Privacy policy

Thank you for visiting our website pastadesign.art and for your interest in our company.

The protection of your personal data, such as date of birth, name, telephone number, address, etc., is important to us.

The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our site. Our data protection practices are in accordance with the legal regulations of the Swiss Federal Act on Data Protection (FADP) and the EU’s General Data Protection Regulation (GDPR). The following data protection declaration serves to fulfil the information obligations arising from the FADP and the GDPR. These can be found, for example, in Art. 8 ff. FADP as well as Art. 13 ff. of the GDPR.

Owner or responsible person

The owner or controller within the meaning of Art. 3 letter i FADP or Art. 4 No. 7 GDPR is the person who alone or jointly with others decides on the purposes and means of the processing of personal data. The controller pursuant to Art. 4 No. 7 GDPR is also the recipient of the personal data within the meaning of Art. 4 No. 9 GDPR. Any third party recipient is identified separately.

With regard to our website, the owner or responsible person is:

Urs Bratschi PASTADesign.art
Winkelgasse 8
4310 Rheinfelden
Switzerland
E-mail: urs@pastadesign.art
Tel: +41 61 833 03 53

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.) used to access it.

What personal data is collected and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the retrieval device;
(3) Host name of the accessing computer;
(4) The IP address of the retrieval device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Message whether the retrieval was successful;
(9) Amount of data transmitted

This data is stored in the log files of our system. This data is not stored together with the personal data of a specific user, so that individual site visitors cannot be identified.

Legal basis for the processing of personal data

Personal data is processed in accordance with the principle of legality (Art. 4 FADP) and the principle of good faith (Art. 2 CC) and Art. 6 para. 1 lit. f GDPR (legitimate interest).

Purpose of data processing

The temporary (automated) storage of data is necessary for the course of a website visit in order to enable delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.

Possibility of objection and deletion

You can object to the processing at any time in accordance with Article 21 of the GDPR and request deletion of the data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them in the lower section of this privacy policy.

Special functions of the website

Our site offers you various functions, during the use of which personal data is collected, processed and stored by us. We explain below what happens to this data:

Order form

  • What personal data is collected and to what extent is it processed? The data you enter in the form fields, such as address, surname, first name, etc., will be processed by us to fulfil the purpose stated below.
  • Legal basis for the processing of personal data Personal data is processed in accordance with the principle of legality (Art. 4 FADP) and the principle of good faith (Art. 2 CC) as well as Art. 6 para. 1 lit. b GDPR (implementation of (pre)contractual measures).
  • Purpose of data processing The purpose of the data processing is to process your order so that we can fulfil or initiate the contract concluded with you.
  • Duration of storage The data is deleted as soon as it is no longer required for processing the order and there are no longer any legal storage obligations. As a rule, the legislator provides for a retention obligation of 10 years.
  • Possibility of objection and deletion You can object to the processing at any time in accordance with Article 21 of the GDPR and request deletion of the data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them in the lower section of this privacy policy.
  • Necessity of providing personal data The information in the order form is necessary for the conclusion of a contract. If you do not fill in the mandatory fields or do not fill them in completely, the order you have requested cannot be carried out.

Disclosure of information to third parties

Personal data is processed in accordance with the principle of legality (Art. 4 FADP) and the principle of good faith (Art. 2 CC).

The disclosure of information to third parties depends on the scope of the activities or offers of our website or our business model described below.

As a matter of principle, we only keep your information for as long as necessary and treat it confidentially. Exceptions to this are the transfer of personal data to debt collection service providers, to public bodies and authorities and to private individuals, who have a right to it due to legal regulations, court decisions or official orders as well as the transfer to authorities for the purpose of initiating legal proceedings or for law enforcement purposes if our legally protected rights are attacked.

Integration of external web services and processing of data outside the EU

On our website, we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. This may involve the processing of data outside of Switzerland and the EU. You can prevent this by installing an appropriate browser plug-in or deactivating the execution of scripts in your browser. This may result in functional restrictions on Internet pages that you visit.

We use the following external web services:

  • WordPress We use on our site the service WordPress of the company Automattic Inc., 60 29th Street #343, CA 94110 San Francisco, United States, e-mail: help@wordpress.com, website: https://automattic.com/. Your personal data will be transferred to so-called unsafe third countries. In doing so, we have obligated the partners involved with suitable bases to comply with data protection laws applicable in Switzerland (usually EU standard contractual clauses) in accordance with Art. 6 para. 2 let. a FADP. You have given your consent to this or there is a direct connection between the state and the conclusion of the contract. The transfer of personal data also takes place to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer. The legal basis for the transmission of personal data is our legitimate interest in processing pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below. WordPress is the technical system behind our website that runs our WordPress website. We need the integration so that we can show you our website and edit content. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000CbqcAAC. With regard to the processing, you have the right of objection listed in Art. 21 GDPR. You can find more information at the end of this privacy policy. For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://automattic.com/privacy/.

Data security and data protection, communication by e-mail

Your personal data is protected by technical and organisational measures during collection, storage and processing so that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

Duration of data storage and rights of the data subject

Duration of storage

We store personal data only to the extent and for as long as necessary to fulfil the purposes for which the personal data was collected, we have a legitimate overriding interest in retaining the data or are legally obliged to do so.

Right to information

You have the right to request confirmation as to whether we are processing personal data about you. If this is the case, you have the right to information on the data specified in 8 ff. FADP or Art. 15 para. 1 GDPR, insofar as the information cannot be refused, restricted or postponed by the owner of the data collection (cf. Art. 9 f. FADP or Art. 15 para. 4 GDPR). We will also be happy to provide you with a copy of the data.

Right of rectification

In accordance with Art. 5 Para. 2 of the FADP or Art. 16 of the GDPR, you have the right to have any incorrect personal data stored with us (e.g. address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately.

Right to erasure

Pursuant to Article 17 (1) of the GDPR, you have the right to have us delete the personal data we have collected about you if

  • the data is either no longer required;
  • the legal basis for processing has ceased to exist without replacement due to the revocation of your consent;
  • there are no longer any legitimate reasons for processing the data;
  • Your data is being processed unlawfully;
  • a legal obligation requires this.

Pursuant to Article 17 (3) of the GDPR, this right does not exist if

  • the processing is necessary for the exercise of the right to freedom of expression and information;
  • Your data has been collected on the basis of a legal obligation;
  • processing is necessary for reasons of public interest;
  • the data is necessary for the assertion, exercise or defence of legal claims.

Right to restrict processing

According to Art. 18 (1) GDPR, you have the right to request the restriction of the processing of your personal data in individual cases.

This is the case when

  • the accuracy of the personal data is disputed by you;
  • the processing is unlawful and you do not consent to its deletion;
  • the data is no longer required for the purpose of processing, but the collected data is used for the assertion, exercise or defence of legal claims;
  • an objection to the processing has been lodged pursuant to Art. 21 (1) GDPR and it is still unclear which interests prevail.

Right of withdrawal

If you have given us express consent to process your personal data (Art. 4 para. 5 FADP and Art. 13 para. 2 let. a FADP; Art. 6 para. 1 let. a GDPR or Art. 9 para. 2 let. a GDPR), you may revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this. Information for which we are legally obliged to retain data will be deleted after expiry of the retention period.

Right to object

Pursuant to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you that has been collected on the basis of Art. 6 para. 1 lit. f GDPR (in the context of a legitimate interest). If you have given us express consent to process your personal data (Art. 4 para. 5 FADP and Art. 13 para. 2 let. a FADP), you may revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this. You only have this right if there are special circumstances that speak against the storage and processing. Information for which we are legally obliged to store data will be deleted after expiry of the retention period.

How do you exercise your rights?

You can exercise your rights at any time by contacting us using the contact details below:

Urs Bratschi PASTADesign.art
Winkelgasse 8
4310 Rheinfelden
Switzerland
E-mail: urs@pastadesign.art
Tel: +41 61 833 03 53

Right to data portability

Pursuant to Article 20 of the GDPR, you have a right to the transfer of personal data relating to you. We will provide the data in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.

We will provide you with the following data upon request:

  • Data collected on the basis of consent (Art. 13 para. 1 FADP as well as Art. 6 para. 1 let. a GDPR);
  • Data that we have received from you in the context of existing contracts (Art. 13 para. 2 let. a FADP as well as Art. 6 para. 1 let. b GDPR and Art. 9 para. 2 let. a GDPR);
  • Data that has been processed as part of an automated procedure.

We will transfer the personal data directly to a responsible person of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that interferes with the overriding interests of third parties, or only to a limited extent, in accordance with Article 9 (1) b of the FADP and Article 20 (4) of the GDPR.

Notifications to the FDPIC and possibility to file a complaint

Pursuant to Art. 29 FADP, data subjects have a right of appeal to a competent supervisory authority for data protection. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

For further information, please consult the contact form of the FDPIC: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

If you suspect that your data is being processed illegally on our website, you can seek clarification of the issue in court in accordance with Art. 15 FADP. As a rule, a lawsuit in accordance with Art. 28 ff. CC should be sought. If you are affected by the processing of data by federal bodies, the procedure is in accordance with Art. 25 FADP. In this case, you can also contact the FDPIC (see the reference to the contact form above).

Right of appeal to the supervisory authority pursuant to Art. 77 para. 1 GDPR

If you suspect that your data is being processed illegally on our site, you can of course have the issue clarified by the courts at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Article 77 (1) of the GDPR. The right of appeal pursuant to Art. 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.