Privacy Policy & Cookie Policy

Concepts

Affected person:
Natural person about whom we process personal data.

Personal data:
Any information relating to an identified or identifiable natural person.

Particularly sensitive personal data:
Data concerning trade union, political, religious or philosophical views and activities, data concerning health, privacy or ethnic or racial affiliation, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

To edit:
Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, recording, collecting, deleting, disclosing, arranging, organizing, storing, altering, disseminating, linking, destroying and using personal data.

European Economic Area (EEA):
Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

Note:
The European General Data Protection Regulation (GDPR) defines the processing of personal data as processing of personal data and the processing of particularly sensitive personal data as processing of special categories of personal data (Article 9 GDPR).

Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Data Protection Regulation (Data Protection Ordinance, DSV).

We process – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data or personal data in accordance with at least one of the following legal bases:

• Art. 6 (1) (b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 (1) (f) GDPR for the necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – unless the fundamental freedoms and rights and the interests of the data subject override these interests. Such interests include, in particular, the permanent, humane, secure, and reliable performance of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6 (1) (c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of Member States in the European Economic Area (EEA).
• Art. 6 (1) (e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
• Art. 6 (1) (a) GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 (1) (d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person
  protect.
• Art. 9 (2) et seq. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities, provided that such processing is permitted for legal reasons.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to comply with legal obligations or to protect overriding interests. We may also request the consent of data subjects when their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly depending on statutory retention and limitation periods.

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include, in particular, specialized
Providers whose services we use.

We may, for example, disclose personal data to banks and other financial service providers, public authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies and insurance companies.

We process personal data to enable us to communicate with third parties. In this context, we process, in particular, data that a data subject transmits when contacting us, for example, by post or email. We may store such data in an address book or using similar tools.

Third parties who transmit data about other individuals are obligated to ensure data protection for such data subjects. This includes ensuring, among other things, the accuracy of the personal data transmitted.

We use selected services from suitable providers to better communicate with third parties.

In particular, we use:

• LiveChat: Platform for communication with customers, particularly via chatbot; Providers: LiveChat Inc. (USA) / TEXT SA (Poland); Data protection information:
  Privacy Policy, «Legal».
• Salesforce: Customer Relationship Management (CRM); Providers: Salesforce.com Inc. (USA) / Salesforce.com Germany GmbH (Germany); Data protection information: «Data protection» (with the «most important contents of the data protection declaration»), Privacy Policy.

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. These measures specifically ensure the confidentiality, availability, traceability, and integrity of the personal data processed, but cannot guarantee absolute data security.

Access to our website and our other online presence is via transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication – like all digital communication in principle – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries.

We have no direct influence on the processing of personal data by intelligence agencies, police departments, and other security authorities. Nor can we rule out the possibility that a data subject may be subject to targeted surveillance.

We process personal data in principle in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries,
in particular to process them there or have them processed there.

We can store personal data in everyone States and Territories on Earth export, provided that the local law according to Resolution of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also in accordance with BDecision of the European Commission ensure adequate data protection.

We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is guaranteed for other reasons, in particular
based on standard data protection clauses or with other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide data subjects with information about any safeguards or a copy of any safeguards.

Data protection claims

We grant data subjects all rights under applicable data protection law. Data subjects have, in particular, the following rights:

• Information:
  Data subjects can request information as to whether we process personal data about them and, if so, which personal data is involved. Data subjects receive
  Furthermore, the information required to assert your data protection claims and to ensure transparency. This includes the processed
  Personal data as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
• Correction and restriction:
  Data subjects may have incorrect personal data
  correct, complete incomplete data and restrict the processing of their data.
• Deletion and objection:
  Affected persons can have personal data deleted
  (“right to be forgotten”) and to the processing of their data with effect for the future.
• Data release and data transfer:
  Affected persons can request the release of personal data or the transfer of their data to another person responsible.

We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any conditions that may need to be met to exercise their data protection rights. For example, we may refuse to provide information in whole or in part by citing trade secrets or the protection of other persons. We may also refuse to delete personal data in whole or in part by citing statutory retention periods.

In exceptional cases, we may charge fees for exercising these rights. We will inform data subjects in advance of any costs involved.

We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Affected persons are obliged to cooperate.

Legal

Data subjects have the right to enforce their data protection claims through legal action or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection authorities are Members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are structured on a federal basis, particularly in Germany.

Cookies

We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third-party services we use (third-party cookies)—are data stored in your browser. Such stored data need not be limited to traditional text cookies.

Cookies can be stored in the browser temporarily as "session cookies" or for a specific period of time as so-called permanent cookies. "Session cookies" are automatically
deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize a browser the next time you visit our website and thus, for example, to increase the reach of our
website. However, persistent cookies can also be used for online marketing, for example.

Cookies can be fully or partially deactivated or deleted at any time in your browser settings. Without cookies, our website may no longer be fully available. We actively request your express consent to the use of cookies – at least where and to the extent necessary.

For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAd-Choices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

logging

For each access to our website and our other online presence, we may log at least the following information, provided that it is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).

We record such information, which may also constitute personal data, in log files. This information is necessary to ensure our online presence is sustainable, human-friendly and
to be able to provide this information reliably. This information is also required to ensure data security – including through third parties or with the assistance of third parties.

Tracking pixels

We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels – including those of third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that
are automatically retrieved when you access our website. Web beacons can collect at least the same amount of information as log files.

Success and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We require this statistical recording of usage for success and reach measurement in order to be able to send notifications and messages based on the needs and reading habits of the recipients in an effective and user-friendly manner, as well as permanently, securely, and reliably.

Consent and objection

You must generally consent to the use of your email address and other contact addresses, unless such use is permitted for other legal reasons. We may use the "double opt-in" procedure to obtain double-confirmed consent, if necessary. In this case, you will receive a notification with instructions for double confirmation. We may log consents obtained, including the IP address and timestamp, for evidentiary and security reasons. You can generally object to receiving notifications and communications such as newsletters at any time. By objecting, you can also object to the statistical recording of usage for success and reach measurement. This does not apply to necessary notifications and communications related to our activities.

Service providers for notifications and communications

We send notifications and communications using specialized service providers.

In particular, we use:

• ActiveCampaign:
  Platform for marketing automation, especially email marketing; Provider: ActiveCampaign LLC (USA); Data protection information: Privacy Policy.
• Mailchimp:
  Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information: Privacy Policy (Intuit) including “Country and Region-Specific Terms”.

We are present on social media platforms and other online platforms to communicate with interested parties and to inform them about our activities. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

We are jointly responsible for our social media presence on Facebook, including the so-called Page Insights, with Meta Platforms Ireland Limited (Ireland), if and to the extent that the General Data Protection Regulation (GDPR) is applicable. Meta Platforms Ireland Limited is part of meta company (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly manner.

Further information about the type, scope and purpose of data processing, information on the rights of data subjects as well as the contact details of Facebook and Facebook's data protection officer can be found in Facebook's privacy policy. We have entered into the so-called «Addition for responsible persons» and thereby agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the page "Information on Page Insights" including "About Page Insights Data".

We use services from specialized third parties to enable us to conduct our activities in a sustainable, human-friendly, secure, and reliable manner. Such services allow us, among other things, to embed functions and content into our website. When embedding, the services used collect the users' IP addresses, at least temporarily, for technically necessary reasons.

For necessary security-related, statistical and technical purposes, third parties whose services we use may aggregate data related to our activities and operations,
anonymized or pseudonymized. This includes, for example, performance or usage data in order to be able to offer the respective service.

In particular, we use:

• Google services:
  Providers: Google LLC (USA) / Google Ireland Limited (Ireland)
  partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Principles of data protection and security", «Information on how Google uses personal data», Privacy Policy, «Google is committed to compliance with applicable data protection laws», «Guide to data protection in Google products», “How we use data from websites or apps where our services are used”, «Types of cookies and similar technologies that Google uses», "Advertising that you can influence" ("Personalised advertising")
• Microsoft services:
  Providers: Microsoft Ireland Operations Limited (Ireland) for
  Users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: “Data protection at Microsoft”, "Data Protection and Privacy", Privacy Policy, «Data and privacy settings».

digital infrastructure

We use services from specialized third parties in order to be able to use the necessary digital infrastructure in connection with our activities and activities. These include, for example, hosting and storage services from selected providers. We particularly use:

• Host point:
  Hosting; Provider: Hostpoint AG (Switzerland); Data protection information: Privacy Policy.
• Raid boxes:
  WordPress hosting; provider: Raidboxes GmbH (Germany); data protection information:  Privacy Policy, Sample privacy policy for Raidboxes users («Template for your privacy policy»).
• WordPress.com: Blog hosting and website builder; providers: Automattic Inc. (USA) / Aut O'Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among others; privacy policy: Privacy Policy, Cookie Policy.

Automation and integration of apps and services

We use specialized platforms to integrate and connect existing third-party apps and services. We can also use such "no-code" platforms to automate processes and activities with third-party apps and services. In particular, we use:

• Zapier:
  Automation and integration of apps and services; Provider: Zapier Inc. (USA); Data protection information: Privacy Policy, «Data Privacy at Zapier», «Data Privacy & Security FAQ», «Security and Compliance».

Audio and video conferences

We use specialized audio and video conferencing services to communicate online. For example, we can use it to hold virtual meetings or conduct online classes and webinars. The legal texts of the individual services such as data protection declarations and terms of use also apply to participation in audio and video conferences.

Depending on your circumstances, we recommend muting your microphone by default when participating in audio or video conferences, as well as blurring the background or displaying a virtual background. We particularly use:

• GoogleMeet:
  video conferencing; Provider: Google; Google Meet specific information: “Google Meet – Security and data protection for users”.
• TeamViewer Meeting:
  Video conferencing; Provider: TeamViewer Germany GmbH (Germany); Data protection information: Privacy Policy, «First-class data protection».
• Twitch:
  Live streaming, especially for video games; Provider: Twitch Interactive Inc. (USA); Data protection information: Privacy Policy, Cookie Policy.
• Zoom:
  Platform for collaborative work, especially with video conferences; Provider: Zoom Video Communications Inc. (USA); Data protection information: “Data protection at Zoom”, Privacy Policy,«Legal compliance».

Online collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, any directly visible terms and conditions of the services used, such as terms of use or privacy policies, also apply. In particular, we use:

• Miro:
  Whiteboard platform; Provider: RealtimeBoard Inc. (USA); Data protection information: Privacy Policy, «Trust in Miro» («Miro Trust Center»).
• paddle:
  Platform for productive collaboration; Provider: Wallwisher Inc. DBA Padlet; Data protection information: Privacy Policy.
• Slack:
  Platform for productive collaboration, especially via chat; Providers: Slack Technologies LLC (USA) for users in Canada and the USA / Slack Technologies Limited (Ireland) for users in the rest of the world; Data protection information: Privacy Policy, «Trust Center», «Frequently asked questions about data protection», «Data Management: Transparency and Clarity», Cookie Policy.
• Microsoft Teams:
  Platform for productive collaboration, especially with audio and video conferences; Provider: Microsoft; Teams-specific information: “Data protection and Microsoft Teams”.

Maps

We use third-party services to embed maps into our website. In particular, we use:

• GOogle Maps including Google Maps Platform: map service; Provider: Google; Google Maps-specific information: “How Google uses location information”.

Digital audio and video content

We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts. We particularly use:

• Vimeo:
  Video platform; Provider: Vimeo Inc. (USA); Data protection information: Privacy Policy, «Private video hosting».
• YouTube:
  video platform; Provider: Google; YouTube-specific information: «Data protection and security center», “My data on YouTube”.

Documents

We use third-party services to embed documents into our website. Such documents can include PDF files, presentations, spreadsheets, and text documents. This allows us to not only view, but also edit or comment on such documents. In particular, we use:

• Issue:
  Digital documents and electronic publications; Provider: Issuu Inc. (USA); Data protection information: Privacy Policy.

Fonts

We use third-party services to embed selected fonts, icons, logos, and symbols into our website. In particular, we use:

• Font Awesome:
  Icons and logos; Provider: Fonticons Inc. (USA); Privacy Policy: Privacy Policy.
• Google Fonts:
  fonts; Provider: Google; Google Fonts-specific information: «Your Privacy and Google Fonts», “Privacy and data collection” (at Google Fonts).

Advertising

We use the option to display targeted advertising for our activities on third parties such as social media platforms and search engines.

With such advertising, we particularly want to reach people who are already interested in our activities and offerings or who might be interested in them (remarketing and targeting). For this purpose, we may transmit relevant information – possibly including personal information – to third parties who enable such advertising. We can also determine whether our advertising is successful, in particular whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile there. In particular, we use:

• Google Ads:
  search engine advertising; Provider: Google; Google Ads-specific information: Advertising based, among other things, on search queries, with various domain names - in particular doubleclick.net, googleadservices.com and googlesyndication.com - being used for Google Ads, Advertising Privacy Policy, «Manage displayed ads directly via Ads».
• LinkedIn Ads:
  Social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); data protection information: remarketing and targeting, in particular with the LinkedIn Insight Tag, "Data protection", Privacy Policy, Cookie Policy, Objection to personalized advertising.
• Meta ads:
  Social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other meta companies (including in the USA); Data protection information: Targeting, including retargeting, in particular with the Meta pixel with a Custom Audiences including Lookalike audiences, Privacy Policy, “Advertising preferences” (Registration as a user required).
• TikTok Ads:
  Social media advertising; providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; data protection information: remarketing and targeting, in particular with the TikTok pixels, Privacy Policy, “Privacy Policy for Younger Users”, Cookie Policy, TikTok for Business Privacy and Cookie Policy.

We use extensions for our website to provide additional functionality. We may use selected services from suitable providers or use such extensions on our own digital infrastructure. In particular, we use:

• Google reCAPTCHA: 
  Spam protection (differentiation between desired content from humans and undesired content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: «What is reCAPTCHA?».

In most cases, the IP addresses stored by individual users. In this case, IP addresses are generally shortened ("IP masking") in order to comply with the principle of data economy through appropriate pseudonymization.

Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window, and the location—at least approximately. As a general rule, any user profiles are created exclusively in pseudonyms and are not used to identify individual users. Individual third-party services with which users are logged in may be able to associate the use of our online offering with the user account or user profile on the respective service. In particular, we use:

• Google Marketing Platform:
  Success and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking) as well as with pseudonymised IP addresses, which are only exceptionally be transferred in full to Google in the USA, Privacy Policy for Google Analytics, "Browser add-on to deactivate Google Analytics".
• Google Tag Manager:
  Integration and management of services from Google and third parties, in particular for measuring success and reach; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; Further information on data protection can be found in the individual integrated and managed services.

We created this privacy policy with the Privacy generator of Data protection partner We may adapt and supplement this privacy policy at any time. We will inform you of such adaptations and additions in an appropriate manner, in particular by publishing the current privacy policy on our website.