security and thus, in particular, the protection of Personal Data, also by or with the help of third parties. In principle, we use such information in aggregated, anonymized or pseudonymized form and particularly for success and outreach measuring purposes.
5.3 Tracking Pixels
We may use tracking pixels on our Website. Tracking pixels are also referred to as web beacons. Tracking pixels, including of third parties, whose services we use, are small images which are retrieved automatically when you visit our Website. Tracking pixels can be used to gather the same statements as in server log files.
6. Notifications and Communications
We may send notifications and communications such as newsletters by e-mail or via other communication channels such as instant messaging.
6.1 Success & Outreach Measurement
Notifications and communications may contain web links or tracking pixels gathering information as to whether an individual notification was opened and what web links were clicked on in this case (success measurement). Such web links and tracking pixels may gather the use of notifications and communications also with regard to individual persons. We need such statistical measurement of the use for success and outreach measurement activities in order to provide notifications and communications based on the reading habits of the recipients in an effective and user-friendly as well as permanent, secure and reliable way.
6.2 Consent and Objection
In principle, you must explicitly consent to the use of your e-mail address and your other contact addresses, unless such use is permitted on other legal grounds. We use “double opt-in” if we ask for consent to receiving e-mails, which means that you receive an e-mail with a web link you have to click on for confirmation of your consent in order to prevent any misuse by unauthorized third parties. We may log such confirmations of consent including Internet Protocol (IP) address as well as date and time for evidence and security reasons.
In principle, you may unsubscribe from notifications and communications such as newsletters at any time. Notifications and communications which are absolutely necessary for the Website remain reserved. Such unsubscription allows you, in particular, to object to the statistical measurement of your use including success and outreach measurement activities.
6.3 Service Providers for Notifications and Communications
We may have notifications and communications sent by or with the help of service providers. We guarantee reasonable data protection also at such service providers.
We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about Conteo. In this context, Personal Data may also be processed outside Switzerland and the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein.
The relevant general terms and conditions (GTC), privacy policies and other provisions of the individual providers of such online platforms also apply. These provisions in particular contain information on the rights of Data Subjects, especially including the right to access.
If and to the extent that the GDPR is applicable, we are responsible for our social media presence on Facebook jointly with Facebook for page insights. Page insights provide information on how visitors interact with our Facebook page. We use page insights in order to provide our social media presence on Facebook in an effective and user-friendly way. Facebook has published Information about Page Insights Data as well as an Page Insights Controller Addendum.
8. Third-Party Services
We may use third-party services to provide the Website in a permanent, user-friendly, secure and reliable way. Such services also enable us to embed contents such as fonts and videos in the Website. Such services, for example database, e-mail, hosting and retention services, services for spam protection and other aspects of ensuring data safety as well as payment services, need your Internet Protocol (IP) address, since such services can otherwise not transfer the relevant contents. Such services may be located outside Switzerland and the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, where adequate data protection is guaranteed.
Third parties whose services we use may also process data in aggregated, anonymized or pseudonymized form, inter alia with cookies, log files and tracking pixels, in connection with the Website and from other services for their own security-relevant, statistical and technical purposes. Such data is not used to directly contact Data Subjects in connection with the Website .
9. Final Provisions