privacy policy.

    Legal

    This Privacy Policy for fiberstorm GmbH (“we”, “us”, or “our”), describes how and why we might access, collect, store, use and/or share (“process”) your personal information when you use our services (“services”), including when you:

    – visit our website https://www.fiberstorm.ch or any website of ours that links to this privacy notice.

    – Use tailored consulting, our customized sustainability consultation for designers, companies and individuals

    – Engage with us in other related ways, including any sales, marketing, or events

    We are committed to protecting and respecting your privacy.

    This policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.fiberstorm.ch (our site), you are accepting and consenting to the practices described in this policy.

    general note

    Based on Article 13 of the Swiss Federal Constitution and the federal data protection provisions (Data Protection Act, DSG), every person is entitled to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

    In cooperation with our hosting providers, we endeavour to protect the databases as well as possible against unauthorised access, loss, misuse or falsification.

    We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

    By using this website, you consent to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as the pages accessed or the names of the files accessed, the date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular your name, address or email address, is collected voluntarily as far as possible. Your data will not be passed on to third parties without your consent.

    Processing of General Data

    Personal data is any information relating to an identified or identifiable person. A data subject is a person whose personal data is being processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, saving, modification, destruction and use of personal data.

    We process personal data in accordance with Swiss data protection law. Furthermore, insofar as the EU GDPR applies, we process personal data in accordance with the following legal bases in connection with Art. 6(1) GDPR:

    • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
    • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
    • Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
    • Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – Processing is necessary to protect the vital interests of the data subject or another natural person.
    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
    • Application process as a pre-contractual or contractual relationship (Art. 9 (2) (b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the controller or the data subject can exercise their rights under labor law and social security and social protection law and fulfill their obligations in this regard, their processing is carried out in accordance with Art. 9 (2) (b) GDPR, in the case of the protection of vital interests of applicants or other persons pursuant to Art. 9 (2) (c) GDPR, or for the purposes of health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnosis, care, or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9 (2) (h) GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 (2) (a) GDPR.

    We process personal data for the period necessary for the respective purpose or purposes. In the event of longer storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

    Relevant Legal Basis

    In accordance with Art. 13 GDPR, we hereby inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as for responding to inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

    safety measures

    We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

    These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability, and separation. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted, and responses are made to threats to data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

    Transfer of Personal Data

    As part of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

    Data Processing in Third Countries

    If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in connection with the use of third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this will only be done in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we only process data in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

    Privacy Policy for Cookies

    This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to an online offering. The stored information may include, for example, the language settings on a website, the login status, a shopping cart, or the point at which a video was viewed. We also include other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as “user IDs”) under the term “cookies.”

    The following types of cookies and functions are distinguished:

    • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their browser.
    • Permanent cookies: Permanent cookies remain stored even after the browser is closed. This allows, for example, the login status to be saved or preferred content to be displayed directly when the user visits a website again. Similarly, the interests of users, which are used for reach measurement or marketing purposes, can be stored in such a cookie.
    • First-party cookies: First-party cookies are set by us.
    • Third-party cookies (also known as third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
    • Necessary (also: essential or strictly necessary) cookies: Cookies may be strictly necessary for the operation of a website (e.g., to store logins or other user entries, or for security reasons).
    • Statistics, marketing, and personalization cookies: Cookies are also generally used for reach measurement and when a user’s interests or behavior (e.g., viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This process is also referred to as “tracking,” i.e., tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when obtaining your consent.

    Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this applies and you consent to the use of cookies, the legal basis for the processing of your data is your declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the economic operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

    Storage period: Unless we provide you with explicit information about the storage period for permanent cookies (e.g., in the context of a so-called cookie opt-in), please assume that the storage period can be up to two years.

    General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option of revoking your consent at any time or objecting to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection by adjusting your browser settings, e.g., by deactivating the use of cookies (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further information on objection rights in the information provided on the service providers and cookies used.

    Processing of cookie data based on consent: We use a cookie consent management procedure in which users’ consent to the use of cookies, or the processing and providers specified in the cookie consent management procedure, is obtained and can be managed and revoked by users. The declaration of consent is stored so that it does not have to be requested again and so that consent can be proven in accordance with the legal obligation. Storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of storage of consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used.

    • Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
    • Data subjects: Users (e.g., website visitors, users of online services).
    • Legal basis: Consent (Art. 6 (1) (a) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

    Privacy Policy for SSL/TSL Encryption

    This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

    When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

    Data Procection Declaration for Server Log Files

    The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

    • Browser type and browser version
    • Operating system used
    • Referrer URL
    • Host name of the accessing computer
    • Time of the server request

    This data cannot be assigned to specific individuals. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

    Third-Party Services

    This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

    These services provided by the American company Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA. We assume that no personal tracking takes place in this context solely through the use of our website.

    Google has committed to ensuring adequate data protection in accordance with the US-European and US-Swiss Privacy Shield.

    Further information can be found in Google’s privacy policy.

    Data Procection Declaration for Newsletter Data

    If you would like to subscribe to the newsletter offered on this website, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

    You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time, for example, via the “unsubscribe link” in the newsletter.

    Rights of Affected Persons

    Right to confirmation

    Every data subject has the right to request confirmation from the website operator as to whether personal data concerning them is being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

    Right to information

    Any person affected by the processing of personal data has the right to obtain information from the operator of this website at any time, free of charge, about the personal data stored about them and a copy of this information. Furthermore, the following information may be provided if applicable:

    • the purposes of the processing
    • the categories of personal data that are being processed
    • the recipients to whom the personal data have been or will be disclosed
    • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
    • the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
    • the existence of a right to lodge a complaint with a supervisory authority
    • if the personal data are not collected from the data subject: all available information on the source of the data

    Furthermore, the data subject has the right to obtain information about whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

    If you wish to exercise this right to information, you can contact our data protection officer at any time.

    Right to rectification

    Any person affected by the processing of personal data has the right to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.

    If you wish to exercise this right of rectification, you can contact our data protection officer at any time.

    Right to erasure

    Any person affected by the processing of personal data has the right to request that the controller of this website delete personal data concerning them without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

    • The personal data has been collected or otherwise processed for purposes for which it is no longer necessary
    • The data subject withdraws their consent on which the processing was based, and there is no other legal basis for the processing
    • The data subject objects to the processing on grounds relating to their particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and related profiling
    • The personal data has been processed unlawfully
    • The erasure of the personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
    • The personal data has been collected in relation to information society services offered directly to a child

    If one of the above reasons applies and you wish to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the deletion request is complied with immediately.

    Right to restriction of processing

    Any person affected by the processing of personal data has the right to request that the controller of this website restrict processing if one of the following conditions applies:

    • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
    • The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted
    • The controller no longer needs the personal data for the purposes of processing, but the data subject needs it to assert, exercise, or defend legal claims
    • The data subject has objected to the processing on grounds relating to their particular situation, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject

    If one of the above conditions applies and you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the processing to be restricted.

    Right to data portability

    Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format. They also have the right to have this data transferred to another controller if the legal requirements are met.

    Furthermore, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

    To exercise your right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

    Right to object

    Any person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning them for reasons arising from their particular situation.

    The operator of this website will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or if the processing serves to assert, exercise, or defend legal claims.

    To exercise your right to object, you can contact the data protection officer of this website directly.

    Right to withdraw consent under data protection law

    Any person affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time.
    If you wish to exercise your right to revoke your consent, you can contact our data protection officer at any time.

    Data Protection Declaration for Objections to Advertising E-mails

    We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.

    External Payment Service Provider – Stripe

    We’re using an external payment service named Stripe.

    You can view the payment service provider’s privacy policy here.

    In connection with the performance of contracts, we use payment service providers in accordance with the Swiss Data Protection Ordinance and, where necessary, Article 6(1)(b) of the EU GDPR. In addition, we use external payment service providers based on our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, in accordance with Article 6(1)(f) of the EU GDPR, in order to offer our users effective and secure payment options.

    The data processed by payment service providers includes personal information, such as name and address; banking information, such as account numbers or credit card numbers; passwords, TANs, and verification codes; as well as details related to the contract, transaction amounts, and recipients. This information is required to process the transactions. However, the data entered is processed and stored solely by the payment service providers.

    As the operator, we do not receive any information regarding bank accounts or credit cards; we only receive information confirming whether a payment has been accepted or declined. In some cases, the payment service provider may share this data with credit bureaus. The purpose of this sharing is to verify identity and creditworthiness. For more information, please refer to the payment service provider’s terms and conditions and privacy policy.

    Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which are available on their respective websites or within the transaction applications. We also refer you to these documents for further information and to exercise your rights of withdrawal, access, and other data subject rights.

    Booking – Calendly

    Our consulation scheduling is organized through a third party called Calendly LLC.

    You can view the Calendly’s privacy policy here.

    If you are unable or unwilling to use this provider, you may write to us at contact@fiberstorm.ch and we’ll schedule a meeting accordingly.

    Online Meetings – Google Meet

    As our primary service is conducted online, we are using Google Meet.

    Google collects data to provide services (e.g., technical data, IP addresses) , but does not use video/audio for advertising purposes. For more detailed information, please visit Google’s Privacy Policy and Meet’s security documentation: https://policies.google.com/privacy

    If you are unable or unwilling to use this provider, you may provide an alternative tool in consultation with us.

    User Insights – Google Analytics

    Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

    You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

    For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

    Newsletter – Mailchimp

    The newsletter is sent using the mailing service provider ‘MailChimp’, a newsletter mailing platform provided by the US company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the mailing service provider’s privacy policy here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection standards (Privacy Shield). The mailing service provider is used based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR and a data processing agreement pursuant to Art. 28 (3) sentence 1 GDPR.

    The shipping service provider may use the recipients’ data in pseudonymous form, i.e., without assigning it to a user, to optimize or improve its own services, e.g. for technical optimization of the shipping and presentation of the newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

    Note on Data Transfer to the United States

    Our website incorporates tools from companies based in the USA, among others. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g., secret services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.

    Copyright

    The copyright and all other rights to content, images, photos, or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.

    Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and, if necessary, liable for damages.

    General Disclaimer

    All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, accurate, and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, accuracy, and timeliness of information, including journalistic and editorial content. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless there is evidence of wilful intent or gross negligence.

    The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the content of this website. Visitors use or access this website at their own risk. The publisher, its clients, or partners are not responsible for damages, such as direct, indirect, incidental, specific, or consequential damages, allegedly caused by visiting this website and therefore accept no liability for such damages.

    The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked sites are solely responsible for their content.

    The publisher hereby expressly distances itself from all third-party content that may be relevant under criminal or civil law or that violates public decency.

    Changes

    We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any changes by email or other appropriate means in the event of an update.

    Questions

    Questions, comments and requests regarding this privacy policy are welcome and should be addressed to contact@fiberstorm.ch