Privacy Policy

Last Update 15.06.2022

This is Ornamental Studio's policy to respect your privacy regarding any information we may collect while operating our website. This Privacy Policy applies to www.ornamental-studio.com (hereinafter, "us", "we", „operator” or "www.ornamental-studio.com"). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the Website. We have adopted this privacy policy ("Privacy Policy") to explain what information may be collected on our Website, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the Website and does not apply to our collection of information from other sources.

This Privacy Policy, together with the Terms of Service posted on our Website, set forth the general rules and policies governing your use of our Website. Depending on your activities when visiting our Website, you may be required to agree to additional terms of service.

The responsible body within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Ornamental Studio
Izabela Cook

Spiegelbergstrasse 24, 4059 Basel
e-Mail: iza@ornamental-studio.com
Website: https://www.ornamental-studio.com/

General remarks

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the federal government (Data Protection Act, DSG), everyone has the right to the protection of their privacy and protection from misuse of their personal data. The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorized access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data as described below. In principle, this website can be visited without registration. Data, such as pages accessed, names of files accessed, and date and time are stored on the server for statistical purposes, without direct relation to the user. Personal data, in particular name, address and/or e-mail address, are collected on a voluntary basis if possible. The data stored will not be passed on to third parties without your prior consent.

Processing of Personal data

Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

Personal data is processed in accordance with the Swiss data protection law. To the extent and insofar the EU GDPR is applicable, personal data will be additionally processed in accordance with the following legal bases connected to Art. 6 Para. 1 GDPR:

• lit. a) Processing of personal data with the consent of the data subject.

• lit. b) Processing of personal data for the fulfillment of a contract with the data subject and for the implementation of corresponding pre-contractual measures.

• lit. c) Processing of personal data to fulfill a legal obligation to which we are subject in accordance with any applicable EU law or in accordance with any applicable law of a country in which the GDPR is fully or partially applicable.

• lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.

• lit. f) Processing of personal data in order to protect the legitimate interests of us or of any third parties provided that the fundamental freedoms, rights, and interests of the person(s) concerned do not prevail. Legitimate interests are in particular our business interests in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

Personal data will be processed for the duration deemed necessary for the respective purpose or purposes. In the case of long-term retention requirements, due to legal or any other obligations, the processing will be limited accordingly.

Privacy policy for Cookies

This site uses cookies. Cookies are small text files that make it possible to save specific, user-related information on the user's device whilst using the website. Cookies make it possible to determine the frequency of the use and the number of users of the pages; in addition, cookies make it possible to analyze the behavior of the page usage, but also to make page-use more customer-friendly. Cookies are stored beyond the end of a browser session and can be recalled upon visiting the site again. If you do not agree, you can change the default settings of your internet browser so that it refuses to accept cookies.

A general objection to the use of cookies for online marketing purposes can be made for a large number of services, particularly in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Already saved cookies can be deactivated in the browser settings. Please note that by deactivating cookies you may not be able to use all functions of the website.

Data protection declaration for SSL / TLS encryption

This website uses SSL / TLS encryption for security reasons as to protect the transmission of confidential content, such as inquiries you send to the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line. If SSL or TLS encryption is active, third parties cannot read the transmitted data.

Data protection declaration for Server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version

• The operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

Privacy policy Contact form

If you send us inquiries using the contact form, the details on the inquiry form, including contact details if provided, will be stored at our site to be able to process the inquiry and in anticipation of possible follow-up questions. However, none of these data will be passed on without your prior consent.

Data protection declaration for Newsletter data

If you would like to receive the newsletter offered on this website, an e-mail address, additional information to verify ownership of this e-mail address, and a confirmation that you indeed wish to receive the newsletter, is required. No additional data will be obtained. This data will exclusively be used for sending the requested information and will not be passed on to third parties. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time using the "Unsubscribe" link in the newsletter.

Data protection declaration for Information, deletion, blocking

You have the right to obtain information, free of charge, about your stored personal data, their origin, and receipt, and the purpose of their processing, as well as the right to correct, block or delete these data at any time. If you have any further questions in relation to your personal data you can contact us at the address given in the legal notice.

Data protection declaration for the Objection of advertising mails

We hereby object to the use of the contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages explicitly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

Paid services

For the provision of chargeable services, additional data are required, such as payment details to be able to process your order. We store these data in our systems until the statutory retention periods have expired.

Data protection declaration for Google Analytics

This website uses Google Analytics, a web user analysis service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics uses cookies. These small text files make it possible to save specific, user-related information on the user's device, enabling functional analysis of the use of our website by Google. The information collected by the cookie in this respect (including your IP address) is by default transmitted to a Google server in the USA and stored there. However, for this website, Google Analytics has been expanded to include the code "gat._anonymizeIp ();" to ensure anonymous collection of IP addresses (so-called IP masking). If anonymization is active, Google shortens IP addresses within member states of the European Union or in other contracting states covered by the adequacy decision agreement on the European Economic Area, prohibiting Google to draw any conclusions in relation to your identity. Only in exceptional cases, it can occur that a full IP address will be sent to a Google server in the USA for shortening. Google complies with the data protection provisions of the “Privacy Shield” agreement and is registered within the “Privacy Shield” program of the US Department of Commerce. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

This analysis tool is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s additional activities. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time. You can find out more at https://support.google.com/analytics/answer/6004245?hl=de.

Data protection declaration for the use of Google Web Fonts

This website uses web fonts provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy:

https://www.google.com/policies/privacy/

Google Tag Manager

Google Tag Manager is used to manage so-called website tags via an interface enabling us to for example, integrate Google Analytics and other Google marketing services into our online platform. The Tag Manager itself, which implements the tags, does not process any personal data from users. Additional information in regards to the processing of users' personal data, by Google´s Tag Manager can be found in the usage guidelines:

https://www.google.com/intl/de/tagmanager/use-policy.html

Data protection declaration for Instagram

This website uses functions from Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram. Additional information can be found at Instagram's privacy policy web page: http://instagram.com/about/legal/privacy/

Privacy policy for LinkedIn

This website uses functions of the LinkedIn network, provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. Subsequently, LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged in into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn. Additional information can be found at LinkedIn's data protection declaration web page: https://www.linkedin.com/legal/privacy-policy

External payment Service providers

This website uses external payment service providers, through whose platforms the website users and owner’s payment transactions are carried out, e.g.:

• STRIPE (https://stripe.com/ch/privacy)

• Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)

• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)

• UBS SWITZERLAND (www.ubs.com/global/en/legal/privacy.html)

• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

As per contract defined, either the Swiss Data Protection Regulation or if otherwise stated, Article 6 Paragraph 1 lit. b. EU GDPR applies on the use of these payment service providers. In addition, external payment service providers are used on the basis of legitimate interests in accordance with the Swiss Data Protection Regulation and, if stated otherwise, in accordance with Article 6 (1) (f) of the EU GDPR, to offer the web site users the most effective and secure payment options.

The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the relevant payment service provider. As operator, we do not receive any information on your (bank) account or credit card, only information regarding the confirmation or rejection of your payment. For crosschecking your identity and credibility, however, your data may be transmitted by the payment service provider to credit agencies. For additional information on payment transactions, terms and conditions that apply, the relevant data protection regulations, the rights of revocation, and information on other data subjects, we refer to the respective payment service provider.

Newsletter - MailerLite

We use MailerLite to manage our email marketing subscriber list and to send emails to our subscribers. MailerLite is a third-party provider, which may process your data using industry-standard technologies to help us monitor and improve our newsletter.

MailerLite’s privacy policy is available at https://www.mailerlite.com/legal/privacy-policy

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.

Use of Adobe Typekit

Adobe Typekit is used for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd., to enlarge our font library. To incorporate the fonts we use, your browser must connect to an Adobe server in the USA and download the font required for our website. This provides Adobe with the information that our website has been accessed from your IP address. Additional information on the Adobe Typekit data protection policy can be found at www.adobe.com/ch_de/privacy/policies/typekit.html.

Contractual Services

We process data of our contractual partners and other interested parties (uniformly referred to as "contractual partners") in accordance with the data protection regulations of the federal government (Data Protection Act, DSG) and the EU GDPR in accordance with Art. 6 Para. 1 lit. b. GDPR in order to provide contractual or pre-contractual services. The data processed here, the type, scope and purpose, and the necessity of their processing, are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g. names and addresses), contact details (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract content, contractual communication, and names of contact persons) and payment data (e.g. bank details, payment history).

In principle, we do not process special categories of personal data, unless these are part of a commissioned or contractual processing.

We process data that are necessary for the establishment and fulfillment of the contractual services and point out the necessity of their disclosure, if not evident, to the contractual partner. Disclosure to external persons or companies can only occur if it is within the framework of the contract. When processing the data provided to us as part of such a contract, we act in accordance with the instructions of the client, the national and international legal requirements, and our own data protection regulations.

Upon use of our online services, the IP address used and the time of the respective user action can be stored. This storage can be based on our legitimate interests as well as on the interests in our users in relation to protection against misuse and other unauthorized use. These data will not be transferred to third parties, unless it is necessary to pursue claims according to Art. 6 Paragraph 1 lit. f. GDPR or within a legal obligation according to Art. 6 Paragraph 1 lit. GDPR.

The data will be deleted when the data is no longer required to fulfill contractual or legal obligations and to deal with any warranty or comparable obligations, whereby the need to store the data is checked at irregular intervals. In addition, the statutory retention requirements apply.

Provision of our services according to the Statutes

We process the data of our members, supporters, interested parties, customers or other persons in accordance with the data protection regulations of the federal government (Data Protection Act, DSG) and the EU GDPR in accordance with Art. 6 Para. 1 lit. b. GDPR, provided that we offer contractual services or act within the scope of an existing business relationship, e.g. with members, or are ourselves recipients of services and benefits. In addition, we process the data of data subjects in accordance with Art. 6 Para. 1 lit.f. GDPR on the basis of our legitimate interests, e.g. when it comes to administrative tasks or public relations.

The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This basically includes inventory and master data of the persons (e.g., name, address, etc.), as well as the contact details (e.g., e-mail address, telephone, etc.), the contract data (e.g., services used, content communicated and information, names of contact persons) and, if we offer services or products that are subject to payment, payment data (e.g. bank details, payment history, etc.).

We delete data that is no longer required for the statutory purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we keep the data for as long as it can be relevant for business transactions and with regard to any warranty or liability obligations. The need to store the data is checked at irregular intervals. In addition, the statutory retention requirements apply.

Notice regarding data transfers to the USA (United States of America)

For the sake of completeness, we would like to point out that our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes.  We have no influence over these processing activities.

We explicitly point out this legal and factual situation to offer an appropriately informed decision to consent to the use of data.

Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained prior to any reproduction of all files. Whoever commits a copyright infringement without the consent of the respective rights holder can make himself liable to prosecution and possibly liable for damages.

General Disclaimer

All information on this website has been carefully checked. We strive to provide up-to-date information, correct and complete. Nevertheless, the occurrence of errors cannot be ruled out, which means that we cannot guarantee the completeness, correctness and topicality of the information provided, including journalistic and editorial information. Liability claims from material or immaterial damage caused by the use of the information provided are excluded, unless it can be proven that there was willful intent or gross negligence.

The publisher can change or delete texts at his own discretion and without notice and is not obliged to update the content of this website. Use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damage, such as direct, indirect, accidental, specifically to be determined in advance or consequential damage, which allegedly resulted from visiting this website and consequently assume no liability for this.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher thus explicitly distances itself from all third-party content that may be relevant under criminal or liability law or that is contrary to common decency.

Changes

We can adapt this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of a contract-agreement, we will inform the contract holder of the change, in the event of an update, by e-mail or in another suitable manner.

Questions to the Data protection officer

If you have any questions about data protection in relation to this website, please send us an e-mail listed at the beginning of this data protection declaration.

Basel, March 15, 2024

Source: SwissAnwalt