1 General Information
1.1 Information regarding data privacy
If you have questions or recommendations related to this information or if you want to get in touch with us to exercise your rights, please direct your request to:
labor team w ag
Postfach 9001 St. Gallen, Schweiz
+41 71 844 45 45
1.3 Legal Fundamentals
The data privacy law based term "personal data" relates to all information that is affiliated with a specific or determinable individual. We process personal data in compliance with the applicable data protection mandates, in particular the GDPR and the DSG. We process data solely on the basis of a statutory permit. We process personal data only subject to your consent (Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG), if it is necessary for the fulfillment of a contract you are a contracting party to or upon your request to perform pre-contractual measures (Art. 6 Sect. 1 Letter b GDPR Art. respectively 13 Sect. 2 Letter a DSG ), for the fulfillment of any legal obligations (Art. 6 Sect. 1 Letter c GDPR respectively Art. 13 Sect. 1 DSG) or if such processing is necessary to protect our legitimate rights or the legitimate rights of a third party, provided this is not in conflict with your interest or fundamental rights and fundamental liberties that mandate the protection of personal data that outweigh our interests (Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG).
If you are applying for one of our company’s job vacancies, we are processing your data also to make a decision concerning the establishment of an employment relationship.
1.4 Duration of data storage
Unless otherwise stipulated in the following passages, we store data only as long as this is necessary to attain the purpose of its processing or for the fulfillment of our contractual or statutory obligations. Such statutory retention period may arise in particular for trade or tax law provisions. As of the end of the calendar year during which the data was collected, we will archive such personal data contained in our accounting records for a period of ten years. Incidentally, we shall keep on file records of date related to evidence requiring consent as well as with claim and accounts receivable entitlements for the duration of the statutory statutes of limitation. Data stored for promotional purposes shall be deleted if you object to the processing for this purpose.
1.5 Categories of data recipients
In conjunction with the processing of your data we also use contracted processors. The processing transactions that are part of such contract processing are e.g. hosting, the sending out of emails, maintenance and support of IT systems, accounting and billing, file and data media destruction and payment processing services. A contracted processor is either a natural or legal entity, government agency, facility or other point of contact that processes personal data on behalf of the data controller responsible for the processing of this data. Contracted processors do not utilize the data for their own purposes, but instead handle data processing exclusively as commissioned by the data controller. Contractually, they are required to warrant the utilization of suitable technical and organizational measures aiming at the protection of the data.
Incidentally, we may also share your personal data with for instance postal and courier services, our bank, tax consultants/financial auditors or the Swiss internal revenue service as well as government institutions, e.g. the Canton Cancer Register or the Federal Department of Health. To track infections, we may transfer the data to the competent health department. Other recipients may arise from the following information.
1.6 Data transfer to third countries
The visit to our website may be linked to the transfer of certain personal data to third countries, i.e. nations in which the GDPR or the DSG are not governing law. Such transmissions will be handled in a permitted manner if the legislation in the third country provides adequate protection.
In the event of absence of a decision in favor of reasonable data protection levels by the European Commission or the Federal Council in Switzerland, the transfer of personal data to a third country shall occur only if suitable guarantees are on hand, especially if you have expressly consented to the sharing of personal data with a third country.
Unless otherwise provided in the following we use the standard data privacy clauses for the transmission of personal data into third countries. You have the option to receive or review a copy of these standard data privacy clauses. To do so, please use the address set forth under the contact information section.
1.7 Processing in conjunction with the exercising of your rights
In the event that you exercise your rights as the data subject, we will process the provided personal data for the purpose of implementing these rights by us and in order to provide evidence for the former. Data stored for the provision of information and its preparation shall be processed only for this purpose and the purpose of data protection controlling and we shall otherwise restrict the processing of such data.
Such processing shall be based on the legal foundation of Art. 6 Sect. 1 Letter c GDPR in combination with Art. 15 bis 22 GDPR respectively Art. 13 Sect. 1 DSG and in combination with Art. 5 and 8 DSG.
1.8 Your rights
As the data subject, you have the right to claim your data subject rights arising from the data privacy laws applicable to you (GDPR or DSG). In this context, you have the following rights in particular:
- You have the right to demand information clarifying whether and, if applicable, to what extent we process personal data related to you as a person or not.
- You have the right to demand that we rectify your data.
- You have the right to demand that we delete your personal data.
- You have the right to have the processing of your personal data restricted.
- You are entitled to receive the personal data affiliated with you that you have provided to us in a structured, commonly used and machine-readable format and to transfer the data to another data controller.
- If you have given us special consent to data processing, you may revoke such consent at any time. Such a rescission shall not result in eliminating the legality of the previous processing that occurred until you revoked your consent.
- If you should be of the opinion that any processing of the personal data related to you violates one of the provisions of the DSG or GDPR, you have the right to log a complaint with the supervisory/regulatory agency.
1.9 Right to object
Pursuant to the provisions of Art. 21 Sect. 1 GDPR or Art. 31 DSG you have the right to file objections against any processing that is based on the legal grounds of Art. 6 Sect. 1 Letter e or f GDPR for reasons that arise from your extraordinary situation. In the event that we are processing personal data related to you for the purpose of direct advertising, you may file an objection against such processing pursuant to Art. 21 Sect. 2 and Sect. 3 GDPR.
1.10 Representatives in the European Union
You can reach our representative with the European Union under the following address:
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg, Deutschland
2 Data Processing on our Website
When you use the website, we shall record information you provide on your own. Moreover, during your visit to our website, certain information concerning the use of the website will be tracked by us. Under data protection legislation, the IP address is fundamentally also considered personal information. An IP address is allocated to any device connected to the Internet by the Internet provider to enable it to send and receive data.
2.1 Processing of server log files
If you are using our website for the sole purpose of obtaining information, the system will first automatically store general information that your browser communicates to our server (in other words, not through registration). This includes the following by default: the operating system of the user, the Internet service provider of the user, the user’s IP address, the data and time of access, the accessed page, the previously visited page (Referrer URL), the sub-websites which are accessed by an accessing system on the Internet page, as well as similar device specific information that is required to establish a connection and to use the website. We process this data to protect our legitimate interests and it is based to the legal grounds of Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 DSG. Such processing aims at the technical administration and the security of the website. The stored data shall be deleted after 30 days unless specific indications give rise to legitimate suspicions of illegal usage and if further investigations and processing of the information is mandatory for this reason.
We are not in a position to identify you as the data subject based on the archived information. Hence, the rights of data subjects do not apply unless you are providing additional information that allow for your identification for the execution of the rights set forth in these articles.
2.2 Contact options and inquiries
Our website contains contact forms you can utilize to send us messages. The transfer of your data will be encrypted in this case (evident from the "https"-tag in the address line of the browser). All fields identified as required fields are required in order to process your concerns. Failure to provide this information will result in us being unable to process your request. The provision of any additional data is voluntary. Alternatively, you can also send us a message via the contact email address. We will process your data for the purpose of responding to your inquiry. If your inquiry is related to the closing or performance of a contract with us, Art. 6 Sect. 1 Letter b GDPR respectively Art. 13 Sect. 2 Letter a DSG shall be the legal foundation for the processing of your data. Otherwise, we shall process your data on the basis of our legitimate interest to reach out to individuals submitting inquiries. The legal foundation for data processing in this case will be Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG.
2.3 Chat service
As soon as you visit our website, the chatbot moin.ai from knowhere GmbH (Germany/EU) will be offered as a service to you. The chat answers your service inquiries and questions about our services. To that end, it automatically recognizes your concerns and delivers the matching response on its own. The data hosting of the data processed will occur in a data processing center in Germany.
To display the chatbot, it processes your IP address. However, knowhere GmbH will archive it only in an anonymized format. Incidentally, all data shall be processed anonymously, with the exception of information you voluntarily send to the chatbot over the course of the chat conversation.
In addition, a link to persons can be generated if you voluntarily decide to forward the progression of the chat to our customer service using the specifically designated function. In this case, additional information shall be collected besides your email address to ensure that we can process your request.
The chatbot supports the expeditious communication with website visitors and customers. If the inquiry aims at the implementation of an order with us, Art. 6 Sect. 1 Letter b GDPR Art. 13 Sect. 2 Letter a DSG shall be the legal foundation for the processing of data. In addition, it serves our legitimate interests pursuant to Art. 6 Sect. 1 Letter f GDPR Art. 13 Sect. 1 DSG in the quick and targeted processing of customer concerns.
To ensure that the chatbot recognizes any user who has already initiated a conversation with the chatbot, a local Storage Key shall be stored in the web browser of the website visitor at the beginning of the conversation. This ensures that the user dialog can continue without the loss of context even if it takes place over multiple visits to the website. The local Storage Key shall be archived until it is manually deleted. Moreover, the server shall automatically delete the log files and chat progressions after 30 days.
2.5 Consent Management Tool
This website uses a consent management banner to manage cookies. The consent banner allows users of our website to grant consent to certain data processing transactions or to revoke any consent previously provided. By confirming the "I accept" button or by storing individual cookie settings, you consent to the use of the affiliated cookies. The data protection legislation based legal grounds consist of your consent as defined in Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG.
You can revoke your consent to cookies here:
2.6 Analysis of our website and tracking
This is a software program used to measure the reach of the website. For this purpose, accesses to our website are anonymously recorded and analyzed without the utilization of tracking cookies. The IP address is anonymized immediately after it has been collected and prior to archiving. Any further processing of personal data in conjunction with the deployment of Matomo does therefore not occur.
This data is processed to protect our legitimate interests in measuring the reach and in the statistical analyses of the use of the website. This processing is based on the legal grounds of Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG and is required to ensure our legitimate interest in optimizing our web presentation and to forego the processing of personal data to the maximum extent possible.
You have the option to object to this data processing in general. In this case, a so-called opt-out cookie will be archived in your browser. This will result in Matomo not collecting any session data whatsoever. If you should delete your cookies in your web browser, the opt-out cookie will be deleted as well. If you visit our website again, you will have to once again activate your objection.
2.6.2 New Relic
Our website uses New Relic, an analysis service offered by New Relic Inc. (New Relic/USA). New Relic is a web analysis tool that records the user data of a website to analyze the website for its performance and to monitor it, for instance to improve the loading times of individual parts of the website.
In some cases, such data represents information that is archived on the device you are using. Moreover, the deployed cookies are also used to store additional information on the device you are using. Such archiving of information by New Relic or any access to information already stored on your device will occur only subject to your consent.
The placement of cookies and the processing described further herein shall occur subject to your consent. The legal foundation for such data processing on connection with the New Relic service is therefore Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG.
For additional information related to these processing activities, the deployed technologies, archived data and duration of archiving please check the settings of our consent management tool.
When using New Relic, the transfer of data to New Relic Inc. in the United States cannot be ruled out. To that end, please read the information provided in section "Data transfer to third countries". Additional information on data privacy and the utilized cookies can be found online at http://newrelic.com/privacy.
3 Other Data Processing
3.1 Recording of orders and information about findings
You have the option to direct orders to us in hard copy format, via phone or online. To that end, in conjunction with the order data entry, we only process data, in particular health-related information, that has been provided for instance in the entry screen or via phone. We process personal data exclusively for the purpose of processing the contract and in order to be able to provide you with the results of our analysis. Analysis results may be accessed online on our website or with the assistance of our "ltw Results" app after the user name and password have been successfully entered. Customers can obtain these access data on request from our service hotline. All data fields identified as required fields are necessary in order to process your order. Failure to provide the former will result in us being unable to process your order. The legal foundation for the processing in all cases is Art. 6 Sect. 1 Letter b GDPR, Art. 9 Sect. 2 Letter h GDPR respectively Art. 13 Sect. 2 Letter a DSG. The provision of any additional data is voluntary. Data that has been provided voluntarily in this manner shall be processed by us on the basis of Art. 6 Sect. 1 Letter f GDPR Art. 13 Sect. 1 DSG.
3.2 Fulfillment of the statutory reporting and information obligations
We have an obligation to share certain health data (incl. the name of the data subject) with government agencies based on statutory provisions (e.g. cancer register, Canton health department, Federal Department of Health) (such as infectious diseases or cancer diagnoses).
Moreover, we provide competent government agencies (such as district attorneys’ offices, courts and health agencies) with information upon request if we are required to do so as a matter of law.
The legal basis for the processing of such data in each case is Art. 6 Sect. 1 Letter c GDPR respectively Art. 13 Sect. 1 DSG.
Our customer service has the option to approve you to use our Webshop. In the event that you place an order for a product using our order voucher, our website or you calling it in, we shall process personal data exclusively for the processing of the contract respectively to enable us to provide the ordered product to you. In conjunction with the booking or ordering process we process only such data you yourself have provided and, if applicable, payment information if you are paying via advance transfer. In order to be able to send you the ordered products, we will communicate the data required for the delivery to one of our shipping services as stipulated in the order.
The legal foundation for such processing in each case shall be Art. 6 Sect. 1 Letter b GDPR and Art. 13 Sect. 2 Letter a DSG. All data fields identified as required fields are essential for the processing of your booking or purchase order. Failure to provide required information will result in us being unable to process your booking or order. Moreover, you may provide us with additional information voluntarily. The voluntarily provided information shall be processed by us on the basis of Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG.
On our website we offer you the opportunity to subscribe to our newsletter. After you have registered, you will receive information on the latest news related to our portfolio at regular intervals. A valid email address is required to register for the newsletter. In order to verify the email address, you will initially receive a registration email that you have to confirm by using the link provided (double opt-in). If you subscribe to the newsletter on our website, we shall process personal data, such as your email address and your name on the basis of consent you have given to us. Processing shall be based on the legal grounds set forth in Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG. The granted consent may be revoked at any time with future impact, for instance by "Unsubscribing" in the newsletter link or you may contact us through any of the aforementioned channels. The legality of already completed data processing transactions shall not be affected by the revocation.
When you register for the newsletter, we furthermore archive your IP address as well as the data and time of your registration. The processing of this data is necessary to be able to document the granted consent. The legal foundation arises from our legal obligation to document your consent (Art. 6 Sect. 1 Letter c in combination with Art. 7 Sect. 1 GDPR respectively Art. 13 Sect. 1 DSG).
We also analyze the reading patterns and the opening rates of our newsletter. For instance, when our emails are received and accessed, we father the generated data into an aggregated and anonymized format (delivery rate, opening rate, click rates, unsubscription rate, bounce rate, visits, orders closed) in order to measure the usage level and success of our emails. The legal foundation for the analysis of our newsletter is Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG and the processing aims at protecting our legitimate interest in the optimization of our newsletter.
On the other hand, we also analyze the data generated during the access to and the use of these emails by you (time opened, clicked hyperlinks, downloaded documents) as well as any motion data on downstream websites in a personal data related manner in connection with your email address to allow us to send you customized information in the future on this basis as well, which takes your interests and needs into account in the best possible manner. The collected anonymous as well as personal data will be used by us to provide you with customized content and customized information in our promotional emails and on our downstream websites. The legal basis for data processing in conjunction with emails shall be Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG. You may revoke the consent you have granted at any time with future impact, for instance by using the "Unsubscribe" link in the newsletter or you may contact us via the above-mentioned channels.
3.5 Registration for events
In the event that you would like to register to one of our conventions or continued education programs, we will process your data for the hosting of the event and, if applicable, in conjunction with our contractual relationship within the necessary scope. This regularly includes the processing of contact and communications data, the name and address of the practice as well as, if applicable, payment information. The legal basis for such processing is Art. 6 Sect. 1 Letter b GDPR und Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG and Art. 13 Sect. 2 Letter a DSG…
You have the option to submit an application via our website in the «Careers» section. For this purpose, we will collect personal information from you, which shall include in particular your name, your curriculum vitae, the application letter and other content to be provided by you. We use a service provider to manage our inbound applications, who, in accordance with the statutory prerequisites for contract processing is subject to our sole instructions and works on our behalf. Your personal application data will be used exclusively to determine your suitability for the employment relationship, i.e. for purposes that are related to your interest in a current or future position with us and the processing of your application. Your application will only be handled by our relevant contacts and they will be the only ones taking note of your application. All employees entrusted with the processing of personal data are required to maintain confidentiality with regard to your data. If we should be unable to offer you employment, we will promptly delete the data you have transmitted to us after sending you a denial notice. This shall not be the case if the transferred data is required to defend against claims of the applicant, or if statutory provisions are in conflict with the deletion of the data or if you have expressly agreed to an extended storage period.
The legal foundation for the collection and processing of your personal data in the application process is Art. 6 Sect. 1 Letter b GDPR respectively Art. 328b OR (Swiss Code of Obligations) in conjunction with Art. 13 Sect. 2 Letter a DSG (Data Protection Act) (implementation of pre-contractual measures). Art. 6 Sect. 1 Letter f GDPR (General Data Protection Regulation) respectively Art. 13 Sect. 1 DSG (Data Protection Act) (exercising of legitimate interests) is the legal foundation for the storage of your data beyond the application process. In this case, our interest is inherent in the claiming of or defense against claims, for instance those in conjunction with the burden of proof in a court proceeding.
In the event that we should archive your application data for a period exceeding six months and you have expressly consented to such storage, we herewith point out that you may randomly revoke such consent at any time pursuant to Art. 7 Sect. 3 GDPR. Such a revocation shall not affect the legality of data processing until the revocation of consent.
3.7 Customer and prospective customer data
If you as the customer or as a prospective customer reach out to our company, we will process your data for the establishment or execution of the contractual relationship to the extent that this is necessary. This regularly includes the processing of the personal master data, contractual and payment information provided to us, as well as contact and communications data of our contacts at commercial customers and business partners. The legal foundation for this type of processing is Art. 6 Sect. 1 Letter b GDPR und Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG and Art. 13 Sect. 2 Letter a DSG.
Furthermore, we process customer and prospective customer data for analytical and marketing purposes. Such processing shall occur on the legal foundation of Art. 6 Sect. 1 Letter f GDPR and shall serve our interest to further develop our portfolio and to provide you with targeted information on our products and services. Further data processing may occur if you have consented to it (Art. 6 Abs 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG) or if this is necessary for the fulfillment of a legal obligation (Art. 6 Sect. 1 Letter c GDPR respectively Art. 13 Sect. 1 DSG).
In the event that you are participating in sweepstakes, we shall process your personal data for the performance and processing of the sweepstakes. This includes in particular the selection of winners, the notification on winnings and the delivery of prizes. In case that the delivery respectively the provision of certain prizes is handled by a different enterprise (e.g. a cooperative partner) we shall transfer the winner’s data to this company to the extent that this is necessary. Upon conclusion of the sweepstakes, we shall promptly delete such data, unless statutory retention obligations are in conflict with immediate deletion. The legal foundation for the processing is Art. 6 Sect. 1 Letter b GDPR respectively Art. 13 Sect. 2 Letter a DSG.
4 Data Processing Via our App
We are providing you with a mobile app you can download to your mobile device. The following sections will brief you on the collection and processing of personal data when using our mobile app.
4.1 Downloading the app
When downloading the app, certain required information is sent to the app store you have chosen (e.g. Google Play or Apple App Store), which may in particular include the username, the email address, the customer number of your account, the download time as well as the individual device number. The processing of this data occurs exclusively by the provider of the respective app store and is beyond our sphere of control.
4.2 Authorization on the device for use of the app
In conjunction with the use of the app it may become necessary that certain functions of the utilized device are accessed. The app requires the following authorisations for this purpose:
- Internet access: This is required so that the end device can establish a connection to our server in order to retrieve information such as findings data.
- Camera access: This is required so that the app user can scan QR codes (for easy transfer of user data from our website).
- Face ID or fingerprint: This is required to allow the app user to use the Face ID or fingerprint login procedure.
- Access to external storage: This is required to allow the app user to store data on their device for possible further processing.
- Notifications: So that new analysis results can be notified via push message (where subscribed).
4.3 Processing of personal data when using the app
With the assistance of the app, we process personal data for the registration of orders and for the provision of diagnostic information. Additional information about this can be found in Section "Recording of orders and information on diagnostic results".
In addition, we will process the personal data described below to ensure the convenient use of the functions and to ascertain stability and security:
- IP address
- Date and time of the inquiry
- Internal ID of the opened health dataset
The legal foundation for the processing of this data is Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG.
5 Data Processing on our Social Media Pages
We have a business page on several social media platforms. The purpose of this is to provide you with additional options to gain information and insights into our company and to share information. Our company has business pages on the following social media platforms:
Whenever you visit a profile on a social media platform or interact with the former, it is possible that personal data related to you will be processed. The information used in conjunction with a social media profile regularly also represents personal data. This also includes messages and statements made while using the profile. Furthermore, during your visit to a social media profile information may frequently also be automatically recorded that may represent personal information.
5.1 Visiting a social media page
5.1.1 Facebook page
When visiting our Facebook page, on which we present our enterprise or individual products from our portfolio, certain information related to you will be processed. The sole responsible party for this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU – "Meta"). For additional information on the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers the option to object to certain types of data processing, related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
5.1.2 LinkedIn corporate page
Principally, the sole party responsible for the processing of personal data during visits to our LinkedIn page is LinkedIn Ireland Unlimited Company (Ireland/EU – "LinkedIn"). For additional information on the processing of personal data by LinkedIn please go to https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Whenever you visit our LinkedIn business page, follow this page or interact with the page, LinkedIn will process your personal data to provide us with statistics and insights in an anonymized format. As a result, we receive information about the types of activities individuals perform on our page (so-called Page Insights). To that end, LinkedIn processes in particular such data that you have already provided to LinkedIn as part of the information for your profile, such as data on the position, country, industry, years in business, size of the enterprise and employment status. Moreover, LinkedIn will process information related to your interactions with our LinkedIn page, for instance if you are a follower of our LinkedIn business page. With Page Insights, LinkedIn does not deliver any personally relevant data of yours to us. We merely have access to the summarized Page Insights. Furthermore, we are not in a position to arrive at conclusions about individual members through the Page Insights information. This processing of personal data in conjunction with the Page Insights is handled by LinkedIn and us as the joint data controllers. The processing serves our legitimate interest to analyze the types of performed actions on our LinkedIn business page and to improve our business page based on these insights. The legal foundation for this type of processing is Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG. We have executed an agreement with LinkedIn on the processing as joint data controllers, in which the distribution of the data protection legislation related obligations between us and LinkedIn. This agreement may be accessed by going to: https://legal.linkedin.com/pages-joint-controller-addendum. In accordance with this, the following applies:
- LinkedIn and our company have entered into an agreement that the Irish Data Protection Commission shall be the regulatory agency in charge of monitoring the processing of Page Insights. You at all times have the right to log a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other regulatory agency.
Please keep in mind that according to the LinkedIn Data Privacy Guidelines, personal data may also be processed by LinkedIn in the United States or other third countries. To that end, LinkedIn transfers personal data only to countries for which a reasonability resolution of the European Commission pursuant to Art. 45 GDPR exists or on the basis of suitable guarantees pursuant to Art. 46 GDPR.
6 Consent text in the newsletter form.
7 Comments and Direct Messages
Furthermore, we process information you have made available to us via our business page on the respective social media platform. Such information may comprise the used username, contact information or a message sent to us. Such processing by us shall occur with us as the sole responsible data controller. We process the data on the basis of our legitimate interest to reach out to individuals submitting requests to us. The legal foundation for such data processing is Art. 6 Sect. 1 Letter f GDPR respectively Art. 13 Sect. 1 DSG. Additional data processing may occur if you have given your consent to it (Art. 6 Sect. 1 Letter a GDPR respectively Art. 13 Sect. 1 DSG) or if it is necessary to fulfill a legal obligation (Art. 6 Sect. 1 Letter c GDPR Art. 13 Sect. 1 DSG).