For individual and additional offers and services, additional, special and supplementary privacy policies as well as legal documents such as General Terms & Conditions, Conditions of Use or Users Agreements may be applicable.
Our online services shall be subject to the Swiss data protection legislation as well as to any applicable foreign data protection legislation, in particular the one of the European Union (EU) including the General Data Protection Regulation (GDPR). The EU acknowledges that the Swiss data protection legislation guarantees an adequate level of data protection.
1. Contact Addresses
1.1 Responsibility for the Online Services
c/o Dr. Mohy Taha
Neue Aarauerstrasse 35
1.2 Data Protection Representation in the European Economic Area (EEA)
We have the following data protection representation in the European Economic Area (EEA) including the European Union (EU), Iceland, Norway and the Principality of Liechtenstein pursuant to Art. 27 GDPR as an additional point of contact for supervisory authorities and data subjects for enquiries relating to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
2. Processing of Personal Data
Personal data shall include any information that relates to an identified or identifiable person. A data subject shall be any person whose personal data is processed. Processing shall comprise any handling of personal data, irrespective of the means and procedures applied, in particular any collection, destruction, disclosure, erasure, modification, retention, storage, and utilization of personal data.
2.2 Lawfulness of Processing
We process personal data in accordance with the Swiss data protection legislation, in particular in accordance with the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection.
We process personal data in accordance with at least one of the following legal bases, insofar and inasmuch as the General Data Protection Regulation (GDPR) is applicable:
- Art. 6 (1) point (b) GDPR for the required processing of personal data for the performance of a contract to which the data subject is party as well as in order to take steps prior to entering into a contract.
- Art. 6 (1) point (f) GDPR for the required processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the data subject. Legitimate interests are in particular our interest in providing and advertising our online services in a permanent, user-friendly, safe and reliable manner, information security as well as any protection against misuse and unauthorized use, the enforcement of own legal claims and compliance with the Swiss legislation.
- Art. 6 (1) point (c) GDPR for the required processing of personal data for compliance with a legal obligation to which we are subject according to any applicable legislation of the EU or according to any applicable legislation of any country in which the GDPR is applicable either in whole or in part.
- Art. 6 (1) point (a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 (1) point (e) GDPR for the required processing of personal data for the performance of a task carried out in the public interest.
- Art. 6 (1) point (d) GDPR for the required processing of personal data in order to protect the vital interests of the data subject or of another person.
2.3 Type, Scope and Purpose
We shall process any personal data that is required to enable us to provide our online services in a permanent, user-friendly, safe and reliable manner. Such personal data can fall into the categories of contact data, content data, meta data and usage data as well as contract data, master data and payment data.
We shall process personal data for any duration that is required for the respective purpose or the respective purposes, or required by law. Personal data, the processing of which is no longer required, shall be anonymized or erased.
In principle, we shall process personal data only after the consent of the data subject has been given, unless processing is permissible for any other legal reasons, for example for the performance of a contract to which the data subject is party and for corresponding measures prior to entering into a contract to safeguard our prevailing legitimate interests, since such processing is apparent from the circumstances or after prior information.
In this context, in particular, we process data which the data subject has communicated to us in making contact – for example via letter post, email, contact form, subscription form, social media or telephone – voluntarily and on her own. We may store such information for example in an address book, customer relationship management system (CRM system), a user database or using comparable aids. If you transmit personal data from third parties to us, you are obligated to guarantee the data protection for such third parties as well as to ensure the accuracy of such personal data.
We also process personal data which we receive from third parties, collect while providing our online services or procure from publicly accessible sources, insofar and inasmuch as such processing is legally permissible.
3. Processing of Personal Data by Third Parties
We can have personal data processed by third parties such as, in particular, contract processors, or process personal data together with third parties as well as with the aid of third parties, or transmit personal data to third parties. Such third parties are in particular suppliers and other service providers.
Such third parties are generally located in Switzerland or in the European Economic Area (EEA). However, such third parties and companies can also be located in other countries in the world and elsewhere in the universe, provided their data protection regulations guarantee adequate data protection according to the evaluation of the Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – according to the evaluation of the European Commission, or if for other reasons, such as through a corresponding contractual agreement, particularly based on standard contract clauses, or a corresponding certification, adequate data protection is guaranteed. For third parties in the United States of America (USA), the certification in accordance with the Privacy Shield can guarantee an adequate level of data protection. As an exception, such a third party or such a company can be located in a country without adequate data protection, provided the data protection requirements such as, for example, the express consent of the data subject, are fulfilled.
4. Rights of Data Subjects
Any data subjects whose personal data is processed by us shall have the rights according to the Swiss data protection legislation. This shall include the right to information as well as the right to block, correct or erase the personal data processed.
Any data subjects whose personal data is processed by us, if and to the extent that the General Data Protection (GDPR) is applicable, may request a confirmation free of charge as to whether we process their personal data and, if yes, information about the processing of their personal data, may have the processing of their personal data restricted, may exercise their right to data portability and may have their personal data blocked, completed, corrected or erased (“right to be forgotten”).
Any data subjects whose personal data is processed by us, if and to the extent that the GDPR is applicable, may revoke at any time any consents given and may raise an objection against any processing of their personal data at any time effective for the future.
Any data subjects whose personal data is processed by us shall have the right to file a complaint with any supervisory authority in charge. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
5. Data Security
We shall take reasonable and adequate technical and organizational measures to ensure data protection and data security. In any case, the processing of personal data on the internet can always have security vulnerabilities in spite of such measures. Therefore, we cannot ensure absolute data security.
Any access to our online services are secured using transport encryption (SSL / TLS with HTTPS).
6. Use of the Website
When you visit our website, cookies may be temporarily stored in your browser as so-called “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically erased when you close your browser. Permanent cookies in particular enable us to recognize your browser when you visit our website again, and thus allow us to measure the reach of our website, for example. However, permanent cookies can also be used for online marketing purposes.
With cookies which are used for analytics and marketing, you can make a general objection to these for numerous services (“opt-out”) via Networking Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) and / or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
6.2 Log Files
We may record the following details for each access to our website, provided these can be transmitted from your browser to our server infrastructure or transmitted from our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sites accessed and the amount of data transferred, last website accessed (referer / referrer).
We store such details which may also represent personal data, in log files. The data is required to enable us to provide our online services permanently, safely and reliably and in a user-friendly manner in order to ensure data security and thus, in particular, the protection of personal data, also by third parties or with the help of third parties.
6.3 Tracking Pixels
We use tracking pixels on our website. Tracking pixels – also from third parties whose services we use – are small pictures that get loaded when you visit our website. Tracking pixels allow for the collection of the same data as transmitted by your browser to our server infrastructure. Tracking pixels are required to allow us to provide our offer including our website in an effective and user-friendly manner as well as permanently, safely and reliably, in especially by analyzing the use with regard to bug fixing and improvements.
7. Notifications and Newsletters
We may send notifications and newsletters by e-mail and via other communication channels. If and to the extent that such dispatch is not required for the performance of a contract to which the data subject is party or to safeguard our prevailing legitimate interests, you must give your express consent to the use of your e-mail address and your other contact addresses to ensure that no misuse by unauthorized third parties will be possible («double opt-in»). We may have notifications and newsletters sent by third parties or with the help of third parties.
Notifications and newsletters may contain tracking pixels or web links gathering information as to whether an individual notification or an individual newsletter had been opened and what web links had been clicked on in this case. Such tracking pixels and web links gather the use of notifications and newsletters. We need such statistic gathering of any use including performance and reach measurement in order to offer notifications and newsletters based on the reading habits of the recipients in an effective and user-friendly manner as well as permanently, safely and reliably.
You may unsubscribe from notifications and newsletters and thus, in particular, object to the aforementioned gathering of any use at any time.
8. Third-Party Services
For their own safety-related, statistic and technical purposes, services from third parties can also process data in connection with our online services as well as from other sources – among other things with cookies, log files and tracking pixels – in anonymized, aggregated or pseudonymized form. Such data shall not be used to reach data subjects in connection with our online services.
8.3 Social PluginsWe use Social Plugins for the embedding of content and functions from social media platforms such as Facebook, Instagram, LinkedIn, Twitter and XING. By default, no personal data is transmitted to such social media platforms unless you actively use a social plugin by clicking or tapping or if you follow the link to a social media platform. Information regarding type, scope and purpose of data processing in connection with social plugins can be found in the respective privacy policies: Facebook, Instagram, LinkedIn, Twitter, XING.
9. Final Provisions