datenschutz
The present website is part of the offer of the Swiss Customer Centricity Score. This privacy statement provides information about how we process personal data in connection with our website and our other online offerings.
For individual or additional offerings and services, specific, additional or other privacy statements may apply together with other legal documents such as general terms and conditions (GTCs), conditions of use or conditions of participation.
Our online offering is subject to Swiss data protection law as well as any applicable foreign data protection law, and in particular the General Data Protection Regulation (GDPR) of the European Union (EU). The EU acknowledges that Swiss data protection law guarantees adequate data protection.
1. Contact details
1.1 Responsibility for the online offering
Hochschule Luzern, Wirtschaft
Institut für Kommunikation und Marketing IKM
Prof. Dr. D. Georgi
Zentralstrasse 9
CH-6002 Luzern
1.2 Data protection representation in the EU / EEA
We enjoy the following data protection representation in the European Union (EU), or more particularly in the European Economic Area (EEA) including the Principality of Liechtenstein, in accordance with Art. 27 GDPR, as an additional point of contact for supervisory authorities and persons concerned for queries relating to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Deutschland
2. Processing personal data
2.1 Terms
Personal data are all data referring to an identified or identifiable person. A person concerned is a person whose personal data are processed. Processing encompasses any handling of personal data, independent of the means and processes used, in particular the collection, deletion, destruction, disclosure, modification, procurement, saving, storage and use of personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, and in particular the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG).
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Art. 6 para. 1b GDPR for the necessary processing of personal data for the performance of a contract with the person concerned and to take steps prior to entering into a contract.
- Art. 6 para. 1f GDPR for the necessary processing of personal data to protect the legitimate interests of our company or of third parties, insofar as the fundamental rights and freedoms as well as the interests of the person concerned do not prevail. In particular, legitimate interests refer to our ability to ensure the long-term, user-friendly, secure and reliable provision and, where necessary, advertising of our online service, information security and protection against improper and unauthorised use, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject in accordance with any applicable law of the EU or of the member states of the European Economic Area (EEA).
- Art. 6 para. 1e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6 para. 1a GDPR for the processing of personal data with the consent of the person concerned.
- Art. 6 para. 1d GDPR for the necessary processing of personal data to protect the vital interests of the person concerned or of any other natural person.
2.3 Type, scope and purpose
We process those personal data which are necessary in order to ensure the long-term, user-friendly, secure and reliable provision of our online service. Such personal data may fall into the categories of content data, inventory and contact data, peripheral data and usage data as well as contract data and payment information.
We process personal data for the time frame necessary to the relevant purpose or purposes or which is legally required. Personal data which no longer needs to be processed are anonymised or deleted.
In principle, we only process personal data with the consent of the person concerned, unless processing is permitted on other legal grounds, for example to fulfil a contract with the person concerned or to take steps prior to entering into a contract in order to protect our overriding legitimate interests because processing is evident from the circumstances or after prior information.
Within this framework, we essentially process information that the person concerned has made available to us, for example by letter post, e-mail, contact form, social media or telephone, or when registering voluntarily and in person for a user account. We can, for example, save this information in an address book, a customer relationship management system (CRM system) or using comparable tools. Insofar as you provide us with personal data about third parties, you are obliged to ensure data protection vis-à-vis these third parties as well as the accuracy of such personal data.
Furthermore, we process personal data which we receive from third parties, procure from publicly accessible sources or collect when providing our online service, if an insofar as such processing is permitted on legal grounds.
Personal data received from “applications” are only processed insofar as they relate to suitability for an employment relationship or are necessary for the subsequent execution of an employment contract. The personal data necessary to an application result from the information requested or provided within the framework of the job description. Candidates have the opportunity to volunteer other information relating to their respective applications.
2.4 Processing of personal data by third parties, potentially abroad
We can have personal data processed by third parties, in particular operators processing the order, or process them together with third parties or with the help of third parties or can communicate these data to third parties. Such third parties are essentially suppliers and other service providers. In the case of such third parties, we ensure suitable data protection.
Such third parties are, in principle, located in Switzerland and in the European Union (EU) or in the European Economic Area (EEA). Such third parties can be located in other states around the world and elsewhere in the universe insofar as the associated data protection law provides appropriate data protection in accordance with the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – in accordance with the assessment of the European Commission or if, for other reasons such as a relevant contractual agreement, in particular based on standard contractual clauses or relevant certification, appropriate data protection is provided. In the case of third parties in the United States of America (USA), certification in accordance with the Privacy Shield can guarantee appropriate data protection. In exceptional circumstances, such third parties can be located in a country without appropriate data protection insofar as the data protection requirements, such as the express consent of the person concerned, are satisfied.
3. Rights of the persons concerned
Persons concerned whose personal data we process enjoy the rights accorded by Swiss data protection legislation. These include the right of access to information as well as the right to rectify, erase and block the personal data that is processed.
Persons concerned whose personal data we process can – if and insofar as the General Data Protection Regulation (GDPR) is applicable – request, free of charge, confirmation of whether we are processing their personal data and, if this is the case, request information concerning the processing of their personal data, restrict processing of their personal data, exercise their right to data portability and rectify, erase (“right to be forgotten”), block or complete their personal data.
Persons concerned whose personal data we process can – if and insofar as the GDPR is applicable – revoke, at any time with future effect, consent that has already been granted and object to the processing of their personal data.
Persons concerned whose personal data we process enjoy the right of appeal to a relevant supervisory authority. The supervisory body for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data security
We take appropriate and adequate technical and organisational measures to ensure data protection, and in particular data security. Despite such measures, online personal data processing may nevertheless demonstrate security gaps. We cannot, therefore, guarantee absolute data security.
Access to our online service involves transport encryption (SSL / TLS with HTTPS).
Like, in principle, every Internet use – access to our online service is subject to unfounded mass supervision with any suspicion as well as additional supervision by the security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other states. We have no direct influence on the corresponding processing of personal data by intelligence services, police stations and other security agencies.
5. Use of our website
5.1 Cookies
We can use cookies for our website. Cookies – even those of third parties whose services we use (third-party cookies) – are data – often in the form of text files – which have been stored in your browser. Cookies cannot run programs or transmit malware such as Trojan horses or viruses.
When you visit our website, cookies may be saved temporarily to your browser as so-called “session cookies” or for a specific period of time, as so-called permanent cookies. “Session cookies” are erased automatically when you close your browser. In particular, permanent cookies enable your browser to recognise our website the next time you visit it and thus to measure the coverage of our website, for example. Permanent cookies can also be used for online marketing.
You can deactivate or erase cookies in/from your browser settings at any time, either partially or completely. Without cookies, you can nevertheless no longer make full use of our online service. We would ask you – if and insofar as necessary – to consent to the use of cookies.
In the case of cookies used for analytics or advertising, a general opt-out is available for numerous services via the Networking Advertising Initiative, YourAdChoices (Digital Advertising Alliance) and / or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Log-files
Every time our website is accessed, we can record the following information, insofar as it is sent by your browser to our server infrastructure or can be determined by our web server: the date and time including the time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including the user interface and version, browser including the language and version, individual pages and data volume transferred and, finally, the website consulted (referrer).
We store this information, which can also be deemed personal data, in log files. The information is necessary to ensure the long-term, user-friendly and reliable provision of our online service and to be able to guarantee data security and, in particular, the protection of personal data – potentially by or with the assistance of third parties.
5.3 Tracking pixels
We can use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small pictures which are retrieved when visiting our website. With tracking pixels, the same information can be recorded as in server log files.
6. Newsletter and other notifications
We can send newsletters and other notifications by e-mail and via other communication channels. We can have newsletters and other notifications sent by or with the assistance of third parties.
In principle, you must give your express consent to the use of your e-mail address and other contact details, unless use is permitted on other legal grounds. For any consent concerning e-mails, we use a “double opt-in”, which means that you receive an e-mail containing a web link, which you must click to confirm, thereby ensuring that no improper use can be made by unauthorised third parties. We can log such consents, including Internet Protocol (IP) addresses and the date and time.
Newsletters and other notifications may contain hyperlinks or tracking pixels, which record whether an individual newsletter or an individual notification has been opened and which hyperlinks have been clicked on (performance measurement). Such hyperlinks and tracking pixels record the use of newsletters and other notifications. We require this statistical measurement of use, including the coverage and success measurements, in order to be able to ensure effective, user-friendly, long-term, secure and reliable provision of newsletters and other notifications based on the reading habits of the recipients.
You can unsubscribe from newsletters and other notifications at any time and thus object to the aforementioned recording of use.
7. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested parties and provide information about our online service. The general terms and conditions (GTCs), data privacy statements and other provisions of the individual operators of these online platforms also apply.
For our social media presence on Facebook, we are – if and insofar as the GDPR is applicable – responsible, together with Facebook, for the so-called page insights which indicate how visitors interact with out Facebook presence. We use page insights to ensure that our social media presence on Facebook is effective and user-friendly. Facebook has published an Amendment concerning Responsibility for Page Insights.
8. Third-party services
We can call on the services of third parties in order to ensure the long-term, user-friendly, secure and reliable provision of our online service. Such services also serve to embed content in our online service. Such services – for example hosting and back-up services, video services and payment services – require your Internet Protocol (IP) address, otherwise they cannot transmit the relevant content. These services may be located outside Switzerland and the European Union (EU) or the European Economic Area (EEA) insofar as appropriate data protection is guaranteed.
For your own security-related, statistical and technical purposes, third-party services can also process data in connection with our online service and from other sources in an aggregated, anonymised or pseudonymised manner – among other things using cookies, log files and tracking pixels. Such data are not used to address people concerned in connection with our online service.
8.1 Maps
We use Google Maps to embed maps in our website. This also uses cookies. Google Maps is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Guidelines on Data Protection in Google Products (including Google Maps), in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you can object to personalised advertising.
8.2 Music and / or videos
We use YouTube to embed videos in our website. This also uses cookies. YouTube is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Guidelines on Data Protection in Google Products (including YouTube), in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you can object to personalised advertising.
We use Vimeo to embed videos in our website. This also uses cookies. Vimeo is a service provided by the American company Vimeo Inc. Further information concerning the type, scope and purpose of data processing can be found in the Vimeo Data Protection Questions and Answers and the Vimeo Privacy Policy.
8.3 Fonts
We use Adobe Fonts (formerly Typekit) to embed selected fonts in our website. No cookies are used for this purpose. This is a service provided by Adobe Systems Software Ireland Limited in Ireland or the American company Adobe Inc. Further information concerning the type, scope and purpose of data processing can be found in the Adobe data protection guidelines, in the data protection information concerning Adobe Fonts and in the “Adobe Privacy Center”.
We use fonts.com (also called fonts.net) to embed selected fonts in our website. This also uses cookies. It is a service provided by the American company Monotype Imaging Holdings Inc. specialising, among other things, in digital font design and represented in Europe – as far as can be seen – by the Germany company Monotype GmbH. Further information concerning the type, scope and purpose of data processing can be found in the Monotype data protection policy statement as well as on the “web font tracking” page and in the Monotype data privacy statement.
We use Google Fonts to embed selected fonts in our website. No cookies are used for this purpose. This is a service provided by the American company Google LLC independent of other Google services. Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. Further information concerning the type, scope and purpose of the data processing can be found in the Google Data Protection and Security Principles and Data Privacy Statement.
8.4 Performance and coverage measurement
We use Google Analytics to analyse how our website is used, whereby we can measure the coverage of our website and the success of third-party links on our website. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland.
Google also tries to record individual visitors to our website if they use different browsers or devices (cross-device tracking). This also uses cookies. For Google Analytics, your Internet Protocol (IP) address is required but is not pooled with other data by Google.
Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Guidelines on Data Protection in Google Products (including Google Analytics), in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you have the possibility to use the “browser add-on to deactivate Google Analytics” and to object to personalised advertising.
We use the Google Tag Manager to incorporate and manage analytics or advertising services provided by Google or third parties into our website. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. No cookies are used, although cookies may be used within the framework of the services incorporated and managed. We provide information concerning the processing of personal data via these services in the present data privacy statement.
For purposes of marketing and optimization on this website products and service services of the company LeadForensics. The head office of LeadForensics is located at Communication House 26 York Street, London, W1U 6PZ United Kingdom. Lead Forensics identifies details of your organization including phone number, web address, SIC code, a description of the company. In the process, Lead Forensics shows the actual course of your visit to this website, including all the pages that you visited and viewed and how long you spent on this page. Under no circumstances will the data be used to personally identify an individual visitor. As far as IP addresses are collected, these will be anonymized immediately after collection. On behalf of the operator of this website, Lead Forensics will use the information collected to evaluate your visit to the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
8.5 Advertising
We use Google Ads (formerly Adwords) to implement targeted advertising for our online service on the Google search engine and elsewhere on the Internet, for example on other websites, among other things based on search queries. Google Ads is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. Google Ads also uses cookies. Google uses different domain names – in particular doublelick.net, googleadservices.com and googlesyndication.com – for Google Ads.
Through this type of advertising, we particularly want to address people who are interested in our online service or who already use our online service. To this end, we communicate relevant – and personal – data to Google (re-marketing). We can also determine whether our advertising is successful, i.e. whether it directs visitors to our website (conversion tracking).
Further information about the type, scope and purpose of data processing can be found in the Google Data Protection and Security Principles and in the Data Privacy Statement, in the Information on how Google use data from websites on which Google services are used and in the Information about cookies at Google. Furthermore, you can object to personalised advertising.
9. Extensions for the website
We use Google reCAPTCHA to protect input forms against bots and spam while reliably facilitating inputs by people. This also uses cookies. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and in Switzerland. Further information concerning the type, scope and purpose of the data processing can be found in the Google Data Protection and Security Principles and Data Privacy Statement as well as in the Information about cookies at Google.
We use Slack to be able to chat directly with visitors to our website and to exchange other messages with them. This also uses cookies. Slack, or more precisely “Searchable Log of All Conversation and Knowledge”, is a service provided by the American company Slack Technologies, whereby the Irish company Slack Technologies Limited is responsible for users outside Canada and the US. Slack is subject to both the EU-American and Swiss-American Privacy Shield, whereby Slack undertakes to guarantee appropriate data protection. In particular, Slack has published the following information about the type, scope and purpose of the data processing: Data privacy statement, Information about the General Data Protection Regulation (GDPR) and the Inclusion in the Privacy Shield list.
10. Final provisions
We can amend and extend this data privacy statement at any time. We will provide information concerning any such amendments and extensions in the appropriate format, in particular by publishing the updated data privacy statement on our website.