DATA PROTECTION POLICY

Komma AG

 

Valid from 18.10.2023

 

Introduction and legal basis

With this Data Protection Policy, we inform you about what kind of data, how they are processed, and what your rights are in relation to Komma AG.

We also provide information about your rights with reference to the specific processing of your personal data.

Supplementary or additional statements and other legal acts such as the General Terms and Conditions (GTC), Terms of Use, or conditions of participation apply to individual or additional offers and services.

This declaration based on our core business is subject to Swiss data protection law and any other applicable foreign data protection law, in particular the European Union (EU), namely the General Data Protection Regulation (GDPR). It also ensures that Swiss data protection law guarantees a high standard of data protection.

 

CONTACT

Your personal data will be processed by staff specifically trained by Komma AG, in compliance with current regulations. You can contact us via e-mail writing to info@komma.ch specifying “Privacy” in the subject field.

 

DEFINITIONS AND REGULATIONS

Definitions (provided for by the FADP)

Personal data means all information concerning a specific or determinable person. The individual concerned is the person whose personal data are processed.

Personal data worthy of special protection are data concerning religious, philosophical, political or trade union opinions or activities, data concerning health, the intimate sphere or membership of a race or ethnic group, genetic data, biometric data that uniquely identify a natural person, data concerning administrative and criminal prosecutions and sanctions, and data concerning social welfare measures;

Processing includes any processing of personal data, irrespective of the means and methods used, storage, disclosure, obtaining, deletion, recording, modification, deletion, and use of personal data.

Communication shall mean the transmission of personal data or the act of making them accessible.

Profiling means the automated processing of personal data consisting of the use of such data to evaluate certain personal aspects of a natural person, to analyse or predict aspects of that person's professional performance, economic situation, health, preferences, interests, reliability, behaviour, whereabouts and movements. High-risk profiling means profiling which entails a high risk to the personality or fundamental rights of the individual concerned because it involves a connection between data which makes it possible to assess essential aspects of the personality of a natural person.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the handling of personal data as the processing of personal data.

 

Legal and regulatory basis

We process personal data in accordance with Swiss Data Protection law, in particular the Federal Data Protection Act (FADP) and the Ordinance on the Federal Data Protection Act (DPO).

For the most part (and to the greatest extent possible) data are processed in Switzerland.

As far as the applicability of the GDPR is concerned, the data is processed according to the following legal bases, specifically:

  • Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with you and for the implementation of pre-contractual measures.

  • Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data for the protection of our own or third parties' legitimate interests, unless your freedoms, rights and fundamental interests prevail. Legitimate interests are in particular our interest in being able to provide our services permanently, intuitively, securely, and reliably and to advertise them, if necessary, the security of information and protection against misuse and unauthorised use, the enforcement of our legal rights and compliance with Swiss law.

  • Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data for the fulfilment of a legal obligation to which we are subject under the applicable law of the member states in the European Economic Area (EEA).

  • Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task in the public interest.

  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with your consent.

  • Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data for the protection of your or another natural person’s vital interests.

We process personal data necessary to provide our services in a permanent, intuitive, secure and reliable manner. Such personal data may fall into the categories of constituent and contact data, browser and device data, content data, license data, metadata or marginal data and data on usage, location, sales, payment and contractual data.

We process personal data for the period of time necessary for the corresponding purpose(s) or as required by law. Personal data whose processing is no longer necessary will be anonymised or deleted. You have, in principle, the right to request the deletion of your data.

In this context, we process in particular information that you voluntarily and personally transfer to us when contacting us - e.g. by post, e-mail, contact form, social media or telephone - or when registering for a user account. For example, we may store such information in an address book, a CRM (Customer Relationship Management) system or similar tools. If you transfer us personal data relating to third parties, you shall be obliged to ensure data protection with regard to such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, that we obtain from publicly accessible sources or that we collect in the course of providing our services, if and insofar as such processing is permitted by law.

 

DATA PROCESSING

The company may entrust third parties with the processing of personal data or process them together with third parties or transfer them to third parties. Such third parties are, in particular, service providers that the company uses. The company also ensures adequate data protection with such third parties, which are generally located in Switzerland and the European Economic Area (EEA).

 

YOUR RIGHTS

We guarantee you all the rights under the Data Protection Act. In particular, you have the following rights:

- Information: you may request information about whether we process your personal data and, if so, about the personal data in question. You also receive the information you need to assert your data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of the processing, the duration of storage, possible disclosure or transfer of the data to other countries, and the origin of the personal data.

- Correction and restriction: you may request that your inaccurate personal data are corrected, incomplete personal data are completed and the processing of your data is restricted.

- Deletion and objection: you may request to delete your personal data ("right to be forgotten") and raise an objection to the processing of your data with future effect.

We may suspend, limit or refuse the exercise your rights to the extent permitted by law. We may draw your attention to any requirements that must be met in order to exercise your rights under the Data Protection Act. For example, we may refuse to provide information, in whole or in part, with regard to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations.

When you request information or assert other rights we are obliged to take reasonable measures to identify you. You are obliged to cooperate.

Complaint

You have the right to assert your data protection rights through the courts or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Data subjects have the right - if and insofar as the General Data Protection Regulation (GDPR) applies - to lodge a complaint with a competent European data protection supervisory authority.

 

DATA SECURITY

We take appropriate and adequate technical and organisational measures to ensure the protection and in particular the security of data. However, despite these measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.

Access to our online offer is via transfer encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark the transfer encryption with a padlock in the address bar.

Access to our online offer is subject - as it is basically the case for all Internet surfing - to constant and suspicion-free sweeping and other checks by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the proper handling of personal data by intelligence services, police forces and other security authorities.

THIRD-PARTY SERVICES

We use services provided by specialised third parties to carry out our activities and operations in a durable, user-friendly, secure and reliable manner. With such services we can, among other things, incorporate functions and content into our website. In the case of such embedding, the services used can record the IP (Internet Protocol) addresses of users, at least temporarily, for technically compelling reasons.

For necessary technical, statistical and security purposes, the third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymous or pseudonymised form. This is, for example, performance or usage data in order to be able to offer the relevant service.

In particular , this site is hosted on the Squarespace.com platform. Squarespace.com provides us with the online platform that allows us to provide services to you. Your data may be stored through Squarespace.com’s data storage, databases and the general Squarespace.com applications. They store your data on secure servers behind a firewall. 

 

INSTANT MESSAGING SERVICES AND REMOTE COMMUNICATION SOFTWARE

We use specialised audio and video conferencing services to communicate online.

For participation in audio and video conferences, the legal provisions of each individual services, such as data protection policies and conditions of use, also apply.

Depending on the situation, we recommend deactivating the microphone by default when participating in audio or video conferences, as well as blurring the background or imposing a virtual background.

We use in particular:

Microsoft Teams and Skype: Platforms for audio and video conferencing, among others; provider: Microsoft; specific information on Teams and Skype: 'Microsoft Data Protection policy’

 

FINAL PROVISIONS

We reserve the right to adapt and supplement this Data Protection Policy at any time. We will provide information on such adaptations and supplements in an appropriate form, by publishing the updated version of the Data Protection Policy on our website.