1. Data controller and data protection officer
The data controller responsible for the collection and processing of your personal data within the meaning of the data protection laws is:
All data subjects may contact our data advisor directly at any time if they have any questions or concerns about data protection:
The representative of Group companies not established in the European Union is Swiss Infosec (Deutschland) GmbH, Unter den Linden 24, 10117 Berlin, Germany; e-mail: email@example.com.
To ensure compliance with data protection laws, the representative serves in particular as a contact for supervisory authorities and data subjects on all issues related to processing.
2. General information about personal data and processing
2.1 How do we handle personal data?
Our website can generally be used without having to provide any personal data. However, the use of certain website features by the data subject (e.g. contact via contact form, newsletter subscription) may make it necessary to process personal data.
Should the processing of personal data be necessary but there is no lawful basis for the processing where one is required, for example performing a contract or fulfilling a legal obligation, we will generally obtain the consent of the data subject. Furthermore, personal data is always processed in accordance with the provisions of the applicable data protection laws.
2.3 Types of personal data
We process personal data that we receive or collect from, or which we create for, customers, website visitors, job applicants and other individuals.
This includes but is not limited to the following types of personal data:
- Contact details and identification data (e.g. first and last names, postal address, telephone number, e-mail address, user account information)
- Contract data (e.g. information about purchased services/products, fees)
- Communication data (e.g. physical or electronic correspondence with HOCHDORF, use of our contact form, telephone or video calls, appointment booking details)
- Marketing data (e.g. information about subscribing to a newsletter or entering a competition)
- Data related to eligibility for product discounts (to support people in need of financial assistance or mothers who have given birth to twins)
- Data related to job applications (e.g. recommendation and/or application letters, CVs, qualifications, references)
- Meta/usage data and other technical data (e.g. IP address, MAC address of smartphone or computer, device details and settings, cookies)
To the extent permitted, we also collect data from public sources (e.g. debt collection registers, land registers, commercial registers, the media, the Internet) or from authorities and other third parties (e.g. list brokers). In addition to the personal data that you provide to us directly, we also receive personal data from third parties, which falls into the following categories in particular: information about you in correspondence and discussions with third parties; information about you from individuals in your circle (family, advisors, legal representatives, etc.) so that we can conclude or perform contracts with you or with your involvement (e.g. references, your delivery address, powers of attorney); information for complying with legal requirements; information from banks, insurance companies, sales and other contractual partners of ours concerning the use/provision of services/consideration by you (e.g. payments made, services provided); information about you in the media or on the Internet (where applicable in specific cases, e.g. in the context of applications, marketing/sales, etc.); your addresses and, if applicable, interests and other socio-demographic data (for marketing).
2.4 Purposes and lawful bases for processing personal data
To the extent permitted and when deemed appropriate by us, we process your personal data and that of other individuals for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
- Visiting and using our web pages (see details below)
- Registering for a new user account as a requirement for obtaining certain services from us
- Communicating with customers and third parties and processing enquiries
- Purchasing products from our Bimbosan online shop/fan shop
- Providing advice on the purchase of our products
- Billing and payment management: During the course of providing our services, personal data such as bank details, billing addresses and payment information are collected and processed in order to charge for the provided services
- Administration and invoicing
- Advertising and marketing, unless you have objected to your data being used for these purposes (if we send you advertising messages as an existing customer, you can object at any time, in which case we will add you to a blocklist to prevent you from receiving any further messages of this kind)
- Improving our services and website, as well as any other platforms on which we are present
- Job applications (see details below)
- Market and opinion research, media monitoring
- Asserting and defending legal claims in connection with legal disputes and official proceedings
- Complying with legal requirements
- Maintaining our operations, especially the IT infrastructure, our website and other platforms
If the processing of personal data is necessary for the performance of a contract with you (e.g. in the case of processing operations that are necessary for the delivery of goods or the provision of other services or consideration), this performance of the contract constitutes the lawful basis. The same applies to processing operations that are necessary for taking pre-contractual steps, such as in the case of enquiries about our products or services.
If we are subject to a legal obligation that requires personal data to be processed, then this obligation constitutes the lawful basis for processing.
If the processing of personal data is necessary due to vital interests, these vital interests constitute the lawful basis for processing.
If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, then these legitimate interests constitute the lawful basis for processing.
If you have granted us consent to process your personal data for specific purposes, we will process it within the context and on the basis of this consent, unless we have or require another lawful basis. Consent may be withdrawn at any time; however, this will not affect data processing that has already occurred. To withdraw your consent, please contact us by e-mail or by post using the (e-mail) address provided in Section 1.
2.5 Data disclosure and transfer of data abroad
To the extent permitted and appropriate, we also share personal data with third parties in the context of our activities and for the aforementioned purposes because they process data on our behalf (outsourcing based on a data processing agreement) or because they intend and are legally allowed to use this data for their own purposes (data disclosure). This concerns the following in particular:
- Companies of the HOCHDORF Group
- Service providers, including data processors, suppliers and other business partners/associates
- IT service providers (e.g. web hosting providers, CRM/online marketing service providers)
- Banks and payment service providers, debt collection agencies
- The public, including visitors of websites and social media platforms
- Debt collection partners
- Other parties involved in potential or actual legal proceedings
Some data recipients may be located abroad. Whenever possible, your data is processed in Switzerland or within the European Union (EU) or the European Economic Area (EEA). If data could be transferred to a country where an adequate level of data protection is not ensured by laws (e.g. the USA), we require the recipient to take appropriate measures to protect personal data (e.g. by applying so-called “EU Standard Contractual Clauses”). More information on this and a copy of the EU Standard Contractual Clauses can be found at: www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-insausland.html. In certain cases, we may transmit data in accordance with data protection regulations even without such contracts, for example if you have given your consent to the disclosure or if the disclosure is necessary for the performance of the contract, for establishing, exercising or asserting legal claims, or for overriding public interests. Especially in relation to website tracking using Google Analytics and HubSpot, data may be transferred to countries without adequate data protection (see below).
2.6 Data security
As the data controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed through this website is protected as effectively as possible against loss, manipulation and unauthorised access by third parties. The measures taken are designed to ensure the confidentiality and integrity of your personal data, as well as the availability and resilience of our systems and services, at all times during the processing of your personal data. They also ensure that your personal data can be swiftly restored and accessed by you again in the event of a physical or technical incident.
Our website and blog have an SSL certificate integrated for enhanced security. The SSL certificate is used to encrypt data that is exchanged over HTTP. However, transferring data over the Internet is generally prone to security vulnerabilities, meaning that complete protection cannot be guaranteed.
Our security measures are continuously improved in line with technological advancements.
We also take the protection of our own data seriously. Our employees and contractors are obliged to maintain confidentiality and to comply with the provisions of data protection law. In addition, they are only given access to your personal data to the necessary extent.
2.7 General information about data erasure and retention periods
3. Online marketing and digital communication with Brevo
On our website, we use the marketing automation software Brevo by Sendinblue GmbH, a German company with its registered address at Köpenicker Strasse 126, 10179 Berlin (hereinafter referred to as “Brevo”).
Brevo is an integrated software solution that covers various aspects of our digital marketing, sales and customer relationship management. We also use this tool for analysing our web offerings, which allows us to improve them and provide you with an optimum, user-friendly service.
We use Brevo for:
- Our contact forms
- Newsletter registration and distribution
- The creation of landing pages that are part of advertising campaigns or which offer interaction options such as contact forms or white paper downloads
- Social media linking or sharing
- Website usage analysis (e.g. access, pages visited, visit duration, etc.) and newsletter interaction analysis (e.g. open rates, click rates, unsubscribes)
The content of our web pages, as well as the personal data that you provide when using contact forms or registering for our newsletter, for example, are stored on servers of our software partner Brevo in the EU.
According to Brevo, its data centres are located exclusively within the EU. Brevo also claims to apply EU Standard Contractual Clauses for the transfer of personal data to countries where there is no adequate data protection. In addition, Brevo is certified according to the ISO 27001:2013 standard.
4. Online marketing and digital communication with HubSpot
On our website and blog, we use the marketing automation software HubSpot, provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, or if you have your habitual residence in the EEA or Switzerland, HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (hereinafter referred to as “HubSpot”). HubSpot is an integrated software solution that covers various aspects of our digital marketing, sales and customer relationship management. We also use this tool for analysing our web offerings, which allows us to improve them and provide you with an optimum, user-friendly service.
We use HubSpot for:
- Our contact forms
- Newsletter registration and distribution
- Content management for our blog HOCHDORF Inside
- The commenting function on our blog and for the subscription to blog updates
- The creation of landing pages that are part of advertising campaigns or which offer interaction options such as contact forms or white paper downloads
- Social media linking or sharing
- Website usage analysis (e.g. access, pages visited, visit duration, etc.) and newsletter interaction analysis (e.g. open rates, click rates, unsubscribes, etc.)
The content of our web pages, as well as the personal data that you provide when using contact forms or registering for our newsletter, for example, are stored on servers of our software partner HubSpot in Germany.
HubSpot also claims to apply EU Standard Contractual Clauses for the transfer of personal data to countries where there is no adequate data protection. Because these measures might not be sufficient on their own, HubSpot’s US subsidiary is certified under the terms of the Swiss-US and the EU-US Privacy Shield frameworks and is therefore obliged to ensure that the transfer of personal data is protected adequately to the same extent as in the EU and thus in Switzerland.
5. Contact form on landing page and e-mail contact
Our product-specific landing pages contain a contact form that you can use to contact us quickly by electronic means. Alternatively, you can contact us using the specified e-mail address. In both cases, the information that you provide will be processed for the purpose of communicating with you or processing and handling your enquiry.
The mandatory details (*) are needed to process your enquiry. Providing additional details voluntarily makes it easier for us to process your enquiry and enables us to provide you with more accurate information.
Your personal data will not be shared with unauthorised third parties.
The lawful basis for processing contact enquiries may in particular be our legitimate interest. This interest lies in communicating with you and answering your enquiries promptly. If we process your data to perform a contract to which you are a party or in order to carry out pre-contractual measures, this will constitute the lawful basis.
Your personal data will be stored in our marketing automation tools HubSpot or Brevo. You may at any time object to the processing of your data. Please send your objection to firstname.lastname@example.org. In such case, all personal data stored in the course of contacting us will be promptly erased.
On our website, you have the option to subscribe to our newsletter. Through this newsletter, we provide you with information about us and our offerings.
The mandatory details (*) are needed to send you the newsletter. Providing additional information voluntarily allows us to address you in a more targeted manner and provide you with more tailored information.
The following technical data is collected during registration:
- IP address
- Time of registering and consent
- Online form used for registering
- Information about double opt-in workflow
Other data that may be collected during the course of newsletter marketing:
- Each newsletter contains a link to a preference page on which you can specify your interests (e.g. marketing information, events), so that we can provide you with information about topics that are relevant to you.
- To the extent permitted, we include both visible and invisible image elements in our newsletters and other marketing e-mails. By retrieving these elements from our servers, we can determine if and when you have opened the e-mail. This allows us to measure and gain a better understanding of how you use our offerings and to consequently tailor them to your needs and preferences. You can block this in your e-mail program; most are configured to do so by default.
The newsletter is sent out on the basis of your registration on our website. Your consent constitutes the lawful basis for processing your personal data after you subscribe to our newsletter. In the case of existing customers, we may also send such newsletters based on our legitimate interest.
Your personal data is used solely for the regular distribution of our newsletter and is not shared with unauthorised third parties. The data is retained in our marketing automation tools HubSpot or Brevo for as long as the subscription is active. You may at any time withdraw your consent to the processing of your data and/or unsubscribe from the newsletter free of charge. Each newsletter contains an unsubscribe link. You can also e-mail us at email@example.com at any time to withdraw your consent. All personal data stored during the newsletter subscription process will be promptly erased upon withdrawal of consent and a simultaneous request for data erasure.
We regularly create downloads such as white papers, info graphics, e-books, presentations and flyers. Creating a detailed white paper or info graphic requires substantial preparation time and thus valuable resources.
Regarding the points explained in Section 3.2 concerning the scope and purpose of processing, its lawful basis and storage, and the withdrawal and erasure periods, we may collect marketing-specific data for certain downloads, such as company name, position, etc. Analysing this data helps us to create additional content.
8. Commenting function
Our blog contains a commenting function that allows you to comment on our posts. To use this commenting function, you must provide your first name (or a pseudonym) and your e-mail address. The provision of any other details, such as name or website, is voluntary. Your e-mail address is needed so that we can forward any complaints about your blog comments and request your response if necessary. When you leave a comment on our blog, the entered first name and the time of posting the comment will be published in addition to the comment itself. Your e-mail address and any other voluntary information will be stored in HubSpot and processed solely for the purpose of the commenting function; it will not be published or shared with third parties. Your IP address will also be logged. This is done for security reasons and in case someone leaves unlawful content in the comments. The storage of this personal data is therefore in our own interest, as it enables us to provide evidence in the event of a legal violation. The personal data that you provide will not be shared with third parties unless such disclosure is legally required or serves legal defence purposes.
We reserve the right to delete comments containing offensive, threatening, untrue or racist content.
If you provide us with your personal data through the commenting function, your disclosure of this data is always on an expressly voluntary basis. The lawful basis for processing is our legitimate interest.
Your personal data will be stored in our marketing automation tool HubSpot until you object to the processing. You may at any time object to the processing of your data that has been sent through the commenting function. Please send your objection to firstname.lastname@example.org. In such case, all of your personal data stored in connection with the commenting function will be promptly erased. This means that all of your comments on our blog will also be erased.
9. Analytics and reporting
Through HubSpot or Brevo, we can collect and analyse various analytics data, including:
- Website and blog activity
- Number of page views and duration of website visits
- The click path of individual visitors
- Downloads of files made available through the website
- Visits to landing pages
- Opening rates of e-mails for newsletters and campaigns
The lawful basis for processing is our legitimate interest. Our legitimate interest in processing consists of further improving our offerings and our website and adapting them to customer needs.
You can opt out of tracking at any time by clicking the “Decline” button in the cookie notification.
If you apply for a job with us, we will process your personal data for the purpose of conducting the application process. Processing may also be carried out electronically, especially if an applicant sends corresponding application documents to us by electronic means, such as by e-mail or via an online form on the website.
This data will only be stored, analysed, processed or forwarded internally in connection with your application. It may also be processed for statistical purposes (e.g. reporting). In such case, it will not be possible to identify individuals directly from the data.
The applicant data marked as mandatory (* mandatory) is needed to associate the application with you, to contact you about your application and to assess the prospects of your application.
You may withdraw your consent at any time. To do so, please e-mail us at email@example.com or firstname.lastname@example.org or at the e-mail address specified in the job ad. In such case, all personal data stored in the course of the application process will be promptly erased.
If we conclude an employment contract with you, the provided data is stored for the purpose of executing the employment relationship in accordance with the legal provisions. If an employment contract is not concluded at the end of the application process, your application documents will be deleted six months after the conclusion of the application process, unless you have expressly given us your consent to store and retain your information in our pool of candidates for a maximum of one year for the purpose of filling future positions. You may withdraw this consent at any time. Please send your withdrawal to email@example.com or firstname.lastname@example.org or to the e-mail address of your HR contact.
A distinction can be made between first-party and third-party cookies. First-party cookies are those that are set for our website. All other cookies are third-party cookies. Our web pages use both first-party and third-party cookies.
Not all cookies collect personal data.
Personal data that can be collected by cookies includes:
- IP address
- Login information
Non-personal data that can be collected by cookies includes:
- Browser language
- Session information
Most of the cookies that we use are so-called “session cookies”, which are automatically erased at the end of your visit to the website. Other cookies will remain on your device until you delete them. We also use analytics cookies. These serve to monitor and track anonymous user behaviour on the website, such as the number of visits per page. The collected data is used exclusively to optimise the performance and design of this website. These cookies are third-party cookies (e.g. Google Analytics, HubSpot, Brevo). However, the data is collected in anonymised form and used only by us.
If you do not generally want cookies to be used, you can view and delete stored cookies in your browser settings and control how cookies are used. For more information, please consult your browser’s help section or contact the developer. Please be aware that, if you do not allow cookies, essential parts of our website and the services offered there may no longer function properly.
The lawful basis for the processing of personal data through strictly necessary cookies is our legitimate interest. The lawful basis for the processing of personal data through non-essential cookies (analytics cookies) is your consent.
12. Google Analytics
Our website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your habitual residence in the EEA or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
Google will use this information on our behalf to analyse your use of our website, to compile reports on website activity and to provide us with other services relating to website and Internet usage. Pseudonymous user profiles may be created from the processed data.
With Google Analytics 4, anonymisation of IP addresses is activated by default. This means that, within Switzerland or the EU/EEA, Google will truncate your IP address before transmission. Only in exceptional cases is the full IP address sent to a Google server and truncated there.
The IP address that your web browser transmits within the context of Google Analytics is not combined with other data held by Google. You can prevent cookies from being stored by changing the corresponding settings in your browser software. Furthermore, you can prevent the data that the cookie generates about your use of our website from being sent to and processed by Google; this can be done by downloading and installing the browser plug-in from this link: https://tools.google.com/dlpage/gaoptout?hl=en. However, please be aware that you might not be able to enjoy all functions of this website if you do so.
The lawful basis for the processing of your personal data is your consent or our legitimate interest.
We use tools provided by Google which, according to Google, can process personal data in countries where Google or its sub-contractors maintain facilities. In its Data Processing Addendum for Products where Google is a Data Processor, Google warrants to ensure an adequate level of data protection based on EU Standard Contractual Clauses. Because this might not offer complete protection, Google is also certified within the EU-US or the Swiss-US Privacy Shield frameworks.
Your personal data is erased or anonymised after 14 months.
More information about Google’s privacy terms can be found here: https://marketingplatform.google.com/about/analytics/terms/us/
and here: https://policies.google.com/privacy
13. Google Marketing Platform
GMP can also use cookie IDs to track so-called “conversions”, i.e. whether a user sees a GMP ad then visits the advertiser’s website at a later point in time and makes a purchase. According to Google, GMP cookies do not contain any personal information.
Your browser automatically establishes a direct connection with Google’s server. We have no control over the scope and subsequent use of the data collected by Google through the use of this service. According to Google, integration of GMP informs Google that you have accessed certain parts of our website or clicked on one of our ads. If you are logged into a Google service, Google can associate your visit to the website with your user account. Even if you are not registered with Google or have not logged into a Google service, there is still a possibility that the provider will obtain and store your IP address.
Appropriate safeguards have been implemented by applying EU Standard Contractual Clauses, since the transfer of data to countries with inadequate data protection cannot be ruled out. We use GMP on the basis of our legitimate interest. More information about GMP can be found on the Google Marketing Platform website.
14. Google Floodlight
Based on our legitimate interest, the Bimbosan website uses the Google Floodlight Tag to measure the effectiveness of our advertising campaigns, to limit how often you see a particular ad, and to only display ads that are relevant to you and your interests. In particular, information about the ads you have clicked on and your past user behaviour on third-party websites is collected and stored. By means of a cookie ID, Google tracks which ads are displayed in a particular browser and prevents them from being shown multiple times. In addition, Google can use cookie IDs to track conversions related to ad requests. This occurs when a user sees a Google ad and visits our website with the same browser at a later point in time and makes a purchase. These cookies do not contain personal information such as e-mail addresses, names or addresses.
Due to the marketing tools that are used, your browser automatically establishes a direct connection to Google’s server. By integrating the Floodlight Tag, Google can see that you have accessed certain parts of our website or clicked on one of our ads.
In addition, the implemented Floodlight Tags enable us to understand whether you perform specific actions on our website after viewing or clicking on one of our display/video ads on a different platform (conversion tracking). Google uses this cookie to understand the content with which you have interacted on our web pages, allowing it to send you targeted advertising in the future.
Appropriate safeguards have been implemented by applying EU Standard Contractual Clauses, since the transfer of data to countries with inadequate data protection cannot be ruled out. Use of the Floodlight Tag is based on our legitimate interest.
15. Meta Pixel
On the Bimbosan website, we have integrated the Meta Pixel, a code snippet from Meta Platforms Inc. based in the USA, or if you have your habitual residence in the EEA or Switzerland, from Meta Platforms Ireland Ltd. based in Ireland (hereinafter referred to as “Meta”).
The Meta Pixel enables Meta to identify visitors to our web pages as a target audience for displaying ads (so-called “Facebook” or “Instagram ads”). This means that we use the Meta Pixel to display our Facebook and Instagram ads only to those Facebook and/or Instagram users who have shown an interest in our online offerings or have certain characteristics that we specify to Meta (e.g. an interest in certain topics or products, as determined on the basis of web pages they have visited; so-called “custom audiences”). By using the Meta Pixel, we aim to ensure that our Facebook and Instagram ads match the potential interests of users and do not appear intrusive.
Furthermore, the Meta Pixel allows us to track the effectiveness of Facebook and Instagram ads for statistical and market research purposes. This includes observing whether users are redirected to our website after clicking on a Facebook or Instagram ad (so-called “conversions”).
By using cookies, Meta can recognise you within the member area of Facebook or Instagram and optimise the efficiency of ads, for example by offering targeted ads to specific audiences. This requires you to be logged into the member area of Facebook or Instagram. If you do not have a Facebook or Instagram account, this data processing does not affect you.
16. Google Maps
On our web pages, we use Google Maps, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). This allows us to show you interactive maps directly on the website and enables convenient use of the map function.
When you use Google Maps, information about your use of our website (including your IP address) may be transmitted to and stored on a Google server in the USA. Google may store this data as user profiles for the purpose of advertising, market research and/or tailoring its services to the users’ needs. If you are logged into Google, your information will be directly associated with your account. If you want to prevent this, you must log out beforehand.
Appropriate safeguards have been implemented by applying EU Standard Contractual Clauses, since the transfer of data to countries with inadequate data protection cannot be ruled out. The lawful basis for the processing of your personal data is our legitimate interests.
If data is processed in the USA, Google applies EU Standard Contractual Clauses. Because this might not be sufficient on its own, Google is also certified within the Swiss-US and EU-US Privacy Shield frameworks and thereby guarantees compliance with Swiss or European data protection regulations. More information on this can be found at: www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
17. Social media
Our website links to your Facebook, Twitter and LinkedIn websites. By linking to these pages using the respective icons, no data is transmitted to social media providers. Only when you actively click on one of the icons displayed on the website is a connection between your browser and the server of the respective social network established and your data transmitted to the respective provider. We have no control over the type and scope of data that is subsequently collected by the social networks.
Please note that you use our Twitter and LinkedIn pages and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The data collected about you in this context is processed by Twitter Inc. and LinkedIn Inc. and may be transferred to countries outside of Switzerland or the EU/EEA. The information that Twitter and LinkedIn receive and how they use it is described by the providers in general in their privacy policies, which also contain contact details and information about the different ad settings. The privacy policies can be found here:
18. Facebook Connect
If you have a Facebook account, you can log into our Bimbosan website with so-called single sign-on using the Facebook Connect social plug-in from Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The social plug-ins of Facebook Connect are recognisable by the button with the Facebook logo and the text “Connect with Facebook”, “Log in with Facebook” or “Sign in with Facebook”. Appropriate safeguards have been implemented by applying EU Standard Contractual Clauses. When you visit one of our web pages that contains such a plug-in, your browser establishes a direct connection to the Facebook servers. Facebook transmits the content of the plug-in directly to your browser and integrates it into the page. As a result of the plug-in being integrated, Facebook is informed that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. Your browser transmits this information (including your IP address) directly to a Facebook server in the USA, where it is then stored.
If the Facebook Connect button is used, we will only receive the general and publicly accessible information from your Facebook profile if, before the registration process, you have been appropriately informed that data will be shared with Facebook and you have provided your express consent. The information that is shared is based on your personal privacy settings in Facebook and may include your user ID, name, profile picture, age and gender.
If you do not want Facebook to link the data collected through our website directly to your Facebook profile, you must log out of Facebook before visiting our web pages.
19. YouTube videos
On our website, videos are embedded from YouTube, a platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your habitual residence in the EEA or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Usually, your IP address is sent to YouTube and cookies installed on your device as soon as you visit a page with embedded videos.
Our website is intended for an adult audience. Minors, especially children under the age of 16, are prohibited from sending their personal data to us or registering for a service without the consent or permission of their parents or legal guardians. If we determine that such data has been sent to us, it will be promptly erased. The child’s parents (or legal guardians) can get in touch with us to request erasure or deregistration.
22. Server log files
Each time you access our web pages, our hosting provider automatically collects and stores information that your browser transmits to us and stores it in so-called “log files”. This includes:
- Website visited
- Time and date of the website visit and server request
- Time difference to Greenwich Mean Time (GMT)
- Access status/HTTP status code
- Transferred volume of data
- Notification that the website was accessed successfully
- Browser type and version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing device
- IP addresses
The temporary storage of the IP address by the system is necessary to enable the delivery of our web pages to your device. For this purpose, the IP address must be stored for at least the duration of the session. In addition, the data in the log files is used by us to optimise and ensure the security of our web pages. Log files are not used to analyse the behaviour of website visitors or for marketing purposes, and they are not linked to other data about you that we collect. The storage of IP addresses enables us to take legal action in the event of cyberattacks or unlawful use, since IP addresses can be traced back to users through their service provider, making it possible to identify the responsible parties. The log files are therefore stored by our hosting partner for a maximum period of 14 days and then deleted.
The lawful basis for the temporary storage of data in the log files is our legitimate interest. The collection of data for the provision of the web pages and the storage of data in log files are essential for the operation of our website. Consequently, there is no option for you to object in this case.
23. Your rights
You generally have the following rights in relation to your personal data: right to be informed, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object to processing, right to withdraw consent.
Please note, however, that we reserve the right to assert legally prescribed limitations, such as in cases where we are obliged to retain or process specific data, have an overriding interest in doing so (to the extent that we are entitled to) or need it for asserting legal claims.
Exercising these rights could potentially conflict with contractual agreements and may, among other things, have cost implications or result in premature contract termination. In such cases, we will inform you in advance, where this is not contractually regulated.
If you believe that the processing of your personal data violates data protection law, or that your data protection rights have been violated in another way, you can lodge a complaint with the relevant supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/).
To exercise your rights under data protection law, you will usually need to provide clear proof of your identity (e.g. a copy of your identification document if your identity is otherwise not clear or cannot be verified). To exercise your rights, please contact us by e-mail using the contact details provided in Section 1.
Current policy effective: 30 August 2023