Data Protection Statement
With this Data Protection Statement, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name kargo.events. We inform you in particular about the purposes, the means and the locations of the processing of personal data, as well as about the rights of the persons whose data we process.
For individual or additional activities and operations, we may publish further data protection statements or other information on data protection.
1. Contact addresses
The person responsible for data protection is:
Markus Balsiger
Niedermattstrasse 2a
4528 Zuchwil
In individual cases, third parties may be responsible for the processing of personal data or there may be joint responsibility with third parties. We will gladly inform the persons concerned about the respective responsibility upon request.
2. Definitions and Legal Bases
2.1 Definitions
Data subject: a natural person whose personal data we process.
Personal data: any information relating to an identified or identifiable natural person.
Sensitive personal data: data relating to trade union membership, political opinions, religious or philosophical beliefs, health, sexual life, racial or ethnic origin, genetic data, biometric data used for the purpose of identifying a natural person, data relating to criminal convictions or offences or related security measures, and data relating to social security measures.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).
3. Type, scope and purpose of processing personal data
We process the personal data that is necessary for us to be able to carry out our activities and operations in a sustainable, human-friendly, safe and reliable manner. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data processed may also represent special categories of personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when carrying out our activities and operations, provided that such processing is permitted.
We process personal data if and to the extent that we have the consent of the affected persons. We may process personal data without consent in many cases, for example to fulfil legal obligations or to protect overriding interests. We may also ask affected persons for their consent even if it is not required.
We process personal data for as long as is necessary for the respective purpose. We anonymise or delete personal data in particular depending on legal retention and limitation periods.
4. Disclosure of personal data
We may disclose personal data to third parties, have them processed by third parties or process them jointly with third parties. These third parties are in particular specialist providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunications companies, insurers and payment service providers.
5. Communication
We process personal data in order to communicate with individual persons as well as with authorities, organisations and companies. In this context, we process in particular data that a person concerned has sent to us, for example by post or e-mail. We may store such data in an address book or with similar tools.
Third parties who send us data about other persons are obliged to ensure the data protection of these persons themselves. They must in particular ensure that such data is correct and may be sent to us.
6. Data security
We take appropriate technical and organisational measures to ensure that data security is adequate to the risk. With these measures, we ensure in particular the confidentiality, availability, traceability and integrity of the processed personal data, without being able to guarantee absolute data security.
Access to our website and our other digital presence is encrypted (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn against visiting a website without encryption.
Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries, just like any digital communication. We cannot directly influence the processing of personal data by intelligence services, police authorities and other security authorities. We cannot rule out that a person concerned is being monitored specifically.
7. Personal data abroad
We generally process personal data in Switzerland. However, we can also disclose personal data to other countries, in particular to have it processed or to have it processed there.
We can disclose personal data to any country in the world and elsewhere in the universe, provided that the law there ensures adequate data protection according to a decision of the Swiss Federal Council.
We can disclose personal data to countries whose law does not ensure adequate data protection if other reasons ensure adequate data protection, in particular on the basis of standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or appropriate data protection if the special legal requirements for data protection are met, for example if the persons concerned have given their express consent or if there is a direct connection with the conclusion or performance of a contract. We are happy to provide information about any guarantees to affected persons upon request or to provide a copy of guarantees.
8. Rights of the data subject
8.1 Data protection claims
We grant data subjects all claims pursuant to the applicable law. Data subjects in particular have the following rights:
Right to information: Data subjects may request information as to whether we process personal data about them and, if so, which personal data we process. Data subjects will also receive the information they need to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also information about the purpose of the processing, the duration of the storage, any disclosure or export of data to other states and the origin of the personal data.
Right to correction and restriction: Data subjects may correct incorrect personal data, supplement incomplete data and have the processing of their personal data restricted.
Right to express an opinion and human review: Data subjects may express their opinion in the case of decisions that are based solely on the automated processing of personal data and that have legal consequences for them or significantly affect them (automated individual decisions), and they may request a review by a human being.
Right to erasure and objection: Data subjects may have their personal data erased (‘right to be forgotten’) and may object to the processing of their personal data with effect for the future.
Right to data portability and data transfer: Data subjects may request the transfer of their personal data or the transfer of their personal data to another controller.
We may suspend, restrict or refuse the exercise of the rights of data subjects within the legally permissible scope. We may inform data subjects about any conditions that must be met in order to exercise their data protection rights. For example, we may refuse to provide information in whole or in part on the basis of confidentiality obligations, overriding interests or the protection of other persons. For example, we may refuse to delete personal data, in whole or in part, especially if there are legal retention obligations.
We may exceptionally charge a fee for the exercise of rights. We will inform the persons concerned in advance of any such fees.
We are required to identify the persons concerned in an appropriate manner if they request information or exercise other rights. The persons concerned are required to cooperate.
8.2 Legal recourse
Data subjects have the right to enforce their data protection rights in court or to file a complaint or report with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Publicity Officer (FDPO).
9. Use of the website
9.1 Cookies
We may use cookies. Cookies are data stored in the browser, including both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies). Such stored data are not limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as “session cookies” or for a certain period of time as so-called “permanent cookies”. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a certain storage period. Cookies enable, in particular, the browser to be recognised when it visits our website again and, for example, to measure the reach of our website. Permanent cookies can be used, for example, for online marketing.
Cookies can be deactivated, restricted or deleted entirely or in part in the browser settings at any time. The browser settings often also allow for automatic deletion and other management of cookies. Without cookies, our website may not be fully available. We request – at least to the extent and as far as required by applicable law – express consent for the use of cookies.
For cookies used for success and reach measurement or for advertising, an opt-out is possible for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
We can log at least the following information for every access to our website and our other digital presence, provided that this information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including data volume transmitted, and the last website accessed in the same browser window (referrer).
We log such information that may also represent personal data in log files. This information is necessary to provide our digital presence in a sustainable, user-friendly and reliable manner. It is also necessary to ensure data security – even by third parties or with the help of third parties.
9.3 Tracking pixels
We can embed tracking pixels in our digital presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when our digital presence is accessed. Tracking pixels can record at least the same information as logging in log files.
10. Notifications and messages
10.1 Success and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether a particular message has been opened and which web links have been clicked on. Such web links and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical recording of use for success and reach measurement in order to send notifications and messages effectively and in a user-friendly manner, as well as in a sustainable, secure and reliable manner, based on the needs and reading habits of the recipients.
10.2 Consent and Objection
You generally have to consent to the use of your email address and other contact addresses, unless the use is otherwise legally permissible. To obtain a double-checked consent, we may use the “double opt-in” procedure. In this case, you will receive a message with instructions for double confirmation. We may log the consents we obtain, including IP address and timestamp, for evidence and security purposes.
You can generally object to receiving notifications and messages such as newsletters at any time. By doing so, you can also object to the statistical analysis of usage for the purpose of measuring success and reach. Mandatory notifications and messages in connection with our activities and operations are reserved.
11. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested parties and to inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.
The terms of use and privacy policies of the individual operators of such platforms also apply, including their general terms and conditions. These terms of use and privacy policies inform you, in particular, about your rights directly with the respective platform, including the right to information.
12. Third-party services
We use services from specialised third parties to enable us to carry out our activities and operations in a sustainable, user-friendly, safe and reliable manner. These services allow us, for example, to embed functions and content into our website. When we embed such services, the IP addresses of users are recorded by the services used for technical reasons, at least temporarily.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data relating to our activities and operations in an aggregated, anonymised or pseudonymised form. This may include performance or usage data, for example, to enable the respective service to be offered.
We use in particular:
- Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Data protection principles and security,” “Learn more about how Google uses personal data,” Privacy Policy, “Google is committed to complying with applicable data protection laws,” “Google Product Privacy Guide,” “How we use data from websites or apps that use our services,” “Types of cookies and similar technologies used by Google,” “Advertising that you can control” (“Personalised advertising”).
12.1 Digital infrastructure
We use services from specialised third parties to be able to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
- Cyon: Hosting; Provider: cyon GmbH (Switzerland); Data protection information: “Data protection,” Privacy Policy.
13. Website extensions
We use extensions for our website to be able to use additional features. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.
We use in particular:
- Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?”.
14. Success and reach measurement
We try to measure the success and reach of our activities and operations. In this context, we can also measure or check the impact of third-party tips or how different parts or versions of our digital presence are used (“A/B testing” method). Based on the results of the success and reach measurement, we can, in particular, correct errors, strengthen popular content or make improvements.
For success and reach measurement, IP addresses of individual users are generally recorded in most cases. IP addresses are generally shortened (“IP masking”) in this case in order to follow the principle of data economy through the corresponding pseudonymisation.
Cookies and user profiles may be used in the course of success and reach measurement. Any user profiles created may include, for example, the individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window and the approximate location. Generally, any user profiles created are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services, where users are logged in, may attribute the use of our online offering to the user account or user profile with the respective service.
We use, in particular:
- Google Marketing Platform: success and reach measurement, in particular with Google Analytics; provider: Google; Google Marketing Platform-specific information: measurement across different browsers and devices (cross-device tracking) with pseudonymised IP addresses, which are only transmitted in full to Google in the USA in exceptional cases, Google Analytics Data Protection Declaration, “Browser add-on to deactivate Google Analytics”.
- Google Tag Manager: Integrates and manages services from Google and third parties, especially for measuring success and reach; Provider: Google; Google Tag Manager-specific information: Google Tag Manager Privacy Policy; further information about data protection can be found in the individual integrated and managed services.
15. Final notes on the Privacy Policy
We have created this Privacy Policy with the help of the Data Protection Partner Generator.
We can update this Privacy Policy at any time. We will inform you about updates in an appropriate manner, especially by publishing the current Privacy Policy on our website.