Privacy Policy

Last updated on: April 22, 2024

We attach great importance to ensuring that the handling of personal data is transparent. This privacy policy provides information about what personal data we collect, for what purpose and to whom we share it. In order to ensure a high level of transparency, this data protection declaration is regularly checked and updated.

1. Which services we use

• Google Fonts API
• YouTube

2. Contact information

If you have any questions or concerns about protecting your data through us, please contact us by email at any time​​​​​​​​​​​​​​​​​​​​​​​​​​​1maw)rkn/usu7.kp3ocj&hel2r@u2oua3t-s&ofx6tha.e-l'bou'x.m4chb . Responsible for the data processing carried out via this website is :

Out of the Box GmbH
Längackerweg 22b
3048 Worblaufen
Switzerland 

Person responsible for data protection:
Markus Kocher
1maw)rkn/usu7.kp3ocj&hel2r@u2oua3t-s&ofx6tha.e-l'bou'x.m4chb
+41 (0)79 251 16 61

3. General principles

3.1 What data do we collect from you and from whom do we receive this data

We primarily process personal data that you provide to us or that we collect when operating our website. We may also receive personal information about you from third parties. These can be the following categories:

• Personal master data (name, address, dates of birth, etc.);
• Contact details (mobile phone number, email address, etc.);
• Financial data (e.g. account details);
• Online identifiers (e.g. cookie identifiers, IP addresses);
• location and traffic data;
• sound and image recordings;
• particularly sensitive data (e.g. biometric data or information about your health).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this data protection declaration. We ensure that processing is transparent and proportionate.

If, in exceptional cases, we are unable to follow these principles, the data processing may still be lawful because there is a justification. The following can be considered as justification:

• your consent;
• the implementation of a contract or pre-contractual measures;
• our legitimate interests, unless your interests outweigh them.

3.3 How can you revoke your consent?

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have other justification.

You have the option to revoke your consent at any time by sending an email to the address given in the legal notice. Data processing that has already taken place is not affected by this.

3.4 In what cases can we pass on your data to third parties?

a. principle

We may be dependent on using the services of third parties or affiliated companies and commissioning them to process your data (so-called processors). Categories of recipients are:

• accounting, fiduciary and auditing companies;
• Consulting companies (legal advice, taxes, etc.);
• IT service providers (web hosting, support, cloud services, website design, etc.);
• payment service providers;
• Provider of tracking, conversion and advertising services.

We ensure that these third parties and our affiliates comply with data protection requirements and treat your personal data confidentially.

Under certain circumstances we are also obliged to disclose your personal data to authorities.

b. Visit our social media channels

We may have embedded links to our social media channels on our website. This is clear to you in each case (typically via corresponding symbols). If you click on the symbols, you will be redirected to our social media channels.

In this case, the social media providers learn that you are accessing their platform from our website. The social media providers can use the data collected in this way for their own purposes. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the operators.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are committed to data protection to the same extent as we are. The transfer can take place worldwide.

If the level of data protection does not correspond to that of Switzerland, we carry out a prior risk assessment and contractually ensure that the same protection as in Switzerland is guaranteed (e.g. by means of the EU Commission's new standard contractual clauses or other legally required measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link. https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de

3.5 How long do we keep your data?

We only retain personal information for as long as necessary to fulfill the individual purposes for which the information was collected.

Data that we store when you visit our website will be retained for twelve months. An exception applies to analysis and tracking data, which can be retained for longer periods.

We store contract data for longer because we are obliged to do so by legal regulations. In particular, we must store business communications, concluded contracts and booking documents for up to 10 years. If we no longer need such data from you to carry out the services, the data will be blocked and we will only use it for accounting and tax purposes.

3.6 How do we protect your data?

We will keep your information secure and take all reasonable measures to protect your information from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases it will be necessary for us to pass on your requests to companies affiliated with us. Even in these cases, your data will be treated confidentially.

Within our website we use the SSL process (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser.

3.7 What rights do you have?

a. right of providing information

You can request information about the data we have stored about you at any time. We ask you to send your request for information together with proof of identity to m ar ku s . ko ch er @o ut -o ft he -b ox .ch . You also have the right to receive your data in a common file format if we process your data automatically and if:
 

• you have given your consent for the processing of this data; or
• You have disclosed data in connection with the conclusion or processing of a contract.

We may restrict or refuse to provide information or data release if this conflicts with our legal obligations, legitimate own or public interests or the interests of a third party.

The processing of your application is subject to the statutory processing period of 30 days. However, we may extend this deadline due to a high volume of inquiries, for legal or technical reasons or because we need further information from you. You will be informed about the extension of the deadline in a timely manner, at least in text form.

b. Deletion and correction

You have the option to request the deletion or correction of your data at any time. We can reject the request if legal regulations require us to store it for a longer period of time or without changes or if there is a permit that conflicts with your request.

Please note that exercising your rights may, under certain circumstances, conflict with contractual agreements and have corresponding effects on the execution of the contract (e.g. early termination of the contract or cost consequences).

c. Legal recourse

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to submit a report to the responsible supervisory authority. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

3.8 Changes to the privacy policy

We may change this privacy policy at any time. The changes will be published on , you will not be informed about them separately.

4. Individual data processing operations

4.1 Providing the website and creating log files

What information do we receive and how do we use it?

By visiting, certain data will be automatically stored on our servers or on servers of services and products that we purchase and/or have installed for system administration purposes, for statistical or backup purposes or for tracking purposes. It is about:

• the name of your internet service provider;
• your IP address (under certain circumstances);
• the version of your browser software;
• the operating system of the computer used to access the URL;
• the date and time of access;
• the website from which you are visiting URL;
• the search words you used to find the URL.

Why are we allowed to process this data?

This data cannot be assigned to a specific person and this data is not merged with other data sources. The log files are stored to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.

How can you prevent data collection?

The data will only be stored for as long as is necessary to achieve the purpose of your collection. Accordingly, the data will be deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website, so you have no opportunity to object to this.

4.2 Google Fonts API

On our website we use the Google Fonts API, a service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"), to integrate fonts. By integrating these fonts, your browser will establish a connection to Google's servers when you access our website in order to download the fonts and display them correctly.

Through this connection, data, in particular your IP address and information about the browser you use, can be transmitted to Google and stored on Google servers. These servers may be located in the United States or other countries.

If you would like to prevent the transfer of data as part of the Google Fonts API, you can block access to the fonts.googleapis.com domain in your browser settings. Please note that in this case our website may not display correctly.

4.3 YouTube

Our website includes videos from YouTube, a platform owned by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). When you view the videos or click on the play button, data, including your IP address and information about the browser you use, is transmitted to Google servers and stored there. This data is used to deliver the video, monitor performance and improve the user experience.

If you are logged in to your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

BrainBox generators

BrainBox Generators is a service from BrainBox Solutions GmbH to identify all data protection-relevant services on a website and, among other things, to help with the creation of the data protection declaration. No personal data is collected or processed.