Data protection declaration

With this data protection declaration we hereby inform you about the processing of personal data in connection with our website https://www.riposa.ch and other online services.

For separate or additional offers and services, special, supplementary or further data protection as well as other legal documents such as general terms and conditions, terms of use or conditions of participation may exist.

1. Contact addresses

Responsibility for the online content:

riposa AG Swiss Sleep
Bahnhofstrasse 33
8865 Bilten

marketing@riposa.ch

2. Processing of personal data

2.1 Terms

Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing means any handling of personal data, regardless of the means or methods used, especially the storage, disclosure, acquisition, collection, erasure, recording, alteration, destruction or use of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (DSG) and the Ordinance on the Federal Data Protection Act (VDSG).

2.3 Nature, scope and purpose

We process personal data that is required to provide our online services in a permanent, user-friendly, secure and reliable manner. Such personal data may fall into the categories of inventory and contact data, content data, metadata or marginal data, as well as usage data, location data, contract data and payment data.

We process personal data for the duration necessitated by the respective purpose or purposes. Personal data that no longer need to be processed will be anonymised or deleted.

In principle, we process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfil a contract with the data subject and for corresponding pre-contractual measures to protect our overriding legitimate interests, because the processing is apparent from the circumstances, or after prior information.

In this context, we process in particular information that the data subject voluntarily provides to us when making contact – for example by letter, email, contact form, social media or telephone – or when registering for a user account. We may store such information in an address book, in a customer relationship management (CRM) system, or with similar tools. If you transmit personal data to us about third parties, you are obliged to guarantee data protection vis-à-vis such third parties, as well as ensuring the accuracy of these personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our online services, if and to the extent such processing is permitted for legal reasons.

Personal data from applications will only be processed if they are necessary for the assessment of suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required for processing an application procedure are derived from the information requested or communicated, for example in the context of a job description. Applicants have the option of voluntarily submitting further information for their respective applications.

2.4 Processing of personal data by third parties, including abroad

We may have personal data processed by third parties, in particular by order processors, or process it jointly with third parties and with the help of third parties, or transfer it to third parties. Such third parties are in particular providers whose services we make use of. We also guarantee adequate data protection for such third parties.

However, such third parties may also be located in other countries around the world and elsewhere in the universe, provided that their data protection laws guarantee adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC), or if adequate data protection is guaranteed for other reasons, such as a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or corresponding certification. For third parties in the United States of America (USA), certification in accordance with the Privacy Shield can guarantee adequate data protection. In exceptional cases, such a third party may be located in a country without adequate data protection, provided that the data protection requirements, such as the express consent of the data subject, are met.

3. Rights of the data subject

Data subjects whose personal data we process have rights under Swiss data protection law. This includes the right to information as well as the right to correction, deletion or blocking of the processed personal data.

Data subjects whose personal data we process have the right to appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take reasonable and appropriate technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always be subject to security gaps. Therefore, we cannot guarantee absolute data security.

Access to our online services is via transport encryption (SSL / TLS with HTTPS).

Access to our online service is subject – as is in principle every use of the internet – to mass surveillance with no basis in cause or suspicion as well as other surveillance by security authorities in Switzerland, in the European Union (EU), in the United States of America (USA) and in other states. We cannot directly influence the appropriate processing of personal data by intelligence services, police forces and other security authorities.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – including from third parties whose services we use (cookies from third parties or third-party cookies) – are data in text form that are stored in your browser. Cookies cannot execute programs or transmit malware such as Trojan horses and viruses.

When you visit our website, cookies may be stored temporarily in your browser as ‘session cookies’ or for a certain period of time, whereby they are known as permanent cookies. ‘Session cookies’ are automatically deleted when you close your browser. In particular, permanent cookies make it possible to recognise your browser the next time you visit our website and thus measure, for example, the range of our website. However, permanent cookies can also be used, for example, for online marketing.

You can deactivate or delete cookies completely or partially in your browser settings at any time. Without cookies enabled, our online service may no longer be fully available. If and to the extent necessary, we request your consent for the use of cookies.

In the case of cookies that are used to measure success and reach or used for advertising, a general opt-out is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We may collect the following information on each occasion you access our website, provided that it is transmitted from your browser to our server infrastructure or can be detected by our web server: Date and time, including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, pages viewed on our website, including amount of data transferred, last page viewed in the same browser window (referer or referrer).

We store such information, which can also be personal data, in server log files. This information is required in order to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus in particular the protection of personal data – including by third parties or with the help of third parties.

5.3 Web beacons

We may use web beacons on our website. Web beacons are also referred to as tracking pixels. Web beacons – including those of third parties whose services we use – are small images that are called up when you visit our website. Web beacons can be used to record the same data that are logged in server log files.

6. Notifications and communications

We may send notifications and communications such as newsletters by email and through other communication channels such as instant messaging.

6.1 Success measurement and range measurement

Notifications and communications can include web links or web beacons that record whether an individual notification has been opened and which web links have been clicked (performance measurement). Such web links and web beacons may also record the use of notifications and communications in a way that can be attributed to the individual person. We need this statistical recording of usage, including success and reach measurement, in order to be able to offer notifications and communications based on the needs and reading habits of the recipients in an effective, user-friendly, permanent, safe and reliable way.

6.2 Consent and objection

In principle, you must expressly consent to the use of your email address and your other contact addresses, unless such use is permitted for other legal reasons. We use ‘double opt-in’ for any consent to receive emails, i.e. you receive an email with a web link, which you must click to confirm so that no misuse by unauthorised third parties can take place. Wir können solche Einwilligungen einschliesslich Internet Protocol (IP)-Adresse sowie Datum und Zeit aus Beweis- und Sicherheitsgründen protokollieren.

In principle, you can unsubscribe from notifications and communications such as newsletters at any time. We reserve the right to send notifications and communications that are absolutely necessary for our online service. By unsubscribing, you can in particular object to the statistical recording of usage, among other things for measuring success and reach.

6.3 Service providers for notifications and communications

We may have notifications and communications sent by service providers or sent with the help of service providers. We also guarantee adequate data protection for such service providers.

We use MailChimp to send and manage newsletters. Cookies are also used for this purpose. MailChimp is a service provided by the American The Rocket Science Group LLC. Further information on the type, scope and purpose of data processing can be found in MailChimp’s data protection declaration and on the ‘MailChimp, Privacy Shield and DSGVO’ page.

7. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and inform them about our online service. The General Terms and Conditions (GTC), data protection declarations and other provisions of the individual operators of such online platforms also apply in each case.

8. Third-party services

https://policies.google.com/te...We may use third-party services to provide our online service in a durable, user-friendly, secure and reliable manner. Such services also serve to embed content into our online service. Such services – such as hosting and storage services, video services, and payment services – require your Internet Protocol (IP) address, otherwise such services will not be able to transmit the content accordingly. Such services may be located outside Switzerland and the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein, provided that adequate data protection is guaranteed.

For their own security, statistical and technical purposes, third parties whose services we use may also process data in an aggregated, anonymous or pseudonymised form – including cookies, log files and web beacons – in connection with our online services and from other sources. Such data will not be used to reach data subjects directly in connection with our online services.

8.1 Social media features and social media content

8.1.1 Facebook

We use social plugins from Facebook to embed Facebook features and Facebook content into our website. Such functions include, for example, ‘Like’ or ‘Share’. Cookies are also used for this purpose. For more information, see the Facebook Social Plug-ins page.

The social plugins are provided by Facebook Ireland Ltd. in Ireland or the American Facebook Inc. If you are logged into Facebook as a user, Facebook can assign the use of our online service to your profile. For more information about the type, scope and purpose of data processing, please see Facebook’s Data Policy.

8.1.2 Instagram

For our website we use the option of embedding the features and content of Instagram. For example, we can use it to display images published on Instagram on our website. Cookies are also used for this purpose.

Instagram is a service provided by Facebook Ireland Ltd. in Ireland and Facebook Inc. in the United States. If you are a registered user of Instagram or other Facebook services, Facebook may assign the use of our online service to your profile. For more information about the nature, scope, and purpose of the data processing, see Instagram's Privacy Policy.

8.2 Map material

We use Google Maps to embed maps into our website. Cookies are also used for this purpose. Google Maps is a service provided by the American company Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. For more information about the nature, scope and purpose of the data processing, please refer to Google’s Privacy and Security Policy and Privacy Policy, the Google Product Privacy Policy (including Google Maps), the information on how Google uses data from web sites that use Google services, and information about Google’s cookies. It is also possible to object to personalised advertising.

8.3 Fonts

We use Google Fonts to embed selected fonts into our website. Cookies are not used for this purpose. EIt is a service provided by the American Google LLC, which is offered independently from other Google services. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. More information about the type, scope and purpose of data processing can be found in Google’s Privacy and Security Policy and Privacy Policy.

8.4 Success and reach measurement

8.4.1 Google Analytics

We use Google Analytics to analyse how our website is used, including, for example, measuring the reach of our website and the success of third-party links to our website. It is a service provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.

Google also attempts to track individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used for this purpose. Google Analytics requires your Internet Protocol (IP) address, which is not merged with any other data held by Google.

In any case, we have your Internet Protocol (IP) address anonymised prior to analysis by Google. As a result, your complete IP address will not in principle be transmitted to Google in the USA.

For more information about the nature, scope and purpose of the data processing, please refer to Google's Privacy and Security Policy and Privacy Policy, the Google Product Privacy Policy (including Google Analytics), the information on how Google uses data from web sites that use Google, and information about Google’s use of cookies. It is also possible to use the ‘Browser add-on to deactivate Google Analytics’ and to object to personalised advertising.

8.4.2 Google Tag Manager

We use Google Tag Manager to integrate and manage services for analytics or advertising from Google as well as third parties within our website. It is a service provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. No cookies are used, but cookies can be used in the context of the services integrated and administered with it. We provide information about the processing of personal data by such services in this privacy policy.

8.5 Advertising

8.5.1 Facebook Ads

We use Facebook Ads to promote our online services on Facebook in a targeted way. Facebook Ads is a service offered by Facebook Ireland Ltd. in Ireland and Facebook Inc. in the United States. Facebook Ads also uses cookies.

Using this type of advertising we would like to reach particular people who are interested in our online services or who already use our online services. For this purpose we transmit the corresponding information – potentially also personal data – to Facebook ( Custom Audiences including Lookalike Audiences ), in particular with the Facebook pixel. We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

For more information about the type, scope and purpose of data processing, please see Facebook’s Data Policy. In addition, Facebook users can use their advertising preferences to influence which ads they see on Facebook and which ads they see on Facebook in the future.

We use Google Ads (formerly AdWords) in order to be able to advertise our online services on the Google search engine and elsewhere on the Internet, for example on other websites, in a targeted manner, among other things on the basis of search queries. The Irish Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. Google Ads also uses cookies. Google uses different domain names – especially doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads.

Using this type of advertising we would like to reach particular people who are interested in our online services or who already use our online services. For this purpose, we transmit the corresponding information – potentially also personal data – to Google (remarketing). We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (conversion tracking).

For more information about the nature, scope and purpose of the data processing, please refer to Google's Privacy and Security Policy and Privacy Policy, the Google Product Privacy Policy, the information on how Google uses data from web sites that use Google, and information about Google’s use of cookies. It is also possible to use the ‘Browser add-on to deactivate Google Analytics’ and to object to personalised advertising.

9. Schlussbestimmungen

We have created this data protection declaration with the data protection generator from Datenschutzpartner, which is provided by the Swiss Papiertiger GmbH

We may amend and supplement this data protection declaration at any time. We will inform you about such adaptations and additions in an appropriate form, in particular by publishing the current data protection declaration on our website.

This is an English translation of the original German version. In case of doubt, the German version applies.