The BHEND.STUDIO (also «we», «us») collects and processes personal data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «personal data».
In this Privacy Notice, we describe what we do with your data when you use BHEND.STUDIO, obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with s. When appropriate we will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice.
If you disclose data to us or share data with us about other individuals, we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR»), the Swiss Data Protection Act («DPA») and the revised Swiss Data Protection («revDPA». However, the application of these laws depends on each individual case.
The data controller responsible for the data processing described in this privacy policy is
BHEND DESIGN STUDIO GMBH
SCHWETSTRASSE 04
5400 BADEN
SWITZERLAND
We process various categories of data about you. The main categories of data are the following:
Behavioral and preference data: Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you. For this purpose, we collect and process data about your behavior and preferences. We do so by evaluating information about your behavior in our domain, and we may also supplement this information with third-party information, including from public sources. Based on this data, we can for example determine the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is already known to us (for example where and when you use our services), or we collect it by recording your behavior (for example how you navigate our website). We anonymize or delete this data when it is no longer relevant for the purposes pursued. We describe how tracking works on our website in Section 12.
Technical data: When you use our website, we collect the IP address of your terminal device and other technical data in order to ensure the functionality and security of these offerings. This data includes logs with records of the use of our systems. We generally keep technical data for 6 months. In order to ensure the functionality of these offerings, we may also assign an individual code to you or your terminal device (for example as a cookie, see Section 11). Technical data as such does not permit us to draw conclusions about your identity. However, technical data may be linked with other categories of data (and potentially with your person) in relation to user accounts, registrations, access controls or the performance of a contract.
Communication data: When you are in contact with us via the contact form, by e-mail, telephone or chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.
Master data: With master data we mean the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We generally keep master data for 10 years from the last exchange between us or from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For contacts used only for marketing and advertising, the retention period is usually much shorter, usually no more than 2 years from the last contact.
We process your data for the purposes explained below. Further information is set out in Sections 11 and 12 for online services. These purposes and their objectives represent interests of us and potentially of third parties. You can find further information on the legal basis of our processing in Section 5.
We process your data for purposes related to communication with you, in particular in relation to responding to inquiries and the exercise of your rights (Section 10) and to enable us to contact you in case of queries. For this purpose, we use in particular communication data and master data. We keep this data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.
We process data for marketing purposes and relationship management, for example to send our customers and other contractual partners personalized advertising for products and services from us and from third parties. This may happen in the form of newsletters and other regular contacts, but also as part of marketing campaigns (for example events, contests, etc.). You can object to such contacts at any time (see at the end of this Section 4) or refuse or withdraw consent to be contacted for marketing purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 11).
Where we ask for your consent for certain processing activities (for example for marketing mailings), we will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with effect for the future by providing us written notice; see our contact details in Section 2. For withdrawing consent for online tracking, see Section 11.
Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose(s) you consented to, unless we have another legal basis to do so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to withdrawal.
In relation to our contracts, the website, our services and products, our legal obligations or otherwise with protecting our legitimate interests and the other purposes set out in Section 4, we may disclose your personal data to third parties, in particular to the following categories of recipients:
Other persons: This means other cases where interactions with third parties follows from the purposes set out in Section 4.
Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as separate controllers. These include, for example, IT services.
Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests.
As explained in section 6, we disclose data to other parties. These are not all located in Switzerland. Your data may therefore be processed also in Europe; in exceptional cases, in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception.
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. You will find further information on the respective storage and processing periods for the individual data categories in Section 3, and for cookies in Section 11. If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes.
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. Technical and organizational security measures may include encryption and pseudonymization of data, logging, access restrictions, keeping backup copies, giving instructions to our employees, entering confidentiality agreements, and monitoring. We protect your data that is sent through our website in transit by appropriate encryption.
Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing.
To help you control the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
If you wish to exercise the above-mentioned rights in relation to us, please contact us in writing, at our premises or, unless otherwise specified or agreed, by e-mail; you will find our contact details in Section 2.
If you do not agree with the way we handle your rights or with our data protection practices, please let us or our Data Protection Officers (Section 2) know. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
We use various techniques on our website that allow us and third parties engaged by us to recognize you during your use of our website, and possibly to track you across several visits. This Section informs you about this.
In essence, we wish to distinguish access by you (through your system) from access by other users, so that we can ensure the functionality of the website and carry out analysis and personalization. We do not intend to determine your identity, even if that is possible where we or third parties engaged by us can identify you by combination with registration data. However, even without registration data, the technologies we use are designed in such a way that you are recognized as an individual visitor each time you access the website, for example by our server (or third-party servers ) that assign a specific identification number to you or your browser (so-called «cookie»).
Cookies are individual codes (for example a serial number) that our server or a server of our service providers or advertising partners transmits to your system when you connect to our website, and that your system (browser, cell phone) accepts and stores until the set expiration time. Your system transmits these codes to our server or the third-party server with each additional access. That way, you are recognized even if your identity is unknown.
We distinguish the following categories of «cookies»:
We may also integrate additional third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (for example by clicking a button), these providers can determine that you are using our website. If you have an account with that social media provider, it can assign this information to you and thereby track your use of online offers. These social media providers process this data as separate controllers.
Google Ireland Ltd. (located in Ireland) is the provider of the service «Google Analytics» and acts as our processor. Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»). Google collects information about the behavior of visitors to our website (duration, page views, geographic region of access, etc.) through performance cookies (see above) and on this basis creates reports for us about the use of our website. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the «Data sharing» option and the «Signals option». Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. In any event, if you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (in particular website and app usage, device information and unique IDs) to the United States and other countries. Information about data protection with Google Analytics can be found at https://support.google.com/analytics/answer/6004245 and if you have a Google account, you can find more details about Google’s processing here: https://policies.google.com/technologies/partner-sites?hl=en.
Users can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This saves an opt-out cookie on the user’s data carrier, which prevents the processing of personal data by Google Analytics. Users should note that if all cookies on a terminal device are deleted, these opt-out cookies will also be deleted, i.e. the opt-out cookies should be added again if this form of data collection is to be prevented in future. The opt-out cookies are added to each browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.
We have activated the IP anonymisation function on our website. This means that your IP address is truncated by Google before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google uses this information to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Users may refuse the use of cookies by selecting the appropriate settings on their browser, however they should be aware that in this case the full functionality of this website may not be available. Users may also prevent the collection of data generated by the cookie and related to the use of the website (including their IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Deactivate Google Analytics.
This website uses web fonts provided by Google for the uniform display of fonts. When users click on a page, the user’s browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If the user’s browser does not support web fonts, a default font is used by the user’s computer.
For more information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google’s privacy policy: https://www.google.com/policies/privacy/.
Google Tag Manager is a solution that allows us to manage website tags via an interface and integrate Google Analytics and other Google marketing services into our online offer, for example. The Tag Manager itself which implements the tags does not process any of the user’s personal data. With regard to the processing of users’ personal data, reference is made to the following information on Google services. User guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
This website uses Google conversion tracking. If a user accesses our website via an ad placed by Google, Google Ads will add a cookie on the user’s computer. The conversion-tracking cookie is added when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we, together with Google, detect that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Google Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could personally identify users.
If a user does not wish to participate, the adding of a cookie required for this can be refused, e.g. by means of a browser setting that generally deactivates the automatic adding of cookies or by setting the browser so that cookies from the domain “googleleadservices.com” are blocked.
Please note that users should not delete the opt-out cookies if they do not want any measurement data to be recorded. If all the cookies in the browser have been deleted, the relevant opt-out cookie should be added again.
We use «Google reCAPTCHA» (hereinafter «reCAPTCHA») on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter «Google». The purpose of reCAPTCHA is to verify whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the visitor based on various characteristics. This analysis starts automatically as soon as a user visits the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor on the website, or via mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Visitors are not made aware that such analysis is taking place.
The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from spam. For more information about Google’s reCAPTCHA and privacy policy, please see the following links: https://www.google.com/intl/policies/privacy/ and https://policies.google.com/terms.
We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and collect the data about you described in Section 3 and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). At the same time, the platforms analyze your use of our online presences and combine this data with other data they have about you (for example about your behavior and preferences). They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.
We currently use the following platforms:ing our reach and in analysing user behaviour or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time.
The controller for the operation of the platform for users from Europe is Facebook Ireland Ltd., Dublin, Ireland. Their privacy notice is available at www.facebook.com/policy. Some of your data will be transferred to the United States. You can object to advertising here: www.facebook.com/settings?tab=ads.
With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with Facebook Ireland Ltd., Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). This is explained at www.facebook.com/legal/terms/information_about_page_insights_data.
It helps us understand how our page is used and how to improve it. We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on www.facebook.com/legal/terms/page_controller_addendum.
We use Google My business from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). When you visit and interact with our Google My Business entry, Google also records your IP address and other information that is collected in the form of cookies on your end device. This information is collected for statistical purposes. The data collected about you in this context is processed by Google and may also be transferred to the USA. The use of Google My Business is your own responsibility.
Google also processes your data outside the EU and in particular in the USA. We would like to point out that the USA is currently not considered a safe third country within the meaning of EU and Swiss data protection law. In this respect, there is a risk that US authorities may access this personal data without you as the data subject being able to defend yourself against this. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks?hl=de.
Further information can be found in the Google privacy policy: https://policies.google.com/privacy.
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If a user is logged into their Instagram account, they can link the content of our pages to their Instagram profile by clicking on the Instagram button. This allows Instagram to link a visit to our pages with the user’s account. We would like to point out that we, as the website provider, have no knowledge of the content of the transmitted data or its use by Instagram.
For more information, please see Instagram’s privacy policy: http://instagram.com/about/legal/privacy/
This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.
This privacy notice is based on DSAT.ch.