We provide information on the collection of personal information when using our website below. Personal data is any data that personally refers to you, so for example, name, address, email addresses, user behaviour. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our safety procedures are regularly checked and adapted with the latest technological advancements.
1 Those responsible for data processing
Responsible parties in accordance with Article 4 Paragraph 7 EU General Data Protection Regulation (GDPR) is Internet Institut Zürich GmbH, Triemlistrasse 132, 8047 Zürich, email:firstname.lastname@example.org
2 Contact option for the data protection officer
Please write us an email at email@example.com.
3 Your rights
You have the following rights towards us regarding your personal data: 3.1 General rights You have a right to access, rectification, cancellation, restriction of processing, objection to processing and data transferability. If a processing is based on your consent, you have the right to revoke this consent with effect for the future.
3.2 Rights in data processing according to the legitimate interest
You have the right, pursuant to Art. 21 Paragraph 1 GDPR, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you on the basis of Art. 6 Paragraph 1e GDPR (data processing in the public interest) or on the basis of Article 6 paragraph1f GDPR (data processing to safeguard a legitimate interest), including profiling based on this provision based on these provisions. In the event of your objection, we will no longer process your personal data unless we can show compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
3.3 Rights related to direct advertising
If we process your personal data in order to carry out direct advertising, you have the right pursuant to Art. 21 Paragraph 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling in so far as it is related to such direct marketing. In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes
3.4 The right of appeal to a supervisory authority
You also have the right to lodge a complaint to a data protection supervisory authority concerning our processing of your personal data. 4 Collection of personal data when visiting our website If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security. The legal basis for this is Art. 6 Paragraph 1f GDPR:
IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system, and its interface, language and version of the browser software, Dwell time, click path / actions / interactions with the website.
- URL – the URL of the page viewed by a user
- Title – the page title of the page viewed by a user
- Visiting Time – How long a user was on the site and how long on each subpage
- Referrer – From which source a user comes to the website
- Browser – Name of the browser used
- Viewport – size of the browser window
- Screen resolution – the screen resolution that the user uses
- Operating system – name of the operating system used User information:
- Location – based on the IP address, which is anonymized by not passing the last octet of the address. The determination of location is thus only approximately possible
- Language – language of the user, based on the language setting of the browser
5 Contact us by e-mail or through the contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, and if applicable your name and your telephone number) will be stored by us in order to answer your questions. If we use our contact form to request information that is not required to establish contact, it will always be marked as optional. These details help us answer your inquiry and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 Paragraph1a GDPR. If this includes information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request. You can of course revoke this consent at any time in the future. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.
6.1 General information
With your consent according to Art. 6 Paragraph 1a GDPR you can subscribe to our newsletter, in which we inform you about our current offers. To register for our newsletter, we use the “double opt-in” procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The only required information for sending the newsletter is your name, surname and email address. The disclosure of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Paragraph 1a GDPR. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a contact request to the data protection officer specified above.
6.2 Newsletter tracking
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which are stored on our website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. This means we can record when you read our newsletter, which links you click on in it, and keep track of your personal interests. We link these data with how you use our website. You can object to this tracking at any time by clicking on the separate link provided in each e-mail. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will occur.
7 Registration and use of the portal
You have the possibility to register with us and create a customer account. For registration we collect and store the following data from you: – First name – Last name – Email (username) – Password – Country We use the “double opt-in” procedure for registration, i.e. your registration is not complete until you have confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. It is obligatory to provide the aforementioned data; all further information can be provided voluntarily by using our portal. After successful registration, you will receive a personal, password-protected access and you can view and manage the data you have provided. Registration is voluntary, but may be a prerequisite for using our services. If you use our portal, we store any data from you that is necessary for the fulfilment of the contract, potentially along with information on the method of payment, until you delete your access with final effect. Furthermore, we will store the optional data provided by you for the duration of your use the of portal, unless you delete it prior to this. You can manage and change all information in the protected customer area. The legal basis is Art. 6 Paragraph 1 a, b and f GDPR.
8 Online orders – Shop
When you place an online order on our website, we collect the various data required to conclude the contract. The legal basis is the conclusion and execution of a contract in accordance with Art. 6 Paragraph 1b GDPR. The data will be stored for the duration of the contract and in accordance with legal obligations. For payment processing, we use various payment service providers who are always identified and who directly accept your entries and are therefore recipients of your personal data collected in connection with the payment transaction. The legal basis for the involvement of payment service providers is the execution of the contract in accordance with Art. 6 Paragraph 1b GDPR. The storage for the purpose of payment takes place for the duration of the payment processing.
9 Participation in competitions
When you participate in sweepstakes, we collect the data necessary to conduct the sweepstake. These are usually an individual competition entry (e.g. a comment or a photo), as well as name and contact details. We may pass on your data to our competition partners, e.g. to send you the prize. The processing and transfer of data may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the related data collection is of course voluntary. The legal basis for data processing is your consent pursuant to Art. 6 Paragraph 1a GDPR. Your data will be deleted after the end of the competition.
10 Job applications
You can apply to our company electronically, in particular via e-mail or web forms. We will of course use your details exclusively for processing your application and will not pass them on to third parties. Please note that unencrypted e-mails are not transmitted with access protection. You can also apply via our online application portal. Your online application will be forwarded directly to the HR department via an encrypted connection and will of course be treated confidentially. We will of course use your details exclusively for processing your application and will not pass them on to third parties. Further information on data processing within the application procedure can be found in the data protection declaration of our application portal. If you have applied for a specific position and it has already been filled or if we consider you suitable for another position, we would be happy to forward your application within the company. Please let us know if you do not agree to this forwarding. Your personal data will be deleted immediately after completion of the application process or after a maximum of 6 months, unless you have expressly given us your consent to store your data for longer or a contract has been concluded. The legal basis is Art. 6 Paragraph 1 a, b and f GDPR and § 26 BDSG.
11 Use of Social Plugins
This site uses social plugins. These plugins usually collect data from you by default and transmit them to the servers of the respective provider. In order to guarantee the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin without your consent. When visiting a page on which the plugins are integrated, these are initially deactivated. Only when you click on the respective symbol are the plugins activated and you thereby give your consent that your data can be transferred to the respective provider. The legal basis for the use of the plugins is Art. 6 Paragraph 1 a and f GDPR. After activation, the plugins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored. Furthermore, activated social plugins use a cookie with a unique identifier when connecting to the respective website. This also allows providers to create profiles of your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged in to the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact extent of the data collected from you by the respective provider. For more information about the scope, type and purpose of data processing and about rights and setting options for the protection of your privacy, please refer to the data protection information of the respective provider of the social network. These can be found at the following addresses:
12.1 Transient Cookies
These cookies are automatically deleted when you close your browser. These include session cookies, in particular. These store a session ID which assigns the various requests made by your browser during the joint session. This allows your computer to be recognized when you return to the site. Session cookies are deleted when you log out or close the browser.
12.2 Persistent cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
12.3 Flash cookies
The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.
12.4 Prevention of cookies
You can configure your browser settings according to your needs and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
12.5 Legal bases and storage period
The legal bases for possible processing of personal data and their storage duration vary and are described in the following sections.
13 Website analysis
For the purpose of analysing and optimising our websites we use various services, which are described below. For example, we can analyze how many users visit our site, which information is most in demand or how users find the offer. Among other things, we collect data about the website from which a person has accessed a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected is not used to personally identify individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6 Paragraph 1f GDPR.
13.1 Google Analytics
14.1 Facebook Pixel, Custom Audiences and Facebook Remarketing
Within our online offer and due to our legitimate interests in the analysis, optimization and economic operation of the online offering, the so-called “Facebook Pixel” of the social network Facebook, which is owned by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland, 4 Grand Canal, Grand Canal Harbor, Dublin 2, Ireland is used. With the help of the Facebook pixel, it is on the one hand possible for Facebook to designate the visitors of our offer as a target group for the presentation of advertisements, the so-called “Facebook ads”. Accordingly, we use the Facebook pixel in order to show our Facebook ads only to Facebook users who are relevant to us as a target group.Opt-out cookies prevent future acquisition of your data when you visit this website, if you click on this link: deactivate Facebook Pixel
Opt-out cookies prevent future acquisition of your data when you visit this website, if you click on this link: deactivate Twitter pixel
Opt-out cookies prevent future acquisition of your data when you visit this website, if you click on this link: deactivate LinkedIn pixel
15 Transmission of data
A transfer of your data to third parties does not take place, unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have previously expressly consented to the transfer of your data. External service providers and partner companies such as online payment providers or the shipping company commissioned with the delivery will only receive your data if this is necessary to process your order. In these cases, the amount of data disclosed is limited to the required minimum. Insofar as our service providers come into contact with your personal data, we ensure in the context of order processing acc. to Art. 28 DSGVO that they comply with the provisions of data protection laws in the same way. Please also note the respective data protection information of the providers. The respective service provider is responsible for the content of external services, whereby we check the compliance of the services with the legal requirements within the scope of reasonableness. It is important to us to process your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection is established at the recipient prior to the transfer of your personal data. This means that a data protection level comparable to the standards within the EU is achieved via EU standard contracts or an adequacy decision, such as the EU Privacy Shield.
16 Data security
Your personal data is securely transmitted by encryption. We use the coding system SSL (Secure Socket Layer). We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our safety procedures are regularly checked and adapted with the latest technological advancements.
As of May 2018