Data Protection Policy

The controller within the meaning of data protection legislation, in particular the EU General Data Protection Regulation (GDPR), is:

International Boarding School Disentis/Mustér + Winterthur AG
Via Claustra 1
7180 Disentis

E-Mail: info@sbsdz.ch
Website: : https://sbs-disentis-zurich.ch

General information

Based on Art. 13 of the Swiss Federal Constitution and the data protection regulations of the federal government (Federal Act on Data Protection, FADP), every person has the right to privacy in their private life and to be protected against the misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with data protection laws and this Privacy Policy.

In cooperation with our hosting providers, we endeavour to the best of our ability to protect the databases against external attack, loss, misuse and falsification.

Please note that security vulnerabilities may arise when transmitting data over the internet (e.g. email communication). It is not possible to completely protect data against third-party access.

By using this website, you consent to the collection, processing and use of data as described below. In general, this website can be visited without registration. Data is stored on the server for statistical purposes, such as pages viewed, names of files accessed, and the date and time, without this data linked directly to you personally. Personal data, such as names, addresses and email addresses, is collected on a voluntary basis to the extent possible. No data is transferred to third parties without your consent.

Processing of personal data

Personal data means any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing consists of all handling of personal data, regardless of the means and methods used, in particular the retention, disclosure, acquisition, erasure, storage, modification, destruction and use of personal data.

We process personal data in compliance with Swiss data protection law. Moreover, if and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal basis in the context of Art. 6 para. 1 GDPR:

  • Consent (Art. 6 para. 1.1a GDPR) – the data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and requests prior to entering into a contract (Art. 6 para. 1.1b GDPR) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1.1c GDPR) – processing is necessary in order to comply with a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 para. 1.1d GDPR) – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests (Art. 6 para. 1.1f GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data.
  • Application process as a pre-contractual or contractual relationship (Art. 9 para. 2b GDPR) – if, within the context of the application process, applicants are asked to provide special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. data concerning health, such as a severe disability, or ethnic origin), this data is processed in accordance with Art. 9 para. 2b GDPR for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject arising from employment and social security and social protection law, in accordance with Art. 9 para. 2c GDPR to protect the vital interests of the applicant or other persons, or in accordance with Art. 9 para. 2h GDPR for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, for medical diagnosis, care or treatment in the health or social care sector, or for the administration of health or social care systems and services. If special categories of data are communicated based on voluntary consent, these are processed on the basis of Art. 9 para. 2a GDPR.

We process personal data for the period required for the respective purpose(s). If we are legally or otherwise obliged to retain this data for longer, we restrict the processing accordingly.

Security measures

We take appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with statutory provisions, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, and the risks of varying likelihood for and the extent of the threat to the rights and freedoms of natural persons posed by the processing.

In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, and access, input, transfer, assurance of availability and segregation of the data. We have also established processes to ensure the exercise of data subjects’ rights, the erasure of data and responses to data compromise. Furthermore, we take into account the protection of personal data in the development and selection of hardware, software and processes in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Transfer of personal data

In the context of our processing of personal data, the data may be transferred or disclosed to other entities, companies, legally independent organisational units or persons. For example, the recipients of this data might include providers contracted to perform IT services or suppliers of services or content embedded in a website. In such instances, we comply with legal provisions and in particular conclude with the recipients of your data the appropriate contracts and agreements that serve to protect the data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU) and European Economic Area (EEA)) or if processing is carried out within the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this only takes place in compliance with legal requirements.

Subject to explicit consent or a transfer required by contract or law, we only process data in third countries if they have an adequate level of data protection, on the basis of a contractual obligation through the EU Commission’s Standard Contractual Clauses, or if certifications or binding corporate rules are in place (Arts. 44-49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Privacy policy for cookies

This website uses cookies. Cookies are text files that contain data from visited websites or domains, and are stored by a browser on the user’s computer. Cookies are primarily used to store information about a user during or after their visit to a website. The information stored may include, for example, the language settings on a website, login status, a shopping cart or where a video was viewed. We also include in the term cookies other technology that performs the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as ‘user IDs’).

We differentiate between the following cookie types and functions:

  • Temporary cookies (also session cookies): Temporary cookies are deleted at the latest after a user has left a website and closed their browser.
  • Permanent cookies: Permanent cookies remain stored after the browser is closed. For example, the login status can be saved or preferred content can be displayed immediately when the user returns to a website. Similarly, the interests of users used to measure reach or for marketing purposes can be stored in such cookies.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies: Third-party cookies are mainly used by advertisers (third parties) to process user information.
  • Necessary (also essential) cookies: Cookies may be essential to the operation of a website (e.g. to store logins or other user input or for security reasons).
  • Statistics, marketing and personalisation cookies: Furthermore, cookies are generally also used in the context of reach measurement and if a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. For example, such profiles are used to display content to users that matches their potential interests. This process is also known as ‘tracking’, i.e. following the potential interests of users. To the extent that we use cookies or tracking technologies, we inform you of this separately in our Privacy Policy or when obtaining your consent.

Notes on the legal basis: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If we do and you consent to the use of cookies, your declared consent is the legal basis for the processing of your data. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the economic operation and improvement of our website) or, if the use of cookies is necessary, in order to fulfil our contractual obligations.

Duration of storage: If we do not provide you with explicit information on the duration of storage of permanent cookies (e.g. in the context of a cookie opt-in), please assume that the duration of storage may be up to two years.

General withdrawal and objection information (opt-out): Depending on whether the processing is based on consent or permission under law, you have at all times the option to withdraw consent given or to object to the processing of your data using cookie technology (collectively referred to as an ‘opt-out’). You can initially declare your objection using your browser settings, e.g. by disabling cookies (which may also restrict the functionality of our website). You can also opt out of cookies for the purposes of online marketing by means of numerous services, particularly in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further information on how to opt out in the context of the information on the service providers and cookies used.

Processing of cookie data on the basis of consent: We use a cookie consent management process in which user consent to the use of cookies or to the processing and providers mentioned in the cookie consent management process can be obtained and managed and revoked by users. The declaration of consent is stored, so it does not have to be requested again and so that evidence of consent can be provided in accordance with legal obligations. This may be stored on a server and/or in a cookie (an ‘opt-in’ cookie or using comparable technology) so that the consent can be assigned to a user or their device. Subject to individual details on the providers of cookie management services, the following information applies: consent may be stored for up to two years. A pseudonymous user identifier is created for this and stored with the time of consent, information on the scope of consent (e.g. the categories of cookies and/or service providers) and the browser, system and device used.

  • Types of data processed: usage data (e.g. pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: users (e.g. website visitors, users of online services).
  • Legal basis: consent (Art. 6 para. 1.1a GDPR), legitimate interests (Art. 6 para 1.1.f).

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transfer of confidential content, such as requests that you send to us as the website operator. You can recognise an encrypted connection in your browser address line when it changes from http:// to https:// and the lock icon is displayed.

If SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Privacy policy for contact form

If you submit queries to us via the contact form, we save your information, including the contact details you provide, for the purpose of processing your query and in the event of follow-up queries. This data is not shared without your consent.

Use of Google Maps

This website uses Google Maps. This allows us to display interactive maps directly on the website and gives you the convenient option of using the map function. When you visit the website, Google is informed that you have accessed the corresponding page on our website. This takes place regardless of whether Google provides a user account to which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish to have this data assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. In particular, such analysis takes place (even for users who are not logged in) in order to render appropriate advertising and inform other users of the social network about your activities on our website. You have the right to object to the generation of these user profiles; please contact Google if you wish to exercise this right. Further information on the purpose and scope of data collection and processing by Google, and other information on your related rights and setting options for protecting your privacy, is available at: www.google.de/intl/de/policies/privacy.

Google Ads

This website uses Google conversion tracking. If you reach our website via an ad placed by Google, Google Ads sets a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages on our website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page. Each Google Ads customer is given a different cookie. Therefore, cookies cannot be tracked across the websites of Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers that have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this – such as by means of a browser setting that generally disables the automatic setting of cookies or by configuring your browser so that cookies from the googleleadservices.com domain are blocked.

Please note that you should not delete the opt-out cookies if you do not want measurement data to be recorded. If you clear all cookies from your browser, you will have to set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the Remarketing feature provided by Google Inc. This feature serves to present website visitors within Google’s advertising network with ads based on their interests. A cookie is stored in the website visitor’s browser that enables recognition of the visitor if they visit websites that are part of Google’s advertising network. Ads relating to content that the visitor has previously viewed on websites that use Google’s Remarketing feature can be shown to the visitor on these pages.

Google has stated that it does not collect any personal data during this process. However, if you would still prefer not to use Google’s Remarketing feature, it can be disabled by configuring the relevant settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising via the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

Use of Google reCAPTCHA

This website uses the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland, ‘Google’). The purpose of the query is to distinguish whether the input is made by a person or by automated machine processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. Your input is transmitted to Google and used there for this purpose. However, your IP address is truncated in advance by Google within European Union member states and other states party to the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the US and truncated there in exceptional cases. On behalf of the operator of this website, Google uses this information to analyse your use of this service. The IP address transmitted by your browser within the scope of reCAPTCHA is not aggregated with other Google data. Your data may also be transferred to the US for this. An adequacy decision has been adopted by the European Commission for data transfers to the US (‘Privacy Shield’). Google participates in the Privacy Shield and has committed to its requirements. By clicking on the query, you consent to the processing of your data. The processing is based on Art. 6 para. 1a GDPR with your consent. You have the right to withdraw your consent at any time without this affecting the lawfulness of the processing conducted based on the consent until your withdrawal thereof.

Further information on Google reCAPTCHA and the related privacy policy can be found at: https://policies.google.com/privacy?hl=de

Privacy policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for the data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics’ data processing takes place through Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as ‘Google’.

The statistics obtained help us to improve our site and make it more interesting to users. This website also uses Google Analytics for cross-device analysis of visitor traffic via the User-ID feature. If you have a Google user account, you can disable cross-device analysis of your usage in the settings under ‘My data’, ‘Personal data’.

Art. 6 para. 1.1f GDPR forms the legal basis for the use of Google Analytics. The IP address transmitted by your browser within the scope of Google Analytics is not aggregated with other Google data. Please note that this website uses Google Analytics with the code extension ‘_anonymizeIp();’ in order to ensure the anonymised collection of IP addresses. This allows IP addresses to be truncated for further processing in order that data cannot be linked to individuals. If the data collected concerning you contains information that may identify you personally, such a link is excluded immediately and the personal data deleted.

Full IP addresses are only transmitted to a Google server in the US and truncated there in exceptional cases. On behalf of the operator of this website, Google uses this information to analyse your use of the website, to compile reports on the website activity and to provide other services relating to use of the website and internet usage for the website operator. For the exceptional cases in which personal data is transferred to the US, Google has signed up to the EU/US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the US. You can prevent storage of cookies by adjusting your browser software appropriately; however, please note that you may not then have full use of all the features of this website. You may also prevent transmission and processing by Google of data generated by the cookie based on your use of the website (including your IP address) by downloading and installing the browser plug-in available via the following link: disable Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: disable Google Analytics. This sets what is known as an opt-out cookie on your data carrier that prevents the processing of personal data by Google Analytics. Please note that clearing all cookies on your device will also delete these opt-out cookies. In other words, you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. Opt-out cookies are set per browser and computer/device. Therefore, they must be activated separately for each browser, computer and other device.

Privacy policy for the use of Google web fonts

This website uses web fonts provided by Google to display fonts uniformly. When you access a website, your browser loads the required web fonts to your browser cache in order to display text and fonts correctly. If your browser does not support web fonts, your computer’s standard font is used.

Further information on Google web fonts is available at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/

Google Tag Manager

Google Tag Manager is a solution with which we manage what are known as website tags via an interface; for example, to integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal user data. With respect to the processing of personal user data, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Privacy Policy for Facebook

This website uses features of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, US. When you visit our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is transferred to Facebook as part of this. If you have a Facebook account, this data may then be linked to this account. If you do not wish to have this data assigned to your Facebook account, then please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a Like or Share button, are also passed on to Facebook. Find out more at https://de-de.facebook.com/about/privacy.

Privacy Policy for Instagram

Features of the Instagram service are integrated into our website. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, US. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to our pages with your user account. Please note that as the provider of the pages, we are not made aware of the content of the transmitted data or its use by Instagram.

You will find further information on this in the Instagram Privacy Policy: http://instagram.com/about/legal/privacy/

Privacy Policy for LinkedIn

We use the marketing services of the LinkedIn social network provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (‘LinkedIn’) within our online offering.

These use cookies, i.e. text files that are stored on your computer. This allows us to analyse your use of the website; for example, we can measure the success of our ads and show users products in which they previously displayed an interest.

As a result, information is collected on the operating system, browser, website you previously visited (referrer URL), which websites users look for, which offers users click, and date and time of your visit to our website.

The information generated by the cookie about your use of this website is transmitted in a pseudonymised form to and stored on a LinkedIn server in the US. Therefore, LinkedIn does not store the name or email address of the user. Rather, the above-mentioned data is simply assigned to the person for whom the cookie was generated. This does not apply if the user has given LinkedIn permission to process without pseudonymisation or has a LinkedIn account.

You can prevent storage of cookies by adjusting your browser software appropriately; however, please note that you may not then have full use of all of the features of this website. You can also opt out of the use of your data directly on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyse and improve use of our website. The statistics obtained help us to improve our site and make it more interesting to users. All LinkedIn companies have accepted the standard contractual clauses in order to ensure the lawful transfer of data to the US and Singapore required for the development, performance and maintenance of services. Provided we ask users for consent, the legal basis for the processing is Art. 6 para. 1a GDPR. Otherwise, Art. 6 para. 1.1f GDPR forms the legal basis for use of LinkedIn Analytics.

Third-party provider information: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; User Agreement and Privacy Policy.

Newsletter – MailChimp

The newsletter is sent via the mailing service provider MailChimp, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The mailing service provider’s privacy policy can be viewed here. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with the European level of data protection (Privacy Shield). The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1f GDPR and a commissioned processing contract pursuant to Art. 28 para. 3.1 GDPR.

The mailing service provider may use recipients’ data in a pseudonymised form, i.e. without association with any user, to optimise or improve its own services, e.g. to technically optimise the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to share the data with third parties.

Privacy Policy for YouTube

Features of the YouTube service are integrated into this website. YouTube belongs to Google Ireland Limited, a company incorporated and operated under Irish law with a registered office in Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.

Your legal agreement with YouTube consists of the terms and conditions to be found at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These terms form a legally binding agreement between you and YouTube with respect to use of the services. The Google Privacy Policy explains how YouTube processes your personal data and protects it when you use the service.

Order processing in the online shop with a customer account

We process the data of our customers in accordance with the federal data protection regulations (FADP) and EU GDPR in the context of the order processes in our online shop in order to enable our customers to choose and order the selected products and services and for the payment and delivery or performance thereof.

The data processed includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing, which include our customers, interested parties and other business partners. The processing is performed for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer services. We use session cookies to store the content of the shopping cart and permanent cookies to store the login status.

The processing is based on Art. 6 paras. 1b (performance of order processes) and 1c (legally required archiving) GDPR. The information marked as necessary is required to establish and fulfil the contract. We only disclose the data to third parties in the context of delivery and payment or if permitted or obliged to do so by law. The data is only processed in third countries if this is necessary for contract performance (e.g. at the customer’s request for delivery or payment).

Users have the option of creating a user account that they can use to view their orders in particular. The required mandatory information is communicated to users during registration. The user accounts are not public and cannot be indexed by search engines such as Google. If users have closed their user account, their data is erased in respect of the user account unless it must be retained under commercial or tax law in accordance with Art. 6 para. 1c GDPR. Information in the customer account remains until it is erased with subsequent archiving in the event of a legal obligation. In the case of a termination, users are responsible for back-up of their data before the end of the contract.

As part of registration and renewed logins and the use of our online services, we store the IP address and time of the respective user action. These are stored based on our legitimate interests and those of the user in protection against misuse and other unauthorised usage. As a general rule, this data is not passed on to third parties except where this is necessary to pursue our claims or if there is a legal obligation to do so pursuant to Art. 6 para. 1c GDPR.

The data is erased after statutory warranty and similar obligations have expired; the necessity to retain the data is reviewed at irregular intervals. In the event of statutory archiving obligations, the data is erased after these expire.

Information on data transfers to the US

Tools from companies based in the US and elsewhere are integrated into our website. When these tools are enabled, your personal data may be transferred to the US servers of the respective companies. Please note that the US is not considered a safe third country within the meaning of EU data protection law. US companies are obligated to release personal data to security authorities without you as the data subject able to take legal action to prevent this. The possibility cannot therefore be excluded that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Copyright

Copyright and all other rights to content, images, photos and other files on the website belong exclusively to the operator of this website or the named rights holders. The copyright holder’s prior written consent must be obtained in order to reproduce any files.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly for damages.

General disclaimer

All the information on our website has been checked carefully. We endeavour to ensure that the information we provide is up-to-date, accurate and complete. Nevertheless, it is not possible to completely exclude errors. Accordingly, we cannot guarantee that the information, including that of a journalistic and editorial nature, is complete, correct or current. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless it can be proven that there was wilful misconduct or gross negligence.

At its own discretion and without notice, the publisher may amend or delete texts and is not obliged to update the content of this website. Use of and access to this website is at the visitor’s own risk. The publisher, its clients and its partners are not responsible for damage, such as direct, indirect or accidental damage, damage specifically to be determined in advance or follow-on damage, allegedly caused by visits to this website and therefore assume no liability for this.

Similarly, the publisher assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of these linked sites are solely responsible for their content. The publisher therefore expressly distances itself from all third-party content that may be relevant under criminal or liability law or contrary to accepted principles of morality.

Amendments

We may amend this Privacy Policy at any time without prior notice. The current version published on our website is valid. If the Privacy Policy is part of an agreement with you, we will inform you in the event of an update of the change via email or other suitable means.

Questions to the Data Protection Officer

If you have questions in relation to data protection, please send us an email or directly contact the person responsible for data protection in our organisation named at the top of the Privacy Policy.