PRIVACY POLICY FACECRAFT GMBH
FaceCraft GmbH attaches great importance to the protection of your personal data. In this data protection statement we explain how we collect and process personal data. This is not an exhaustive description. Further details can be found in our General Terms and Conditions (and any other documents). Personal data is understood to be all information that relates to a specific or identifiable person.
If you provide us with personal data of other persons (e.g. customers, employees or acquaintances), please ensure that these persons are familiar with this data protection declaration. Only provide us with their personal data if you are permitted to do so and if this personal data is correct.
This data protection declaration is based on the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (DSGVO).
1. Who is responsible for data protection at our company?
Our company FaceCraft GmbH, Grossmatte Ost 24b, 6014 Lucerne, e-mail: info@thefacecraft.com is responsible for data processing (Art. 5 lit. j DSG or Art. 13 No. 1 lit. a DSGVO). If you have any data protection concerns, please send them by post or e-mail to the above address.
Our representative in the EEA is VGS Datenschutzpartner UG, Am Kaiserkai 69, D-20457 Hamburg, E-Mail: info@datenschutzpartner.eu (Art. 27 DSGVO).
2. How do we collect and process personal data?
We primarily process the personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved or that we collect from their users in the course of operating our website and other applications.
Insofar as this is permitted, we also take certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the press, the Internet) or receive this data from authorities and other third parties (Art. 19 Abs. 3 DSG or Art. 14 DSGVO). In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conduct business with your company with your help). (e.g. so that we can conclude and process transactions with your employer with your help), information about you in correspondence and discussions with third parties, creditworthiness information (insofar as we process transactions with you personally), information about you that is given to us by people close to you (family, advisors, legal representatives, etc.) so that we can conclude contracts with you. ) so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements, information from banks, insurance companies, sales and other contractual partners of ours on the use or provision of services by you (e.g. payments made, purchases made). (e.g. payments made, purchases made), personal data from the media and internet (where appropriate in a particular case, e.g. in connection with a job application, for marketing purposes), your addresses and, where applicable, interests and other socio-demographic data (for marketing), data relating to the use of the website (see section 2.1.).
Our website is hosted by GoDaddy.com LLC, based in the USA, which also processes the above data as an order processor. The privacy policy of GoDaddy.com LLC can be found here: https://www.godaddy.com/de-ch/legal/agreements/privacy-policy .
2.1 What happens when you use our website for purely informational purposes?
If you use our website purely for information purposes, i.e. if you do not register as a user or otherwise transmit information, we collect so-called server log data from you: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted, website from which the request came, browser, operating system and its interface, language and version of the browser software. We receive this data via cookies and directly from your browser. The purpose of this processing is the technically error-free presentation and optimisation of our website – the server log files must be recorded for this purpose. The legal basis for this is Art. 6 Abs. 3 DSG or Art. 6 para. 1 sentence 1 lit. f DSGVO, according to which the processing of personal data is also possible without the consent of the data subject if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child. The aforementioned purposes are in our interest. Insofar as we use cookies, we refer to our explanations under point 4.
2.1.1 SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
2.2 What happens when using our contact forms?
When you communicate with us via our contact forms, we collect the following data:
- Name,
- first name,
- e-mail address,
- telephone number,
- content of the message,
which you enter via the contact form.
Your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. The data you enter in the contact form will remain with us until you request us to delete it, revoke any consent you may have given to store it, or until the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Legal or contractual retention periods remain reserved.
If a specific contractual relationship is involved, whether in connection with the initiation, implementation or termination, the legal basis for processing is the Art. 6 Abs. 3 DSG or Art. 6 para. 1 lit. b DSGVO. In all other cases, processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 Abs. 3DSG or Art. 6 para. 1 lit. f DSG-VO) or on your consent (Art. 6 Abs. 6 f DSG or Art. 6 para. 1 lit. a DSGVO) if this has been requested; consent can be revoked at any time. Communication outside of a contractual relationship is in our mutual interest.
2.3 Request by e-mail or telephone
If you contact us by e-mail or telephone, you are aware of the unencrypted transmission of data and that the contents of the messages can be intercepted by third parties. Your enquiry by e-mail, including all personal data resulting from it (usually name, first name, telephone number, e-mail address, your enquiry), will be stored and processed by us for the purpose of processing your request.
This data is processed on the basis of the Art. 6 Abs. 3 DSG or Art. 6 Para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 Abs. 3 DSG or Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 Abs. 6f DSG or Art. 6 para. 1 lit. a DSGVO) if this has been requested; consent can be revoked at any time.
The data you send to us will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Legal or contractual retention periods remain reserved.
2.4 Integration of third-party services and content
We use third party services and content within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of the Art. 6 Abs. 3 DSG or Art. 6 para. 1 lit. f. DSGVO) or on the basis of your consent. DSGVO) or on the basis of your consent (Art. 6 Abs. 6f DSG or Art. 6 para. 1 lit. a DSGVO) if this has been requested, we use content or service offers from third party providers in order to integrate their content and services, such as videos or map functions.
2.5 What personal data do we process from you when you request a quote from us or conclude a contract with us?
If you request a quote from us and/or conclude a contract with us, we generally process the following personal data from you:
- Name,
- first name,
- address,
- e-mail address,
- telephone number,
- picture/ and video data of you and/or third parties,
- if applicable, further information,
which you provide to us in the context of the enquiry or in the context of the fulfilment of the contract.
The justification for this data processing lies in the initiation and/or fulfilment of the contract (Art. 6 Abs. 3 DSG or Art. 6 para. 1 lit. b DSGVO). We process this data until the purpose deriving from the legitimate interest has been fulfilled, at the longest until the end of the statutory retention period.
In the context of our video and photography work, you give us your consent to process your image rights and ensure that you obtain the consent of third parties concerned (Art. 28 ZGB, DSG or Art. 6 para. 1 sentence 1 lit. a DSGVO). You can revoke your consent at any time.
2.6 What personal data do we process from you when you register with us for a newsletter?
Can we send you a newsletter without registration?
If you would like to receive news and information about our products and services, you can register for our newsletter. By expressly registering to receive newsletters, you give us permission to send you information tailored to your needs by post or electronically. In this context, we process the following data from you:
- Name,
- first name,
- address,
- e-mail address,
- telephone number,
- date of birth,
- Details of products and services you receive,
- Details of the type of newsletter you would like to receive,
- Information about your reactions to the newsletters you receive (in particular tracking when reading the newsletters and reaction to links in the newsletters).
You can revoke your consent to receive the newsletter at any time.
In accordance with the statutory provisions, we may also send you news without your consent if we have or have had a contractual relationship with you and the information concerns similar offers. You can refuse to receive these newsletters at any time by clicking on the link in the relevant newsletter.
The legal basis for the processing of personal data is either your consent pursuant to Art. 3 Para. 1 lit. o UWG, Art. 6 Abs. 6 f DSG or Art. 6 Para. 1 Sentence 1 lit. a DSGVO or the private or legitimate interest pursuant to Art. 6 Abs. 3 DSG or Art. 6 Para. 1 Sentence 1 lit. f DSGVO.
3. Do we use cookies or similar tracking technologies?
We use “cookies” and similar technologies on our website to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you are using when you visit our website. This allows us to recognise you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website (“session cookies”), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (“permanent cookies”). However, you can set your browser to reject cookies, to save them for one session only or to delete them prematurely. Most browsers are preset to accept cookies. We use persistent cookies to store user preferences (e.g. language, autologin) so that we can better understand how you use our services and content. Certain of the cookies are set by us, and certain are set by contractors with whom we work. If you block cookies, certain functionalities (e.g. forms, login process) may no longer function.
By using our website or after giving your consent, you agree to the use of these technologies. If you do not wish this, you can set your browser accordingly and/or revoke your consent.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.
3.1 Analysis and tracking tools from Google
3.1.1 Google Analytics
a.) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. In the case of activation of IP anonymisation on this website, however, your IP address will be shortened by Google beforehand. Only in exceptional cases will the full IP address be transferred to the USA. The service provider does not receive any personal data from us (and does not retain any IP addresses), but can track your use of the website, combine this information with data from other websites that you have visited and use this knowledge for its own purposes (e.g. controlling advertising). If you have registered with the service provider yourself, the service provider also knows you. The service provider is then responsible for processing your personal data in accordance with its data protection regulations. The service provider only informs us how our website is used. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
b.) The legal basis and revocation option for this data processing is your consent (Art. 6 Abs. 6 f DSG or Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time with effect for the future. You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. We will delete the data after 14 months at the latest.
c.) Information from the third-party provider: Google LLC (formerly known as Google Inc.), 1600 Amphitheat-re Parkway, Mountain View, California 94043, USA. You can find out how Google processes your data in their privacy policy: https://policies.google.com/privacy?hl=de. Google LLC has concluded EU standard contractual clauses according to which the transfer to the USA is justified after a risk assessment has been carried out (Art. 16 Abs. 2 lit d DSG resp. Art. 46 DSGVO).
3.1.2 Google Analytics E-Commerce Measurement
This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, website operators can analyse the purchasing behaviour of website visitors in order to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID, which is assigned to the respective user or their device.
3.1.3 Google Signal
We use Google signal. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
3.1.4 Google Ads
- The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
- Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Fer-ner, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.
- The use of this service is based on your consent in accordance with Art. 6 Abs. 6 f DSG or Art. 6 para. 1 lit. a DSGVO. This consent can be revoked at any time.
- Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
3.1.5 Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads Remarketing allows us to assign persons who interact with our online offer to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 Abs. 6 f DSG or Art. 6 Para. 1 lit. a DSGVO. This consent can be revoked at any time.
Further information on Google advertising can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.
3.1.6 Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter “DoubleClick”).
DoubleClick is used to display interest-based advertisements to you throughout the Google advertising network. The ads can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our ads may be displayed in Google search results or in banner ads associated with DoubleClick.
In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and associate the web pages visited, clicks and other information on user behaviour with them. DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting) for this purpose. The information collected is compiled into a pseudonymous user profile in order to display interest-based advertising to the user concerned.
The use of this service is based on your consent according to Art. 6 Abs. 6 f DSG or Art. 6 para. 1 lit. a DSGVO. This consent can be revoked at any time.
For further information on how to object to the advertisements displayed by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
3.1.7 Elfsight Google Reviews Widget
Functions of the Google Reviews plugin service are integrated on our pages. These functions are offered by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Our Google Reviews plugin uses Elfsight, LLC, Yerevan, Paronyana str., 19/3, 201, 0015, Armenia, as the service provider. When loading the images and the reviews, Google and Elfsight can read out or store the IP of the user. If the user is logged in to his Google account at the time of the download, Google can assign the user’s profile. Further information on this can be found in the privacy policy of Google https://www.google.de/policies/privacy/ and Elfsight, LLC https://elfsight.com/privacy-policy/.
3.1.8 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for the administration and playout of the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to the parent company Google LLC in the USA.
The Google Tag Manager is used on the basis of legitimate interest in accordance with the Art. 6 Abs. 3 DSG or Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is based on the Art. 6 Abs. 6 DSG or Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time.
4. How do we use social media?
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When visiting the respective networks and platforms, the terms and conditions and the data protection declarations of the respective operators (responsible parties) apply.
Unless otherwise stated within the scope of our data protection declaration, we process the data of the users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
We may also use so-called plug-ins from social networks such as Facebook, Insta-gram, LinkedIn, YouTube and Tiktok on our website. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are disabled by default. If you activate them (by clicking and logging in), the operators of the respective social networks can register that you are on our website and where, and can use this information for their purposes. The processing of your personal data is then the responsibility of the operator in accordance with their data protection regulations. We do not receive any information about you from them.
4.1 YouTube – Service from Google
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly or linked from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph (2) be transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the following data is transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing their website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
Further information on the purpose and scope of the data collection and its processing by
YouTube can be found in the data protection declaration of Google LLC: https://policies.google.com/privacy?hl=de. There you will also find further information on your rights and settings options for protecting your privacy: https://privacy.google.com/take-control.html?categories_activeEl=sign-in. Google also processes your personal data in the USA and has therefore agreed to the standard contractual clauses, according to which the transfer to the USA is justified after a risk assessment has been carried out (Art. 16 Abs. 2 lit. d DSG or Art. 46 DSGVO).
The legal basis is Art. 6 Abs. 3 DSG, Art. 6 para. 1 sentence 1 lit. f DSGVO, according to which the processing of personal data is possible even without the consent of the data subject if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child. Here we refer to our interest in direct advertising in accordance with the Art. 6 DSG and recital 47 of the DSGVO.
4.2 Facebook Custom Audiences on – analysis tool from Facebook
We use the “Custom Audiences” remarketing function of Facebook Ireland Ltd. in Ireland (“Facebook”) via our website. This enables users of the website to be shown interest-based advertisements (“Facebook ads”) when they visit the Facebook social network or other websites that also use this procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website more interesting for you. Due to the marketing tools used, your browser will automatically establish a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is still possible for the provider to obtain and store your IP address and other identifying features. Deactivating the “Facebook Custom Audiences” function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#_. Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy. Meta also processes your personal data in the USA and has agreed to the standard contractual clauses, according to which the transfer to the USA is justified after a risk assessment has been carried out (DSG or Art. 46 DSGVO). You can revoke your consent at any time by sending an informal message to our contact addresses as per point 1.
4.3 Facebook Pixel – Analysis tool from Meta
By using Facebook Pixel, we analyse your click behaviour and your interactions on our Facebook posts. We learn from Facebook and Meta respectively whether you as a user have visited our website and/or our Facebook page(s).
Processed data: Usage data, meta data; if users are registered with Facebook, the data is linked to their Facebook profiles and data belonging to them (in particular inventory data).
Type, scope, mode of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling, cross-device tracking, custom audiences via websites.
This will allow us to target you directly as a Facebook user in the future and provide you with needs-based information. With this information, we can measure our marketing strategies and optimise them accordingly. By default, the Facebook Pixel is not used in advanced data matching mode. For information on how your data is used when using the Facebook Pixel, please refer to the privacy policy of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irlnd at https://www.facebook.com/privacy . You can read about the specific data collected via the Facebook Pixel here: https://www.facebook.com/business/gdpr. Meta also processes your personal data in the USA and has agreed to the standard contractual clauses, according to which the transfer to the USA is justified after a risk assessment has been carried out (DSG or Art. 46 DSGVO).
The legal basis and revocation option for this data processing is your consent (Art. 6 Abs. 6 f DSG or Art.6 para.1 sentence 1 lit. a DSGVO). We delete the data after 14 months at the latest.
To prevent the collection of your data by the Facebook pixel, you can use the JavaScript code below or click here.
JavaScript code below or here: :
https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ .
<script>
if (document.cookie.indexOf(fpdisableStr + ‘=true’) > -1) {
document.write(‘<div class=”text-center” style=”margin-top:24px”><a onclick=”activatePixelMDE()”>Pixel aktivieren</a></div>’);
}else {
document.write(‘<div class=”text-center” style=”margin-top:24px;margin-bottom:96px”><a onclick=”fpOptout()”>Pixel deaktivieren</a></div>’);
}
</script>
4.4 What happens when using the video conferencing provider Zoom Video Communications, Inc. and any other video conferencing providers?
To conduct meetings, we may use the video conferencing provider Zoom Video Communications, Inc. (“Zoom”), 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, or similar video conferencing service providers to conduct a meeting online. In this context, we would like to point out that in the course of our activities, video and audio recordings, chat content and names of the participants are transmitted to Zoom in the USA or, if applicable, to an alternative video service provider.
Zoom’s privacy policy can be found here: https://zoom.us/de-de/privacy.html. Zoom has agreed to the EU standard contractual clauses, according to which the transfer to the USA is justified after carrying out a risk assessment (Art. 16 Abs. 2 lit d DSG or Art. 46 DSGVO).
To conduct meetings, we may use the video conferencing provider Google Meet from Google LLC or Microsoft Teams from Microsoft Enterprise Service Privacy (hereinafter “Microsoft”), USA or similar video conferencing service providers to conduct a meeting online. In this context, we would like to point out that in the course of our activities, video and audio recordings, chat content and the names of the participants are transmitted to Google or Microsoft in the USA or, if applicable, to an alternative video service provider.
The privacy policy of Google LLC can be found here https://policies.google.com/privacy?hl=de. Google has agreed to the standard contractual clauses, according to which the transfer to the USA is justified after a risk assessment has been carried out (Art. 16 Abs. 2 lit. d DSG or Art. 46 DSGVO).
Microsoft’s data protection guidelines can be found here: https://privacy.microsoft.com/de-de/privacystatement. Microsoft has agreed to the EU standard contractual clauses, according to which the transfer to the USA is justified after a risk assessment has been carried out (DSG or Art. 46 DSGVO).
We may also use other video conferencing providers if necessary. In this regard, we refer to their privacy policy.
The legal basis for the processing of personal data (right to one’s own image) is in particular your consent in accordance with the Art. 6 Abs. 6f DSG or Art. 6 para. 1 sentence 1 lit. a DSGVO. You can revoke your consent to the use of your image and video data via the above-mentioned video conference providers at any time.
5. Purposes of data processing and legal basis
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners (Art. 6 Abs. 3 DSG or Art. 6 para. 1 lit. b DSG-VO), in particular in the context of video and photo productions with our customers and in the context of purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations at home and abroad. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.
In addition, we process personal data of you and other persons, insofar as this is permitted and appears to us to be appropriate, for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- Offering and further developing our offers, services, operating our website and other platforms on which we are present;
- Communication with third parties and processing of their enquiries (e.g. applications, media enquiries);
- Testing and optimisation of procedures for needs analysis for the purpose of direct customer contact as well as collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- Advertising and marketing (including the organisation of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time. We will then put you on a blocking list against further advertising mailings);
- Assertion of legal claims and representation in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
- Guarantees of our operations, in particular IT;
- Purchase and sale of business units, companies or parts of companies and other transactions under company law and the associated transfer of personal data as well as measures for business management and insofar as to comply with legal and regulatory obligations as well as internal regulations of FaceCraft GmbH.
Insofar as you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent (Art. 6 Abs. 6f DSG, Art. 6 Para. 1 lit. a DSGVO), insofar as we have no other legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
6. To whom do we pass on the data and is it transferred abroad?
Your personal data will be treated as strictly confidential and will not be sold to third parties.
Within the scope of our business activities and the purposes set out in section 3, we also disclose data to third parties or order processors, insofar as this is permitted and appears to us to be appropriate, either because they process the data for us, in particular to fulfil our contracts, or because they want to use the data for their own purposes (DSG or Art. 13 No. 1 lit. e DSGVO). This applies in particular to the following bodies:
- Our service providers (external partners such as tax consultants, auditors, banks, insurance companies), including order processors (such as IT providers);
- if applicable, dealers, suppliers, subcontractors and other business partners – does not apply to affected persons as customers;
- domestic and foreign authorities, official agencies or courts (where required by law);
- social media: only possible if the data subjects themselves participate on platforms of the corresponding social media* and indirectly to social media when clicking on the plug-ins;
- other parties in potential or actual legal proceedings (where there is a legal duty);
- Acquirers or parties interested in acquiring business or FaceCraft Ltd;
all joint recipients.
These recipients are partly in Germany and partly abroad. Your data may be transferred to the following countries outside Switzerland where our contractual partners are located, where we are represented or to foreign authorities or companies in exceptional cases (in the event of legal obligation):
Contractual partner, authority or company | Country | Adequate data protection, Guarantee or exception according to DSGDSG |
Microsoft Enterprise Service | USA | Standard contractual clauses |
Zoom Video Communications, Inc. | USA | Standard contractual clauses |
Google Ireland Limited (inkl. YouTube) | Ireland (Datatransfer: USA) | Standard contractual clauses |
Meta Platforms Ireland Limited inkl. Facebook Ireland Ltd. and Instagram* | Ireland (Datatransfer: USA) | Standard contractual clauses |
WhatsApp Ireland Limited | Ireland (Datatransfer: USA) | Standard contractual clauses |
LinkedIn Ireland Unlimited | Ireland (Datatransfer: USA) | Standard contractual clauses |
GoDaddy.com LLC | USA | Standard contractual clauses |
WeTransfer B.V. | The Netherlands | Adequate data protection |
Hubspot, Inc. | USA | Standard contractual clauses |
When we transfer data to a country without adequate legal data protection, we ensure, as required by law, after a risk analysis and by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission, which can be found at
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0915&locale-en=
or the model contracts of the Federal Data Protection and Information Commissioner at https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/unternehmen/anmeldung-einer-datensammlung/mustervertrag-fuer-das-outsourcing-von-datenbearbeitungen-ins-au.html) or so-called Binding Corporate Rules for an appropriate level of protection or rely on the legal exceptions of consent, the execution of the contract, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects (cf. Art. 19. Abs. 4 DSG or Art. 13 No. 1 lit. f DSGVO). You can obtain a copy of the aforementioned contractual guarantees at any time from the contact person named in section 1, unless already stated above. However, we reserve the right to black out copies for reasons of data protection law or confidentiality or to supply only excerpts.
7. How long do we keep personal data (Art. 6 Abs. 4 DSG or Art. 13 No. 2 lit. a DSGVO)?
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation and processing to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations (in principle 10 years for business books, accounting vouchers and VAT-relevant vouchers in accordance with Art. 958f OR, for certain documents 20 years or longer). It is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or justified business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less generally apply. 8.
8. Do we guarantee sufficient data security?
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, and controls.
We always strive to ensure that no data breaches occur. However, should a data breach occur, we will ensure that we identify such a data breach at an early stage and, if necessary, report it immediately to you or to the competent supervisory authority (for Switzerland: the Swiss Data Protection and Information Commissioner), including the respective data categories that are affected.
9. Is there an obligation to provide personal data (Art. 19 DSG or Art. 13 No. 2 lit. e DSGVO)?
Within the scope of our business relationship, you must provide the personal data that is required for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). It will also not be possible to use the website if certain traffic security details (such as IP address) are not disclosed.
10. What rights do you have as a data subject?
Within the framework of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, as well as to the release of certain personal data for the purpose of transfer to another body (so-called data portability):
- For persons domiciled or resident in Switzerland: Federal Data Protection Act according to Art. 25 ff E-DSG;
- For persons with residence or domicile in the EU/EFTA: Art. 13 No. 2 lit. b DSGVO.
Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to retain or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to invoke this) or if we need the data to assert claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.
If you wish to invoke your rights, we ask you to make your requests in such a way that we can clearly prove your identity (communication of your personal data and enclosure of an identity card or by means of alternatives that clearly identify you).
In addition, every data subject has the right to enforce his or her claims in court or to lodge a complaint with the competent data protection authority (FADP or Art. 13 No. 2 lit. d GDPR). The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
11. Changes
We may amend this privacy policy at any time without prior notice. The current version published on our website will apply. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.
12. Effective Date
This data protection declaration comes into force on 23. January 2024 and replaces all previous data protection declarations.
Lucerne, 23. January 2024
