1. What is Personal Data?
Personal data is any information about personal or factual circumstances relating to an identified or identifiable natural person. This includes, for example, your name, date of birth, email address, postal address or telephone number, and online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.
2. What is Special Category Data?
Special category data is Personal Data that requires more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data. As well as data about a person's health, sex life and sexual orientation. In order to lawfully process special category data, explicit consent to the processing is required.
3. What is processing?
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any processing of data.
4. What are the legal bases for processing?
In accordance with the nDSG and the GDPR, we must have at least one of the following legal bases to process your Personal Data:
You have given your consent,
the data is necessary for the performance of a contract / pre-contractual measures,
the data is necessary for compliance with a legal obligation, or
the data is necessary for the protection of our legitimate interests, provided that your interests are not overriding.
Collection of Personal Data
a) Log data
Each time you visit our website, our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user's device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access our website, and (ix) which of our website pages you access. The legal basis for the processing is our legitimate interest.
b) Content Delivery Network
We use the Content Delivery Network (CDN) of Wix.com Ltd.to distribute our online content. Our CDN is a network of regionally distributed servers operated by our technical service providers that are connected via the Internet. When you visit our website, your device's browser transmits information to these service providers, which is collected in corresponding server log files. The server log files are usually anonymized and then transmitted without personal reference. The server log files include in particular i) information on the browser and operating system used, ii) the previously visited pages (so-called referral URL), iii) the IP address of the device used, iv) the name of the Internet provider, and v) the date, time of all page views including the amount of data transferred. The legal basis for the processing is our legitimate interest.
To provide our website, we use the services of Wix.com Ltd. who process all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
Why do we provide information about cookies?
Accordingly, the use of functional, analytics and performance or advertising cookies requires your consent and therefore the legal basis for the collection of your Personal Data through analytics and performance cookies is your consent.
What is a cookie?
A cookie is a text file or software element that records information about your device's navigation on the Internet. It is controlled by your browser and sometimes contains a unique number or random number. A cookie allows us or our partners, as originators of cookies, to recognize your device during its validity period when it accesses digital content that contains cookies from the same originator.
Which cookies do we use?
We distinguish between two categories of cookies:
Essential or Necessary cookies. These cookies are essential or necessary to ensure that a website works properly and is secure so that you can navigate a website and use its features. Without these cookies, certain features of a website would not function, and thus you would not be able to use certain services.
Optional Cookies. These cookies are non-essential for the website to function and require your consent. When it comes to optional cookies the following distinctions are made:
Functional cookies or sometimes called convenience cookies. These cookies allow a website to remember the options a user has made (including user ID`s stored, consents given, or languages selected) and other personalization options you have selected when browsing.
Analysis and performance cookies, which are used to monitor and improve the function and service of a website. Those can track down problems when using a website, facilitate online surveys, record visitor numbers, and provide analytics metrics.
Advertising cookies or targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very irritating.
The above laws, require us to ask for your consent when using specific cookies (in particular any cookie that is not strictly necessary for the operation of the website, for example, Functional cookies, Analysis and performance cookies and Advertising cookies or targeting cookies “Optional Cookies”). As well as to have a legal basis for the use of Personal Data in relation to cookies.
However, as we think it is important that you should have full control over your privacy online, we refrained from placing Optional Cookies on our website and as such we are not required to obtain any consents. As for the use of strictly necessary cookies only, no Personal Data is processed and as such the legal basis is our legitimate interest. Nonetheless, this may change, and we ask you to regularly check this policy for any updates.
e) Contacting us
You have the option of contacting us via our contact form, e-mail or by telephone. The Personal Data transmitted to us for this purpose (e.g., name, e-mail address and the content of your message as well as your telephone number, if provided) will be used exclusively for processing contact requests. This data will not be disclosed to third parties or published and the legal basis for the processing is your consent.
For the Chat, we use Ascend by Wix.com Ltd. We have no influence on the processing of data by Wix and no possibility to influence it and the legal basis for the processing is your consent.
We are present on social media (Facebook, Instagram, and LinkedIn) on the basis of our legitimate interest. If you contact or connect with us via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contractual service, if any.
For our appointment bookings, we obtain your Name, E-mail, Phone Number, and additional information you provide to us. The data you provide us with will also only be used for the purpose of your contact, bookings, or appointments and the services carried out. The legal basis for processing your data when booking an appointment is the preparation for a contract. The data collected in respect of our Booking Feature is processed on our behalf by Wix Bookings a service of Wix.com Ltd.
g) Payment Data
If you pay through our website your payment data will be processed via our payment service provider Wix Payments a service of Wix.com Ltd. Payment data will solely be processed through Wix Payments and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
We process the same data that we process in the course of providing our contractual services, in connection with administrative tasks as well as the organization of our business and the fulfillment of legal obligations, such as archiving. The processing bases are our legal obligations and our legitimate interest.
If you have consented to receive our newsletter, we will use your e-mail address and, if applicable, your name to send you information about us. You can revoke your consent to receive the newsletter or to the creation of personalized user profiles at any time with effect for the future. You will find the unsubscribe link at the end of each newsletter. The revocation leads to the deletion of the collected user data. Our newsletter is sent as part of processing on our behalf by Wix.com Ltd to whom we pass on your name and e-mail address for this purpose.
Principles of processing Personal Data
a) Storage and retention
At the time of data collection, for example in the context of a contractual relationship, we process and store Personal Data from you. We process and store your Personal Data only to achieve the respective processing purpose or for as long as a legal retention period exists. As soon as the purpose has been fulfilled or the retention period has expired, the corresponding data is routinely deleted.
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us. In addition, we have taken numerous security measures ("technical and organizational measures"), such as encryption or "need to know" access, to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so absolute protection cannot be guaranteed. And databases or records containing Personal Data may be breached inadvertently or by unlawful intrusion. Once we learn of a data breach, we will notify all affected individuals whose personal information may have been compromised as soon as possible after the breach is discovered.
c) Special Category Data.
We do not process special category data unless it is specifically required when using our services and there is explicit consent for that service.
d) Automated decision making
Automated decision making is a process by which a decision is made by automated means without human involvement. Automated decision making, including profiling, does not take place.
e) Do not sell
We do not sell your Personal Data.
We do not request Personal Data from minors and children and do not knowingly collect such data or disclose it to third parties.
g) Sharing and Disclosure
We do not disclose your Personal Data to third parties unless it is i) necessary for the provision of our services, ii) you have consented to the disclosure, iii) or we are required to do so by law, for example, by a court order or when necessary to assist in a criminal or legal investigation or other legal inquiry or proceeding, whether domestic or foreign, or to serve our legitimate interests.
h) International transfers
We use the service Google Maps from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, and Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland on our website. This allows us to show you interactive maps directly on the website and you can conveniently use the map function. The legal basis for the use of Google Maps is our legitimate interest.
Your rights and privileges
a) Privacy rights
In accordance with the nDSG and the GDPR, you may exercise the following rights:
Right to information
Right to rectification
Right to object to processing
Right to deletion
Right to data portability
Right to object
Right to withdraw consent
Right to lodge a complaint with a supervisory authority
Right not to be subject to a decision based solely on automated processing.
If you have any questions about the type of Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
b) Updating your data
If you believe that the data we hold about you is inaccurate or that we are no longer entitled to use it and you wish to request that it be rectified or erased, or object to its processing, please contact us.
c) Withdrawal of your consent
You may withdraw the consent you have given us at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
d) Request for information
If you wish to make a request for access to your data, you may notify us in writing. We will respond to requests for access and correction as soon as possible. If we are unable to respond to your request within thirty (30) days of receiving your request, we will notify you in writing within thirty (30) days of when we will be able to respond to your request. If we are unable to provide you with personal information or make a correction that you request, we will generally notify you of the reasons why we are unable to do so (unless we are not required to do so under the respective legal requirements set forth above).
e) Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of Personal Data. The Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Berne, Switzerland, www.edoeb.admin.ch is the relevant authority for us.
Changes and questions
Tuesday, April 11, 2023