Privacy Policy
This privacy policy provides information about the processing of personal data in connection with our activities and operations, including our website. In particular, we inform you about the purposes, methods, and locations of our processing of personal data. We also provide information about the rights of individuals whose data we process.
Additional privacy policies or other data protection information may apply to specific or additional activities and operations.
We are subject to Swiss data protection law and, where applicable, foreign data protection law, such as that of the European Union (EU), particularly the General Data Protection Regulation (GDPR).
On 26 July 2000, the European Commission recognised that Swiss data protection law provides adequate data protection. In a report dated 15 January 2024, the European Commission reaffirmed this adequacy decision.
1. Contact Information
Responsibility for the processing of personal data:
Durable Planung und Beratung GmbH
Binzstrasse 12
8045 Zurich
info@studiodurable.ch
In certain cases, third parties may be responsible for the processing of personal data, or joint responsibility may exist with third parties.
2. Terms and Legal Bases
2.1 Terms
Data Subject: A natural person whose personal data we process.
Personal Data: Any information relating to an identified or identifiable natural person.
Sensitive Personal Data: Data relating to trade union membership, political, religious or philosophical beliefs, health data, data concerning intimate life, ethnicity or race, genetic data, biometric data that uniquely identifies a natural person, data on criminal or administrative sanctions or proceedings, and data concerning social assistance measures.
Processing: Any handling of personal data, regardless of the methods and procedures used, such as querying, comparing, modifying, archiving, storing, retrieving, disclosing, acquiring, recording, collecting, deleting, disclosing, sorting, organising, storing, modifying, distributing, linking, destroying, and using personal data.
European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
Note: The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
Art. 6(1)(b) GDPR for necessary processing of personal data to fulfil a contract with the data subject or to carry out pre-contractual measures.
Art. 6(1)(f) GDPR for necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – unless the fundamental rights and freedoms, as well as the interests of the data subject, override these. Such interests particularly include the continuous, user-friendly, secure, and reliable operation of our activities, ensuring information security, protection against misuse, enforcing legal claims, and complying with Swiss law.
Art. 6(1)(c) GDPR for necessary processing of personal data to fulfil a legal obligation to which we are subject under the applicable law of member states within the European Economic Area (EEA).
Art. 6(1)(e) GDPR for necessary processing of personal data to perform a task carried out in the public interest.
Art. 6(1)(a) GDPR for processing personal data with the consent of the data subject.
Art. 6(1)(d) GDPR for necessary processing of personal data to protect the vital interests of the data subject or another natural person.
Art. 9(2) et seq. GDPR for processing special categories of personal data, particularly with the consent of the data subjects.
3. Nature, Scope, and Purpose of Processing Personal Data
We process personal data necessary to ensure the continuous, user-friendly, secure, and reliable operation of our activities. The personal data processed may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data received from third parties, obtained from publicly accessible sources, or collected in the course of our activities, as long as such processing is legally permitted.
We process personal data with the consent of the data subjects where required. In many cases, we may process personal data without consent, for example, to fulfil legal obligations or protect overriding interests. We may also seek consent from the data subjects even when it is not required.
We process personal data for as long as necessary for the respective purpose. We anonymise or delete personal data, particularly in line with legal retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. These third parties are particularly specialised service providers whose services we use.
We may, for example, disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunications companies, and insurance companies.
5. Communication
We process personal data to communicate with third parties. In this context, we particularly process data provided by a data subject when contacting us, for example, by letter or email. Such data may be stored in an address book or similar tools.
Third parties transmitting data about other persons are required to ensure data protection for those affected. This includes ensuring the accuracy of the transmitted personal data.
6. Data Security
We implement appropriate technical and organisational measures to ensure data security in line with the respective risk. Our measures guarantee, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, although absolute data security cannot be guaranteed.
Access to our website and other online services occurs via transport encryption (SSL/TLS, specifically using Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication – like any digital communication – is subject to mass surveillance by security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police forces, and other security authorities, nor can we exclude the possibility that specific data subjects are being monitored.
7. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also transfer personal data to other countries, particularly to process or have it processed there.
We may transfer personal data to any country or territory on Earth, provided that the local law ensures adequate data protection under a decision by the Swiss Federal Council and – where applicable – a decision by the European Commission.
We may transfer personal data to countries whose laws do not ensure adequate data protection, provided data protection is guaranteed by other means, particularly through standard data protection clauses or other suitable safeguards. In exceptional cases, we may transfer personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the express consent of the data subject or a direct connection with the conclusion or performance of a contract. Upon request, we are happy to provide information on any safeguards or supply copies of such safeguards.
8. Data Subjects’ Rights
8.1 Data Protection Claims
We grant data subjects all rights provided by applicable data protection law. In particular, data subjects have the following rights:
Access: Data subjects can request confirmation on whether we process personal data about them and, if so, which personal data. They also receive the information necessary to assert their data protection claims and ensure transparency. This includes the personal data processed, the purpose of processing, the retention period, any disclosure or transfer of data to other countries, and the origin of the personal data.
Correction and Restriction: Data subjects can request the correction of inaccurate personal data, the completion of incomplete data, and the restriction of data processing.
Deletion and Objection: Data subjects can request the deletion of personal data (“right to be forgotten”) and object to future data processing.
Data Release and Transfer: Data subjects can request the release of personal data or the transfer of their data to another controller.
We may delay, limit, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects of any requirements they need to meet to exercise their data protection claims. For example, we may refuse access with reference to business secrets or the protection of other persons, or we may refuse to delete personal data based on legal retention obligations.
In exceptional cases, we may charge costs for exercising these rights. We will inform data subjects of any costs in advance.
We are required to take appropriate measures to identify data subjects requesting access or exercising other rights. Data subjects must cooperate in this process.
8.2 Legal Remedies
Data subjects have the right to enforce their data protection claims through legal action or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities – where applicable under the GDPR – are organised as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities have a federal structure, particularly in Germany.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies, whether our own (first-party cookies) or from third-party services we use (third-party cookies), are data stored in the browser. These stored data are not limited to traditional cookies in text form.
Cookies may be stored temporarily in the browser as “session cookies” or for a specific period as “permanent cookies”. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies, in particular, allow a browser to be recognised on subsequent visits to our website, enabling us to measure the reach of our website, for instance. Permanent cookies may also be used for online marketing.
Cookies can be disabled or deleted, either wholly or partially, in the browser settings at any time. However, without cookies, our website may not be available to its full extent. We request – at least when and where necessary – your explicit consent to the use of cookies.
For cookies used for performance and reach measurement or for advertising, a general opt-out is possible via services such as AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
For each access to our website and our other online presence, we may log the following information, provided that this data is transmitted to our digital infrastructure: date and time, including time zone, IP address, access status (HTTP status code), operating system, including interface and version, browser, including language and version, the specific subpage accessed on our website, including data volume transmitted, and the previously visited webpage (referrer).
We log this information, which may include personal data, in log files. This information is necessary to ensure the continuous, user-friendly, and reliable availability of our online presence. It is also required to ensure data security, either by ourselves or with the assistance of third parties.
9.3 Tracking Pixels
We may embed tracking pixels in our online presence. Tracking pixels are also known as web beacons. These are usually small, invisible images or JavaScript code that is automatically retrieved when accessing our online presence. With tracking pixels, at least the same information as in log files can be collected.
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to inform them about our activities. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The respective terms and conditions (T&Cs), usage policies, privacy policies, and other rules of the individual platform operators apply. These policies particularly inform data subjects of their rights directly with respect to the respective platform, such as the right to access their data.
11. Third-Party Services
We use services from specialised third parties to ensure that our activities and operations are conducted in a continuous, user-friendly, secure, and reliable manner. Through such services, we may embed functions and content into our website. In doing so, these third-party services may, for technical reasons, temporarily capture the IP addresses of users.
For necessary security, statistical, and technical purposes, third parties whose services we use may aggregate, anonymise, or pseudonymise data related to our activities and operations. Such data may include performance or usage data necessary for the respective service.
We particularly use:
Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles,” “Information on how Google uses personal data,” Privacy Policy, “Google’s commitment to complying with applicable data protection laws,” “Privacy Guide for Google Products,” “How we use data from websites or apps that use our services,” “Types of cookies and similar technologies used by Google,” “Ads you can control” (“Personalised Ads”).
11.1 Digital Infrastructure
We use the services of specialised third parties to obtain the necessary digital infrastructure in connection with our activities and operations. This includes hosting and storage services provided by selected providers.
We particularly use:
METANET: Hosting; Provider: METANET AG (Switzerland); Privacy information: Privacy Policy, “Technical and Organisational Measures.”
11.2 Maps
We use third-party services to embed maps into our website.
We particularly use:
Google Maps, including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: “How Google uses location information.”
12. Performance and Reach Measurement
We aim to measure the success and reach of our activities and operations. In doing so, we may also measure the impact of third-party references or test how different parts or versions of our online offering are used (“A/B Testing” method). Based on the results of performance and reach measurement, we can fix errors, enhance popular content, or make improvements.
For performance and reach measurement, the IP addresses of individual users are generally collected. IP addresses are typically shortened (“IP masking”) to follow the principle of data minimisation through pseudonymisation.
Cookies may be used for performance and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the pages or content viewed on our website, details about the screen size or browser window, and the approximate location. In principle, any user profiles created are pseudonymised and not used to identify individual users. Specific third-party services where users are registered may potentially link the use of our online offering to the user account or profile with the respective service.
We particularly use:
Google Marketing Platform: Performance and reach measurement, particularly with Google Analytics; Provider: Google; Specific information on Google Marketing Platform: Cross-device tracking across different browsers and devices with pseudonymised IP addresses, which are only transmitted in full to Google in the USA in exceptional cases, Privacy Policy for Google Analytics, “Browser add-on to deactivate Google Analytics.”
Google Tag Manager: Embedding and managing services from Google and third parties, particularly for performance and reach measurement; Provider: Google; Specific information on Google Tag Manager: Privacy Policy for Google Tag Manager; further privacy information can be found with the respective embedded and managed services.
13. Final Provisions
This privacy policy is an unofficial, machine-generated translation from the original German version. The German version has been created using the data protection generator from Datenschutzpartner.
We may adapt and update this privacy policy at any time. We will inform about such adaptations and updates in an appropriate form, particularly by publishing the current privacy policy on our website.