top of page

PRIVACY POLICY

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our Social Media Profile. (hereinafter jointly referred to as the "online offer"). With regard to the terms used, such as "processing" or "responsible person", we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (GDPR) and any other local privacy law of Switzerland. For the purpose of the Data Protection Act the data Controller is Saatchi & Saatchi Group Ltd ("Saatchi & Saatchi").

Provider of this website in the sense of data protection law is:

Saatchi & Saatchi

CEO/MD : Holger Schicke

Stadelhoferstrasse 25

8001 Zürich

info@saatchi.ch

+41 44 298 18 18

 

External data protection officer at the provider is:

Yusuf Tuncay-Eberl

E-mail: yusuf.tuncay-eberl@publicisresources.com

 

Used terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all processing of data. The term "controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

Relevant legal bases

In accordance with Art. 13 GDPR we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

 

Security measures

In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the access, input, disclosure, security of availability and separation of the data relating to them. We have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to any threats to the data. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and through data protection by default (Art. 25 GDPR).

Cooperation with contract processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if the data must be transferred to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 letter b GDPR for the fulfilment of the contract), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 GDPR.

 

Transfers to third countries

If we process data in a third country (i.e. outside Switzerland or the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special requirements of Art. 44 ff. GDPR. This means that the processing is carried out, for example, on the basis of special guarantees, such as the determination of a level of data protection corresponding to the EU or compliance with recognized contractual obligations (so-called "Standard Contractual Clauses").

Rights of data subjects

You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information about this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR. You have accordingly. Art. 16 GDPR the right to request the completion of data concerning you or the correction of incorrect data concerning you. In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand that the processing of the data be restricted. You have the right to receive the data concerning you which you have provided us with in accordance with Art. 20 GDPR and to demand that it be passed on to other responsible parties. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

 

Right of withdrawal

You have the right to revoke consents granted in accordance with Art. 7 Para. 3 GDPR with effect for the future

 

Right of objection

You can object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for the purposes of direct advertising.

Deletion of data

The data processed by us will be deleted or limited in their processing in accordance with articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

 

Types of data processed:

Stock data (e.g., names, addresses)

Contact details (e.g., e-mail, telephone numbers)

Content data (e.g., text entries, photographs, videos)

Usage data (e.g., websites visited, interest in content, access times)

Meta/communication data (e.g., device information, IP addresses)

 

Hosting:

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online service. For this purpose, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 letter f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).

We, or rather our hosting provider raise on the basis of our legitimate interests in the sense of Art. 6 paragraph 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.

For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of 30 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

 

Agency services:

We process the data of our customers within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services. We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, duration), payment data (e.g., bank details, payment history), usage and metadata (e.g., in the context of the evaluation and performance measurement of marketing measures). As a matter of principle, we do not process special categories of personal data, unless they are part of a commissioned processing. Those affected include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of processing is to provide contractual services, billing and our customer service. The legal basis of the processing is derived from Art. 6 para. 1 letter b GDPR (contractual services), Art. 6 para. 1 letter f GDPR (analysis, statistics, optimization, security measures). We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their disclosure. Disclosure to external parties is only made if it is necessary within the scope of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 GDPR and do not process the data for any other purposes than those specified in the order.

 

Cookie Consent Management Platform (general):

We use a Consent Management Platform (CMP) on our website Software that enables us and you to handle the correct and safe use of scripts and cookies. The software automatically creates a cookie Popup, scans and controls all scripts and cookies, provides a Data protection required cookie consent for you and helps us and keep track of all cookies.

As part of our cookie management tool, you can manage cookies yourself and have complete control over the Storage and processing of your data. The declaration of your consent will be so that we do not query you every time you visit our website and we can also prove your consent if required by law.

You have the right and the possibility at any time to give your consent to withdraw from the use of cookies. This works either via our cookie management tool or via other opt-out functions in the relevant section of this Privacy Policy or the browser you are using.

 

OneTrust (CMP):

We use OneTrust, a privacy management tool, on our website. The service provider is the Italian company iubenda s.r.l., Via San Raffaele, 1 - 20121 Milan, Italy. To learn more about the data processed through the use of OneTrust, please refer to the Privacy Policy at https://www.onetrust.com/privacy/.

 

IP addresses and cookies:

Our website uses 3 cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site. Read more about the individual cookies we use and how to recognise them below. 

 

We use the following cookies:

– Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable  you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

– Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

 

– Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

– Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

 

Contact:

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. The user's details may be stored in a customer relationship management system ("CRM system") or comparable enquiry organization. We delete the enquiries if they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

Online presences in social media:

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.

Instagram:

Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos, or text and buttons that allow users to express their favorites regarding the content, the authors of the content, or to subscribe to our articles. If the Users are members of the Instagram platform, Instagram may assign the access to the above-mentioned content and functions to the User's profile on that platform. Privacy policy of Instagram: http://instagram.com/about/legal/privacy/.

LinkedIn:

Within our online offer functions and contents of the service LinkedIn, offered by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. This may include content such as images, videos or text and buttons that allow users to express their favorites regarding the content, to tell the authors of the content or to subscribe to our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the access to the above-mentioned contents and functions to the user profiles there. LinkedIn's Privacy Policy: https://www.linkedin.com/legal/privacy-policy. Privacy Policy: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

WIX Building Kit:

We use the Wix website builder for our website from the Israeli company Wix.com Ltd, 40 Hanamal Tel Aviv St., Tel Aviv 6350671, Israel. In addition to the headquarters in Tel Aviv, there are other company offices in Berlin, Dublin, Vancouver or New York. By using Wix, personal data of you may also be collected, stored and processed. With this data protection declaration we want to explain to you why we use Wix, which data is stored where and how you can prevent this data storage.

Wix.com Ltd. has its headquarters in Israel. Israel is classified by the European Commission as a safe third country that provides adequate protection for personal data of Swiss/EU citizens.

If you have consented to allow Wix to be used, the legal basis of the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when Wix collects it.

Please also read the privacy policy of the provider: https://de.wix.com/about/privacy?tid=331668766778 

 

Privacy Policy updated 18th November 2022

bottom of page