Privacy Policy

1. Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.
Types of Data Processed
  • Inventory data
  • Employee data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.
Categories of Data Subjects
  • Employees.
  • Communication partners.
  • Users.
Purpose of Processing
  • Communication.
  • Security measures.
  • Organizational and administrative processes.
  • Feedback.
  • Provision of our online services and user-friendliness.
  • Establishment and execution of employment relationships.
  • Information technology infrastructure.
  • Business processes and business procedures.
2. Relevant Legal Bases
Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (abbreviated "Swiss DPA"). Unlike the GDPR, the Swiss DPA generally does not require a legal basis to be named for the processing of personal data, and the processing of personal data is carried out in good faith, lawfully, and proportionately (Art. 6 para. 1 and 2 of the Swiss DPA). Furthermore, personal data is only obtained for a specific, recognizable purpose and processed only in a manner compatible with that purpose (Art. 6 para. 3 of the Swiss DPA).
3. Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technical design and data protection-friendly default settings.
4. Transfer of Personal Data
In the course of our processing of personal data, it may be necessary to transfer or disclose them to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
5. International Data Transfers
Disclosure of personal data abroad: According to the Swiss DPA, we only disclose personal data abroad if an adequate level of protection for the data subjects is ensured (Art. 16 of the Swiss DPA). If the Federal Council has not established adequate protection, we implement alternative security measures. These may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Public Information Officer (FDPIC), or internal data protection regulations recognized in advance by the FDPIC or a competent data protection authority of another country. According to Art. 16 of the Swiss DPA, exceptions to the disclosure of data abroad may be permitted if certain conditions are met, including consent of the data subject, contract performance, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures are always made in accordance with legal requirements.
6. General Information on Data Storage and Deletion
We delete personal data processed by us in accordance with legal requirements as soon as the underlying consent is revoked or there are no further legal bases for processing. This applies to cases where the original purpose of processing ceases to exist or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data. In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal action or to protect the rights of other natural or legal persons must be archived accordingly. Our privacy notices contain additional information on the retention and deletion of data that specifically apply to certain processing activities. If multiple statements are made regarding the retention period or deletion deadlines of a data, the longest deadline always applies. If a deadline does not explicitly begin on a certain date and is at least one year, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other termination of the legal relationship. Data that is retained not for the originally intended purpose but due to legal requirements or other reasons will only be processed for the reasons that justify their retention.
7. Further Information on Processing Activities, Procedures, and Services
  • Storage and Deletion of Data: The following general deadlines apply to storage and archiving under Swiss law:
  • 10 years - Retention period for books and records, financial statements, inventories, management reports, opening balance sheets, booking vouchers, and invoices, as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (CO)).
  • 10 years - Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for processing related requests, based on previous business experiences and standard industry practices, are stored for the period of the statutory limitation period of ten years, unless a shorter period of five years is applicable, which is relevant in certain cases (Art. 127, 130 CO). Claims for rent, lease and capital interest as well as other periodic payments, for delivery of food, for catering and tavern debts, as well as for artisanal work, small sales of goods, medical care, professional work of lawyers, legal agents, attorneys, attorneys-in-fact and notaries, and from the employment relationship of employees expire after five years (Art. 128 CO).
8. Provision of Online Services and Web Hosting
We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
  • Processed Data Types: Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, persons involved). Log Data (e.g., log files regarding logins or data retrieval or access times).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).
Further Information on Processing Activities, Procedures, and Services:
  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, date and time of access, transmitted data volumes, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the load and stability of the servers; Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidence purposes are excluded from deletion until the final clarification of the respective incident.
9. Use of Cookies
Cookies are small text files or other storage mechanisms that store and retrieve information on devices. For example, to store the log-in status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as functionality, security, and comfort of online offerings, as well as for analyzing visitor flows.

Notes on Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless it is not required by law. Permission is not required, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. The revocable consent is communicated clearly to them and contains information about the respective cookie use.

Notes on Legal Bases for Data Protection: The legal basis on which we process users' personal data using cookies depends on whether we request their consent. If users accept, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies are based on our legitimate interests (e.g., in the commercial operation of our online offering and its improvement in usability) or, if cookies are required to fulfill our contractual obligations, if the use of cookies is necessary to comply with our contractual obligations. We clarify the purposes for which cookies are used during the course of this privacy policy or as part of our consent and processing processes.

Storage Period: Regarding the storage period, the following types of cookies are distinguished:
  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be stored, and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected using cookies may be used for reach measurement. If we do not provide specific information about the type and duration of cookies used (e.g., as part of obtaining consent), users should assume that they are permanent and may have a storage period of up to two years.
General Notes on Revocation and Objection (Opt-out): Users can revoke any consent given by them at any time and also object to processing in accordance with legal requirements, including through the privacy settings of their browser.
  • Processed Data Types: Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 para. 1 S. 1 lit. a) GDPR).
Further Information on Processing Activities, Procedures, and Services:
  • Processing of Cookie Data Based on Consent: We use a consent management solution to obtain users' consent to the use of cookies or to the procedures and providers mentioned within the consent management solution. This procedure is used to obtain, record, manage, and revoke consent, particularly regarding the use of cookies and similar technologies used to store, retrieve, and process information on users' devices. In the context of this procedure, users' consents to the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process, are obtained. Users also have the option to manage and revoke their consent. The consent declarations are stored to avoid repeated requests and to be able to provide evidence of consent in accordance with legal requirements. The storage is done server-side and/or in a cookie (so-called opt-in cookie) or by comparable technologies to be able to assign consent to a specific user or their device. If no specific information about providers of consent management services is available, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details of the consent scope (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used; Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR).
10. Contact and Inquiry Management
When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as within existing user and business relationships, the information provided by the contacting individuals is processed to the extent necessary to respond to the contact inquiries and any requested measures.
  • Processed Data Types: Inventory Data (e.g., full name, residential address, contact information, customer number, etc.); Contact Data (e.g., postal and email addresses or telephone numbers); Content Data (e.g., textual or pictorial messages and contributions as well as the information concerning them, such as information about authorship or time of creation); Usage Data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Meta, Communication, and Procedural Data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Communication; Organizational and administrative processes; Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR). Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).
Further Information on Processing Activities, Procedures, and Services:
  • Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data transmitted to us to respond to and process the respective inquiry. This typically includes information such as name, contact information, and any additional information provided to us that is necessary for appropriate processing. We use this data solely for the stated purpose of contacting and communicating; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).
Last Update
May 2024
Controller
89 Productions GmbH Bahnhofstrasse 51
6440 Brunnen