Data Protection
The responsible body within the meaning of the data protection laws, the EU General Data Protection Regulation (GDPR), is:
Kallisto – The Experience Lab GmbH
Hauptstrasse 29 CH-4302 Augst
E-mail: privacy@kallisto.ch Website: KALLISTO - THE EXPERIENCE LAB
General Notice
Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, FADP), every person is entitled to the protection of their privacy and to protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse, or forgery.
We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) may have security gaps. Complete protection of the data against access by third parties is not possible.
By using this website, you agree to the collection, processing, and use of data in accordance with the following description. In principle, this website can be visited without registration. Data such as pages accessed or names of the retrieved file, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address, or e-mail address, are collected on a voluntary basis as far as possible. Without your consent, the data will not be passed on to third parties.
Processing of personal data
Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, the storage, disclosure, procurement, deletion, storage, modification, destruction, and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data – insofar as and insofar as the EU GDPR is applicable – in accordance with the following legal bases in connection with Article 6 (1) GDPR:
Consent (Art. 6 para. 1 sentence 1 lit.a. GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
Performance of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit.b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal obligation (Art. 6 para. 1 sentence 1 lit.c. GDPR) – The processing is necessary to fulfill a legal obligation to which the controller is subject.
Protection of vital interests (Art. 6 para. 1 sentence 1 lit.d. GDPR) – The processing is necessary to protect the vital interests of the data subject or another natural person.
Legitimate interests (Art. 6 para. 1 sentence 1 lit.f. GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail.
Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 2 lit.b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.B. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the controller or the data subject is covered by labor law and social security law and the can exercise social protection rights and fulfil his or her obligations in this regard, their processing is carried out in accordance with Art. 9 para. 2 lit.b. GDPR, in the case of the protection of vital interests of applicants or other persons in accordance with Art. 9 para. 2 lit.c. GDPR or for the purposes of health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 para. 2 lit.h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out based on Art. 9 para. 2 lit.a. GDPR.
We process personal data for the duration necessary for the respective purpose or purposes. In the case of longer-lasting retention obligations due to legal and other obligations to which we are subject, we limit the processing accordingly.
Relevant legal bases
In accordance with Article 13 GDPR, we will inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit.a and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries is Art. 6 para. 1 lit..b, GDPR, the legal basis for processing to fulfil our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6 (1) (f)GDPR. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Security
We take appropriate technical and organizational measures in accordance with the legal requirements, considering the state of the art, the implementation costs and the nature, scope, circumstances, and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
The measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Transmission of personal data
As part of our processing of personal data, the data is transmitted to other bodies, companies, legally independent organizational units, or persons or disclosed to them. The recipients of this data may include, for example. B service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractual or legally required transfer, we process the data only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Privacy Policy for Cookies
This website uses cookies. Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user’s computer. A cookie is primarily used to store the information about a user during or after his visit within an online offer. The stored information may include, for example. B, the language settings on a website, the login status, a shopping cart or the place where a video was watched. The term cookies also include other technologies that perform the same functions as cookies (e.g. when user information is stored based on pseudonymous online identifiers, also referred to as “user IDs”)
The following cookie types and functions are distinguished:
Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, users’ interests used for range measurement or marketing purposes may be stored in such a cookie.
First-party cookies: First-party cookies are set by us.
Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or strictly necessary) cookies: Cookies may be strictly necessary for the operation of a website (e.g., to store logins or other user input or for security reasons).
Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed based on our legitimate interests (e.g., in the business operation of our online offer and its improvement) or if cookies are necessary to fulfill our contractual obligations.
Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.
General information on revocation and objection(opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke a given consent or to object to the processing of your data by cookie technologies (collectively referred to as “Opt-Out”). You can first declare your objection by means of the settings of your browser, e.g., by deactivating the use of cookies (whereby this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites: https://optout.aboutads.info and https://www.youronlinechoices.com/ in addition, you can receive further objection notices in the context of the information on the service providers and cookies used.
Processing of cookie data based on consent: We use a procedure for cookie consent management, in the context of which the consent of the users to the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, can be obtained, and managed and revoked by the users. In this case, the declaration of consent is stored in order not to have to repeat its request again and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) to be able to assign the consent to a user or his device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is formed and stored with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers) as well as the browser, system and device used.
Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit.a. GDPR), Legitimate interests (Art. 6 para.
1 sentence 1 lit.f. GDPR).
Privacy Policy for SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Privacy Policy for Server Log Files The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type and browser version Operating system used Referrer URL Host name of the accessing computer Time of the server request
This data cannot be assigned to specific people. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
Privacy Policy for Contact Form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
Rights of data subjects
Right to confirmation
Any data subject has the right to request confirmation from the operator of the website as to whether personal data concerning data subjects are being processed. If you would like to make use of this right of confirmation, you can contact the data protection officer at any time.
Right to information
Any person affected by the processing of personal data has the right to receive free information from the operator of this website at any time about the personal data stored about him or her and a copy of this information. Furthermore, information may be provided, where appropriate, on the following information:
the purposes of the processing
the categories of personal data that are processed.
the recipients to whom the personal data has been or will be disclosed.
If possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that period.
the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject: all available information on the origin of the data.
Furthermore, the data subject has a right to information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.
If you would like to make use of this right to information, you can contact our data protection officer at any time.
Right to rectification
Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right, considering the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If you would like to make use of this right of rectification, you can contact our data protection officer at any time.
Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right to request from the controller of this website that the personal data concerning him or her be erased without undue delay, provided that one of the following reasons applies and insofar as the processing is not necessary:
Personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject withdraws consent on which the processing was based and there is no other legal basis for the processing.
The data subject objects to the processing on grounds relating to his or her situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the event of direct marketing and profiling.
The personal data has been processed unlawfully.
The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data have been collected in relation to information society services offered that have been made directly to a child.
If one of the above reasons applies and you would like to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the deletion request to be complied with immediately.
Right to restriction of processing
Any data subject affected by the processing of personal data has the right to request from the controller of this website the restriction of processing if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise, or defense of legal claims.
The data subject has objected to the processing on grounds arising from his or her situation and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met, you would like to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. This website’s data protection officer will arrange the processing restriction.
Right to data portability
Any data subject affected by the processing of personal data has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format. It also has the right to have this data transmitted to another person responsible if the legal requirements are met.
Furthermore, the data subject has the right to obtain that the personal data are transmitted directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.
Right to object
Each data subject shall have the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data concerning him or her.
The operator of this website shall no longer process the personal data in the event of the objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if the processing serves to assert, exercise or defend legal claims.
To exercise the right to object, you can contact the data protection officer of this website directly.
Right to revoke consent under data protection law
Each data subject shall have the right to withdraw consent to the processing of personal data at any time.
If you would like to assert your right to revoke your consent, you can contact our data protection officer at any time.
Use of Google Maps
This website uses the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation takes place (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Further information on the purpose and scope of data collection and its processing by Google can be found at: www.google.de/intl/de/policies/privacy.
Privacy Policy for Facebook
This website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already being transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be assigned to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a “Like” or “Share” button are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.
Privacy Policy for LinkedIn
Within our online offer, we use the marketing services of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
These use cookies, i.e., text files that are stored on your computer. This enables us to analyze your use of the website. For example, we can measure the success of our ads and show users products they have previously been interested in.
This collects e.g., information about the operating system, the browser, the website you have previously accessed (referrer URL), which websites the user has visited, which offers the user has clicked on, and the date and time of your visit to our website.
The information generated by the cookie about your use of this website is pseudonymized and transmitted to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or e-mail address of the respective user. Rather, the above-mentioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process without pseudonymization or has a LinkedIn account.
You can prevent the storage of cookies by setting your browser software; accordingly, however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also object to the use of your data directly on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated into our website. If these tools are active, your personal data may be shared with the US servers of the respective companies. We want to point out that the USA is not a secure third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you, as the data subject being able to take legal action against this. It can, therefore, not be ruled out that US authorities (e.g., secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Changes
We may change this Privacy Policy at any time without notice. The current version published on our website shall apply. To the extent that the Privacy Policy is part of an agreement with you, we will notify you of the change by email or other appropriate means in the event of an update.
Questions regarding Data Protection
If you have any questions about data protection, please e-mail or contact us via the channels listed in our Impressum or via experience@kallisto.ch
Kallisto – The Experience Lab - GmbH
Hauptstrasse 29
4302 Augst
Switzerland
E-Mail: privacy@kallisto.ch