Privacy Policy
With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations including our website https://www.advertima.com. In particular, we inform you about how, where, and for which purposes we process personal data. We further inform you about the rights of the individuals whose personal data we process.
Individual or additional activities and operations may be subject to additional privacy policies as well as other legal documents including General Terms and Conditions (GTC), terms of use, or conditions of participation.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, such as, in particular, that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law guarantees an adequate level of data protection.
1. Contact Information
Responsible for personal data processing:
Advertima Vision AG
Lerchenfeldstrasse 3
9014 St. Gallen
Switzerland
dataprivacy@advertima.com
We will inform you if in individual cases other persons are responsible for the processing of personal data.
Data protection representative in the European Economic Area (EEA)
We have the following data protection representative, pursuant to art. 27 GDPR. The data protection representative serves as an additional contact point for requests from supervisory authorities and data subjects within the European Union (EU) and the other countries of the European Economic Area (EEA) in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu
2. Definition and legal basis
2.1 Definitions
Personal data means any information relating to an identified or identifiable person. Data subject means a person about whom personal data is processed.
Processing means any and all operation which is performed on personal data, irrespective of the means and procedures used, in particular the storage, disclosure, acquisition, collection, erasure, recording, alteration, destruction, and use of personal data.
European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal Bases
We process personal data in compliance with Swiss data protection law, namely the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal principles:
- Art. 6 par. 1 lit. b GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for taking steps prior to entering into a contract.
- Art. 6 par. 1 lit. f GDPR for the processing of personal data necessary for the purposes of the legitimate interests of us or of third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests particularly include our interest in the ability to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner and communicate about it, the warranty of information security, the protection against misuse, the enforcement of our own legal claims, and the compliance with Swiss law.
- Art. 6 par. 1 lit. c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject according to any applicable law of member states of the European Economic Area (EEA).
- Art. 6 par. 1 lit. e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 par. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 par. 1 lit. d GDPR for the processing of personal data necessary in order to protect the vital interests of the data subject or of another natural person.
3. Type, Scope, and Purpose
We process such personal data as is necessary in order to be able to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data, and contract and payment data.
We process personal data for such period as is necessary for the respective purpose or respective purposes or as required by law. Personal data whose processing is no longer required will be anonymized or erased.
We may have personal data processed by third parties. We may process personal data together with third parties or transfer it to third parties. Such third parties are namely specialized providers of services that we make use of. We also guarantee adequate data protection for such third parties.
As a general rule, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example, to perform a contract with the data subject and to take steps prior to entering into a contract, to protect our overriding legitimate interests because the processing is evident from the circumstances or after prior information.
In this context, we particularly process information that a data subject voluntarily and personally submits to us when making contact – e.g., by letter post, e-mail, instant messaging, contact form, social media, or phone – or when registering for a user account. We may store such information, e.g., in an address book, in a customer relationship management system (a CRM system), or with similar tools. If you submit data of any other person than yourself, you are obliged to guarantee data protection towards such persons and to ensure the accuracy of such personal data.
Furthermore, we process personal data that we received from third parties, acquired from sources available to the public, or collect when carrying out our activities and operations, if and to the extent that such processing is permitted by law.
4. Applications
We process personal data about job applicants to the extent that is required for assessing their suitability for employment or for the subsequent execution of an employment contract. The required personal data results in particular from the information requested, for example in the context of a job advertisement. We also process personal data that applicants provide voluntarily, in particular as part of cover letters, CVs, and other application documents.
We use third-party services in order to advertise vacancies as well as enable and manage applications via e-recruitment.
5. Personal Data in Foreign Countries
In principle, we process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process it or have it processed there.
We may export personal data to all states and territories on earth as well as elsewhere in the universe, provided that their data protection law guarantees an adequate level of data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – the decision of the European Commission.
We may transfer personal data to states whose law does not guarantee an adequate level of data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard contractual clauses, or any respective certification. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection, provided that the special data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will be happy to provide data subjects with information about any guarantees or provide a copy of any guarantees.
6. Rights of Data Subjects
Data subjects whose personal data we process have the rights set out in the Swiss Data Protection Act. These include the right of access as well as the right to rectification, erasure, or restriction of the personal data processed.
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects whose personal data we process have the right to obtain free of charge confirmation as to whether or not we are processing their personal data, and, where that is the case, access to the personal data, request the restriction of processing of their personal data, exercise their right to data portability and have their personal data rectified, erased (”right to be forgotten”), blocked or completed.
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects whose personal data we process have the right to withdraw their consent at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. Data Security
We take adequate and appropriate technical and organizational measures to ensure reasonable data security according to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is provided using transport encryption (SSL/TLS, especially with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
Our digital communication is – as basically every digital communication – subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We have no direct influence on the respective processing of personal data by secret services, police agencies, and other security authorities.
8. Use of the Website
8.1 Cookies
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies of third parties whose services we use (third-party cookies) – are data that is stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies cannot execute programs or transmit malware such as Trojans and viruses.
When you visit our website, cookies may be stored in your browser temporarily as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a certain storage period. Cookies make it possible to recognize your browser the next time you visit our website and thus, e.g., measure the reach of our website. Permanent cookies may also be used for other purposes such as- marketing.
In your browser settings, you can fully or partially deactivate or delete cookies at any time. Without cookies, our website may no longer be fully available. We actively ask you – if and to the extent necessary – for your explicit consent to the use of cookies.
For cookies used for success and reach measurement or advertising, a general objection (“opt-out”) is possible for many services via AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol address (IP address), access status (HTTP status code), the operating system including user interface and version, browser including language and version, accessed single subpage of our website including transferred data volume, website last accessed in the same browser window (referer or referrer).
We store such information, which may also contain personal data, in server log files-. The information is necessary in order to be able to provide our website in a permanent, user-friendly, and reliable manner and ensure data security and thus in particular the protection of personal data – including through third parties or with the help of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including tracking pixels of third parties whose services we use – are tiny, usually invisible pictures that are automatically retrieved when visiting our website. The same information can be collected with tracking pixels as in server log files.
9. Notifications and Communications
We send notifications and communications via e-mail and other communication channels such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened, and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications in a person-related manner. We need this statistical recording of usage for our success and reach measurement in order to be able to provide notifications and communications in an effective and user-friendly as well as permanent, secure, and reliable manner based on the needs and reading habits of the recipients.
9.2 Consent and Objection
As a general rule, your explicit consent is required in order to be allowed to use your e-mail address and your other contact details, unless the use is permitted for other legal reasons. Whenever possible, we use the “double opt-in” process for the receipt of your consent. This means, that you receive an e-mail with a web link which you must click to confirm in order to prevent any abuse by unauthorized third parties. For evidence purposes and security reasons, we may record such consent including Internet Protocol address (IP address), date, and time.
As a general rule, you may unsubscribe from notifications and communications such as newsletters at any time. By unsubscribing, you can also object to the statistical recording of usage for success and reach measurement. Notifications and communications that are essential to carry out our activities and operations remain reserved.
9.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
10. Social Media
We are present on social media platforms and other online platforms in order to be able to communicate with interested people and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The General Terms and Conditions (GTC), terms of use, and privacy policies as well as other provisions of the respective operators of such platforms shall apply additionally. These provisions particularly provide information about the rights of the affected data subjects, such as the right of access.
11. Third-Party services
We use third-party services in order to be able to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. Such services may also be used to integrate content into our website. Such services require your Internet Protocol address (IP address), as the corresponding content can otherwise not be transmitted.
For their own security-related, statistical, or technical purposes, third parties whose services we use may process data – e.g., performance or usage data – collected in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form.
In particular, we use:
- Google Services: Service provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users within the European Economic Area (EEA) and Switzerland; general information about data protection: “Privacy and Security Principles”, “Privacy Policy”, “We are committed to complying with applicable data protection laws”, “Google Product Privacy Guide”, “How Google uses information from sites or apps that use our services” (information from Google), “Types of cookies and other technologies used by Google”, “Ads personalization” (activation/deactivation/settings).
11.1 Digital Infrastructure
We use third-party services in order to be able to use the necessary digital infrastructure for our activities and operations. These may include hosting and storage services of specialized providers.
In particular, we use:
- Amazon Web Services (AWS): Storage and other infrastructure; service providers: Amazon Web Services Inc. (USA) for users in Switzerland / Amazon Web Services EMEA SARL (Luxembourg) for users in the European Economic Area (EEA); information about data protection: “Privacy Notice”, “Data Privacy”, “Data Privacy FAQ”, “General Data Protection Regulation (GDPR) Center”.
- METANET: Hosting; service provider: METANET AG (Switzerland); information about data protection: “Privacy Policy”, “Technical and organizational measures”.
- StackPath CDN: Content Delivery Network (CDN); service providers: StackPath LLC (USA) / Highwinds Network Group Inc. (USA); information about data protection: “Privacy Statement”.
- WordPress.com: Blog hosting and website builder; service providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe and other countries; information about data protection: “Privacy Policy”, “Automattic and the General Data Protection Regulation (GDPR)”, “Cookie Policy”.
11.2 Automatization and Integration of Apps and Services
We use specialized platforms to integrate and connect existing third-party apps and services. We may also use such no-code platforms to automate processes and activities with third-party apps and services.
In particular, we use:
- Zapier: Automatization and integration of apps and services; service provider: Zapier Inc. (USA); information about data protection: “Zapier Privacy Policy”, “Data privacy at Zapier”, “Data Privacy & Security FAQs”, “Security and Compliance”.
11.3 Contact options
We use third-party services in order to be able to improve our communication with you and other persons, such as customers.
In particular, we use:
Salesforce: Customer relationship management (CRM); service providers: Salesforce.com Inc. (USA) / Salesforce.com Germany GmbH (Germany); information about data protection: “Privacy” (with the “Privacy Statement Highlights”), “Privacy Statement”.
11.4 Audio and Video Conferences
We use audio and video conferencing services to communicate online. These services enable us to conduct virtual meetings or online training and webinars, for example. In addition to this Privacy Policy, any evident terms and conditions of the services we use, such as terms of use or privacy policies, shall apply.
Depending on the situation in which you are participating in an audio or video conference, we recommend that you mute the microphone by default and blur the background or use a virtual background.
In particular, we use:
- Google Meet: Video conferences; Google Meet specific information about data protection: “Google Meet Security & Privacy for users”.
11.5 Online collaboration
We use third-party services in order to enable online collaboration. In addition to this Privacy Policy, any directly evident terms and conditions of the services we use, such as terms of use or privacy policies, shall apply.
In particular, we use:
Miro: Whiteboard platform; service provider: RealtimeBoard Inc. (USA); information about data protection: “Privacy Policy”, “Miro Trust Center”.
11.6 Social Media Features and Social Media Content
We use third-party services and plugins to integrate features and content of social media platforms as well as to enable the sharing of content on social media platforms and through other channels.
In particular, we use:
LinkedIn Consumer Solutions Platform: Integration of features and content from LinkedIn, e.g. by means of plugins such as the “Share Plugin”; service providers: LinkedIn Ireland Unlimited Company (Ireland) for users within the European Economic Area (EEA) and Switzerland / LinkedIn Corporation (USA) for users in all other parts of the world; information about data protection: “Privacy”, “Privacy Policy”, “Cookie Policy”, cookie settings/opt-out for e-mail and SMS communication of LinkedIn, opt-out for interest-based advertising.
11.7 Audiovisual media
We use third-party services to enable the direct playback of audiovisual media such as music or videos on our website.
In particular, we use:
YouTube: Videos; service provider: Google (the USA, among others); YouTube-specific information about data protection: “Privacy and safety center”, “Your Data in YouTube”.
11.8 Fonts
We use third-party services to embed selected fonts, icons, logos, and symbols on our website.
In particular, we use:
- Google Fonts: Fonts; Google Fonts specific information about data protection: “What does using the Google Fonts API mean for the privacy of my users?”.
11.9 Advertising
We take advantage of the possibility to have targeted advertisements for our activities and operations displayed with third parties, e.g., social media platforms and search engines.
We particularly use such advertising to reach people who are already interested in our activities and operations or might be interested in them (remarketing and targeting). For this purpose, we may transfer corresponding information – which may also include personal data – to third parties that enable such advertising. We may also determine whether our advertising is successful, i.e., in particular, whether it leads to visits to our website (conversion tracking).
Third parties who display our advertisements and with whom you are registered as a user may be able to assign the use of our online services to your profile.
In particular, we use:
Google Ads: Search engine advertising; Google Ads specific information about data protection: Advertising based on queries, among others, using various domain names for Google Ads, including doubleclick.net, googleadservices.com, and googlesyndication.com, “Advertising” (Google), “Why you’re seeing an ad”.
LinkedIn Ads: Social media advertising; service providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); information about data protection: Remarketing and targeting, in particular with LinkedIn Insight Tag, “Privacy”, “Privacy Policy”, “Cookie Policy”, opt-out for ads personalization.
12. Website extensions
We use website extensions in order to be able to use additional features.
In particular, we use:
Imagify: Image optimization; service provider: WP MEDIA (France); information about data protection: “Terms of Service”, “Frequently Asked Questions”.
Jetpack: Various features for the free blog software WordPress in the form of modules; service providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe and other countries; information about data protection: “Privacy Notice for Visitors to Our Users’ Sites”, “Privacy Policy” (Automattic), “Jetpack Privacy Center”, “Cookies” policy (Jetpack), “Cookie Policy”(Automattic).
jQuery (OpenJS Foundation): Free JavaScript library; service provider: OpenJS Foundation (USA) with the use of StackPath CDN; information about data protection: “Privacy Policy” (OpenJS Foundation), “Cookie” policy (OpenJS Foundation).
13. Success and Reach Measurement
We use services and programs in order to determine how our online service is used. In this context, we can, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We can also, for example, test and compare how different versions of our online service or parts of our online service are used (“A/B testing”). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen particularly popular content or make improvements to our online service.
When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. In principle, IP addresses are shortened in order to comply with the principle of data economy through the corresponding pseudonymization and to improve the data protection of visitors to our website (“IP masking”).
When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the – at least approximate – location. As a general rule, user profiles are only created pseudonymized. We do not use user profiles to identify individual visitors to our website. Individual services with which you are registered as a user may be able to assign the use of our online services to your profile with the respective service.
In particular, we use:
- Google Analytics: Success and reach measurement; Google Analytics specific information about data protection: Measurement also across different browsers and devices (cross-device tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which are only transferred in full to Google in the USA in exceptional cases, “Safeguarding your data”, “Google Analytics Opt-out Browser Add-on”.
- WordPress.com Stats: Success and reach measurement; service providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe and other countries; information about data protection: Extension module Jetpack for the free blog software WordPress, “Privacy Notice for Visitors to Our Users’ Sites”, “Privacy Policy” (Automattic), “Jetpack Privacy Center”, “Cookies” policy (Jetpack), “Cookie Policy”.
14. Final Provisions
- This Privacy Policy has been created using the privacy policy generator of Datenschutzpartner (links only available in German).
We may adapt and amend this Privacy Policy at any time. We inform you about such adaptations and amendments in an appropriate form, in particular by publishing the current version of the Privacy Policy on our website.