Data protection declaration
With this data protection declaration, we inform you about the processing of personal data in connection with our activities, including our website under the domain name www.kunstplatzamiet.ch. In particular, we inform you why, how and where we process which personal data. We also inform about the rights of persons whose data we process.
We may publish additional privacy statements or other privacy information for specific or additional activities and activities. We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) with the European Data Protection Basic Regulation (DSGVO).
The European Commission recognized with the decision of 26. July 2000 that the Swiss Data Protection Act guarantees an adequate level of data protection. With the report of 15. January 2024, the European Commission confirmed this adequacy decision.
1. Contact information
Responsibility for processing personal data:
vamo AG
Marc Thalmann, Imhostrasse 34
5001 Aarau
In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties.
1.1 Data protection officer or data protection advisor
We have the following data protection officer or data protection advisor as contact person for affected persons and authorities with questions in connection with data protection:
Sven Meyzis
Klecker Weg 14a
21244 Buchholz i.d.N.,
Germany
1.2 Data Protection Representative in the European Economic Area (EWR)
We have the following data protection representative pursuant to Art. 27 DSGVO:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Deutschland
The data protection representative serves affected persons and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) as an additional contact point for inquiries in connection with the DSGVO.
2. Terms and legal basis
2.1 Definitions
Affected person: Natural person about whom we process personal data.
Personal Data: All information relating to a specific or identifiable natural person.
Particularly sensitive personal data: Data on trade union, political, religious or philosophical opinions and activities, data on health, private life or membership of a particular race or ethnic group, genetic data, biometric data that uniquely identifies a natural person, data on criminal or administrative sanctions or prosecutions and data on social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, selecting, disclosing, obtaining, recording, collecting, deleting, revealing, organizing, storing, altering, disseminating, interconnecting, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) and the Principality of Liechtenstein, Island and Norway.
2.2 Legal basis
We process personal data in accordance with Swiss data protection legislation, in particular the Federal Data Protection Act (DSG) and the Data Protection Ordinance (DSV). We process – if and to the extent that the European Data Protection Directive (DSGVO) is applicable – personal data in accordance with at least one of the following legal bases
Art. 6 para. 1 lit. b DSGVO for the necessary processing of personal data for the performance of a contract with the affected person as well as for the implementation of pre-contractual measures.
Art. 6 Abs. 1 lit. f DSGVO for the necessary processing of personal data in order to protect legitimate interests – including the legitimate interests of third parties – unless the fundamental freedoms and rights as well as the interests of the affected person outweigh such interests. Such interests include, in particular, the sustainable, humane, secure and reliable performance of our activities and tasks, the guarantee of information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
Art. 6 par. 1 lit. c DSGVO for the necessary processing of personal data for the fulfillment of a legal obligation to which we are subject according to possibly applicable law of the member states of the European Economic Area (EWR).
Art. 6 par. 1 lit. e DSGVO for the necessary processing of personal data to fulfill a task that lies in the public interest.
Art. 6 Abs. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject.
Art. 6 Abs. 1 lit. d DSGVO for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.
Art. 9 par. 2 ff. DSGVO for the processing of special categories of personal data, in particular with the consent of the data subjects.
The European Data Protection Directive refers to the processing of personal data as processing of personal data and to the processing of particularly sensitive personal data as processing of special categories of personal data (Art. 9 DSGVO).
3. Type, scope and purpose of the processing of personal data
We process such personal data as is necessary to enable us to carry out our activities and tasks in a sustainable, humane, secure and reliable manner. The processed personal data may in particular fall into the categories of browser and device data, content data, communication data, meta data, usage data, data including inventory and contact data, location data, transaction data, contract data and payment data.
We also process personal data that we receive from third parties, that we obtain from publicly accessible sources or that we collect in the course of our activities and activities, provided that such processing is permitted for legal reasons.
We process personal data with the consent of the persons concerned, where necessary. In many cases, we can process personal data without consent, for example, in order to fulfill legal obligations or to protect overriding interests.
We may also ask affected individuals for their consent if their consent is not required. We process personal data for as long as is necessary for the purpose in question. We anonymise or delete personal data, in particular in accordance with legal retention periods and statutes of limitation.
4. Disclosure of personal data
We can disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
For example, we may disclose personal data to banks and other financial services providers, government agencies, educational and research institutions, consultants and attorneys, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies and insurance companies.
5. Communication
We process personal data in order to be able to communicate with individual persons as well as with authorities, organizations and companies. In particular, we process data that a data subject provides to us when contacting us, for example by mail or e-mail. We can store such data in an address book or with comparable means.
Third parties who provide us with data about other persons are obliged to ensure the privacy of these affected persons themselves. In particular, they must ensure that such data is correct and may be transmitted. We use selected services from suitable providers to enable and improve communication with individual persons and other communication partners. We may use such services to manage and otherwise process the data of affected individuals outside of direct communication.
6. Data Security
We take appropriate technical and organizational measures to ensure data security commensurate with the risk. In particular, our measures guarantee the confidentiality, availability, traceability and integrity of the processed personal data, without, however, being able to guarantee absolute data security.
The access to our website and our other online presence is carried out with transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication – like any digital communication – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the processing of personal data by intelligence services, police authorities and other security authorities. Nor can we rule out the possibility that a data subject may be subject to targeted surveillance.
7. Personal data abroad
We generally process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly in order to process or have them processed there.
We may export personal data to all countries on earth and elsewhere in the univers, provided that the local law according to the decision of the Swiss Federal Council and – if and to the extent that the Data Protection Directive is applicable – also according to the decision of the European Commission guarantees an adequate level of data protection.
We may transmit personal data to states whose law does not provide for an adequate level of data protection, provided that the level of data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, such as the express consent of the persons concerned or a direct connection with the conclusion or processing of a contract. Upon request, we will be happy to provide affected individuals with information about any warranties or a copy of any warranties.
8. Rights of Affected Persons
8.1 Data Protection Rights
We grant affected individuals all rights under applicable data protection laws. In particular, affected persons have the following rights
Information: Affected Persons may request to be informed whether we are processing personal data about them and, if so, which personal data. Affected Persons also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of the processing, on the period of storage, on any disclosure or export of data to other countries and on the origin of the personal data.
Correction and Restriction: Data subjects may correct inaccurate personal data, complete incomplete data and restrict the processing of their data.
Deletion and objection: Data subjects may have their personal data deleted (“right to forget”) and object to the processing of their data with effect for the future.
Data disclosure and data transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another data controller.
We may postpone, limit or deny the exercise of the rights of data subjects to the extent permitted by law. We can advise affected persons of any conditions to be met for the exercise of their data protection rights.
For example, we can wholly or partially refuse the information with reference to confidentiality obligations, overriding interests or the protection of other persons. For example, we can also wholly or partially refuse the deletion of personal data, in particular with reference to statutory retention obligations. In exceptional cases, we may charge a fee for the exercise of the rights.
We will inform affected persons in advance of any such costs. We are obligated to take reasonable measures to identify data subjects who request information or assert other rights. Affected persons are obliged to cooperate.
8.2 Legal remedies
Data subjects have the right to assert their data protection claims by legal means or to file a complaint with a data protection supervisory authority. The data protection supervisory authority for private persons and federal bodies in Switzerland is the Federal Data Protection and Public Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Committee (EDPC). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are organized on a federal basis, in particular in Germany.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data must not be limited to traditional text cookies.
Cookies can be stored in the browser temporarily as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies are automatically deleted when the browser is closed. Permanent cookies have a certain storage period. In particular, cookies allow us to recognize a browser the next time it visits our website and, for example, to measure the reach of our website. Persistent cookies can also be used for online marketing purposes.
Cookies can be completely or partially deactivated or deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively ask for your express consent to the use of cookies – at least if and to the extent necessary.
In the case of cookies used to measure success and reach or for advertising purposes, many services offer a general opt-out through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
We may record at least the following information for each access to our website and our other online presence, insofar as this information is transmitted to our digital infrastructure during such accesses Date and time (including time zone), IP address, access status (HTTP status code), operating system (including user interface and version), browser (including language and version), individual sub-pages of our website accessed, including the volume of data transferred, and the website last accessed in the same browser window (referrer).
We record such information, which may also constitute personal data, in log files. The information is necessary to be able to provide our online presence permanently, humanely and reliably. The information is also necessary to ensure data security, including by third parties or with the help of third parties.
9.3 Counting pixels
We may use web beacons in our online presence. These are also known as web beacons. Web beacons – including those from third parties whose services we use – are usually small, invisible images or JavaScript scripts that are automatically retrieved when our website is accessed. At least the same information as in the log files can be collected with these pixel tags.
10. Notifications and Messages
10.1 Success and reach measurement
Notifications and messages may contain weblinks or counting pixels that record whether a message has been opened and which weblinks have been clicked. Such web links and counting pixels can also record the use of notifications and messages on a personal basis. We require this statistical collection of usage for the purpose of measuring success and reach in order to be able to send notifications and messages in an effective and humane manner, as well as permanently, securely and reliably, based on the needs and reading habits of the recipients.
10.2 Consent and objection
In principle, you must consent to the use of your e-mail address and other contact details, unless the use is permitted for other legal reasons. We may use a “double opt-in” process to obtain your consent. In this case, you will receive a notice with instructions for the double opt-in. For evidence and security reasons, we may log consent requests, including the IP address and time stamp.
You can always object to receiving notifications and communications such as newsletters. With such an objection, you can also object to the statistical recording of usage for the purpose of measuring success and reach. We reserve the right to send you necessary notifications and communications in connection with our activities and services.
10.3 Service providers for notifications and communications
We send notices and communications with the help of specialized service providers. We use in particular
Brevo: Establishment and maintenance of relationships with customers and clients or users and users, in particular by e-mail and instant messaging; Provider: Sendinblue GmbH (Germany); Information on data protection: Data protection declaration, “Data protection and data security”, “Security and data protection”.
11. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA). The general terms and conditions and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms shall also apply. These provisions shall in particular inform about the rights of the persons concerned directly vis-à-vis the respective platform, including, for example, the right to information.
For our social media presence on Facebook, including the so-called Page Insights, we are responsible together with Meta Platforms Ireland Limited (Ireland) – to the extent that the Data Protection Directive is applicable. Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights in order to be able to provide our social media presence on Facebook in an effective and people-friendly manner.
Further information on the type, scope and purpose of data processing, information on the rights of the persons concerned and the contact details of Facebook and the Facebook data protection officer can be found in the Facebook data protection declaration. We have concluded the so-called “Supplementary Agreement for Responsible Parties” with Facebook and have thus agreed, in particular, that Facebook is responsible for ensuring the rights of affected persons. For information on Page Views, please see the “Information on Page Views” page, including “Information on Page Views Data.
12. Services from third parties
We use the services of specialized third parties in order to be able to carry out our activities and tasks in a sustainable, humane, secure and reliable manner. With such services we can, among other things, integrate functions and content into our website. In the case of such embedding, the services used record the IP addresses of the users at least temporarily for technically necessary reasons.
For necessary security, statistical and technical purposes, third parties whose services we use may process data in connection with our activities in an aggregated, anonymized or pseudonymized form. For example, this may involve performance or usage data in order to be able to offer the respective service.
In particular, we use
Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), in part for users in the European Economic Area (EEA) and in Switzerland; general information on data protection: “Privacy and Security Policy”, “Information on how Google uses personal data”, “Privacy Policy”, “Google’s commitment to comply with applicable data protection laws”, “Privacy guide for Google products”, “How we use data from websites or applications where our services are used”, “How we collect data from websites or applications where our services are used”. Services,” “Types of cookies and other similar technologies used by Google,” “Advertising over which you have control” (“personalized ads”).
Services from Microsoft: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), in Switzerland and in the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information about data protection: “Data Protection at Microsoft”, “Data Protection and Privacy”, “Privacy Statement”, “Data and Privacy Settings”.
12.1 Digital Infrastructure
We use the services of specialized third parties in order to be able to take advantage of the necessary digital infrastructure in connection with our activities and activities. This includes, for example, hosting and storage services from selected providers.
In particular, we use
Cyon: Hosting; Provider: cyon GmbH (Switzerland); Information on data protection: “Data Protection”, Data Protection Declaration.
12.2 Scheduling
We use services of specialized third parties in order to be able to arrange appointments online, for example for meetings. In addition to this Privacy Policy, the terms and conditions of the services used, such as terms of use or privacy policies, shall apply.
12.3 Audio and Video Conferencing
We use specialized services for audio and video conferencing to be able to communicate online. For example, we can hold virtual meetings or conduct online classes and webinars. For participation in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply. When participating in audio or video conferences, we recommend that you mute the microphone by default and blur the background or display a virtual background, depending on your circumstances.
In particular, we use
Google Meet: Video conferencing; provider: Google; Google Meet-specific information: “Google Meet – Security and Privacy for Users.
Zoom: Platform for collaborative work, in particular with video conferencing; provider: Zoom Video Communications Inc. (USA); data protection information: “Data protection at Zoom”, data protection declaration, “Legal conformity”.
12.4 Online Collaboration
We use third party services to enable online collaboration. In addition to this Privacy Policy, the terms and conditions of the services used, such as terms of use or privacy policies, shall apply.
In particular, we use
Microsoft Teams: Platform for productive collaboration, in particular with audio and video conferencing; provider: Microsoft; Teams specific information: “Security and Compliance in Microsoft Teams”, in particular “Privacy”.
12.5 E-commerce
We engage in e-commerce and use the services of third parties in order to be able to successfully offer services, content or goods.
12.6 Advertising
We make use of the possibility to have targeted advertising for our activities and activities displayed by third parties, such as social media platforms and search engines. With such advertising, we want to reach in particular persons who are already interested in our activities or who could be interested in them (remarketing and targeting). For this purpose, we may provide third parties, who make such advertising possible, with relevant information, including personal information. We may also determine whether our advertising is successful, in particular whether it results in visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile there.
In particular, we use
Google Ads: Search engine advertising; provider: Google; Google Ads-specific information: advertising based on, among other things, search queries, using various domain names, including doubleclick.net, googleadservices.com and googlesyndication.com, for Google Ads, the advertising privacy policy, “Manage displayed advertising directly through the ads”.
LinkedIn ads: Social media advertising; Provider: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy Policy: Remarketing and targeting specifically with the LinkedIn Insight Tag, “Privacy”, Privacy Policy, Cookie Policy, Opt-out of personalized advertising.
Meta Ads: Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other meta companies (e.g. in the USA); Data protection information: Targeting, also called retargeting, in particular with the meta pixel and with custom audiences including lookalike audiences, data protection declaration, “advertising preferences” (registration as user or user required).
13. Enhancements to the Website
We may use enhancements to our website to provide additional functionality. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.
In particular, we use
CleanTalk: Spam protection for websites; Provider: CleanTalk Inc. (USA); Information on data protection: Data protection declaration.
14. Measuring success and reach
We attempt to measure the success and reach of our activities and operations. In this context, we can also measure the effect of third party references or check how different parts or versions of our online offer are used (“A/B test” method). Based on the results of the success and reach measurement, we may, in particular, correct errors, strengthen popular content or make improvements.
In most cases, the IP addresses of individual users are recorded for the purpose of measuring success and reach. In this case, the IP addresses are generally shortened (“IP masking”) in order to comply with the principle of data economy through appropriate pseudonymization. Cookies may be used to measure success and reach, and user profiles may be created. Possibly created user profiles include, for example, the individual pages visited or the content viewed on our website, information on the size of the screen or the browser window and the – at least approximate – location. As a matter of principle, any user profiles are created exclusively on a pseudonymous basis and are not used to identify individual users. Individual services of third parties to which users are registered may assign the use of our online offer to the user account or user profile of the respective service.
We use in particular
Google Marketing Platform: Success and reach measurement, in particular with Google Analytics; provider: Google; information specific to the Google Marketing Platform: measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only transmitted completely to Google in the USA in exceptional cases, privacy policy for Google Analytics, “Browser Add-on to deactivate Google Analytics”.
15. Video Surveillance
We use video surveillance to prevent criminal acts, to secure evidence in the event of criminal acts, to exercise and assert our own legal claims, to defend ourselves against third-party claims and to exercise our house rights. This is – as far as the data protection regulation (DSGVO) is applicable – about overriding legitimate interests according to Art. 6 para. 1 lit. f DSGVO, in the case of particularly sensitive personal data with reference to Art. 9 Abs. 2 lit. f DSGVO.
We store recordings from our video surveillance for as long as they are necessary for the securing of evidence or any other purpose mentioned. As a rule, the recordings are deleted or overwritten after 120 hours.
We may secure recordings from our video surveillance and transmit them to competent authorities, in particular judicial or law enforcement authorities, if the transmission is necessary for a named purpose, in our other legitimate overriding interest or due to legal obligations.
16. Final notes on the privacy policy
We have created this Privacy Policy using the Privacy Policy Generator from Datenschutzpartner. We may update this Privacy Policy at any time. We will provide notice of updates in an appropriate manner, in particular by publishing the current Privacy Policy on our website.