privacy policy

MusikSpitex, Basel September 30, 2024

We ensure compliance with the European General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG), insofar as these laws are applicable, with appropriate technical and organizational measures.

The General Data Protection Regulation only applies if its conditions of application are met, otherwise Swiss data protection law applies exclusively.
This general privacy policy applies to all of our online offerings (websites, social media presences, etc.).

1. general information on data processing

1.1 Scope and purpose of the processing of personal data
Your personal data will only be processed to the extent necessary to provide our online offers, content and services. As a rule, personal data is only collected and used with your consent or if the processing of the data is permitted by law.

1.2 Legal basis for the processing of personal data
Insofar as the scope of application of the European General Data Protection Regulation is opened, the General Data Protection Regulation (GDPR) applies. In the case of exclusive reference to Switzerland or Swiss contractual partners, Swiss law (namely the FADP) applies exclusively.

Personal data is processed on the following basis:

Consent on your part (Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 and 6 as well as Art. 31 FADP),
Necessity for the fulfillment of a contract concluded between you and us (Art. 6 para. 1 lit. b GDPR or Art. 31 para. 2 lit. a FADP),
Necessity for the implementation of pre-contractual measures (also Art. 6 para. 1 lit. b GDPR or Art. 31 para. 2 lit. a FADP),
Necessity to fulfill a legal obligation (e.g. statutory retention and storage obligations) (Art. 6 para. 1 lit. c GDPR or Art. 31 para. 1 FADP),
Safeguarding the vital interests of the data subject or another natural person (Art. 6 para. 1 lit. d GDPR or Art. 31 para. 1 FADP),
Necessity to protect our legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR or Art. 31 para. 1 FADP).

1.3 Disclosure of personal data to third parties and processors
No personal data will be passed on to third parties without your express consent.
The provider may provide the services in cooperation with external service providers. The transfer to these external providers is always based on the aforementioned legal bases. As part of this so-called order processing, the transfer of personal data takes place on the basis of Art. 28 GDPR or Art. 9 FADP.
The provider only commissions processors who offer sufficient guarantees that suitable technical and organizational measures are taken to ensure that processing is carried out in accordance with the requirements of the GDPR and FADP.

1.4 Data transfer to third countries
The provider is based in Switzerland, which means that there is a third country relationship with the EU. The EU has assessed the Swiss data protection regulations as adequate (Art. 44 et seq. GDPR and Art. 16 para. 1 FADP) and vice versa.
As part of the provision of services, personal data is transferred to the European Union for further processing and vice versa.
The provider only allows your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR or Art. 6 para. 1, Art. 16 f. and Art. 31 para. 1 and 2 FADP are met. This means that your data will only be processed on the basis of special guarantees and that the third country has an adequate level of data protection.

1.5 Deletion of data and storage period
Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies.
The provider processes personal data for as long as is necessary for the respective purposes. In the case of longer-term storage obligations, e.g. due to legal obligations, the duration of processing is adjusted accordingly. Insofar as documentation obligations (accounting, tax records) exist, such data is not covered by any deletion as long as the corresponding obligation exists.

2 Rights of the data subjects
As your personal data is processed, you are considered a data subject within the meaning of Art. 4 para. 1 GDPR and Art. 5 lit. a FADP.
You are entitled to the following rights insofar as they are provided for by the applicable data protection law:

2.1 Right to revoke a declaration of consent
You have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the other grounds for justification.

2.2 Right to information

At your request, the provider will inform you whether or not data about you is being processed.

If the provider processes data about you, you will be provided with the following information regarding the personal data processed:

the purposes of the processing;
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed
in the case of transfer to a third country or an international organization, additional information on the appropriate safeguards pursuant to Art. 46 GDPR or Art. 16 FADP
the planned duration (if possible) for which the personal data will be stored or the criteria for determining this duration (if the planned duration cannot be determined)
the existence of the right to rectification or erasure of personal data concerning you, the right to restriction of processing by us or the right to object to such processing
the existence of the right to lodge a complaint with a supervisory authority
all available information about the origin of the data if the personal data is not collected directly from you.

You will generally receive a copy of the personal data within one month of receipt of the request for information. As a rule, copies are sent electronically.

2.3 Right to rectification

If your personal data is incorrect, you have the right to request that the incorrect data be corrected immediately. If personal data is incomplete, you have the right to request that it be completed.

2.4 Right to erasure

You have the right to request the erasure of your personal data.

The deletion will be complied with immediately if:

the data is no longer necessary for the purpose for which it was collected;
you withdraw your consent to data processing and there is subsequently no other legal basis for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing
the personal data has been processed unlawfully;
the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States.

The right to erasure does not exist if the provider processes the data in order to assert, exercise or defend legal claims or if there is an overriding public interest.

2.5 Right to restriction of processing

You may request the restriction of the processing of personal data if in particular

the accuracy of the personal data is contested for a period enabling the accuracy of the personal data to be verified;
the processing is unlawful and the restriction of the use of the personal data is requested instead of erasure.

If processing has been restricted for the aforementioned reasons, this personal data will only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU, Switzerland or a member state.

You will be informed before the restriction is lifted.

2.6 Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, provided that the processing is based on consent or on a contract and is carried out by automated means.

2.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Without this processing, it may no longer be possible to use the provider's services.

3. use of our online offers

In principle, you can use the online services without disclosing your identity (namely publicly accessible websites). In the context of a contractual relationship with the provider, the disclosure of your identity is a prerequisite.

3.1 Data collection when visiting our websites

If the provider's websites are used purely for information purposes (there is no registration, contract, etc.), the provider only collects the personal data that your browser transmits to the provider's servers.

This is the following data, which is technically necessary (not exhaustive):

Date and time of the request,
IP address of the user,
Content of the request (specific page),
Access status/HTTP status code,
Website from which the request originates,
Operating system of the user,
Language and version of the browser software

Since the collection of data to display the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no option to object in this respect.

3.2 Use of cookies
Various types of cookies are used:
Temporary cookies (e.g. “session cookies” etc.) are deleted after you leave our online offer and close the browser.
Permanent cookies (e.g. for search settings, language, etc.) remain stored even after you close the browser. They have an expiration date and can be deleted at any time in the security settings of your browser. Such cookies are also used for reach measurement or marketing purposes.

In addition to so-called “first-party cookies”, which are set by the provider as the data controller, “third-party cookies” are also used. These third-party cookies are offered by other providers.

For the processing of personal data using “first-party cookies”, the provider relies on Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 as well as Art. 31 para. 1 and 2 FADP; for the processing of personal data using “third-party cookies” on Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 as well as Art. 31 para. 1 and 2 FADP.

3.3 Customer account, contact forms and email contact
The input screen in the registration process shows which data is processed. This information is used for the purpose of using our offers and providing services.

You have the option of canceling your user account at any time. In this case, your data will be deleted unless the provider is required by law to retain it.

To contact the provider, you will find contact forms and e-mail links (mailto) on our online offers, which can be used for electronic contact.

3.4 Newsletter
The provider uses Brevo (formerly sendinblue) to send newsletters. The regular sending of information, in particular newsletters, only takes place with your consent, which is obtained as part of a double opt-in procedure. “Double opt-in” means that you will receive an e-mail with a web link that you must click on to confirm. The confirmation is stored as a click on the link together with the time, email address and IP address for verification purposes. You can unsubscribe at any time via an unsubscribe link, which is included in every newsletter. The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 FADP and Art. 31 para. 1 and 2 FADP.

In addition to sending newsletters, the provider may contact you by e-mail to inform you about news in the existing business relationship and about new products (direct advertising or information). The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 FADP and Art. 31 para. 2 lit. a FADP.

The use of the provider's newsletter (opening the newsletter, clicking on links) is stored and linked to the data that is stored by Brevo. This procedure enables the provider to improve the offers (success and reach measurement).

Brevo's servers are located in the EU, which means that your email address and your newsletter usage activities are transmitted to the relevant servers.

Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany

3.5 Fonts

The provider may use fonts from external service providers. Since a request is made by your browser when the fonts are retrieved, the respective server will learn your IP address and other information sent by your browser (e.g. your browser software). The third-party providers may use content delivery networks to provide the fonts.

The following third-party providers may be used:

GT Walsheim

Provider: Grilli Type AG, Tivolistrasse 13, 6006 Lucerne, Switzerland

Adobe Fonts (Typekit):

Provider: Abobe Ireland, 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland

Monotype (including fonts.com also as a service provider of Adobe Fonts):

Provider: Monotype Imaging Holdings Inc, Legal Department - Privacy, 600 Unicorn Park Drive, Woburn, MA 01801 USA

Google Fonts:

Provider: Abobe Ireland, 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland

3.6 External links
It is possible that the provider's online offer may link to external sites. The provider has no influence on whether the respective operators comply with data protection regulations.

4 Social media presences / third parties
We offer online services on various social media platforms in order to provide information there and to be able to contact you.

We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offerings, the platform operator stores cookies in your browser in which your usage behavior and interests are stored for market research and advertising purposes. The platform operators use the usage profiles obtained in this way - usually across all devices - to display personalized advertising to you. Data processing may also affect people who are not registered as users with the respective social media platform. Under certain circumstances, your data may be processed outside the European Union, which may make it more difficult to enforce your rights. However, when selecting such social media platforms, we ensure that the operators undertake to comply with the data protection standards of the EU and Switzerland.

The processing of your personal data when you visit one of our social media offerings is based on our legitimate interests in a diverse external presentation of our company and the use of an effective means of information and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP. Under certain circumstances, you may also have given a platform operator your consent to data processing, in which case the legal basis is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 and Art. 31 para. 1 and 2 FADP.

Detailed information on data processing in connection with the use of our social media offerings, opt-out options and the assertion of information rights can be found in the privacy policy of the relevant platform operator.

4.1 Facebook

Data processing is carried out on the basis of an agreement on the joint processing of personal data in accordance with Art. 26 GDPR and Art. 9 FADP.

Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Opt-out: https://www.facebook.com/settings?tab=ads

4.2 Google / YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Opt-out: https://adssettings.google.com/authenticated

4.3 Instagram

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Opt-out: https://www.facebook.com/privacy/policy/?section_id=1-WhatInformationDoWe

4.4 Twitter/X

Provider: Twitter International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, IRELAND

Opt-Out: https://twitter.com/personalization

4.5 LinkedIn

Provider: LinkedIn Ireland Unlimited Company. Attn: Legal Dept (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

4.6 Vimeo

Provider: Vimeo.com, Inc, Attention: Data Protection Officer, 330 West 34th Street, 5th Floor, New York, New York 10001, USA

5. information and data security

The provider takes information security just as seriously as data protection.

Appropriate security of your data within the meaning of Art. 32 GDPR and Art. 8 FADP is ensured in order to protect your personal data.

6 Entry into force / amendments

Basel, September 30, 2024