Datenschutzerklärung | Area Sense Hair & Beauty Küsnacht

Privacy Policy

Owner / Data Controller

The controller within the meaning of Art. 5 letter j DSG and Art. 4(7) DSGVO is the entity that alone or jointly with others determines the purposes and means of processing personal data. Under Art. 4(7) DSGVO, the controller is also considered the recipient of the personal data within the meaning of Art. 4(9) DSGVO. Any potential third-party recipients will be indicated separately.

With regard to our website, the owner/controller is:

Area Sense GmbH
Obere Dorfstrasse 44
8700 Küsnacht
Switzerland
E-Mail: claudia.zahner@hotmail.com
Tel.: +41 44 910 05 60

Provision of the Website and Creation of Log Files

Collection and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the device used to access it (e.g., computer, mobile phone, tablet, etc.).

What personal data is collected and to what extent is it processed?
(1) Information about the browser type and version used;
(2) The operating system of the accessing device;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Notification of whether the retrieval was successful;
(9) Amount of data transmitted.

This data is stored in the log files of our system. Storage of this data together with personal data of a specific user does not take place, so that identification of individual site visitors is not possible.

Legal basis for the processing of personal data
The processing of personal data is carried out in accordance with the principle of lawfulness (Art. 6 para. 1 DSG), the principle of good faith (Art. 6 para. 2 DSG and Art. 2 ZGB), as well as Art. 6 para. 1 lit. f DSGVO (legitimate interest).

Purpose of data processing
The temporary (automated) storage of data is necessary for the operation of a website visit in order to deliver the website. The storage and processing of personal data also serves to maintain the compatibility of our website for as many visitors as possible, to combat misuse, and to correct faults. For this purpose, it is necessary to log the technical data of the accessing device in order to be able to respond as early as possible to display errors, attacks on our IT systems, and/or functional errors of our website. Furthermore, the data is used to optimize the website and to generally ensure the security of our information technology systems.

Duration of storage
The above-mentioned technical data will be deleted as soon as it is no longer required to ensure the compatibility of the website for all visitors, but at the latest three months after accessing our website.

Restriction, objection, rectification, and deletion options
You may at any time request the restriction of processing pursuant to Art. 18 DSGVO, object to processing pursuant to Art. 21 DSGVO, or request rectification or deletion of data pursuant to Art. 16 or 17 DSGVO. The rights available to you and how to exercise them are set out in the lower section of this Privacy Policy.

Disclosure of Information to Third Parties

The processing of personal data is carried out in accordance with the principle of lawfulness (Art. 6 para. 1 DSG) and the principle of good faith (Art. 6 para. 2 DSG and Art. 2 ZGB).

The disclosure of data to third parties is determined by the scope of the activities or services of our website or business model described below.

As a rule, we retain your data only as long as necessary and treat it confidentially. Exceptions include the transfer of personal data to collection service providers, to public authorities and agencies, as well as to private individuals who are legally entitled to such data by law, court ruling, or regulatory order, as well as transfers to authorities for the initiation of legal proceedings or for the purpose of criminal prosecution if our legally protected rights are violated.

Integration of External Web Services and Processing of Data Outside the EU

On our website, we use active content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit. In some cases, this may involve the processing of data outside Switzerland and the EU. You can prevent this by installing an appropriate browser plugin or by disabling the execution of scripts in your browser. However, this may result in functional limitations on websites you visit.

We use the following external web services:

Legally ok
We use the service Legally ok provided by Legally ok GmbH, Schochenmühlestrasse 6, 6340 Baar, Switzerland, e-mail: hello@legally-ok.com, website: https://www.legally-ok.com/. Processing takes place exclusively in Switzerland in accordance with the applicable data protection legislation. Processing may also take place in a third country outside the EU. For this third country, an adequacy decision by the Commission exists. You can find an up-to-date list of all adequacy decisions on the website of the EU Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

The legal basis for the transfer and processing is Art. 31 (1) DSG and Art. 6 (1) lit. c DSGVO. The use of this service helps us to comply with our legal obligations.

With the help of this service, the content of our legal texts is reloaded on our website. Through the integration on our site, the current legal texts are always displayed. This integration may also load additional technical modules related to legal texts or legally required elements.

Your rights in relation to data processing can be found at the end of this privacy policy.

Further information on the handling of transferred data can be found in the provider’s privacy policy at https://www.legally-ok.com/datenschutz/.

Sentry
We use the service Sentry provided by Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, CA 94105 San Francisco, United States, e-mail: compliance@sentry.io, website: http://sentry.io/. Your personal data will be transferred to so-called unsafe third countries that do not guarantee adequate data protection through their legislation. Your data will only be shared if appropriate safeguards are in place. These may include:

international treaties,
data protection clauses in a contract between the controller or processor and its contractual partner, notified in advance to the Swiss Federal Data Protection and Information Commissioner (EDÖB),
specific guarantees developed by a federal authority and notified to the EDÖB in advance,
standard contractual clauses previously approved, issued, or recognized by the EDÖB, or
binding corporate data protection rules approved in advance by the EDÖB or a data protection authority of a country that ensures adequate protection.

If such safeguards are not in place, your data may only be disclosed if you have given your consent, if the disclosure is directly related to the conclusion or performance of a contract, or if the disclosure is required in connection with the enforcement of claims before courts and authorities or to protect public interests.

Data may also be transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework by the EU Commission pursuant to Art. 45 DSGVO (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, ensuring that the usual level of protection under the DSGVO applies to the transfer.

The legal basis for the transfer of personal data is your consent pursuant to Art. 6 (6) DSG and Art. 31 (2) DSG as well as Art. 6 (1) lit. a DSGVO and Art. 9 (2) lit. a DSGVO, which you have given on our website.

The service collects stack traces and information from our website in order to identify and fix errors and crashes. In doing so, data from the affected website visitors is also collected.

You can check the provider’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You may withdraw your consent at any time. Further information on withdrawing your consent can be found either where you provided your consent or at the end of this privacy policy.

Further information on the handling of transferred data can be found in the provider’s privacy policy at https://sentry.io/privacy/.

Wix.com / wixapps.net / wixstatic.com / Parastorage.com
We use the service Wix.com / wixapps.net / wixstatic.com / Parastorage.com provided by Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel, e-mail: support@wix.com, website: https://de.wix.com/. Processing takes place in safe third countries according to the assessment of Swiss authorities. You can find the Swiss states list and further information at this link (https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html) . Processing may also take place in a third country outside the EU. For this third country, an adequacy decision by the Commission exists. An up-to-date list of all adequacy decisions can be found on the website of the EU Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

The legal basis for the transfer of personal data is our legitimate interest in the processing pursuant to Art. 6 (1) lit. f DSGVO. Our legitimate interest lies in the purpose described below.

Wix.com serves as the host of our website. We require this integration in order to display our website to you.

With regard to processing, you have the right to object as set out in Art. 21 DSGVO. Further information can be found at the end of this privacy policy.

Further information on the handling of transferred data can be found in the provider’s privacy policy at https://de.wix.com/about/privacy.

Information on the Use of Cookies

Scope of Processing of Personal Data
On various pages, we integrate and use cookies to enable certain functions of our website and to integrate external web services. Cookies are small text files that your browser can store on your access device. These text files contain a unique string of characters that identifies the browser when you return to our website. The process of storing a cookie file is also referred to as "setting a cookie." Cookies can be set by the website itself or by external web services.

Legal Basis for Processing Personal Data
Relevant are Art. 6 ff. DSG (Principles) as well as Art. 6 Abs. 1 lit. f DSGVO (legitimate interest) or Art. 6 Abs. 1 lit. a and Art. 9 Abs. 2 lit. a DSGVO (consent).

Which legal basis applies depends on the cookie table presented later in this section.

In general, for cookies collected on the basis of legitimate interest, our legitimate interest is to ensure the functionality of our website and the integrated services (technically necessary cookies). Additionally, cookies may enhance user-friendliness and enable more personalized interaction. Here, we have balanced your interests against our interests.

With the help of cookie technology, we can identify, analyze, and track individual website visitors only if the visitor has consented to the use of cookies according to Art. 6 Abs. 6 DSG and Art. 6 Abs. 1 lit. a DSGVO.

Purpose of Data Processing
Cookies are set by our website or by external web services to maintain full functionality, improve user-friendliness, or pursue the purpose specified with your consent. Cookie technology also allows us to recognize individual visitors using pseudonyms, e.g., individual or random IDs, so that we can provide more personalized services. Details are provided in the table below.

Duration of Storage
The cookies listed below are stored in your browser until they are deleted or, in the case of session cookies, until the session expires. Details are provided in the table below.
Right to Object, Withdrawal of Consent, and Deletion

You can configure your browser according to your preferences so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in general. Cookies can be used for various purposes, e.g., to recognize that your access device has previously connected to our website (persistent cookies) or to store recently viewed offers (session cookies).

If you have explicitly given us permission to process your personal data, you may withdraw this consent at any time. Please note that the legality of processing carried out based on your consent up until the withdrawal is not affected by the withdrawal.

Data Security and Privacy, Email Communication

Your personal data is protected through technical and organizational measures during collection, storage, and processing, ensuring that it is not accessible to third parties. In the case of unencrypted communication via e-mail, complete data security during transmission to our IT systems cannot be guaranteed. Therefore, for information with a high need for confidentiality, we recommend using encrypted communication or postal mail.

Data Retention Period and Rights of the Data Subject

Data Retention
We only store personal data to the extent and for as long as it is necessary to fulfill the purposes for which the personal data was collected, we have a legitimate overriding interest in retention, or we are legally obliged to do so.

Right of Access
You have the right to request confirmation as to whether we process personal data about you. If this is the case, you have the right to access the information specified in Articles 25 et seqq. DSG or Article 15(1) DSGVO, provided that the access cannot be refused, restricted, or deferred by the data controller (see Articles 26 and 27 DSG or Article 15(4) DSGVO). We are also happy to provide you with a copy of the data.

Right to Rectification
According to Article 32(1) DSG or Article 16 DSGVO, you have the right to request the correction of any inaccurate personal data (e.g., address, name, etc.), unless a legal obligation prevents this. You may also request the completion of any incomplete data at any time. Any such adjustment will be made promptly.

Right to Erasure
You have the right under Article 17(1) DSGVO to request the deletion of personal data collected about you if:

The data is no longer necessary;
The legal basis for processing ceases due to the withdrawal of consent;
There are no legitimate reasons for processing;
The data has been processed unlawfully;
A legal obligation requires deletion.

This right does not apply under Article 17(3) DSGVO if:

Processing is necessary for exercising the right to freedom of expression and information;
Data was collected based on a legal obligation;
Processing is necessary for reasons of public interest;
Data is required for establishing, exercising, or defending legal claims.

Right to Restriction of Processing
According to Article 18(1) DSGVO, you have the right in certain circumstances to request the restriction of processing of your personal data. This applies if:

The accuracy of the personal data is disputed by you;
Processing is unlawful and you oppose deletion;
The data is no longer needed for the processing purpose but is required for establishing, exercising, or defending legal claims;
You have objected under Article 21(1) DSGVO and it is not yet clear which interests prevail.

Right to Withdraw Consent
If you have given explicit consent to the processing of your personal data (Art. 6(6) DSG and Art. 31(1) DSG; Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO), you may withdraw this consent at any time. Please note that the lawfulness of processing based on consent prior to its withdrawal is not affected. Data we are legally required to retain will be deleted after the retention period expires.

Right to Object
You have the right under Article 21 DSGVO to object at any time to the processing of personal data concerning you that is based on Art. 6(1)(f) DSGVO (legitimate interest). If you have given explicit consent to the processing of your personal data (Art. 6(6) DSG and Art. 31(1) DSG), you may withdraw it at any time. Please note that the lawfulness of processing based on consent prior to its withdrawal is not affected. This right only applies if there are special circumstances against storage and processing. Data we are legally required to retain will be deleted after the retention period expires.

Exercising Your Rights
You can exercise your rights at any time by contacting:

Area Sense GmbH
Obere Dorfstrasse 44
8700 Küsnacht
Switzerland
E-Mail: claudia.zahner@hotmail.com
Tel.: +41 44 910 05 60

Right to Data Portability

You have the right under Article 20 DSGVO to receive the personal data concerning you. We will provide the data in a structured, commonly used, and machine-readable format. The data can be transmitted either to you directly or to a controller designated by you.

Upon request, we provide the following data:

Data collected based on your consent (Art. 31(1) DSG and Art. 6(1)(a) DSGVO);
Data we have received from you in connection with existing contracts (Art. 31(2)(a) DSG and Art. 6(1)(b) DSGVO and Art. 9(2)(a) DSGVO);
Data processed through an automated procedure.

We will transfer the personal data directly to a controller of your choice, provided this is technically feasible. Please note that data affecting the overriding interests of third parties may not be transferred or may only be transferred in a limited manner (Art. 26(1)(b) DSG and Art. 20(4) DSGVO).

Notifications to the EDÖB and Right to File a Complaint

Data subjects may, pursuant to Art. 49 DSG, file a complaint with the supervisory authority if there are sufficient indications that data processing may violate data protection regulations. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC / Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, EDÖB).

Further information can be found via the EDÖB contact form: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html

If you suspect that your data is being processed unlawfully on our website, you may, pursuant to Art. 32 DSG, initiate judicial proceedings to clarify the matter. Typically, a claim under Art. 28 ff. ZGB is appropriate. If you are affected by data processing by federal authorities, the procedure is governed by Art. 41 DSG. In this case as well, you may contact the EDÖB (see the contact form link above).

Beschwerderecht bei der Aufsichtsbehörde gem. Art. 77 Abs. 1 DSGVO

Sofern Sie den Verdacht haben, dass auf unserer Seite Ihre Daten rechtswidrig bearbeitet werden, können Sie selbstverständlich jederzeit eine gerichtliche Klärung der Problematik herbeiführen. Zudem steht Ihnen jede andere rechtliche Möglichkeit offen. Unabhängig davon steht Ihnen gem. Art. 77 Abs. 1 DSGVO die Möglichkeit zur Verfügung, sich an eine Aufsichtsbehörde zu wenden. Das Beschwerderecht gem. Art. 77 DSGVO steht Ihnen in dem EU-Mitgliedstaat Ihres Aufenthaltsortes, Ihres Arbeitsplatzes und/oder des Ortes des vermeintlichen Verstosses zu, d.h. Sie können die Aufsichtsbehörde, an die Sie sich wenden, aus den oben genannten Orten wählen. Die Aufsichtsbehörde, bei der die Beschwerde eingereicht wurde, unterrichtet Sie dann über den Stand und die Ergebnisse Ihrer Eingabe, einschliesslich der Möglichkeit eines gerichtlichen Rechtsbehelfs gem. Art. 78 DSGVO.