Privacy policy

With this Privacy Policy, we provide information about the processing of personal data in connection with our activities and operations, including our website under the domain name www.kongresshaus.ch. In particular, we explain for what purposes, how, and where we process which personal data. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and operations, we may publish further privacy statements or other information regarding data protection.

We are subject to Swiss law as well as any applicable foreign law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

In its decision of July 26, 2000, the European Commission recognized that Swiss data&provides an adequate level of data protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Addresses

Data Protection Officeris:

Kongresshaus Zürich AG
Gotthardstrasse 5
CH-8002 Zurich

datenschutz@kongresshaus.ch

In individualcases, third parties may be responsible for the processing of personal data, or there may be jointwith third parties. Upon request, we are happy to provide data subjects with information regarding the respective responsibility.

Data Protection Representative in the European Economic Area (EEA)

We have the following data protection representative in accordance with Art. 27 GDPR:

VGS Datenschutz­partner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

The Data Protection Representative serves as an additional point of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.

2. Terms and Legal Basis

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personaldata: All information relating to an identified or identifiable natural person.

Sensitive personal data: Data regarding economic, political, religious, or philosophical views and activities, data regarding health, intimate life, or membership in an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data regarding criminal or administrative sanctions or proceedings; and data regarding social assistance measures.

Processing: Any processing of personal data, regardless of the means and methods used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, saving, modifying, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Basis

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).

We process – to the extent that the European General Data Protection Regulation (GDPR) applies – personal data in accordance with at least one of the following legal bases:

• Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests—including the legitimate interests of third parties—unless the fundamental freedoms and rights as well as the interests of the data subject prevail. Such interests include, in particular, the sustainable, people-friendly, secure, and reliable conduct of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6(1)(c) GDPR for the necessary processing of personalto fulfill a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
• Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
• Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
• Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.
• Art. 9(2) et seq. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The European General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data and the handling of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of Personal Data Processing

We process personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The processed personaldata processed may fall, in particular, into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and paymentdata. The personal data may also constitute sensitive personal data.

We also process personaldata that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is permitted.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to comply with legal obligations or to safeguard legitimate interests. We may also request consent from data subjects

We process personal data for the periodnecessary for the respective purpose. We anonymize or delete personal data, in particular in accordance with statutory retention and statute of limitations periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialized providers whose services we utilize. Such third parties may in turn disclose personal data to other third parties.

We may disclose personaldata in the course of our activities and operations, in particular to banks and other financial service providers, government agencies, educational and research institutions, consultants and attorneys, accounting and fiduciary service providers, debt collection companies, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies,, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and paymentservice providers.

5. Communication

We process personal data to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we process, in particular, data that a data subject provides to us when making contact, for example by mail or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data about other individuals to us are legally obligated to ensure the data protection of these data subjects. In particular, they must ensure that they are authorized to transmit such data and must also guarantee the accuracy of the transmitted data.

We use selected services from suitable providers to facilitate and improve communication with individuals and other communicationpartners. We may also use such services to manage and further process the data of data subjects beyond direct communication, for example in connection with orders, services, projects, and resource planning.

6. Job Applications

We process personal data regarding applicants to the extent necessary for assessing their suitability for employment or for the subsequent execution of an employment contract. The necessary personal data is derived in particular from the information requested, for example in the context of a job posting. We may publish job postings with the assistance of suitable third parties, for example in electronic and print media or on job portals and recruitment platforms.

We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, and other application documents, as well as online profiles.

We process—provided and to the extent that the General Data Protection Regulation (GDPR) applies—personal data regarding applicants, in particular in accordance with Art. 9(2)(b) GDPR.

We use selected services from suitable third parties to advertise job openings via e-recruitment and to enable and manage applications.

7. Data­security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. In particular, our measures ensure the confidentiality, availability, traceability, and integrity of the personal data processed, though we cannot guarantee absolute data security.

Access to our website and our other digital presence is provided via transport encryption (SSL / TLS, specifically using the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn users before visiting a website without transport encryption.

Our digital communications are subject—as in principle all digital communications are—to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and in other countries. We have no direct influence over the processing of personal data by intelligence agencies, police departments, and other security authorities. Nor can we rule out the possibility that a data subject is being specifically monitored.

8. Personal Data Abroad

We generally process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it there or have it processed there.

We may transfer personal data to all countries in the world and elsewhere in the universe, provided that the local law complies with Decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) applies – also in accordance with Decision of the European Commission ensures an adequate level of data protection.

We may transfer personal data to countries whose laws do not provide an adequate level of data, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific legal requirements for data protection, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any such safeguards or to supply a copy of any such safeguards.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all rights in accordance with applicable law. Data subjects have the following rights in particular:

• Right of access: Data subjects may request information as to whether we process personalprocess personal data about them, and if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data being processed as such, as well as, among other things, details regarding the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Data subjects may have incorrect personal, complete incomplete data, and have the processing of their data restricted.
• Right to express one’s own point of view and to a human review: Data subjects may, in the case of decisions based exclusivelysolely on automated processing of personal data and which result in legalconsequences or significantly affect them (automated individual decisions), present their own point of view and request a review by a human.
• Deletion and objection: Data subjects may have personalhave their personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data disclosure and data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse to exercise the rights of data subjects within the scope permitted by lawrefuse. We may inform data subjects of any prerequisites that must be met for the exercise of their data protection rights. For example, we may refuse to provide information in whole or in part by citing confidentialityconfidentiality obligations, overriding interests, or the protection of other individuals. For example, we may also refuse, in whole or in part, to delete personal data, particularly by citing legal retention obligations.

We may, in exceptional cases, charge a fee for the exercise of the rights /em>. We will inform the data subjects in advance of any costs.

We are obligated to identify data subjects who request informationor assert other rights, using appropriate measures. Data subjects are required to cooperate.

9.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legalor to file a report or complaint with a data protection supervisory authority.

The data protection supervisoryauthority for private data controllers and federal­bodies in Switzerland is the Federal Data­Protection and Information­Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the Euro­European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities have a federal structure, particularly in Germany.

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies may be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, the recognition of a browser upon the next visit to our website and thereby, for example, the measurement of the reachof our website. However, permanent cookies can also be used, for example, for online marketing.

Cookies can be completely or partially deactivated, restricted, or deleted at any time in the browser settings. Browser settings often also allow for automated deletion and other management of cookies. Without cookies, our website may no longer be available in its entirety. We actively request—at least to the extent required by applicable law—your express consent to the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general opt-out is available for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

For every visit to our website and our other digital presence, we may log at least the following information, provided that this information is typically determined or transmitted during such visits to our digital infrastructure: date and time, including time zone, IP address, access status (HTTP status code), Operating system, including user interface and version; browser, including language and version; specific subpages of our website accessed, including the amount of data transferred; the last webpage accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to ensure that our digital presence is available on a permanent, user-friendly, and reliable basis. The information is also necessary to ensure data security– including through third parties or with the help of third parties.

10.3 Web Beacons

We may incorporate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are typically small, invisibleimages or scripts written in JavaScript that are automatically retrieved when you access our digital presence. Tracking pixels can collect at least the same information as is recorded in log files.

11. Notifications and Communications

11.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether a specific message was opened and which web links were clicked. Such web links and tracking pixels may also collect usage data on a personal basis. We require this statistical usage data for successand reach measurement so that we can send notifications and communications effectively and in a user-friendly manner, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.

11.2 Consent and Right to Object

You must in principle consent to the use of your email address and other contact information, unless such use is permitted for other legal reasons. To obtain double-confirmed consent, we may use the “"double opt-in" procedure. In this case, you will receive a message with instructions for double confirmation. We may log obtained consents, including IP address and timestamps for evidentiary and security reasons.

You may in principle object to receiving notifications and communications, such as newsletters, at any time. By objecting in this manner, you may simultaneously object to the statistical tracking of usage for the purpose of measuring success and reach. This does not apply to necessary notifications and communications related to our activities and operations.

11.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

In particular, we use:

• Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Data protection information: Privacy Policy (Intuit) including “Country and Region-Specific Terms,” “Mailchimp Privacy FAQs”), “Mailchimp Privacy FAQs”),Mailchimp Privacy FAQs"), "Mailchimp and European Data Transfers", "Security", Cookie Policy, "Inquiries Regarding Data Protection Rights", "Legal Terms".
• SendGrid: Platform for transactional emails (“Email delivery made easy”); Providers: Twilio Inc. (USA) / Twilio Ireland Limited (Ireland); Privacy information: Privacy Policy.

12. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use, as well as the privacy policiesand other provisions of the individual operators of such platforms. These provisions provide information in particular regarding the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

For our social media presence on Facebook, including so-called Page Insights, we are – to the extent that the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta group (including in the U.S.). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to ensure our social media presence on Facebook is effective and user-friendly.

Further information on the nature, scope, and purpose of data processing, details regarding the rights of data subjects, as well as the contact information for Facebook and Facebook’s Data Protection Officer can be found in the Facebook Privacy Policy. We have concluded the so-called “Addendum for Controllers” and have thereby specifically agreed that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the page “Information on Page Insights”, including “Information on Page Insights Data”.

13. Third-Party Services

We use services provided by specialized third parties to ensure that our activities and operations are sustainable, user-friendly, secure, and reliable. These services allow us, among other things, to embed functions and content into our website. When such embedding occurs, the services used collect, at least temporarily and for technically necessary reasons, the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data necessary to provide the respective service.

In particular, we use:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), in part for users in the Euro­Economic Area (EEA) and in Switzerland; General information on data protection: “Handling of Data Protection & Protection Measures", Privacy Policy, "More information on how Google uses personal data", “Google is committed to complying with applicable data protection laws”, “Guide to data protection in Google products”, “How we use data from websites or apps where our services are used”, Cookie Policy, "Ads you can control" (Personalized ad settings).
• Microsoft services: Providers: Micro­soft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data­protection: «Data Protection at Microsoft", "Data protection and privacy», Privacy statement, «Data and Data Protection Settings».

13.1 Digital Infrastructure

We use services from specialized third parties to access the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

13.2 Social Media Functions and Social Media Content

We use third-party services and plugins to embed features and content from social media platforms and to enable the sharing of content on social media platforms and through other channels.

In particular, we use:

• Facebook (Social Plugins): Embedding Facebook features and Facebook content, for example “Like” (“Like”) or “Share”; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Privacy information: Privacy Policy.
• Instagram platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding LinkedIn features and content, for example using plugins such as the "Share Plugin"; Provider: Microsoft; LinkedIn-specific information: "Privacy", Privacy Policy, Cookie Policy, Cookie Management / Objection to Email and SMS Communication from LinkedIn, Objection to interest-based advertising.

13.3 Maps

We use third-party services to embed maps on our website.

In particular, we use:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google uses location information”.

13.4 Digital Content

We use services from specialized third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.

In particular, we use:

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy information: Privacy Policy, “Private Video Hosting”.
• YouTube: Video platform; Provider: Google; YouTube-specific information: “Privacy & Security Center”, «My Data on YouTube».

13.5 Advertising

We use the option to display targeted advertising with third parties such as social media platforms and search engines for our activities and operations.

With such advertising, we aim in particular to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). To this end, we may transmit relevant information—including, where applicable, personal data—to third parties that enable such advertising. We can also determine whether our advertising is successful, specifically whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are registered as a user may, in some cases, associate your use of our website with your profile there.

In particular, we use:

• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based, among other things, on search queries, whereby various domain names—in particular doubleclick.net, googleadservices.com, and google-syndication.com—are used for Google Ads, Privacy Policy for Advertising, "Manage pop-up ads directly via Ads".
• LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and targeting, in particular using the LinkedIn Insight Tag, «Privacy Policy», Privacy Policy, Cookie Policy, Objection to personalized advertising.
• Meta Ads: Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); privacy information: targeting, including retargeting, particularly using the Meta Pixel and with Custom Audiences including Lookalike Audiences, Privacy Policy, "Ad Preferences" (User registration required).
• TikTok Ads: Social media advertising; Providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for most users in the rest of the world; privacy information: remarketing and targeting, in particular using the TikTok Pixel, Privacy Policy, "Privacy Policy for Children" ("Children’s Privacy Policy"), "PrivacyPolicy for TikTok Partners», Cookie Policy.

14. Website Extensions

We use extensions for our website to enable additional features. We may use selected services from suitable providers or implement such extensions on our own digital infrastructure.

In particular, we use:

• Google reCAPTCHA: Bot protection (distinguishing between desired human activities andunwanted activities by bots); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
• hCaptcha: Bot protection (distinguishing between desired human activities and undesired bot activities); Provider: Intuition Machines Inc. (USA); Data protection information: Privacy Policy, "Ethics Guidelines for Artificial Intelligence" ("AI Ethics Policy").

15. Performance and Reach Measurement

We strive to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or test howdifferent parts or versions of our digital presence are used (the “A/B testing” method). Based on the results of the success and reach measurement, we can, in particular, correct errors, enhance popular content, or make

For performance and reach measurement, in most cases the IP addresses of individual users are collected. In this case, IP addresses are always truncated (“IP masking”) to comply with the principle of data minimization through appropriate pseudonymization.

Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewedon our digital presence, information about the size of the screen or browser window, and the—at least approximate—location. In principle, any user profiles are created exclusively in a pseudonymizedand are not used to identify individual users. Certain third-party services with which users are registered may, in some cases, associate the use of our online offering with the user’s account or user profile on the respective service.

In particular, we use:

• Google Marketing Platform: Performance and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific details: Measurement also across different browsers and devices (cross-device tracking) using pseudonymized IP addresses, which are only /em> will be transmitted in full to Google in the USA, Privacy Policy for Google Analytics, "Browser add-on to disable Google Analytics".

Google Tag Manager: Integration and management of services from Google and third parties, in particular for measuring performance and reach; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further information on data protection can be found in the individual integrated and managed services.

16. Video Surveillance

We use video surveillance to prevent criminal offenses, to secure evidence in the event of criminal offenses, to exercise and enforce our own legal claims, to defend against third-party legal claims, and to enforce our property rights. Insofar as the General Data Protection Regulation (GDPR) applies, these constitute overriding legitimate interests pursuant to Art. 6(1)(f) GDPR, and in the case of particularly sensitive personal data, with reference to Art. 9(2)(f) GDPR.

We store recordings from our video surveillance for as long as they are necessary for the preservation of evidence or another specified purpose.

We may back up recordings from our video surveillance and transmit them to competent authorities, such as courts or law enforcement agencies, provided that the transmission is necessary for a specified purpose, in our other legitimate overriding interest, or due to legal obligations.

17. Final Notes on the Privacy Policy

We created this privacy policy using the Data from Data­protection­partner

We may update this privacy policy at any time. We will notify you of updates in an appropriate manner, in particular by publishing the current privacy policy on our website.