Privacy Policy

With this Privacy Policy, we inform you about which personal data we process in connection with our activities and operations, including our mdg.studio website. In particular, we explain what personal data we process, for what purpose, how, and where. We also inform you about the rights of persons whose data we process.

For individual or additional activities and operations, further privacy policies as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Terms of Participation may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, in particular that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures an adequate level of data protection.

1. Contact details

Responsibility for the processing of personal data:

Multimedia Dynamic Group Sagl
Via Luigi Canonica 4
CH-6900 Lugano
Switzerland

info@mdg.studio

We will indicate if, in individual cases, other parties are responsible for processing personal data.

2. Definitions and legal bases

2.1 Definitions

Personal data means any information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.

Processing includes any handling of personal data, regardless of the means and procedures used, for example querying, comparing, adapting, archiving, retaining, reading, disclosing, obtaining, recording, collecting, deleting, revealing, arranging, organising, storing, altering, disseminating, linking, destroying and using personal data.

The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:

• Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
• Art. 6(1)(f) GDPR for the processing of personal data necessary to safeguard our legitimate interests or those of third parties, provided that the fundamental freedoms and fundamental rights and interests of the data subject do not prevail. Legitimate interests include, in particular, our interest in being able to carry out our activities and operations on a sustainable, user-friendly, secure and reliable basis and to communicate about them, ensuring information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
• Art. 6(1)(c) GDPR for the processing of personal data necessary to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
• Art. 6(1)(a) GDPR for the processing of personal data based on the data subject’s consent.
• Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.

3. Nature, scope and purpose

We process the personal data that is necessary to be able to carry out our activities and operations on a sustainable, user-friendly, secure and reliable basis. Such personal data may, in particular, fall into the categories of master data and contact data, browser and device data, content data, metadata and peripheral data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration required for the respective purpose or purposes, or as required by law. Personal data whose processing is no longer necessary is anonymised or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers whose services we use. We ensure data protection also with such third parties.

As a rule, we process personal data only with the consent of the data subjects. If and to the extent that processing is permitted on other legal grounds, we may refrain from obtaining consent. For example, we may process personal data without consent in order to perform a contract, comply with legal obligations or safeguard overriding interests.

In this context, we process in particular information that a data subject voluntarily provides to us when making contact – for example by post, email, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book or using comparable tools. If we receive data about other persons, the transmitting persons are obliged to ensure data protection vis-a-vis those persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of carrying out our activities and operations, insofar and to the extent that such processing is legally permissible.

4. Personal data abroad

As a rule, we process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for processing there or to have it processed there.

We may export personal data to all countries and territories on Earth and elsewhere in the universe, provided that the law in that jurisdiction ensures adequate data protection pursuant to a decision of the Swiss Federal Council and – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – adequate data protection pursuant to a decision of the European Commission.

We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is ensured on other grounds, in particular on the basis of standard data protection clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will be happy to provide data subjects with information about any safeguards or provide a copy of any safeguards.

5. Rights of data subjects

5.1 Data protection rights

We grant data subjects all rights under applicable data protection law. In particular, data subjects have the following rights:

• Right of access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is concerned. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data as such and, among other things, information on the purpose of processing, the retention period, any disclosure or export of data to other countries and the origin of the personal data.
• Rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed and the processing of their data restricted.
• Erasure and objection: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data release and data portability: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict or refuse the exercise of the rights of data subjects within the legally permissible scope. We may inform data subjects of any requirements to be met for the exercise of their data protection rights. For example, we may refuse to provide information in whole or in part by referring to business secrets or the protection of other persons. For example, we may also refuse to erase personal data in whole or in part by referring to statutory retention obligations.

We may, exceptionally, provide for costs for the exercise of rights. We will inform data subjects in advance of any costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.

5.2 Right to lodge a complaint

Data subjects have the right to enforce their data protection rights in court or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects also have the right to lodge a complaint with a competent European data protection supervisory authority.

6. Data security

We take appropriate technical and organisational measures to ensure a level of data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is provided by transport encryption (SSL / TLS, in particular Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communication is subject – like in principle any digital communication – to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities and other security agencies.

7. Use of the website

7.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies may be stored temporarily in the browser as “session cookies” or for a certain period as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage period. Cookies enable, in particular, recognising a browser on the next visit to our website and thus, for example, measuring the reach of our website. Persistent cookies may, however, also be used for online marketing, for example.

Cookies can be disabled and deleted in whole or in part at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively request – at least insofar and to the extent required – explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server log files

For each access to our website, we may record the following information, insofar as it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific sub-page accessed on our website including amount of data transferred, and the last webpage accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website on a sustainable, user-friendly and reliable basis and to ensure data security and thus, in particular, the protection of personal data – also by third parties or with the help of third parties.

7.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are small, usually invisible images that are automatically retrieved when our website is visited. Tracking pixels can collect the same information as server log files.

8. Notifications and communications

We send notifications and communications by email and via other communication channels such as instant messaging or SMS.

8.1 Success and reach measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of use for success and reach measurement in order to be able to send notifications and communications effectively and in a user-friendly, secure and reliable manner on a sustainable basis, based on the needs and reading habits of the recipients.

8.2 Consent and objection

As a rule, you must explicitly consent to the use of your email address and your other contact details, unless the use is permitted on other legal grounds. Where possible, we use the “double opt-in” procedure for any consent, i.e. you will receive an email with a web link that you must click to confirm, so that misuse by unauthorised third parties can be prevented. We may log such consents including Internet Protocol (IP) address as well as date and time for evidentiary and security reasons.

As a rule, you may object to receiving notifications and communications such as newsletters at any time. By objecting, you may also object to the statistical recording of use for success and reach measurement. This does not affect required notifications and communications in connection with our activities and operations.

8.3 Service providers for notifications and communications

We send notifications and communications with the help of specialised service providers.

In particular, we use:

• Mailchimp: communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); privacy information: Privacy Policy (Intuit) including “Country and Region-Specific Terms”, “Frequently Asked Questions about Mailchimp Privacy”, “Mailchimp and European Data Transfers”, “Security”, Cookie Policy, “Privacy Rights Requests”, “Legal”.

9. Social media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC), terms of use and privacy policies as well as other provisions of the respective operators of such platforms also apply. These provisions provide information, in particular, about the rights of data subjects directly vis-a-vis the respective platform, which include, for example, the right of access.

For our social media presence on Facebook, including so-called Page Insights, we are – insofar and to the extent that the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (among others in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights in order to provide our Facebook presence effectively and in a user-friendly manner.

Further information on the nature, scope and purpose of data processing, information on the rights of data subjects as well as the contact details of Facebook and Facebook’s data protection officer can be found in Facebook’s Privacy Policy. We have concluded the so-called “Controller Addendum” with Facebook and have thus agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For so-called Page Insights, the relevant information can be found on the page “Page Insights Controller Addendum” including “Information about Page Insights Data”.

10. Third-party services

We use services from specialised third parties in order to be able to carry out our activities and operations on a sustainable, user-friendly, secure and reliable basis. With such services, we may, among other things, embed functions and content in our website. In the case of such embedding, the services used record, for technically compelling reasons, at least temporarily the Internet Protocol (IP) addresses of users.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This may include, for example, performance or usage data to enable the respective service to be provided.

In particular, we use:

• Google services: providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and in Switzerland; general privacy information: “Privacy and Security Principles”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Guide to Privacy in Google Products”, “How we use data from sites or apps on which our services are used” (Google information), “Types of cookies and other technologies used by Google”, “Personalised advertising” (activation / deactivation / settings).

10.1 Digital infrastructure

We use services from specialised third parties in order to make use of necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

In particular, we use:

• Cyon: hosting; provider: cyon GmbH (Switzerland); privacy information: “Data protection”, Privacy Policy.
• StackPath CDN: Content Delivery Network (CDN); providers: StackPath LLC (USA) / Highwinds Network Group Inc. (USA); privacy information: Privacy Policy.

10.2 Audio and video conferences

We use specialised services for audio and video conferences in order to communicate online. For example, we may hold virtual meetings or conduct online lessons and webinars. Supplementary legal texts of the respective services, such as privacy policies and terms of use, also apply to participation in audio and video conferences.

Depending on your personal circumstances, we recommend muting the microphone by default during participation in audio or video conferences and blurring the background or using a virtual background.

In particular, we use:

• Zoom: video conferences; provider: Zoom Video Communications Inc. (USA); privacy information: Privacy Policy, “Privacy at Zoom”, “Legal Compliance Center”.

10.3 Maps

We use third-party services to embed maps in our website.

In particular, we use:

• Google Maps including Google Maps Platform: map service; provider: Google; Google Maps-specific information: “How Google uses location information”.

10.4 Fonts

We use third-party services to embed selected fonts as well as icons, logos and symbols in our website.

In particular, we use:

• Font Awesome: icons and logos; provider: Fonticons Inc. (USA); privacy information: Privacy Policy.

11. Extensions for the website

We use extensions for our website to be able to use additional functions.

In particular, we use:

• jQuery (OpenJS Foundation): free JavaScript library; provider: OpenJS Foundation (USA) using StackPath CDN; privacy information: Privacy Policy (OpenJS Foundation), Cookie Policy (OpenJS Foundation).

12. Success and reach measurement

We try to determine how our online offering is used. In this context, we may, for example, measure the success and reach of our activities and operations as well as the effect of third-party links to our website. We may also test and compare how different parts or versions of our online offering are used (“A/B testing” method). Based on the results of success and reach measurement, we can in particular fix errors, strengthen popular content or make improvements to our online offering.

For success and reach measurement, in most cases the Internet Protocol (IP) addresses of individual users are stored. In this case, IP addresses are generally shortened (“IP masking”) in order to follow the principle of data minimisation through pseudonymisation.

Cookies may be used for success and reach measurement and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the – at least approximate – location. As a rule, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services where users are logged in may be able to attribute the use of our online offering to the user account or user profile with the respective service.

In particular, we use:

• Google Analytics: success and reach measurement; provider: Google; Google Analytics-specific information: measurement across different browsers and devices (cross-device tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only exceptionally transferred in full to Google in the USA, “Data protection”, “Browser add-on to disable Google Analytics”.
• Google Tag Manager: integration and management of other services for success and reach measurement as well as other services from Google and third parties; provider: Google; Google Tag Manager-specific information: “Data collected with Google Tag Manager”; further privacy information can be found in the individual integrated and managed services.

13. Final provisions

We have created this privacy policy using the privacy policy generator from Datenschutzpartner.

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate form, in particular by publishing the current version of the privacy policy on our website.

This Privacy Policy was originally drafted in German and has been translated into English for convenience.