Legal Notice - Privacy Policy
This Privacy Policy provides information about the processing of personal data in connection with our activities and operations, including ourwebsites
and www.raphaelzubler.com-Website. In particular, we explain why, how, and where we process personal data, as well as the specific types of personal data we process (
). We also provide information about the rights of individuals
whose data we process.
Additional privacy policies
or other information regarding data protection may apply to specific or additional activities and operations.
We are subject to Swiss data protection law as well as any applicable foreign
data protection law, in particular that of the European Union (EU) with the European
General Data Protection Regulation (GDPR).
In its decision of July 26, 2000, the European Commission recognized that Swiss data protection law
ensures an adequate level of data protection. In its report dated
January 15, 2024, the European Commission confirmed this adequacy decision.
1. Contact Information
Responsible for the processing of personal data:
Raphael Zubler - Photo Motion
Schwyzertobelstrasse 1
CH-8135 Langnau am Albis, Switzerland
contact@raphaelzubler.com
In certain cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties.
2. Definitions and Legal Basis
2.1 Definitions
Data Subject: A natural person whose personal data we process.
Personal Data: Any information relating to an identified or identifiable natural person
.
Sensitive Personal Data: Data regarding trade union, political, religious
, or ideological views and activities; data regarding health, sexual life
, or membership in an ethnic or racial group; genetic data; biometric data
that uniquely identify a natural person; data regarding criminal and administrative
sanctions or prosecutions; and data regarding social assistance measures.
Processing: Any handling of personal data, regardless of the means
and procedures used, such as querying, comparing, adapting, archiving, storing,
reading, disclosing, obtaining, recording, collecting, deleting, disclosing, sorting, organizing,
storing, modifying, disseminating, linking, destroying, and using
personal data.
European Economic Area (EEA): Member states of the European Union (EU) as well as
the Principality of Liechtenstein, Iceland, and Norway.
Note: The European General Data Protection Regulation (GDPR) refers to the handling
of personal data as the processing of personal data and the handling of
particularly sensitive personal data as the processing of special categories of personal
data (Art. 9 GDPR).
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, such as
, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance
on Data Protection (Data Protection Ordinance, DSV).
We process personal data—insofar as the General Data Protection Regulation (GDPR) applies
—in accordance with at least one of the following
legal bases:
• Art. 6(1)(b) GDPR for the processing of personal data necessary to
fulfill a contract with the data subject and to carry out pre-contractual
measures.
• Art. 6(1)(f) GDPR for the necessary processing of personal data to
safeguard legitimate interests—including the legitimate interests of third parties—provided that
the fundamental freedoms and rights as well as the interests of the data subject do not prevail.
Such interests include, in particular, the sustainable, people-oriented, secure, and reliable
conduct of our activities and operations, ensuring information security,
protection against misuse, the enforcement of our own legal claims, and
compliance with Swiss law.
• Art. 6(1)(c) GDPR for the necessary processing of personal data to
fulfill a legal obligation to which we are subject under any applicable law of
Member States in the European Economic Area (EEA).
• Art. 6(1)(e) GDPR for the necessary processing of personal data to
perform a task carried out in the public interest.
• Art. 6(1)(a) GDPR for the processing of personal data with the consent
of the data subject.
• Art. 6(1)(d) GDPR for the processing of personal data necessary to
protect the vital interests of the data subject or another natural person
.
• Art. 9(2) et seq. GDPR for the processing of special categories of personal data
, in particular with the consent of the data subjects.
3. Nature, Scope, and Purpose of the Processing of Personal Data
We process the personal data necessary to carry out our activities and operations
in a sustainable, user-friendly, secure, and reliable manner. The personal data processed
may fall, in particular, into the categories of browser and device data,
content data, communication data, metadata, usage data, master data including
inventory and contact data, location data, transaction data, contract data, and payment data
.
We also process personal data that we receive from third parties, obtain from publicly available
sources, or collect in the course of our activities and operations, to the extent that
such processing is permitted by law.
We process personal data, where necessary, with the consent of the data subjects.
In many cases, we may process personal data without consent, for example to fulfill legal obligations or to safeguard overriding interests.
We may also request consent from data subjects even when their consent is not required.
We process personal data for the duration necessary for the respective purpose.
We anonymize or delete personal data, in particular in accordance with statutory
retention and statute of limitations periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly
with third parties. Such third parties include, in particular, specialized
providers whose services we utilize.
We may disclose personal data, for example, to banks and other financial service providers, government agencies,
educational and research institutions, consultants and attorneys, interest groups,
IT service providers, cooperation partners, credit and business information agencies, logistics
and shipping companies, marketing and advertising agencies, media outlets, organizations
and associations, social institutions, telecommunications companies, and insurance companies
.
5. Communication
We process personal data in order to communicate with third parties. In this context, we process, in particular, data that a data subject provides when contacting us,
for example by mail or email. We may store such data in an address book
or using comparable tools.
Third parties who transmit data about other individuals are obligated to ensure data protection for
such data subjects. To this end, the accuracy
of the transmitted personal data must be ensured, among other things.
6. Data Security
We implement appropriate technical and organizational measures to ensure data security commensurate with the respective
risk. With our measures,
we ensure in particular the confidentiality, availability, traceability, and integrity
of the personal data processed, without, however, being able to guarantee absolute data security.
Access to our website and our other online presence is provided via transport encryption
(SSL/TLS, specifically using the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn users against visiting websites without transport encryption.
Our digital communications—like all digital communications in general—are subject to
mass surveillance without cause or suspicion by security authorities in Switzerland,
the rest of Europe, the United States of America (USA), and other countries.
We have no direct influence over the processing of personal data
by intelligence agencies, police departments, and other security authorities. We also cannot
rule out the possibility that a data subject may be specifically monitored.
7. Personendaten im Ausland
Wir bearbeiten Personendaten grundsätzlich in der Schweiz und im Europäischen Wirtschaftsraum
(EWR). Wir können Personendaten aber auch in andere Staaten exportieren bzw. übermitteln,
insbesondere um sie dort zu bearbeiten oder bearbeiten zu lassen.
Wir können Personendaten in alle Staaten und Territorien auf der Erde exportieren, sofern das
dortige Recht gemäss Beschluss des Schweizerischen Bundesrates und – sofern und soweit die
Datenschutz-Grundverordnung (DSGVO) anwendbar ist – auch gemäss Beschluss der Europäischen
Kommission einen angemessenen Datenschutz gewährleistet.
Wir können Personendaten in Staaten, deren Recht keinen angemessenen Datenschutz gewährleistet,
übermitteln, sofern der Datenschutz aus anderen Gründen gewährleistet ist, insbesondere
auf Grundlage von Standarddatenschutzklauseln oder mit anderen geeigneten Garantien.
Ausnahmsweise können wir Personendaten in Staaten ohne angemessenen oder geeigneten
Datenschutz exportieren, wenn dafür die besonderen datenschutzrechtlichen Voraussetzungen
erfüllt sind, beispielsweise die ausdrückliche Einwilligung der betroffenen Personen oder ein
unmittelbarer Zusammenhang mit dem Abschluss oder der Abwicklung eines Vertrages. Wir
geben betroffenen Personen auf Nachfrage gerne Auskunft über allfällige Garantien oder liefern
eine Kopie allfälliger Garantien.
8. Rechte von betroffenen Personen
8.1 Datenschutzrechtliche Ansprüche
Wir gewähren betroffenen Personen sämtliche Ansprüche gemäss dem anwendbaren Datenschutzrecht.
Betroffene Personen verfügen insbesondere über folgende Rechte:
• Auskunft: Betroffene Personen können Auskunft verlangen, ob wir Personendaten über sie
bearbeiten, und falls ja, um welche Personendaten es sich handelt. Betroffene Personen erhalten
ferner jene Informationen, die erforderlich sind, um ihre datenschutzrechtlichen Ansprüche
geltend zu machen und Transparenz zu gewährleisten. Dazu zählen die bearbeiteten
Personendaten als solche, aber unter anderem auch Angaben zum Bearbeitungszweck, zur
Dauer der Aufbewahrung, zu einer allfälligen Bekanntgabe bzw. einem allfälligen Export von
Daten in andere Staaten und zur Herkunft der Personendaten.
• Berichtigung und Einschränkung: Betroffene Personen können unrichtige Personendaten
berichtigen, unvollständige Daten vervollständigen und die Bearbeitung ihrer Daten einschränken
lassen.
• Löschung und Widerspruch: Betroffene Personen können Personendaten löschen lassen
(«Recht auf Vergessen») und der Bearbeitung ihrer Daten mit Wirkung für die Zukunft widersprechen.
• Datenherausgabe und Datenübertragung: Betroffene Personen können die Herausgabe
von Personendaten oder die Übertragung ihrer Daten an einen anderen Verantwortlichen
verlangen.
Wir können die Ausübung der Rechte von betroffenen Personen im rechtlich zulässigen Rahmen
aufschieben, einschränken oder verweigern. Wir können betroffene Personen auf allenfalls
zu erfüllende Voraussetzungen für die Ausübung ihrer datenschutzrechtlichen Ansprüche hinweisen.
Wir können beispielsweise die Auskunft mit Verweis auf Geschäftsgeheimnisse oder
den Schutz anderer Personen ganz oder teilweise verweigern. Wir können beispielsweise auch
die Löschung von Personendaten mit Verweis auf gesetzliche Aufbewahrungspflichten ganz
oder teilweise verweigern.
Wir können für die Ausübung der Rechte ausnahmsweise Kosten vorsehen. Wir informieren betroffene
Personen vorgängig über allfällige Kosten.
Wir sind verpflichtet, betroffene Personen, die Auskunft verlangen oder andere Rechte geltend
machen, mit angemessenen Massnahmen zu identifizieren. Betroffene Personen sind zur Mitwirkung
verpflichtet.
8.2 Rechtsschutz
Betroffene Personen haben das Recht, ihre datenschutzrechtlichen Ansprüche auf dem Rechtsweg
durchzusetzen oder Anzeige bzw. Beschwerde bei einer Datenschutz-Aufsichtsbehörde zu
erheben.
Datenschutz-Aufsichtsbehörde für private Verantwortliche und Bundesorgane in der Schweiz
ist der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).
Europäische Datenschutz-Aufsichtsbehörden – sofern und soweit die Datenschutz-Grundverordnung
(DSGVO) anwendbar ist – sind als Mitglieder im Europäischen Datenschutzausschuss
(EDSA) organisiert. In einigen Mitgliedstaaten im Europäischen Wirtschaftsraum
(EWR) sind die Datenschutz-Aufsichtsbehörden föderal strukturiert, insbesondere in
Deutschland.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies—including our own cookies (first-party cookies) as well as
cookies from third parties whose services we use (third-party cookies)—are data
that are stored in the browser. Such stored data need not be limited to traditional
text-based cookies.
Cookies can be stored in the browser temporarily as “session cookies” or for a specific period of time
as so-called permanent cookies. “Session cookies” are automatically
deleted when the browser is closed. Permanent cookies have a specific
storage duration. Cookies enable, in particular, the recognition of a browser upon the next visit
to our website and thereby, for example, the measurement of the reach of our
website. However, persistent cookies can also be used, for example, for online marketing
.
Cookies can be disabled in whole or in part at any time in the browser settings and
deleted. Without cookies, our website may no longer be fully available
. We actively request—at least to the extent necessary—your explicit
consent to the use of cookies.
For cookies used to measure performance and reach or for advertising,
a general opt-out is available for numerous services via AdChoices
(Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAd-
Choices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital
Advertising Alliance, EDAA).
9.2 Logging
We may log the following information for every visit to our website and other online presence, including
, provided that this information is transmitted to our digital
infrastructure during such visits: Date and time, including time zone; IP address; access status
(HTTP status code); operating system, including user interface and version;
browser, including language and version; specific subpages of our website
accessed, including the amount of data transferred; the last webpage
accessed in the same browser window (referrer).
We log such information, which may also constitute personal data, in log files.
This information is necessary to ensure that our online presence is available on a permanent, user-friendly, and
reliable basis. The information is also necessary to ensure data security
—including through third parties or with the assistance of third parties.
9.3 Web Beacons
We may incorporate web beacons into our website. Tracking pixels are also known as web
beacons. Tracking pixels—including those from third parties whose services we use—
are typically small, invisible images or JavaScript scripts that
are automatically loaded when you access our website. Tracking pixels can
collect at least the same information as log files.
10. Notifications and Messages
10.1 Performance and Reach Measurement
Notifications and messages may contain web links or tracking pixels that track
whether a specific message has been opened and which web links were clicked within it. Such
web links and tracking pixels may also track the use of notifications and messages
on a personal basis. We require this statistical tracking of usage for
measuring success and reach in order to send notifications and messages effectively and in a user-friendly manner
as well as permanently, securely, and reliably, based on the
needs and reading habits of the recipients.
10.2 Consent and Objection
You must generally consent to the use of your email address and other contact information, unless such use is permitted for other legal reasons. To obtain double-confirmed consent, we may use the “Double
Opt-in” procedure. In this case, you will receive a message with instructions
for the double confirmation. We may log obtained consents, including IP addresses
and timestamps, for evidentiary and security purposes.
You may generally object to receiving notifications and communications, such as
newsletters, at any time. By objecting in this manner, you may simultaneously object to
the statistical tracking of usage for performance and reach measurement.
This does not apply to necessary notifications and communications related to our activities and operations.
10.3 Service Providers for Notifications and Communications
We send notifications and communications using specialized service providers.
In particular, we use:
• Mailchimp: Communication platform; Provider: The Rocket Science Group LLC
DBA Mailchimp (USA), a subsidiary of Intuit Inc. (USA); Privacy information:
Privacy Policy (Intuit) including “Country and Region-Specific Terms”
» («Country and Region-Specific Terms»), «Frequently Asked Questions About Privacy
at Mailchimp», «Mailchimp and European Data Transfers», «Security»
(«Security»), Cookie Policy, «Privacy Rights Requests» («Privacy Rights Requests
»), «Legal Terms».
11. Social Media
We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations
. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA)
.
The General Terms and Conditions (GTC) and Terms of Use
, as well as the privacy policies and other provisions of the individual operators of such platforms, also apply in each case. These provisions provide information in particular regarding the rights of data subjects
directly vis-à-vis the respective platform, including, for example, the right to
access.
For our social media presence on Facebook, including the so-called Page Insights
, we are—to the extent that the General Data Protection Regulation (GDPR) applies
—jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms
Ireland Limited is part of the Meta group of companies (including those in the U.S.). Page Insights
provide information on how visitors interact with our Facebook presence
. We use Page Insights to ensure our social media presence
on Facebook is effective and user-friendly.
Further details regarding the nature, scope, and purpose of data processing, information on the rights
of data subjects, as well as the contact details of Facebook and Facebook’s Data Protection Officer
can be found in Facebook’s Privacy Policy. We
have entered into the so-called “Addendum for Controllers” with Facebook and have thereby
specifically agreed that Facebook is responsible for ensuring the rights of data subjects
. For the so-called Page Insights, the relevant information
can be found on the “Information about Page Insights” page, including “Information about Page
Insights Data.”
12. Third-Party Services
We use services provided by specialized third parties to ensure that our activities and operations are conducted in a sustainable,
user-friendly, secure, and reliable manner. These services
enable us, among other things, to embed functions and content into our website. When such
embedding occurs, the services used collect users’ IP addresses at least
temporarily for technically necessary reasons.
For necessary security-related, statistical, and technical purposes, third parties whose
services we use may process data related to our activities and operations in an aggregated,
anonymized, or pseudonymized manner. This includes, for example, performance
or usage data necessary to provide the respective service.
In particular, we use:
• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland)
partially for users in the European Economic Area (EEA) and in
Switzerland; General information on data protection: “Privacy and Security Principles,” “Information on how Google uses personal data,” Privacy Policy,
“Google is committed to complying with applicable data protection laws,” “
Guide to Privacy in Google Products,” “How we use data from websites or apps
where our services are used,” “Types of cookies and similar
technologies that Google uses,” “Advertising you can control” (“Personalized
advertising”).
• Microsoft services: Providers: Microsoft Ireland Operations Limited (Ireland) for
users in the European Economic Area (EEA), Switzerland, and the
United Kingdom / Microsoft Corporation (USA) for users in the rest
of the world; General information on data protection: “Data protection at Microsoft,” “Data protection
and privacy,” Privacy Statement, “Data and privacy settings.”
12.1 Digital Infrastructure
We use services provided by specialized third parties to access the digital infrastructure required for our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
• Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Privacy information: Privacy Policy.
• Squarespace: Website builder; Providers: Squarespace Inc. (USA) for users of
and users in the USA / Squarespace Ireland Limited (Ireland) for users of
in the rest of the world; Privacy information: “Privacy and Security,” Privacy Policy,
Cookie Policy.
12.2 Audio and Video Conferences
We use specialized services for audio and video conferences to enable online communication
. For example, we can use them to hold virtual meetings or conduct online
classes and webinars. When participating in audio and video conferences
, the legal terms of the individual services—such as privacy policies and
terms of use—also apply.
Depending on your situation, we recommend that you mute your microphone by default when participating in audio or video conferences
and blur your background
or display a virtual background.
We use the following in particular:
• TeamViewer Meeting: Video conferences; Provider: TeamViewer Germany GmbH
(Germany); Privacy information: Privacy Policy, “First-class data protection
”.
• Zoom: Platform for collaborative work, particularly video conferencing; Provider:
Zoom Video Communications Inc. (USA); Privacy information: “Privacy at
Zoom,” Privacy Policy, “Legal Compliance.”
12.3 Online Collaboration
We use third-party services to enable online collaboration. In addition to this Privacy Policy, any directly visible terms and conditions
of the services used, such as Terms of Use or Privacy Policies, also apply.
In particular, we use:
• Microsoft Teams: Platform for productive collaboration, particularly with audio
and video conferencing; Provider: Microsoft; Teams-specific information: “Privacy
and Microsoft Teams.”
12.4 Social Media Features and Social Media Content
We use third-party services and plugins to embed features and content from social media platforms
and to enable the sharing of content on social media platforms
and through other channels. In particular, we use:
• Facebook (Social Plugins): Embedding of Facebook features and Facebook content,
such as “Like” or “Share”; Providers: Meta Platforms
Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Information
on data protection: Privacy Policy.
• Instagram Platform: Embedding Instagram content; Providers: Meta Platforms
Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Information on data protection at
: Privacy Policy (Instagram), Privacy Policy (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding features and content from
LinkedIn, for example using plugins such as the “Share Plugin”; Provider: Microsoft; LinkedIn-
specific information: “Privacy,” Privacy Policy, Cookie Policy,
Cookie Management / Opting out of email and SMS communications from LinkedIn,
Opting out of interest-based advertising.
12.5 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and
video content, such as music or podcasts.
In particular, we use:
• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy information: Privacy Policy,
“Private Video Hosting”.
• YouTube: Video platform; Provider: Google; YouTube-specific information: “Privacy
and Security Center,” “My data on YouTube.”
13. Extensions for the website
We use extensions for our website to enable additional features.
We may use selected services from suitable providers or use such extensions
on our own digital infrastructure.
14. Performance and Reach Measurement
We strive to measure the performance and reach of our activities and operations.
In this context, we may also measure or evaluate the impact of third-party references,
as well as how different parts or versions of our online offering are used (the “A/B Test
” method). Based on the results of performance and reach measurement
, we can, in particular, fix errors, enhance popular content, or make improvements.
For performance and reach measurement, the IP addresses of
individual users are recorded in most cases. In this case, IP addresses are generally
truncated (“IP masking”) to comply with the principle of
data minimization through appropriate pseudonymization.
Cookies may be used to measure success and reach, and user profiles may be created
. Any user profiles created may include, for example, the individual pages visited
or content viewed on our website, information about the size of the screen
or the browser window, and the user’s location (at least approximately). In principle,
any user profiles are created exclusively in pseudonymized form and are not used to identify
individual users. Individual third-party services with which
users are registered may, in some cases, associate the use of our online offering
with the user account or user profile for the respective service.
We use in particular:
• Google Marketing Platform: performance and reach measurement, in particular with Google
Analytics; provider: Google; Google Marketing Platform-specific information: Measurement
also across different browsers and devices (cross-device tracking) using pseudonymized
IP addresses, which are only transferred in full to Google in the U.S. in exceptional cases
, Privacy Policy for Google Analytics, “Browser add-on to disable
Google Analytics.”
15. Final Provisions
We created this Privacy Policy using the privacy policy generator from Datenschutzpartner
. We may amend or supplement this Privacy Policy at any time. We will notify you of such amendments and supplements in an appropriate manner via
, in particular by publishing the most current version of the Privacy Policy on our website at
.
Langnau am Albis, 2024