With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent in the context of providing our application.
The terms used are not gender-specific. Status: March 2025
Person responsible
Sela Zentrum GmbH Gartenstadtstrasse 7
3098 Köniz
represented by the Managing Director Michel Broggi and the shareholder and Chairwoman of the Management Board Sibylle Broggi-Läubli
E-mail address:
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
• Contract data.
Special categories of data
Categories of affected persons
Purposes of the processing
Relevant legal bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.
Relevant legal bases according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (in short "Swiss FADP", valid from September 01, 2023). This also applies if our processing of your data otherwise affects you in Switzerland and you are affected by the processing. Unlike the GDPR, for example, the Swiss FADP does not generally require a legal basis to be specified for the processing of personal data. We only deal with the latter if the processing is carried out in good faith, is lawful and proportionate (Art. 6 para. 1 and 2 of the Swiss FADP). In addition, we only obtain personal data for a specific purpose that is recognizable to the data subject and only process it in a way that is compatible with this purpose (Art. 6 para. 3 of the Swiss FADP).
Note on the applicability of the GDPR and Swiss FADP: This data protection notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that the terms of the GDPR are used due to the broader geographical
application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "sensitive personal data" used in the Swiss DPA, the terms "processing" of "personal data", "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DPA within the scope of application of the Swiss DPA.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.
Transmission of personal data
As part of our processing of personal data, it may be transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
International data transfers
Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data will only be transferred if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or in the case of contractual or legally required transfer (Art. 49 para. 1 GDPR). In addition, we will inform you of the basis for third country transfers with the individual providers from the third country, whereby the adequacy decisions take precedence. Information on third country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension- data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.
Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act (DSG), we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 Swiss DSG). If the Federal Council has not determined adequate
protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung- staaten.html), we take alternative security measures. These may include international contracts, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection regulations recognized in advance by the FDPIC or a competent data protection authority in another country.
According to Art. 16 of the Swiss DPA, exceptions may be made for the disclosure of data abroad if certain conditions are met, including consent of the data subject, performance of a contract, public interest, protection of life or physical integrity, data made public or data from a register provided for by law. These disclosures are always made in accordance with legal requirements.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person. As part of our data protection information, we can provide users with further information on the deletion and retention of data that applies specifically to the respective processing operations.
Rights of the data subjects
Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Rights of data subjects under the Swiss DPA:
As a data subject, you have the following rights in accordance with the provisions of the Swiss Data Protection Act:
• Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
Business services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships and associated measures and with regard to communication with the contractual partners (or pre-contractual), for example to respond to inquiries.
We use this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organization. We also process the data on the basis of our legitimate interests both in the proper and efficient management of our business and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.
We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of statutory warranty and comparable obligations,
i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes, generally ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.
invoices, payment history); Contact data (e.g. postal and email addresses or telephone numbers); Contract data (e.g. subject matter of the contract, duration, customer category); Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
Further information on processing operations, procedures and services:
• Online courses and online training: We process the data of participants in our online courses and online training courses (uniformly referred to as "participants") in order to be able to provide them with our course and training services. The data processed in this context, the type, scope, purpose and necessity of its processing are determined by the underlying contractual relationship. The data generally includes information on the courses and services used and, if part of our range of services, personal specifications and results of the participants. The forms of processing also include the performance assessment and evaluation of our services and those of the course and training instructors; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
As part of our activities, we may also process special categories of data, in particular information on the health of clients, as well as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. Where necessary, we obtain the express consent of the client and otherwise process the special categories of data if this serves the health of the client, the data is public or other legal permissions exist.
If it is necessary for the performance of our contract, for the protection of vital interests or by law, or if the client's consent has been obtained, we disclose or transfer the client's data to third parties or agents, such as authorities, medical institutions, laboratories, billing offices and in the area of IT, office or comparable services, in compliance with professional regulations; legal basis: performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Providers and services used in the course of business activities
As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers ("services" for short) in compliance with legal
requirements. Their use is based on our interests in the proper, lawful and economic management of our business operations and our internal organization.
Further information on processing operations, procedures and services:
Payment procedure
As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively referred to as "payment service providers").
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers,
passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
Please refer to the general terms and conditions and the data protection information of the payment service providers.
Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.
Further information on processing operations, procedures and services:
Provision of the online offer and web hosting
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.
Further information on processing operations, procedures and services:
ensure the utilization of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
Use of cookies
Cookies are small text files or other storage notes that store information on end devices and read it from them. For example, to store the log-in status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online offering. Cookies can also be used for various purposes, for example to ensure the functionality, security and convenience of online services and to analyze visitor flows. Notes on consent: We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to you and contains the information on the respective use of cookies.
Information on legal bases under data protection law: The legal basis under data protection law on which we process users' personal data using cookies depends on whether we ask for their consent. If the users accept, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which we use cookies in the course of this privacy policy or as part of our consent and processing procedures.
Storage period: With regard to the storage period, a distinction is made between the following types of cookies:
General information on revocation and objection (opt-out): Users can revoke the consents they have given at any time and also declare an objection to the processing in accordance with the legal requirements, also by means of the privacy settings of their browser.
Further information on processing operations, procedures and services:
comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, the system and the end device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Contact and request management
When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.
Further information on processing operations, procedures and services:
Push messages
With the user's consent, we can send users so-called "push notifications". These are messages that are displayed on users' screens, end devices or browsers, even if our online service is not currently being actively used.
To register for the push messages, users must confirm the request from their browser or end device to receive the push messages. This consent process is documented and saved. The storage is necessary to recognize whether users have agreed to receive the push messages and to be able to prove their consent. For these purposes, a pseudonymous identifier of the browser (so-called "push token") or the device ID of an end device is stored.
The push notifications may be necessary for the fulfilment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offer) and are otherwise sent on the basis of the user's consent, unless specifically mentioned below.
Users can change the receipt of push messages at any time using the notification settings of their respective browsers or end devices.
Further information on processing operations, procedures and services:
country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Germany).
Newsletter and electronic notifications
We only send newsletters, emails and other electronic notifications (hereinafter "newsletter") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and ourselves.
To subscribe to our newsletter, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name so that we can address you personally in the newsletter or to provide further information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter is always carried out in a so- called double opt-in procedure. This means that you will receive an e-mail asking you to confirm your registration. This is necessary so that nobody can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
Deletion and restriction of processing: We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose.
The registration process is logged on the basis of our legitimate interests for the purpose of verifying that it is carried out properly. If we commission a service provider to send e- mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Contents:
Information about us, our services, promotions and offers.
• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Further information on processing operations, procedures and services:
• Mailchimp: Email marketing, automation of marketing processes, collection. Storage and management of contact data, measurement of campaign performance, recording and analysis of recipients' interaction with content, personalization of content; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/; Data processing agreement: https://mailchimp.com/legal/; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Standard Contractual Clauses (Provided by the service provider). Further information: Special security measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.
Web analysis, monitoring and optimization
Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used, or invite visitors to reuse them. It also enables us to understand which areas require optimization.
In addition to web analysis, we may also use test procedures, for example to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or end device and then read out. The information collected includes, in particular, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, it is also possible to process location data.
In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective process.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Further information on processing operations, procedures and services:
servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).
Online marketing
We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) for user protection. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.
The statements in the profiles are generally stored in cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing process and analyzed for the purpose of displaying content and supplemented with further data and stored on the server of the online marketing process provider.
In exceptional cases, it is possible to assign clear data to the profiles, primarily if, for example, the users are members of a social network whose online marketing processes we use and the network links the user profiles with the aforementioned data. Please note that users can make additional agreements with the providers, for example by giving their consent during registration.
In principle, we only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies are stored for a period of two years.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
to websites, interactions with content, functions, app installations, product purchases, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences). Event data does not include the actual content (such as comments written), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups created from it are deleted when our Facebook account is deleted.)
//www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.
Further information on processing operations, procedures and services:
have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Meta (so-called "custom audiences"). With the help of the meta pixel, we also want to ensure that our meta ads correspond to the potential interest of users and are not annoying. With the help of the meta pixel, we can also track the effectiveness of the meta ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a meta ad (so-called "conversion measurement"); service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland
- Adequacy Decision (Ireland); Further information: Event data of users, i.e.
.i.e. behavioral and interest data, are processed for the purposes of targeted advertising and targeting on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). Joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
Controller Agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The latter may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. Cookies are therefore generally stored on the user's computer, in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
Further information on processing operations, procedures and services:
for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data)
. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which relates in particular to the transfer of data to the parent company Meta Platforms, Inc. in the USA.
We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third- party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").
The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, but may also be linked to such information from other sources.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Further information on processing operations, procedures and services:
include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). Data processing is carried out on the basis of our legitimate interest in protecting our online offering from abusive automated crawling and spam; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Possibility of objection (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de; Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.
Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://developers.google.com/speed/libraries/; Privacy Policy: https://policies.google.com/privacy. Basis for third country transfers: Switzerland - adequacy decision (Ireland).
Management, organization and support tools
We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements.
In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content.
If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
Amendment and updating of the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us
make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us
