1 The “data controller” in the terms of the EU General Data Protection Regulation ("GDPR") is:

Alsia & Partners AG

Tödistrasse 46

8002 Zurich

Switzerland

Authorised representatives:

Dr. Julia Dannath-Schuh, Daniela Però

E-Mail: welcome@alsia.partners

2 Is there a data protection officer?

Yes. You can reach him at:

Alsia & Partners AG

Data Protection Officer

Tödistrasse 46

8002 Zurich

Switzerland

dataprotection@alsia.partners

3 Which of your personal data are processed, for what purposes and on what legal basis?

In order to provide you with our website in an error-free and secure fashion and to be able to process your requests, it is necessary for us to process your personal data. We do this in accordance with applicable data protection regulations, such as the GDPR, the German Federal Data Protection Act and the Swiss Data Protection Act.

3.1   Log files

When you visit our website, log files are automatically created. In them, for example, the following data are processed:

• Date

• Time

• IP address

• Referrer (web pages you have visited before visiting this website)

• Browser version

• Operating system

This information may also include details about your use of this website, including:

• Clicks

• Internal links

• Visited pages

• Scrolls

• Searches

• Timestamp

The data in the log files are deleted after 7 days.

The legal basis for this processing is Article 6(1)f GDPR, as it is necessary to protect our or your legitimate interests. Our legitimate interest is to provide you with our website free of errors and securely.

3.2   Contact form

When you use our contact form to send us a message, we process:

• Your first and last name

• Your e-mail address

• Other personal data you share with us in the message text

We process your personal data for the purpose of answering/processing your request. Examples include:

• When you are interested in our services and ask us to send you more information or to contact you to conduct a needs analysis.

• When you ask us for a quote for a specific service

 The legal basis for this data processing depends on the nature of your request:

• If you have given us your consent to process the data, Article 6(1)a GDPR forms the legal basis.

• If the processing serves to fulfill a contract we have with you or to prepare a contract with you, Article 6(1)b GDPR forms the legal basis.

• If the processing is necessary to protect our or your legitimate interests as well as those of a third party, Article 6(1)f GDPR forms the legal basis. Our legitimate interest is usually at least to answer your request, especially if we do not have a contract with you and the answer does not serve the preparation of a contract.

3.3   Contact by e-mail

If you contact us by e-mail, we process various of your personal data depending on your request. Usually these are at least:

• Your first and last name

• Your e-mail address;

• Other contact information, such as your address, phone number, and/or social media presences that you disclose in an e-mail signature, for example.

• Furthermore, we process all personal data that you provide to us as part of the contact.

We process your personal data for the purpose of answering/processing your request.

The legal basis for this data processing depends on the nature of your request:

• If you have given us your consent to process the data, Article 6(1)a GDPR forms the legal basis.

• If the processing serves to fulfill a contract we have with you or to prepare a contract with you, Article 6(1)b GDPR forms the legal basis.

• If the processing is necessary to protect our or your legitimate interests as well as those of a third party, Article 6(1)f GDPR forms the legal basis. Our legitimate interest is usually at least to answer your request, especially if we do not have a contract with you and the answer does not serve the preparation of a contract.

For all previously mentioned processing operations, the following applies:

• If we are subject to a legal obligation to process (for example, in the context of legal retention periods), Article 6(1)c GDPR forms the legal basis.

• If the processing is necessary to protect vital interests that you or another natural person have, Article 6(1)d GDPR forms the legal basis.

• If the processing is necessary for the performance of a task carried out in the public interest, Article 6(1)e GDPR forms the legal basis.

4     Cookies

When you visit our website, we use cookies to ensure you get the best experience. Cookies are small text files stored by your web browser on your device. Cookies may contain personal data. The information stored by cookies can be used for various purposes by the website when you revisit it at a later date:

• Functional cookies: These are required to ensure that our website works properly and securely.

• Analytics cookies: We use these to gather information about how our site is used and to improve our services. These are not tracking cookies.

• Convenience cookies: These can make visiting a website more convenient, e.g. by storing login information so that the user does not have to log in every time they visit the website. 

• Third-party cookies (or tracking cookies): These are used to create pseudonymised user profiles.

We use functionality cookies and analytics cookies on our website.

Functional cookies are necessary to ensure technically smooth and secure operation of the website, for example to ward off attacks such as ‘cross-site request forgery’ (processing purposes as well as our legitimate interest: legal basis Art. 6 para. 1 letter f GDPR).

The analytics cookies are used to gain insight into how often our website or individual pages are accessed and other similar information (processing purposes). The legal basis is the user’s consent (Art. 6 para. 1 letter a GDPR). If you choose not to click on ‘Accept’ in our cookie banner, no analytics cookies will be stored.

For the provision of our website, we use the service provider Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland.

Website: https://de.squarespace.com;

Privacy policy: https://de.squarespace.com/datenschutz;

Data processing addendum: https://www.squarespace.com/dpa;

Information on cookies Squarespace uses: https://support.squarespace.com/hc/de/articles/360001264507.

You can prevent cookies from being saved or delete saved cookies automatically (e.g. when closing the browser) by selecting the appropriate settings in your browser, or by deleting saved cookies manually.

5     Who receives MY personal data?

We may pass on your data to subcontractors, our so-called affiliate partners, solely for the purpose of fulfilling the contract or to process your enquiries. We have order processing contracts with all our affiliate partners in accordance with Art. 28 GDPR.

Other processors used by us (Art. 28 GDPR), e.g. IT or telecommunications providers may receive data for these purposes.

We do not pass on your personal data to other third parties unless we are required to do so by law, you have given your explicit and special consent to this, or we are otherwise authorised to do so.

6     Are your personal data transferred to third country?

Alsia & Partners AG is based in Switzerland. Our processors are based either in the European Union or in Switzerland. We do not transfer your personal data to other third countries (countries outside the EEA).

7     How long do we keep your personal data?

We only store your personal data for as long as is necessary to fulfil the respective purpose or as long as we are required by law to store it. For example, to comply with legal retention obligations for business documents (e.g. emails or letters, pursuant to Art. 958 OR, Swiss Code of Obligations).

After the respective purpose has been fulfilled or the respective legal retention period has expired, we will delete your data unless you have consented to further storage.

If you have agreed to further storage of your data, we will delete your data when the corresponding purpose has been fulfilled or you revoke your consent.

8     SEcurity

For the security of your personal data, we use technical and organisational measures that are proportionate to the respective data and the respective risk. We regularly review, assess and evaluate these measures and, if necessary, make appropriate improvements in line with technological developments to ensure the security of the processing of your data.

An example of a technical security measure on this website is the use of SSL encryption (recognisable by "https://" instead of "http://" as well as a lock symbol in the address bar of the browser). With the help of encryption, we protect the transmission of confidential content that you send us, for example, via our contact form.

We would like to point out that despite all security precautions, complete security cannot be guaranteed for data transmission on the Internet (e.g. communication by e-mail). It is therefore not possible to protect the data completely from access by third parties.

9     Do automated decision-making processes based on personal data take place?

No.

10    What third party services do we use?

This website uses one or more font files from Adobe Fonts. The font file(s) is/are stored locally with the website; no transfer of your personal data to Adobe takes place.

11 What rights do you have?

If the GDPR applies in your case, you have:

• the right to information in accordance with Article 15 GDPR;

• the right to authorisation in accordance with Article 16 GDPR;

• the right to erasure in accordance with Article 17 GDPR,

• the right to limitation of processing in accordance with 18 GDPR;

• the right to data transferability in accordance with Article 20 GDPR;

• In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR as related to § 19 of the Federal Data Protection Act).

The restrictions in accordance with §§ 34 and 35 FDPA (if relevant) shall apply to the right to information and the right to erasure.