Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The privacy policy applies to all personal data processing we carry out, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offer").

The terms used are not gender-specific.

Date: July 14, 2024

Table of Contents

Controller

Niklas Holy

Schachenstrasse 17

9430 St.Margrethen

Schweiz

Email: info@radioreg.net

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing, and refers to the data subjects.

Types of Processed Data

  • Employee data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of Data Subjects

  • Employees
  • Users

Purposes of Processing

  • Security measures
  • Reach measurement
  • Profiles with user-related information
  • Provision of our online offer and user-friendliness
  • Establishment and execution of employment relationships
  • Information technology infrastructure
  • Business processes and economic management

Legal Bases

Legal bases under Swiss data protection law: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (short "Swiss DPA"). Unlike the GDPR, the Swiss DPA generally does not require that a legal basis for the processing of personal data be specified and the processing of personal data is conducted in good faith, lawfully, and proportionately (Art. 6 para. 1 and 2 of the Swiss DPA). Furthermore, we only collect personal data for a specific, recognizable purpose for the data subject and only process it in a way that is compatible with that purpose (Art. 6 para. 3 of the Swiss DPA).

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

Measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, securing availability, and separation of data concerning them. We have also set up procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL, serving as an indicator for users that their data is transmitted securely and encrypted.

International Data Transfers

Disclosure of personal data abroad: In accordance with the Swiss DPA, we only disclose personal data abroad if an adequate level of protection for the data subjects is ensured (Art. 16 Swiss DPA). If the Federal Council has not determined an adequate level of protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal data protection regulations recognized by the FDPIC or a competent data protection authority of another country in advance.

According to Art. 16 of the Swiss DPA, exceptions for the disclosure of data abroad may be allowed if certain conditions are met, including the consent of the data subject, contractual execution, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures are always made in compliance with legal requirements.

Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original processing purpose ceases to exist or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

After the expiration of legal retention periods, the relevant data will be routinely deleted in accordance with applicable legal requirements. If users' data is not deleted because it is required for other legally permissible purposes, its processing will be limited. This means the data will be blocked and not processed for other purposes. This applies to data, for example, that must be stored for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons.

Rights of Data Subjects

  • Right to Access: Users have the right to obtain confirmation about the processing of their data and to access the data and further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: Users have the right to request the completion or correction of inaccurate data concerning them in accordance with legal requirements.
  • Right to Deletion and Restriction of Processing: Users have the right to request the deletion or restriction of processing of their data in accordance with legal requirements.
  • Right to Data Portability: Users have the right to receive the data they have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request its transfer to another controller, if technically feasible.
  • Right to Object: Users have the right to object to the processing of their data for reasons arising from their particular situation, in accordance with legal requirements.
  • Revocation of Consent: Users have the right to revoke their consent at any time, with effect for the future.
  • Right to Lodge a Complaint: Users also have the right to lodge a complaint with a competent supervisory authority in accordance with legal requirements.

Provision of Online Offer and Web Hosting

To provide our online offer securely and efficiently, we use the services of one or more web hosting providers whose servers (or those managed by them) can be accessed through the internet. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed in the context of providing the hosting service may include all information concerning users of our online offer, which is generated in the course of use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

Collection of Access Data and Log Files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the requested web pages and files, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), IP address, and the requesting provider.

The server log files may be used for security purposes, e.g., to avoid overloading the server (especially in case of abusive attacks, so-called DDoS attacks) and to ensure the server's stability and balance.

Use of Cookies

Cookies are small text files, or other memory markers, stored by a browser on a user's device to save certain information. Cookies may store various types of information, including user preferences, login status, and other data to enhance the browsing experience and ensure the functionality of online services.

Cookies serve different purposes, including:

  • Functionality: ensuring the operation and usability of online services.
  • Performance: gathering information about how online services are used to improve their performance.
  • Personalization: customizing online services to user preferences.
  • Security: enhancing the security of online services and preventing misuse.

Users can manage and control the use of cookies through their browser settings. Options include disabling cookies, deleting cookies, or receiving notifications before cookies are stored. These settings may affect the functionality and user experience of online services.

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "web analytics") is used to analyze and evaluate visitor traffic to online services, identify trends and user behavior, and make improvements. This analysis can be conducted using various tools and services that collect data about users' interactions with online services.

The collected data may include information about the devices and browsers used, IP addresses, the pages visited, the time spent on the pages, and other interactions. These data are often aggregated and anonymized to provide insights without identifying individual users.

Web analytics tools may use cookies and similar technologies to track user activity and gather information about user preferences and behavior. These tools help improve the usability, functionality, and effectiveness of online services.

Common web analytics tools include Google Analytics, Matomo (formerly Piwik), and Adobe Analytics, among others. Users can often opt-out of web analytics by adjusting their browser settings or using available opt-out mechanisms provided by the analytics services.

If you have any questions about our privacy policy, please contact us at info@radioreg.net.