Digital Festival | Neumarkt 17 | 8001 Zürich | Schweiz
Digital Festival AG Data Protection Notice
Version dated 15 June 2018
This Data Protection Notice explains how Digital Festival AG (hereinafter referred to as we or us) collect and otherwise process personal data. This is not intended to be an exhaustive description. Other data protection notices, general terms and conditions of business, participation conditions and similar documents may apply to certain situations. Personal data means any information relating to an identified or identifiable person.
If you provide personal data to us relating to other people (e.g. family members, work colleagues), please ensure that these individuals are aware of this Data Protection Notice and that you only disclose personal data to us that are correct and that you are authorised to supply to us.
This Data Protection Notice is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is an EU Regulation, it is relevant to us. The Swiss Data Protection Act (DPA) is strongly influenced by EU law, and companies outside the European Union or EEA are required to comply with the GDPR in certain circumstances.
1. Controller/data protection officer/representative
Unless otherwise specified, Digital Festival AG, Neumarkt 17, 8001 Zurich, is the controller responsible for the data processing operations described herein. If you have any queries relating to data protection, please contact us at the following address: Digital Festival AG, Neumarkt 17, 8001 Zurich, firstname.lastname@example.org
2. Collection and processing of personal data
We mainly process personal data that we obtain in the course of our business relationship with clients, other business partners of our clients and other persons involved, or that we collect from users in the course of operating our websites, apps and other applications.
Where permitted, we may gather certain data from publicly available sources (e.g. debt collection registers, land registries, commercial registers, the press, the Internet) or obtain data from other companies, the authorities and other third parties. In addition to data that you supply to us directly, the categories of personal data relating to you that we obtain from third parties include, but are not limited to, information from public registries, information disclosed to us in connection with administrative and legal proceedings, information relating to your occupation and professional activities (e.g. to allow us, with your assistance, to enter into and carry out transactions with your employer), information regarding you in correspondence and discussions with third parties, credit history (in the event that we carry out transactions with you personally), information given to us by people close to or acting for you (family, advisors, legal representatives, etc.) to allow us to enter into or perform agreements with you or involving you (e.g. references, your address for deliveries, authorisations, information regarding compliance with legal requirements, e.g. anti-money laundering rules and export restrictions), information provided by banks, insurance companies, our distributors and other contracting partners to enable you to use or provide services (e.g. payments or purchases made), information relating to you in the media or on the Internet (where appropriate in the particular circumstances, e.g. for the purposes of applications, press reviews, marketing/sales, etc.), your addresses and, where applicable, your interests and other socio-demographic data (for marketing purposes), data relating to use of our website (e.g. IP address, MAC address assigned to a smartphone or computer, details of your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring websites, location information).
3. Purposes of data processing and legal basis
We primarily use the personal data we collect for the purpose of entering into and performing agreements with our clients and business partners.
We also process personal data concerning you and others insofar as is permitted and deemed appropriate by us, including for the following purposes that are in our legitimate interest or, in certain cases, the legitimate interest of a third party:
Providing and developing our products, services, websites, apps and other platforms on which we have a presence
Communicating with third parties and dealing with enquiries (e.g. applications, media enquiries)
Verifying and optimising needs analysis procedures for the purposes of approaching clients directly and collecting personal data from publicly available sources for client acquisition purposes
Advertising and marketing (including staging events), provided that you have not objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, at which point we will put your name on a list to stop any further mailshots)
Market research, opinion polling and media monitoring
Enforcing and defending legal rights and claims in the context of litigation and administrative proceedings
Preventing and investigating criminal offences and other wrongful acts (e.g. conducting internal investigations, analysing data for the prevention of fraud)
Ensuring operations, including our IT, websites, apps and other appliances
If you have given us consent to process your personal data for specific purposes (for example registering to receive newsletters or carrying out a background check), we will process your personal data within the scope of and based on this consent in the absence of any other legal basis, insofar as such legal basis is required. Consent may be withdrawn at any time, although this will not affect any data processing undertaken prior to withdrawing consent.
4. Cookies, tracking and other technologies relating to use of our website
By using our websites and apps and agreeing to receive newsletters and other marketing e-mails you consent to our use of such techniques. If you object, you will need to configure your browser or e-mail programme accordingly, or uninstall the app if this cannot be adjusted by configuring your settings.
We may use Google Analytics or similar services on our websites. These are services provided by third parties, which may be located in any country (in the case of Google Analytics, Google LLC is based in the US, www.google.com) and allow us to measure and evaluate the use of our website (without identifying individuals). Permanent cookies, which are placed by the service provider, are also used for this purpose. Although such service providers do not receive personal data from us (and do not retain any IP addresses), they may track your use of the website, combine this information with data from other websites you have visited, which are also tracked by service providers, and use this information for their own purposes (e.g. to manage advertising). If you have registered with the service provider concerned, the service provider will also know your identity. The service provider concerned will then be responsible for processing your personal data in accordance with the applicable data protection provisions. Service providers only provide information on how a particular website is used (but not any personal details).
We also use plugins from social networks such as Facebook, Twitter, YouTube, Google+, Pinterest or Instagram on our websites. This will be evident to you, as the relevant symbol will typically be displayed. We have configured these elements to be disabled by default. If you enable these (by clicking on them), the social network operators may register that you are on our website and where you are on our website, and may use this information for their own purposes. The operator concerned will then be responsible for processing your personal data in accordance with the applicable data protection provisions. We will not receive any information regarding you from the operator concerned.
5. Disclosure of data and data transfer to other countries
In furtherance of our business activities and the purposes of the data processing set out in clause 3, we may disclose data to third parties, insofar as such disclosure is permitted and deemed appropriate by us, because such third parties process data on our behalf or because they intend to process data for their own purposes. The following categories of recipient may be involved in particular:
Our service providers, including parties processing data on our behalf (e.g. IT service providers)
Public authorities, agencies or the courts either within or outside Switzerland
Purchasers or prospective purchasers of business divisions, entities or other parts of Digital Festival AG
Other parties involved in potential or actual legal proceedings
These are hereinafter collectively referred to as Recipients.
Such Recipients may be based in Switzerland or elsewhere. In particular, you must assume that your data will be transferred to any countries in which our service providers (e.g. Google, Microsoft) are located. If we transfer data to a country without a proper legislative framework for data protection, we will use appropriate agreements, as required by law, to ensure an adequate level of protection (for example based on the European Commission standard contractual clauses, which are available here, here and here) or binding corporate rules. Alternatively, we will rely on applicable exemptions, as defined by law, such as consent, performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data, or the need to protect the integrity of data subjects. You may obtain a copy of the aforementioned contractual safeguards at any time from the point of contact specified in clause 1. However, we reserve the right to redact copies on the grounds of data protection or confidentiality, or only to supply excerpts.
6. Length of time personal data is retained
We will process and retain your personal data to the extent that and for as long as the personal data are required for the performance of our contractual obligations, compliance with legal obligations or for other purposes pursued with the processing, i.e. throughout the continuation of the business relationship (from initiation of the contract and during performance thereof until such time as it is terminated) and for longer periods in line with statutory retention and documentation requirements. Personal data may be retained throughout any period in which claims may be brought against our company, in any circumstances in which we are otherwise legally required to retain data, or the retention of data is required for legitimate business interests (e.g. for evidential and documentation purposes). Any personal data that are no longer required for the aforementioned purposes will ordinarily be erased or anonymised insofar as is practicable. In general, shorter retention periods not exceeding 12 months apply to operational data (e.g. system logs).
7. Data security
We have implemented appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse.
8. Obligation to provide personal data
During the course of our business relationship you must provide us with any personal data that is required for the purpose of entering into and performing any business relationship and for the purpose of performing the applicable contractual obligations (as a general rule, you are not required to provide such data to us by law). In the absence of such information, we will not normally be able to enter into or perform any contract with you (or any entity or person that you represent). Neither is it possible to use the website without disclosing certain information to ensure the free flow of data (e.g. IP address).
In some instances, we may process your personal data by automated means with a view to evaluating certain personal aspects (profiling). In particular, we use profiling in order to provide information and advice on specific products that may be of interest to you. For this purpose, we may use evaluation tools to facilitate communication with you and provide advertising as required, including market research and opinion polling.
10. Rights of data subjects
In accordance with the data protection legislation applying to you and to the extent provided therein (e.g. under the GDPR), you have the right to access personal data, the right to rectification and erasure of your personal data, the right to restriction of processing or to object to data processing as well as the right to have certain personal data released for transmission to another controller (data portability). Please note, however, that we reserve the right to rely on any restrictions laid down in law, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we are permitted to invoke such interest) or require the data for the purpose of enforcing rights. We will inform you in advance of any costs that you may incur. We previously informed you of the option to withdraw consent in clause 3 above. Please note that any exercise of such rights may be inconsistent with the terms of specific agreements and may result, for example, in early termination of the contract or have cost implications. We will inform you in advance if this is the case in the absence of any contractual provisions to this effect.
You will normally be required to provide clear evidence of your identity prior to exercising such rights (e.g. by presenting a copy of an identification document if you cannot be clearly identified or it is not possible to verify your identity by some other means). In order to exercise your rights, please contact us at the address indicated in clause 1 above.
In addition, all data subjects have the right to take legal action to enforce their rights or to file a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
We are entitled to amend this Data Protection Notice at any time without prior notification. The current version published on our website will apply. If the Data Protection Notice forms part of an agreement with you, we will notify you of any updates or amendments by e-mail or by some other appropriate means.