2. PURPOSE OF THE DATA PROCESSING
The purpose of the SD website is to provide the user with information about SD and its services. Against this background, the processing of the user’s personal data has the main purpose of providing the user with the technically smoothest possible access to the relevant information, to offer an appealing user experience.
3. DATA CONTROLLER / CONTACT POINT FOR DATA PROTECTION CONCERNS
Legally responsible for data processing are Schluep Degen Attorneys at Law, Switzerland. For the address and further details about SD, please refer to the imprint.
All data protection concerns in connection with the use of the SD website, in particular requests for information, deletion, correction and objection, should be addressed to SD via firstname.lastname@example.org with the note “Privacy”.
4. LEGAL BASIS FOR DATA PROCESSING
The processing of personal data by SD is primarily governed by the Swiss Data Protection Act (DPA) and the EU’s General Data Protection Regulation (GDPR). This guarantees a high level of protection and transparency by international standards. Insofar as other applicable national legislation provides for stricter regulations for data processing, SD will apply these stricter regulations in individual cases as far as possible at the latest after being notified accordingly by the affected user.
Insofar as SD obtains the consent of the data subject for processing personal data, art. 4 para. 5 DPA / 6 para. 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, art. 13 (2) a DPA / 6 (1) b GDPR serves as the legal basis. This also applies to data processing that is necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary to comply with a legal obligation to which SD is a subject, art. 4 para. 3 DPA / 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of SD or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, art. 13 para. 1 DPA / 6 para. 1 lit. f GDPR serves as the legal basis for the data processing.
5. GENERAL INFORMATION ON DATA PROCESSING
In case of transfer to third parties who process the data independently or on behalf of SD (data centers, etc.), SD ensures compliance with data protection legislation by contractual means.
Personal user data is regularly deleted as soon as its processing purpose is fulfilled.
6. INDIVIDUAL DATA PROCESSING STEPS
Visit of the website
When you visit the SD website as a user, our system automatically collects the following data and information:
- Device type (computer, smartphone, tablet etc.)
- Information about the browser type and version used
- the operating system
- the internet service provider
- the IP address of the device
- date and time of access
- the page from which the file was requested
- names of the downloaded files
- mount of data transferred
- status codes of the access (http status codes)
This data is stored in the log files of our system. It is not stored together with other personal data of the user. The collection of this data by the system is necessary to enable the smooth transmission of information from the website to the user’s device. In addition, we use the data to optimize the website, to ensure the security of our IT systems and to prevent misuse (e.g. through automated mass queries, spam, etc.).
The legal basis for the collection and storage of this data are art. 4 para. 5 and 13 para. 1 DPA / 6 para. 1 lit. a and f GDPR.
No other personal data of the user is collected when visiting the SD website.
Further use and retention of user data
The log files are regularly deleted from our server and are then available in the backup for a maximum of 2 years before they are completely deleted. The legal basis for this is art. 4 para. 5 and 13 para. 1 DPA / 6 para. 1 lit. a and f GDPR.
SD uses so-called “cookies” on our website. These are small files that are stored on your computer to track your website visit and your preferences as seen from your use of the website. Cookies show how you navigate on our website and may also be used to remember settings between your visits.
We use so-called session cookies, which are stored during your visit to our website and are deleted when you end your browser session. We also use permanent cookies, which remain on your computer even after the end of a browser session. The permanent cookie contains an identification number that allows us to identify your computer. We can use this to improve our services if you visit our website repeatedly. It is not possible for us to assign your other personal data to this identification number. More detailed information on cookies we use can be requested by email via email@example.com.
When accessing our website, you have the option of accepting or rejecting cookies via “privacy settings” banner. You can further set your web browser so that a warning appears on the screen before a cookie is saved or so that the creation of cookies is prevented altogether. You can also delete cookies subsequently via your web browser.
However, please note that disabling or deleting cookies may affect functionalities of our website. Some pages of our website may not function properly if you disable cookies. Below, you will also learn which third-party services using cookies are integrated in our website and how you can prevent certain third-party cookies from being set.
8. THIRD PARTY SERVICES
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) has committed to comply with the Privacy Shield Agreement between the EU and the US on the collection, use and retention of personal data from EU member states, as published by the US Department of Commerce. Google, including Google Inc. and its wholly owned subsidiaries in the US, has declared as part of the certification that it complies with the relevant Privacy Shield principles. This applies to all Google services listed below.
For information on how to deal with the cookies used as part of Google Analytics, please refer to the “Cookies” section above. You can also prevent the collection and processing of data by Google Analytics by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information from Google on Google Analytics, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.
We use the third-party services Google Fonts and Google Maps on our website. These exchange certain user data with Google Inc. as part of the creation of fonts and geographical maps. For more information, please refer to https://www.google.de/intl/de/policies/.
With the exception of the third-party services expressly mentioned here, which are not used by SD to evaluate the individual behavior of persons, SD does not use any automated tools or “spyware” to draw conclusions about the behavior of individual users.
9. RIGHTS OF THE AFFECTED USER
If your personal data is processed, you are a data subject in the sense of the data protection legislation. You have the following rights vis-à-vis the data controller:
- The right to information according to art. 8 DPA / 15 GDPR
- The right to rectification according to art. 5 para. 2/ 16 GDPR
- The right to deletion (“right to be forgotten”) according to art. 15 para. 1 DPA / 17 GDPR
- The right to restriction of processing according to art. 15 para. 1 DPA / 18 GDPR
- The right to information according to art. 19 GDPR
- The right to data portability according to art. 20 GDPR
- The right to object according to art. 15 para. 1 DPA / 21 GDPR
- The right not to be subject to automated decision-making under art. 22 GDPR
- The right to withdraw consent to the processing of personal data according to art. 4 para. 5 DPA / art. 7 para. 3 GDPR
To exercise these rights, please contact the data controller using the contact details provided.
Without prejudice to any other administrative or judicial remedy, you also have the right to involve the competent data protection authority, in particular in the country of your residence, your place of work or in the place of the alleged infringement, if you believe that the processing of your personal data infringes data protection legislation.
Right of objection (art. 15 para. 1 DPA / 21 GDPR)
Insofar as we process personal data as explained above in order to protect our legitimate interests that prevail in the context of a balancing of interests, you can object to this processing with effect for the future, but only if there are reasons that arise from your particular situation. If the processing is carried out for direct marketing purposes, you can exercise this right at any time without having to provide reasons.
After you have legitimately exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. This restriction does not apply if the processing is for direct marketing purposes.
10. YOUR CHOICES
Opt Out of Marketing Communications
You may change your subscription preferences or opt out of marketing-related emails by following the opt-out prompt in the email. To opt out of other forms of marketing communications, please contact us using the contact information provided in Section 3.
Consequences of Not Providing Personal Information
11. NOTICE TO CALIFORNIA RESIDENTS
Personal Information We Collect
In the past 12 months, we have collected the following categories of personal information: identifiers (real name, mailing address, email address, telephone numbers, and online identifiers and IP address), financial information (credit/debit card numbers); geolocation data, and internet or other electronic network activity information (browsing history, search history, and information regarding an individual’s interaction with an internet site or application, or advertisement). We have used this information to respond to your requests, process your orders, optimize your website experience, and ensure the website and our systems are properly functioning.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible business purposes without providing you notice.
Sharing Your Information
We do not sell your personal information, but may disclose it to third parties for a business purpose. Specifically, in the past 12 months we have disclosed the personal information described above to our website and internet service providers, payment processors, order fulfillment providers, and marketing intelligence service providers.
Source of Information
We obtain the categories of personal information that are listed above when you provide it to us directly and passively when you visit our Site. Please see Section 6 above for more details about the ways in which we obtain your information.
California gives you certain rights regarding your personal information:
- Right to Know: You may request no more than twice in a 12-month period that we provide you with copies of specific personal information we have collected or disclosed about you. However, under California law, we cannot provide you with certain sensitive information, despite your request (for example, we will not send you copies of your social security number even if it is something we collected).
- Right to Delete: You may request that we delete certain personal information we have collected about you, with certain exceptions.
- Right to Opt-Out: If we sell your data to third parties, you have the right to opt out of this sale.
- Shine the Light: California’s “Shine the Light” law gives you the right to ask us once a year if we have shared your personal information with third parties for direct marketing purposes.
To exercise your rights above, please submit a request to us at firstname.lastname@example.org. Please describe your request with sufficient detail so we can properly respond to your request. We may ask for additional information to verify your identity. The information you provide in your request and any follow up information we ask for from you will be used solely to verify your request. After receiving your request, we may need to contact you for further information and will notify you if your request has been granted or declined, or if an exception applies to your request. Only you or an individual designated as your authorized agent to act on your behalf may make a request related to your personal information. We may not discriminate against you if you choose to exercise your rights.
Responding to Your Rights Request
We will try to respond to your request within 45 days. If we need more time, we will contact you with the reason we need more time and the extension period. We will deliver our written response by mail or electronically, at your option. In response to your request to know, we will only disclose the information we have collected in the 12 months prior to our receipt of your request. Our response will also explain the reasons we cannot comply with any request, if applicable. We do not charge a fee to process or respond to your request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate prior to completing your request.
12. CHANGES TO THIS POLICY
Bern, April 2021
Schluep Degen Attorneys-at-Law