Privacy policy

With this privacy policy, we inform about the personal data we process in connection with our activities and operations, including our eivlis.ch website. We specifically provide information about the purposes, methods, and locations of the personal data processing. Furthermore, we inform about the rights of individuals whose data we process.

For specific or additional activities and operations, additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

Responsibility for the processing of personal data:

Silvie Demont
Rheinstrasse 144
7000 Chur

info@eivlis.ch

We will inform you if, in individual cases, there are other responsible parties for the processing of personal data.

2.1 Terms

Personal data includes all information relating to a specific or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, extracting, disclosing, acquiring, capturing, collecting, deleting, disclosing, organizing, storing, modifying, distributing, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection law, including the Federal Data Protection Act (Datenschutzgesetz, DSG), and the Data Protection Ordinance (Datenschutzverordnung, DSV).

We process personal data in compliance with at least one of the following legal bases, to the extent that the General Data Protection Regulation (GDPR) applies:

• Art. 6 Abs. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject or to take pre-contractual measures.
• Art. 6 Abs. 1 lit. f GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, provided that the fundamental rights and freedoms of the data subject do not override those interests. Legitimate interests include our interest in carrying out our activities and operations permanently, in a user-friendly, secure, and reliable manner, as well as being able to communicate about them, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
• Art. 6 Abs. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under potentially applicable law of Member States in the European Economic Area (EEA).
• Art. 6 Abs. 1 lit. e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
• Art. 6 Abs. 1 lit. a GDPR for processing personal data with the consent of the data subject.
• Art. 6 Abs. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

We process those personal data that are necessary to carry out our activities and operations permanently, in a user-friendly, secure, and reliable manner. Such personal data may fall into categories such as inventory and contact data, browser and device data, content data, metadata, and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer required will be anonymized or deleted.

We may have third parties process personal data on our behalf. We may process or share personal data with third parties, especially specialized providers whose services we use. We ensure data protection even with such third parties.

We process personal data only with the consent of the data subject unless the processing is permissible for other legal reasons. Processing without consent may, for example, be permissible for fulfilling a contract with the data subject and related pre-contractual measures, to protect our overriding legitimate interests, when processing is evident from the circumstances, or after prior information.

Within this context, we particularly process information voluntarily provided by a data subject when they contact us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when they register for a user account. We may store such information, for example, in an address book or similar tools. If we receive data about other individuals from third parties, the transmitting parties are obligated to ensure data protection for these individuals and ensure the accuracy of this personal data.

Furthermore, we also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the exercise of our activities and operations, to the extent permitted by legal reasons.

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for the purpose of processing it there or having it processed.

We can export personal data to all states and territories on Earth and elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and, where applicable, the decision of the European Commission ensures adequate data protection according to the General Data Protection Regulation (GDPR).

We may transfer personal data to countries where the law does not provide adequate data protection if data protection is otherwise ensured, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if special data protection requirements are met, such as explicit consent from the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide data subjects with information about any safeguards or provide a copy of such safeguards.

5.1 Data Protection Claims

We grant data subjects all rights according to applicable data protection law. Data subjects have the following rights in particular:

• Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the necessary information to assert their data protection claims and ensure transparency. This includes the processed personal data itself, as well as information about the purpose of processing, the duration of storage, any disclosure or transfer of data to other countries, and the origin of the personal data.
• Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and request restrictions on the processing of their data.
• Deletion and Objection: Data subjects can request the deletion of personal data (“right to be forgotten”) and object to the processing of their data for the future.
• Data Disclosure and Data Portability: Data subjects can request the disclosure of personal data or the transfer of their data to another responsible party.

We may defer, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects about any requirements that need to be met for the exercise of their data protection claims. For example, we may partially or completely refuse to provide information with reference to trade secrets or the protection of other individuals. Similarly, we may partially or completely refuse the deletion of personal data based on legal retention obligations.

We may exceptionally provide for costs for the exercise of these rights. We will inform data subjects in advance about any possible costs.

We are obliged to identify data subjects who request information or exercise other rights through appropriate measures. Data subjects are obliged to cooperate.

5.2 Right to Lodge Complaints

Data subjects have the right to enforce their data protection claims in court or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private responsible parties and federal entities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority, where applicable under the General Data Protection Regulation (GDPR).

We implement appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is encrypted using transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Our digital communication is subject to mass surveillance without cause or suspicion, as well as other forms of surveillance by security agencies in Switzerland, other European countries, the United States of America (USA), and other countries, just like any other digital communication. We have no direct control over the processing of personal data by intelligence agencies, police authorities, and other security agencies.

7.1 Cookies

We may use cookies. Cookies – both first-party cookies (our own cookies) and third-party cookies (cookies from third parties whose services we use) – are data stored in the browser. Such stored data is not necessarily limited to traditional text-form cookies.

Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies allow, in particular, recognizing a browser on the next visit to our website and, for example, measuring the reach of our website. However, persistent cookies can also be used for online marketing purposes.

Cookies can be disabled or deleted entirely or partially in the browser settings at any time. Without cookies, our website may not be fully available. We request – at least if and to the extent required – explicit consent to the use of cookies.

For cookies used for success and reach measurement or for advertising purposes, a general objection (“opt-out”) is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server Log Files

For each access to our website, we may collect the following information, provided it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time, including timezone, Internet Protocol (IP) address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, specific sub-page of our website accessed, including data transferred, and the last website visited in the same browser window (referrer).

We store such information, which may also include personal data, in server log files. This information is necessary to provide our website permanently, in a user-friendly and reliable manner, as well as to ensure data security and, in particular, the protection of personal data – also by third parties or with the help of third parties.

7.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. With tracking pixels – including those from third parties whose services we use – small, usually invisible images are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.

We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The terms and conditions, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, including the right to access.

For our social media presence on Facebook / Instagram, including the so-called Page Insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland) if the General Data Protection Regulation (GDPR) applies. Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.

Further information about the type, scope, and purpose of data processing, information about the rights of data subjects, as well as contact details for Facebook and Facebook’s data protection officer can be found in Facebook’s privacy policy. We have concluded the so-called “Controller Addendum” with Facebook, thereby agreeing, among other things, that Facebook is responsible for ensuring the rights of data subjects. The corresponding information for the so-called Page Insights can be found on the “Information about Page Insights” page, including “Information about Page Insights Data”.

We use services from specialized third parties to carry out our activities and operations permanently, in a user-friendly, secure, and reliable manner. With such services, we can embed functions and content into our website. During such embedding, the used services, for technical reasons, may temporarily collect the Internet Protocol (IP) addresses of the users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data required to provide the respective service.

9.1 Digital Infrastructure

We utilize services from specialized third-party providers to access the required digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We particularly use:

• METANET: Hosting; Provider: Metanet AG (Switzerland); Information on data protection: Privacy Policy, «Technisch-organisatorische Massnahmen».

9.2 Audio and Video Conferences

We use specialized services for audio and video conferences to facilitate online communication. For participation in audio and video conferences, the legal texts of individual services, such as privacy policies and terms of use, also apply.

Depending on the situation, we recommend muting the microphone by default and blurring the background or using a virtual background during participation in audio or video conferences.

We particularly use:

• Google Meet: Video conferences; Provider: Google; Google Meet-specific information: «Google Meet – Security and Privacy for Users».
• Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Information on data protection: Privacy Policy, «Privacy at Zoom», «Compliance Center»

9.3 Payments

We utilize specialized service providers to securely and reliably process payments from our customers. For payment processing, the legal texts of individual service providers, such as General Terms and Conditions (GTC) or privacy policies, also apply.

We particularly use:

• PayPal: Payment processing; Providers: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) / PayPal Pte. Ltd. (Singapore); Information on data protection: Privacy Policy, «Statement on Cookies and Tracking Technologies».
• Zahls.ch: Online payment processing; Provider: siebenberge gmbh; Information on data protection: Privacy Policy
• Payrexx (via Zahls): Payment processing; Provider: Payrexx AG (Switzerland); Information on data protection: «Guidelines» including Privacy Policy.

9.4 Advertising

We use the opportunity to display targeted advertising for our activities and operations on third-party platforms, such as social media platforms and search engines.

With such advertising, we aim to reach individuals who are already interested in or could potentially be interested in our activities and operations (remarketing and targeting). For this purpose, we may transmit relevant – possibly personal – information to third parties that enable such advertising. We may also track the success of our advertising, particularly if it leads to visits to our website (conversion tracking).

Third-party platforms where we advertise, and where you are logged in as a user, may associate the use of our online offerings with your respective profile.

We use particularly:

• Facebook Advertising (Facebook Ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Information on data protection: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy, «Ad Preferences» (user registration required).
• Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Information on data protection: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), «Ad Preferences» (Instagram) (user registration required), «Ad Preferences» (Facebook) (user registration required).

We use services and programs to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and assess the impact of third-party links to our website. Based on the results of success and reach measurement, we can address issues, strengthen popular content, or make improvements to our online offering.

When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened (IP masking) to pseudonymize the data and adhere to the principle of data minimization, thereby improving user privacy.

When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles may include information about the pages visited or content viewed on our website, details about screen size or browser window, and the approximate location. User profiles are always created in a pseudonymized form. We do not use user profiles to identify individual users. Some third-party services, where users are logged in, may associate the usage of our online offering with the user’s account or profile on that specific service.

We particularly use:

• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, «Privacy», «Browser add-on to deactivate Google Analytics».

We may update and supplement this privacy policy at any time. We will inform about such updates and additions in an appropriate manner, especially by publishing the current version of the privacy policy on our website.