In this privacy policy, you will learn, among other things:

• What personal data we collect and process;
• The purposes for which we use your personal data;
• Who has access to your personal data;
• How long we process your personal data;
• What rights you have regarding your personal data; and
• How you can contact us.

Communication Data

When you contact us via contact form, email, phone, chat (e.g., chat plugin, WhatsApp, SMS), mail, or other means of communication, we collect the exchanged data, including your contact details and communication metadata. If we need to verify your identity (e.g., when you request access to personal data), we may ask for identification data (e.g., a copy of an ID card). We generally retain this data for six months after our last interaction. However, this period may be extended if required for legal or contractual reasons. Emails in personal inboxes and written correspondence are usually stored for at least ten years.

Behavioral Data

When you visit our website or use our services (e.g., viewing newsletters, browsing the website), we often collect data about this usage. This includes pages visited, time spent on specific pages, number of visits, and similar activities.

Technical Data

When you use our website or other electronic services (e.g., Wi-Fi networks at our locations, web hosting, forums), we collect your device’s IP address and other technical data to ensure functionality and security. This data includes logs recording the use of our systems. To maintain functionality, we may assign an individual code to your device (e.g., a cookie, see section 11). Technical data alone does not usually reveal your identity, but it may be linked to other data categories (and thus to you) in the context of user accounts, registrations, access controls, or contract fulfilment.

4 .For What Purposes Do We Process Personal Data?
We process your data for the purposes outlined below. Additional information regarding online data processing can be found in Sections 11, 12, and 13. These purposes, as well as their underlying objectives, constitute legitimate interests of ours and, where applicable, of third parties. Further details on the legal basis for our processing can be found in Section 5.

• To communicate with you
• To fulfill contractual obligations
• To provide the online service, its features, and content
• To ensure security measures
• To measure reach/marketing

5. On What Basis Do We Process Your Data?

If we ask for your consent to process certain data, we will inform you separately about the respective purposes of the processing. You may revoke your consent at any time by written notice (by mail) or, unless otherwise specified or agreed, by email with future effect. Our contact details can be found in Section 2. For revoking consent for online tracking, see Section 11. If you have a user account, you may also revoke consent or contact us through the relevant website or service. Once we receive notice of your consent withdrawal, we will cease processing your data for the purposes for which you originally consented unless another legal basis exists for continued processing. Withdrawing your consent does not affect the lawfulness of processing carried out before the withdrawal.

If we do not request your consent for processing, we rely on the necessity of processing for initiating or performing a contract with you (or the entity you represent) or on our or a third party’s legitimate interest in processing your data. These legitimate interests include, in particular, pursuing the purposes described in Section 4 and implementing the associated measures. Our legitimate interests also include compliance with legal obligations, where this is not already recognized as a legal basis under applicable data protection law (e.g., under the GDPR, in the EEA, and Switzerland).

6. Who Do We Share Your Data With?
Data is stored on external service providers’ servers depending on the service used (e.g., web hosting providers, accounting software with cloud storage, etc.). We carefully select our service providers and ensure contractually that they manage your data in compliance with the revDSG and GDPR. We have concluded a data processing agreement (DPA) with relevant providers, regardless of whether the server is located in Switzerland or the EU. A list of service providers is included in our DPA.

7. Is Your Personal Data Transferred Abroad?
As explained in Section 6, we share data with other entities, some of which are located outside Switzerland. Your data may be processed in Europe and the United States, and in exceptional cases, in any country worldwide.

If a recipient is located in a country without adequate legal data protection, we require the recipient to comply with applicable data protection regulations contractually. To do so, we use the revised standard contractual clauses of the European Commission, available at:

eur-lex.europa.eu

This requirement applies unless the recipient is already subject to a legally recognized framework ensuring data protection or if we can rely on an exemption. Such exemptions may apply in legal proceedings abroad, in cases of overriding public interest, when required for contract fulfillment, if you have given consent, or when processing publicly available data to which you have not objected.

8. How Long Do We Process Your Data?
We process and store your personal data for as long as necessary to fulfill our contractual and legal obligations or for other purposes pursued through processing. This means, for example, for the duration of the entire business relationship (from initiation and execution to contract termination) and beyond, in accordance with legal retention and documentation obligations.

It is possible that personal data will be retained for the period in which claims can be made against our company and as long as we are otherwise legally required to retain it or if legitimate business interests necessitate retention (e.g., for evidence and documentation purposes). Once your personal data is no longer required for the aforementioned purposes, it is generally deleted or anonymized. For operational data (e.g., system logs), shorter retention periods of twelve months or less typically apply.

9. How do we protect your data?
We take appropriate security measures to ensure the confidentiality, integrity, and availability of your personal data, protecting it against unauthorized or unlawful processing and mitigating the risks of loss, unintentional alteration, unwanted disclosure, or unauthorized access.

10. What rights do you have?
Under applicable data protection laws, and as provided in certain cases (such as under the GDPR), you have the right to access, correct, delete, restrict the processing of your data, and to object to our data processing, particularly for direct marketing purposes, profiling for direct advertising, and other legitimate interests. You also have the right to request the transfer of your personal data to another entity (known as data portability). However, please note that we reserve the right to assert the legal limitations, for example, if we are obligated to retain or process certain data, have a legitimate interest (where we are permitted to rely on it), or need it for enforcing claims. If any costs are incurred, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and could have consequences, such as early contract termination or additional costs. We will inform you in such cases, unless this is already regulated contractually.
Exercising such rights usually requires clear proof of your identity (e.g., by submitting an identification copy where your identity is not clear or cannot be verified otherwise). To assert your rights, you can contact us at the address provided in Section 2.
Additionally, every affected individual has the right to enforce their claims in court or submit a complaint to the relevant data protection authority. The relevant data protection authority in Switzerland is the Federal Data Protection and Information Commissioner

edoeb

11. Do we use online tracking techniques?

On our website, we use various techniques to recognize you and, in some cases, track you over multiple visits. This section provides information about them.
Essentially, we distinguish your access (through your system) from other users’ access so that we can ensure the website’s functionality and carry out evaluations and personalizations. We do not aim to identify you, although we could if we or third parties can identify you by combining data with registration information. Even without registration data, the techniques used are designed to recognize you as an individual visitor on each page visit, for example, by assigning a specific recognition number (a „cookie”) to your browser or system.

What are cookies?
Cookies are individual codes (e.g., a serial number) that our server, or a server of our service providers or advertising partners, sends to your system when connecting to our website. Your system (browser, mobile) receives and stores them until the programmed expiration time. With each subsequent visit, your system sends these codes back to our server or the third-party server. This allows you to be recognized, even if your identity is not known.
Other techniques may also be used to recognize you with varying probability (i.e., distinguish you from other users), such as „fingerprinting.” Fingerprinting combines your IP address, the browser you use, screen resolution, language settings, and other data sent by your system to each server, creating a unique fingerprint. This can make cookies unnecessary.

Whenever you access a server (e.g., by using a website or app, or because an image is integrated into an email), your visits may be tracked. If we integrate offers from an advertising partner or an analytics tool provider on our website, they may track you in the same way, even if you cannot be identified in individual cases.

How can cookies and similar technologies be disabled?
You can configure your browser settings to block specific cookies or similar technologies or delete existing cookies and other data stored in the browser. You can also extend your browser with software (called „plug-ins”) that blocks tracking by specific third parties. For more information, consult your browser’s help pages (usually under the term „privacy”). Please note that our website may not function fully if you block cookies and similar technologies.

What types of cookies and similar technologies do we use?
The following cookies (and techniques with similar functions, such as fingerprinting) are distinguished:

Necessary Cookies:
Some cookies are necessary for the website to function or for certain features. For example, they ensure you can switch between pages without losing information entered into a form. They also ensure you stay logged in. These cookies are temporary („session cookies”). If you block them, the website may not function properly. Other cookies are necessary for the server to store decisions or inputs made by you beyond a session (e.g., selected language, consent given, automatic login function). These cookies have an expiration date of up to 16 months.

Performance Cookies:
To optimize our website and better tailor it to users’ needs, we use cookies to record and analyze the use of our website, possibly beyond the session. We do this by using third-party analysis services. These cookies also have an expiration date of up to 16 months. Details can be found on the third-party websites.

How do we use cookies and similar technologies from other companies?
The cookies and/or similar technologies we use may come from us or third-party companies, such as when we use features provided by third parties. These third parties may also be located outside Switzerland and the European Economic Area (EEA), provided that the protection of your personal data is adequately ensured.
Two of the main third-party providers are the server-side AWStats (integrated in PLESK) and Google. More information can be found below.

Google Analytics
Google Ireland (based in Ireland) is the provider of the „Google Analytics” service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its data processor (both referred to as „Google”). Google uses performance cookies (see above) to track the behavior of visitors on our website (e.g., duration, frequency of pages viewed, geographic origin of access, etc.) and generates reports for us based on this data. We have configured the service so that visitors’ IP addresses are truncated by Google in Europe before being forwarded to the USA, ensuring they cannot be traced back. We have disabled the „data sharing” and „signals” settings. While we assume that the information we share with Google is not personal data, it is possible that Google may deduce the identity of visitors from this data, create personal profiles, and link these data with the Google accounts of those individuals. By agreeing to the use of Google Analytics, you explicitly consent to this processing, including the transfer of personal data (such as usage data for websites and apps, device information, and unique IDs) to the USA and other countries. For information on data protection in Google Analytics, see here

google.com/analitics

and if you have a Google account, more information on processing by Google can be found

here:

12. What data do we process on our social network pages?
We may operate pages and other online presences on social networks and other third-party platforms (e.g., „Fanpages,” „Channels,” „Profiles,” etc.) and collect the data described in Section 3 and below about you. We obtain this data from you and the platforms when you interact with us through our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms analyze your use of our online presence and link this data with other data they know about you (e.g., your behavior and preferences). They also process this data for their own purposes, particularly for marketing and market research (e.g., to personalize advertisements) and to manage their platforms (e.g., what content to display to you).

Facebook
We operate the profile on Facebook. The responsible entity for operating the platform for users from Europe is Meta Platforms Ireland Limited, Grand Canal Harbour, Dublin 2, Ireland. Their privacy policy can be found at

facebook.com

Some of your data is transmitted to the USA. You can object to advertisements here:

facebook.com

Regarding the data collected and processed when visiting our page for „Page Insights,” we are jointly responsible with Facebook Ireland Ltd., Dublin, Ireland. Page Insights creates statistics about what visitors do on our page (e.g., commenting on posts, sharing content). This is described at

facebook.com

It helps us understand how our page is used and how we can improve it. We only receive anonymous, aggregated data. We have agreed on our data protection responsibilities as outlined at

facebook.com

Instagram
We operate the profile

giraffenhaus_meilen

on Instagram. The responsible entity for operating the platform for users from Europe is Meta Platforms Ireland Limited, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how Instagram uses this data.
More information can be found in Instagram’s privacy policy

13. What other services and third-party content do we integrate?
We use third-party content or services within our online offering based on our legitimate interests (i.e., the interest in security, optimization, and economic operation of our online offering in the sense of Art. 6 (1) lit. f GDPR) to integrate their content and services, such as videos or fonts.

Google ReCaptcha
We integrate the bot detection function, e.g., for form entries („ReCaptcha”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy
Opt-out

Google Fonts
We integrate fonts („Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy
Opt-out

Google Maps
We integrate maps from the „Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processed data may include IP addresses and location data, which are collected only with users’ consent (typically through settings on their mobile devices). The data may be processed in the USA.
Privacy Policy
Opt-out

UpdraftPlus
For the complete backup of this website, we use „UpdraftPlus.”
UpdraftPlus, a trademark of Simba Hosting Ltd.
UK registered company number: 8570611, VAT number: 202 1260 80, Product development and marketing in cooperation with XIBO Ltd, Cardiff, UK.
Privacy Policy
Privacy policy for using the integrated Dropbox app

14. Can this privacy policy be changed?
This privacy policy is not part of any contract with you. We may adjust this privacy policy at any time. The version published on this website is the current version.