The protection of your personal data is a matter we take very seriously when you register via email, use our products or visit the MyCityHighlight webpages. Our data privy policy is based on the European General Data Protection Regulation (GDPR).
1. What personal data do we collect?
When you visit our webpages or place an order, the following data may be processed:
- Email addresses: When you register via an email account or place an order, we process your email address and other information provided (e.g. address).
- Web use protocol: When you use our webpages, we record your usage behaviour on our pages. This includes your actions on the website, such as search protocols, clicks on buttons and links, date and time of use, your time zone, information on the specification of your browser and operating system, language settings, your approximate location derived from your IP address, referrals from other websites and web searches.
- Server protocol: We create server protocols when you use our apps or webpages. This includes the date and time of access, access duration, data throughput, access status and HTTP(S) status codes.
- Device ID number and IP addresses: When you visit our website, we process and save your IP address. Email addresses: When you register via an email account or place an order, we use your email address and other information provided (e.g. address).
2. Legal bases and purposes of the data processing
Your data is saved and processed exclusively for the purposes of being able to offer our platform and associated services and/or to improve our website.
- Fulfilment of contract: The processing of your email addresses is necessary for the fulfilment of the contract (Art. 6 par. 1b GDPR): We collect your data for processing when you decide to provide this data voluntarily. Your data is thus processed when you provide it to us yourself. In this case, the data provided is processed exclusively for the execution of the respective service.
- Compelling, legitimate interest: We have a compelling, legitimate interest in the processing of web usage protocols, server logfiles, device ID numbers and IP addresses. We use this data for the proper operation of our platform and website, in particular in order to determine and eliminate errors. Our legitimate interest within the meaning of the GDPR lies in the security and the optimisation of our services and webpages. Furthermore, we also transmit data to third parties in this case for statistical and evaluation purposes as well as for the optimisation of interest-based advertising, in order to improve our services and products.
- We also use trackers. Please refer to Point 3 for your statutory information right and other rights regarding the use of trackers in relation to personal data.
3. Statutory information rights and other rights as well as opt-out options
In accordance with Art. 12 I GDPR, you, as the data subject, have the right to information regarding the processing, saving and disclosure of personal data vis-à-vis us as the data controller pursuant to Art. 13 and 14 GDPR. Obligations to report also exist in accordance with Art. 15 to 22 and Art. 34 GDPR.
In accordance with Art. 21 GDPR, you, as the subject of data processing, have the right to object to the processing in the cases mentioned in the Article.
In accordance with Art. 16 GDPR, you have the right to correction.
In accordance with Art. 17 GDPR, the data subject can demand deletion of the data saved about them.
In accordance with Art. 18 GDPR, the data subject has the right to limit the processing of their data.
To safeguard your rights, we therefore offer you the following opt-out options:
- Deletion of your user profile
Moreover, you have the right to appeal at the responsible data protection supervisory authority (Art. 77 GDPR.)
4. Saving the data
We save the data on servers in Switzerland. In doing so, we take all reasonable measures to ensure that your data is secure and used as described in these data privacy guidelines.
We use secure servers in order to guarantee the proper saving of data. All transmissions of data are encrypted for security reasons.
However, the transmission of data over the Internet can never be 100% secure. We can therefore not guarantee the security of data that is collected or transmitted electronically. However, we take measures that are necessary and in our area of responsibility to guarantee the best possible security.
You provide your data at your own risk. Where necessary, a password may be necessary to access certain areas of our apps or webpages. You alone bear responsibility without limitation for the security and confidentiality of the password that you generate.
5. Transmission of data
In addition to the cases referred to under Point 2, your data may be passed on to third parties under the following conditions:
Transmission may take place if we sell our company or parts or shares thereof to third parties.
Your data can be passed on to any employee of our company and employees of associated companies for the purposes of data use and processing, as set down in these guidelines.
Statutory regulations to which our company is subject may require the disclosure of data.
6. Hyperlinks to third-party websites
7. Data subject rights and contact
To exercise your above-mentioned rights to information on your personal data that is processed by us (Art. 12 in connection with Art. 13, Art. 14 as well as Art. 15 to 22 and Art. 34 GDPR), the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), to limitation of processing (Art. 18 GDPR) and deletion in accordance with Art. 21 GDPR, please write to SB Switzerland AG, Talgut-Zentrum 7, 3063 Ittigen, Switzerland or send an email to firstname.lastname@example.org.
To assert your right to appeal arising from Art. 77 GDPR, please contact the responsible supervisory authority.