Privacy policy

With this data protection declaration we inform you which personal data we process how, for what and where, especially in connection with our websites and our other offers. With this data protection declaration, we also provide information about the rights of persons whose data we process.

For individual or additional offers and services, special, supplementary or further data protection declarations as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use or Conditions of Participation may apply.

1. contact addresses

Responsibility for the processing of personal data:

Swiss Beauty Academy GmbH
Dübendorfstrasse 2
CH-8051 Zurich

info@sbacademy.ch

We point out if there are other persons responsible for the processing of personal data in individual cases.

2. processing of personal data

2.1 Terms and definitions

Personal data are all data which refer to an identified or identifiable person. A affected person is a person about whom personal data are processed. editing includes any handling of personal data, independent of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Law on Data Protection (DSG) and the Ordinance to the Federal Law on Data Protection (VDSG).

2.3 Nature, scope and purpose

We process those personal data which are required in order to be able to provide our offer permanently, user-friendly, safe and reliable. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.

We process personal data for the period that is necessary for the respective purpose or purposes or as required by law. Personal data whose processing is no longer required will be made anonymous or deleted. Persons whose data we process have principally a right to deletion.

We process personal data basically only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfil a contract with the data subject and for appropriate pre-contractual measures to safeguard our overriding legitimate interests, because the processing is obvious from the circumstances or after prior information.

In this context, we process in particular information that a person concerned provides to us voluntarily and personally when contacting us – for example by letter post, e-mail, contact form, social media or telephone – or when registering for a user account . We may store such information, for example, in an address book or with comparable tools. If you transmit personal data about third parties to us, you are obliged to guarantee data protection against such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted by law.

Personal data from applications are only processed to the extent that they are necessary for the assessment of suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required to carry out an application procedure is derived from the information requested or communicated, for example in the context of a job advertisement. Candidates have the opportunity to voluntarily provide additional information for their respective applications.

2.4 Processing of personal data by third parties, also abroad

We may have personal data processed by commissioned third parties or process it together with third parties or with the help of third parties or transfer it to third parties. Such third parties are in particular providers whose services we make use of. We also guarantee appropriate data protection for such third parties.

Such third parties are located principally in Switzerland and in the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth and elsewhere in the universe, provided that their data protection laws are in accordance with assessment of the Federal Data Protection and Information Commissioner (FDPIC) guarantees adequate data protection, or if, for other reasons, adequate data protection is guaranteed, for example, by means of an appropriate contractual agreement, in particular on the basis of standard contractual clauses, or through appropriate certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that data protection requirements are met, such as the explicit consent of the data subject.

3. rights of data subjects

Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to information as well as the right to correction, deletion or blocking of the processed personal data.

Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

4. data security

We take appropriate and suitable technical and organizational measures to ensure data protection and in particular data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.

The access to our online offer is carried out by means of transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.

Access to our online offer is subject – like principally every use of the Internet – to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot directly influence the appropriate processing of personal data by secret services, police forces and other security authorities.

5. use of the website

5.1 Cookies

We may use cookies for our website. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies or third-party cookies) – are data that are stored in your browser. Such stored data need not be limited to traditional cookies in text form. Cookies cannot run programs or transmit malicious software such as Trojans and viruses.

When you visit our website, cookies can be stored temporarily in your browser as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a certain storage period. In particular, they make it possible to recognise your browser the next time you visit our website and thus to measure the range of our website, for example. However, permanent cookies can also be used for online marketing, for example.

You can completely or partially deactivate or delete cookies in your browser settings at any time. Without cookies, our website may no longer be fully available. We actively ask you – if and to the extent necessary – for your express consent to the use of cookies.

In the case of cookies that are used to measure success and reach or for advertising, a general opt-out is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website called up including the amount of data transferred, last website called up in the same browser window (referrer or referrer).

We store such information, which may also represent personal data, in server log files. The information is necessary to provide our online service in a permanent, user-friendly and reliable manner and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.

5.3 Counting pixels

We may use tracking pixels on our website. Web beacons are also known as tracking pixels. Counting pixels – also from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Counting pixels can be used to record the same information as in server log files.

5.4 Comments

We enable you to publish comments on our website. In this context, we process in particular those details that a person providing comments himself/herself transmits to us, but also the Internet Protocol (IP) address used and the date and time. This information is required to enable the publication of comments and to ensure protection against misuse, which is in our overriding legitimate interest.

6. notifications and communications

We send notifications and communications, such as newsletters, by e-mail and through other communication channels such as instant messaging.

6.1 Measuring success and reach

Notifications and messages can contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical recording of usage for measuring success and reach in order to be able to offer notifications and messages based on the needs and reading habits of the recipients in an effective and user-friendly as well as permanent, secure and reliable manner.

6.2 Consent and objection

You must principle expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. For a possible consent for the receipt of e-mails, we use the “double opt-in” procedure if possible, i.e. you will receive an e-mail with a web link that you have to click on for confirmation, so that no abuse by unauthorized third parties can take place. We may log such consents, including Internet Protocol (IP) address, date and time, for evidence and security purposes.

You can unsubscribe basically at any time from notifications and messages such as newsletters. We reserve the right to make notifications and communications that are absolutely necessary for our offer. By logging off, you can, in particular, object to the statistical recording of usage for measuring success and range of coverage.

6.3 Service provider for notifications and messages

We send notifications and messages about services provided by third parties or with the help of service providers. Cookies may also be used in this process. We also guarantee adequate data protection for such services.

We use CleverReach to send and manage newsletters. CleverReach is a service of the German CleverReach GmbH & Co KG. Information on the type, scope and purpose of data processing can be found in the Data Protection Declaration of CleverReach.

7. social media

We are present on social media platforms and other online platforms in order to communicate with interested people and to inform them about our offer. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply in each case. These provisions provide information in particular on the rights of data subjects, including in particular the right of access.

8. measuring success and reach

8.1 Google Analytics

We use Google Analytics to analyze how our website is used, including measuring the reach of our website and the success of third-party links to our website. It is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible.

Google also attempts to track individual visitors to our website when they use different browsers or devices (Cross-Device Tracking). Cookies are also used for this purpose. For Google Analytics, your Internet Protocol (IP) address is required, but it is not combined with other data from Google.

In any case, we will have your Internet Protocol (IP) address anonymised by Google before the analysis. As a result, your complete IP address principally is not transmitted to Google in the USA.

We use Google Analytics with Google signals (Google Signals). This enables us to obtain extended statistics on visitors to our website who have activated personalised advertising as registered users of Google. Despite these extended statistics, we cannot establish a link to individual Google user accounts.

Further information on the type, scope and purpose of data processing can be found in the Principles for data protection and security and in the Data protection declaration in each case from Google, in Guideline on privacy in Google products (including Google Analytics), in the information on how Google uses data from websites where Google services are used and in the information about cookies at Google. Ausserdem besteht die Möglichkeit, das «Browser Add-on zur Deaktivierung von Google Analytics» zu verwenden sowie Widerspruch gegen personalisierte Werbung zu erheben.

8.2 Google Tag Manager

We use the Google Tag Manager in order to be able to integrate and manage services for analytics or advertising from Google as well as from third parties into our website. It is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. Cookies are used here none, but cookies can be used within the scope of the services integrated and managed with them. We provide information about the processing of personal data by such services in this privacy policy.

9. services of third parties

We use third party services to provide our services in a durable, user-friendly, secure and reliable manner. Such services also serve to embed content into our website. Such services – for example, hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise such services will not be able to transmit the relevant content. Such services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed.

For their own security, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources – including cookies, log files and counting pixels – in aggregated, anonymised or pseudonymised form.

9.1 Digital infrastructure

We use the services of third parties in order to be able to make use of the digital infrastructure required for our services. These include, for example, hosting and storage services from specialist providers.

We use in particular:

Cloudflare: Content Delivery Network (CDN); Provider: Cloudflare Inc. (USA); Information on data protection: Privacy Policy , Cookie Policy .

9.2 Audio and Video Conferencing

We use audio and video conferencing services to communicate with our customers and others. For example, we can use it to conduct audio and video conferences, virtual meetings and training courses such as webinars. In addition to this data protection declaration, any conditions of the services used, such as terms of use or data protection declarations, also apply in each case.

In particular, we use Skype, a service of the American Microsoft Corporation. Microsoft Ireland Operations Limited is responsible for users in the European Economic Area (EEA), the United Kingdom and Switzerland. Further information about the nature, extent and purpose of the data processing can be found in the Microsoft Privacy Statement, on the Microsoft Privacy Page and in the Microsoft Trust Center.

9.3 Map material

We use Google Maps to embed maps into our website. Cookies are also used for this purpose. Google Maps is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in the Principles for data protection and security and in the Data protection declaration in each case from Google, in Guideline on privacy in Google products (including Google Maps), in the information on how Google uses data from websites where Google services are used and in the information about cookies at Google. In addition, there is the possibility of objection to personalised advertising.

9.4 Entertainment

9.4.1 We use Vimeo to embed videos on our website. Cookies are also used for this purpose. Vimeo is a service of the American Vimeo Inc. For more information about the nature, scope, and purpose of the data processing, please refer to the Questions and Answers on data protection at Vimeo and the Vimeo privacy policy.

9.4.2 We use YouTube to embed videos on our website. Cookies are also used for this purpose. YouTube is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in the Principles for data protection and security and in the Data protection declaration in each case from Google, in Guideline on privacy in Google products (including YouTube), in the information on how Google uses data from websites where Google services are used and in the information about cookies at Google. In addition, there is the possibility of objection to personalised advertising.

9.5 Fonts

We use Google Fonts to embed selected fonts into our website. Here none cookies are used. It is a service of the American Google LLC, which is offered independently from other Google services. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in the Policy on Data Protection and Security and in the Data Protection Declaration of Google.

9.6 Payments

We use payment service providers to process our customers’ payments securely and reliably. The terms and conditions of the respective payment service providers, such as the General Terms and Conditions (GTC) or data protection declarations, apply to the processing.

We use in particular:


PostFinance:
E-payment solutions; Provider: PostFinance AG (Switzerland); Information on data protection: “Legal information and accessibility”, “Data protection” (including “Data protection declaration”).

9.7 Advertising

9.7.1 Bings Ads

We use Bings Ads, in order to be able to advertise our offer with the search engine Bing due to search queries. Bing Ads is an offer from Microsoft Ireland Operations Limited in Ireland and the American Microsoft Corporation. Bings Ads also uses cookies.

With such advertising we would like to reach in particular persons who are interested in our online offer or who already use our online offer. For this purpose, we transmit corresponding – possibly also personal – data to Bing (Remarketing). We can also determine whether our advertising is successful, that is, whether it leads to visits to our website (Conversion Tracking).

Further information about the nature, extent and purpose of the data processing can be found in the data protection declaration of Microsoft. In addition, there is the possibility of objection to personalised advertising.

9.7.2 Facebook Ads

We use Facebook Ads to advertise our offer on Facebook in a targeted manner. Facebook Ads is an offer from Facebook Ireland Ltd. in Ireland and the American company Facebook Inc. Facebook Ads also use cookies.

With such advertising we would like to reach in particular persons who are interested in our online offer or who already use our online offer. For this purpose, we transmit corresponding – possibly also personal – information to Facebook, in particular with the so-called Facebook pixel (Custom Audiences including Lookalike Audiences). We can also determine whether our advertising is successful, that is, whether it leads to visits to our website (Conversion Tracking).

Further information about the type, scope and purpose of data processing can be found in the Data Protection Declaration (“Data Policy”) of Facebook. In addition, Facebook users can use the advertising preferences to influence which ads they see on Facebook and which ads they see on Facebook in the future.

We use Google Ads (formerly AdWords) in order to be able to advertise our offer specifically on the search engine Google as well as elsewhere on the Internet, for example on other websites, among other things on the basis of search queries. Google Ads is an offer of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, the Irish Google Ireland Limited is responsible. Google Ads also uses cookies. Google uses various domain names – notably doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads.

With such advertising we would like to reach in particular persons who are interested in our online offer or who already use our online offer. For this purpose, we transmit corresponding – possibly also personal – data to Google (Remarketing). We can also determine whether our advertising is successful, that is, whether it leads to visits to our website (Conversion Tracking).

Further details about the nature, extent and purpose of data processing can be found in Google’s Privacy and Security Policy and in the Privacy Policy, Google’s Information on how Google uses data from websites where Google services are used and Google’s Information on cookies. In addition, there is the possibility of objection to personalised advertising.

9.7.4 Instagram Ads

We use Instagram Ads to advertise our services on Instagram. Instagram Ads is an offer from Facebook Ireland Limited in Ireland and the American Facebook Inc. Cookies may also be used in this process.

With such advertising we would like to reach in particular persons who are interested in our online offer or who already use our online offer. For this purpose, we transmit corresponding – possibly also personal – information to Facebook, in particular with the so-called Facebook pixel (Custom Audiences including Lookalike Audiences). We can also determine whether our advertising is successful, that is, whether it leads to visits to our website (Conversion Tracking).

Further details about the nature, scope and purpose of the data processing can be found in Instagram’s Privacy Policy and Facebook’s Privacy Policy (“Data Policy”). In addition, users can use Instagram’s advertising preferences to check which interests the ad relates to and Facebook’s advertising preferences to influence which ads are displayed to them.

10. extensions for the website

10.1 We use the WordPress extension Antispam Bee to differentiate desirable comments that originate from humans from unwanted comments from bots and other spam. We use Antispam Bee on our own server infrastructure and none cookies are used. Antispam Bee, which is being developed in Germany and Switzerland, enables us to fight spam in a data protection friendly, yet efficient and reliable way. Further information can be found in the documentation of Antispam Bee.

10.2 We use jQuery, a free JavaScript library from JS Foundation. We integrate the library using jQuery.com to improve the speed of our website. jQuery is delivered via the content delivery network (CDN) StackPath, a service of the American StackPath LLC. Cookies may also be used in this process. Further information about the type, scope and purpose of the data processing can be found in the Data protection declaration of StackPath.

11. final provisions

We have created this privacy policy with the Privacy Generator from Datenschutzpartner.

We can adapt and supplement this data protection declaration at any time. We will provide information about such adjustments and additions in a suitable form, in particular by publishing the respective current data protection declaration on our website.

This privacy policy is an unofficial translation from the German original. In case of ambiguities with foreign language versions, the German version shall be deemed authoritative.

Print Friendly, PDF & Email