1. What is this privacy policy about?

Thomas Coutandin (hereinafter also «we», «us», «mysmarty.dev») collects and processes personal data concerning you or other persons (so-called «third parties»). We use the term «data» here synonymously with «personal data» or «personal information».

In this privacy policy, we describe what we do with your data when you use mysmarty.dev, our other websites, or our apps (collectively, the «Website»), purchase our services or products, otherwise contract with us, communicate with us, or otherwise deal with us. If necessary, we will inform you in writing of any additional processing activities not mentioned in this privacy policy.

If you provide us with information about other people, such as family members, fellow students, colleagues, etc., we will assume that you are authorized to do so and that this information is correct. By providing information about third parties, you confirm this. Please also ensure that these third parties have been informed of this privacy policy.

This privacy policy is designed to comply with the requirements of the EU General Data Protection Regulation («GDPR»), the Swiss Federal Data Protection Act («FADP»), and the new Swiss Federal Data Protection Act («nFADP»). However, whether and to what extent these laws are applicable depends on the individual case.

2. Who is responsible for processing your data?

Thomas Coutandin is responsible for the data processing by mysmarty.dev described in this privacy policy, unless otherwise communicated in individual cases.

You can contact us for your data protection concerns and to exercise your rights under Section 11 as follows:

Thomas Coutandin
Im Hänsi 1
CH-8708 Männedorf
info@mysmarty.dev

3. What data do we process?

We process various categories of data about you. The main categories are as follows:

• Technical data: When you use our website or other electronic services, we collect the IP address of your device and other technical data to ensure the functionality and security of these services. This data also includes logs in which the use of our systems is recorded. We generally retain technical data for 6 months. To ensure the functionality of these services, we may also assign you or your device an individual code (e.g. in the form of a cookie, see section 12). The technical data itself does not generally allow any conclusions to be drawn about your identity. However, within the framework of user accounts, registrations, access controls or the processing of contracts, it can be linked to other data categories (and thus possibly to you personally). 

Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region and time of use, as well as the type of browser you use to access our electronic offerings. This can help us to transmit the correct formatting of the website. Based on the IP address, we know which provider you use to access our offerings (and therefore also the region), but we cannot generally deduce who you are from this. This changes if, for example, you create a user account, because then personal data can be linked to technical data (we can see, for example, which browser you use to access an account on our website). Examples of technical data also include protocols ("logs") that arise in our systems (e.g. the log of user logins on our website).

• Registration data: Certain offers and services can only be used with a user account or registration, which can be done directly with us or through our external login service providers. You must provide us with certain data, and we collect data about your use of the offer or service. Registration data may be required for access controls to certain facilities; depending on the control system, biometric data may also be required. We generally retain registration data for 12 months after the end of use of the service or the cancellation of the user account.

Registration data includes, among other things, the information you provide when you create an account on our website (e.g., username, password, name, email). Registration data also includes the data we may request from you before you can use certain free services. As part of access controls, we may need to register you with your data (access codes in badges, biometric data for identification) (see the "Other Data" category).

• Communication data: When you contact us via the contact form, by email, telephone, chat, letter, or other means of communication, we record the data exchanged between you and us, including your contact details and the peripheral data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g., a copy of an ID card). We generally retain this data for 12 months from the last exchange with you. This period may be longer if necessary for evidentiary reasons, to comply with legal or contractual requirements, or for technical reasons. Emails in personal mailboxes and written correspondence are generally retained for at least 10 years. Chats are generally retained for 2 years.

Communication data includes your name and contact details, the method, location, and time of communication, and usually also its content (i.e., the content of emails, letters, chats, etc.). This data may also contain information about third parties. For identification purposes, we may also process your ID number or a password you have specified. 

• Master data: We refer to master data as the basic data that we require, in addition to the contract data (see below), for processing our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, for example, about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for such a customer (e.g. as a contact person for a business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising). We receive master data from you (e.g. when making a purchase or as part of a registration), from bodies for which you work, or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.). We generally retain this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if necessary for evidentiary reasons, to comply with legal or contractual requirements, or for technical reasons. For purely marketing and advertising contacts, the period is usually much shorter, usually no more than two years since the last contact.

Master data includes, for example, data such as name, address, email address, telephone number and other contact details, gender, date of birth, nationality, information about associated persons, websites, social media profiles, photos and videos, copies of ID cards; furthermore, information about your relationship with us, information about your status with us, allocations, classifications and distribution lists, information about our interactions with you (possibly a history of these with corresponding entries), reports (e.g. from the media) or official documents (e.g. extracts from the commercial register, permits, etc.) that concern you. As payment information , we collect, for example, your bank details, account number and credit card details. Consent or blocking notes also belong to the master data, as does information about third parties, e.g. contact persons, recipients of services, advertising recipients or representatives.

For contact persons and representatives of our customers and partners, we process master data such as name and address, information on role, function in the company, qualifications and, if applicable, information on superiors, employees and subordinates and information on interactions with these persons.

Master data is not collected comprehensively for all contacts. The specific data we collect depends primarily on the purpose of the processing.

• Contract data: This is data that arises in connection with the conclusion or processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g. information on satisfaction, etc.). We usually collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third-party sources (e.g. providers of credit data) and from publicly accessible sources. We generally retain this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if necessary for reasons of evidence or to comply with legal or contractual requirements, or for technical reasons. 

Contract data includes information about the conclusion of the contract , about your contracts , e.g. the type and date of the contract conclusion, information from the application process (such as an application for our products or services) and information about the contract in question (e.g. its duration) and the processing and administration of the contracts (e.g. information in connection with invoicing, customer service, support with technical matters and the enforcement of contractual claims). Contract data also includes information about defects, complaints and adjustments to a contract, as well as information on customer satisfaction, which we may collect, for example, through surveys. Contract data also includes financial data such as information on creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood that claims will be settled), reminders and debt collection. We receive this data partly from you (e.g. when you make payments), but also from credit agencies and debt collection agencies and from publicly accessible sources (e.g. a commercial register).

• Behavioral and preference data: Depending on our relationship with you, we try to get to know you and better tailor our products, services and offers to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we can also supplement this information with information from third parties - including from publicly accessible sources. Based on this, we can, for example, calculate the likelihood that you will use certain services or behave in a certain way. Some of the data processed for this purpose is already known to us (e.g. when you use our services), or we obtain this data by recording your behavior (e.g. how you navigate our website). We anonymize or delete this data when it is no longer relevant for the purposes pursued. Depending on the type of data, this can be between 2-3 weeks and 24 months (for product and service preferences). This period may be longer if necessary for evidentiary reasons, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website in Section 12.

Behavioral data is information about specific actions, such as your response to electronic communications (e.g., whether and when you opened an email) or your location. We may collect your location data, for example, when you use our website. 

Preference data tells us what your needs are, which products or services might be of interest to you, or when and how you are likely to respond to messages from us. We obtain this information from the analysis of existing data, such as behavioral data, so that we can get to know you better, tailor our advice and offers more precisely to you, and generally improve our offerings. To improve the quality of our analyses, we may link this data with other data that we also obtain from third parties such as address brokers, authorities and publicly accessible sources such as the Internet, e.g. with information about your household size, income bracket and purchasing power, shopping habits and contact details of relatives and anonymous information from statistical offices.

Behavioral and preference data can be evaluated on a personal basis (e.g., to show you personalized advertising), but also non-personally (e.g., for market research or product development). Behavioral and preference data can also be combined with other data (e.g., movement data can be used for contact tracing as part of a health protection concept).

• Other data : You provide us with much of the data mentioned in this section 3 yourself (e.g. via forms, when communicating with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. within the framework of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master, contract and registration data. When using our website, the processing of technical data is unavoidable. If you would like to gain access to certain systems or buildings, you must provide us with registration data. However, with behavioral and preference data you generally have the option of objecting or not giving your consent.

We only make certain services available to you if you send us registration data because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically necessary or because we want to communicate with you. If you or a person you represent (e.g. your employer) wants to conclude or fulfill a contract with us, we must collect the relevant master, contract and communication data from you, and we process technical data if you want to use our website or other electronic services for this purpose. If you do not provide us with the data required to conclude and process the contract, you must expect that we will refuse to conclude the contract, that you will commit a breach of contract or that we will not fulfill the contract. Likewise, we can only send you a response to an inquiry from you if we process the relevant communication data and - if you communicate with us online - possibly also technical data . Using our website is also not possible without us receiving technical data .

Unless prohibited, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) or receive data from authorities and other third parties (such as credit agencies, address dealers, associations, contractual partners, Internet analysis services, etc.).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, credit reports (insofar as we conduct business with you personally), information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as those relating to the fight against fraud, money laundering and terrorism and export restrictions, information from banks, insurance companies and sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments, purchases, etc.), information from the media and the Internet about you (insofar as this is appropriate in the specific case, e.g. in the context of an application, Marketing/sales, etc.), your address and, if applicable, interests and other socio-demographic data (especially for marketing and research) and data in connection with the use of third-party websites and online services, where this use can be assigned to you.

4. For what purposes do we process your data?

We process your data for the purposes explained below. Further information regarding the online area can be found in sections 12 and 13. These purposes and the underlying objectives represent the legitimate interests of us and, where applicable, those of third parties. You can find further information on the legal basis for our processing in section 5.

We process your data for purposes related to communicating with you , in particular to respond to inquiries and assert your rights (Section 11), and to contact you if you have any queries. For this purpose, we use communication data and master data, as well as registration data in connection with the offers and services you use. We retain this data to document our communication with you, for training purposes, for quality assurance, and for follow-up inquiries.

This concerns all purposes for which you and we communicate, whether in customer service or consulting, for authentication when using the website, or for training and quality assurance (e.g., in the area of ​​customer service). We further process communication data so that we can communicate with you via email and telephone, as well as messenger services, chat, social media, and letters. Communication with you usually takes place in connection with other processing purposes, e.g., so that we can provide services or respond to a request for information. Our data processing also serves to document the communication and its content.

We process data for the establishment, administration and processing of contractual relationships .

We enter into various types of contracts with our business and private customers, with suppliers, subcontractors, or other contractual partners, such as partners in projects or parties to legal disputes. In doing so, we process, in particular, master data, contract data, and communication data, and, depending on the circumstances, also registration data of the customer or the persons to whom the customer provides a service.

In the context of initiating business, personal data—in particular master data, contract data, and communication data—is collected from potential customers or other contractual partners (e.g., in an order form or contract) or is derived from communication. Likewise, in connection with the conclusion of a contract, we process data to check creditworthiness and establish a customer relationship. This information is sometimes reviewed to ensure compliance with legal requirements.

As part of the processing of contractual relationships, we process data to manage customer relationships, to provide and enforce contractual services (which also includes the involvement of third parties such as logistics companies, security services, advertising service providers, banks, insurance companies, or credit agencies, which may then provide us with data), for consulting, and for customer service. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as are accounting, contract termination, and public communication.

We process data for marketing purposes and to maintain relationships , e.g. to send our customers and other contractual partners personalized advertising about products and services from us and third parties (e.g. from advertising contractual partners). This can, for example, take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns and can also include free services. You can reject such contacts at any time (see the end of this section 4) or refuse or revoke your consent to be contacted for advertising purposes. With your consent, we can tailor our online advertising on the Internet to suit your needs (see section 12). Finally, we also want to enable our contractual partners to contact our customers and other contractual partners for advertising purposes (see section 7).

We will continue to process your data for market research , to improve our services and operations and for product development .

We strive to continuously improve our products and services (including our website) and to be able to respond quickly to changing needs. We therefore analyze, for example, how you navigate through our website or which products are used by which groups of people and in what way, and how new products and services can be designed (for further details see section 12). This gives us information about the market acceptance of existing products and services and the market potential of new ones. To do this, we process master data, behavioral data and preference data in particular, but also communication data and information from customer surveys, polls and studies and other information, e.g. from the media, social media, the internet and other public sources. Where possible, we use pseudonymized or anonymized information for these purposes. We may also use media monitoring services or conduct media monitoring ourselves and in doing so process personal data in order to conduct media work or to understand and respond to current developments and trends.

We use anonymized location data, for example, to provide our contractual partners with recommendations for avoiding peak times. With your consent, we use non-anonymized location data to inform you of interesting offers and products nearby based on your location, to infer your interests from the location data (length of stay), and to inform you about the products and services other contractual partners with similar interests have used.

We may also process your data for security and access control purposes.

We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations («Compliance»).

5. On what basis do we process your data?

If we ask for your consent for certain processing activities (e.g. for advertising control and behavioral analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with future effect by sending us a written notification (by post) or, unless otherwise stated or agreed, by email; our contact details can be found in section 2. For revoking your consent for online tracking, see section 12. If you have a user account, you can revoke your consent or contact us via the relevant website or other service. As soon as we receive notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.

Where we do not ask for your consent to processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the body you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to pursue the purposes and associated objectives described above in section 4 and to be able to carry out appropriate measures. Our legitimate interests also include compliance with statutory provisions , unless these are already recognized as a legal basis by the applicable data protection law (e.g., in the case of the GDPR, the law in the EEA and Switzerland). This also includes the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.

If we receive sensitive data (e.g., health data, information about political, religious, or ideological views, or biometric data for identification), we may also process your data based on other legal bases, e.g., in the event of disputes due to the necessity of processing for a possible legal process or to enforce or defend legal claims . In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

6. What applies to profiling and automated individual decisions?

We may automatically evaluate certain of your personal characteristics for the purposes stated in Section 4 based on your data (Section 3) («Profiling») if we want to determine preference data, but also to identify misuse and security risks, conduct statistical evaluations, or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, master and contract data, and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics.

In certain situations, for reasons of efficiency and consistency in decision-making processes, it may be necessary for us to automate discretionary decisions concerning you that have legal effects or potentially significant disadvantages («automated individual decisions»). In this case, we will inform you accordingly and provide the measures required by applicable law.

An example of an automated individual decision is the automatic order acceptance by an online shop. This does not refer to purely if-then decisions (e.g., if the computer allows you to access your user account after verifying your password), but rather discretionary decisions (e.g., the decision to enter into a contract). We will inform you on a case-by-case basis if an automated decision leads to negative legal consequences or a similarly significant impairment for you. If you disagree with the outcome of such a decision, you will be able to communicate with a human who will review the decision.

7. Who do we share your data with?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also transmit your personal data to third parties, in particular to the following categories of recipients:

Service providers : We work with service providers in Germany and abroad who process data about you on our behalf or under joint responsibility with us, or who receive data about you from us under their own responsibility (e.g., IT providers, advertising service providers, login service providers, banks, credit agencies, or address verifiers). Our central IT service provider is Google. You can find more information about how Google processes data here; for the use of Google Meet, in particular, here. We use the following services:

• • Visual Studio Code

  • Google Cloud

  • Google Sites

  • Google Analytics

  • Google Ads

  • Google Maps

  • Google Calendar

  • Google Meet

  • WhatsApp

  • Stripe 

To ensure that we can deliver our products and services efficiently and concentrate on our core competencies, we outsource services in numerous areas from third parties. These services include, for example, IT services, the sending of information, marketing, sales, and communications services, debt collection, credit reporting agencies, address checkers (e.g., to update address lists when moving), fraud prevention measures, and services from consulting firms, lawyers, banks, insurers, and telecommunications companies. We provide these service providers with the data they require to provide their services, which may also affect you. These service providers may also use such data for their own purposes, e.g., information about outstanding debts and your payment history in the case of credit reporting agencies or anonymized information to improve their services. We also enter into contracts with these service providers that contain data protection provisions unless required by law. Our service providers may also process data on how their services are used and other data that arises in the context of the use of their services as independent controllers for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers provide information about their independent data processing in their own privacy policies. 

• Contractual partners including customers: This initially refers to our customers (e.g. service recipients) and other contractual partners, because this data transfer arises from these contracts. They receive, for example, registration data for issued and redeemed vouchers, invitations, etc. If you work for such a contractual partner yourself, we can also transfer data about you to them in this context. Other recipients include contractual partners with whom we cooperate or who advertise for us and to whom we therefore transfer data about you for analysis and marketing purposes (these can in turn be service recipients, but also, for example, sponsors and providers of online advertising). We require these partners to only send you advertising or to display advertising based on your data if you have consented to this (for the online area, see Section 12). Our central cooperation partner is Google; our online advertising contractual partners are listed in Section 12.

If you work for a company with which we have a contract, the execution of this contract may require us to inform the company, for example, about how you have used our services. Cooperation and advertising partners receive selected master, contractual, behavioral, and preference data from us so that they can, on the one hand, conduct non-personal evaluations in their area (e.g., about the number of our customers who have viewed their advertisements) and, on the other hand, use the data for advertising purposes (including targeting you). This way, for example, advertising partners can communicate with other suitable customers of ours and send them advertising.

• Authorities : We may disclose personal data to offices, courts, and other authorities at home and abroad if we are legally obliged or authorized to do so, or if this appears necessary to protect our interests. The authorities process the data they receive from us under their own responsibility.

• Other persons : This refers to other cases where the involvement of third parties results from the purposes set out in point 4.

Other recipients include, for example, delivery addresses or third-party payment recipients specified by you, other third parties, including those within the framework of representative relationships (e.g. if we send your data to your lawyer or bank), or persons involved in official or legal proceedings. If we cooperate with the media and send them material (e.g. photos), you may also be affected under certain circumstances. The same applies to the publication of content (e.g. photos, interviews, quotes, etc.) on the website or in other publications from us. As part of our corporate development, we may sell or acquire businesses, parts of operations, assets or companies, or enter into partnerships, which may also result in the disclosure of data (including yours, e.g. as a customer or supplier or as a supplier representative) to the persons involved in these transactions. As part of our communication with our competitors, industry organizations, associations and other bodies, data that also concerns you may also be exchanged.

All of these categories of recipients may, in turn, involve third parties, meaning your data may also be accessible to them. We can restrict processing by certain third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks, etc.).

We reserve the right to disclose such data even if it concerns confidential data (unless we have expressly agreed with you that we will not disclose this data to certain third parties unless we are legally obligated to do so). Notwithstanding this, your data will continue to be subject to appropriate data protection even after disclosure in Switzerland and the rest of Europe. The provisions of Section 8 apply to disclosure to other countries. If you do not wish certain data to be disclosed, please let us know so that we can check whether and to what extent we can accommodate you (Section 2).

In many cases, the disclosure of confidential data is necessary to process contracts or provide other services. Non-disclosure agreements generally do not preclude such data disclosures, nor does disclosure to service providers. However, depending on the sensitivity of the data and other circumstances, we ensure that these third parties handle the data appropriately. We cannot comply with your objection to data disclosure if the data disclosures in question are necessary for our activities.

We also allow certain third parties to collect personal data from you on our website (e.g., providers of tools we have integrated into our website, etc.). Unless we are significantly involved in this data collection, these third parties are solely responsible for it. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly. See Section 12 for the website.

8. Does your personal data also go abroad?

Wie in Ziff. 7 erläutert, geben wir Daten auch anderen Stellen bekannt. Diese befinden sich nicht nur in der Schweiz. Ihre Daten können daher sowohl in Europa als auch in den USA bearbeitet werden; in Ausnahmefällen aber in jedem Land der Welt.

As explained in Section 7, we also disclose data to other entities. These entities are not only located in Switzerland. Your data may therefore be processed in Europe and the USA ; in exceptional cases, however, in any country in the world.

If a recipient is located in a country without adequate legal data protection, we will contractually oblige the recipient to comply with applicable data protection regulations (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here ), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply, in particular, in legal proceedings abroad, but also in cases of overriding public interest or if contract performance requires such disclosure, if you have consented, or if the data concerned has been made publicly available by you and whose processing you have not objected to.

Many countries outside Switzerland or the EU and EEA do not currently have laws that guarantee an adequate level of data protection from the perspective of the Data Protection Act or the GDPR. The contractual provisions mentioned above can partially compensate for this weaker or lacking legal protection. However, contractual provisions cannot eliminate all risks (particularly from government access abroad). You should be aware of these residual risks, even if the risk may be low in individual cases and we take further measures (e.g., pseudonymization or anonymization) to minimize it.

Please also note that data exchanged over the internet is often routed through third countries. Therefore, your data may be transferred abroad even if the sender and recipient are located in the same country.

9. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidentiary purposes require, or as long as storage is technically necessary. Further information on the respective storage and processing periods can be found for each data category in Section 3 or for the cookie categories in Section 12. Unless there are any legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired, as part of our usual procedures.

10. How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, accidental alteration, unwanted disclosure or unauthorized access.

Technical and organizational security measures may include measures such as data encryption and pseudonymization, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements, and controls. We protect your data transmitted via our website during transport using appropriate encryption mechanisms. However, we can only secure areas that we control. We also require our processors to take appropriate security measures. However, security risks cannot generally be completely eliminated; residual risks are unavoidable.

11. What rights do you have?

Das anwendbare Datenschutzrecht gewährt Ihnen unter bestimmten Umständen das Recht, der Bearbeitung Ihrer Daten zu widersprechen, insbesondere jener für Zwecke des Direktmarketings, des für Direktwerbung betriebenen Profilings und weiterer berechtigter Interessen an der Bearbeitung.

Applicable data protection law grants you the right to object to the processing of your data under certain circumstances, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing.

To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

• The right to request information from us as to whether and which data we process about you;

• the right to have us correct data if it is inaccurate;

• the right to request the erasure of data;

• the right to request that we provide you with certain personal data in a commonly used electronic format or to transmit them to another controller;

• the right to withdraw consent to the extent that our processing is based on your consent;

• the right to request further information necessary to exercise these rights;

• the right to express your point of view in the case of automated individual decisions (point 6) and to request that the decision be reviewed by a natural person.

If you wish to exercise the above-mentioned rights , please contact us in writing, at our premises or, unless otherwise stated or agreed, by email; our contact details can be found in section 2. In order to rule out misuse, we must identify you (e.g. with a copy of your ID, unless this is not possible otherwise).

You also have these rights with regard to other parties that work with us independently – please contact them directly if you wish to exercise your rights in connection with their processing. Information about our important cooperation partners and service providers can be found in Section 7, and further information can be found in Section 12.

Please note that these rights may be subject to conditions, exceptions, or limitations under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.

In particular, we may need to further process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the assertion, exercise, or defense of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may therefore reject a data subject's request in whole or in part (e.g., by redacting certain content concerning third parties or our trade secrets).

If you disagree with how we handle your rights or data protection, please let us or our data protection officer (Section 2) know. In particular, if you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to complain to your country's data protection supervisory authority. A list of authorities in the EEA can be found here. You can contact the United Kingdom supervisory authority here. You can contact the Swiss supervisory authority here.

12. Do we use online tracking and online advertising techniques?

We use various technologies on our website that allow us and our third parties to recognize you during your visit and, under certain circumstances, track you across multiple visits. We'll inform you about this in this section.

Essentially, this means that we can distinguish your access (via your system) from that of other users, so that we can ensure the functionality of the website and carry out analyses and personalization. We do not intend to draw conclusions about your identity, even if we can do so if we or third parties we engage can identify you by combining your data with registration data. Even without registration data, the technologies used are designed in such a way that you are recognized as an individual visitor each time you access a page. For example, our server (or the third-party servers) assigns you or your browser a specific identification number (a so-called «Cookie»).

Cookies are unique codes (e.g., a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website. These codes are received by your system (browser, mobile) and stored until the programmed expiration date. With each subsequent access, your system transmits these codes to our server or the third-party server. This allows you to be recognized, even if your identity is unknown.

Other techniques may also be used to recognize you with a greater or lesser degree of probability (i.e., to distinguish you from other users), such as «fingerprinting». Fingerprinting combines your IP address, the browser you use, the screen resolution, the language you select, and other information your system sends to each server, resulting in a more or less unique fingerprint. This eliminates the need for cookies.

Whenever you access a server (e.g., when using a website or app, or because an image is visibly or invisibly embedded in an email), your visits can be tracked. If we integrate offers from an advertising partner or provider of an analytics tool on our website, they can track you in the same way, even if you cannot be identified in individual cases.

We use such technologies on our website and allow certain third parties to do the same. You can program your browser to block, spoof, or delete certain cookies or alternative technologies. You can also enhance your browser with software that blocks tracking by certain third parties. Further information can be found in your browser's help pages (usually under the heading «Privacy») or on the websites of the third parties listed below.

The following cookies are distinguished (techniques with comparable functionality such as fingerprinting are included here):

• Necessary cookies: Some cookies are necessary for the website to function properly or for certain features to work. For example, they ensure that you can navigate between pages without losing any information you have entered into a form. They also ensure that you remain logged in. These cookies are temporary («session cookies»), and if you block them, the website may not work. Other cookies are necessary so that the server can remember decisions you have made or inputs you have made beyond a session (i.e., one visit to the website) if you use this feature (e.g., language selection, consent given, automatic login, etc.). These cookies have an expiry date of up to 24 months. 

• Performance cookies: To optimize our website and related offerings and better tailor them to user needs, we use cookies to record and analyze website usage, possibly even beyond the session. We do this by using third-party analytics services. We have listed these below. Performance cookies also have an expiration date of up to 24 months. Details can be found on the third-party websites.

• Marketing cookies: We and our advertising partners have an interest in targeting advertising precisely, i.e. showing it only to those we want to reach. We have listed our advertising partners below. For this purpose, we and our advertising partners - if you consent - also use cookies that can record the content accessed or contracts concluded. This enables us and our advertising partners to display advertising that we believe will be of interest to you, on our website, but also on other websites that display advertising from us or our advertising partners. These cookies have an expiry period of a few days to 12 months, depending on the situation. If you consent to the use of these cookies, you will see corresponding advertising. If you do not consent to these cookies, you will not see fewer ads, but simply different advertising. 

In addition to marketing cookies, we use other technologies to control online advertising on other websites and thereby reduce wastage. For example, we can transmit the email addresses of our users, customers, and other people to whom we want to display advertising to operators of advertising platforms (e.g., social media). If these people are registered there with the same email address (which the advertising platforms determine through a comparison), the operators will show the advertising we place to these people in a targeted manner. The operators do not receive personal email addresses from people they do not already know. However, with known email addresses, they learn that these people are connected to us and what content they have accessed.

We may also integrate other third-party offerings on our website, particularly those from social media providers. These offerings are deactivated by default. As soon as you activate them (e.g., by clicking a button), the respective providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offerings. These social media providers process this data under their own responsibility.

We currently use offers from the following service providers and advertising partners (insofar as they use your data or cookies set on your computer to control advertising):

• Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its data processor (both “ Google ”). Google uses performance cookies (see above) to track the behavior of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and uses this information to compile reports on website usage for us. We have configured the service so that Google’s IP addresses in Europe are shortened before being forwarded to the USA, so they cannot be traced back. We have deactivated the «Data Sharing» and «Signals» settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data to draw conclusions about the identity of visitors for its own purposes, create personal profiles, and link this data to these individuals’ Google accounts . If you consent to the use of Google Analytics, you explicitly consent to such processing, which may also involve the transfer of personal data (in particular website and app usage data, device information, and unique IDs) to the USA and other countries. Information on Google Analytics' privacy policy can be found here, and if you have a Google Account, further information on Google's processing can be found here.

• Google Ads

• Google Sites

13. What data do we process on our social media pages?

We may operate pages and other online presences on social networks and other platforms operated by third parties ("fan pages", "channels", "profiles", etc.) and collect the data about you described in Section 3 and below. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g., to personalize advertising) and to control their platforms (e.g., which content they display to you).

We process this data for the purposes described in Section 4, in particular for communication, marketing purposes (including advertising on these platforms, see Section 12), and market research. Information on the relevant legal bases can be found in Section 5. We may further disseminate content you publish yourself (e.g., comments on an announcement) (e.g., in our advertising on the platform or elsewhere). We or the platform operators may also delete or restrict content from or about you (e.g., inappropriate comments) in accordance with the terms of use.

For further information on the processing activities of the platform operators, please refer to the platform's privacy policy. There you will also learn in which countries they process your data, what rights you have to information, erasure, and other data subject rights, and how you can exercise these rights or obtain further information. We currently use the following platforms:

• Google Maps. Here you can find our Google Business Profile.

14. Can this privacy policy be changed?

This privacy policy is not part of any contract with you. We may modify this privacy policy at any time. The version published on this website is the most current version.

Last updated: May 11, 2025