Data protection

Your data remains protected

Responsible body in terms of data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

Association "Massai Art&Heart"
Marleen De Heyn Huber

Bahnhofstrasse 10a
CH-5722 Gränichen

Phone: 0041 (0)79 509 01 92
E-Mail: info@massaiartandheart.ch

Processing of personal data

Personal data is any information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) GDPR:

- lit. a) Processing of personal data with the consent of the data subject.

- lit. b) Processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.

- lit. c) Processing of personal data for the fulfillment of a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR is applicable in whole or in part.

- lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.

- lit. f) Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject are overridden. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

This website uses cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device while the user is using the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyze behavior patterns of page use, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when you visit the site again. If you do not wish this to happen, you should set your Internet browser so that it refuses to accept cookies.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this online offer can be used.

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.

For the comment function on this website, in addition to your comment, information on the time of creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.

Storage of the IP address

Our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribing to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info emails.

Rights of data subjects
Right to confirmation

Every data subject has the right to request confirmation from the website operator as to whether personal data concerning him or her are being processed. If you wish to exercise this right of confirmation, you may contact the data protection officer at any time.

Right of access

Every person affected by the processing of personal data has the right to receive information free of charge from the operator of this website at any time about the personal data stored about him or her and a copy of this information. Furthermore, information may be provided about the following, if applicable:

- the purposes of processing
- the categories of personal data processed
- the recipients to whom the personal data have been or will be disclosed
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: Any available information about the origin of the data.

Furthermore, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If you would like to make use of this right to information, you can contact our data protection officer at any time.

Right to rectification

Every person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request that incomplete personal data be completed, including by means of a supplementary declaration.

If you wish to exercise this right of rectification, you may contact our data protection officer at any time.

Right to erasure (right to be forgotten)

Any person concerned by the processing of personal data has the right to obtain from the controller of this website the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is no longer necessary:

- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based and there is no other legal basis for the processing
- The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and related profiling
- The personal data have been processed unlawfully
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject
- The personal data has been collected in relation to information society services provided directly to a child

If one of the above reasons applies and you wish to arrange for the deletion of personal data stored by theoperator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the erasure request to be complied with immediately.

Right to restriction of processing

Any person concerned by the processing of personal data has the right to obtain from the controller of this website the restriction of processing if one of the following conditions is met:

- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data
- The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims
- The data subject has objected to the processing on grounds relating to his or her particular situation, and it is not yet clear whether the legitimate interests of the controller override those of the data subject

If one of the aforementioned conditions is met, you can request the restriction of personal data stored by the operator of this website at any time by contacting our data protection officer. The data protection officer of this website will arrange the restriction of the processing.

Right to data portability

Every person affected by the processing of personal data has the right to receive the personal data concerning him or her in a structured, common and machine-readable format. He or she also has the right to have this data transferred to another controller if the legal requirements are met.

Furthermore, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

In order to assert the right to data portability, you may at any time contact the data protection officer appointed by the operator of this website.

Right to object

Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.

The operator of this website shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if the processing serves the purpose of asserting, exercising or defending legal claims.

To exercise the right to object, you may directly contact the Data Protection Officer of this website.

Right to revoke consent granted under data protection law

Every person affected by the processing of personal data has the right to revoke a given consent to the processing of personal data at any time.
If you wish to exercise your right to revoke consent, you may contact our data protection officer at any time.

Data protection declaration for objection advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Chargeable services

In order to provide services for which a charge is made, we request additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the legal retention periods have expired.

Use of Google Maps

This website uses the offer of Google Maps. This enables us to display interactive maps directly on the website and allows you to comfortably use the map function. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit: www.google.de/intl/de/policies/privacy.

Google AdWords

This website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain "googleleadservices.com" are blocked.

Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".
The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" to ensure anonymized collection of IP addresses. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Disable Google Analytics.

In addition, you can also prevent the use of Google Analytics by clicking on this link: Disable Google Analytics. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.

This website uses the online marketing tool Google Ads by Google ("Google Ads"). Google Ads uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google Ads can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google Ads ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, Google Ads cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. Through the integration of Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will obtain and store your IP address.

You can prevent participation in this tracking process in various ways:

- by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving ads from third-party providers;
- by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://adssettings.google.com, which setting will be deleted when you delete your cookies;
- by disabling interest-based ads from the providers that are part of the "About Ads" self-regulatory campaign, via the link https://www.aboutads.info/choices, with this setting being deleted when you delete your cookies;
- by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer in full.

The legal basis for the processing of your data is a balancing of interests, according to which the processing of your personal data described above is not opposed by any overriding interests on your part (Art. 6 para. 1 p. 1 lit. f DSGVO). You can find more information about Google Ads from Google at https://ads.google.com/intl/de_DE/home/, as well as about data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When calling up our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a "Like" or "Share" button are also passed on to Facebook. You can learn more at https://de-de.facebook.com/about/privacy.

On our website, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
For more information, please see Instagram's privacy policy: http://instagram.com/about/legal/privacy/

External payment service providers

This website uses external payment service providers through whose platforms users and we can make payment transactions. For example, via

- PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
- Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
- Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
- Bexio AG (https://www.bexio.com/de-CH/datenschutz)
- Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
- Apple Pay (https://support.apple.com/de-ch/ht203027)
- Stripe (https://stripe.com/ch/privacy)
- Klarna (https://www.klarna.com/de/datenschutz/)
- Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
- Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.

In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance as well as and to the extent necessary pursuant to Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.

For the payment transactions, the terms and conditions and the privacy policy of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

Newsletter - Mailchimp

The newsletter is sent using the dispatch service provider 'MailChimp', a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with the European level of data protection (PrivacyShield). The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO and a contract processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

On this website, functions of the service "YouTube" are integrated. "YouTube" is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
Your legal agreement with "YouTube" consists of the terms and conditions found at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These Terms constitute a legally binding agreement between you and "YouTube" regarding your use of the Services. Google's Privacy Policy explains how "YouTube" treats and protects your personal information when you use the Service

Notice regarding data transfers to the USA (United States of America)

For the sake of completeness, we would like to point out that for users based in Switzerland, there are monitoring measures by US authorities which generally allow the storage of all personal data from Switzerland - which has been transferred to the USA.
This is done without any differentiation, limitation or exception based on the purposes pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that could justify the interference associated with the access to this data as well as with its use. In addition, we would like to point out that in the USA there are no legal remedies available to data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data.

We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the perspective of the European Union.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

Questions to the data protection officer

If you have any questions about data protection, please write us an e-mail or contact directly the responsible person in our organization listed for data protection at the beginning of the privacy policy.

Gränichen, 27.05.2020
Source: SwissAnwalt