The present privacy policy is an unofficial translation from the German original.
With this privacy policy, we inform you about the personal data we process in connection with our activities and tasks, including our poesia.swiss website. We particularly inform you about why, how, and where we process personal data. We also provide information about the rights of individuals whose data we process.
For individual or additional activities and tasks, further privacy policies, as well as other legal documents such as general terms and conditions (GTCs), terms of use, or participation conditions, may apply.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, such as that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Information
Responsibility for the processing of personal data:
Daniel Kurmann
Poesia Holding AG
Grenzweg 3
Industrie Feldmatte
5726 Unterkulm
We will inform you if there are other controllers responsible for the processing of personal data in individual cases.
Data Protection Officer
We have the following data protection officer as a contact person for affected individuals and as a point of contact for supervisory authorities regarding data protection issues:
Daniel Kurmann
Poesia Holding AG
Grenzweg 3
Industrie Feldmatte
5726 Unterkulm
2. Terms and Legal Bases
2.1 Terms
Personal data means any information relating to an identified or identifiable natural person. A data subject is a natural person about whom personal data is processed.
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
The European Economic Area (EEA) consists of the member states of the European Union (EU) and the countries of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (DPA) and the Ordinance to the Federal Data Protection Act (DPO).
If and to the extent the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject or to take steps prior to entering into a contract with the data subject.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to pursue our legitimate interests or those of a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject. Legitimate interests include, in particular, our interest in exercising our activities and tasks permanently, user-friendly, securely and reliably, as well as communicating about them, ensuring information security, protecting against abuse, enforcing our own legal claims and complying with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of a Member State in the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, scope and purpose
We process those personal data that are necessary to permanently, user-friendly, securely and reliably carry out our activities and tasks. Such personal data may include inventory and contact data, browser and device data, content data, meta or edge data and usage data, location data, sales data as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary will be anonymized or deleted.
We may have personal data processed by third parties. We may also process personal data together with third parties or transmit it to third parties. Such third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.
We only process personal data with the consent of the data subject, unless processing is permissible for other legal reasons. Processing without consent may be permissible, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily submits to us when contacting us - for example by letter, email, instant messaging, contact form, social media or telephone - or when registering for a user account. We may store such information, for example, in an address book or with similar tools. If we receive data transmitted about other persons, the transmitting parties are obliged to ensure data protection for these persons and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources or collect when carrying out our activities and tasks, provided and to the extent that such processing is permissible for legal reasons.
4. Personal data abroad
4. Personal data abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may export or transmit personal data to other countries, particularly for processing purposes.
We may export personal data to all countries and territories on Earth as well as elsewhere in the Universe, provided that the local law provides an adequate level of data protection as assessed by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or based on a decision of the Swiss Federal Council (FDJP) and, where applicable, based on an adequacy decision by the European Commission (EC) according to the General Data Protection Regulation (GDPR).
We may transmit personal data to countries whose law does not provide an adequate level of data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. We may exceptionally export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example, if the data subject has given explicit consent or if there is a direct connection with the conclusion or performance of a contract. Upon request, we will be happy to provide data subjects with information on any safeguards or provide them with a copy of the safeguards.
5. Rights of data subjects
Data subjects whose personal data we process have rights under Swiss data protection law, including the right to information as well as the right to correct, delete or block the processed personal data.
Data subjects whose personal data we process can, where applicable under the General Data Protection Regulation (GDPR), request confirmation free of charge as to whether we are processing personal data concerning them. In this case, data subjects can request information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability, and have their personal data corrected, deleted ("right to be forgotten"), blocked or completed.
Data subjects whose personal data we process can, where applicable under the GDPR, revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects whose personal data we process have the right to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the FDPIC.
6. Data Security
We take appropriate technical and organizational measures to ensure data security that is appropriate for the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured by transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, Europe, the United States of America (USA) and other countries, as is fundamentally the case with any digital communication. We cannot directly influence the processing of personal data by intelligence services, police authorities and other security authorities.
7. Use of the Website
7.1 Cookies
We may use cookies. Cookies – both first-party cookies and third-party cookies from services we use – are data stored in the browser. Such stored data does not have to be limited to traditional text cookies.
Cookies can be temporarily stored in the browser as "session cookies" or for a specific period of time as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a certain storage duration. Cookies allow, in particular, a browser to be recognized on the next visit to our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
Cookies can be disabled or deleted completely or partially in the browser settings at any time. Without cookies, our website may not be fully available. We request – at least if and to the extent necessary – express consent to the use of cookies.
7.2 Server Log Files
We may record the following information for each access to our website, provided that it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, last website accessed in the same browser window (referer or referrer).
We store such information, which may also constitute personal data, in server log files. The information is necessary to permanently, user-friendly and reliably provide our website and to ensure data security and in particular the protection of personal data – also by third parties or with the help of third parties.
7.3 Counting pixels
We can use counting pixels on our website. Counting pixels are also called web beacons. With counting pixels – including those of third parties whose services we use – these are small, usually invisible images that are automatically retrieved when our website is visited. Counting pixels can capture the same information as in server log files.
8. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (T&Cs) and privacy policies, as well as other provisions of the respective operators of such platforms, also apply. These provisions provide information, in particular, about the rights of affected persons directly vis-à-vis the respective platform, including the right to access information.
For our social media presence on Facebook, including the so-called Page Insights, we are jointly responsible – to the extent that the General Data Protection Regulation (GDPR) applies – with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.
Further information about the nature, scope and purpose of data processing, information on the rights of affected persons, as well as the contact details of Facebook and the data protection officer of Facebook can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, thereby agreeing, in particular, that Facebook is responsible for ensuring the rights of affected persons. For the so-called Page Insights, the corresponding information can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".
9. Third-party services
We use services from specialized third parties to carry out our activities and operations permanently, user-friendly, securely and reliably. With such services, we can embed functions and content into our website. When embedding such content, the services used, for technical reasons, at least temporarily capture the internet protocol (IP) addresses of the users.
For necessary security-related, statistical and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized or pseudonymized manner. This includes, for example, performance or usage data to offer the respective service.
We use in particular:
- Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Privacy and Security Principles", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Guide to Privacy in Google Products", "How we use data from sites or apps that use our services" (information from Google), "Types of cookies and other technologies used by Google", "Personalized Advertising" (activation/deactivation/settings).
- Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Great Britain, and Switzerland; General information on data protection: "Privacy at Microsoft", "Privacy (Trust Center)", Privacy Policy.
9.1 Digital infrastructure
We use services from specialized third parties to be able to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
- METANET: Hosting; Provider: METANET AG (Switzerland); Information on data protection: Privacy Policy, "Technical and organizational measures".
9.2 Audio and video conferences
We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings, conduct online classes and webinars, among other things. For participation in audio and video conferences, the terms and conditions of each service, such as privacy policies and usage agreements, apply.
Depending on your personal situation, we recommend that you keep your microphone muted by default and blur your background or use a virtual background when participating in audio or video conferences.
We use the following services in particular:
- Facebook Messenger: Video conferences; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: "Communication with Confidence", "Privacy and Security in Messenger", "Privacy Center" (Meta), Privacy Policy (Meta).
- Google Meet: video conferences; provider: Google; Google Meet-specific information: "Google Meet - Security and Privacy for Users".
- Microsoft Teams: platform for audio and video conferences, among other things; provider: Microsoft; Teams-specific information: "Privacy and Microsoft Teams".
- Skype: audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), UK and Switzerland; information on data protection: "Legal Information for Skype", "Privacy and Security".
- Zoom: video conferences; provider: Zoom Video Communications Inc. (USA); information on data protection: Privacy Policy, "Data Protection at Zoom", "Compliance Center".
9.3 Map material
We use third-party services to embed maps into our website.
In particular, we use:
- Google Maps including Google Maps Platform: mapping service; provider: Google; Google Maps specific information: "How Google uses location information".
9.4 Fonts
We use third-party services to embed selected fonts as well as icons, logos and symbols into our website.
In particular, we use:
- Font Awesome: icons and logos; provider: Fonticons Inc. (USA); privacy information: Privacy Policy.
- Google Fonts: fonts; provider: Google; Google Fonts specific information: "Privacy and Google Fonts", "Privacy and data collection".
- IcoMoon: icons; provider: Roonas (USA); privacy information: Privacy Policy.
10. Final Provisions
We reserve the right to adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate form, in particular by publishing the current privacy policy on our website.