Privacy policy
With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our www.guvoto.ch website. We provide information on what personal data we process, for what purposes, how, and where. We also inform you about the rights of individuals whose data we process.
Additional privacy policies and other legal documents, such as Terms and Conditions (AGB), Terms of Use, or Participation Terms, may apply to specific or additional activities and operations.
We adhere to Swiss data protection law and potentially applicable foreign data protection law, especially that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Information
Responsible for the processing of personal data:
HOMM interactive GmbH
HOMM interactive GmbH
Winkelriedstrasse 35
6003 Lucerne
We will inform you if, in individual cases, there are other parties responsible for the processing of personal data.
Data Protection Representation in the European Economic Area (EEA)
We have the following data protection representation in accordance with Article 27 GDPR:
VGS DatenschutzÂpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
The data protection representation serves as an additional point of contact for inquiries related to the GDPR for individuals and authorities in the European Union (EU) and the rest of the European Economic Area (EEA).
2. Terms and Legal Basis
2.1 Terms
Personal data refers to all information that relates to a specific or identifiable natural person. An affected person is a person about whom we process personal data.
Processing encompasses any handling of personal data, regardless of the means and methods used, including querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, altering, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the Member States of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
We process personal data – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – based on at least one of the following legal bases:
- Article 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and for the performance of pre-contractual measures.
- Article 6(1)(f) GDPR for the necessary processing of personal data to safeguard the legitimate interests of us or third parties, provided that the fundamental rights and freedoms and interests of the data subject do not override. Legitimate interests include, in particular, our interest in being able to exercise our activities and operations in a permanent, user-friendly, safe, and reliable manner and to communicate about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
- Article 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the laws of Member States in the European Economic Area (EEA).
- Article 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Article 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Article 6(1)(d) GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
3. Type, Scope, and Purpose
We process personal data that is necessary to carry out our activities and operations in a permanent, user-friendly, safe, and reliable manner. Such personal data may include categories such as master and contact data, browser and device data, content data, metadata, and usage data, location data, sales data, and contract and payment data.
We process personal data for the duration required for the respective purpose(s) or as legally required. Personal data that is no longer required for processing will be anonymized or deleted.
We may engage third parties to process personal data on our behalf. We may jointly process or transmit personal data to third parties. Such third parties include specialized providers whose services we use. We ensure data protection even with these third parties.
We generally process personal data only with the consent of the data subjects. If and to the extent that processing is permissible for other legal reasons, we may waive the requirement to obtain consent. For example, we may process personal data without consent to fulfill a contract, fulfill legal obligations, or safeguard overriding interests.
In this context, we particularly process information that an affected person voluntarily submits to us when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book, a Customer Relationship Management System (CRM system), or similar tools. When we receive data about other persons, the sending parties are obligated to ensure data protection for these individuals and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, to the extent and where such processing is legally permissible.
4. Applications
We process personal data about job applicants to the extent necessary for assessing suitability for employment or for the subsequent performance of an employment contract. The required personal data can be derived in particular from the information requested, such as in the context of a job advertisement. Furthermore, we process personal data that job applicants voluntarily provide or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
We process personal data about job applicants – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – primarily in accordance with Article 9(2)(b) GDPR.
5. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly to process them there.
We can export personal data to all countries and territories on Earth and elsewhere in the Universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and – if the General Data Protection Regulation (GDPR) is applicable – according to the decision of the European Commission ensures adequate data protection.
We can transmit personal data to countries whose law does not guarantee adequate data protection, provided that data protection is guaranteed for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we can export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we will provide data subjects with information about any guarantees or provide a copy of any guarantees.
6. Rights of Data Subjects
6.1 Data Protection Claims
We grant data subjects all rights under applicable data protection law. Data subjects have the following rights in particular:
- Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes processed personal data as such, but also information about the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and request the restriction of the processing of their data.
- Deletion and Objection: Data subjects can request the deletion of personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
- Data Disclosure and Data Portability: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may, within the legally permissible framework, postpone, limit, or refuse the exercise of data subjects' rights. We may also inform data subjects of any requirements that must be met for the exercise of their data protection rights. For example, we may refuse to provide information with reference to business secrets or the protection of other persons in whole or in part. We may also refuse the deletion of personal data with reference to statutory retention obligations in whole or in part.
We may exceptionally provide for costs for the exercise of these rights. We will inform data subjects in advance of any possible costs.
We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are required to cooperate.
6.2 Right to Lodge a Complaint
Data subjects have the right to enforce their data protection claims in court or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Public Transparency Commissioner (EDÖB).
Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority to the extent and where the General Data Protection Regulation (GDPR) is applicable.
7. Data Security
We take appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is provided via transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, other parts of Europe, the United States of America (USA), and other countries, as is generally the case with any digital communication. We cannot directly influence the processing of personal data by intelligence agencies, law enforcement agencies, and other security authorities.
8. Use of the Website
8.1 Cookies
We may use cookies. Cookies - both first-party cookies (First-Party Cookies) and cookies from third parties whose services we use (Third-Party Cookies) - are data stored in the browser. Such stored data need not be limited to traditional text-form cookies.
Cookies can be stored in the browser either temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow a browser to be recognized on the next visit to our website, thereby measuring the reach of our website, for example. However, permanent cookies can also be used for online marketing purposes.
Cookies can be deactivated or deleted entirely or partially in the browser settings at any time. Our website may not be fully functional without cookies, and we request, at least if necessary, explicit consent for the use of cookies.
For cookies used for measuring success and reach or for advertising, many services offer a general objection ("opt-out") via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We may record the following information for each access to our website if it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific sub-page of our website accessed including transmitted data volume, last website visited in the same browser window (referer or referrer).
We store such information, which can also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably, and to ensure data security and, in particular, the protection of personal data, also by third parties or with the help of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.
9. Notifications and Communications
We send notifications and communications by email and through other communication channels such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that record whether an individual notification was opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and communications on a personal basis. We require this statistical measurement of use for the success and reach measurement to effectively, user-friendly, and permanently, securely, and reliably send notifications and communications based on the needs and reading habits of the recipients.
9.2 Consent and Objection
You must generally give your explicit consent for the use of your email address and other contact addresses unless the use is permitted for other legal reasons. We use the "Double Opt-in" procedure whenever possible, meaning you receive an email with a web link that you must click to confirm, to prevent misuse by unauthorized third parties. We may log such consents, including Internet Protocol (IP) address as well as date and time, for evidence and security reasons.
You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can also object to the statistical measurement of use for the success and reach measurement. Required notifications and communications related to our activities and operations are reserved.
9.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
We use, in particular:
- Brevo: Building and maintaining customer relationships, especially via email and instant messaging; Provider: Sendinblue GmbH (Germany); Data protection information: Privacy Policy, "Data Protection and Data Security", "Security and Data Protection".
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (AGB) and terms of use, as well as privacy policies and other provisions of the respective operators of such platforms, also apply. These provisions inform in particular about the rights of data subjects directly with respect to the respective platform, including the right to information.
For our Social Media presence on Facebook, including the so-called Page Insights, we are jointly responsible - to the extent and where the General Data Protection Regulation (GDPR) applies - with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (among others in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.
Further information on the nature, scope, and purpose of data processing, information on the rights of data subjects, and contact details of Facebook as well as Facebook's data protection officer can be found in Facebook's Privacy Policy. We have concluded the so-called "Addendum for Controllers" with Facebook, thereby agreeing in particular that Facebook is responsible for ensuring the rights of data subjects. The relevant information for Page Insights can be found on the page "Information about Page Insights", including "Information about Page Insights Data".
11. Third-Party Services
We utilize services from specialized third-party providers to conduct our activities and operations permanently, user-friendly, securely, and reliably. These services enable us to embed functions and content into our website. When embedding such content, for technical reasons, the utilized services may temporarily collect the Internet Protocol (IP) addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we utilize may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data required to provide the respective service.
We use, in particular:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General data protection information: "Privacy and Security Principles", Privacy Policy, "Google's Commitment to Compliance with Applicable Privacy Laws", "Privacy Practices in Google Products", "How Google Uses Data from Websites or Apps that Use Our Services" (Information from Google), "Types of Cookies Used by Google and Other Technologies", "Personalized Advertising" (Activation / Deactivation / Settings).
- Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General data protection information: "Privacy at Microsoft", "Trust Center - Privacy and Security", Privacy Statement, Privacy Dashboard (Data and Privacy Settings).
11.1 Digital Infrastructure
We utilize services from specialized third parties to access the required digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use, in particular:
- METANET: Hosting; Provider: METANET AG (Switzerland); Data protection information: Privacy Policy, "Technical and Organizational Measures".
11.2 Contact Options
We use services from selected providers to better communicate with third parties, such as potential and existing customers.
We use, in particular:
- bexio: Customer Relationship Management (CRM); Provider: bexio AG (Switzerland); Data protection information: Privacy Policy, "Cloud and Data Security", "Data Security - Definition and Measures for Companies".
11.3 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings, conduct online classes, and host webinars, among other activities. When participating in audio and video conferences, additional legal texts of individual services, such as privacy policies and terms of use, may apply.
We recommend muting the microphone by default and blurring the background or using a virtual background during audio or video conferences, depending on the circumstances.
We use, in particular:
- Google Meet: Video conferences; Provider: Google; Google Meet-specific information: "Google Meet - Security and Privacy for Users".
- Microsoft Teams: Platform for audio and video conferences, among other functions; Provider: Microsoft; Teams-specific information: "Privacy in Microsoft Teams".
- Skype: Audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; Data protection information: "Legal Information about Skype", "Privacy and Security".
- Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Data protection information: Privacy Policy, "Privacy at Zoom", "Legal Compliance Center".
11.4 Online Collaboration
We use third-party services to enable online collaboration. In addition to this privacy policy, any terms and conditions of the services used, such as terms of use or privacy policies, may apply.
11.5 Map Material
We use third-party services to embed maps into our website.
We use, in particular:
- Google Maps, including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: "How Google Uses Location Information".
11.6 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.
We use, in particular:
- YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".
11.7 Advertising
We have the opportunity to display targeted advertising for our activities and operations on third-party platforms such as social media platforms and search engines.
With such advertising, we aim to reach individuals who are already interested in or potentially interested in our activities and operations (Remarketing and Targeting). To do so, we may transmit relevant - possibly also personal - information to third parties that enable such advertising. We may also determine whether our advertising is successful, particularly whether it leads to visits to our website (Conversion Tracking).
Third parties on which we advertise and where you are registered as a user may potentially associate the use of our online offerings with your profile on their platform.
We use, in particular:
- Facebook Advertising (Facebook Ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including the USA); Data protection information: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, Privacy Policy, "Ad Preferences" (user registration required).
- Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, using various domain names - including doubleclick.net, googleadservices.com, and googlesyndication.com - for Google Ads, "Advertising" (Google), "Why Am I Seeing This Ad?".
- Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including the USA); Data protection information: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), "Ad Preferences" (Instagram) (user registration required), "Ad Preferences" (Facebook) (user registration required).
12. Website Extensions
We use website extensions to enable additional functions for our website.
We use, in particular:
- Google reCAPTCHA: Spam protection (distinguishing between desired comments from humans and unwanted comments from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
13. Success and Reach Measurement
We seek to determine how our online offering is used. In this context, we may, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. However, we may also experiment with and compare how different parts or versions of our online offering are used ("A/B test" method). Based on the results of success and reach measurement, we can, in particular, correct errors, strengthen popular content, or make improvements to our online offering.
In most cases, IP addresses of individual users are stored for success and reach measurement. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through the corresponding pseudonymization.
Success and reach measurement may involve the use of cookies and the creation of user profiles. Any user profiles created may include, for example, individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the - at least approximate - location. In principle, any user profiles created are strictly pseudonymized and not used to identify individual users. Individual services provided by third parties, where users are logged in, may potentially associate the use of our online offering with the user's account or user profile on the respective service.
We use, in particular:
- Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking), as well as with pseudonymized IP addresses, which are only exceptionally transmitted in full to Google in the USA, "Privacy", "Google Analytics Opt-out Browser Add-on".
- Google Tag Manager: Integration and management of other services for success and reach measurement, as well as other services provided by Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data Collected with Google Tag Manager"; additional information on data protection can be found with the individual services integrated and managed.
14. Final Provisions
We have created this privacy policy with the Privacy Policy Generator from Datenschutzpartner.
We may adapt and supplement this privacy policy at any time. We will inform about such adaptations and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.