We process personal data in accordance with the DSG and the DSGVO. The definitions set out in more detail below to clarify terminology refer to the definitions of the DPA on the one hand and the GDPR on the other.

"Personal data" is therefore any information relating to an identified or identifiable person. 

A "data subject" is a natural or legal person about whom personal data is processed. 

"Processing" includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

If the FADP applies, we process personal data in accordance with at least one of the justification grounds of Art. 13 FADP.

If the GDPR applies, we process personal data according to at least one of the following legal grounds:

• Art. 6 para. 1 lit. a DSGVO (processing of personal data with the consent of the data subject).
• Art. 6 para. 1 lit. b DSGVO (according to necessary processing of personal data for the fulfillment of a contract with the person concerned as well as for the implementation of pre-contractual measures)
• Art. 6 para. 1 lit. c DSGVO (processing of personal data for the fulfillment of a legal obligation to which we are subject because either EU law or legal provisions of a country in which the DSGVO applies in whole or in part are applicable)
• Art. 6 para. 1 lit. d DSGVO (processing of personal data for the purpose of protecting the vital interests of the data subject or another natural person)
• Art. 6 para. 1 lit. f DSGVO (processing of personal data for the purpose of safeguarding the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject override these)
  

The duration of the processing of personal data is determined by the purpose for which the personal data is required in the individual case. In the case of analyses, we store your data until the analysis is completed. If legal or other obligations require a longer retention period, we will adjust the processing and retention period in accordance with these regulations.

We may disclose and share your personal data with other companies affiliated with Careum Foundation (in particular all companies also appearing on this website according to the imprint). We may also disclose your personal data to third parties acting for us or on our behalf for the purpose of processing the data in accordance with the purpose for which the data was originally collected or for other legally permissible purposes, such as the provision of services, the performance of services owed under a contract or technical support.

Visitors to our website or persons about whom we process personal data for other reasons are entitled to all "data subject rights" in accordance with Art. 12 - 23 GDPR, insofar as the GDPR applies. In particular, you can request information free of charge about whether personal data about you is processed by us. If so, you can request information about the nature, scope and other nature of our processing of your personal data. In addition, you can have the processing of your personal data restricted. If the GDPR applies, you can exercise your right to data portability, correct or delete your personal data (Art. 17 GDPR: "right to be forgotten") or have it blocked, revoke consent given earlier to process your personal data or object to the processing of your personal data altogether. 

Overview of your rights as a data subject:

• Right to information (Art. 15 DSGVO, Art. 8 ff. DSG),
• Right to rectification (Art. 5 DSG) or right to correction or deletion (Art. 17 DSGVO).
• Right to restriction of processing (Art. 18 DSGVO)
• Right to block disclosure (Art. 20 DSG)
• Right to data portability (Art. 20 DSGVO)
• Right to object to processing (Art. 21 DSGVO)

‍

The exercise of your personal rights requires that you prove your identity beyond doubt by official documents. If any costs arise for you from the exercise of your rights, we will inform you in advance. If the exercise of your rights above conflicts with contractually agreed rights and obligations between you and us, this may result in consequences such as early termination of the contract, cost consequences or other consequences, about which we will inform you in the given case. 

Any data subject about whom we process personal data has the right to lodge a complaint with the competent data protection authority (in Switzerland, the Federal Data Protection and Information Commissioner, FDPIC, www.edoeb.admin.ch) and the right to enforce their claims in court.

5.1 Server log files

When you visit our website, the provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The processing of this data is based on Art. 13 para. 1 DSG or Art. 6 para. 1 lit. f DSGVO. This typically involves the following data:

• browser type (incl. language and version)
• Operating system used
• Referrer URL (website from which the request originated)
• Host name of the accessing computer
• IP address
• Time zone difference to GMT time zone
• Content of the request
• Access status/http status code
• Amount of data transferred
• Date and time of server request

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. These data are processed in particular for the following purposes:

• to ensure that the connection to the website is established without any problems;
• to ensure the smooth use of our website;
• for the purpose of evaluating system security and stability;
• for other administrative purposes.

We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

5.2 Data security

We take appropriate technical and organizational security measures to protect your personal data stored by us against accidental, unlawful or unauthorized destruction, loss or alteration, access, disclosure or use. 

These security measures are reviewed regularly and adapted and improved in line with technological progress. These security measures include, among others, the use of recognized encryption methods (SSL or TLS).

If you register with us as a user, access to your user account is only possible after entering your personal password. You should always treat login and payment information confidentially and close the browser window and delete the history when you have finished communicating with us. 

Our employees and the service companies commissioned by us are in each case obliged by us to maintain confidentiality and to comply with the provisions of data protection law. 

We assume no liability for the loss of data or their knowledge and use by third parties. 

The application is hosted on servers from netlify of Netlify, Inc, a US provider with server locations worldwide (CDN) (https://www.netlify.com/legal/terms-of-use/).

As content management system (CMS) and for databases we use Prismic from Prismic.io Inc, a provider from France with server locations worldwide(https://prismic.io/legal/terms-of-service). 

The hosting of large amounts of data such as video data is done on servers from Google Cloud Platform and Google Cloud Storage from Google, a US provider with server locations worldwide (CDN) (https://cloud.google.com/terms).

The hosting of the legal content is carried out by means of CMS and on servers of Webflow of Webflow, Inc. a US SaaS provider with server locations worldwide (https://webflow.com/legal/terms).

For the purpose of proper functioning of our website, we use various technologies (e.g. libraries, fonts). These are font libraries from AdobeFonts (typekit) and Google Fonts (see below).

To our knowledge, no other data is transferred to third parties with regard to these technologies. 

We currently do not use the JavaScript library JQuery, nor search functions, nor sharing mechanisms..

7.1 General

This website uses cookies. Cookies are small text files that allow specific information related to you to be stored on your terminal device while you are using our website. Among other things, cookies help to make your visit to our website easier and more enjoyable, to improve our services, and to make them more effective and secure. By means of cookies, we also collect information in order to offer you advertising that may be of interest to you.

When you visit our website for the first time or if new cookies need to be created due to deleted cookies, you will be informed on our cookie banner about the choices of the different cookie categories and you can choose which type of cookies should be collected:

• Functional cookies store your preferences.
  These cookies are necessary for the website to function and cannot be turned off in our systems.  
• Performance cookies show us how you use this website.
  These cookies allow us to measure visits and traffic to measure and improve the performance of our website. They help us understand which pages are viewed often and for longer periods of time, and what content our visitors prioritize on the website. All information generated by these cookies is, to our knowledge, aggregated and therefore anonymous. 
• Targeting cookies help us share content that is relevant to you.
  These cookies may be set by our (advertising) partners through our website. They can be used by these companies to profile your interests and inform you about our offers via relevant ads on other websites. They also do not store any direct personal information, but are based on the unique identification of your browser and internet device. However, identification may take place if you are logged into certain services and your user data can be linked by the third-party provider. If you do not allow these cookies, you will receive less targeted advertising.

Cookies are automatically deleted when the information is no longer needed. You can choose whether or not to allow certain types of cookies. Systemically, the functional cookies cannot be turned off.

7.2 Types of cookies

We use transient and persistent cookies. 

Transient cookies are automatically deleted as soon as you close your browser. Session cookies in particular belong to this type of cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. In this way, your computer can be recognized when you return to our website. Session cookies are rarely used and are deleted when you log out or close the browser. 

Persistent cookies, on the other hand, are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

7.3 Use and analysis

Cookies enable us to carry out certain analyses of our website, in particular to determine the frequency of use or the number of users of the pages or to analyze behavioral patterns of page use. 

Cookies are used in particular to make our website, content and offers more customer-friendly. For example, cookies may be necessary to use shopping carts or payment functions. With the use of cookies, options you have chosen or decisions you have made can also be used as settings to make your visit to our website more convenient. We may also use cookies to identify you for subsequent visits if you have an account with us. 

Cookies generally remain stored beyond the end of a browser session and can be retrieved when you visit the site again. If you do not wish this, you can set the Internet browser you are using to refuse to accept cookies. However, this may result in you not being able to use all the functions of this website.

As mentioned at the beginning, we generally process personal data according to the necessity principle.

Choice of providers, server locations

As a matter of principle, we try to choose services from providers based in Switzerland or the EU. We also choose server locations in Switzerland or in EU countries, if possible when concluding contracts with these third parties. Where this is not possible, we use alternative providers outside Europe. We may consequently transfer your data to those countries where the headquarters of the service providers we use are located, including the USA. 

Particularly in the case of globally active service providers, server locations are nowadays often no longer limited to individual locations, but are often made available as part of a content delivery network or content distribution network ("CDN") via a group of geographically distributed and interconnected servers.

Consent to Third Party Services

Depending on the setting of your cookie preferences or explicit, active opt-in (in some cases also double opt-in), you declare your consent regarding the use of the third-party services listed below in accordance with the collection and processing of information and personal data described for the respective service. 

You can find out more about the data protection provisions and terms of use for the respective third-party service under the respective link listed in the table.

Legal basis for the transfer of data

If we transfer data to third parties, the relevant Swiss laws, in particular the Swiss Data Protection Act, form the legal basis. Alternatively and subsidiarily or if applicable, the provisions of the EU General Data Protection Regulation also apply. See also the justification grounds and legal bases of the DPA and GDPR mentioned in section 1. 

If you would like to know the exact legal basis for any of the third-party services listed in detail in the table below, please contact us using the contact options mentioned at the beginning of this privacy policy. 

If we transfer data to third parties in a country without an adequate legal level of data protection, we ensure an adequate level of protection as provided by law by using appropriate contracts (e.g., by using so-called standard contractual clauses of the European Commission) or, in turn, rely on the legal grounds for justification mentioned in Section 1.

Current: Privacy Shield Agreement and Use of Service Providers from the U.S.

In 2020, the Privacy Shield Agreement between the EU and the USA, which was valid until then, was declared invalid. Subsequently, the Federal Data Protection and Information Commissioner FDPIC also declared the Privacy Shield Agreement between Switzerland and the USA invalid. 

In the wake of this and despite repeated individual inquiries to the FDPIC's legal information offices from our side, even as late as spring 2021, it is currently unclear to what extent the use of services from providers in the USA can still be considered legally compliant or what additional contractual efforts and conclusions would be necessary for such legally compliant use of services from providers in the USA today. 

Should the conclusion of EU standard contractual clauses prove to be a legally sufficient means of cooperation with providers domiciled outside the EU, we will implement this solution in a timely manner (if this has not already been done in a legally sufficient manner in the terms of use and contractual clauses by means of, for example, an annex to the corresponding standard contractual clause(s)). 

However, in view of the so-called Mailchimp decision of the Bavarian State Office for Data Protection Supervision, this is unclear to what extent the standard data protection contracts are legally sufficient, or whether in each case "in addition to the standard data protection clauses, "additional measures" within the meaning of the ECJ decision "Schrems II" (ECJ, judgment of 16.7.2020, C-311/18) are necessary to make the transfer compliant with data protection", cf.  https://www.email-marketing-academy.at/experten-blog/2021/es-ist-amtlich-mailchimp-ist-unzulaessig.html and https://edpb.europa.eu/news/national-news/2021/bavarian-dpa-baylda-calls-german-company-cease-use-mailchimp-tool_de .

We will continue to monitor the situation closely and, depending on the development of the legal situation and recommendations of the FDPIC, adapt our practices, data protection provisions and individual contractual provisions with providers from the USA. Until then, we will continue to maintain existing contracts with service providers based in particular in the U.S. and outside the EU, but will seek to replace them with providers from Switzerland or the EU in the medium to long term, if necessary.

Encryption

In general, we always transmit personal data to third parties in encrypted form. If exceptions exist, they will be explicitly mentioned. 

Data protection regulations of third parties

With regard to the services used, we have no influence on the effective handling of personal data by the commissioned third-party providers. With regard to their handling of data, their currently valid data protection provisions are binding for you. We can only ensure, based on your choice of cookie settings, which cookies are set and actions are triggered for third-party services.

Overview and information on third-party providers

The third-party providers used are mentioned below according to their services. We will tell you which services are provided by which companies from which countries we use and provide you with a link to the currently valid data protection regulations according to our knowledge. If you have further questions about individual services listed below, please contact us using the contact options mentioned at the beginning of this privacy policy.

8.1 Third-party data storage (settings)

We use CookiePro to store your preferences about how cookies are used. CookiePro is a SaaS solution that comes from one of the world's leading providers, OneTrust, used by many large companies.

Tool: CookiePro

Provider: OneTrust

Seat (country), server location: USA, CDN

Privacy Policy: https://www.cookiepro.com/dpa.pdf 

8.2 Services offered by companies of Google/Alphabet

Our website uses various services of subsidiaries of the US company Alphabet Inc. (see table). These services all refer to the same data protection provisions, which can be found at https://policies.google.com/privacy

If the IP anonymization function is activated, your IP address will be shortened by Google before being transmitted to the USA. The entire IP address is only transmitted to a Google server in the USA in exceptional cases and shortened there. Google uses this transmitted information to evaluate your use, to create Analytics services about these activities and to provide other services for us, such as map services. 

Tool: Google Analytics

Provider: Google LLC / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy:

https://marketingplatform.google.com/about/analytics/terms/de/ 

Tool: Google Maps

Provider: Google LLC / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy:

‍https://policies.google.com/terms?hl=de&utm_source=ucb 

Tool: Google Data Studio

Provider: Google LLC / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy:

‍https://support.google.com/datastudio/answer/7019158?hl=en 

Tool: Google Tag Manager

Provider: Google LLC / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy:

https://www.google.com/analytics/terms/tag-manager/ 

Tool: Google Fonts

Provider: Google Ireland Limited / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy:

https://policies.google.com/terms?hl=en 

Tool: Google Cloud Platform, Google Cloud Storage

Provider: Google LLC / Alphabet

Seat (country), server location: USA, CDN

Privacy Policy: 

https://cloud.google.com/terms 

https://cloud.google.com/terms/data-processing-terms 

8.3 External payment service providers

This website uses the external login and payment service provider Memberstack. Via its technology (platform, plugin, API, integrations), users of this website can perform login and payment transactions. The data processed by this service provider or third-party providers it uses may include inventory data, such as name and address, bank details, account numbers, credit card numbers, passwords, TANs and checksums, as well as contract details, totals, and recipient-related information, all of which is necessary to complete the transaction. 

To our knowledge, Memberstack uses the service provider Stripe for credit card payments. However, the information you enter as a user is only processed by and stored with Memberstack and third parties contracted by them. We do not receive any information about your account details or credit card details, only information about the status of the payment. We refer to the Terms of Service and Privacy Policy of Memberstack.

Tool: Memberstack

Provider: Memberstack Inc.

Seat (country), server location: USA, CDN

Privacy Policy: 

https://www.memberstack.com/legal/terms-of-service

https://www.memberstack.com/legal/privacy-policy 

‍

8.4 Tracking, analysis

We analyze user behavior on the pages of our website via various Google services, see our notes above.

8.5 Social Media (Plugins, Pixel)

We do not use any social media tracking technologies. However, we link to our own social media sites (Facebook, Instagram, Twitter). We have no influence over the terms of use and privacy policies applied by these third-party providers.

If you do not want these third-party providers to assign the personal data collected via our website to any existing account you may have with these providers or to track it in any other way, you must log out of their services before visiting our website.

8.6 Newsletter and e-mail marketing

As a newsletter tool, we use CleverReach of the German company CleverReach GmbH & Co. KG. 

If you subscribe to a newsletter from us, the personal data you provide when registering as well as IP address and the time of registration are transmitted to us by your browser and stored in our systems. Our newsletters are free of charge and serve information purposes. 

In order to verify that a registration has actually been made by you, we use the "double opt-in" procedure. For this purpose, the newsletter service provider commissioned by us will send you a confirmation e-mail to the e-mail address you have provided after you have subscribed to the newsletter. In doing so, we or the newsletter service provider log the subscription order, the sending of our confirmation e-mail to you and the receipt of your reply e-mail. To our knowledge, no further data is collected. This data is collected via the corresponding newsletter tool and stored by the respective provider. 

The processing of your personal data serves to send the newsletter, which may be personalized. Personalization in this case means that we can take into account the interests you have indicated as well as your previous usage when compiling the newsletter. 

We do not combine this personal data with other data sources. A data transfer to third parties takes place so that we can enable the newsletter dispatch to you by the third-party provider according to the table below. We are not responsible for the processing of your data by the third-party provider. We have no influence over the terms of use and data protection provisions applied by these third-party providers.

You can unsubscribe from our newsletter at any time and revoke your consent to the storage of your personal data in this regard. You can declare the revocation / unsubscribe by clicking on the link provided in each newsletter e-mail or by e-mail to the contact details provided in the imprint.

Tool: CleverReach

Provider: CleverReach GmbH & Co. KG

Seat (country), server location: EU

Privacy Policy: 

‍https://www.cleverreach.com/en/terms-of-service/ 

8.7 Online fonts

To embed and display special fonts, we use the services Adobe Fonts (typekit) from Adobe and Google Fonts from Google (for Google Fonts, please refer to the information and links in section 8.2 of this privacy policy).

To our knowledge, no user data is collected in this process.

Tool: Adobe Fonts

Provider: Adobe Inc.

Seat (country), server location: SA, CDN

Privacy Policy:

‍https://wwwimages2.adobe.com/content/dam/cc/de/legal/servicetou/Adobe_Fonts_Additional_Terms_de_DE_20200416.pdf 

https://www.adobe.com/ch_de/privacy/policies/adobe-fonts.html 

We do not use contact forms or comment functions on this website.

The entire content of this website is either copyrighted Copyright ©2021 DOCMINE Productions AG and affiliated companies according to imprint / credits, or we have obtained / received a license for the use of the parts of the website or content not attributable to us by copyright. Under strict reservation of all rights. We also refer to our terms of use for this website.  für diese Website.

Regarding our liability in connection with the use of this website, we refer to our terms of use.

Due to the further development of our website, the implementation of new technologies, changes to our internal company processes or the adaptation to changed legal framework conditions, it may become necessary to change this data protection declaration. We therefore reserve the right to change this data protection declaration at any time in compliance with data protection regulations and laws.

Since the data protection declaration can change, we recommend that you visit this page from time to time to inform yourself about the current status of the data protection declaration.

The current version of the data protection declaration can be accessed without restriction at any time on our website. 

The currently valid data protection declaration is written in German. The translated versions also provided by us are for information purposes only and are easier to understand. In the event of disputes, the German-language text is legally binding and takes precedence over the other language versions.