The information and contacts we provide are governed by Swiss data protection law, and/or any foreign data protection law that may apply, such as in particular that of the European Union (EU) with its General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. contact addresses
Responsibility for the processing of personal data:
Airlife Swiss AG
Dorfstrasse 38, 6340, Baar, Switzerland
We will specify if and where other persons are responsible for a specific processing of personal data.
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.
We process personal data in accordance with Swiss data protection law such as, in particular, the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Data Protection Act (OFADP).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
– Art. 6 para. 1 lit. f GDPR for processing of personal data that is necessary for the legitimate interests pursued by us or third parties, except where the data subject’s interests or fundamental rights and freedoms prevail. In particular, our interests in providing our offer permanently, in a user-friendly, secure and reliable manner; and in advertising for it if desirable; in processing and possibly archiving inquiries and communications with us; in information security and protection against misuse and unauthorized use; in the enforcement of our own legal claims, and in compliance with Swiss law constitute legitimate interests.
– Art. 6 para. 1 lit. a GDPR for the processing of personal data with the data subject’s consent, where we have obtained this; this is particularly the case if someone sends us information by their own choice, e.g. via the above-mentioned contact options. Even where we have consent, we may also rely on other legal grounds where they apply.
Should information provided to us by someone relate to the inception or performance of a contract with this person, or his or her organization, we also process such data pursuant to Art. 6 (1) lit. b GDPR for the processing of personal data necessary for such performance of a contract with the data subject and for pre-contractual steps.
Should we be, in special cases, under a legal obligation under the laws of an EEA member state that requires the processing certain personal data, this will be based on Art. 6 (1) lit. c DSGVO for the processing of such data necessary to comply with such legal obligation (this applies, mutatis mutandis, to legal obligations under the laws of Switzerland).
We process such personal data as are necessary to provide our offer permanently and in a user-friendly, secure and reliable way, and to be able to process internally and possibly answer inquiries and information addressed to us. Such personal data may in particular fall into the categories of record and contact data, browser and device details, content, meta or marginal data and data on usage data, location, sales, contract and payment.
Personal data will be processed as long as required for the respective purpose(s) or as required by law. When no longer processing of certain personal data is required, these will be anonymized or deleted. Inquiries and information addressed to us may, if necessary, remain archived for the duration of statutory retention or limitation periods. Persons whose data we process have in general the right to have their data deleted, unless there is a justification for processing to the contrary.
Where we are given information by data subjects themselves and voluntarily, when contacting us – for example, by letter, e-mail, contact form, social media or telephone – or when registering for a user account, we assume that processing thereof is consented. We may store such information, for example, in an address book or by similar means. If you share third parties’ personal data with us, it will be your duty to comply with data protection requirements concerning them, and to ensure the accuracy of such data. Processing may always also be permissible on other legal grounds, for example in connection with inception or performance of a contract with the data subject, or based on our prevailing legitimate interests; and further, insofar as the processing and its purpose are evident from the circumstances, or information thereon was given in advance.
We also process personal data that we collect in the course of providing our services, if and to the extent that such processing is permitted for legal reasons.
We may have personal data processed by commissioned third parties, or process data jointly with third parties or with their help, or transmit data to third parties. In particular, these may be service providers we use. We ensure appropriate data protection also in respect of such third parties.
Such third parties are normally located in Switzerland or in the European Economic Area (EEA). Such third parties may also be located in other countries, provided that their data protection law ensures adequate data protection in the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent that the General Data Protection Regulation (GDPR) applies – in the assessment of the European Commission; or if adequate data protection is ensured on other grounds, such as by contract, especially such based on standard contractual clauses, or through a certification. Exceptionally, such third party may be located in a country without adequate data protection, provided that the specific data protection requirements for such case are met, e.g. through the data subject’s express consent.
Data subjects whose personal data we process have the rights provided to them by Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects whose personal data we process may request, free of charge, confirmation as to whether we are processing their personal data and, if so, information about such processing. Subject to our justification to the contrary, they may also have the processing of their personal data restricted; exercise their right to data portability; and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
If and insofar as the GDPR applies, data subjects whose personal data we process may revoke any consent given at any time with effect for the future, and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.
Access to our online offer takes place via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
We have as little influence as any other website operator on whether and how security authorities and other actors with superior technical means can access our online service and the data traces created by it.
Cookies can be stored temporarily in your browser as “session cookies” when you visit our website or for a certain period of time as so-called permanent cookies. “Session cookies” will be automatically deleted when you close your browser. Permanent cookies have a specified storage period. They enable us in particular to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.
In the case of cookies used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We may collect the following information for each access to our website, where such information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone; Internet Protocol (IP) address; access status (HTTP status code); operating system including user interface and version; browser including language and version; the individual sub-page of our website accessed, including amount of data transferred; the website last accessed in the same browser window (so-called referrer page).
We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our online offer permanently, user-friendly and reliably and to ensure data security, and thereby data protection, and this though third parties or with their help, too.
We may use tracking pixels, also referred to as web beacons, on our website. They may also be placed by third parties whose services we use. Tracking pixels are small, usually invisible images that are automatically retrieved when you visit our website. With pixel counters, the same information can be collected as in server log files.
We use third-party services to provide our offer in a permanent, user-friendly, secure and reliable way. Such services may also help to embed content on our website. Such services – such as hosting and storage services, video services and payment services – need your Internet Protocol (IP) address in order to transmit the corresponding content.
For their own security, statistical and technical purposes, third parties whose services we use may also process data related to our offer as well as from other sources – including cookies, log files and counting pixels – in aggregated, anonymized or pseudonymized form.
We use YouTube, a service provided by Google, to enable the direct playback of audiovisual media (videos) on our website. YouTube-specific information on data protection: “Privacy and Security Center”, “My Data on YouTube”.
We use third party services to embed selected fonts as well as icons, logos and symbols into our website.
We use third-party services in order to be able to make use of the digital infrastructure required for our offering. These include, for example, hosting and storage services from specialized providers.
Among these is an external provider hosting our website and the data collected with it [■and on its servers in Switzerland]; currently this is Novatrend Services GmbH, Bahnhofstrasse 18, 6340 Baar. ■We have an agreement with this provider that ensures legally compliant data processing.
We use services and programs to find out how our online service is used. Thus, we can measure, for example, its performance and reach and the effect of third-party links to our website. We can also, for example, test and compare how different versions of our online offering or parts of our online offering are used (“A/B test” method). Based on the results of the performance and reach measurement, we can correct errors, strengthen particularly popular content or make improvements to our online service.
Those services and programs require storage of individual users’ Internet Protocol (IP) addresses. For the sake of data economy and improved protection of our website visitors’ data, IP addresses are regularly shortened through pseudonymization (“IP masking”).
In particular, we use Google Analytics for performance and reach measurement; Specific data protection information for Google Analytics: it may measure also across different browsers and devices (cross-device tracking) and using pseudonymized Internet Protocol (IP) addresses; only exceptionally are these transmitted in full to Google in the USA, “Data protection”, “Browser add-on to deactivate Google Analytics”.