1. Preamble
We take the protection of your personal data very seriously. This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as data or personal data) within our website and its associated websites, functions and content as well as external online presences and our related services (hereinafter collectively referred to as the Website).
We (hereinafter referred to as the “Company”) processes information and personal data about you. In principle, this information processing is carried out by the company in the context of existing or prospective business relationships, including the use of the website. The company strives for the best possible protection of your personal data.
The responsible party (data controller) within the meaning of the EU General Data Protection Regulation (hereinafter "GDPR") is the media owner and publisher.
This privacy policy (hereinafter "Privacy Policy") describes the processing of personal data in connection with the provision of services by the Company and its Website. The basis of this Privacy Policy is the GDPR, the Data Protection Act (DPA) and the relevant special legal regulations.
The Company reserves the right to adjust the Statement if necessary. In case of such adjustments, you should check whether you agree with the changes.
2. Processing of personal data
Personal data
Personal data is any information by which a natural person can be identified, directly or indirectly. This includes, for example, name, address, e-mail address, telephone number, date of birth, age, gender, tax identification number. Sensitive data (a particularly protected category of data), such as health data or data in connection with criminal proceedings, are also included.
The Company collects, processes and uses your personal data exclusively in accordance with the requirements of Art. 5 and 6 GDPR (contract, legal obligation, legitimate interest or consent of the data subject).
We only collect personal data that is required for the implementation and processing of our services or that you have voluntarily provided.
- Types of data processed:
– Existing data (e.g., names, addresses).
– Contact data (e.g. e-mail, telephone numbers)
– Content data (e.g. text input, photographs, videos, documents)
– Usage data (e.g. websites visited, interest in content, access times)
– Meta/communication data (e.g. device information, IP addresses)
Processing
The processing of personal data of our users is limited to those data that are necessary for the provision of a functional website and our content and services. Thus, personal data is processed (i) for the performance of a contract, (ii) to comply with our legal obligations, (iii) to pursue our legitimate interests, and (iv) to carry out obligations in the public interest. We only collect personal data that is actually required for the performance and execution of our tasks and services or that you have voluntarily provided to us.
3. Your rights (data subject rights)
Right of access and data portability
You have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or opposition, data transfer (unless in the case of data transfer a disproportionate effort is caused), the origin of your data, unless it was collected by us, and the existence of automated decision-making, including profiling.
A request for information, together with proof of identity, must be sent in writing to the person responsible (see section 11).
After receipt of your request for information, you will be informed within the statutory period of 30 days whether your request for information can be complied with. The information may be refused, restricted or postponed if this is required by law or due to the predominant interest of a third party or the requested company.
The request for information may be combined with a request for correction or deletion of data.
Right to rectification or erasure (right to be forgotten)
You have the right to request, in writing and free of charge, the rectification or deletion of data concerning you, insofar as they are inaccurate or have been wrongly stored or processed. A justified request for rectification or deletion must be addressed to the data controller, accompanied by proof of identity.
Your request for correction or deletion will be processed within a reasonable period of time after receipt. The completion of your request for correction or deletion will subsequently be confirmed to you.
Under certain circumstances, legal regulations may prevent deletion. In such a case, the company will only process the data relating to you to the extent necessary to fulfill the legal obligations.
Right of objection or revocation
You have the right to object in writing to the processing of data concerning you, in whole or in part, or to withdraw your consent to data processing. An objection or revocation must be sent in writing to the data controller together with proof of identification.
The receipt of your objection or revocation will be confirmed to you and subsequently the data concerned will be deleted.
Compliance with an objection or revocation may, under certain circumstances, be precluded by legal regulations. In such a case, the company will only process the data concerning you to the extent necessary to fulfill its legal obligations.
Right to restriction of processing
You have the right to block the data concerning you from being disclosed to third parties. A request for blocking must be sent in writing to the person responsible, enclosing proof of identity.
Receipt of your request for blocking will be confirmed and your request will be processed within a reasonable period of time.
Under certain circumstances, a blocking may be precluded by legal regulations. In such a case, the company will only disclose the data concerning you to third parties to the extent necessary to fulfill its legal obligations.
Right of complaint
If you believe that the processing of your personal data by us is contrary to the applicable data protection provisions, you have the right to lodge a complaint with the competent supervisory authority. You may also contact another supervisory authority of an EU or EEA member state, for example at your place of residence or place of work or at the place of the alleged violation.
4. Collection of general data and information
We conduct our own web analyses on our website, but we do not use any web analysis tool (such as Google Analytics). Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected in the process:
- Information about the browser type and version used
- operating system used
- Referral URL (the previously visited website)
- host name of the accessing computer (IP address)
- date and time of the server request
- amount of data transferred
- Message about successful retrieval
We store this information for a maximum period of six months. The storage is done for data security reasons to ensure the stability and operational reliability of our system. The data is used internally for forensic investigations in the event of hack attacks or for other security-related analyses. In this way, we guarantee the security of your data on our systems and ensure that countermeasures are taken quickly to protect your data in cases of suspicion. This data is not merged with others.
5. Data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. You can see whether an individual page is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser. In addition, we use other appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
6. Hosting and e-mailing
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this website.
7. Transfer of personal data to third parties
Personal data collected in the course of the Company's business activities shall not, as a rule, be disclosed to third parties.
For the fulfillment of engagements, however, it is possible that your data will be forwarded to third parties due to technical necessities or legal requirements. A forwarding of your data takes place according to the regulations of the GDPR.
We further inform you that the Company may obtain information about you from third parties in the course of its business and in order to comply with legal obligations.
The Company transfers your personal data only to countries that have been certified by the EU Commission as having an adequate level of data protection. If the Company transfers your personal data to countries that do not have a level of data protection certified as adequate, the Company will take measures to ensure the protection of your data by contracting with recipients in those countries under the standard contractual clauses (2010/87/EC and/or 2004/915/EC).
8. Protection of personal data
The Company shall take appropriate technical and organizational measures with regard to data processing and data storage as well as with regard to its website in order to protect all data from loss, unauthorized access or misuse.
Notwithstanding the measures taken to protect the data, you must be aware that the transmission of data via the Internet - this applies to both websites and e-mail services - is uncontrolled and cross-border. Even if the sender and the recipient are in the same country, there may be cross-border data transmission. The company can therefore not guarantee the confidential treatment of data transmitted via the Internet. If you disclose personal data via the Internet, you must be aware of the fact that third parties may access, read, modify, falsify, monitor, destroy or misuse the data. Data transmission may also be delayed. Furthermore, the data may be lost during transmission. Furthermore, third parties could draw conclusions about existing business relationships. Therefore, the company cannot assume any responsibility for the security of your data during transmission via the Internet and disclaims any liability for direct and indirect damage.
9. Storage and retention of personal data
The Company's systems required for data processing are located in Switzerland. The data transmitted by you will be stored for at least six months and will remain stored as long as this is operationally necessary or required by law.
10. File downloads
We do not require you to provide any personal information in order for you to download files from our website.
11. Contact
When contacting us by e-mail or other electronic message, your information will be stored and used only for the processing of the request and possible related questions. The legal basis for processing your request is Art. 6 para. 1 lit. b GDPR. We will delete your email address after your request has been dealt with.
If you have any questions regarding data protection and data processing, please contact the data controller in writing. You can reach the responsible person under the following email address: info@tabeafrei.ch