Privacy Policy
Disclaimer of liability
The following privacy statement has been prepared by the authors on the basis of the literature currently available. The privacy statement serves as a first example. It should be noted that many of the problems mentioned have not yet been definitively clarified by Supreme Court rulings and that state data protection authorities have not yet issued opinions, which is why there are still divergent views on some points. No responsibility is assumed for correctness and completeness. It should also be stressed that each case must be examined separately and that this model does not replace individual legal advice.
Name and contact details of the Data Protection Officer
Rotoswiss Sagl
Goetz Oliver Stetzelberg
Managing Director
Via Pioda 12, 6900 Lugano
Phone + 41 91 2520062
Fax + 41 91 2520065
E-mail info(at)rotoswiss.ch
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal information you provide and to protect it from unauthorized access. For this reason, we take the utmost care and apply state-of-the-art security standards to ensure the maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European Basic Data Protection Regulation (DSGVO) and the provisions of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that we and our external service providers comply with the data protection regulations.
Definitions
The legislator requires that personal data be processed lawfully, in good faith and in a way that is comprehensible to the data subject ("lawfulness, correctness, transparency"). To ensure this, we inform you of the individual legal definitions that are also used in this Privacy Policy:
Personal datails
"Personal data“ means any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“); any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“) shall be considered as identifiable; a natural person who can be identified directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or a specific characteristic or characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of such a natural person, shall be considered as identifiable, and shall include any information relating to an identified or identifiable natural person, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more specific features expressing the physical, physiological, genetic, psychological or social identity of such a natural person.
Processing
„Processing" means any operation or set of operations performed in relation to personal data, with or without the use of automated means, such as collection, recording, organization, selection, storage, adaptation or alteration, retrieval, consultation, use, use, disclosure by transmission, dissemination or any other form of making available, comparison or association, qualification, erasure or destruction.
Restriction on treatment
"Restriction of processing“ means the marking of stored personal data in order to limit future processing.
User profiling
"Profiling“ means any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects of a natural person, in particular to analyse or foresee aspects of that person's work, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or movements.
Pseudonymisation
"Pseudonymisation“ means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that personal data cannot be attributed to an identified or identifiable individual.
File system
"File System" means any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised on a functional or geographical basis.
Responsible for the treatment
"Data Processor" means a natural or legal person, public authority, agency or other body that, alone or together with others, decides on the purposes and means of processing personal data; if the purposes and means of processing are established by Union law or the law of the Member States, the controller or the specific criteria for his designation may be established by Union law or by the law of the Member States.
Responsible for processing
Recipient
Third person
Consent
“Consent“ of the data subject means any voluntary, informed and unequivocal expression of the data subject's will in the particular case, in the form of a declaration or other unequivocal affirmative act, by which the data subject expresses his or her consent to the processing of his or her personal data.
Legitimacy of the treatment
The processing of personal data is only legal if there is a legal basis for processing. The legal basis for the processing can, in accordance with Article 6 paragraph 1 lit. a – f DSGVO in particular:
A/ The data subject has given his consent to the processing of personal data for one or more specific purposes;
B/ The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject;
C/ Processing is necessary to fulfil a legal obligation to which the controller is subject;
D/ Processing is necessary to protect the vital interests of the data subject or of another individual;
E/ Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
F/ Processing is necessary to safeguard the legitimate interests of the controller or of a third party, except where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a minor.
Information on the collection of personal data
Below we inform you about the collection of personal data while using our website. Personal data are, for example, name, address, e-mail address, user behavior. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us to answer your questions. The data collected in this context will be deleted after storage is no longer necessary, or processing will be limited in the case of legal storage obligations.
Collection of personal data when you visit our website
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary to be able to show you our website and to guarantee you stability and security (the legal basis is Art. 6 para. 1 S. 1 letter f DSGVO):
- IP adress
- Date and time of request
- Time difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page
- Access Status Code / HTTP
- The amount of data transferred in each case
- Website from which the request originates
- Navigator
- Operating system and its interface
- Language and version of the browser software.
Use of cookies
In addition to the above data, cookies are stored on your computer when you use our website. Cookies are small text files that are saved on the hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website easier to use and more effective.
This website uses transient and persistent cookies, the scope and function of which are described below:
Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. They store a so-called session ID, which can be used to assign different requests from your browser to the joint session. This way, your computer is recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can configure your browser settings to suit your needs and, for example, refuse to accept third-party cookies or all cookies. So-called "third party cookies" are cookies set by third parties, not by the website you are currently on. Please note that if you disable cookies, you may not be able to use the full functionality of this website.
The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your final device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, such as "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete cookies and your browser history manually.
Further functions and offers of our website
In addition to the purely informative use of our website, we offer various services that you can use if you are interested. For this purpose, it is normally necessary to provide additional personal data that we use to provide the respective service and to which the above data processing principles apply.
To a certain extent, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. In addition, we may pass on your personal data to third parties if we offer participation in promotions, contests, contracts or similar services together with our partners. You will receive further information when entering your personal data or in the description of the offer below.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the offer description.
Kids
Rights of the interested parties
Withdrawal of consent
Right to confirmation
The interested party has the right to request confirmation from the person responsible for processing personal data concerning him. You can request confirmation at any time using the contact details above.
Right to information
In case of processing of personal data, you can request at any time information about such personal data and the following information:
A/ The purposes of the processing;
B/ The categories of personal data that will be processed;
C/ The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
D/ If possible, the expected duration of retention of personal data or, where this is not possible, the criteria for determining such duration;
E/ The existence of a right to have personal data relating to you corrected or deleted or to have their processing restricted by the controller or to object to such processing;
F/ The existence of a right of appeal to a supervisory authority;
G/ If personal data are not collected from the person concerned, all available information on the origin of the data;
H/ The existence of an automated decision-making process, including profiling, in accordance with Article 22(1) and (4) of the DSGVO and, at least in these cases, meaningful information on the logic, scope and intended impact of such processing on the data subject; where personal data are transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 of the DSGVO in relation to the transfer. We will provide you with a copy of the personal data being processed. For each additional copy requested by the user, we may charge a reasonable fee based on administrative costs. If the application is submitted electronically, the information must be made available in a common electronic format, unless otherwise stated. 4. The right to receive a copy pursuant to paragraph 3 is without prejudice to the rights and freedoms of any other person.
Right to rectification
You have the right to ask us immediately to correct any incorrect personal data concerning you. In view of the purposes of the processing, the user has the right to request the compilation of incomplete personal data – including through a supplementary declaration.
Right of withdrawal ("right to be forgotten")
You have the right to request the data controller to delete your personal data concerning you immediately and we are obliged to delete your personal data immediately if any of the following reasons apply:
A/ Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
B/ The data subject withdraws the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) of the DS Block Exemption Regulation and there is no other legal basis for the processing.
C/ The data subject opposes processing pursuant to Article 21(1) of the DSGVO and there are no legitimate grounds of primary importance for processing or the data subject opposes processing pursuant to Article 21(2) of the DSGVO.
D/ Personal data have been processed unlawfully.
E/ Deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
F/ Personal data have been collected in connection with information society services offered pursuant to Article 8(1) of the DSGVO. If the controller has disclosed personal data and is required to delete them pursuant to paragraph 1, it shall take reasonable steps, including technical measures, taking into account available technology and implementation costs, to inform the controllers of personal data that the data subject has requested them to delete all links to such personal data or copies or replicas of such personal data ("right to be forgotten"):
- exercise the right to freedom of expression and information;
- in order to fulfil a legal obligation which the processing requires under Union or Member State law to which the controller is subject or in order to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the field of public health within the meaning of Article 9(2)(h) and (i) and Article 9(3) of the DSGVO;
- for the purpose of archival, scientific or historical research in the public interest or for statistical purposes within the meaning of Article 89(1) of the DS Block Exemption Regulation, where the law referred to in paragraph 1 may render the attainment of the objectives of such processing impossible or seriously prejudicial, or
- to assert, exercise or defend legal claims.
Right to limitation of treatment
The user has the right to request to limit the processing of his personal data if one of the following conditions is met:
A/ The accuracy of personal data is challenged by the data subject for a period of time that allows the controller to verify the accuracy of personal data,
B/ The processing is illegal and the interested party refuses to delete personal data and instead requests the limitation of the use of personal data;
C/ The data controller no longer needs personal data for the purposes of the processing, but the data subject needs it to assert, exercise or defend legal rights, or
D/ The interested party objected to the treatment pursuant to Article 21 (1) of the SDGVO until it was established whether the legitimate reasons of the controller exceed those of the data subject and, if the processing was limited in accordance with the conditions set out above, such personal data, apart from their conservation, are processed only with the consent of the interested party or for the exercise, judicial exercise or defense of rights or the protection of the rights of an other natural or legal person or for reasons of significant public interest of the Union or of a Member State.
In order to exercise the right to limit the processing, the data subject may at any time contact us at the above address.
Right to data transferability
You have the right to receive the personal data you have provided us with in a structured, common and machine-readable form and you have the right to communicate it to another data controller without being hindered by the data controller, provided that:
A/ Processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) DSGVO, and
B/ The treatment will be carried out by automated means.
In exercising the right to transfer data pursuant to paragraph 1, the user has the right to obtain that personal data be transferred directly from one controller to another controller, to the extent technically feasible. The exercise of the right to transfer data is without prejudice to the right to erasure ("right to be forgotten"). This right shall not apply to processing operations necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of opposition
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out pursuant to Article 6(1)(e) or (f) of the DS block exemption Regulation, including profiling based on those provisions. The controller will no longer process personal data unless he can demonstrate that the processing is justified by legitimate reasons overriding the interests, rights and freedoms of the data subject or that the processing is for the purpose of enforcing, exercising or defending a right in court.
If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for advertising purposes; this also applies to profiling, insofar as it is related to such direct marketing. If the user objects to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
By way of derogation from Directive 2002/58/EC, the user may exercise his right to object in relation to the use of information society services by means of automated procedures using technical specifications. You have the right to object to the processing of your personal data concerning you for the purposes of scientific or historical research or for statistical purposes referred to in Article 89(1) on grounds relating to your particular situation, unless such processing is necessary for the performance of a task in the public interest.
You may exercise your right to object at any time by contacting the data controller concerned.
Automated decisions in individual cases, including profiling
The user has the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effects or which has significant effects for the user. This does not apply if the decision:
A/ is necessary for the conclusion or execution of a contract between the data subject and the person responsible,
B/ is authorised by the Union legislation or legislation of the Member States to which the controller is subject and which lays down appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
C/ with the express consent of the interested party. The controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to have the data subject involved, to express his or her views and to challenge the decision.
The data subject may exercise this right at any time by contacting the responsible person.
Right of appeal to a supervisory authority
Right to an effective judicial remedy
Without prejudice to any available administrative or extrajudicial remedies, including the right of appeal to a supervisory authority under Article 77 of the DSGVO, they shall have the right to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data contrary to this Regulation.
Using Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened in advance by Google within the member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States, where it will be abbreviated. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be combined with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do, you may not be able to use the full functionality of this website. You may also prevent Google from collecting data generated by the cookie about your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension "_anonymizeIp()". This shortens the processing of IP addresses, thus excluding the possibility of personal references. If the data collected about you relates to a person, this is immediately excluded and the personal data is immediately deleted.
We use Google Analytics to analyse the use of our website and to improve it regularly. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For exceptional cases where personal data is transferred to the United States, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 S. 1 S. 1 lit. f DSGVO.
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use:
http://www.google.com/analytics/terms/de.html, Data Protection Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Protection Statement: http://www.google.de/intl/de/policies/privacy.
This website also uses Google Analytics for cross-device analysis of visitor flows through a user ID. You can deactivate the cross analysis of the use of your customer account under "My data", "Personal data".
Script
On the basis of our legitimate interests pursuant to Art. 6 para. 1 letter f., we will determine the amount of our remuneration. DSGVO) external fonts "Typekit" of the supplier Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement and therefore offers a guarantee of compliance with European data protection legislation. See: https://www.privacyshield.gov/participant?id=a2zt00000000000TNo9AAG&status=Active.