Privacy Policy
The Website at hand is an Offer by Gstaad Menuhin Festival & Academy AG in Switzerland. With this Privacy Policy, we provide you with information about the processing of personal data in connection with our Offer.
Our Offer shall be subject to the Swiss data protection legislation as well as to any applicable foreign data protection legislation, for example the one of the European Union (EU) including the General Data Protection Regulation (GDPR). The EU acknowledges that the Swiss data protection legislation guarantees an adequate level of data protection.
1. Processing of Personal Data
1.1
Personal data shall include any information relating to an identified or identifiable person. A data subject shall be any person whose personal data is processed. Processing shall comprise any handling of personal data, irrespective of the means and procedures applied, in particular any archiving, collection, disclosure, destruction, revision, storage and use of personal data.
1.2
We shall process any personal data that is required to enable us to provide our Offer in an effective and user-friendly manner as well as permanently, safely and reliably.
1.3
In principle, we shall process personal data only after the consent of the data subject has been given, unless processing is permissible for any other reasons, for example for the performance of a contract to which the data subject is party and for corresponding measures prior to entering into a contract, to safeguard our prevailing legitimate interests, since such processing is apparent from the circumstances, or after prior information. Within this framework, we shall process, in particular, any information that is provided by a data subject itself upon establishment of contact, for example by letter mail, e-mail, contact form, telephone or social media. We may store such information in a customer relationship management system (CRM system), in online shop software or using comparable tools.
1.4
We shall process personal data for any duration that is required for the respective purpose or the respective purposes. In case of any longer retention periods on account of any legal and other obligations to which we are subject, we shall limit such processing accordingly.
1.5
We may engage third parties to process personal data including third parties abroad. Such processors shall process personal data on our behalf. Furthermore, we may process personal data with the help of third parties including third parties abroad. We shall warrant in any case that such third parties will ensure an adequate level of data protection.
1.6
We are present on social media platforms and other online platforms in order to communicate with customers as well as interested persons and in order to provide information about our Offer. The respective General Terms and Conditions (GTC), Data Policies and other provisions of the respective operators shall apply.
2. Lawfulness of Processing Personal Data
2.1
We shall process personal data in line with the Swiss data protection legislation, including, in particular, the Swiss Federal Act on Data Protection (FADP).
2.2
If and to the extent that the GDPR is applicable, we shall process personal data in accordance with the following legal bases:
Art. 6 para. 1 lit. b GDPR for the required processing of personal data for the performance of a contract to which the data subject is party as well as in order to take steps prior to entering into a contract;
Art. 6 para. 1 lit. f GDPR for the required processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms as well as by interests of the data subject. Legitimate interests shall be our business management interest to be able to provide and advertise our Offer, information security as well as any protection against misuse and unauthorized use, the enforcement of own legal claims and compliance with Swiss legislation.
Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject;
Art. 6 para. 1 lit. c GDPR for the required processing of personal data for compliance with a legal obligation to which we are subject according to any applicable legislation of the EU or according to any applicable legislation of any country in which the GDPR is applicable either in whole or in part;
Art. 6 para. 1 lit. d GDPR for the required processing of personal data in order to protect the vital interests of the data subject or of another natural person;
3. Organizational and Technical Measures
3.1
We shall take reasonable and adequate organizational and technical measures to ensure data protection and data security.
3.2
Any access to our Offer shall be made using transport encryption (SSL / TLS).
3.3
In spite of reasonable and adequate organizational and technical measures, any processing of personal data on the Internet may always involve security vulnerabilities. Therefore, we cannot ensure absolute data security.
3.4
Any access to our Offer, just as, in principle, any use of the Internet, is subject to unjustified mass surveillance without suspicion as well as to other monitoring measures taken by security authorities in Switzerland, in the EU, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence agencies, police services and other security authorities.
4. Cookies, Log Files and Tracking Pixels
4.1
For each visit of our Website, we collect the following data – if transmitted by your browser to our server infrastructure – and store such data in server logfiles:
date and time including time zone
Internet Protocol (IP) address
response status (HTTP status code)
operating system including user interface and language
browser including language and version
all requested pages and data volume transferred
last visited page (HTTP referer)
Such data can be personal data. We need such data in order to provide our offer including our Website in an effective and user-friendly manner as well as permanently, safely and reliably, especially for the protection of personal data – also through third parties and with the help of third parties.
4.2
We use cookies on our Website. Cookies – also from third parties whose services we use (third-party cookies) – is data that is stored in your browser. Cookies may be stored in your browser when visiting our Website. In particular, cookies allow us to recognize your browser upon your next visit of our Website. Cookies cannot execute programs or transmit malware, such as Trojans and viruses. Cookies are required to allow us to provide our offer including our Website in an effective and user-friendly manner as well as permanently, safely and reliably, in especially by analyzing the use with regard to bug fixing and improvements.
You may disable and delete cookies in your browser settings in whole or in part at any time. Without cookies, however, our offer might no longer be available to its full extent. If and to the extent required, we shall provide direct information about the use of cookies or we shall directly ask you to give your consent to the use of cookies.
4.3
We use tracking pixels on our Website. Tracking pixels – also from third parties whose services we use – are small pictures that get loaded when you visit our Website. Tracking pixels allow for the collection of the same data as transmitted by your browser to our server infrastructure. Tracking pixels are required to allow us to provide our offer including our Website in an effective and user-friendly manner as well as permanently, safely and reliably, in especially by analyzing the use with regard to bug fixing and improvements.
5. Notifications and Newsletters
5.1
We may send notifications and newsletters by e-mail and via other communication channels. If and to the extent that such dispatch is not required for the performance of a contract to which the data subject is party or to safeguard our prevailing legitimate interests, you must give your express consent to the use of your e-mail address and your other contact addresses to ensure that no misuse by unauthorized third parties will be possible («double opt-in»). We may have notifications and newsletters sent by third parties or with the help of third parties.
5.2
Notifications and newsletters may contain tracking pixels or web links gathering information as to whether an individual notification or an individual newsletter had been opened and what web links had been clicked on in this case. Such tracking pixels and web links gather the use of notifications and newsletters. We need such statistic gathering of any use including performance and reach measurement in order to offer notifications and newsletters in an effective and user-friendly manner as well as permanently, safely and reliably.
5.3
You may unsubscribe from notifications and newsletters and thus, in particular, object to the aforementioned gathering of any use at any time.
6. Third-Party Services
6.1
We make use of the services of third parties, also abroad, including in the United States of America (USA), to be able to provide our Offer in an effective and user-friendly manner as well as permanently, safely and reliably. Such services, inter alia hosting and storage services, shall require your Internet Protocol (IP) address, since it will not be possible otherwise to deliver or provide the corresponding contents. Inter alia using cookies and log files, such services may also process additional data in connection with our 0ffer and in conjunction with information from other sources for their statistical and technical purposes.
6.2
We use CMSBOX to host our Website. CMSBOX is a service of the Swiss company CMSBOX GmbH and is subject to the Swiss data protection legislation to ensure adequate data protection. CMSBOX uses the Matomo (formerly Piwik) free source software in order to guarantee the hosting of our Website permanently, securely and reliably, especially by analysing its use with regard to troubleshooting and improvements. Cookies are also used in this context. If you have any questions regarding the nature, scope and purpose of data processing, please contact CMSBOX directly using the different contact addresses.
6.3
We use Facebook Pixel in order to determine the number of visitors to our Website as a target group for advertising on Facebook. In this way, we can restrict advertising on Facebook to individuals interested in or using our offer including our Website. To this end, we transfer corresponding - also personal - information to Facebook (Custom Audiences). Moreover, we can determine whether our advertising on Facebook is successful and thus leads to corresponding visits to our Website (Conversion Tracking). Cookies are also used in this context.
You can object to any gathering by Facebook Pixel on the following websites:
http://optout.networkadvertising.org/ , http://optout.aboutads.info/ and http://www.youronlinechoices.com/uk/ .
Facebook Pixel, Custom Audiences and Conversion Tracking are services of the US company Facebook Inc. respectively of Facebook Ireland Ltd. based in Ireland for data subjects in Europe. In particular, Facebook has published the following information on the nature, scope and purpose of data processing in connection with Facebook Pixel, Custom Audiences and Conversion Tracking: Privacy Policy, Information on the Functions of Facebook Pixel , Information on the Functions of Custom Audiences , Information on the Functions of Conversion Tracking.
6.4
We use Google Ads in order to have advertising for our Offer displayed in a targeted manner, primarily on other websites, in particular to individuals interested in or using our offer including our website. To this end, we transfer corresponding - also personal - information to Google (Remarketing). Cookies are also used in this context. Google Ads is a service of the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.
Google uses different domain names, inter alia doubleclick.net, googleadservices.com and googlesyndication.com, for Google Ads. In this context, Google processes the information transmitted and other data in pseudonymized form, which means that, from Google’s point of view, Google manages pseudonymous profiles and not profiles of individual, actually identifiable persons, unless the person concerned has given Google his or her explicit consent to perform processing without pseudonymisation.
You can object to personalized advertising by Google by using the corresponding setting options offered by Google.
In particular, Google has published the following information on the nature, scope and purpose of data processing in connection with Google Ads: About privacy and personalized ads , Privacy Policy and Terms of Use.
6.5
We use Google Analytics to have the use of our Website analyzed; we have the collected IP addresses anonymized prior to the analysis. Google Analytics also uses cookies.
Google Analytics is a service of the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. We need this service in order to provide our offer including our Website in an effective and user-friendly manner as well as permanently, safely and reliably, especially by analyzing the use, including success and outreach, and with regard to bug fixing and improvements.
You can object to statistical recording by Google Analytics with the «Google Analytics Opt-out Browser Add-on».
In particular, Google has published the following information regarding type, scope, and purpose of data processing in connection with Google Analytics: Google Analytic Terms of Service , Privacy Policy and Terms of Service.
6.6
We use Google Fonts to be able to embed fonts into our Website. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. In particular, Google has published the following information regarding type, scope, and purpose of data processing in connection with Google Fonts: Google Fonts and Privacy , Privacy Policy and Terms of Service.
6.7
We use Google Maps in order to embed maps into our Website. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. In particular, Google has published the following information on the nature, scope and purpose of data processing in connection with Google Maps: Google Product Privacy Guide including Google Maps , Privacy Policy and Terms of Use.
6.8
We use kulturticket.ch to sell tickets to our customers. kulturticket.ch is a service of the Swiss company Swiss Classics GmbH in cooperation with the German company Reservix GmbH. Adequate data protection is guaranteed, since Swiss Classics is subject to the Swiss data protection legislation and Reservix is subject to both the GDPR and the German data protection legislation. In particular, Swiss Classics has published the following information on the nature, scope and purpose of data processing: Privacy Policy of kulturticket.ch, Privacy Policy of Reservix.
6.9
We use YouTube in order to embed videos into our Website. YouTube is a service of the US company Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. In particular, Google has published the following information on the nature, scope and purpose of data processing in connection with YouTube: Google Product Privacy Guide including YouTube , Privacy Policy and Terms of Use.
7. Rights of Data Subjects
7.1
Any data subjects whose personal data is processed by us shall have the rights according to the Swiss data protection legislation. This shall include the right to information as well as the right to correct, delete or block the personal data processed.
7.2
Any data subjects whose personal data is processed by us, if and to the extent that the GDPR is applicable, may request a confirmation free of charge as to whether we process their personal data and, if yes, information about the processing of their personal data, may have the processing of their personal data limited, may exercise their right to data portability and may have their personal data corrected, deleted («right to be forgotten») or blocked.
7.3
Any data subjects whose personal data is processed by us, if and to the extent that the GDPR is applicable, may revoked at any time any consents given and may raise an objection against any processing of their personal data at any time.
7.4
Any data subjects whose personal data is processed by us shall have the right to lodge a complaint with any supervisory authority in charge. The supervisory authority in charge of data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
8. Contact Addresses and Responsibility
8.1
As a general rule, any requests by supervisory authorities and data subject are addressed to us by e-mail, but can also be sent by letter mail to:
Gstaad Menuhin Festival & Academy AG
Dorfstrasse 60
Postfach
3792 Saanen
Switzerland
info@gstaadmenuhinfestival.ch
8.2
We have a data protection representative in the EU as a point of contact for supervisory authorities and data subjects for any and all questions in connection with the EU data protection legislation:
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Deutschland
info@datenschutzpartner.eu
9. Final Provisions
We may amend our Privacy Policy at any time. We shall inform data subjects about any such amendments in an adequate manner on our Website.