Privacy Policy

3. General Principles

3.1 What data do we collect from you and from whom do we receive this data?

Primarily, we process personal data that you provide to us or that we collect during the operation of our website. In some cases, we may also receive personal data about you from third parties. These may include the following categories:

• Personal master data (name, address, date of birth, etc.);
• Contact data (mobile number, email address, etc.);
• Financial data (e.g., account information);
• Online identifiers (e.g., cookie IDs, IP addresses);
• Location and traffic data;
• Audio and visual recordings;
• Special categories of data (e.g., biometric data or health-related information).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes defined in this privacy policy. We ensure transparent and proportionate data processing.

In exceptional cases where we are unable to adhere to these principles, data processing may still be lawful if a justification exists. Possible justifications include:

• Your consent;
• Performance of a contract or pre-contractual measures;
• Our legitimate interests, provided your interests do not override them.

3.3 How can you revoke your consent?

If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have another legal basis.

You can revoke your consent at any time by sending an email to the address provided in the imprint. Data processing that has already occurred remains unaffected.

3.4 In what cases can we share your data with third parties?

a. General Principle

We may rely on third parties or affiliated companies to provide services and process your data on our behalf (so-called data processors). Categories of recipients include:

• Accounting, fiduciary, and auditing firms;
• Consulting firms (legal advice, tax advice, etc.);
• IT service providers (web hosting, support, cloud services, website design, etc.);
• Payment service providers;
• Providers of tracking, conversion, and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection requirements and handle your personal data confidentially.

In certain cases, we may also be required to disclose your personal data to authorities.

b. Visiting our Social Media Channels

We may embed links to our social media channels on our website. These are clearly identifiable (typically through corresponding icons). By clicking on these icons, you will be redirected to our social media channels.

The social media providers will, in this case, know that you are accessing their platform from our website. These providers may use the collected data for their own purposes. Please note that we do not have knowledge of the content of the data transmitted or its use by the operators.

c. Data Transfers Abroad

In the course of processing, your personal data may be transferred to companies located abroad. These companies are obligated to protect your data to the same extent as we are. Data transfers may occur worldwide.

If the level of data protection does not meet Swiss standards, we conduct a prior risk assessment and contractually ensure the same level of protection as guaranteed in Switzerland (e.g., through the EU Commission’s new standard contractual clauses or other legally required measures). If our risk assessment is negative, we implement additional technical measures to protect your data. You can access the EU Commission’s standard contractual clauses at the following link: https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en

3.5 How long do we retain your data?

We store personal data only as long as necessary to fulfill the specific purposes for which it was collected.

Data collected during your visit to our website is retained for twelve months. An exception applies to analytics and tracking data, which may be retained for longer.

We retain contractual data for longer periods due to legal obligations. Specifically, we are required to retain business communications, contracts, and accounting records for up to 10 years. If such data is no longer needed for service delivery, it will be restricted and used only for accounting and tax purposes.

3.6 How do we protect your data?

We store your data securely and take all reasonable measures to protect it from loss, access, misuse, or alteration.

Our contractors and employees who have access to your data are obligated to comply with data protection laws. In some cases, it may be necessary to forward your inquiries to affiliated companies. Even in such cases, your data will be handled confidentially.

Within our website, we use SSL (Secure Socket Layer) technology in conjunction with the highest encryption level supported by your browser.

3.7 What rights do you have?

a. Right to Information

You can request information at any time about the data we have stored about you. Please send your request for information along with proof of identity to the email address mentioned above.

• You have given your consent for the processing of this data; or
• You have provided data in connection with the conclusion or execution of a contract.

We may restrict or deny the disclosure or release of data if this conflicts with our legal obligations, our legitimate own or public interests, or the interests of a third party.

The processing of your request is subject to the statutory processing period of 30 days. However, we may extend this period due to high request volumes, legal or technical reasons, or because we require additional information from you. You will be informed of the extension in a timely manner, at least in text form.

b. Deletion and Correction

You have the option to request the deletion or correction of your data at any time. We may reject the request if legal provisions require us to retain the data for a longer period or unchanged, or if there is a legal basis preventing your request.

Please note that exercising your rights may conflict with contractual agreements and could affect contract execution (e.g., early termination of the contract or resulting costs).

c. Legal Remedies

If you are affected by the processing of personal data, you have the right to enforce your rights in court or submit a complaint to the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

3.8 Changes to the Privacy Policy

We may change this privacy policy at any time. The changes will be published on our website, and you will not be notified separately.

4. Individual Data Processing Operations

4.1 Providing the Website and Creating Logfiles

What Information Do We Collect and How Do We Use It?

By visiting our website, certain data is automatically stored on our servers or on servers of services and products that we use and/or have installed for purposes of system administration, statistical analysis, security, or tracking. This data includes:

• The name of your Internet service provider;
• Your IP address (if applicable);
• The version of your browser software;
• The operating system of the computer accessing the URL;
• The date and time of access;
• The website from which you accessed the URL;
• The search terms you used to find the URL.

Why Are We Allowed to Process This Data?

This data cannot be assigned to a specific person, and there is no combination of this data with other data sources. The storage of logfiles is carried out to ensure the functionality of the website and to maintain the security of our information technology systems. This constitutes our legitimate interest.

How Can You Prevent Data Collection?

The data is only stored for as long as necessary to achieve the purpose of its collection. Accordingly, the data is deleted at the end of each session. The storage of logfiles is mandatory for the operation of the website; therefore, you have no option to object.

4.2 Webflow

We use services from Webflow on our website, a web design tool and hosting service provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow enables us to create and host an appealing and user-friendly design for our website.

By visiting our website hosted via Webflow, various data may be collected, including your IP address, date and time of access, browser type, operating system, as well as information about the pages and content you access. This data is mainly used for statistical purposes and to optimize the user experience.

Webflow may set cookies on your device to store your preferences and interactions with our website. This serves to facilitate navigation and ensure a consistent user experience.

The main purpose of data processing through Webflow is to provide and optimize our website to present you with relevant content in an appealing design.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: EU & Swiss Privacy Policy | Webflow 105.

Order Processing

We have concluded a data processing agreement (DPA) with the provider mentioned above. This is a contract required under data protection law that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

BrainBox Generators