Privacy Policy

Preamble

I attach great importance to maintaining your privacy and protecting your personal data. For this reason, I am using this data protection declaration to inform you about the processing of your personal data so that you can safely visit my website knowing and trusting that I will only handle your data in accordance with this data protection declaration and in accordance with legal regulations. The declaration transparently explains to you what types of personal data are affected and how, to what extent and for what purpose they are processed by me. The data protection declaration is comprehensive and therefore applies to all processing activities carried out by me. You are not obliged to provide me with personal data. However, I may then not be able to evaluate and process your request in accordance with your interests.

Personal data is any information relating to an identified or identifiable person.

Responsible body
Below is information about the responsible body or person responsible according to the applicable data protection laws, as well as your contact options for data protection questions:

SubWelt
digital nomad
Switzerland – Spain – Portugal

This data protection declaration informs those affected about the purposes, scope and type of processing of personal data by the above-mentioned responsible body. The responsible body here is the natural person who decides on the means and purposes of processing personal data alone or jointly with other persons. The person responsible is the person you can contact if you have any questions or to assert your rights and are entitled to an answer.

I take the issue of data protection very seriously and therefore work with certified data protection officers/data protection consultants. However, I am not legally obliged to appoint a data protection officer/data protection advisor and have therefore not appointed a data protection officer/data protection advisor. If you have any questions about data protection, I will be happy to help you in detail using the contact details provided.

Legal basis for data processing

According to the GDPR, personal data may only be processed within the EU/EEA with a legal basis in accordance with Article 6 GDPR. In most cases, this is a legitimate interest on my part (Art. 6 Para. 1 S. 1 lit. f) GDPR) or your consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) as long as you give it . If you are in a contractual relationship with me or are in the process of entering into one, this also constitutes the processing of personal data (Art. 6 para. 1 sentence 1 lit. b) GDPR). There is also the possibility of fulfilling a legal obligation for processing on my part (Art. 6 Para. 1 S. 1 lit. c) GDPR). The legal basis applicable in each individual case is listed below in this data protection declaration. Please also note that, depending on your registered office or location, additional data protection regulations, in particular national regulations, may apply.

We process personal data of those affected in Switzerland in accordance with the Swiss Data Protection Act (DSG new CH), which comes into force on September 1st, 2023. Unlike the GDPR, according to the DSG new CH, the processing of personal data is generally permitted without a legal basis. However, the word legal basis is used in some places in the text for the purpose of standardization, even if this is not necessary under Swiss law, but reference is made to the appropriate DSG new CH standard. When processing, I adhere to the principles of Art. 6 DSG new CH. These include, in particular, processing in good faith and for a specific and identifiable purpose, the proportionality of the processing, and the destruction or anonymization of personal data as soon as the purpose of the processing no longer applies and the processing is no longer necessary.

Since this data protection declaration may also be used across countries, we use the wording of the GDPR for the following synonymous terms:

Term GDPR equivalent DSG new CH

Processing Processing
Personal Data Personal Data
Legitimate interest Overriding interest
Special categories of personal data Particularly sensitive personal data
Transmission of personal data Disclosure of personal data

Type and purpose of the use of personal data as well as their collection and storage
General information

Depending on your use of my offer, we process different personal data for different purposes.

Various purposes may include, in particular, the provision of my website, the management of my IT infrastructure, security measures, office procedures, organizational management and marketing. Furthermore, the purpose of the processing can be the fulfillment of contractual obligations including the provision of a contractually owed service, as well as the communication, administration and answering of contact and other inquiries and/or the implementation of competitions.

For these purposes, we process different types of data, primarily inventory, usage, content and/or meta data, but also payment, contact, communication, location, other contract and/or procedural data, as well as event data. The types of data processed are always limited depending on the relevant purpose.

The following categories of people may be affected by my processing of personal data: users and interested parties; Customers, applicants, business and other contractual partners; other communication partners, participants in competitions or similar competitions and members.

The respective purposes, types of data and affected persons are listed in detail below.

2.1 When you visit “https://subwelt.com/”, general data processing and data processing that goes beyond the website

Server log files

When you access my website, the following data is automatically processed, which is necessary to be able to easily establish the connection between your device and my website and to display the website properly:

IP address
Name and address of the website and files visited
Access time
Notification of successful retrieval
Operating system and browser used
Referrer URL
Internet provider

The personal data processed also serves to optimize and ensure the security of the website and the information technology systems.

The legal basis for the processing of this data is my legitimate interest, which provides for the processing of personal data to protect the legitimate interests of the person responsible. The legitimate interests arise from the reasons above. The data will be deleted as soon as it is no longer needed, which is the case when the session ends, unless there is a legitimate interest in further storage (e.g. unlawful access).

Processed data: communication and procedural data (e.g. IP addresses), usage data (e.g. access times)
Data subjects: Users
Processing purposes: Providing an optimal online presence, IT infrastructure; Safety measures
Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) consent (Art. 6 Para. 1 S. 1 lit. a GDPR) / legitimate interest in the provision of an online offer (according to Art. 6 and 8 DSG new CH), consent of the participants (Art. 31 Para. 1 DSG new CH)

Guarantees: Order data processing contract and, if data is transferred to third countries, the application of EU standard contractual clauses and, if necessary, additional certification of the hoster / provider according to the EU-US Data Privacy Framework DPF.

According to Art. 45 GDPR, all EU member states are a safe data export country for personal data as well as currently (last accessed in June 2023) the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom and South Korea have been classified as data protection compliant by the European Commission, meaning that the export of personal data from the EU is permitted there.

According to the Swiss Federal Council (last accessed in June 2023), when personal data from Switzerland is processed in the EU/ERW or the United Kingdom (UK), appropriate data protection within the meaning of Art. 16 Para. 1 DSG new CH is currently required (last accessed in June 2023). guaranteed, so that data export of personal data from Switzerland is permitted to these countries.

With regard to my website, I also refer to the data protection declaration of the hosting provider METANET AG Josefstrasse 218, 8005 Zurich, Switzerland:
https://www.metanet.ch/de/ueber-metanet/datenschutzerklaerung

Business services and applications

If you have a contractual or contract-like legal relationship with me as a business partner, applicant, customer or other contractual partner, we generally process your personal data to fulfill my obligations from this relationship – the provision of the owed service or pre-contractual measures. In addition, depending on the individual data, there may be legal obligations for processing, such as tax obligations. We also regularly have a legitimate interest in processing, in particular for the proper management and protection of business operations. Your data will only be passed on to third parties in accordance with legal requirements. The data processed includes, in particular, inventory and contact data (name, address, telephone number, email address) as well as payment data (bank details, invoices). If you use my website as part of the contractual relationship, corresponding usage and meta data (e.g. IP address, time and duration of access, any consent) may also be processed.

We generally process this personal data after the contractual relationship has expired for as long as any statutory warranty or comparable obligations exist or as long as statutory retention periods exist.

We would like to point out that third party terms and conditions and data protection notices may also apply if these become part of the contractual relationship. This may be the case if we use or commission third party providers to fulfill my services and obligations.

Processed data: communication and procedural data (e.g. IP addresses), usage data (e.g. access times), contact data (e.g. email address), payment data, inventory data (e.g. name, address)
Affected persons: interested parties, applicants, customers, contractual and business partners
Processing purposes: ensuring contractual services/obligations, communication and contact requests, office and organizational procedures; Check security measures, administration, suitability for a position
Legal basis: Contractual claims (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligations (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR) / legitimate interest (according to Art. 6 and 8 DSG new CH)
Completion of tasks according to the rules of procedure or statutes

If you are a member or have a comparable relationship with me, for example as a supporter or business partner, we process personal data when carrying out my tasks and receiving donations or other services. This may also include a legitimate interest on my part, for example in organizational tasks. The exact data processed depends on the relevant membership or other contractual relationship. As a rule, this involves inventory and contact data (name, address, telephone number, email address), payment data (bank details, invoices) and other contract data (term, subject matter of the contract).

We process this data as long as it is necessary for the relevant statutory purposes. This also includes any warranty and liability obligations. Once these purposes no longer apply, we will destroy the data, with the exception of data for which there are statutory retention requirements.

Processed data: contract data (e.g. subject matter of the contract), contact data (e.g. email address), payment data, inventory data (e.g. name, address)
Affected persons: users, members, contractual and business partners
Processing purposes: ensuring contractual services/obligations, communication and contact requests, administration
Legal basis: Contractual claims (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR) / legitimate interest (according to Art. 6 and 8 DSG new CH)

If we use so-called cookies – small text files – to operate this website, these will be stored on your device and are intended, for example, to ensure the functionality of the website or to enable analysis of website usage. In this case, personal data is processed. Details about individual cookies, such as the respective legal basis (e.g. consent or legitimate interest), the storage period, or revocation and objection options, are then listed in detail below in the cookie management. With regard to the use of cookies, those affected generally have the right to object or the option to deactivate them in the browser settings. However, we would like to point out that this may no longer guarantee full functionality of the website.

If we use cookies, this is done either on the legal basis of your consent, or with a legitimate interest, for example to improve my website functions, or to fulfill contractual obligations, if a cookie is necessary, for example, to conclude a contract. Cookies are stored for different lengths of time. Some cookies are only temporary and will be deleted at the latest when you close your browser or app. Other cookies are permanently stored on your device. You can delete the cookies permanently stored on your device at any time. Alternatively, please see the cookie management tool to find out when cookies are automatically deleted.

You can adjust the selection of cookies for analysis/statistics or advertising at any time via the cookie settings.

Opt-in and opt-out

When you access this website for the first time, you can generally agree to the use of cookies, or you can give user-defined consent to the use of different cookies or refuse them.

If you agree to the use of cookies that require consent, we will save your declaration of consent so that you do not have to obtain it again the next time you visit the website. For storage periods, please refer to my cookie consent management. In addition to the declaration, your IP address, the browser you use and the model of the device you use may also be stored. You can revoke your consent declaration(s) at any time.

If cookies are used, cookies are stored in the device used and access to the stored cookies is based on the fact that they are either absolutely necessary for the provision of the website or with your consent on the basis of clear and comprehensive information. Consent to cookies requiring consent can be revoked at any time. Data processing is based on the European Union’s E-Privacy Directive 2002/58/EC. The implementation into national law in Germany takes place in Section 25 Paragraphs 1 and 2 TTDSG. In Austria, the implementation into national law takes place in Section 165 Paragraph 3 TKG 2021 AT.

If cookies are used, we hereby inform you that these cookies process data on your devices in accordance with Art. 45c lit. b FMG CH. The processing serves the purpose described above. You can refuse the processing of cookies that require consent at any time.

Data processed: IP address, declaration of consent, browser, device used
Data subjects: Users
Processing purposes: Guaranteeing contractual services/obligations, functioning online offering, effective and targeted advertising measures
Legal basis: Consent (Art. 6 Para. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 lit. f) GDPR), fulfillment of contractual obligations (Art. 6 Para. 1 lit. b) GDPR) / legitimate interests in a functioning online offering and effective and targeted advertising measures (Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)

Plugins and embedded functions

In my online platform I integrate functions and content from external providers, hereinafter referred to as “third-party providers”. These include, for example, graphics, videos or interactive maps, which are referred to as “content”.

In order to display this content or functions, the processing of the user’s IP address by the third party providers is necessary. The transmission of this content to the users’ browsers is not possible without using the IP address. I strive to only integrate content from providers who use the IP address exclusively to deliver the content. Third parties may also use “pixel tags” (invisible graphics or “web beacons”) for statistical or marketing purposes. These “pixel tags” can be used to evaluate information such as visitor traffic on my pages.

The pseudonymous information collected can be stored in cookies on the user’s device. These cookies contain technical information about the browser, operating system, referring websites, visiting times and other information about the use of my platform.

Processed data: communication and process data (e.g. IP addresses), usage data (e.g. access times), content data, contact data, inventory data (e.g. names, addresses), location data; Event data (e.g. via Facebook pixels, which I can transfer to Facebook; these are processed based on target group formation and do not contain any actual content, no contact information, no login information), the event data is stored by Facebook after a maximum storage period of 2 deleted years ago
Data subjects: Users
Processing purposes: ensuring contractual services/obligations, providing online presence, creating user profiles, collecting feedback, marketing measures
Legal basis: consent (Art. 6 para. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH), Consent (Art. 31 Para. 1 DSG new CH)

Webanalysis

Web analysis, a sub-area of digital analytics, includes various methods for collecting and analyzing data about companies’ online presences. This data is used by the website operator to optimize the customer experience. Test procedures can also be used to check different versions of the online offering.

For these purposes, I can create usage profiles that contain pseudonymized data about usage processes. The information is stored in the device or browser and accessed from there. The data collected includes, among other things, websites visited, functions used and technical details (e.g. the browser used). If users have consented to the collection of their location data by me or the service providers I use, this data may be collected.

User IP addresses are also stored, but I use a process called IP masking. This pseudonymizes the IP address to protect user identity. In general, I do not store any personal data (such as email addresses or names) during web analysis, A/B testing and optimization processes, but only pseudonymized data. Neither the providers nor I know the identity of the users.

Processed data: communication and procedural data (e.g. IP addresses), usage data (e.g. access times)
Data subjects: Users
Processing purposes: Generation of user profiles, reach measurement (e.g. determining the frequency of visits to a website)
Legal basis: consent (Art. 6 para. 1 lit. a GDPR) legitimate interest (Art. 6 para. 1 lit. f) GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH), Consent (Art. 31 Para. 1 DSG new CH)

Security measures: IP masking
Guarantees: Order data processing contract and, if data is transferred to third countries, the application of EU standard contractual clauses and, if necessary, additional certification of the hoster / provider according to the EU-US Data Privacy Framework DPF

Customer reviews and rating process

I participate in rating and review processes to evaluate, promote and improve my services. If users rate or give me feedback via the platforms or processes, the general terms and conditions or terms of use as well as the data protection guidelines of the respective providers apply. Normally, an account with the respective provider is required for the evaluation.

In order to ensure that the reviewers have actually used my services, I transmit the necessary data, such as the customer’s name, email address and order or item number, to the relevant platform with the customer’s consent. This information is used exclusively to verify the ratings; for further information, please refer to the information on the rating and review procedures I use in this data protection declaration.

Types of data processed: content data, inventory data (e.g. name, address), communication and procedural data (e.g. willingness to consent, IP addresses)
Persons affected: users, more specifically: customers
Processing purposes: Feedback for marketing purposes
Legal basis: consent (Art. 6 para. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH), Consent (Art. 31 Para. 1 DSG new CH)

Online marketing in general

I process personal data for online marketing purposes. These include the marketing of advertising space and the presentation of other advertising content based on potential customer interests as well as the measurement of the effectiveness of these advertising measures.

For this purpose, user profiles are created and stored in so-called “cookies” or similar files. These profiles contain information about online networks used, websites visited, the content viewed and also technical data of the devices used. User IP addresses are stored, but shortened through IP masking and thereby pseudonymized. I do not use plain data such as email addresses or names, but replace this data with pseudonyms. Neither the providers nor I have access to the identity of the users, only to the saved profile information.

The profile information is usually stored in cookies or similar processes. If other websites are visited that use the same online marketing process, the cookies can also be read, supplemented and processed there. Data may also be transmitted to the server of the provider of the online marketing process. An assignment of profiles to clear data may be possible in exceptional cases if it is an online marketing process of a social network, the user has an account there and the network connects this data with one another.

I typically only have access to aggregate information about the performance of my ads. As an exception, as part of conversion measurements, I analyze which of my online marketing processes led to certain actions, such as the conclusion of a contract.

For storage periods, please refer to the Cookies section of this data protection declaration.

Processed data: communication and procedural data (e.g. IP addresses), usage data (e.g. access times)
Data subjects: Users
Processing purposes: tracking (use of cookies), range measurement, conversion measurements, creation of user profiles, marketing measures
Legal basis: consent (Art. 6 para. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH), Consent (Art. 31 Para. 1 DSG new CH)

Security measures: IP masking
Options for objection: I refer to the data protection guidelines of the relevant providers as well as the stated options for objection (so-called “opt-out”). If there is no specific opt-out option, you have the option to deactivate cookies in your browser settings. However, this could limit certain functions of my online offering.

Social media presences

I have an online presence in social networks. In this context, I process the data of the respective users for information purposes and for communication with them. The data processing can take place in third countries, which may make it more difficult to enforce the rights of those affected. You can find details in the relevant section of this data protection declaration as well as the data protection declarations of the social networks used.

The data processing in the social network by the respective operator is primarily carried out to evaluate user data and to place advertising. Clusters can be formed from the information collected in order to show users ads tailored to their interests. In order to enable this user tracking, cookies (small text files) are stored on the users’ devices, which are used to assign and record the data. The data collection also takes place regardless of the device used after logging in to the respective social network.

Specific information on the forms of data processing in social networks and the respective objection options can be found in the individual data protection declarations of the companies and in my clauses. The assertion of the rights of those affected is also most effective directly with the operator. However, you can also contact me about this.

Processed data: communication and procedural data (e.g. IP addresses), content data, contact data (name, email address)
Data subjects: Users
Processing purposes: collecting feedback, communication, marketing measures
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH)
Advertising communication

I process your contact details for the purposes of advertising communication, provided you have given me your consent to do so. You can revoke this consent at any time. In this case, the data will be deleted and I will no longer contact you for advertising purposes.

Based on my legitimate interest, the data can be stored by me to prove that I have met legal requirements even after you revoke your consent. This storage serves exclusively to defend against possible claims. In this case, the data will be deleted as soon as it is no longer needed for this purpose. This is the case as soon as the applicable limitation periods have expired. As a rule, the data of data subjects from the EU are deleted after three years. For those affected from Switzerland, the data is usually deleted after one year. I would also like to refer you to Section 4 (storage period and deletion of personal data) of this data protection declaration.

The processing of this data serves exclusively to defend against possible claims. You can submit a deletion request at any time. In this case, I will delete the stored data prematurely, provided that you also confirm that you gave your consent for the advertising communication.

Processed data: contact details (e.g. email address), inventory data (e.g. name, address)
Affected persons: communication partners
Processing purposes: direct marketing
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH), consent (Art. 31 para. 1 DSG new CH)
Contact by telephone, fax, email and/or post

If you contact me by telephone, fax, email and/or post, the personal data you provide will be processed and stored by me in order to enable an evaluation of the communication. The data collected is limited to:

First and Last Name
Telephone number / email address / postal address
Content of the message or other voluntarily transmitted data

If you contact us via a contact form or my presence on social media, more extensive data collection may occur. The additional data collected includes:

IP address
Websites visited
Access time

The personal data I have collected in this context will not be passed on to third parties unless this is necessary for the proper processing of the matter based on legitimate interests. Personal data can then be transmitted to the affected customers, freelancers, cooperation partners and authorities. The legal basis for data processing is legitimate interests. If contact is made with the aim of concluding a contract, the legal basis for processing is.

Processed data: communication and procedural data (e.g. IP addresses), content data, contact data (e.g. email address)
Affected persons: communication partners
Processing purposes: collecting feedback, providing an optimal online presence, communication and contact inquiries
Legal basis: Contractual claims (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Art. 6 and 8 DSG new CH)

Guarantees: If data is transferred to third countries, EU standard contractual clauses apply and, if necessary, the provider must also be certified according to the EU-US Data Privacy Framework DPF.

When personal data from Switzerland is processed in the EU/ERW or the United Kingdom (UK), the Federal Council of Switzerland currently (last accessed in June 2023) guarantees appropriate data protection within the meaning of Art. 16 Para. 1 DSG new CH , so that data export of personal data from Switzerland is permitted to these countries.

With regard to my telephone numbers, I also refer to the data protection declaration of the telephone provider Swisscom (Schweiz) AG, Alte Tiefenaustrasse 6, CH-3050 Bern:
https://www.swisscom.ch/de/privatkunden/rechts/datenschutz.html

2.2 Special data processing / data processing on “https://subwelt.com/”

Bing Maps

This website uses the interactive (land) map service “Bing Maps” from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States (“Microsoft”). This serves to visually display geographical data and thus show you a location and make it easier to get there.

When you access the website or the subpage in which the map displayed by Bing Maps is integrated, information about the use of the website – in particular the IP address and browser information – is transmitted to a Microsoft server, also in the USA and recorded there. Data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

Microsoft Corporation is also committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA as well. Further information can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active (last accessed on August 13, 2023).

It is possible to prevent future transmission of data to Microsoft by completely deactivating the Bing Maps web service. To do this, the JavaScript application must be switched off in the user’s browser. This means that Bing Maps and the map display based on it cannot be used.

The data is processed in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest lies in the needs-based design of websites and, if necessary, market research.

The data transfer to the USA is based on the standard contractual clauses provided by the EU Commission, which are also recognized by the FDPIC and therefore meet the requirements of Art. 16 Para. 2 lit. d DSG new CH. The same applies to other countries in which, according to the DSV neu CH, adequate data protection is not guaranteed.

The necessary legitimate interest exists in the form of improving this website offering; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information on data protection by Microsoft, the terms of use and Bing Maps can be found at: https://www.microsoft.com/de-de/servicesagreement/, https://privacy.microsoft.com/de-de/privacystatement and https ://www.microsoft.com/en-us/maps/product/enduserterms.

Further information on standard contractual clauses can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual- clauses-international-transfers_de

Facebook pixels

This website uses the so-called “Facebook Pixel” service from Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). In Europe, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible. This makes it possible to show users of the website individualized, interest-based advertisements, so-called Facebook Ads, when they visit the social network Facebook or other websites that use this process. For this purpose, your browser automatically establishes a connection with the Facebook servers, whereby Facebook becomes aware of the visit to the website or the clicking of an ad. Data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

Meta Platforms Inc. (formerly Facebook) is also committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA as well. Further information can be found at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active (last accessed on August 13, 2023).

It is possible that Facebook records and stores the IP address and possibly other identifying features. Details can be found in Facebook’s privacy policy.

Data processing is carried out in accordance with Article 6 Paragraph 1 Letter a) GDPR based on consent that can be freely revoked at any time. The use occurs in accordance with Art. 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest consists in effective and targeted advertising measures.

The necessary legitimate interest consists in effective advertising measures including social media; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information on data protection by Facebook and data collection can be found at: http://www.facebook.com/policy.php and https://www.facebook.com/help/186325668085084.

Google Analytics

This website uses the web analysis service Google Analytics from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in Europe.

I use Google Analytics to analyze website usage. For this purpose, cookies are used to collect user data such as your IP address. Further information on the use of cookies can be found in my cookie consent management. Data processing by Google also takes place on servers in the USA.

Google is committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA too. Further information can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active (last accessed on August 13, 2023).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. The information collected is used by Google to evaluate website usage, to create related reports and to provide other services related to website usage and internet usage to the website operator. According to the settings of Google Analytics, the data is generally deleted within 14 months of its creation.

The use occurs in accordance with Art. 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest consists in effective and targeted advertising measures. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the legal basis is this consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 lit. a) GDPR.

If personal data is transferred to third countries worldwide, outside the EU/EEA, then only with prior consent, contractual (AV contract) or legal obligation and in compliance with the EU Commission’s standard data protection clauses.

It is used with a legitimate interest in effective and targeted advertising measures; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA and Ireland is also in accordance with Art. 17 Para. 1 lit. a DSG new CH Art. 31 Para. 1 DSG in conjunction with the DSV new CH legal.

For (server) locations to which your data is exported, please refer to the service provider’s current data protection declaration, or see https://www.google.com/intl/de/about/datacenters/locations/. If the service provider does not provide a complete list of third countries to which data is exported, please contact the provider. I recommend that you inquire about the locations directly from the service provider, e.g. by email.

The setting of cookies for Google Analytics can be prevented by setting the browser so that it rejects all cookies, which may impair the ability to use this website. Google can continue to collect data by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de. be restricted or prevented.

Further information about Google’s data protection and terms of use can be found at: https://policies.google.com/privacy?hl=de, https://support.google.com/analytics/answer/7667196?hl=de and https: //www.google.de/intl/de/policies/terms/regional.html.

Google Ads (AdWords)

This website uses the advertising service Google Ads (formerly Google AdWords), i.e. the “Google AdWords Conversion Tracking” function of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in Europe. The service makes it possible to place targeted, interest-based advertisements. For this purpose, Google uses cookies to record user data such as your IP address, websites visited and the time of access. Further information can be found in my cookie consent management. Data processing by Google takes place on servers in the USA; data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

Google is also committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA too. Further information can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active (last accessed on August 13, 2023).

The setting of analytics cookies can be prevented by setting the browser so that it rejects all cookies, which may affect the ability to use this website.

The use of this service is based on your consent in accordance with Art. 6 lit. a) GDPR. Consent can be revoked at any time. The use occurs in accordance with Art. 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest consists in effective and targeted advertising measures.

It is used with a legitimate interest in effective and targeted advertising measures; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the scope of protection of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art.

Further information on data protection by Google and the use of conversion data as well as the terms of use can be found at: https://support.google.com/adwords/answer/93148?ctx=tltp, http://www.google.de/ policies/privacy/, https://policies.google.com/privacy?hl=de and https://www.google.de/intl/de/policies/terms/regional.html.

Google Fonts

This website uses Google Fonts (formerly Google Web Fonts) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in Europe. This is an interactive directory of over 800 fonts that Google provides for free use and that are already automatically optimized for the web. This makes it possible to use fonts on this website without having to upload them to your own server.

When you access this website, the data required to use the fonts, such as your IP address, the requested URL, the browser type you use and the operating system, are transmitted to a Google server. The data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

Google is also committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA too. Further information can be found at ttps://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active (last accessed on August 13, 2023).

The data is processed in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest lies in the most uniform and visually appealing presentation of the service. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the legal basis is this consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 lit. a) GDPR.

It is used with a legitimate interest in effective and targeted advertising measures; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information about data protection by Google and the terms of use can be found at: http://www.google.de/policies/privacy/ and https://www.google.de/intl/de/policies/terms/regional.html.

Google Maps

This website uses the interactive (land) map service Google Maps from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in Europe. The purpose of the use is to visually display geographical data and thus show you the location and make it easier to get there.

When you access the website or the subpage in which the map displayed by Google Maps is integrated, user data such as your IP address, browser information and location data are transmitted to a Google server. Data processing by Google can also take place in the USA; the associated data transfer is based on the standard contractual clauses provided by the EU Commission. It is possible to prevent future transmission by completely deactivating the Google Maps web service. To do this, the JavaScript application must be switched off in the user’s browser. This means that Google Maps and the map display based on it cannot be used.

The data is processed in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest lies in the needs-based design of Google websites and, if necessary, market research. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the legal basis is this consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 lit. a) GDPR.

The necessary legitimate interest lies in the needs-based design of Google websites and, if necessary, market research; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information about Google’s data protection, the terms of use and Google Maps can be found at: https://www.google.de/intl/de/policies/privacy/, https://www.google.de/intl/de/policies /terms/regional.html and https://www.google.com/intl/de_US/help/terms_maps.html.

Google reCaptcha

This website uses the Google reCaptcha service from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible in Europe. ReCaptcha can be used to check whether data entries made on the website, for example when filling out a contact form, were actually made by a human and not by an automated program. For this purpose, the behavior of the website user is analyzed using various features of reCaptcha and the information found, in particular IP address and length of stay, is examined. This process begins automatically when the user enters the website. The data collected during the analysis is transmitted to a Google server in the USA. Data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

The data is processed in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest is to protect the website from abusive automated use or spying and spam.

The necessary legitimate interest is to protect the website from abusive automated use or spying and spam; the principles in accordance with Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information about Google’s data protection as well as reCaptcha and the terms of use can be found at: https://www.google.com/intl/de/policies/privacy/, https://www.google.com/intl/de/policies/ privacy/ and https://www.google.de/intl/de/policies/terms/regional.html.

Instagram

External content from Instagram, Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA-94025, USA is embedded on this website. Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible in Europe. In this case, visiting this website causes your browser to connect to Instagram’s servers, which tells Meta which pages you visit. Instagram uses the available data to provide products, personalize content (e.g. in the Instagram feed) and make suggestions to the user outside of the platform.

This includes, among other things, images, videos or buttons with which website users can share content with Instagram. There is a shared responsibility with Meta Platforms Ireland Ltd. to display content and advertising that serves users’ interests, to deliver transactional and commercial notifications, and to optimize ad delivery and personalize content and features

Facebook declares itself responsible for fulfilling the rights of those affected. For this purpose, a corresponding agreement has been concluded with Facebook in accordance with the requirements: https://www.facebook.com/legal/controller_addendum

Meta is committed to complying with the EU-US Data Privacy Framework (DPF), which ensures GDPR-compliant data processing in the USA as well. For more information, see: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

The data is processed in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest lies in the needs-based design of the Facebook services. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the legal basis is this consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 lit. a) GDPR.

Further information on data protection by Instagram, data collection and special requirements from Facebook can be found at: https://privacycenter.instagram.com, https://www.facebook.com/legal/terms/dataprocessing, https://www .facebook.com/legal/terms/data_security_terms and https://www.facebook.com/legal/EU_data_transfer_addendum

YouTube videos

YouTube videos may be embedded on this website (so-called plug-ins) – i.e. videos uploaded to the YouTube video portal of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”). Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland is responsible for the European area. This enables interesting video material to be displayed directly on this website. In this case, visiting this website causes your browser to establish a connection to YouTube’s servers. YouTube thereby becomes aware that you have visited my website. Data transfer to the USA is based on the standard contractual clauses provided by the EU Commission.

Starting a YouTube video causes YouTube to use cookies to collect information about user behavior. This can be prevented by setting your browser to reject all cookies, which may affect your ability to use this website. Further information on the use of cookies can be found in the cookie consent management.

The processing and storage of data through integrated video elements is carried out in accordance with Article 6 Paragraph 1 Letter f) GDPR. The necessary legitimate interest lies in fast and effective communication with users and an attractive design of the website. If a corresponding consent has been requested, the legal basis is this consent, which can be revoked at any time, in accordance with Article 6 Paragraph 1 Letter a) GDPR.

The necessary legitimate interest consists in quick and effective communication with users as well as an attractive design of the website; the principles according to Articles 6 and 8 DSG new CH are adhered to. If you give your consent and fall under the protection scope of the DSG new CH, the disclosure of the data to the USA is also legal in accordance with Art. 17 Para. 1 lit. a DSG new CH Art .

Further information on data protection at “YouTube” can be found at: https://www.google.de/intl/de/policies/privacy/.

Rights of those affected
Rights to which you are entitled as a data subject according to the GDPR

As a data subject, you have the following rights according to the GDPR:

Right to information about data processing and rights of those affected

You have the right to receive confirmation from me as to whether we are processing personal data relating to you. If this is the case, you continue to have the following rights. You have the right to receive information from me about your rights according to Art. 13-22, 34 GDPR.

Right to revoke consent given

You have the right to revoke your consent to the processing of personal data at any time with future effect from the person responsible (Art. 7 Para. 3, Art. 8 GDPR), without incurring any disadvantages to you. I may then no longer process the data originally covered by the consent. The lawfulness of the processing carried out based on consent until its revocation remains unaffected.

Right to information

In accordance with Art. 15 GDPR, you have the right to request information about the personal data I have stored about you. You are entitled to the following information:

Processing purposes
Categories of personal data processed
Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations. For third countries and international organizations, you also have the right to be informed about the appropriate guarantees in accordance with Art. 46 GDPR.
if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period
Existence of a right to rectification or deletion of personal data concerning you or to restriction of processing by the controller or a right to object to this processing
Existence of a right to lodge a complaint with a supervisory authority
if the personal data is not collected from you, all available information about the origin of the data
the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for you
Right to correction or completion

In accordance with Art. 16 GDPR, you have the right to request that I correct incorrect personal data concerning you and complete incomplete personal data. We are obliged to comply immediately.

Right to deletion (to be forgotten) or destruction

According to Art. 17 GDPR, you have the right to request the immediate deletion of the relevant personal data.

I am obliged to delete personal data if one of the reasons listed in Article 17 Paragraph 1 applies. This does not apply to personal data that is subject to a statutory retention and security period, which I must observe, and to the following exceptions regulated in Art. 17 Para. 3 GDPR:

to exercise the right to freedom of expression and information
to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the field of public health in accordance with Article 9 paragraph 2 letters h and i and Article 9 paragraph 3
for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1, to the extent that the law referred to in paragraph 1 is likely to make impossible or seriously impair the achievement of the objectives of this processing
to assert, exercise or defend legal claims
Right to restriction of processing

You have the right to request that I restrict processing if one of the requirements of Article 18 (1) GDPR is met.

Right to notice

You have the right to request information from me as to which recipients have been informed that personal data concerning you has been deleted, corrected or restricted.

Right to data release or transfer

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to me in a structured, common and machine-readable format and the right to transmit this data to another person responsible without hindrance on my part.

Right to object

In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of personal data concerning you based on legitimate interests (Art. 6 Para. 1 lit. f of the GDPR) for reasons arising from your particular situation to insert. I may then no longer process the personal data unless I can demonstrate compelling reasons that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain to a supervisory authority

According to Art. 77 GDPR, you have the right to complain to a supervisory authority. The responsible supervisory authority is the state commissioner for data protection and freedom of information in the federal state in which my company is based. You can find a list of data protection authorities at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschrifttable.html

Rights to which you are entitled as a data subject according to the new DSG CH

As a data subject, you are entitled to the following rights according to the DSG new CH:

Right to information about data processing and rights of those affected

In accordance with Art. 25 Para. 1 DSG new CH, you have the right to receive confirmation from me as to whether I am processing personal data concerning you.

Right to information

According to Art. 25 DSG new CH, you are entitled to the following information if you are based or reside in Switzerland:

Identity and contact details of the person responsible
processed personal data
Processing purpose
Retention period of personal data or criteria for determining the duration
Information about the origin of the personal data, unless obtained from the data subject
Existence of an automated individual decision, as well as the logic on which the decision is based
If applicable, the recipients to whom personal data is disclosed, as well as the information pursuant to Article 19 paragraph 4
Right to correction or completion

In accordance with Art. 32 Para. 4 DSG new CH, you have the right to request that I correct incorrect personal data concerning you and complete incomplete personal data. I am obliged to comply immediately.

Right to deletion (to be forgotten) or destruction

In accordance with Art. 32 Para. 2 lit. c) DSG new CH, you have the right to request the immediate deletion of the relevant personal data. Furthermore, in accordance with Art. 32 Para. 2 lit. c) DSG new CH, there is the right to destroy personal data.

Right to notice

In accordance with Art. 32 Para. 4 DSG new CH, you have the right to request information from me as to which recipients have been informed that personal data concerning you has been deleted, corrected or restricted.

Right to data release or transfer

In accordance with Art. 28 DSG new CH, you have the right to receive the personal data concerning you that you have provided to me in a structured, common and machine-readable format and the right to transmit this data to another person responsible without hindrance on my part.

Right to object

In accordance with Art. 30 Para. 2 lit. b) DSG new CH, you have the right to object at any time to the processing of personal data concerning you, which is based on legitimate interests, for reasons arising from your particular situation. I may then no longer process the personal data unless I can demonstrate compelling reasons that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain

You have the right to enforce your data protection claims through legal action or to lodge a complaint with a responsible data protection supervisory authority. The responsible Swiss data protection supervisory authority for private parties and federal bodies is the Federal Data Protection and Information Commissioner (FDPIC).

Storage period and deletion of personal data

Unless expressly stated in this privacy policy, I will delete your processed personal data when the reason for processing no longer applies. In all cases, statutory retention and storage periods remain unaffected (e.g. in Germany § 14b UStG, § 257 Para. 1 No. 2 and 3 HGB, § 147 AO or in Austria § 1478 ff. ABGB) (e.g. in Switzerland Art. 60 OR) In these and other cases, the storage period and deletion take place in accordance with the legal requirements.

Changes to this privacy policy

I reserve the right to adapt and change this data protection declaration so that it corresponds to the current legal requirements and my services. The new data protection declaration will then apply from your next visit to my website.

Principle of data economy and SSL encryption

Your personal data will only be processed if this is necessary to be able to provide you with a functioning website on which all of my content and services are presented in a technically correct manner. Other processing operations regularly only take place based on your consent in accordance with Art. 6 Para. 1 lit. a) GDPR / Art. 31 Para. 1 DSG new CH, unless data processing is permitted by other legal regulations.

For security reasons and to protect the transmission of personal data, I use SSL encryption.

I also take appropriate technical and organizational measures (TOMs) to ensure an appropriate level of protection. The state of the art, implementation costs, type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risks associated with the processing for the rights and freedoms of natural persons are taken into account.

Third party data

If, in addition to your personal data, you have also provided me with data from other people, please inform these people about the processing of their personal data using this data protection declaration.

Personal data transfers and third country transfers

I sometimes work with third parties to process personal data, for example with service companies in the context of embedded content such as videos or in statistical analyses. Personal data may be passed on. These third parties are in a contract processing relationship or as joint controllers alongside me. In any case, I will make appropriate agreements to ensure that the legally required protection of your personal data, which I guarantee, is fully complied with. These agreements include, in particular, contracts (order processing agreements, standard contractual clauses, etc.).

Some of my contractual partners are located in third countries, so data transfer can also occur abroad.

If I process personal data in third countries outside the EU or EEA, the lawful processing will be ensured by one or more of the following methods:

Transfer to a third country with a recognized level of data protection (Art. 45 GDPR): The EU Commission may determine whether a third country has a data protection concept that meets the requirements of the GDPR, which means that a transfer to such a third country can take place in compliance with the GDPR. You can read details about this at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_de (last accessed on August 12, 2023). The EU Commission’s current list of adequate countries is at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de (last accessed on August 12, 2023) visible.
Transfer subject to appropriate guarantees (Art. 46 GDPR): These guarantees include, among other things, a commitment to the EU-US Data Privacy Framework (DPF), which came into force on July 10, 2023, and the EU Commission’s Standard Contractual Clauses (SCCs). A list of companies that are committed to complying with the DPF is maintained at https://www.dataprivacyframework.gov (last accessed on August 13, 2023). The EU Commission’s SCCs can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en (last accessed on August 13th). 2023).
Existence of a condition (Art. 49 GDPR): For example, the existence of your express consent, the need to fulfill a contract or a legal obligation.
Further principles from Art. 44-49 GDPR: The list listed here serves for traceability and transparency and is not exhaustive. The detailed basis for a lawful transfer to a third country is set out below in this data protection declaration.

The Federal Council has published a list of countries with an appropriate level of data protection for the disclosure of personal data to third countries outside of Switzerland. This can be viewed at https://www.fedlex.admin.ch/eli/cc/2022/568/de#annex_1/lvl_u1 (last accessed on August 13, 2023). If I disclose personal data to a third country without an adequate level of data protection, then only in compliance with the guarantees in accordance with Art. 16 DSG new CH, in particular the use of standard data protection clauses recognized by the FDPIC. You can read further information about this from the FDPIC itself here: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/arbeit_wirtschaft/datenuebsuche_ausland.html (last accessed on August 13, 2023)

Alternatively, disclosure can take place in third countries with your express consent, to process a contract or, for example, to protect overriding public interest (Art. 17 DSG new CH). The individual measures I have taken to ensure disclosure in third countries in accordance with the rules of the DSG new CH can be found in the individual sections below.

Contact option for data protection questions

If you have any questions or comments about this data protection declaration, please contact me using the contact form.

This data protection declaration was generated with www.DatenBuddy.de and the customer terms and conditions of u-create.it UG (limited liability) apply. The generator was created in collaboration with AID24 Law Firm – Attorney Christoph Scholze and AV-Vertrag.org.