- 1 Legal basis
- 2 Contact details
- 3 Legal notice
- 4 Information about data processing
We continually adapt the content of our data protection declaration to the data processing carried out. We therefore recommend that you inform yourself regularly about the current status of our data protection declaration. We will inform you if a cooperation on your part should become necessary (e.g. giving consent).
Terms and definitions
EU-GDPR = General Data Protection Regulation of the European Union.
Instead of "personal data" the term "data" is sometimes used here in abridged form.
With "data processing" all types of data handling are meant: collecting, transmitting, storing, analyzing, linking, making accessible, forwarding, etc.
1 Legal basis
With regard to data protection, we are guided by the following legal bases:
- Swiss Federal Act on Data Protection (DPA), in force since July 1, 1993.
- GeneralData Protection Regulation of the European Union (EU-GDPR), in force since 25 May 2018.
2 Contact details
2.1 Internal data protection officer
The following person is internally responsible for data protection:
Heinz Lamprecht, Marthalen (Display contact data).
2.2 Representatives in the EU
The following person established in the European Union (EU) is the contact person for the EU data protection authorities (Art. 27 EU-GDPR):
c/o Heinz Lamprecht 12699
However, if possible, please contact the above-mentioned internal data protection officer directly.
3 Legal notice
Information about your rights:
3.1 Right to information, right to publication
The section 4 below already gives you a lot of information about which user data we process and store and when we delete it. If this is not satisfactory for you, we will provide you with individual information on request as to what data we have stored about you. You also have the right to receive a copy of the personal data stored about you or to request its transmission to another provider. You can send us your request for information by letter or e-mail (show contact details). You will receive an answer as soon as possible, but no later than one month after receipt of the application (Art. 12 EU-GDPR). For data protection reasons, however, we may only make requests for personal information if the inquirer identifies himself with a copy of a valid official identity card. If we have reasonable doubts about the identity of a person seeking information, we will demand additional proof or ask control questions. We reserve the right to send this information exclusively to the contact address at which the inquirer was previously known to us. In this way, we ensure that confidential data does not reach unauthorized third parties.
3.2 Right to correction, completion or deletion or to limitation of processing
You have the right to request at any time, free of charge, the correction, completion or deletion of data that you have submitted to us or that we have collected about you (Art. 16, 17 EU-GDPR), or to restrict processing (Art. 18 EU-GDPR). You can inform us of this in writing by post or by e-mail (show contact details). We will endeavour to carry out the correction or deletion in a timely manner, insofar as this is technically possible with reasonable effort and does not violate statutory retention obligations.
In addition, the EU-GDPR requires us to notify all recipients of your data (if any) of corrections, deletions or restrictions on processing. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, you have a right to information about these recipients.
We also reserve the right not to delete certain data if it is necessary for the smooth running of our business or to avert dangers, such as the identities and activities of persons or devices that caused disruptions or attempted fraud.
3.3 Right to revoke consent at any time
You have the right to revoke your consent at any time with effect for the future (Art. 7 para. 3 EU-GDPR).
3.4 Right to appeal
Furthermore, you have a right of appeal to the competent supervisory authority if you are of the opinion that data protection regulations concerning you have been violated (Art. 77 EU-GDPR).
4 Information on data processing
Below you will find a list of all processing activities of personal data according to art. 12, 13 EU-GDPR. It contains information on the nature, scope and purpose of each individual processing activity and the legal basis which legalises that activity. This also includes all third-party components used by other providers, insofar as third parties process personal data on their own responsibility.
Relevant legal basis for data processing
Where the legal basis is not explicitly mentioned, the following applies:
Article 6(1)(a) and Article 7 EU-GDPR form the legal basis for obtaining consent.
The legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as for the answering of inquiries is Art. 6 para. 1 lit. b EU-GDPR.
The legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c EU-GDPR.
The legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f EU-GDPR.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) DSBER serves as the legal basis.
Unless otherwise stated for the recipients, the recipients of the data are only our permanent or temporary internal employees. The employees have committed themselves to confidentiality in their employment contract. If contractors work for us, they are specifically mentioned below.
4.1 Data processing by us as website operator
Your personal data will be treated carefully and confidentially and will never be passed on to other members or third parties without your express consent. This does not apply to the obligation to hand them over to the authorities on the basis of judicial decisions.
We do not use our members' information to advertise to third parties. However, advertising on our own behalf to achieve the goals of the SIGHI community of interest (e.g. appeals for donations, own products) is possible.
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage ceases to apply, the deletion of the data does not conflict with any legal storage obligations and no other information on individual processing procedures is provided below.
4.1.1 Safety measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
If we should discover that we have had data stolen, lost or fallen into the wrong hands, we will comply with our obligation to report this to the competent authority in due time and, in serious cases, to inform those affected.
4.1.2 Application form
If you use our registration form to apply for membership, we collect the personal data that you enter in the registration form and submit to us (i.e. at least the mandatory fields, see there). In addition, the IP address of your device is also transmitted, but this is not used (except to investigate cases of misuse). Transmission is encrypted (SSL encryption). This data is used for the following purposes: registration as a member; Creating invoices with your address; reliable allocation of transfers and other payments; generation of a memorable user name and password for the individual user login; delivery of e-mails (user administration and newsletter); personal form of address in correspondence.
4.1.3 Letter post
When you write us a letter, we interpret this as consent that we may respond to you promptly or at any time in the future, unless you object to this in the relevant letter. The retention of written correspondence depends on its content and the corresponding legal retention periods. Disposal / recycling of documents takes place in a safe manner.
4.1.4 Letters by E-Mail
Emails you send us will be sent to the server of our web hosting provider (see below) after you have passed through the Internet and will be downloaded from there to our local computers on our premises. The e-mails are periodically deleted from the server. On our local computers, e-mails can be archived for many years and the mailbox can be searched manually by our employees for keywords. This is important for us for research purposes and a central working instrument of our activities. One of our main tasks is to collect information about new, little-known diseases in order to better understand them and to create tools for those affected in dealing with these diseases. For example, we can obtain indications of how much feedback we have received on the tolerability of a particular food or drug and how the majority of people have assessed its tolerability. We therefore have a legitimate interest in this processing. Automatic evaluations and profiling do not take place. Your information will neither be sold nor made available to others and will not be used for spamming.
When you write us an e-mail, we interpret this as consent that we may reply to you promptly or at any time in the future, unless you object to this in the relevant e-mail.
The legal basis for such processing is Article 6(1)(b) of the EU-GDPR.
E-mails are generally considered an insecure means of transmission. It is technically possible to intercept and read them on the way. However, there are possibilities for encrypted transmission, which we use and which you can also use (e.g. settings in your mail program), and which offer somewhat more security.
4.1.5 Newsletter, year-end mail
Members automatically receive the newsletter. Anyone who has become a member after May 24 2018 will only receive the newsletter if they have expressly agreed to this when registering or at a later point in time. You can unsubscribe from the newsletter at any time by sending us a short message by e-mail. The newsletter does not contain advertising on behalf of third parties, but only information on the topic of the website, possible appeals for donations and advertising on our own behalf (to achieve our own goals) as well as administrative matters.
After your membership expires, you will continue to receive our year-end e-mail free of charge once a year. The year-end email may contain information to keep you informed of at least the most important news, and it is an easy way for you to continue or reactivate your membership, if you wish, using the enclosed invoice.
The data transmitted by you for the use of our range of goods and/or services will be processed by us for the purpose of contract processing and are required in this respect. Conclusion and processing of the contract are not possible without the provision of your data. The legal basis for processing is Art. 6 para. 1 lit. b) EU-GDPR.
If you order goods from us, they will be sent by post or parcel service or can be picked up by arrangement. When sending, we assume that you tacitly agree that we may write your postal address on the outside of the package or envelope and hand it over to the delivery service. This is necessary for the fulfilment of the contract, otherwise the delivery service would not know what to do with the shipment. In this case, the legal basis for the transfer of your data is Art. 6 para. 1 sentence 1 lit. a to c EU-GDPR.
With regard to deletion of the data after complete contract execution, we must comply with the retention periods under tax and commercial law.
Orders by e-mail
For e-mail orders, please refer to section "4.1.4 Letters by E-Mail".
Orders using the shopping basket function
Orders can also be placed and paid for immediately using PayPal's online shopping cart function. For this purpose you will be directed to a PayPal server and your personal data and bank details will not be transmitted to PayPal by us but by you.
4.1.7 Financial transactions
Account statements, bank statements and other records of incoming and outgoing payments (membership fees, purchases of goods, donations, refunds, etc.) shall be kept during the statutory retention periods and then deleted. This data is required for accounting purposes and, if necessary, for documentation purposes for the attention of the tax office or other authorities.
We back up all data listed above at regular intervals to other data carriers. Our backups are stored in several different locations, but always protected from unauthorized access, not in the cloud and without transmission via the Internet.
4.1.9 Storage and disposal of data carriers
IT devices and storage media are protected against unauthorized access. Disused data carriers are securely deleted (multiple overwrites) and physically destroyed before disposal to prevent unauthorized recovery of data.
4.2 Data processing by contractors and other third parties
4.2.1 Services used without your prior consent
Our web hosting provider and its server log files
As with every connection to a web server, the server of our webhosting provider cyon in Basel, Switzerland, logs and stores certain technical data. This data includes the IP address and operating system of your device, the date and time of access, the type of your browser and the browser request including the origin of the request (referrer). This is necessary for technical reasons to make our website available to you. cyon protects this data with technical and organizational measures against unauthorized access and does not pass it on to third parties. As far as we process personal data, we do this because of our interest to offer you the best possible user experience and to guarantee the security and stability of our systems. The legal basis for this processing is Art. 6 para. 1 lit. f) EU-GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.
Order processing contract: There is a contract for order data processing with the hosting provider cyon (Art. 28 EU-GDPR).
Server location is Basel, Switzerland. We cannot control the way data packets are sent by you or by us over the Internet. Due to the functioning of the Internet, it is technically possible that data could be routed via data lines and servers of any countries, possibly even far away countries.
Counting pixels of the Verwertungsgesellschaft WORT (VG WORT)
We use the so-called pixel-code of VG WORT of the provider INFOnline GmbH, Forum Bonn Nord, Brühler Str. 9, 53119 Bonn, in the form of the so-called SCM (Scalable Central Measurement Method). The legal basis is Art. 6 para. 1 lit. f) EU-GDPR. Our legitimate interest lies in the optimization and economic operation of our Internet presence as well as in the consideration of copyright interests with regard to the contents of our Internet presence.
The pixel-code is a graphic that is placed on our website and determines the statistical key figures. This makes it possible to calculate the copy probability of texts based on the number of hits and the concrete contents of our website. This data is collected anonymously. In order to be able to record the access numbers as well as your possibly recurring visit, either a so-called session cookie is stored on your terminal device by your Internet browser or a signature is used, which is created from various information of your Internet browser (e.g. user agent, screen resolution, etc.). However, your IP address will only be processed in anonymous form. As an individual user, you cannot be identified at any time.
If you do not agree to this processing, you have the option of preventing the storage of the cookie by setting it in your Internet browser. In addition, you have the option of terminating the SZM measurement by opting out. By confirming the link https://optout.ioam.de a cookie is stored on your device via your Internet browser, which prevents further analysis. Please note, however, that you must click the above link again if you delete the cookies stored on your end device.
4.2.2 Services used only after your explicit consent (opt-in)
By clicking on the "Search" button, you will first be taken to a page where you can select a search provider. A data protection notice informs you that the search provider is given the opportunity to track your surfing behaviour when you call up the search function. In addition to a well-known data collector (Google), alternative search providers are also available who, according to their own statements, do not collect any data. On the selection page we link to the data protection declarations of the individual search providers.
Only after you have selected a trusted provider you will be taken to a page that displays the provider's search field. The search terms you enter are sent to the search provider.
Making our website searchable with the help of external search providers is in the interest of an appealing and user-friendly presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR.
Payment service providers
On a few of our pages, YouTube videos (both our own and third-party content) can be embedded as frames. Youtube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which belongs to Google / Alphabet. However, we have programmed our pages so that each Youtube frame is only loaded after you have given your express consent. By opting out of manually loading YouTube videos, you prevent YouTube from storing cookies on your device and tracking your behavior from YouTube or advertising networks. Usually this happens immediately when you open a page with YouTube frames, even if you do not click on the video. On our pages, however, we have prevented this by means of technical programming measures.
If you access any web page with embedded YouTube video and are also logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account beforehand.
4.2.3 Services NOT used on this website
No tracking, no GoogleAnalytics
We DO NOT use GoogleAnalytics or other tracking services. Your visits to our pages are therefore NOT tracked. Neither through us nor through others. Exceptions (which are not used for tracking purposes) see above under Webhosting-Provider (server log files) and Counting pixels of VG WORT (counting the number of page views).
If you want to check which third parties can follow your surfing behavior on which pages, we recommend that you install an appropriate browser plug-in such as "Ghostery".
No Social Media Buttons and Plugins
The like buttons, plugins etc. of the various social media platforms (social networks) usually even transmit data about you and your surfing behavior to the respective provider when you enter the website, regardless of whether you are a member or not. Therefore we do NOT use any of these elements which are problematic under data protection law.
We do use fonts from Google (GoogleFonts). However, we host these directly on our server, so that no data transfer takes place between our server and the Google servers when you visit our pages. This way, Google will NOT know which pages you visit.
No external web design agency
We program and design our websites ourselves. We procure and manage our hardware and software ourselves. We do not need to give external web programmers, IT supporters or other service providers access to our customer data.
No external accounting
4.2.4 Data protection with external links
The site contains links to external websites. We have no influence on their content. We cannot check which data protection principles apply to external links. You may have to ask for these yourself.
On our pages we try to make it easier for you to recognize external links by coloring them differently to the internal links pointing to our own pages.