Data protection

Privacy Policy

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Art4um Association
Foscky Pambu Pueta
Salvatorstrasse 9
8050 Zurich

Telephone: 0764071194
Email: info@art4um.ch
Website: http://www.art4um.ch/

General note

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG), every person has the right to privacy and protection against the misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as effectively as possible against unauthorized access, loss, misuse, or falsification.

Please note that data transmission over the internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as pages viewed or the names of files accessed, as well as the date and time, are stored on the server for statistical purposes, without this data being directly linked to you personally. Personal data, in particular your name, address, or email address, is collected on a voluntary basis whenever possible. Your data will not be shared with third parties without your consent.

Processing of personal data

Personal data is any information relating to an identified or identifiable natural person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, collection, erasure, storage, alteration, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, to the extent that the EU GDPR is applicable, we process personal data in accordance with the following legal bases pursuant to Article 6(1) GDPR:

• Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

• Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

• Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.

• Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – The processing is necessary to protect the vital interests of the data subject or of another natural person.

• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

• Application process as a pre-contractual or contractual relationship (Art. 9 para. 2 lit. b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data, such as severe disability or ethnic origin) are requested from applicants during the application process so that the controller or the data subject can exercise their rights and fulfill their obligations under employment law and social security and social protection law, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in the case of protecting the vital interests of the applicants or other persons in accordance with Art. 9 para. 2 lit. c GDPR, or for purposes of preventive or occupational medicine, for assessing the employee’s fitness for work, for medical diagnosis, the provision of health or social care or treatment, or for the management of health or social care systems and services in accordance with Art. 9 para. 2 lit. h GDPR. In the case of the disclosure of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

We process personal data for the duration necessary for the respective purpose(s). Where longer retention periods are required due to legal or other obligations to which we are subject, we restrict processing accordingly.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

Transfer of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or where transfer is required by contract or law, we process data only in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Privacy policy for cookies

This website uses cookies. Cookies are text files containing data from visited websites or domains, stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit to an online service. Stored information can include, for example, language settings on a website, login status, items in a shopping cart, or the point at which a video was paused. We also include other technologies that perform the same functions as cookies in the term “cookies” (e.g., when user data is stored using pseudonymous online identifiers, also known as “user IDs”).

The following cookie types and functions are distinguished:

• Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their browser.

• Persistent cookies: Persistent cookies remain stored even after the browser is closed. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user interests, which are used for audience measurement or marketing purposes, can be stored in such a cookie.

• First-party cookies: First-party cookies are set by us.

• Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

• Necessary (also: essential or absolutely required) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user input, or for security reasons).

• Statistics, marketing, and personalization cookies: Cookies are also typically used for audience measurement and when a user’s interests or behavior (e.g., viewing specific content, using certain functions, etc.) on individual websites are stored in a user profile. Such profiles are used to show users content that matches their potential interests. This process is also known as “tracking,” i.e., monitoring users’ potential interests. If we use cookies or tracking technologies, we will inform you separately in our privacy policy or when obtaining your consent.

Information on the legal basis: The legal basis for processing your personal data using cookies depends on whether we ask for your consent. If so, and you consent to the use of cookies, the legal basis for processing your data is your explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation and improvement of our online services) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information on the storage period of persistent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the right to revoke any consent you have given or to object to the processing of your data by cookie technologies at any time (collectively referred to as “opt-out”). You can initially declare your objection via your browser settings, e.g., by disabling the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ . You can also find further information on how to object in the details provided about the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Affected persons: Users (e.g., website visitors, users of online services).

• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock symbol in your browser’s address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Privacy policy for contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

Privacy policy for newsletter data

If you wish to subscribe to the newsletter offered on this website, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not share it with third parties .

You can revoke your consent to the storage of your data, email address and its use for sending the newsletter at any time, for example via the “unsubscribe link” in the newsletter.

Privacy policy for objecting to advertising emails

The use of contact details published as part of the legal notice for sending unsolicited advertising and informational materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

Facebook Privacy Policy

This website uses features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plugins, a connection is established between your browser and Facebook’s servers. Data is then transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular using a comment function or clicking a “Like” or “Share” button, are also transmitted to Facebook. You can find out more at  https://de-de.facebook.com/about/privacy .

Instagram Privacy Policy

Our website integrates features of the Instagram service. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram’s privacy policy:  http://instagram.com/about/legal/privacy/

External payment service providers

This website uses external payment service providers through whose platforms users and we can process payment transactions. For example, via

• PostFinance ( https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)

• Visa ( https://www.visa.de/USE Conditions/visa-privacy-center.html)

• Mastercard ( https://www.mastercard.ch/de-ch/datenschutz.html)

• American Express ( https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)

• Paypal ( https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

• Bexio AG ( https://www.bexio.com/de-CH/datenschutz)

• Payrexx AG ( https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

• Apple Pay ( https://support.apple.com/de-ch/ht203027)

• Stripe ( https://stripe.com/ch/privacy)

• Klarna ( https://www.klarna.com/de/datenschutz/)

• Skrill ( https://www.skrill.com/de/fusszeile/datenpolitik/)

• Giropay ( https://www.giropay.de/rechts/datenschutzerklaerung) etc.

In order to fulfill contracts, we use payment service providers on the basis of the Swiss Federal Act on Data Protection and, where necessary, Article 6(1)(b) of the EU General Data Protection Regulation (GDPR). Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Federal Act on Data Protection and, where necessary, Article 6(1)(f) of the EU GDPR, in order to offer our users effective and secure payment options.

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. We, as the operator, receive no information about (bank) accounts or credit cards, but only confirmation (acceptance) or rejection of the payment. The payment service providers may transmit the data to credit agencies for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these documents for further information and to exercise your rights of withdrawal, access, and other data subject rights.

YouTube Privacy Policy

This website integrates features of the service “YouTube”. “YouTube” is owned by Google Ireland Limited, a company incorporated and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.

Your legal agreement with YouTube consists of the terms and conditions available at the following link:  https://www.youtube.com/static?gl=de&template=terms&hl=de . These terms constitute a legally binding agreement between you and YouTube regarding the use of the services. Google’s Privacy Policy explains how YouTube handles and protects your personal data when you use the service.

Vimeo Privacy Policy

This website uses plugins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. Interactions with the Vimeo plugins (e.g., clicking the play button) also transmit this information to Vimeo, where it is stored. You can find Vimeo’s privacy policy, which provides more detailed information about the collection and use of your data by Vimeo, in  Vimeo’s privacy policy .

If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your member data stored at Vimeo, you must log out of Vimeo before visiting this website.

Furthermore, Vimeo uses an iframe to load the video and also calls the Google Analytics tracker. This is Vimeo’s own tracking, over which we have no control. You can prevent tracking by Google Analytics by using the opt-out tools that Google offers for some internet browsers. You can also prevent Google from collecting and processing data generated by Google Analytics relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Contractual services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as “contractual partners”) within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for the administrative tasks and business organization associated with this information. We only disclose the data of our contractual partners to third parties within the framework of applicable law to the extent necessary for the aforementioned purposes, to fulfill legal obligations, or with the consent of the data subjects (e.g., to participating telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colors) or symbols (e.g. stars or similar), or personally.

We delete data after the expiry of statutory warranty periods and similar obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (e.g., for tax purposes, generally 10 years). Data disclosed to us by the contractual partner within the scope of a contract is deleted according to the contract specifications, generally after the contract has ended.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.

Customer Account: Contract partners can create an account within our online service (e.g., customer or user account, hereinafter referred to as “customer account”). If registration of a customer account is required, contract partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customers’ IP addresses along with the access times in order to verify the registration and prevent any misuse of the customer account.

When customers terminate their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. It is the customer’s responsibility to back up their data after terminating their customer account.

Analysis and market research: For business reasons and in order to identify market trends, the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of persons affected may include contractual partners, prospective customers, customers, visitors and users of our online service.

The analyses are conducted for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). Where available, we may consider the profiles of registered users, including their information such as details of services used. These analyses are solely for our internal use and will not be disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized, data. Furthermore, we respect user privacy and process data for analytical purposes using pseudonyms wherever possible and, where feasible, anonymously (e.g., as aggregated data).

Shop and e-commerce: We process our customers’ data to enable them to select, purchase, or order their chosen products, goods, and related services, as well as to facilitate payment and delivery or fulfillment. If necessary for order fulfillment, we use service providers, in particular postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the information needed for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up.

Agency services: We process our clients’ data within the scope of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any updates by email or other suitable means.

Questions for the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization, whose contact details are listed at the beginning of the privacy policy.