Privacy Policy
With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name con-sentido.ch. In particular, we inform you about what personal data we process, how, and where. We also inform you about the rights of individuals whose data we process.
For individual or additional activities and operations, we may publish further privacy policies or other information on data protection.
1. Contact Addresses
Responsibility for the Processing of Personal Data:
Con Sentido GmbH
Michelle Studer
Türmlihausstrasse 27
4500 Solothurn
In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties.
2. Terms and Legal Bases
2.1 Terms
Data Subject: Natural person whose personal data we process.
Personal Data: All information relating to an identified or identifiable natural person.
Special Categories of Personal Data: Data concerning trade union membership, political, religious or philosophical beliefs, or activities, data concerning health, intimate sphere or ethnic or racial origin, genetic data, biometric data uniquely identifying a natural person, data concerning criminal and administrative sanctions or prosecutions, and data concerning social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, retrieving, disclosing, procuring, collecting, recording, deleting, revealing, ordering, organizing, saving, altering, disseminating, linking, destroying, and using personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
3. Type, Scope, and Purpose of Personal Data Processing
We process personal data that is necessary to carry out our activities and operations permanently, user-friendly, securely, and reliably. The processed personal data may fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the course of our activities and operations, insofar as such processing is permissible for legal reasons.
We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also ask data subjects for their consent even if their consent is not required.
We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, in particular, depending on statutory retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.
5. Communication
We process personal data to be able to communicate with third parties. In this context, we process, in particular, data that a data subject transmits when contacting us, for example, by postal mail or email. We may store such data in an address book or using comparable tools.
Third parties who transmit data about other individuals are obliged to ensure data protection for such data subjects. This includes ensuring the accuracy of the personal data transmitted.
We use selected services from suitable providers to communicate better with third parties.
Specifically, we use:
- Google Forms: Online form service; Provider: Google; Google Forms-specific data protection information: “Security, Compliance, and Privacy”.
6. Data Security
We take appropriate technical and organizational measures to ensure a level of data security commensurate with the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, without, however, being able to guarantee absolute data security.
Access to our website and our other online presence is via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting websites without transport encryption.
Our digital communication is subject – like basically all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police departments, and other security authorities. We also cannot rule out that a data subject may be specifically monitored.
7. Personal Data Abroad
We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process it there or have it processed.
We may disclose personal data to all countries on Earth and elsewhere in the universe, provided that the local law, according to a decision of the Swiss Federal Council, ensures an adequate level of data protection.
We may disclose personal data to countries whose law does not ensure an adequate level of data protection, provided that an appropriate level of data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly provide data subjects with information about any guarantees or provide a copy of guarantees.
8. Rights of Data Subjects
8.1 Data Protection Claims
We grant data subjects all claims according to the applicable data protection law. Data subjects have, in particular, the following rights:
- Right of Access: Data subjects can request information on whether we process personal data about them, and if so, which personal data it is. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
- Rectification and Restriction: Data subjects can have inaccurate personal data rectified, incomplete data completed, and the processing of their data restricted.
- Erasure and Objection: Data subjects can have personal data erased (“right to be forgotten”) and object to the processing of their data with future effect.
- Data Portability: Data subjects can request the release of personal data or the transfer of their data to another controller.
We may defer, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects about any prerequisites that must be met for the exercise of their data protection claims. For example, we may wholly or partially refuse access to information with reference to confidentiality obligations, overriding interests, or the protection of other individuals. For example, we may also wholly or partially refuse the erasure of personal data, in particular with reference to statutory retention obligations.
We may exceptionally charge costs for the exercise of rights. We inform data subjects in advance about any potential costs.
We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.
8.2 Legal Protection
Data subjects have the right to enforce their data protection claims through legal action or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
For Individual or Additional Activities and Operations, We may Publish further Privacy Policies or other Information on Data Protection.
1. Contact Addresses
Responsibility for the processing of personal data:
info@con-sentido.ch
Personal Data: All information relating to an identified or identifiable natural person.
2.2 Legal Bases
9.2 Logging
For every access to our website and our other online presence, we may log at least the following information, provided it is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including transferred data volume, last website accessed in the same browser window (Referer or Referrer).
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
5. Communication
We process personal data to communicate with third parties. In this context, we process, in particular, data that a data subject transmits when contacting us, for example, by mail or email. We may store such data in an address book or using comparable tools.
10. Notifications and Communications
We Use Selected Services from Suitable Providers to Improve Communication with Third Parties.
In particular, we use:
Google Forms: Online Form Service; Provider: Google; Google Forms-specific Data Protection Information: Security, Compliance, and Privacy.
You must generally consent to the use of your email address and other contact addresses, unless the use is permissible for other legal reasons. For obtaining a double-confirmed consent, we may use the “Double Opt-in” procedure. In this case, you will receive a message with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidentiary and security reasons.
You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can simultaneously object to the statistical collection of usage for success and reach measurement. Necessary notifications and communications in connection with our activities and operations remain reserved.
10.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
Our Digital Communication is Subject – as is Fundamentally all Digital Communication – to Mass Surveillance without Cause and Suspicion by Security Authorities in Switzerland, the Rest of Europe, the United States of America (USA), and other Countries. We Cannot Directly Influence the Corresponding Processing of Personal Data by Intelligence Services, Police Stations, and other Security Authorities. We also Cannot Rule out that a Data Subject may be Specifically Monitored.
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.
The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions specifically inform about the rights of data subjects directly vis-à-vis the respective platform, which includes, for example, the right to information.
12. Third-Party Services
We use services from specialized third parties to sustainably, user-friendly, securely, and reliably carry out our activities and operations. These services allow us, among other things, to embed functions and content into our website. When embedding in this way, the services used collect, for technically compelling reasons, at least temporarily, the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data, to be able to offer the respective service.
Specifically, we use:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and in Switzerland; General information on data protection: “Principles of Data Protection and Security”, “Information on how Google uses personal data”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Guide to Data Protection in Google Products”, “How we use data from websites or apps on or in which our services are used”, “Types of cookies and similar technologies used by Google”, “Advertising you control” (“Personalized advertising”).
12.1 Digital Infrastructure
We use services from specialized third parties to utilize the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
Specifically, we use:
- Cyon: Hosting; Provider: cyon GmbH (Switzerland); Information on data protection: “Data Protection”, Privacy Policy.
- Google Cloud including Google Cloud Platform (GCP): Storage space and other infrastructure; Google Cloud-specific providers: Google LLC (USA) for users, among others, in the USA / Google Ireland Limited or Google Commerce Limited (each Ireland) for users, among others, in the European Economic Area (EEA) and in Switzerland (see “Google’s Contracting Partner” (“Google Contracting Entity”) for providers in other countries); Google Cloud-specific information: “Data Protection Resource Center” (“Privacy Resource Center”), “Data Protection”, “Compliance Resource Center”, “Trust and Security”.
- WordPress.com: Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users, among others, in Europe; Information on data protection: Privacy Policy, Cookie Policy.
12.2 Appointment Scheduling
We use services from specialized third parties to schedule appointments online, for example, for meetings. In addition to this privacy policy, any directly visible terms of the services used, such as terms of use or privacy policies, also apply.
Specifically, we use:
- Google Calendar: Online appointment scheduling; Provider: Google; Google Calendar-specific information: “Scheduling with Google Calendar”, “Data Protection in Google Calendar”.
12.3 Audio and Video Conferencing
We use specialized services for audio and video conferencing to communicate online. This allows us, for example, to hold virtual meetings or conduct online classes and webinars. For participation in audio and video conferences, the legal texts of the individual services, such as privacy policies and terms of use, also apply.
Depending on your circumstances, we recommend muting the microphone by default and blurring the background or displaying a virtual background when participating in audio or video conferences.
Specifically, we use:
- Google Meet: Video conferencing; Provider: Google; Google Meet-specific information: “Google Meet – Security and Privacy for Users”.
- Zoom: Platform for collaborative work, especially with video conferencing; Provider: Zoom Video Communications Inc. (USA); Information on data protection: “Privacy at Zoom”, Privacy Policy, “Legal Compliance”.
12.4 Social Media Features and Content
We use third-party services and plugins to embed features and content from social media platforms and to enable content sharing on social media platforms and through other means.
Specifically, we use:
- Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (among others in the USA); Information on data protection: Privacy Policy (Instagram), Privacy Policy (Facebook).
13. Performance and Reach Measurement
We try to measure the success and reach of our activities and operations. In this context, we can also measure the impact of third-party notices or check how different parts or versions of our online offering are used (“A/B testing” method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements.
For success and reach measurement, in most cases, the IP addresses of individual users are collected. In this case, IP addresses are generally truncated (“IP masking”) to follow the principle of data minimization through appropriate pseudonymization.
For success and reach measurement, cookies may be used and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information on screen or browser window size, and the – at least approximate – location. Generally, any user profiles are created exclusively in pseudonymized form and are not used for the identification of individual users. Individual third-party services where users are logged in may potentially associate the use of our online offering with the user account or user profile of the respective service.
Specifically, we use:
- Google Marketing Platform: Success and reach measurement, especially with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) with pseudonymized IP addresses, which are only exceptionally transmitted completely to Google in the USA, Privacy Policy for Google Analytics, “Browser Add-on for Google Analytics Opt-out”.
- Google Tag Manager: Integration and management of Google and third-party services, especially for success and reach measurement; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further information on data protection can be found with the individual integrated and managed services.
14. Concluding Remarks on the Privacy Policy
We created this privacy policy with the Privacy Policy Generator from Datenschutzpartner.
We may update this privacy policy at any time. We will inform about updates in an appropriate manner, in particular by publishing the current privacy policy on our website.