GastroSocial Privacy Policy

Introduction

This Privacy Policy contains information about how we process personal data in connection with the use of our website. The abbreviation «FADP» stands for «Federal Act on Data Protection» and applies to persons in Switzerland who visit our website (hereinafter «Swiss data subjects»). The abbreviation GDPR stands for «General Data Protection Regulation» and applies to persons in the EU who visit our website (hereinafter «EU data subjects»).

Name and address of the data controller

The controller within the meaning of the data protection legislation and other data protection-related requirements is:

GastroSocial  |  Buchserstrasse 1  |  5001 Aarau  |  Switzerland

gastrosocial.ch  |  E-Mail  |  T 062 837 71 71

Data Protection Officer:

Data Protection Officer  |  GastroSocial  |  Buchserstrasse 1  |  5001 Aarau  |  E-Mail

Your rights

Right to be informed

Under Art. 8 FADP and Art. 15 GDPR, you have the right to request confirmation from us as to whether any personal data concerning you is being processed by us. If your personal data is being processed, you have the right to be informed of which data, as well as the right to be given the additional information stated in Art. 8 FADP and Art. 15 GDPR.

Right to rectification

Under Art. 5 FADP and Art. 16 GDPR, you have the right to request that personal data concerning you be rectified immediately if it is inaccurate. Depending on the processing purpose, you also have the right to have incomplete personal data completed; this may involve you providing a supplementary statement.

Right to erasure

Where permitted by law, Swiss data subjects can request the erasure of their data if, e.g., the data is no longer essential/required or if consent to processing has been withdrawn.

EU data subjects also have the right to demand that we erase personal data concerning them immediately. We are obliged to delete personal data immediately under certain circumstances. For specific details, please refer to Art. 17 GDPR.

Right to restrict processing

In accordance with Art. 18 GDPR, EU data subjects have the right to demand that we restrict the processing of their personal data under certain circumstances.

Right to data portability

Under Art. 20 GDPR, EU data subjects have the right to request that the personal data concerning them that they have provided to us be made available to them in a structured, commonly used and machine-readable format, as well as the right to send this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means.

Right to object 

Under Art. 21 GDPR, EU data subjects have the right to object to the processing of personal data concerning them on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

If we use your personal data to carry out direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling if it is associated with such direct marketing.

Right to lodge a complaint with a supervisory authority

If you are not happy with how your data is being processed by us, you can lodge a complaint with the Federal Data Protection and Information Commissioner and take appropriate action under civil and/or public law (see Art. 15, 25, 27, 29 FADP).

Under Art. 77 GDPR, EU data subjects have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the member state of your habitual residence or place of work or in which the suspected breach took place, if you believe that the personal data concerning you is being processed in violation of the GDPR.

Exercising your rights

If you wish to exercise any of your rights, please get in touch with our Data Protection Officer using the contact details above, or let us know via one of the other contact methods that we offer. Please contact us if you have any questions in this regard.

Data processing and data storage

Server log files

When you access our website, the company that we use to operate the site will process and save technical information about the end device you are using (operating system, screen resolution and other, non-personal features) and the browser (version, language settings), and in particular the public IP address of the computer from which you are visiting our website, including the date and time of access. The IP address is a unique numerical address via which your device sends/receives data to/from the Internet. We and our service provider do not generally know who an IP address belongs to, unless you provide us with data that allows us to identify you when you use our website. Furthermore, a user may be identified if legal action is taken against them (e.g. in the event of attacks on our website) and we become aware of their identity during the investigations. In general, you do not need to worry about us being able to associate your IP address with your identity.

Our service provider uses the processed data for non-personal statistical purposes, so that we can identify which end devices are used with which settings when users visit our website and thus make improvements to the latter. These statistics do not contain any personal data. The basis for compiling these statistics is our legitimate interest in improving and efficiently conducting our business (lawful basis: Art. 6(1)(f) GDPR).

The IP address is further used for technical purposes to enable you to access and use our website, as well as for the purpose of detecting and fending off attacks on our service provider or our website. Unfortunately, attacks aimed at causing harm to operators and users of websites (e.g. by preventing access, spying on data, spreading malware and viruses, or by other illegal means) are common. Such attacks would prevent the data centre of the company contracted by us from functioning properly, as well as impairing the use of our website or its functionality and jeopardising the security of visitors to our website. The IP address and time of access is processed for the purpose of defending against such attacks. This form of data processing by our service provider is a means of pursuing our legitimate interest in ensuring that our website functions correctly and in fending off illegal attacks against ourselves and visitors to our website. The basis for the processing is thus our legitimate interest in improving and efficiently conducting our business (lawful basis: Art. 6(1)(f) GDPR).

The stored IP data is deleted (through anonymisation) when it is no longer needed to detect or defend against an attack.

Cookies

We use cookies and similar technologies (local storage) to operate our website, to ensure that it functions properly, to understand how visitors use our website and to store preferences that users have configured in their browser.

Cookies are small text files that your browser stores automatically on your device when you visit our website. We can then read these cookies the next time you access our website. Cookies are stored for different lengths of time. You have the option of configuring which cookies your browser should accept; however, please be aware that certain functions of our website may no longer work properly if you do so. You can also delete cookies yourself at any time. If you do not do so, we can specify how long a cookie should be saved on your computer when storing it. A distinction is made here between session cookies and permanent cookies. Session cookies are deleted by your device when you leave our website or close your browser. Permanent cookies are saved for the duration that we specify when storing them. 

We use the following types of cookies:

  • Technical cookies that are essential for enabling the use of certain website functions (e.g. recognising that you have logged in). Without these cookies, some functions cannot be made available.
  • Functional cookies that are used to technically execute certain functions that you wish to use.
  • Analysis cookies that serve to analyse your user behaviour.
  • Third-party cookies of service providers whose functions we integrate on our website in order to make certain features possible. They can also be used to analyse user behaviour.

In most browsers used by our users, it is possible to configure which cookies should be stored and to delete (certain) cookies again. If you restrict the setting of cookies on certain websites or block cookies from third-party websites, it may no longer be possible to use all the functions of our website. You can find out here how to change the cookie settings in the most common browsers:

Sharing of data with third parties

As a rule, we do not share the personal data provided to us with third parties, i.e. especially not for marketing purposes.

However, in order to operate our website and provide products/services, we work with service providers (processors). In some circumstances, these service providers may become aware of personal data. We select our service providers carefully – especially with regard to data protection and data security – and take all measures required under data protection law to ensure that the data processing is permitted.

Data processing in Switzerland and in the EU

As a rule, we process all data (server log files, contact form, registration, cookies) in Switzerland. Switzerland is considered to provide an adequate level of data protection in accordance with Decision 2000/518/EC of the European Commission. However, some service providers whose plugins and tools we use may process data outside the EU. If so, this is disclosed in this Privacy Policy when explaining the different plugins/tools that are used.

An adequate level of data protection is ensured through participation in the Privacy Shield agreement and through the individual data protection and data security measures taken by the service provider. In addition, we ensure that the provider is based in a country with a level of data protection that is considered adequate under Swiss law (Art. 7 OFADP, Data Protection Ordinance) and is included on the FDPIC list.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google Fonts

We use Google Fonts on our website. This is a collection of fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, especially suited for use on websites. When your browser retrieves the font used on our website, the public IP address of the computer you are using is transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The IP address is a unique numerical address via which this computer sends/receives data to/from the Internet.

When you access our website, your browser loads the fonts that are needed to display the content as intended. If your browser does not support web fonts, a standard font stored on your computer will be used to display our website. More information about Google Fonts can be found at https://developers.Google.com/fonts/faq. Google’s general privacy policy applies here, which is available at https://policies.google.com/privacy?hl=en. Our legitimate interest for using Google Fonts lies in ensuring a consistent appearance of the website and thereby making sure that it works correctly on all end devices (lawful basis: Art. 6(1)(f) GDPR).

Google Analytics tool

We use Google Analytics (including via Google Tag Manager), a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to process data on our behalf. As the processor, Google uses a cookie for this purpose. Cookies are small text files that are stored on your device by your browser. Through this cookie, Google receives information about which website you have visited, plus the following information in particular: browser type/version, operating system used, technical information about the operating system and browser, and the public IP address of the computer used by you. We use Google Analytics in such a way that your IP address is only used in anonymised form. According to Google, this anonymisation is performed in the European Union or a member state of the EEA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. Based on information provided by Google, this anonymisation is carried out before the IP address is saved on a permanent storage medium for the first time. For specific details, please refer to Google’s privacy policy, which is available at https://support.google.com/analytics/answer/6004245?hl=en.

Google Analytics enables us to compile non-personal usage statistics for our website, as well as demographic data about visitors and their user behaviour. We also compile statistics that help us better understand how visitors find our website, which in turn allows us to improve our search engine optimisation and our advertising measures. This form of data processing is a means of pursuing our legitimate interest in improving our website and advertising measures (lawful basis: Art. 6(1)(f) GDPR).

Information on how to object to the use of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser add-on, or in browsers for mobile devices, please click this link to prevent Google Analytics from collecting information within this website in future (the opt-out only works in this browser and only for this domain). This action will store an opt-out cookie on your device. If you delete your cookies in this browser, you will have to re-click this link.

Google is a member of the Privacy Shield agreement and has concluded a data processing agreement with us for Google Analytics. The pseudonymous data is deleted after 14 months.

Google Remarketing/DoubleClick

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This function makes it possible to combine the ad target groups created by means of Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. As a result, interest-based, personalised advertising messages which have been tailored to you based on your previous usage and surfing behaviour on an end device (e.g. smartphone) can also be displayed on another one of your end devices (e.g. tablet or PC).

If you have consented to this, Google will link your web and app browsing history to your Google account. This allows personalised advertising messages to be displayed on every end device on which you sign in with your Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data for the purpose of defining and creating target groups for cross-device advertising.

You can permanently opt-out of cross-device remarketing/targeting by turning off personalised advertising in your Google account; instructions on how to do so can be found via this link: https://www.google.com/settings/ads/onweb/

The collected data will only be linked to your Google Account if you have given Google your consent to do so; you may withdraw this consent at any time (lawful basis: Art. 6(1)(a) GDPR). For data collection processes that are not linked to your Google Account (e.g. because you do not have a Google account or you have objected to such linking), the collection of data is based on our legitimate interest in the anonymised analysis of website visitors for marketing purposes by us as the website operator (lawful basis: Art. 6(1)(f) GDPR).

Further information and data protection provisions can be found in Google’s privacy policy at https://www.google.com/policies/technologies/ads/

Google Maps

In order to show where our company is located, we use Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the «Contact Details» page of our website. Your IP address is transmitted to Google when you access this page. The IP address is a unique numerical address via which this computer sends/receives data to/from the Internet. Google’s general privacy policy applies here, which is available at https://www.google.com/policies/privacy/. Our legitimate interest in using Google Maps lies in showing our website visitors where our company is located, so that they can find us more easily (lawful basis: Art. 6(1)(f) GDPR).

You can opt out of your data being processed. Details of how to do so can be found at https://adssettings.google.com/authenticated.

Google is certified under the US-EU Privacy Shield agreement and thereby guarantees compliance with EU data protection regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

YouTube

YouTube videos are embedded in our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This plugin is used on the basis of our legitimate interest in improving and efficiently conducting our business (lawful basis: Art. 6(1)(f) GDPR).

YouTube videos are embedded in our portal in «privacy-enhanced mode». This means that YouTube will not receive and save your data before you have clicked on a corresponding video. More information can be found in YouTube’s privacy policy: https://policies.google.com/privacy

Playing videos is associated with large volumes of data, especially when various website visitors are watching videos at the same time. The playback speed and quality of videos will be improved if the videos are played from a server that is located as close as possible to the website visitor. Due to the technical complexity of this, we are unable to make video playback possible through our own systems. We have therefore embedded the videos using YouTube (lawful basis: Art. 6(1)(f) GDPR).

Google is certified under the US-EU Privacy Shield agreement and thereby guarantees compliance with EU data protection regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Facebook

Our website uses social plugins («plugins») from Facebook, provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These plugins are used on the basis of our legitimate interest in analysing, improving and efficiently conducting our business (Art. 6(1)(f) GDPR).

Facebook plugins are easily recognisable by the typical Facebook logo, «like» button or thumbs-up symbol.

When you click on the Facebook button, a direct connection to the Facebook servers is established and the following information is transmitted as a minimum: information that you are currently visiting our website; association of your activity (e.g. «like») with your Facebook account.

We do not know for certain how long Facebook stores data and to what extent it is processed or shared.

More details about why, how and to what extent Facebook collects, processes and uses data can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy/). Further settings as well as objections to the use of data for marketing purposes can be made in the Facebook profile settings (https://www.facebook.com/settings?tab=ads) or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

Facebook is certified under the US-EU Privacy Shield agreement and thereby guarantees compliance with EU data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

LinkedIn

Our website uses social plugins («plugins») from LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. These plugins are used on the basis of our legitimate interest in analysing, improving and efficiently conducting our business (Art. 6(1)(f) GDPR).

LinkedIn plugins are easily recognisable by the typical LinkedIn logo (I).

When you click on the LinkedIn button, a direct connection to the LinkedIn servers is established and the following information is transmitted as a minimum: information that you are currently visiting our website; association of your activity with your LinkedIn account.

We do not know for certain how long LinkedIn stores data and to what extent it is processed or shared. More details about why, how and to what extent LinkedIn collects, processes and uses data can be found in LinkedIn’s privacy policy (https://www.linkedin.com/legal/privacy-policy).

LinkedIn is certified under the US-EU Privacy Shield agreement and thereby guarantees compliance with EU data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

XING

The XING share button is used on this website. The provider is New Work SE, Dammtorstrasse 29 – 32, 20354 Hamburg, Germany. This plugin is used on the basis of our legitimate interest in analysing, improving and efficiently conducting our business (lawful basis: 6(1)(f) GDPR).

The XING plugin is easily recognisable by the typical XING logo (x).

When accessing this website, a short-term connection to the servers of XING is established via your browser, which enable the functions of the XING share button to be performed (especially the calculation/display of counter stats). XING does not store any of your personal data when this website is accessed. In particular, XING does not store IP addresses. Furthermore, your usage behaviour is not analysed through the use of cookies in connection with the XING share button. The current data protection information for the XING share button and additional information can be found on the following website: https://www.xing.com/app/share?op=data_protection

Hotjar

Hotjar plugins are embedded in our website. The provider is Hotjar Limited, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 3155, Malta.

These plugins are used based on our legitimate interest in improving and efficiently conducting our business (legal basis: Art. 6(1)(f) GDPR) and to better understand the needs of our website users and to optimise the content and user experience on this website. By using Hotjar technology, we are able to gain a better understanding of the experiences of our website users (e.g. how much time they spend on which pages, which links they click on, what they do and do not like etc.), which helps us to adapt the site and content according to their feedback. Hotjar uses cookies and other technologies to collect data about the behaviour of our website users and about their devices, especially the IP address of the device (only collected and stored in anonymised form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, the location (only the country) and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data that is collected on our behalf. More information can be found in the section «About Hotjar» on Hotjar’s help page: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar

Amendments to data protection notices

This data protection information is updated on an ongoing basis. We therefore reserve the right to amend it from time to time in order to reflect any changes to how we collect, process and use your data. The latest version of the Privacy Policy is always available at: https://www.gastrosocial.ch/en/about-us/data-protection/gastrosocial-privacy-policy