Data Pri­va­cy Statement

This pri­va­cy state­ment ex­plains the na­ture, scope and pur­pose of the pro­cess­ing of per­son­al data (here­inafter re­ferred to as “data”) with­in our on­line of­fer and its re­lat­ed web­sites, func­tions and con­tent, as well as ex­ter­nal on­line pres­ence, such as our So­cial Me­dia Pro­file (here­after col­lec­tive­ly re­ferred to as “on­line of­fer”). With re­gard to the terms used, such as “pro­cess­ing” or “re­spon­si­ble”, we re­fer to the de­f­i­n­i­tions in Ar­ti­cle 4 of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR).

If we process data of users from the EU / EEC, the re­spec­tive­ly fol­low­ing le­gal bases of the GDPR are valid.

In­ci­den­tal­ly, we process the data on the ba­sis of Swiss law. In this case, the state­ments be­low ap­ply, but on the ba­sis of Swiss law and not the afore­men­tioned DSGVO standards.


In the Ey 37
8047 Zurich

Types of processed data:

— In­ven­to­ry data (eg, names, addresses).
— Con­tact de­tails (eg, e‑mail, tele­phone numbers).
— Con­tent data (eg, text in­put, pho­tographs, videos).
— Us­age data (eg, vis­it­ed web­sites, in­ter­est in con­tent, ac­cess times).
— Meta / com­mu­ni­ca­tion data (eg, de­vice in­for­ma­tion, IP addresses).

Cat­e­gories of af­fect­ed persons

Vis­i­tors and users of the on­line of­fer (here­inafter we re­fer to the af­fect­ed per­sons as “users”).

Pur­pose of processing

— Pro­vi­sion of the on­line of­fer, its func­tions and contents.
— An­swer­ing con­tact re­quests and com­mu­ni­cat­ing with users.
— Safe­ty measures.
— Reach Mea­sure­ment / Marketing

Used terms

Per­son­al data” means any in­for­ma­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (here­inafter the “data sub­ject”); a nat­ur­al per­son is con­sid­ered as iden­ti­fi­able, which can be iden­ti­fied di­rect­ly or in­di­rect­ly, in par­tic­u­lar by means of as­sign­ment to an iden­ti­fi­er such as a name, to an iden­ti­fi­ca­tion num­ber, to lo­ca­tion data, to an on­line iden­ti­fi­er (eg cook­ie) or to one or more spe­cial fea­tures, that ex­press the phys­i­cal, phys­i­o­log­i­cal, ge­net­ic, men­tal, eco­nom­ic, cul­tur­al or so­cial iden­ti­ty of this nat­ur­al person.

Pro­cess­ing” means any process per­formed with or with­out the aid of au­to­mat­ed pro­ce­dures or any such process as­so­ci­at­ed with per­son­al data. The term goes far and in­cludes vir­tu­al­ly every han­dling of data.

Pseu­do­nymi­sa­tion” means the pro­cess­ing of per­son­al data in such a way that per­son­al data can no longer be at­trib­uted to a spe­cif­ic data sub­ject with­out the need for ad­di­tion­al in­for­ma­tion, pro­vid­ed that such ad­di­tion­al in­for­ma­tion is kept sep­a­rate and sub­ject to tech­ni­cal and or­ga­ni­za­tion­al mea­sures to en­sure that the per­son­al data not as­signed to an iden­ti­fied or iden­ti­fi­able nat­ur­al person.

Pro­fil­ing” means any kind of au­to­mat­ed pro­cess­ing of per­son­al data which in­volves the use of such per­son­al data to eval­u­ate cer­tain per­son­al as­pects re­lat­ing to a nat­ur­al per­son, in par­tic­u­lar as­pects re­lat­ing to job per­for­mance, eco­nom­ic sit­u­a­tion, health, per­son­al To an­a­lyze or pre­dict pref­er­ences, in­ter­ests, re­li­a­bil­i­ty, be­hav­ior, where­abouts or re­lo­ca­tion of that nat­ur­al person.

“Re­spon­si­ble per­son” means the nat­ur­al or le­gal per­son, pub­lic au­thor­i­ty, body or body that de­cides, alone or in con­cert with oth­ers, on the pur­pos­es and means of pro­cess­ing per­son­al data.

Proces­sor” means a nat­ur­al or le­gal per­son, pub­lic au­thor­i­ty, agency or oth­er body that process­es per­son­al data on be­half of the controller.

Rel­e­vant le­gal bases

In ac­cor­dance with Art. 13 GDPR, we in­form you about the le­gal ba­sis of our data pro­cess­ing. Un­less the le­gal ba­sis in the data pro­tec­tion de­c­la­ra­tion is men­tioned, the fol­low­ing ap­plies: The le­gal ba­sis for ob­tain­ing con­sent is Ar­ti­cle 6 (1) lit. a and Art. 7 GDPR, the le­gal ba­sis for the pro­cess­ing for the per­for­mance of our ser­vices and the per­for­mance of con­trac­tu­al mea­sures as well as the re­sponse to in­quiries is Art. 6 para. 1 lit. b DSGVO, the le­gal ba­sis for pro­cess­ing in or­der to ful­fill our le­gal oblig­a­tions is Art. 6 (1) lit. c DSGVO, and the le­gal ba­sis for pro­cess­ing in or­der to safe­guard our le­git­i­mate in­ter­ests is Ar­ti­cle 6 (1) lit. f DSGVO. In the event that vi­tal in­ter­ests of the data sub­ject or an­oth­er nat­ur­al per­son re­quire the pro­cess­ing of per­son­al data, Art. 6 para. 1 lit. d DSGVO as le­gal basis.

Safe­ty measures

We take ap­pro­pri­ate tech­ni­cal mea­sures in ac­cor­dance with Art. 32 GDPR, tak­ing into ac­count the state of the art, the im­ple­men­ta­tion costs and the na­ture, scope, cir­cum­stances and pur­pos­es of the pro­cess­ing as well as the dif­fer­ent like­li­hood and sever­i­ty of the risk to the rights and free­doms of nat­ur­al per­sons and or­ga­ni­za­tion­al mea­sures to en­sure a lev­el of pro­tec­tion ap­pro­pri­ate to the risk.

The mea­sures in­clude, in par­tic­u­lar, en­sur­ing the con­fi­den­tial­i­ty, in­tegri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal ac­cess to the data, as well as their ac­cess, in­put, trans­fer, avail­abil­i­ty and sep­a­ra­tion. We have also set up pro­ce­dures to en­sure the en­joy­ment of data sub­ject rights, data dele­tion and data vul­ner­a­bil­i­ty. Fur­ther­more, we con­sid­er the pro­tec­tion of per­son­al data al­ready in the de­vel­op­ment, or se­lec­tion of hard­ware, soft­ware and pro­ce­dures, ac­cord­ing to the prin­ci­ple of data pro­tec­tion through tech­nol­o­gy de­sign and pri­va­cy-friend­ly de­fault set­tings (Ar­ti­cle 25 DSGVO).

Col­lab­o­ra­tion with proces­sors and third parties

If, in the con­text of our pro­cess­ing, we dis­close data to oth­er per­sons and com­pa­nies (con­tract proces­sors or third par­ties), trans­mit them to them or oth­er­wise grant ac­cess to the data, this will only be done on the ba­sis of a le­gal per­mis­sion (eg if a trans­mis­sion of the data to third par­ties, as re­quired by pay­ment ser­vice providers, pur­suant to Art. 6 (1) (b) GDPR to ful­fill the con­tract), you have con­sent­ed to a le­gal oblig­a­tion or based on our le­git­i­mate in­ter­ests (eg the use of agents, web­hosters, etc.).

If we com­mis­sion third par­ties to process data on the ba­sis of a so-called “con­tract pro­cess­ing con­tract”, this is done on the ba­sis of Art. 28 GDPR.

Trans­fers to third countries

If we process data in a third coun­try (ie out­side the Eu­ro­pean Union (EU) or the Eu­ro­pean Eco­nom­ic Area (EEA)) or in the con­text of the use of third par­ty ser­vices or dis­clo­sure, or trans­mis­sion of data to third par­ties, this will only be done if it is to ful­fill our (pre) con­trac­tu­al oblig­a­tions, on the ba­sis of your con­sent, on the ba­sis of a le­gal oblig­a­tion or on the ba­sis of our le­git­i­mate in­ter­ests. Sub­ject to le­gal or con­trac­tu­al per­mis­sions, we process or have the data processed in a third coun­try only in the pres­ence of the spe­cial con­di­tions of Art. 44 et seq. DSGVO. This means, for ex­am­ple, that the pro­cess­ing takes place on the ba­sis of spe­cial guar­an­tees, such as the of­fi­cial­ly rec­og­nized lev­el of data pro­tec­tion (eg for the USA through the “Pri­va­cy Shield”) or com­pli­ance with of­fi­cial­ly rec­og­nized spe­cial con­trac­tu­al oblig­a­tions (so-called “stan­dard con­trac­tu­al clauses”).

Rights of data subjects

You have the right to ask for con­fir­ma­tion as to whether the data in ques­tion is be­ing processed and for in­for­ma­tion about this data as well as for fur­ther in­for­ma­tion and a copy of the data in ac­cor­dance with Art. 15 GDPR.

You have ac­cord­ing­ly. Art. 16 DSGVO the right to de­mand the com­ple­tion of the data con­cern­ing you or the cor­rec­tion of the in­cor­rect data con­cern­ing you.

In ac­cor­dance with Art. 17 GDPR, they have the right to de­mand that the rel­e­vant data be delet­ed im­me­di­ate­ly or, al­ter­na­tive­ly, to re­quire a re­stric­tion of the pro­cess­ing of data in ac­cor­dance with Art. 18 GDPR.

You have the right to de­mand that the data re­lat­ing to you pro­vid­ed to us be ob­tained in ac­cor­dance with Art. 20 GDPR and to be trans­mit­ted to oth­er per­sons responsible.

You have gem. Art. 77 DSGVO the right to file a com­plaint with the com­pe­tent su­per­vi­so­ry authority.


You have the right to grant con­sent in ac­cor­dance with. Art. 7 para. 3 DSGVO with ef­fect for the future.

Right of objection

You may at any time ob­ject to the fu­ture pro­cess­ing of your data in ac­cor­dance with Art. 21 GDPR. The ob­jec­tion may in par­tic­u­lar be made against pro­cess­ing for di­rect mar­ket­ing purposes.

Cook­ies and right to ob­ject in di­rect mail

“Cook­ies” are small files that are stored on users’ com­put­ers. Dif­fer­ent in­for­ma­tion can be stored with­in the cook­ies. A cook­ie is pri­mar­i­ly used to store the in­for­ma­tion about a user (or the de­vice on which the cook­ie is stored) dur­ing or af­ter his vis­it to an on­line of­fer. Tem­po­rary cook­ies, or “ses­sion cook­ies” or “tran­sient cook­ies”, are cook­ies that are delet­ed af­ter a user leaves an on­line ser­vice and clos­es his brows­er. In such a cook­ie, for ex­am­ple, the con­tent of a shop­ping cart in an on­line shop or a lo­gin sta­tus can be saved. Cook­ies are de­fined as “per­ma­nent” or “per­sis­tent” and re­main stored even af­ter the brows­er has been closed. For ex­am­ple, the lo­gin sta­tus can be saved if users vis­it it af­ter sev­er­al days. Like­wise, in such a cook­ie the in­ter­ests of the users can be stored, which are used for range mea­sure­ment or mar­ket­ing pur­pos­es. A “third-par­ty cook­ie” refers to cook­ies that are of­fered by providers oth­er than the per­son who man­ages the on­line of­fer (oth­er­wise, if it is only their cook­ies, this is called “first-par­ty cookies”).

We can use tem­po­rary and per­ma­nent cook­ies and clar­i­fy this in the con­text of our pri­va­cy policy.

If users do not want cook­ies stored on their com­put­er, they will be asked to dis­able the op­tion in their browser’s sys­tem set­tings. Saved cook­ies can be delet­ed in the sys­tem set­tings of the brows­er. The ex­clu­sion of cook­ies can lead to func­tion­al re­stric­tions of this on­line offer.

A gen­er­al con­tra­dic­tion to the use of cook­ies used for on­line mar­ket­ing pur­pos­es can be found in a va­ri­ety of ser­vices, es­pe­cial­ly in the case of track­ing, via the US web­site or the EU site be ex­plained. Fur­ther­more, the stor­age of cook­ies can be achieved by switch­ing them off in the set­tings of the brows­er. Please note that not all fea­tures of this on­line of­fer may be used.

Dele­tion of data

The data processed by us are delet­ed or lim­it­ed in their pro­cess­ing in ac­cor­dance with Ar­ti­cles 17 and 18 GDPR. Un­less ex­plic­it­ly stat­ed in this pri­va­cy pol­i­cy, the data stored by us are delet­ed as soon as they are no longer re­quired for their pur­pose and the dele­tion does not con­flict with any statu­to­ry stor­age re­quire­ments. Un­less the data is delet­ed be­cause it is re­quired for oth­er and le­git­i­mate pur­pos­es, its pro­cess­ing will be re­strict­ed. This means that the data is blocked and not processed for oth­er pur­pos­es. This ap­plies, for ex­am­ple, to data that must be kept for com­mer­cial or tax reasons.

Ac­cord­ing to le­gal re­quire­ments in Ger­many, the stor­age takes place in par­tic­u­lar for 10 years ac­cord­ing to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, man­age­ment re­ports, ac­count­ing doc­u­ments, trad­ing books, rel­e­vant for tax­a­tion Doc­u­ments, etc.) and 6 years pur­suant to § 257 (1) no. 2 and 3, para. 4 HGB (com­mer­cial letters).

Ac­cord­ing to le­gal reg­u­la­tions in Aus­tria, the stor­age takes place in par­tic­u­lar for 7 years ac­cord­ing to § 132 para­graph 1 BAO (ac­count­ing doc­u­ments, re­ceipts / in­voic­es, ac­counts, re­ceipts, busi­ness pa­pers, state­ment of in­come and ex­pens­es, etc.), for 22 years in con­nec­tion with real es­tate and for 10 years in the case of doc­u­ments re­lat­ing to elec­tron­i­cal­ly sup­plied ser­vices, telecom­mu­ni­ca­tions, broad­cast­ing and tele­vi­sion ser­vices pro­vid­ed to non-en­tre­pre­neurs in EU Mem­ber States and for which the Mini-One-Stop-Shop (MOSS) is used.

Agency services

We process our clients’ data as part of our con­trac­tu­al ser­vices, which in­clude con­cep­tu­al and strate­gic con­sult­ing, cam­paign plan­ning, soft­ware and de­sign de­vel­op­ment / con­sult­ing or main­te­nance, cam­paign / process / han­dling im­ple­men­ta­tion, serv­er ad­min­is­tra­tion, data analy­sis / con­sult­ing ser­vices, and train­ing services.

Here we process stock data (eg, cus­tomer mas­ter data, such as names or ad­dress­es), con­tact data (eg, e‑mail, tele­phone num­bers), con­tent data (eg, text in­puts, pho­tographs, videos), con­tract data (eg, sub­ject mat­ter, term), pay­ment data (eg, Bank ac­count, pay­ment his­to­ry), us­age and meta­da­ta (eg in the con­text of the eval­u­a­tion and suc­cess mea­sure­ment of mar­ket­ing mea­sures). In prin­ci­ple, we do not process spe­cial cat­e­gories of per­son­al data un­less they are part of a com­mis­sioned pro­cess­ing. Those af­fect­ed in­clude our cus­tomers, prospects and their cus­tomers, users, web­site vis­i­tors or em­ploy­ees as well as third par­ties. The pur­pose of the pro­cess­ing is the pro­vi­sion of con­tract ser­vices, billing and our cus­tomer ser­vice. The le­gal ba­sis of the pro­cess­ing re­sults from Art. 6 para. 1 lit. b DSGVO (con­trac­tu­al ser­vices), Art. 6 para. 1 lit. f DSGVO (analy­sis, sta­tis­tics, op­ti­miza­tion, safe­ty mea­sures). We process data that are nec­es­sary for the es­tab­lish­ment and per­for­mance of the con­trac­tu­al ser­vices and in­di­cate the ne­ces­si­ty of their in­for­ma­tion. Dis­clo­sure to ex­ter­nal par­ties will only be made if re­quired by an or­der. When pro­cess­ing the data pro­vid­ed to us with­in the frame­work of an or­der, we act in ac­cor­dance with the in­struc­tions of the client as well as with the le­gal re­quire­ments of or­der pro­cess­ing pur­suant to Art. Art. 28 DSGVO and process the data for no oth­er pur­pose than the order.

We delete the data af­ter ex­piry of le­gal war­ran­ty and com­pa­ra­ble oblig­a­tions. The ne­ces­si­ty of keep­ing the data is checked every three years; in the case of le­gal archiv­ing oblig­a­tions, the dele­tion takes place af­ter its ex­piry (6 years, pur­suant to § 257 (1) HGB, 10 J, in ac­cor­dance with § 147 (1) AO). In the case of data dis­closed to us in the con­text of an or­der by the client, we delete the data ac­cord­ing to the spec­i­fi­ca­tions of the or­der, in prin­ci­ple af­ter the end of the order.

Con­trac­tu­al services

We process the data of our con­trac­tu­al part­ners and in­ter­est­ed par­ties as well as oth­er clients, cus­tomers, clients, clients or con­trac­tu­al part­ners (uni­form­ly re­ferred to as “con­trac­tu­al part­ners”) in ac­cor­dance with Art. 6 para. 1 lit. b. DSGVO in or­der to pro­vide you with our con­trac­tu­al or pre-con­trac­tu­al ser­vices. The data processed, the na­ture, scope and pur­pose and ne­ces­si­ty of their pro­cess­ing are de­ter­mined by the un­der­ly­ing con­trac­tu­al relationship.

The processed data in­cludes the mas­ter data of our con­trac­tu­al part­ners (eg, names and ad­dress­es), con­tact data (eg e‑mail ad­dress­es and tele­phone num­bers) as well as con­tract data (eg, ser­vices used, con­tract con­tents, con­trac­tu­al com­mu­ni­ca­tion, names of con­tact per­sons) and pay­ment data (eg, Bank de­tails, pay­ment history).

In prin­ci­ple, we do not process spe­cial cat­e­gories of per­son­al data, un­less these com­po­nents are the sub­ject of a com­mis­sioned or con­trac­tu­al processing.

We process data which are nec­es­sary for the es­tab­lish­ment and ful­fill­ment of the con­trac­tu­al ser­vices and point out the ne­ces­si­ty of their in­di­ca­tion, if this is not ev­i­dent for the con­trac­tu­al part­ners. Dis­clo­sure to ex­ter­nal per­sons or com­pa­nies will only be made if re­quired by a con­tract. When pro­cess­ing the data pro­vid­ed to us with­in the frame­work of an or­der, we act in ac­cor­dance with the in­struc­tions of the client as well as the le­gal requirements.

As part of the use of our on­line ser­vices, we can save the IP ad­dress and the time of each user ac­tion. The stor­age is based on our le­git­i­mate in­ter­ests, as well as the in­ter­ests of the user in the pro­tec­tion against mis­use and oth­er unau­tho­rized use. A trans­fer of these data to third par­ties does not take place, un­less it is to pur­sue our claims acc. Art. 6 para. 1 lit. f. DSGVO re­quired or there is a le­gal oblig­a­tion in ac­cor­dance with. Art. 6 para. 1 lit. c. DSGVO.

The data will be delet­ed if the data is no longer re­quired for the ful­fill­ment of con­trac­tu­al or statu­to­ry du­ties of care and for the han­dling of any war­ran­ty and com­pa­ra­ble oblig­a­tions, where­by the ne­ces­si­ty of keep­ing the data is re­viewed every three years; oth­er­wise the statu­to­ry stor­age oblig­a­tions apply.


When con­tact­ing us (eg via con­tact form, e‑mail, tele­phone or via so­cial me­dia), the in­for­ma­tion pro­vid­ed by the user to process the con­tact re­quest and its pro­cess­ing acc. Art. 6 para. 1 lit. b. (in the con­text of con­trac­tu­al / pre-con­trac­tu­al re­la­tion­ships), Art. 6 para. 1 lit. f. (oth­er re­quests) DSGVO processed. User in­for­ma­tion can be stored in a Cus­tomer Re­la­tion­ship Man­age­ment Sys­tem (“CRM Sys­tem”) or com­pa­ra­ble re­quest organization.

We delete the re­quests, if they are no longer re­quired. We check the ne­ces­si­ty every two years; Fur­ther­more, the le­gal archiv­ing oblig­a­tions apply.

Host­ing and e‑mailing

The host­ing ser­vices we use are de­signed to pro­vide the fol­low­ing ser­vices: in­fra­struc­ture and plat­form ser­vices, com­put­ing ca­pac­i­ty, stor­age and data­base ser­vices, e‑mailing, se­cu­ri­ty and tech­ni­cal main­te­nance ser­vices we use to op­er­ate this on­line service.

Here we, or our host­ing provider, process in­ven­to­ry data, con­tact data, con­tent data, con­tract data, us­age data, meta and com­mu­ni­ca­tion data of cus­tomers, in­ter­est­ed par­ties and vis­i­tors to this on­line of­fer on the ba­sis of our le­git­i­mate in­ter­ests in an ef­fi­cient and se­cure pro­vi­sion of this on­line of­fer acc. Art. 6 para. 1 lit. f DSGVO in con­junc­tion with Art. 28 DSGVO (con­clu­sion of con­tract pro­cess­ing contract).

Google Analytics

Based on our le­git­i­mate in­ter­ests (ie in­ter­est in the analy­sis, op­ti­miza­tion and eco­nom­ic op­er­a­tion of our on­line of­fer with­in the mean­ing of Art. 6 (1) lit. DSGVO), we use Google An­a­lyt­ics, a web an­a­lyt­ics ser­vice pro­vid­ed by Google LLC (“Google”). Google uses cook­ies. The in­for­ma­tion gen­er­at­ed by the cook­ie about the use of the on­line of­fer by the users are usu­al­ly trans­mit­ted to a Google serv­er in the USA and stored there.

Google is cer­ti­fied un­der the Pri­va­cy Shield Agree­ment, pro­vid­ing a guar­an­tee to com­ply with Eu­ro­pean pri­va­cy leg­is­la­tion (

Google will use this in­for­ma­tion on our be­half to eval­u­ate the use of our on­line of­fer by users, to com­pile re­ports on the ac­tiv­i­ties with­in this on­line of­fer and to pro­vide us with fur­ther ser­vices re­lat­ed to the use of this on­line of­fer and the in­ter­net us­age. In this case, pseu­do­ny­mous us­age pro­files of the users can be cre­at­ed from the processed data.

We only use Google An­a­lyt­ics with ac­ti­vat­ed IP anonymiza­tion. This means that the IP ad­dress of the users will be short­ened by Google with­in mem­ber states of the Eu­ro­pean Union or in oth­er con­tract­ing states of the Agree­ment on the Eu­ro­pean Eco­nom­ic Area. Only in ex­cep­tion­al cas­es will the full IP ad­dress be sent to a Google serv­er in the US and short­ened there.

The IP ad­dress sub­mit­ted by the user’s brows­er will not be merged with oth­er data pro­vid­ed by Google. Users can pre­vent the stor­age of cook­ies by set­ting their brows­er soft­ware ac­cord­ing­ly; Users may also pre­vent the col­lec­tion by Google of the data gen­er­at­ed by the cook­ie and re­lat­ed to its use of the on­line of­fer and the pro­cess­ing of such data by Google by down­load­ing and in­stalling the brows­er plug-in avail­able at the fol­low­ing link: .

For more in­for­ma­tion about Google’s data us­age, hir­ing and dis­parag­ing op­tions, please read Google’s Pri­va­cy Pol­i­cy ( and Google’s Ads Set­tings (

The per­son­al data of users will be delet­ed or anonymized af­ter 14 months.

Google Maps

We in­clude maps from the Google Maps ser­vice pro­vid­ed by Google LLC, 1600 Am­phithe­ater Park­way, Moun­tain View, CA 94043, USA. The processed data may in­clude, in par­tic­u­lar, users’ IP ad­dress­es and lo­ca­tion data, but these are not col­lect­ed with­out their con­sent (usu­al­ly as part of the set­tings of their mo­bile de­vices). The data can be processed in the USA. Pri­va­cy Pol­i­cy: , opt-out: .

Adapt­ed by the web­site owner.
Cre­at­ed with by RA Dr. med. Thomas Schwenke
Eng­lish ver­sion trans­lat­ed by