Privacy policy and cookie guidelines

A. Responsible person

The entity responsible for processing personal data, and therefore the controller under this privacy policy, is db pottery studio GmbH, Schiffbaustrasse 9a, 8005 Zurich, Switzerland ("db pottery studio"). Our data protection officer can be contacted at the aforementioned postal address or by email at denise@db-pottery.ch or by phone at +41 76 274 40 70 can be achieved.

B. Personal data and terms

Personal data is information relating to an identified or identifiable natural person, such as name, address, telephone number, email address, date of birth, etc. ("personal data").

Any handling of personal data, regardless of the means and procedures used, in particular the collection, procurement, storage, use, processing, disclosure, archiving or deletion of data, is considered processing («processing» or «processed»).

A data subject is any natural person whose personal data is processed («data subject»).

The controller is any private individual or federal body that, alone or jointly with others, decides on the purpose and means of processing ("controller").

A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller («data processor»).

C. Procurement of personal data

Some of your personal data is provided to us by you or the individuals concerned by making it available to us, using our services, or contacting us by email, telephone, or in person. This includes, for example, name, contact details, date of birth, professional and business functions, financial situation, images, other data related to the business relationship (e.g., personal data in correspondence, contracts), medical certificates, etc. We also process personal data that we receive from job applicants. We may also collect personal data ourselves, for example, when you or the company you work for uses our services, or when we obtain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, press, internet, media, social media) (e.g., information from media and the internet, credit reports, your addresses, and, where applicable, interests and other socio-demographic data). Furthermore, we may obtain data from other companies (including those within our corporate group), from public authorities and other third parties (credit reference agencies, address brokers), or from your network, or when you use our website (see section J). We collect the aforementioned data for the purposes stated in section D, unless otherwise indicated.

If you have given us your consent to process your personal data for specific purposes (for example, when you subscribe to receive newsletters), we will process your personal data within the given framework and based on this consent. Where necessary, we may also base the processing of personal data on other legal grounds. These include the performance of a contract, the implementation of pre-contractual measures, or the protection of other legitimate interests (see section D).

If you are acting on behalf of a third party or providing us with information about a third party, you declare that you are an authorized representative or agent of that third party and/or that you have obtained all necessary consents from that third party to collect, process, use and disclose their personal data to us or by us in accordance with the provisions of this privacy policy.

D. Purpose of processing and categories of personal data processed for this purpose

We use the personal data mentioned under point C in particular to fulfill the purposes of our organization, to provide our services, to initiate and process agreements with our members/customers and business partners, and to comply with our legal obligations. If you work for our members/customers or business partners, your personal data may also be affected in this capacity.

Furthermore, we process personal data from you and other persons, insofar as this is permissible and appears appropriate to us, also for the following purposes (the personal data to be processed for the respective purpose are shown in parentheses):

• Provision and further development of our offers, services, websites, apps and other platforms on which we are present; (name, contact details, data related to the business relationship [e.g. personal data in correspondence, contracts], data from public sources [including information from media and the internet], data from other companies, authorities, other third parties; data we receive from their environment or through the use of our website, socio-demographic data
• Communication with third parties and processing their inquiries (e.g., applications, media inquiries); (name, contact details, data from application documents and interviews, data related to the business relationship [e.g., personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet])
• Customer acquisition; (name, contact details, data relating to the business relationship [e.g. personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data we receive from your environment or through the use of our website, socio-demographic data)
• Credit or solvency checks; (name, contact details, data relating to the business relationship [e.g. personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data that we receive from your environment or through the use of our website,
• Advertising and marketing (including the organization of events), unless you have objected to the use of your data; (name, contact details, professional and business functions, data relating to the business relationship [e.g., personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data we receive from your environment or through the use of our website, socio-demographic data, pictures and videos of you)
• Market and opinion research, media monitoring; (name, contact details, data relating to the business relationship [e.g. personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data we receive from your environment or through the use of our website, socio-demographic data,
• Assertion of legal claims and defense in connection with legal disputes and official proceedings; (name, contact details, data relating to the business relationship [e.g. personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data that we receive from your environment or through the use of our website,
• Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention); (name, contact details, data related to the business relationship [e.g., personal data in correspondence, contracts], data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data we receive from your environment or through the use of our website,
• Guarantees of our operations, in particular our IT systems, websites, apps and other platforms; (name, contact details, data from publicly accessible sources [including information from media and the internet], data from other companies, authorities, other third parties; data that we receive from your environment or through the use of our website,
• Purchase and sale of business units, companies or parts of companies and other corporate transactions, and the associated transfer of personal data. (Name, contact details, date of birth, professional and business functions, financial situation, data relating to the business relationship [e.g., personal data in correspondence, contracts], data from companies, authorities, and other third parties;

E. Profiling

We may process personal data partially automatically for the purpose of evaluating certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice about products. For this purpose, we use analytical tools that enable us to tailor our communication and advertising, including market and opinion research, to your needs.

Automated processing can also be used for verification purposes, such as checking the address or creditworthiness of the individuals concerned. This allows us to ensure that we are using correct address data and to assess the risk of non-payment for our products and services. We generally do not use fully automated decision-making for establishing and conducting business relationships or for any other purpose. Should we use such procedures in individual cases, we will inform you separately, provided this is required by law, and explain your related rights.

F. Duration of storage

Unless a specific retention period is stated during data collection or in this privacy policy, we process and store personal data until it is no longer required to fulfill the purpose for which it was collected, unless statutory retention obligations (e.g., commercial and tax law retention obligations) prevent its deletion. It is possible that personal data may also be retained for the period during which claims can be asserted and to the extent that we are otherwise legally obligated to do so or legitimate business interests require it (e.g., for evidentiary and documentation purposes).

G. Rights of the data subject

You can withdraw your consent at any time, but this will not affect any data processing that has already taken place. Furthermore, depending on the circumstances and applicable data protection law, you have, in particular, the right to access, rectification, erasure, or restriction of processing of your personal data, the right to object to processing, and the right to data portability. Please note that exercising these rights may conflict with contractual agreements and could have consequences such as early termination of the contract or additional costs. We will inform you in advance in such cases, unless this is already contractually regulated. We are also entitled to assert the legally permissible limitations on your data subject rights, for example, if we are obligated to retain or process certain data, have an overriding legitimate interest in doing so, or require it for the establishment, exercise, or defense of legal claims.

Furthermore, every data subject has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority, provided that applicable data protection legislation grants such a right. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Regarding your rights, as well as any further questions, suggestions and comments on the subject of data protection, please contact the person responsible for data protection using the contact details mentioned above (see section A).

H. Security

We protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction through appropriate measures. To this end, we implement suitable technical and organizational measures. However, we cannot guarantee absolute data security.

Unless otherwise agreed, we accept no liability for violations of these safety regulations unless they are intentional or grossly negligent.

I. Data transmission

As part of our business activities, we disclose personal data to third parties, to the extent permitted and deemed appropriate, either because they process data on our behalf or because they use the data for their own purposes. This applies in particular to the following entities:

• Our service providers (e.g. banks, insurance companies), including data processors (such as newsletter, cloud or IT providers);
• Dealers, suppliers, subcontractors and other business partners;
• members or customers;
• domestic and foreign authorities, offices or courts;
• Media;
• The public, including visitors to websites and social media;
• Competitors, industry organizations, associations, organizations and other bodies;
• Acquirers or prospective acquirers of business units, companies or other parts of the corporate group;
• other parties in potential or actual legal proceedings;
• Other companies in the group.

In this context, your personal data may be stored in Switzerland, as well as in other European countries and the USA [and in all countries worldwide], where our service providers (such as Google) are located. If personal data is processed outside of Switzerland or the European Economic Area, we take the steps required by applicable data protection law to ensure that your personal data is treated as securely and protected as it would be in Switzerland or within the European Economic Area, unless we can rely on an exception. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interest, when contract performance requires such disclosure, or if you have given your consent.

J. Data processing through use of the website

During your visit to the website, general information is automatically collected (e.g., date of your visit, time zone, type of web browser and its settings, version and language, your IP address, MAC address of the device (e.g., computer or mobile phone), the operating system used, content accessed, and the domain name of your internet service provider, geolocation data). We use this data for the purposes stated in section D, in particular for marketing and administrative purposes, as well as to ensure the functionality of the website. This data is also necessary to correctly provide and optimize the website content, to guarantee the long-term functionality of our IT systems and the website, and to provide law enforcement authorities with the information they need for prosecution in the event of a cyberattack. You can individually deactivate or activate some services on our website under […].

1. SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://".

2. Server log files

The provider of this website automatically collects and stores information in so-called "server log files," which your browser automatically transmits to us. This includes, in particular, the information listed under point J at the beginning.

[General note: Depending on the type of use and the applicability of EU law, the website visitor's consent is required for the use of cookies and other services as listed below. This must be checked in each individual case.]

3. Use of cookies

3.1 Definition

Cookies are small files that are stored on your device when you use our website.

3.2 Necessary and non-necessary cookies

Necessary cookies are files that are sent to your computer's hard drive via your browser to ensure the website functions correctly and to allow us to offer you certain features. They do not require the consent of website users.

We use non-essential cookies to collect information about website visits. We also use non-essential cookies to improve the website's user-friendliness, for example, to ensure shopping cart functionality, tailor our offerings to customer preferences, and make your browsing experience as comfortable as possible. We also use cookies to optimize our advertising. Depending on applicable law, non-essential cookies may require the consent of website users.

3.3 Session cookies and persistent cookies

So-called "session cookies" are automatically deleted after your visit ends. For example, we can use session cookies to save your shopping cart, previously completed online forms, or language settings across different pages of a single browsing session. We also use persistent cookies. These remain stored on your device after you close your browser unless you delete them. On subsequent visits to our website, your preferred settings and entries are automatically recognized. Depending on the type of cookie, these cookies remain stored on your device for a specific period (e.g., two years) and are automatically deactivated after the programmed time has elapsed. They help make our website more user-friendly, efficient, and secure. Thanks to these cookies, you will, for example, see information on the site that is specifically tailored to your interests.

3.4 Enabling, disabling and deleting cookies

All web browsers offer the option to enable, disable, or delete cookies by configuring the browser settings or options accordingly. If cookies are completely or partially disabled or deleted, some website functions may no longer be available.

3.5 Cookies and personal data

The cookies we use generally do not store personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g., if you have a user account with us or these providers) can be linked to the technical data or information stored in and obtained from cookies, and thus potentially to you personally.

4. pixel

We sometimes include visible and invisible image elements on our website, in our newsletters, and in other marketing emails, where permitted. By retrieving these elements from our servers, we can determine if and when you have opened the website or email. This allows us to measure and better understand how you use our offers and tailor them to your needs. You can block this in your email program.

5. Web analytics services

We use analytics services from HubSpot and Sourcebuster on our websites. These services are provided by third parties, which may be located in Switzerland or another country. In this case, the service provider is HubSpot platform, based in the USA. [Data processed by HubSpot platform and Sourcebuster may be processed in any country in the world]. If you have registered with the service provider yourself, the service provider may also know you. The processing of your personal data by the service provider is then the responsibility of the service provider and is governed by its privacy policy. The service provider only informs us how our respective website is used (no information about you personally).

6. Integration of Google services

On our website, we use services from Google: Tag Manager, Google Analytics, and Google Ads. The relevant Google company is based in Ireland. Google Ireland relies on Google LLC (based in the USA) as a data processor (both referred to as "Google"). Although we assume that the data Google retrieves and stores when you use our website is not personal data, it is possible that Google could use this data, in conjunction with data it has collected itself, to draw conclusions about the identity of visitors and link this data to their Google accounts. If you have registered with Google, Google may also be able to recognize you. Google's processing of your personal data is then its responsibility and is governed by its privacy policy. For further information on data protection (in particular, the scope, nature, and purpose of data processing), please refer to Google's privacy policy.

When using Google Analytics, we can measure and analyze website usage (in a non-personally identifiable way). This involves the use of persistent cookies, which are set by Google itself. For Google Analytics, we have configured the service so that the IP addresses of visitors in Europe are shortened by Google before any potential transfer to the USA, thus preventing them from being traced back to the user. We have deactivated the "Data Sharing" and "Signals" settings. Google only informs us how our respective website is used (no information about you personally).

7. Links to other websites

This website contains links to other websites. We have no control over whether their operators comply with applicable data protection regulations. We exclude all responsibility or liability for third-party websites accessible via these links.

8. Social media plugins and presence

• Plugins

Our website contains social media plugins from social networks such as Facebook, TikTok, and Instagram. These are generally embedded in the website as graphic files. We have configured these elements so that they are deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and can use this information for their own purposes. The processing of your personal data then takes place under the responsibility of that operator in accordance with their privacy policy. We do not receive any information about you from them.

For further information on data protection (in particular regarding the scope, type, and purpose of data processing), please refer to the privacy policies of the individual social media providers. There you will also find further information on your rights and settings options to protect your privacy.

By logging out of your social network pages beforehand and deleting any cookies that have been set (see section 3.4 above), you can prevent third-party providers from collecting information about you during your visit.

• presence

We may maintain online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you interact with us through our online presence (e.g., when you communicate with us, comment on our content, or visit our page). At the same time, the platforms analyze your use of our online presences and link this data with other data they already have about you (e.g., your behavior and preferences). They also process this data for their own purposes under their own responsibility, particularly for marketing purposes and to manage their platforms (e.g., which content they display to you).

We may redistribute content you publish yourself (e.g., comments) (e.g., in our advertising on the platform or elsewhere). We or the platform operators may also delete or restrict content from or about you in accordance with the terms of service (e.g., inappropriate comments).

For further information on the data processing practices of the platform operators, please refer to the platforms' privacy policies. There you will also find information on which countries they process your data in, what rights you have to access, delete, and other data subject rights, and how you can exercise these rights or obtain further information. We currently use the following platforms:

Facebook (https://www.facebook.com/)

TikTok (https://www.tiktok.com/)

Instagram (https://www.instagram.com/)

K. Final Provisions

This privacy policy is not part of any contract with you. We reserve the right to amend this privacy policy at any time and without prior notice. The current version published on our website applies. It is therefore recommended that you consult this privacy policy regularly. In addition to this privacy policy, we may inform you separately about the processing of your data, for example, through further separate privacy policies concerning specific relationships (e.g., customer/member or applicant relationship).