Privacy
Privacy Policy
Preamble
We attach great importance to safeguarding your privacy and protecting your personal data. For this reason, this privacy policy informs you about the processing of your personal data so that you can safely visit our website in the knowledge and confidence that we will only process your data in accordance with this privacy policy and the statutory provisions. The declaration sets out transparently for you which types of personal data are affected and in what way, to what extent and for what purpose they are processed by us. The privacy policy is comprehensive and therefore applies to all processing activities carried out by us. You are not obliged to provide us with personal data. However, if you do, we may not be able to assess and process your enquiry in accordance with your interests.
Personal data is all information that relates to an identified or identifiable person.
1. responsible body
Below is information on the controller or the person responsible in accordance with the applicable data protection laws, as well as your contact options for data protection issues:
Franziska Henner
Sulgenauweg 6
CH-3007 Berne
Switzerland
represented by: Franziska Henner
Phone: +41 79 222 00 87
E-mail: humandesign@gmx.ch
This privacy policy informs data subjects about the purposes, scope and nature of the processing of personal data by the above-mentioned controller. The controller is the natural person who alone or jointly with others determines the purposes and means of the processing of personal data. The controller is the body to which you can turn if you have any questions or wish to assert your rights and to which you are entitled to a response.
We take the issue of data protection very seriously and therefore work together with certified data protection officers / data protection consultants. However, we are not legally obliged to appoint a data protection officer / data protection consultant and have therefore not appointed a data protection officer / data protection consultant. If you have any questions about data protection, please do not hesitate to contact us using the contact details provided.
Legal basis for data processing
According to the GDPR, personal data may only be processed within the EU/EEA with a legal basis in accordance with Art. 6 GDPR. In most cases, this is a legitimate interest on our part (Art. 6 para. 1 sentence 1 lit. f) GDPR) or your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), as long as you give it. If you have a contractual relationship with us, or if such a relationship is in the offing, this also justifies the processing of personal data (Art. 6 para. 1 sentence 1 lit. b) GDPR). Furthermore, there is the possibility of the fulfilment of a legal obligation for processing on our part (Art. 6 para. 1 sentence 1 lit. c) GDPR). The legal bases in individual cases are listed below in this privacy policy. Please also note that, depending on your domicile or place of residence, other data protection regulations, in particular national provisions, may apply.
We process personal data of data subjects from Switzerland in accordance with the Swiss Data Protection Act (DSG new CH), which comes into force on 1 September 2023. In contrast to the GDPR, the processing of personal data is generally permitted without a legal basis under the new DPA CH. In the following, however, the word legal basis is used in some places in the text for the purpose of standardisation, even if this is not necessary under Swiss law, but reference is made to the appropriate new DPA CH standard. We adhere to the principles of Art. 6 DSG new CH when processing data. These are, in particular, processing in good faith and for a specific and recognisable purpose, the proportionality of processing, as well as the destruction or anonymisation of personal data as soon as the purpose of processing ceases to apply and processing is no longer necessary.
As this privacy policy may also be used across national borders, we use the GDPR terminology for the following equivalent terms:
Term DSGVOEquivalent DSG new CH
ProcessingProcessing
Personal dataPersonal data
Legitimate interestPredominant interest
Special categories of personal dataPersonal data requiring special protection
Transfer of personal dataDisclosure of personal data
2. nature and purpose of the use of personal data and its collection and storage
General information
Depending on your use of our website, we process different personal data for different purposes.
Various purposes may include, in particular, the provision of our website, the management of our IT infrastructure, security measures, office procedures, organisational management and marketing. Furthermore, the purpose of the processing may be the fulfilment of contractual obligations, including the provision of a contractually owed service, as well as the communication, administration and answering of contact and other enquiries and/or the organisation of competitions.
For these purposes, we process different types of data, primarily inventory, usage, content and/or metadata, but also payment, contact, communication, location, other contractual and/or procedural data, as well as event data. The types of data processed are always limited depending on the corresponding purpose.
The following categories of persons may be affected by the processing of personal data by us: Users and interested parties; customers, applicants, business and other contractual partners; other communication partners, participants in competitions or similar contests and members.
The respective purposes, data types and data subjects are also listed in detail below.
2.1 When visiting "https://www.franziska-henner.com/", general data processing and data processing beyond the website
Server log files
When you visit our website, the following data is automatically processed, which is required to establish a smooth connection between your device and our website and to display the website properly:
IP address
Name and address of the website and files visited
Access time
Notification of successful retrieval
Operating system and browser used
Referrer URL
Internet provider
The processed personal data is also used to optimise and ensure the security of the website and the information technology systems.
The legal basis for the processing of this data is our legitimate interest, which provides for the processing of personal data to protect the legitimate interests of the controller. The legitimate interests arise from the above reasons. The data is deleted as soon as it is no longer needed, which is the case when the session ends, unless there are legitimate interests in further storage (e.g. unlawful access).
Processed data: Communication and procedural data (e.g. IP addresses), usage data (e.g. access times)
Data subjects: Users
Purposes of processing: Provision of an optimised online presence, IT infrastructure; security measures
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) consent (Art. 6 para. 1 sentence 1 lit. a GDPR) / legitimate interest in the provision of an online offering (pursuant to Art. 6 and 8 FADP new CH), consent of participants (Art. 31 para. 1 FADP new CH)
Guarantees: Contract data processing agreement and, if data is transferred to third countries, the application of EU standard contractual clauses and, if applicable, additional certification of the hoster/provider in accordance with the EU-US Data Privacy Framework DPF.
According to Art. 45 GDPR, all EU member states are a safe data export country for personal data and currently (last accessed in June 2023) the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom and South Korea have been classified by the European Commission as data protection compliant, meaning that the export of personal data from the EU to these countries is permitted.
When processing personal data from Switzerland in the EU/EEA or the United Kingdom (UK), the Federal Council of Switzerland currently (last accessed in June 2023) guarantees adequate data protection within the meaning of Art. 16 para. 1 FADP new CH, meaning that the export of personal data from Switzerland to these countries is permitted.
With regard to our website, we also refer to the privacy policy of the hosting provider Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel,
https://de.wix.com/about/privacy
Cookies
If we use so-called cookies - small text files - to operate this website, these are stored on your device and are intended, for example, to ensure the functionality of the website or to enable website usage to be analysed. In this case, personal data is processed. Details on individual cookies, such as the respective legal basis (e.g. consent or legitimate interest), the storage period, or revocation and objection options, are then listed in detail in the cookie management below. With regard to the use of cookies, data subjects generally have a right of objection or the option of deactivating them in the browser settings. However, we would like to point out that this may mean that the full functionality of the website can no longer be guaranteed.
If we use cookies, this is done either on the legal basis of your consent or with a legitimate interest, for example to improve our website functions or to fulfil contractual obligations, e.g. if a cookie is necessary to conclude a contract. Cookies are stored for different lengths of time. Some cookies are only temporary and are deleted at the latest when you close your browser or app. Other cookies are stored permanently on your end device. You can delete the cookies permanently stored on your device yourself at any time. Alternatively, please refer to the cookie management tool to find out when cookies are automatically deleted.
You can customise the selection of cookies for analysis/statistics or advertising at any time via the cookie settings.
Opt-in and opt-out
When you access this website for the first time, you can generally consent to the use of cookies or give your user-defined consent to the use of different cookies or refuse them.
If you agree to the use of cookies that require consent, we will save your declaration of consent so that you do not have to obtain it again the next time you visit the website; please refer to our cookie consent management for the storage periods. In addition to the declaration, your IP address, the browser you are using and the model of the end device you are using may also be stored. You can revoke your declaration(s) of consent at any time.
If cookies are used, the storage of cookies in the end device you are using and access to the stored cookies is based on the fact that they are either absolutely necessary for the provision of the website or are carried out with your consent on the basis of clear and comprehensive information. Consent to cookies requiring consent can be revoked at any time. Data processing is based on the European Union's E-Privacy Directive 2002/58/EC. It is transposed into national law in Germany in Section 25 (1) and (2) TTDSG. In Austria, the transposition into national law takes place in Section 165 (3) TKG 2021 AT.
If cookies are used, we hereby inform you that these cookies are used to process data on your end devices in accordance with Art. 45c lit. b FMG CH. The processing serves the purpose described above. You can refuse the processing of cookies requiring consent at any time.
Processed data: IP address, declaration of consent, browser, end device used
Data subjects concerned: User
Processing purposes: Guarantee of contractual services/obligations, functioning online offer, effective and targeted advertising measures
Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR), fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR) / legitimate interests in a functioning online offering and effective and targeted advertising measures (Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)
Plugins and embedded functions
We integrate functions and content from external providers, hereinafter referred to as "third-party providers", into our online platform. These are, for example, graphics, videos or interactive maps, which are referred to as "content".
In order to display this content or functions, it is necessary for the third-party providers to process the user's IP address. The transmission of this content to the user's browser is not possible without the use of the IP address. We endeavour to only integrate content from providers that use the IP address exclusively for the delivery of content. The third-party providers may also use "pixel tags" (invisible graphics or "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to analyse information such as visitor traffic on our pages.
The pseudonymised information collected can be stored in cookies on the user's device. These cookies contain technical information about the browser, the operating system, referring websites, visit times and other information about the use of our platform.
Processed data: Communication and procedural data (e.g. IP addresses), usage data (e.g. access times), content data, contact data, inventory data (e.g. names, address), location data; event data (e.g. via Facebook Pixel, which can be transmitted by us to Facebook, these are processed due to target group formation and do not contain any actual content, no contact information, no login information), the event data is deleted by Facebook after a maximum storage period of 2 years
Data subjects: Users
Processing purposes: Guarantee of contractual services/obligations, provision of the online presence, creation of user profiles, collection of feedback, marketing measures
Legal bases: Consent (Art. 6 para. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (pursuant to Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)
Web analysis
Web analytics as a sub-area of digital analytics comprises various methods for collecting and analysing data about companies' online presences. This data is used by the website operator to optimise the customer experience. Furthermore, test procedures can also be used to test different versions of the online offering.
For these purposes, we can create usage profiles that contain pseudonymised data about usage processes. The information is stored in the end device or browser and retrieved from there. The data collected includes websites visited, functions used and technical details (e.g. the browser used). If users have consented to the collection of their location data by us or the service providers we use, this data may be collected.
Users' IP addresses are also stored, but we use a process called IP masking. This pseudonymises the IP address in order to protect the user's identity. In general, we do not store any personal data (such as email addresses or names) for web analysis, A/B tests and optimisation processes, but only pseudonymised data. Neither the providers nor we therefore know the identity of the users.
Processed data: Communication and process data (e.g. IP addresses), usage data (e.g. access times)
Data subjects: Users
Purposes of processing: Generation of user profiles, reach measurement (e.g. determining the frequency of visits to a website)
Legal bases: Consent (Art. 6 para. 1 lit. a GDPR) legitimate interest (Art. 6 para. 1 lit. f) GDPR) / legitimate interest in effective and targeted advertising measures (pursuant to Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)
Security measures: IP masking
Guarantees: Contract data processing agreement and, if data is transferred to third countries, the application of EU standard contractual clauses and, if applicable, additional certification of the hoster/provider in accordance with the EU-US Data Privacy Framework DPF
Advertising communication
We process your contact data for the purposes of advertising communication if you have given us your consent to do so. You can revoke this consent at any time. In this case, the data will be deleted and you will no longer be contacted by us for advertising purposes.
On the basis of our legitimate interest, the data may be stored by us as proof of fulfilment of the legal requirements even after you have withdrawn your consent. This storage serves exclusively to defend against possible claims. In this case, the data will be deleted as soon as it is no longer required for this purpose. This is the case as soon as the applicable limitation periods have expired. As a rule, the data of data subjects from the EU will be deleted after three years. For data subjects from Switzerland, the data is generally deleted after one year. In addition, we refer to 4 (Storage period and deletion of personal data) of this privacy policy.
The processing of this data serves exclusively to defend against possible claims. You can submit a request for deletion at any time. In this case, we will delete the stored data prematurely, provided that you also confirm that consent was given for the advertising communication that took place.
Processed data: Contact data (e.g. e-mail address), inventory data (e.g. name, address)
Persons concerned: Communication partner
Purposes of processing: Direct marketing
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (pursuant to Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)
Contact by telephone, fax, email and/or letter post
If you contact us by telephone, fax, e-mail and/or post, the personal data you provide in this context will be processed and stored by us in order to enable us to analyse the communication. The data collected is limited to
First name and surname
Telephone number / e-mail address / postal address
Content of the message or other voluntarily transmitted data
When contacting us via a contact form or our presence on social media, additional data may be collected. The additional data collected includes
IP address
Websites visited
Time of access
The personal data collected by us in this context will not be passed on to third parties unless this is necessary for the proper processing of the matter due to legitimate interests. Personal data may then be transmitted to the customers concerned, freelance employees, co-operation partners and authorities. The legal basis for data processing is legitimate interests. In the case of contact aimed at concluding a contract, the legal basis for processing is legitimate interests.
Processed data: Communication and process data (e.g. IP addresses), content data, contact data (e.g. email address)
Data subjects concerned: Communication partner
Purposes of processing: Collecting feedback, providing an optimised online presence, communication and contact requests
Legal bases: Contractual claims (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (pursuant to Art. 6 and 8 DSG new CH)
Guarantees: If data is transferred to third countries, EU standard contractual clauses are applied and, if applicable, the provider is also certified in accordance with the EU-US Data Privacy Framework DPF.
According to Art. 45 GDPR, all EU Member States are a safe data export country for personal data and currently (last accessed in June 2023) the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom and South Korea have been classified by the European Commission as data protection compliant, meaning that the export of personal data from the EU to these countries is permitted.
When processing personal data from Switzerland in the EU/EEA or the United Kingdom (UK), the Swiss Federal Council currently (last accessed in June 2023) guarantees adequate data protection within the meaning of Art. 16 para. 1 FADP new CH, meaning that the export of personal data from Switzerland to these countries is permitted.
With regard to our telephone numbers, we also refer to the privacy policy of the telephone provider Swisscom (Switzerland) Ltd Alte Tiefenaustrasse 6 CH-3050 Bern:
https://www.swisscom.ch/de/privatkunden/rechtliches/datenschutz.html
2.2 Special data processing /
Data processing on "https://www.franziska-henner.com/"
wix
This website uses the wix.com of Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel. WIX enables us to create, manage and optimise websites, online shops, blogs and other internet services. With WIX, we can design our content such as text, images, videos, audio and other media with a simple drag-and-drop editor on a customised website and share it with other users. When you visit or use our website or web application, personal data such as your IP address, browser type, device type, location, dwell time and interactions are requested and processed during the visit. In addition, we may collect further data from you when you register or log in.
Legal basis: legitimate interests in contract fulfilment and processing (Art. 6 para. 1 sentence 1 lit. f GDPR) consent (Art. 6 para. 1 sentence 1 lit. a GDPR) / legitimate interest in contract fulfilment and processing (pursuant to Art. 6 and 8 DSG new CH), user consent (Art. 31 para. 1 DSG new CH)
Website: https://de.wix.com/ Privacy policy: https://de.wix.com/about/privacy Third country transfer: standard contractual clauses of the EU Commission (Art. 46 GDPR) / data processing in the USA (Art. 17 para. 1 lit. a DSG new CH, Art. 31 para. 1 DSG in conjunction with the DSV new CH)
Processed data: Communication and process data (e.g. IP addresses), usage data (e.g. access times), contact data (e.g. email address), payment data, inventory data (e.g. name, address)
Data subjects: User
Processing purposes: Provision of an optimised online presence, IT infrastructure, security measures
Guarantees: Standard contractual clauses of the EU Commission (Art. 46 GDPR): https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de / guarantee data protection according to the Federal Council of Switzerland (as defined in Art. 16 para. 1 FADP new CH)
3. rights of data subjects
Rights to which you are entitled as a data subject under the GDPR
As a data subject, you have the following rights under the GDPR
Right to information on data processing and data subject rights
You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you also have the following rights. You have the right to receive information from us about your rights under Art. 13-22, 34 GDPR.
Right to revoke consents granted
You have the right to withdraw your consent to the processing of personal data from the controller at any time with effect for the future (Art. 7 para. 3, Art. 8 GDPR) without any disadvantages for you. The processing of the data originally covered by the consent may then no longer be processed by us. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
Right to information
In accordance with Art. 15 GDPR, you have the right to request information about the personal data we have stored about you. You are entitled to the following information
Processing purposes
Categories of personal data that are processed
Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations. In the case of third countries and international organisations, you also have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR.
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data is not collected from you, all available information about the origin of the data
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you
Right to rectification or completion
In accordance with Art. 16 GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning you and the completion of incomplete personal data. We are obliged to comply with this immediately.
Right to erasure (to be forgotten) or destruction
In accordance with Art. 17 GDPR, you have the right to demand the immediate erasure of personal data concerning you.
We are obliged to erase personal data if one of the reasons listed in Art. 17 para. 1 applies. This does not apply to personal data that is subject to a statutory retention and security period, which we must observe, and to the following exceptions regulated in Art. 17 para. 3 GDPR:
to exercise the right to freedom of expression and information
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3)
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing
for the establishment, exercise or defence of legal claims
Right to restriction of processing
You have the right to demand that we restrict processing if one of the requirements of Art. 18 para. 1 GDPR is met.
Right to notification
You have the right to request information from us as to which recipients have been notified that personal data concerning you has been erased, rectified or restricted.
Right to data disclosure or transfer
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
Right to object
In accordance with Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests (Art. 6 para. 1 lit. f GDPR). We may then no longer process the personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of the federal state in which our company is based. You can find a list of data protection authorities at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
Rights to which you are entitled as a data subject pursuant to DSG new CH
As a data subject, you have the following rights under the new Swiss Data Protection Act:
Right to information on data processing and data subject rights
Pursuant to Art. 25 para. 1 DSG new CH, you have the right to obtain confirmation from us as to whether we are processing personal data concerning you.
Right to information
Pursuant to Art. 25 FADP new CH, you are entitled to the following information if you are domiciled or resident in Switzerland
Identity and contact details of the controller
Personal data processed
the purpose of processing
duration of storage of the personal data or criteria for determining the duration
Information about the origin of the personal data, unless obtained from the data subject
the existence of an automated individual decision and the logic on which the decision is based
where applicable, the recipients to whom personal data is disclosed and the information pursuant to Art. 19 para. 4
Right to rectification or completion
Pursuant to Art. 32 Para. 4 DSG new CH, you have the right to demand that we rectify any inaccurate personal data concerning you and complete any incomplete personal data. We are obliged to comply with this without delay.
Right to erasure (to be forgotten) or destruction
Pursuant to Art. 32 para. 2 lit. c) DSG new CH, you have the right to demand the immediate deletion of the personal data concerned. Furthermore, pursuant to Art. 32 para. 2 lit. c) DSG new CH, you have the right to have personal data destroyed.
Right to notification
In accordance with Art. 32 para. 4 DSG new CH, you have the right to request information from us as to which recipients have been informed that personal data concerning you has been deleted, corrected or restricted.
Right to data disclosure or transfer
In accordance with Art. 28 DSG new CH, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.
Right to object
Pursuant to Art. 30 para. 2 lit. b) GDPR new CH, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on legitimate interests. We may then no longer process the personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
Right to lodge a complaint
You have the right to assert your data protection claims by taking legal action or to lodge a complaint with a competent data protection supervisory authority. The competent Swiss data protection supervisory authority for private controllers and federal bodies is the Federal Data Protection and Information Commissioner (FDPIC).
4 Storage period and deletion of
personal data
Unless expressly stated in this privacy policy, we will delete your processed personal data when the reason for processing no longer applies. Statutory retention and storage periods remain unaffected in all cases (e.g. in Germany § 14b UStG, § 257 para. 1 no. 2 and 3 HGB, § 147 AO or in Austria § 1478 ff. ABGB) (e.g. in Switzerland Art. 60 OR) In these and other cases, the storage period and deletion are carried out in accordance with the legal requirements.
5 Changes to this privacy policy
We reserve the right to adapt and amend this privacy policy so that it always complies with current legal requirements and our services. The new privacy policy will then apply from your next visit to our website.
6 Principle of data minimisation and SSL encryption
Your personal data will only be processed if this is necessary in order to provide you with a functioning website on which all our content and services are presented in a technically correct manner. Other processing operations are only carried out regularly on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR / Art. 31 para. 1 DSG new CH, unless data processing is permitted by other legal regulations.
For security reasons and to protect the transmission of personal data, we use SSL encryption.
We also take suitable technical and organisational measures (TOMs) to ensure an appropriate level of protection. The state of the art, implementation costs, type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risks associated with the processing for the rights and freedoms of natural persons are taken into account.
7 Third party data
If, in addition to your personal data, you have also provided us with data of other persons, please inform these persons about the processing of their personal data with the help of this data protection declaration.
8. personal data transfer and third country transfers
In some cases, we work together with third parties when processing personal data, for example with service providers in the context of embedded content such as videos or statistical analyses. Personal data may be passed on in the process. These third parties are in a contract processing relationship or as joint controllers with us. In each case, we use appropriate agreements to ensure that the protection of your personal data required by law and guaranteed by us is complied with in full. These agreements include, in particular, contracts (order processing contracts, standard contractual clauses, etc.).
Some of our contractual partners are based in third countries, which means that data may also be transferred abroad.
If we process personal data in third countries outside the EU or the EEA, lawful processing is ensured by one or more of the following methods:
Transfer to a third country with a recognised level of data protection (Art. 45 GDPR): The EU Commission may determine whether a third country has a data protection concept that is sufficient for the requirements of the GDPR, whereby a transfer to such a third country can take place in compliance with the GDPR. Details can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_de (last accessed on 12/08/2023). The EU Commission's current list of suitable countries can be viewed at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de (last accessed on 12/08/2023).
Transfer subject to appropriate safeguards (Art. 46 GDPR): These guarantees include a commitment to the EU-US Data Privacy Framework (DPF), which came into force on 10 July 2023, and the EU Commission's Standard Contractual Clauses (SCCs). A list of companies that are committed to complying with the DPF can be found at https://www.dataprivacyframework.gov (last accessed on 13/08/2023). The EU Commission's SCCs can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en (last accessed on 13/08/2023).
Existence of a condition (Art. 49 GDPR): For example, the existence of your express consent, the necessity for the fulfilment of a contract or a legal obligation.
Further bases from Art. 44-49 GDPR: The list given here is for the purposes of traceability and transparency and is not exhaustive. The basis for a lawful transfer to a third country is listed in detail below in this privacy policy.
For the disclosure of personal data to third countries outside Switzerland, the Federal Council has published a list of countries with an adequate level of data protection. This can be viewed at https://www.fedlex.admin.ch/eli/cc/2022/568/de#annex_1/lvl_u1 (last accessed on 13.08.2023). If personal data is disclosed by us to a third country without an adequate level of data protection, then only in compliance with the guarantees pursuant to Art. 16 FADP new CH, in particular the use of standard data protection clauses recognised by the FDPIC. Further information on this from the FDPIC himself can be found here: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html (last accessed on 13.08.2023)
Alternatively, data may be disclosed to third countries with your express consent, for the performance of a contract or, for example, to protect overriding public interests (Art. 17 FADP new CH). The individual measures we have taken to ensure disclosure to third countries in accordance with the provisions of the new Swiss Data Protection Act can be found below in the individual sections.
9. contact option for data protection questions
If you have any questions or comments about this privacy policy, please contact us by email at humandesign@gmx.ch.
This privacy policy was generated with www.DatenBuddy.de / www.DatenBuddy.ch the customer terms and conditions of u-create.it UG (haftungsbeschränkt) apply. The generator was created in cooperation with AID24 Rechtsanwaltskanzlei - RA Christoph Scholze and AV-Vertrag.org.