Privacy policy
This Privacy Policy informs you about the processing of personal data in connection with our activities and operations, including our lignatur.ch website. We provide information on the purposes, methods, and locations of our data processing activities. Additionally, we inform you about the rights of individuals whose data we process.
For specific or additional activities and operations, additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply.
We are subject to Swiss data protection law and, if applicable, foreign data protection law such as the General Data Protection Regulation (GDPR) of the European Union (EU). The European Commission acknowledges that Swiss data protection law provides adequate data protection.
1. Contact Addresses
Responsibility for the processing of personal data:
Michael Rammo
Lignatur AG
Herisauerstrasse 30, 9104 Waldstatt, Switzerland
Email
We will indicate if there are other responsible parties for the processing of personal data in individual cases.
1.1 Data Protection Officer or Privacy Advisor
We have the following data protection officer or privacy advisor as a point of contact for data subjects and authorities in relation to data protection inquiries:
Michael Rammo
Lignatur AG
Herisauerstrasse 30, 9104 Waldstatt, Switzerland
Email
1.2 Data Protection Representative in the European Economic Area (EEA)
We have the following data protection representative in accordance with Article 27 GDPR:
M. Rammo
Fürstenstrasse 24, 82467 Garmisch-Partenkirchen, Germany
Email
The data protection representative serves as an additional point of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) in matters related to the GDPR.
2. Definitions and Legal Basis
2.1 Definitions
Personal data means any information relating to an identified or identifiable natural person. An data subject is a person about whom we process personal data.
Processing includes any operation performed on personal data, regardless of the means and methods used, such as collecting, comparing, adapting, archiving, storing, extracting, disclosing, obtaining, capturing, recording, deleting, revealing, organizing, managing, altering, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, including the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
- Article 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for carrying out pre-contractual measures.
- Article 6(1)(f) GDPR for the necessary processing of personal data to pursue the legitimate interests of us or third parties, except where such interests are overridden by the fundamental rights and freedoms of the data subject. Legitimate interests include our interest in conducting our activities and operations permanently, user-friendly, safely, and reliably, and in communicating about them, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
- Article 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of Member States in the European Economic Area (EEA).
- Article 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Article 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Article 6(1)(d) GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or of another natural person.
3. Type, Scope, and Purpose
We process necessary personal data to be able to conduct our activities and operations permanently, user-friendly, safely, and reliably. Such personal data may include categories such as inventory and contact data, browser and device data, content data, metadata, and usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose or purposes, or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.
We may engage third parties to process personal data on our behalf. We may process or share personal data with third parties. These third parties may include specialized providers whose services we utilize. We ensure data protection even when working with such third parties.
We generally process personal data only with the consent of the data subjects. We may, however, refrain from obtaining consent if processing is permissible for other legal reasons. For instance, we may process personal data without consent to fulfill a contract, meet legal obligations, or safeguard overriding interests.
In this context, we process particularly the information voluntarily provided by data subjects when they contact us—such as through postal mail, email, instant messaging, contact forms, social media, or telephone—or when they register for a user account. We may store such information in an address book or similar tools. When we receive data about other individuals from data subjects, the transmitting individuals are responsible for data protection vis-à-vis these individuals and ensuring the accuracy of such personal data.
Furthermore, we process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the course of our activities and operations, provided that such processing is permissible under legal grounds.
4. Job Applications
We process personal data about job applicants to the extent necessary to assess suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data primarily stems from the information provided, such as in the context of job advertisements. We also process personal data that job applicants voluntarily provide or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
We process – to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about job applicants in particular according to Article 9(2)(b) GDPR.
5. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may export or transfer personal data to other countries, particularly for processing purposes.
We may export personal data to all countries and territories on Earth as well as beyond in the Universe where local law, according to the Swiss Federal Council's decision, ensures adequate data protection and – to the extent that the General Data Protection Regulation (GDPR) is applicable – where the European Commission's decision ensures adequate data protection.
We may transmit personal data to countries where local law does not guarantee adequate data protection, if data protection is otherwise ensured, especially based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are fulfilled, such as explicit consent of data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we will be glad to provide data subjects with information about any guarantees or provide copies of such guarantees.
6. Rights of Data Subjects
6.1 Data Protection Rights
We grant data subjects all rights according to applicable data protection laws. Data subjects particularly have the following rights:
- Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data it concerns. Data subjects also receive the necessary information to assert their data protection rights and ensure transparency. This includes the processed personal data itself, as well as information about the purpose of processing, the duration of retention, potential disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Data subjects can correct incorrect personal data, complete incomplete data, and request the restriction of processing.
- Deletion and Objection: Data subjects can request the deletion of personal data ("right to be forgotten") and object to the processing of their data for the future.
- Data Disclosure and Data Portability: Data subjects can request the disclosure of personal data or the transfer of their data to another responsible party.
We may delay, limit, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any prerequisites for exercising their data protection rights. For instance, we may fully or partially refuse to provide information due to trade secrets or to protect other individuals. Similarly, we may fully or partially refuse to delete personal data based on legal retention obligations.
We may exceptionally require costs for the exercise of these rights. We will inform data subjects in advance of any potential costs.
We are obligated to identify data subjects who request information or exercise other rights using appropriate measures within a legally permissible framework. Data subjects are required to cooperate.
6.2 Right to Lodge a Complaint
Data subjects have the right to enforce their data protection rights through legal action or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private responsible parties and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Data subjects have the right – to the extent that the General Data Protection Regulation (GDPR) is applicable – to lodge a complaint with a competent European data protection supervisory authority.
7. Data Security
We implement appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured through transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is subject – like generally any digital communication – to mass surveillance without cause or suspicion, as well as other monitoring by law enforcement agencies in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence agencies, police authorities, and other security agencies.
8. Website Usage
8.1 Cookies
We may use cookies. With cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – we refer to data stored in the browser. Such stored data need not be limited to traditional text-based cookies.
Cookies can be stored in the browser as «session cookies" or for a specific period as so-called permanent cookies. «Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies allow, among other things, recognizing a browser during the next visit to our website, thereby measuring the reach of our website. However, permanent cookies can also be used for online marketing.
Cookies can be disabled or deleted completely or partially in the browser settings at any time. Without cookies, our website may no longer be fully available. We request – at least as necessary – explicit consent for the use of cookies.
For cookies used for success and reach measurement or advertising, many services offer a general opt-out option through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We may record the following information for every access to our website, provided they are transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, internet protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transmitted data volume, last accessed website in the same browser window (referer).
We store such information, which may also represent personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably, as well as to ensure data security, particularly the protection of personal data—also by third parties or with the assistance of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website, also referred to as web beacons. In the context of tracking pixels – including those of third parties whose services we use – these are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as in server log files.
8.4 Comments
We allow you to post comments on our website. In this context, we process the information that a commenting individual transmits to us, as well as the used internet protocol (IP) address, date, and time. This information is necessary to enable the publication of comments and ensure protection against abuse, which is in our predominant legitimate interest.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (T&Cs), usage terms, as well as privacy policies and other provisions of the respective operators of such platforms also apply. These provisions particularly inform individuals directly about their rights towards the respective platform, including the right to access information.
10. Third-Party Services
We use services provided by specialized third parties to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed features and content into our website. Due to technical requirements, the used services collect at least temporarily the internet protocol (IP) addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes performance or usage data to offer the respective service.
We particularly use:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General privacy information: «Privacy and Safety Principles», Privacy Policy, «Google is committed to compliance with applicable privacy laws", «Guide to Privacy in Google Products", «How we use data from websites or apps that use our services" (Google's statements), «Types of cookies used by Google and other technologies», «Personalized Advertising» (Enable / Disable / Settings).
- Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General privacy information: «Privacy at Microsoft», «Privacy and Trust Center», Privacy Statement, Privacy Dashboard (Data and Privacy Settings).
10.1 Digital Infrastructure
We use services provided by specialized third parties to be able to use the necessary digital infrastructure in connection with our activities and operations. This includes hosting and storage services from selected providers.
We particularly use:
- TYPO3 Association: Hosting and CMS system; Providers: TYPO3 — the Professional, Flexible Content Management System for users including in Europe; Privacy information: Privacy Policy
- Virtualtec AG: Hosting provider: Virtualtec AG (Switzerland), Privacy Policy
10.2 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. For example, we can hold virtual meetings or conduct online classes and webinars. In addition to the participation in audio and video conferences, the legal texts of the respective services such as privacy policies and terms of use apply.
Depending on the situation, we recommend muting the microphone by default and blurring the background or using a virtual background when participating in audio or video conferences.
We particularly use:
- Microsoft Teams: Platform for audio and video conferences; Provider: Microsoft; Teams-specific information: «Privacy and Microsoft Teams».
- Skype: Audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; Privacy information: «Legalities with Skype», «Privacy and Security».
- Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, «Privacy at Zoom», «Compliance Center».
10.3 Mapping Material
We use third-party services to embed maps into our website.
We particularly use:
- Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: «How Google uses location information».
10.4 Digital Audio and Video Content
We use services provided by specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We particularly use:
- YouTube: Video platform; Provider: Google; YouTube-specific information: «Privacy and Security Center», «My Data on YouTube».
10.5 Documents
We use services provided by third parties to embed documents into our website. These documents can include forms, PDF files, presentations, spreadsheets, and text documents. With these services, we can enable not only viewing but also editing or commenting on such documents.
We particularly use:
- Google Docs: Documents as well as forms, presentations, and spreadsheets; Provider: Google; Google Docs-specific information: «Privacy in Google Docs, Google Sheets, and Google Slides».
- Microsoft 365 (also Microsoft Office 365): Text documents as well as forms, presentations, and spreadsheets; Provider: Microsoft; Microsoft 365-specific information: «Privacy and Security with Microsoft 365».
10.6 Fonts
We use services provided by third parties to embed selected fonts as well as icons, logos, and symbols into our website.
We particularly use:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: «Privacy and Google Fonts», «Privacy and Data Collection».
10.7 Advertising
We use the possibility to display targeted advertising for our activities and operations through third parties such as social media platforms and search engines.
With such advertising, we aim to reach individuals who are already interested in our activities and operations or could potentially be interested (remarketing and targeting). For this purpose, we can transmit corresponding information, possibly including personal data, to third parties that enable such advertising. We can also determine whether our advertising is successful, meaning whether it leads to visits to our website (conversion tracking).
Third parties where we advertise and where you as a user are logged in can associate the use of our online offering with your profile there.
11. Website Extensions
We use extensions for our website to utilize additional functions.
We particularly use:
- EWWW Image Optimizer: Image optimization; Provider: Exactly WWW LLC (USA); Privacy information: Privacy Policy.
- Google reCAPTCHA: Spam protection (distinguishing between desired human comments and undesired bot comments and spam); Provider: Google; Google reCAPTCHA-specific information: «What is reCAPTCHA?».
12. Success and Reach Measurement
We aim to determine how our online offering is used. In this context, we can measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also experiment and compare how different parts or versions of our online offering are used («A/B test» method). Based on the results of the success and reach measurement, we can fix errors, strengthen popular content, or make improvements to our online offering.
For success and reach measurement, the internet protocol (IP) addresses of individual users are usually stored. In this case, IP addresses are generally truncated («IP masking») to follow the principle of data minimization through pseudonymization.
Cookies may be used for success and reach measurement, and user profiles may be created. Any created user profiles may include visited individual pages or viewed content on our website, information about the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles created are pseudonymized and not used to identify individual users. Certain third-party services where users are logged in may associate the use of our online offering with the user account or profile at that respective service.
We particularly use:
- Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (cross-device tracking) as well as with pseudonymized internet protocol (IP) addresses, which are exceptionally transmitted in full to Google in the USA, «Privacy», «Browser add-on to deactivate Google Analytics».
- Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: «Data collected with Google Tag Manager»; further privacy information can be found with the individual integrated and managed services.
- Matomo: Success and reach measurement; Provider: Matomo (free open-source software); Privacy information: Used on our own server infrastructure with pseudonymized internet protocol (IP) addresses, «List of all Matomo features».
13. Final Provisions
We have adapted or supplemented some of the information in this data protection declaration ourselves.
We reserve the right to adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, especially through the publication of the current privacy policy on our website.