We take the privacy and security of our website visitors very seriously. On this website we show which data protection regulations apply to astrodna.ch, astro-dna.ch, astrodna.de, astro-dna.de, astrodna.us, astrodna.eu, astro-dna.eu, bazi-dna.ch, bazi-dna.de, bazi-dna.com and astro-dna.com.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws and regulations, which decides on the purposes and means of the processing of personal data, is:
Hans Peter Berchtold
Phone: +41 78 814 66 11
Legal Notice: [astro-dna.com/impressum](https://www.astro-dna.com/impressum
Scope of the processing of personal data
In principle, you can visit our website and use it for information purposes without having to provide any personal details (e.g. register or place orders or otherwise transmit information about yourself). In principle, we process your personal data only to the extent necessary to provide a functional website and our content and services.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 4 (5) DSG and Art. 6 (1) lit. a DSGVO serve as the legal basis. When processing personal data that is necessary to fulfill a contract with the data subject, Art. 4 para. 3 and 13 para. 2 lit. a DSG and Art. 6 para. 1 lit. b DSGVO serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 4 para. 3 and 13 para. 1 DSG as well as Art. 6 para. 1 lit. c DSGVO serve as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 4 Para. 3 and 13 Para. 1 DSG as well as Art. 6 Para. 1 lit. d DSGVO serve as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 4 para. 3 and 13 para. 1 DSG as well as Art. 6 para. 1 lit. f DSGVO serve as the legal basis for the processing.
Disclosure of personal data
In principle, only our employees or organizational units receive your data that require it to fulfill our contractual and legal obligations or to process or pursue our legitimate interests. However, we may also disclose your data to third parties for the provision of our services for the initiation or processing of a contractual relationship (e.g. provision of a service or sale of goods) or - depending on the nature of the specific processing situation - on the basis of our legitimate interests, and to external parties that we regularly use in connection with the provision of our service or for contract processing. This concerns the following recipients or categories of recipients:
IT service provider (e.g. email service provider, web hosting company), currently:
Heroku / Salesforce (purpose: platform-as-a-service provider)
IPregistry (purpose: geolocation of IP)
Amazon AWS (purpose: cloud computing provider)
Papertrail / Solarwinds (purpose: log management of apps, servers, and cloud services)
Rollbar (purpose: debugging, error tracking, crash reporting)
Sendinblue (Purpose: automatic mail delivery regarding registration, password reset and purchase confirmation)
Mailchimp (purpose: sending mails regarding software updates and further information)
PDFShift (purpose: PDF creation)
Payment service provider, currently:
privacy policies If we use a service provider in terms of commissioned processing according to Art. 28 DSGVO or Art. 10a DSG, we still remain responsible for the protection of your data. To the extent required by law, such processors are contractually obligated by means of a commissioned processing agreement to treat your data confidentially and to process it only in the context of providing the service. The processors commissioned by us will only receive your data to the extent that they need it to perform their respective service. Personal data is stored primarily in Switzerland and the EU, but also worldwide. In the context of our processing operations, personal data may therefore in certain situations also be transferred to locations in so-called third countries outside Switzerland and the EU or EEA, which have not yet been certified by the EU Commission as having an adequate level of data protection, for example to the USA. If this is the case, we will inform you of this. You can also find details in the section "Digital marketing tools". When transferring personal data to other countries, we ensure that the respective laws and regulations applicable to the transfer are complied with, for example, by entering into agreements to ensure that the recipients of your data maintain an adequate level of data protection (e.g., through standard contractual clauses or appropriate data protection compliance safeguards). Finally, we may share your personal data if we are legally required to do so.
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply, at the latest 10 years after termination of the contractual relationship. Storage may take place beyond this if this has been provided for in ordinances, laws or other regulations to which our company is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
Description and scope of data processing
ach time our website is called up, our system automatically collects data and information from the computer system of the calling computer (so-called "log files"). The following data is collected:
- Information about the browser type and version used
- The operating system of the user
- The user's Internet service provider and IP address
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website
- Message about successful retrieval
- Amount of data transferred
The legal basis for the temporary storage of this data is Art. 6 para. 1 lit. f DSGVO, or Art. 4 para. 3 and 13 para. 1 DSG. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
- Login information, country identifier, tracking.
The following data is stored and transmitted in the cookies we use for the technical operation of our website:
- Language settings
- Items in a shopping cart
- Login information
Digital marketing tools
We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 4 para. 3 and 13 para. 2 lit. a DSG and Art. 6 para. 1 lit. f. DSGVO) we use the following tools on our website:
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ibid (hereinafter: "Google").
Google Analytics also uses so-called "cookies". The information generated by the cookie from Google about your use of this website is usually transmitted to a Google server in the USA and stored there. Google is a participant in the EU-US / Swiss-US Privacy Shield Privacy Shield, which prescribes minimum standards for the protection of personal data of Europeans whose data is stored or processed in the USA.
We inform that this website uses Google Analytics exclusively by using the extension "anonymizeIp()". Your IP address is thus not stored in full and is shortened by Google within Switzerland and member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. The identification of the visitor to the website is excluded. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Information on data use by Google when you use websites or apps through Google partners can be found here
Google Tag Manager
Other plugins and tools
We offer you the option to register for our services with Facebook Connect, a service of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or its subsidiary Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Facebook"). An additional manual registration would therefore not be necessary. To register, you will be redirected to the Facebook page, where you can log in with your usage data. This links your Facebook profile and our service. Through the link, we automatically receive access from Facebook Inc. to the data stored in your public profile. In return, however, Facebook also receives information about the use of our services that you make use of.
We only use your name, your e-mail address and your birth data from the data you have deposited with Facebook.
Links and online presence on social networks and platforms
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
For our Facebook company page ("Fanpage") of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), this is done on the basis of an agreement on joint processing of personal data. This agreement is necessary because Facebook Inc., Menlo Park, California, USA (hereinafter: Facebook Inc.) uses so-called Page Insights on our Fanpage. Page Insights is the aggregation of data through which both we and Facebook Inc. can obtain information about how our users interact with our site. Page Insights may be based on personally identifiable information collected in connection with our users' visits to or interactions with our Site. However, we share responsibility by maintaining the Facebook Company Page and have a reporting obligation to Facebook when we receive privacy-related requests for Page Insights. Please note that we forward requests regarding page views to Facebook Ireland. For the rest, please refer to the information on the data subject rights to which you are entitled under "Data subject rights". The evaluation of the data collected via Page Insights serves to improve our website and for advertising purposes. The collection of this data is in our legitimate interest as well as in the legitimate interest of Facebook Inc. according to Art. 6 para. 1 lit. f DSGVO as well as Art. 4 para. 3 and Art.13 para. 1 DSG. We would like to point out that we cannot switch the page insights technology on and off. We must therefore forward corresponding requests to Facebook Ireland for the most part, insofar as we have not collected data ourselves. If you do not want Facebook Inc. to collect your data, we ask that you do not use our Facebook company page and/or set your browser to prevent cookies from being set and/or log out of Facebook while using our page.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Contacting (e.g. via forms, e-mail)
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 4 Para. 3 and 13 Para. 2 lit. a DSG as well as Art. 6 Para. 1 lit. b) DSGVO, insofar as contact form requests or other contacts are aimed at the conclusion of a contract. Otherwise, the processing of data in the context of contacting us is based on our legitimate interests according to Art. 4 para. 3 and 13 para. 1 DSG as well as Art. 6 para. 1 lit. f DSGVO in optimizing our processes and ensuring easy accessibility. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization on the basis of our legitimate interests pursuant to Art. 4 Para. 3 and 13 Para. 1 DSG as well as Art. 6 Para. 1 lit. f DSGVO in optimizing our operational processes. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified and no legal requirements necessitate longer storage.
We have taken appropriate technical and organizational measures to protect your personal data against loss and unauthorized access.
Rights of the data subject
Right to information
In accordance with Art. 8 DSG or Art. 15 DSGVO, you may request confirmation from us as to whether personal data relating to you is being processed by us and request information as to the extent to which we are processing your data.
Right to rectification
If personal data concerning you is incorrect or incomplete, you have the right to have it corrected and/or completed in accordance with Art. 15 DSG or Art. 16 DSGVO.
Right to deletion
If the legal requirements of Art. 15 DSG or Art. 17 DSGVO are met, you may request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will immediately and completely delete your data in order to fulfill our statutory deletion obligations after the purpose of processing has ceased to apply, insofar as no legal transaction or statutory retention period in this regard is opposed.
Right to restriction of processing
You may request us to restrict the processing of your data in the cases specified in Art. 18 DSGVO. If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of Switzerland or the European Union or a Member State.
Right to data portability
According to Art. 20 DSGVO, you have the right to have data provided by you, which we process automatically on the basis of your consent or in performance of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of objection
If we process your data on the basis of a legitimate interest within the meaning of Art. 6(1)(f) DSGVO, you may object to this data processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions (see Art. 21 DSGVO). If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing. You may object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
Right to revoke the declaration of consent under data protection law.
Some data processing operations are only possible with your express consent within the meaning of Art. 6 (1) lit. a DSGVO. You can revoke an already given consent at any time with effect for the future. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation. Please note that even after revocation of consent, processing of the data affected by it may continue to be possible in whole or in part on the basis of other legal grounds. All of the above requests in connection with this chapter should be addressed to the person responsible for the present provisions. The contact details can be found in the imprint mentioned at the beginning.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, as a European user of a website, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). For German users, a list of the locally responsible data protection officers and their contact details can be obtained from the following link: https://www.bfdi.bund.de/DE/Infothek/AnschriftenLinks/anschriftenlinks-node.html If you do not agree with our data processing, you can also report this to the Federal Data Protection and Information Commissioner ("FDPIC"), who is responsible based on our place of business in Switzerland.