Datenschutz

1. Legal Basis for the Processing

Below you will find an overview of the legal basis under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

Consent (Article 6 (1) (a) GDPR): The data subject has given consent to the processing of his or her personal data for one or more specific purposes. Performance of a contract and prior requests (Article 6 (1) (b) GDPR): Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Compliance with a legal obligation (Article 6 (1) (c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject. Legitimate Interests (Article 6 (1) (f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Switzerland. This includes, in particular, the Federal Data Protection Act (DSG). The DSG applies in particular if no EU or EEC citizens are affected and, for example, only Swiss citizens' data are processed.

2. Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing, and separation of the data. In addition, we have established procedures to ensure that data subjects' rights are respected, that data is erased, and that we are prepared to respond rapidly to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and service providers, in accordance with the principles of privacy by design and privacy by default.

Masking of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a full stop are removed or replaced by wildcards. The masking of the IP address is intended to prevent the identification of a person by means of their IP address or to make such identification significantly more difficult.

TLS encryption (https): To protect your data transmitted via our online services, we use TLS encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser

Transmission of Personal DataIn the context of our processing of personal data, it may happen that the data is transferred to other places, companies, or individuals, or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such cases, the legal requirements will be respected, and in particular, corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data Transmission within the Group of Companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

Data Transfer within the Organisation: We may transfer or otherwise provide access to personal information to other locations within our organisation. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of those concerned or otherwise legal permission is present.