e-guma Header Blog

Data privacy statement

We are delighted to see that you have taken an interest in our company. Data protection is especially important for executive management at Idea Creation GmbH. Although you do not have to give personal information to use Idea Creation GmbH’s website, we may need to collect and process this information for any persons wishing to use certain services provided by our company. Where processing personal data is required and not legally enforceable, we generally seek prior consent from the individual concerned.

Personal data such as name, address, email address or telephone number are processed in accordance with both the General Data Protection Regulation and the local data protection regulations applicable to Idea Creation GmbH. Our company wishes to use this data privacy statement to inform the public about the nature, scope, and purpose of the personal data that we collect, utilise and process. Furthermore, the statement advises individuals about their legal rights.

As the party responsible for processing personal information, Idea Creation GmbH has implemented numerous technical and organisational measures to ensure optimal protection of the data processed via this webpage. However, because internet-based data transmission can entail security gaps, absolute protection cannot be guaranteed. Therefore, any individual concerned is free to send us their personal information by other means, such as by telephone.

1. Definitions

This privacy statement issued by Idea Creation GmbH contains definitions used by the European issuer of directive and regulations in adopting the General Data Protection Order. Our privacy statement is intended to be readable and understandable to both the public as well as our clients and business associates. To ensure this, we would like to explain the definitions used in the rest of this statement.

In this data privacy statement, we use the following terms:

  1. personal data
    Personal data are all information referring to an identified or identifiable natural person (hereafter “individual concerned”). An identifiable person is any natural person who can be identified directly or indirectly by assignment to a name, ID number, location information, online ID or to one or several special features that specifically show the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  2. individual concerned
    Individual concerned is any identified or identifiable natural person whose personal data are processed by the responsible party.
  3. Data processing
    Data processing is any process or sequence of operations carried out with or without the help of automated procedures related to personal data. This includes data gathering, recording, organisation, ordering, saving, adjustment or alteration, selection, interrogation, usage, disclosure during transmission, dissemination or any other form of provision, cross-comparison or pooling, restriction, deletion, or destruction.
  4. Limited processing
    Limited processing is the marking of saved personal data with the aim of limiting their future processing.
  5. Profiling
    Profiling is any kind of automated processing of personal data where these personal data are used to evaluate particular personal aspects referring to a natural person, especially to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of residence of this natural person.
  6. Pseudonymisation
    Pseudonymisation is the processing of personal data such that they can no longer be matched to a specific individual concerned without consulting additional information, provided that this additional information is stored separately and is subject to technical and organisational measures that guarantee that the personal data are not assigned to an identified or identifiable person.
  7. Responsible party or party responsible for data processing
    The responsible party or party responsible for data processing is the natural or juristic person, authority, institute or other body who decides on the purpose and means of personal data processing, either singly or jointly with other parties. If the purpose and means or personal data processing are stipulated by European Union Law or the Law of Member States, then the party responsible. If the purposes and means of this data processing are stipulated by European Union law or law of Member States, the party responsible or another party with equivalent authority can process the data in accordance with European Union Law or the Law of Member States.
  8. Internal processor
    An internal processor is a natural or juristic person, authority, institute, or other body processing personal data on behalf of the responsible party.
  9. Recipient
    A recipient is any natural or juristic person, authority, institute, or other body to whom personal data are disclosed, regardless of whether it concerns a third party or not. However, authorities who may receive personal data as part of an investigation mandate in accordance with European Union Law or Law of Member States do not count as recipients.
  10. Third party
    A third party is any natural or legal individual, authority, institute or other body other than the individual concerned, responsible party, internal processor, and persons who are authorised to process the personal data under the direct supervision of the chief responsible internal processor.
  11. Consent
    Consent is any declaration of will that is given freely and unequivocally for the relevant case in an informed way by an individual concerned. This consent may be given in the form of a formal declaration or other means of clear affirmation that the individual concerned uses to convey that they agree to the processing of their personal data.

2. Name and address of the party responsible for data processing

The responsible party in line with the General Data Protection Regulation, or equivalent data protection laws in European Member States, and other data protection regulations is:

Idea Creation GmbH
Walchestrasse 15
8006 Zürich
Schweiz
Tel.: +41445005400
E-Mail: info@e-guma.ch
Website: www.e-guma.ch

3. Name and address of the data privacy officer

The data privacy officer of the party responsible for data processing is:

Idea Creation GmbH
Christoph Thomet
Walchestrasse 15
8006 Zürich
Schweiz
Tel.: +41 44 500 54 00
Email: ch.thomet@e-guma.ch
Website: www.e-guma.ch

For all questions and comments regarding data protection, any individual concerned can directly contact our data privacy officer.

4. European Union representative

Invit Travel GmbH
Radlkoferstrasse 2
81373 München
Deutschland
E-Mail: info@ihr-datenschutz-vertreter.ch

5. Cookies

Idea Creation GmbH’s website use Cookies. Cookies are text files that are stored and saved via a web browser on a computer system.

Numerous websites and servers use Cookies. Many Cookies use a so-called Cookie ID. A Cookie ID is a unique identifier of Cookies. It comprises a sequence of characters that allows websites and servers to be assigned to a specific web browser in which the Cookie was saved. In turn, this enables visited websites and servers to distinguish the individual browser used by the individual concerned from other browsers that contain other Cookies. A specific internet browser can be recognised and identified by the unique Cookie ID.

By using Cookies, Idea Creation GmbH can provide the website user with more user-friendly services that would not be possible without turning on Cookies.

Cookies allow information and offers on our website to be tailored to the user. They also enable us to recognise users of our website. This recognition is intended to make our website easier to use. For example, the visitor of a website using Cookies does not need to enter access data every time they go on the site since this is already done by the website and the Cookie placed on the user’s computer system. Another example is the shopping basket Cookie on the online store. Via this Cookie, the online store remembers the items that a customer placed in the virtual shopping basket.

The individual concerned can turn off the Cookies placed by our website anytime using the appropriate setting, and thereby permanently disable these Cookies. Furthermore, pre-set Cookies can be deleted anytime via a web browser or other software programmes. This is possible on all conventional web browsers. If the individual concerned deactivates the setting of Cookies on the web browser used, not all the features of our website might be usable in full.

6. Recording general data and information

Idea Creation GmbH’s website gathers a series of general data and information every time an individual concerned or an automated system opens the website. These general data and information are saved in the server’s logfile. Types of data gathered include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (known as a referrer), (4) the web pages on our site that are accessed via an accessing system, (5) the date and time of access of the webpage, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our IT systems.

Idea Creation GmbH does not use these general data and information to make inferences about the individual concerned. These data and information are required to (1) supply correct content on our website, (2) optimise the content of our website as well as appropriate advertisements, (3) guarantee continuous functionality of our IT systems and the technology of our website and (4) to provide law enforcement authorities with all information required to prosecute in the event of a cyber-attack on our system. These anonymously collected data and information are analysed by Idea Creation GmbH both statistically and with the aim of promoting data protection and security in our corporation to order to ensure an optimal level of security of the data processed by us. The anonymous data of the server logfiles are stored separately from all personal data specified by an individual concerned.

7. Comment function in the website blog

On the website of the party responsible for data processing, Idea Creation GmbH has a blog that gives users the opportunity to leave individual comments on certain blog posts. A blog is a web-based, generally publicly accessible portal where one or several persons who are termed bloggers or web-bloggers post articles or express thoughts in what are known as blogposts. The blogposts can usually be commented on by third parties.

If an individual concerned leaves a comment in a blog published on this website, the time the comment was posted as well as the username chosen by the individual concerned (pseudonym) will also be saved and displayed next to the comment. The IP address given by the internet service provider (ISP) of the individual concerned will be recorded as well. The IP address is saved for security reasons and in case the individual concerned posts a comment that infringes on the rights of third parties or shares illicit content. Therefore, these personal data are saved for the benefit of the party responsible for processing data so that they can exculpate themselves in the event of a breach of the law. These personal data are not forwarded to third parties where this is neither a legal requirement nor serves to defend the rights of the party responsible for data processing.

8. Subscription to comments on the website blog

Comments posted on Idea Creation GmbH’s blog can be subscribed to by third parties. A commenter has the option of subscribing to comments following on from his or her own comment on a given blogpost.

If an individual concerned opts to subscribe to comments, the party responsible for data processing sends them an automatic confirmatory email to check in a double-opt-in procedure whether the addressee of the given email address actually did choose this option. The option to subscribe to comments can be ended at any time.

9. Routine deletion and blocking of personal data

The party responsible for data processing processes and save personal data of the individual concerned only for as long is necessary to fulfil the purpose of storage, or if this has been stipulated by the European issuer of directives and regulations or another legislator in laws or regulations to which the party responsible for data processing is subject.

If it becomes no longer necessary to store the data, or the maximum data storage duration stipulated by the European issuer of directives and regulations or other legislator expires, the personal data are routinely blocked or deleted in accordance with legal requirements.

10. Rights of the individual concerned

  1. Right to confirmation
    Any individual concerned has a right granted by the European issuer of directives and regulations to demand confirmation from the party responsible for data processing whether their personal data are being processed. If an individual concerned wishes to exercise this right to confirmation, they can contact a colleague of the party responsible for data processing at any time.
  2. Right to information
    Any individual concerned whose personal data are processed has a right granted by the European issuer of directives and regulations to at any time obtain gratuitous information from the party responsible for data processing regarding the stored personal data of the individual concerned. The individual concerned also has a right to keep a copy of this information. The European issuer of directives and regulations has granted individuals concerned the right to information about the following:
    1. the specific purposes of processing the data
    2. the categories of personal data being processed
    3. the recipients or categories of recipients to whom the personal data have been or are still being disclosed. This applies especially to recipients based in third countries or with international organisations
    4. where possible the planned duration for which the personal data are stored, or where not possible the criteria for determining this duration
    5. the existence of a right to correction or deletion of the personal data concerned or to restricted processing by the responsible party, or a right to revoke this processing
    6. the existence of a right of appeal to a regulatory body
    7. if the personal data are not collected from the individual concerned: all available information regarding the origin of the data
    8. the existence of an automated decision making process including profiling as per Art. 22 para.1 und 4 DS-GVO and — at least in these cases — significant information about the involved logic as well as the scope and intended effects of such data processing for the individual concerned

      Furthermore, the individual concerned has a right to obtain accurate information regarding whether their personal data were sent to a third country or an international organisation. Should this be the case, the individual concerned also has the right to information regarding appropriate guarantees in relation to the data transfer.

      If an individual concerned wishes to exercise this right to information, they can at any time contact a colleague of the party responsible for processing the data.
  3. Right to correction
    Under European guidelines and regulations, any individual concerned whose personal data are processed has a right to demand immediate correction of their personal data if these are inaccurate. Furthermore, the individual concerned has a right to demand completion of incomplete personal data – even by issuing a complementary statement – depending on the purposes of data processing.

    If the individual concerned wishes to exercise this right to correction, they can at any time contact a colleague of the party responsible for data processing.
  4. Right to deletion (Right to be forgotten)
    Under European guidelines and regulations, any individual whose personal data are processed has a right to demand immediate deletion of their personal data by the party responsible for processing the data where one of the following reasons applies and data processing is not required:
    1. The personal data were processed for purposes that are no longer necessary.
    2. The individual concerned withdraws consent on which data processing is based as per Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO, and there is no other legal justification for data processing.
    3. The individual concerned files an appeal against data processing as per Art. 21 para. 1 DS-GVO, and there are no overriding legal reasons for processing, or the individual concerned appeals against the processing as per Art. 21 para. 2 DS-GVO.
    4. The personal data were processed unlawfully.
    5. The personal data had to be deleted to fulfil a legal obligation by European Union law or law of Member States to which the responsible party is subject.
    6. The personal data were collected in relation to services offered by the information society as per Art. 8 para. 1 DS-GVO.

      If one of the above reasons applies and an individual concerned would like to have their personal data deleted that are stored by Idea Creation GmbH, they can at any time contact a colleague of the party responsible. The contacted employee of Idea Creation GmbH will arrange to have the deletion request fulfilled immediately.

      If the personal data have been made public by Idea Creation GmbH and our company is obliged to delete to personal data as per Art. 17 para. 1 DS-GVO, then depending on available technology and implementation costs, Idea Creation GmbH will take appropriate (technical) measures to inform other responsible parties who are processing the disclosed data that the individual concerned has demanded deletion of all links to these personal data or other copies and replications thereof where processing of the data is not required. The employee of Idea Creation GmbH will take all necessary steps on a case-by-case basis.
  5. Right to limited processing
    Under European guidelines and directives, any individual concerned whose personal data are processed has a right to demand limited processing of their data by the responsible party if one of the following conditions applies:
    1. The accuracy of the personal data is disputed by the individual concerned until the responsibly party can examine and rectify the personal data.
    2. Processing the data is unlawful, the individual concerned refuses to have their personal data deleted and instead demands limited usage of these data.
    3. The responsible party no longer requires the personal data for processing purposes, but the individual concerned still requires them to assert, exercise or defend their legal claims.
    4. The individual concerned has filed an objection against data as per Art. 21 para. 1 DS-GVO and it remains uncertain whether the responsible party’s legitimate reasons outweigh those of the individual concerned.

      If one of the above conditions applies and an individual concerned wishes to demand limited usage of personal data stored by Idea Creation GmbH, they can at any time contact a colleague of the party responsible for processing the data. The relevant employee of Idea Creation GmbH will arrange for limited processing of the data.
  6. Right to data portability
    Under European guidelines and directives, any individual concerned whose personal data are processed has a right to obtain their personal data with which they originally provided the responsible party in a structured, standard, machine-readable format. The individual also has a right to send these personal data to another responsible party without obstruction by the party originally receiving the data if the data are processed in line with consent as per Art. 6 Abs. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO or in accordance with a contract as per Art. 6 para. 1 letter b DS-GVO, and the data are processed with the aid of automated procedures if data processing is not required to fulfil an obligation that lies within public interest or is carried out to exercise public authority that has been transferred to the responsible party.

    In exercising their rights to data portability as per art. 20 para. 1 DS-GVO , the individual concerned also has a right to request that the personal data are sent directly from one responsible party to another where this is technically feasible and does not thereby impinge on the rights and freedom of other individuals.

    The individual concerned can at any time contact an employee of Idea Creation GmbH to assert their right to data portability.
  7. Right of appeal
    Under the European guidelines and directives, any individual whose personal data are processed has a right to at any time to file an appeal against the processing of their personal data that is carried out as per Art. 6 para. 1 letters or f DS-GVO for reasons arising from their given situation. This applies also to profiling based on these provisions.

    In the event of an appeal being filed,  Idea Creation GmbH will cease to process personal data unless we can verify urgent, legitimate reasons for processing the data that outweigh the interests, rights and freedom of the individual concerned, or the data are processed to help assert, exercise or defend legal claims.

    If Idea Creation GmbH processes personal data to carry out direct advertising, the individual concerned has a right to at any time file an appeal against having their personal data processed for these exact advertising purposes. This applies also to profiling where it is associated with the relevant direct advertising. If the individual concerned appeals against the processing of their personal data by Idea Creation GmbH for direct advertising purposes, then Idea Creation GmbH will cease to process the personal data for these purposes.

    Furthermore, the individual concerned has a right to appeal against the processing of their personal data carried out by Idea Creation GmbH for scientific or historical research purposes or statistical purposes as per Art. 89 para. 1 DS-GVO for reasons arising from their particular circumstances, unless such processing is required to fulfil a duty in the public interest.

    To exercise rights of appeal, the individual concerned can directly contact any employee of Idea Creation GmbH or another employee. The individual concerned is also free to exert their rights to appeal by means of automated procedures using technical specifications in association with the usage of services provided by the information society, regardless of guideline 2002/58/EG.
  8. Automated decisions in individual cases including profiling
    Under the European guidelines and directives, any individual whose personal data are processed has a right not be subjected to a decision based exclusively on automated processing – including profiling which will have legal effect against them or significantly compromises them in a similar way. This applies where the decision (1) is not required to seal or fulfil a contract between the individual concerned and the responsible party, or (2) is permissible under legislation from the European Union or Member States to which the responsible party is amenable and these legal provisions comprise appropriate measures to preserve the rights, freedom and legitimate interests of the individual concerned or (3) is carried out with the explicit consent of the individual concerned.

    If the decision is (1) required to seal or fulfil a contract between the individual concerned and the responsible party or (2) is carried out with explicit consent from the individual concerned, Idea Creation GmbH takes appropriate measures to preserve the rights, freedom and legitimate interests of the individual concerned, which includes but is not restricted to the right for the individual concerned to intervene on behalf of the responsible party as well as to issue their own opinion about the decision, and challenge it should the need arise.

    If the individual concerned wishes to exercise their rights in relation to automated decisions, they can at any time contact an employee of the party responsible for processing the data.
  9. Right to withdraw consent for personal data processing
    Any individual whose personal data are processed has a right granted by the European issuer of directives and regulations to at any time withdraw their consent to have their personal data processed.

    If the individual concerned wishes to assert their right to withdraw consent, they can at any time contact a colleague of the party responsible for processing the data.

11. Data protection regulations governing use of Google Analytics (with anonymisation function)

The party responsible for processing data has integrated the Google Analytics components (with anonymising function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation, and analysis of data regarding user behaviour on websites. A web analysis service includes data regarding the website from which an individual concerned accessed another website (known as a referrer), which webpage of the site was accessed and how often and for what duration a webpage has been viewed. A web analysis is used predominantly for optimising a website and for cost-benefit ratio analysis of internet advertising.

The operating company of the Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The party responsible for processing data uses the extension “_gat.anonymizeIp” for web analysis via Google Analytics. This extension is used by Google to shorten and anonymise the internet connect IP address of individual concerned if access is gained to our website from a Member State of the European Union or another contracting Member State via the European economic zone.

The purpose of the Google Analytics components is to analyse visitor flows on our website. Google uses the data and information acquired to analyse usage of our website, in turn to compile online reports of activity levels on our website as well as to provide other services associated therewith.

Google Analytics places a Cookie on the IT system of the individual concerned. Please see the relevant section explaining what Cookies are (5. Cookies). Cookies enable Google to analyse usage of our website. Every time one of the web pages on our site is opened which is operated by the party responsible for data processing and on which a Google Analytics component has been installed, the web browser on the IT system of the individual concerned is automatically told by the relevant Google Analytics component to send data to Google for online analysis. As part of this technical procedure, Google obtains knowledge of personal data such as IP address of the individual concerned, which enables Google to track the location of website users. As part of this technical procedure, Google obtains information about personal data such as IP address of the individual concerned. Google uses such information to track the location of visitors and website clicks and in turn to instigate commission settlements.

Cookies allow the storage of personal data such as access time, access location and frequency of visits to our website by the individual concerned. Every time our website is visited, these personal data including the IP address of the internet connection used by the individual concerned are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may sometimes forward these personal data collected via the technical procedure to third parties.

The individual concerned can turn off and block Cookies on our website at any time by using the appropriate web browser setting.  Activating this setting would also prevent Google from placing Cookies on the IT system of the individual concerned. Furthermore, a Cookies already placed on the website by Google Analytics can at any time be deleted via the web browser or other software programmes.

Moreover, the individual concerned has the power to undo and block recording of data generated by Google Analytics through use of this website. To this end, the individual concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google via JavaScript that no data and information regarding visitors to websites may be sent to Google Analytics. The installation of browser add-ons is interpreted by Google as a signal to stop recording data. If the IT system of the individual concerned is later deleted, formatted, or reinstalled, the individual concerned must reinstall the browser add-ons to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the individual concerned or another individual with equivalent authority, there will be the option of reinstallation or reactivation of the browser add-ons.

Further information and applicable data protection regulations under Google can be found at https://www.google.de/intl/de/policies/privacy/ und under http://www.google.com/analytics/terms/de.html. A fuller explanation of Google Analytics is given under this link https://www.google.com/intl/de_de/analytics/.

12. Legal basis of data processing

Art. 6 I lit. a DS-GVO serves our company as a legal basis for data processing whereby we obtain consent for personal data to be processed for a certain purpose. If processing personal data is required to fulfil a contract in which the individual concerned is a party, as is usually the case with data processing procedures that are necessary for supplying goods or providing other services, then the data processing is based on Art. 6 I lit. b DS-GVO. The same applies to data processing procedures that are required for precontractual measures such as applies for inquiries about our products and services. If our business becomes subject to a legal obligation through which processing personal data is required such as to fulfil tax obligations, then data processing is based on Art. 6 I lit. c DS-GVO. In rare events, processing personal data could become obligatory to protect vital interests of the individual concerned or another natural person. For example, this would be the case if a visitor to our business premises were to be physically injured and would thereupon need to forward their name, age, health insurance details or other important vital information to a doctor, hospital or other responsible third party. Then processing personal data would be based on Art. 6 I lit. d DS-GVO or Art. 6 I lit. f DS-GVO. This is the legal framework for data processing procedures that are not covered by other aforementioned frameworks where data processing is required to preserve the legitimate interests of our company or of a third party and where these interests, fundamental rights and freedoms do not outweigh those of the individual concerned. We are permitted to carry out such data processing procedures because according to the European legislator, an individual concerned could claim a legitimate interest if they were not a client of the responsible party (Recital 47 Clause 2 DS-GVO).

13. Legitimate interests in data processing that are pursued by the responsible party or a third party

If the processing of personal data is based on Article 6 I lit. F DS-GVO, it is in our rightful interest to execute our business activity to benefit the well-being of all our colleagues and shareholders.

14. Duration of storage of personal data

Personal data are stored for the maximum duration specified by the appropriate law. After this duration, the relevant data are routinely deleted if they are no longer required to initiate or fulfil the contract.

15. Legal or contractual regulations on the provision of personal data; necessity for contract fulfilment; obligation of the individual concerned to provide their personal data; potential consequences of withholding personal data

We inform you here that providing personal data is in part a legal requirement (e.g. to comply with tax regulations) or is governed by contractual regulations (e.g. providing information on contract partners). Occasionally, an individual concerned can be contractually obliged to provide us with personal data that in turn must be processed by us. For example, the individual concerned is obliged to provide us with personal data if our business enters a contract with that individual. Failure to provide personal data would prevent the individual concerned from entering the contract. Before providing personal data, the individual concerned must contact one of our employees. The employee contacted will inform the individual concerned on a case-by-case basis as to whether the provision of personal data is a legal or contractual requirement, whether the individual concerned is obliged to provide their personal data as per the contract and what the implication would be of not providing personal data.

Date issued: 20.12.2018