Data protection declaration

Introduction

Thank you for visiting my website lialumiere.ch and for your interest in my company.

The protection of your personal data, such as date of birth, name, telephone number, address, etc., is important to me.

The purpose of this privacy policy is to inform you about the processing of your personal data that is collected when you visit my website. My data protection practices comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The following privacy policy serves to fulfill the information obligations arising from the FADP and the GDPR. These can be found, for example, in Art. 19 ff. DSG and Art. 13 ff. of the GDPR.

Owner or controller

The controller within the meaning of Art. 5(j) FADP and Art. 4(7) GDPR is the person who alone or jointly with others determines the purposes and means of the processing of personal data. The controller pursuant to Art. 4 No. 7 GDPR is also the recipient of the personal data within the meaning of Art. 4 No. 9 GDPR. Any third-party recipients are identified separately.

With regard to my website, the owner or controller is

Celia Fässler

Hauptstr. 95

9052 Niederteufen

Schweiz

info@lialumiere.ch

+41774097510

Whatsapp

Provision of the website and creation of log files

Each time this website is accessed, the system automatically collects data and information from the accessing device (e.g. computer, mobile phone, tablet, etc.).

What personal data is collected and to what extent is it processed?

​

• (1) Information about the browser type and version used

• (2) The operating system of the accessing device;

• (3) Host name of the accessing computer;

• (4) The IP address of the accessing device;

• (5) Date and time of access;

• (6) Websites and resources (images, files, other page content) that were accessed on this website;

• (7) Websites from which the user's system came to this website (referrer tracking);

• (8) Notification of whether the retrieval was successful;

• (9) Amount of data transferred

​

This data is stored in the log files of this system. This data is not stored together with the personal data of a specific user, so that individual site visitors cannot be identified.

​

Legal basis for the processing of personal data

Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP and Art. 2 CC) and Art. 6 para. 1 lit. f GDPR (legitimate interest).

​

Purpose of data processing

The temporary (automated) storage of the data is necessary for the course of a website visit in order to enable the website to be delivered. The storage and processing of personal data is also carried out to maintain the compatibility of this website for as many visitors as possible and to combat misuse and troubleshooting. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on the IT systems and/or errors in the functionality of this website. The data is also used to optimise the website and to generally ensure the security of these IT systems.

Duration of storage

The aforementioned technical data will be deleted as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing this website.

Restriction, objection, correction and deletion options

You can request the restriction of processing in accordance with Art. 18 GDPR or object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR at any time. You can find out which rights you are entitled to and how to assert them at the bottom of this privacy policy.

Special functions of the website

This site offers you various functions that collect, process and store personal data when you use them. Below I explain what happens to this data.

​

Order form

​

• What personal data is collected and to what extent is it processed?

  • The data you enter in the form fields, e.g. address, surname, first name, etc., will be processed by this site to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP and Art. 2 CC) and Art. 6 para. 1 let. b GDPR (implementation of (pre-)contractual measures).

• Purpose of data processing

  • The purpose of data processing is to process your order so that I can fulfil or initiate the contract concluded with you.

• Duration of storage

  • The data is deleted as soon as it is no longer required for processing the order and there are no longer any statutory retention obligations. As a rule, the legislator stipulates a retention period of 10 years.

• Objection, processing, correction and deletion options

  • You can restrict processing at any time in accordance with Art. 18 GDPR, object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR. You can find out which rights you are entitled to and how to assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • The information in the order form is required to conclude a contract. If you do not fill in the mandatory fields or do not fill them in completely, your order cannot be processed.

Evaluation function

​

• Scope of the processing of personal data

  • The data you enter in the fields of my evaluation form will be processed by this site to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP or Art. 2 CC) as well as Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent by clear affirmative action or behaviour or express consent).

• Purpose of data processing

  • Acceptance and publication of your review on my website - and if you explicitly agree to this - also on the internet platforms of my review service providers.

• Duration of storage

  • Your rating will be saved and published for an unlimited period of time. I reserve the right to delete without giving reasons and without prior or subsequent information.

• Objection, processing, correction and deletion options

  • You can restrict processing at any time in accordance with Art. 18 GDPR, object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR. You can find out which rights you are entitled to and how to assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • The information in the rating function is voluntary. If you do not fill in the mandatory fields or do not fill them in completely, the rating you have requested cannot be published on this platform.

Booking enquiry form

​

• Scope of the processing of personal data

  • I will process the data you enter in the booking enquiry form (date, number of persons, etc.) to fulfil the following purpose.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the principle of good faith (para. 2 FADP and Art. 2 CC) as well as Art. 6 para. 1 lit. b GDPR (implementation of (pre-)contractual measures).

• Purpose of data processing

  • A pre-contractual exchange of information is necessary to check your booking so that I can prepare a possible subsequent conclusion of contract.

• Duration of storage

  • The data will be deleted as soon as it is no longer required for processing the booking and there are no longer any legal obligations to retain it.

• Objection, processing, correction and deletion options

  • You can restrict processing at any time in accordance with Art. 18 GDPR, object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR. You can find out which rights you are entitled to and how to assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • The information in the booking enquiry form is required in order to process your booking properly. If you do not fill in the mandatory fields or do not fill them in completely, I will not be able to process your booking enquiry.

​

Contact form(s)

​

• What personal data is collected and to what extent is it processed?

  • The data entered by you in the contact forms, which you have entered in the input mask of the contact form.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP and Art. 2 Swiss Civil Code) and Art. 6 para. 1 lit. a GDPR (consent by unambiguous affirmative action or behaviour).

• Purpose of data processing

  • The data collected via the contact form or contact forms will only be used to process the specific contact enquiry received via the contact form. Please note that e-mails may also be sent to the address provided in order to fulfil your contact request. The purpose of this is so that you can receive confirmation that your enquiry has been forwarded to me correctly. However, sending this confirmation e-mail is not obligatory for me and is for your information only.

• Duration of storage

  • After your enquiry has been processed, the data collected will be deleted immediately, provided there are no statutory retention periods.

• Restriction, objection, correction and deletion options

  • You can request the restriction of processing in accordance with Art. 18 GDPR or object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR at any time. You can find out which rights you are entitled to and how you can assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • The use of the contact forms is voluntary. You are not obliged to contact me via the contact form, but can also use the other contact options provided on my website. If you wish to use the contact form, you must complete the fields marked as mandatory. If you do not fill in the required information on the contact form, you will either not be able to send the enquiry or I will not be able to process your enquiry due to a lack of information.

Newsletter registration form

​

• What personal data is collected and to what extent is it processed?

  • By registering for the newsletter on this website, I will receive the e-mail address you entered in the registration field and, if applicable, other contact details, provided you have provided these via the newsletter registration form.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP and Art. 2 Swiss Civil Code) and Art. 6 para. 1 lit. a GDPR (consent by unambiguous affirmative action or behaviour).

• Purpose of data processing

  • The data entered in the registration form for my newsletter will be used by me exclusively for sending my newsletter, in which I provide information about my services and news. After you have registered, I will send you a confirmation e-mail containing a link that you must click in order to complete your registration for my newsletter (double opt-in). By doing so, you give your consent to data processing in accordance with Art. 6 para. 6 DSG.

• Duration of storage

  • You can unsubscribe from my newsletter at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted immediately after you unsubscribe, provided there are no statutory retention obligations. Your data will also be deleted immediately if your registration is not completed. I reserve the right to delete your data without giving reasons and without prior or subsequent information.

• Restriction, objection, correction and deletion options

  • You can request the restriction of processing in accordance with Art. 18 GDPR or object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR at any time. You can find out which rights you are entitled to and how you can assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • If you would like to use my newsletter, you must fill in the fields marked as mandatory and confirm your e-mail address by clicking on the double opt-in link. The newsletter registration details are necessary in order to be able to make use of the newsletter offer. The information is used exclusively for sending my newsletter. If you do not complete the mandatory fields, I will not be able to provide you with my newsletter service.

​

Appointment booking form

​

• Scope of the processing of personal data

  • The data you entered in my appointment booking form.

• Legal basis for the processing of personal data

  • Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP and Art. 2 CC) and Art. 6 para. 1 lit. b GDPR (implementation of (pre-)contractual measures).

• Purpose of data processing

  • I will only use the data collected via my appointment booking form to process appointment requests received via the appointment booking form.

• Duration of storage

  • Your appointment booking will be deleted immediately after 12 months after the appointment was scheduled, provided that there are no statutory retention obligations. I reserve the right to delete your data without giving reasons and without prior or subsequent information.

• Restriction, objection, correction and deletion options

  • You can request the restriction of processing in accordance with Art. 18 GDPR or object to processing in accordance with Art. 21 GDPR and request the rectification or erasure of data in accordance with Art. 16 or 17 GDPR at any time. You can find out which rights you are entitled to and how you can assert them at the bottom of this privacy policy.

• Necessity of providing personal data

  • The use of my appointment booking form is necessary if you would like to book an appointment with me online. To book online, you must provide certain mandatory information. If you do not complete the mandatory information, your appointment booking cannot be accepted or processed.

Disclosure of information to third parties

Personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the principle of good faith (Art. 6 para. 2 FADP and Art. 2 Swiss Civil Code).

The disclosure of data to third parties depends on the scope of the activities or offers of my website or business model described below.

As a matter of principle, I only keep your data for as long as necessary and treat it confidentially. Exceptions to this are the transfer of personal data to debt collection service providers, to public bodies and authorities and to private individuals who are entitled to it on the basis of legal provisions, court decisions or official orders, as well as the transfer to authorities for the purpose of initiating legal proceedings or for criminal prosecution purposes if my legally protected rights are challenged.

​

Statistical analysis of visits to this website - web tracker

I collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was retrieved, name of the file, date and time of retrieval, amount of data transferred and notification of the success of the retrieval (so-called web log). I use this access data exclusively in a non-personalised form for the continuous improvement of my website and for statistical purposes.

Any personal data is processed in accordance with the principle of lawfulness (Art. 6 para. 1 FADP) and the principle of good faith (Art. 6 para. 2 FADP and Art. 2 Swiss Civil Code). I also use the following web trackers to analyse visits to my website:

DigitalOcean

I use the DigitalOcean service of the company DigitalOcean, Inc., 101 Avenue of the Americas, 10013 New York, United States, e-mail: contact@digitalocean.com, Website: https://www.digitalocean.com/. Your personal data is transferred to so-called insecure third countries that do not guarantee adequate data protection through their legislation. Your data will only be passed on if suitable data protection is guaranteed. This can be guaranteed in particular by

​

• contracts under international law

• data protection clauses in a contract between the controller or processor and their contractual partner that have been communicated to the FDPIC in advance

• specific safeguards developed by the competent federal body and communicated to the FDPIC in advance

• standard data protection clauses that the FDPIC has approved, issued or recognised in advance, or

• binding corporate rules on data protection that have been approved in advance by the FDPIC or by a data protection authority of a country that guarantees adequate protection

If such guarantees are not in place, your data may only be disclosed if you have given your consent, the disclosure is directly related to the conclusion or fulfilment of a contract, or the disclosure is necessary to enforce claims before courts and authorities or to protect public interests. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF). https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transmission.

The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 6 DSG or Art. 31 para. 2 DSG and Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, which you have given on my website.

DigitalOcean is a cloud computing service via which my website or individual elements of my website are reloaded. The highly scalable solution enables me to offer my website and services to a large number of users, as it ensures that good performance is achieved even at high utilisation rates.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://www.digitalocean.com/legal/privacy-policy/.

Google Cloud Engine

I use the Google Cloud Engine service of Google Ireland Ltd, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail on my website: support-deutschland@google.com, Website: https://www.google.com/. According to the Swiss authorities, processing takes place in safe third countries. You can find Switzerland's list of countries and further information at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - Data Protection Framework). https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transmission.

The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 6 DSG or Art. 31 para. 2 DSG and Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, which you have given on my website.

The service used serves to display my website, as it is the host of my website.

As part of the order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

Gstatic

I use the Gstatic service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail on my website: support-deutschland@google.com, Website: https://www.google.com/. According to the Swiss authorities, processing takes place in safe third countries. You can find Switzerland's list of countries and further information at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - Data Protection Framework). https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transmission.

The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 6 DSG or Art. 31 para. 2 DSG and Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, which you have given on my website.

Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and load required catalogue files in advance. In particular, the service loads background data for Google Fonts and Google Maps.

As part of the order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en.

​

Integration of external web services and processing of data outside the EU

I use active content from external providers, so-called web services, on my website. By accessing my website, these external providers may receive personal information about your visit to my website. Data may be processed outside of Switzerland and the EU. You can prevent this by installing an appropriate browser plugin or deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.

I use the following external web services:

​

Google Fonts

I use the Google Fonts service of Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail on my website: support-deutschland@google.com, Website: https://www.google.com/. According to the Swiss authorities, processing takes place in safe third countries. You can find Switzerland's list of countries and further information at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. Personal data is also transferred to the USA.With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - Data Protection Framework). https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transmission.

The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 6 DSG or Art. 31 para. 2 DSG and Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, which you have given on my website.

I use the Google Fonts service to integrate attractive fonts on my website in order to display my website to you in a visually improved version. The service may also be used on my website if other Google services are loaded on my website that require Google Fonts fonts to run. This is the case, for example, if my website uses Google services that require Google Fonts to run.

The service or I collect the following data for processing purposes: Data on fonts, IP address of the site visitor, statistics on the use of fonts and other data from Google services related to my website.

If the service is activated on my website, my website establishes a connection to the servers of Google Ireland Limited and transmits the required data. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on my website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Google Cloud and Google Ads in accordance with the Google Privacy Policy. You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en.

Sentry

I use the Sentry service of Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, , CA 94105 San Francisco, United States, e-mail: compliance@sentry.io, Website: http://sentry.io/.

Your personal data will be transferred to so-called insecure third countries that do not guarantee adequate data protection through their legislation. Your data will only be passed on if suitable data protection is guaranteed. This can be guaranteed in particular by
 

• contracts under international law

• data protection clauses in a contract between the controller or processor and their contractual partner, which have been communicated to the FDPIC in advance

• specific safeguards developed by the competent federal body and communicated to the FDPIC in advance

• standard data protection clauses that have been approved, issued or recognised in advance by the FDPIC or binding corporate rules on data protection that have been approved in advance by the FDPIC or by a data protection authority of a country that guarantees adequate protection

If such guarantees are not in place, your data may only be disclosed if you have given your consent, the disclosure is directly related to the conclusion or fulfilment of a contract, or the disclosure is necessary for the enforcement of claims before courts and authorities or to protect public interests. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF) https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transmission.

The legal basis for the transfer of personal data is your consent in accordance with Art. 6 para. 6 DSG or Art. 31 para. 2 DSG and Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, which you have given on my website.

The service collects stack traces and information from my site in order to identify and rectify errors and crashes. It also collects data about the affected website visitors.

You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://sentry.io/privacy/.

Wix.com / wixapps.net /wixstatic.com / Parastorage.com

On my website I use the service Wix.com / wixapps.net /wixstatic.com / Parastorage.com of the company Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel, E-Mail: support@wix.com, Website: https://en.wix.com/. According to the assessment of Swiss authorities, the processing takes place in secure third countries. The list of countries in Switzerland and further information can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. Processing also takes place in a third country outside the EU. The Commission has issued an adequacy decision for this third country. On the website of the EU Commission (Link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) you will find a current list of all adequacy decisions.

The legal basis for the transfer of personal data is my legitimate interest in the processing pursuant to Art. 6 para. 1 lit. f GDPR. My legitimate interest lies in achieving the purpose described below.

wix.com is the hoster of my website. I need the integration so that I can show you my website.

With regard to processing, you have the right to object as set out in Art. 21 GDPR. You can find more information at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://de.wix.com/about/privacy.

Information on the use of cookies

Scope of the processing of personal data

I integrate and use cookies on various pages to enable certain functions of my website and to integrate external web services. Cookies are small text files that your browser can store on your access device. These text files contain a characteristic string of characters that uniquely identifies the browser when you return to my website. The process of saving a cookie file is also referred to as ‘setting a cookie’. Cookies can be set both by the website itself and by external web services.

Legal basis for the processing of personal data

Relevant are Art. 6 ff. FADP (principles) and Art. 6 para. 1 lit. f GDPR (legitimate interest) and Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR (consent).

The relevant legal basis can be found in the cookie table listed later in this section.

In general, in the case of cookies that are collected on the basis of a legitimate interest, my legitimate interest is to ensure the functionality of my website and the services integrated on it (technically necessary cookies). In addition, the cookies may increase your user-friendliness and enable a more personalised approach. In this case, I have weighed up your interests against my own.

With the help of cookie technology, I can only identify, analyse and track individual website visitors if the website visitor has consented to the use of cookies in accordance with Art. 6 para. 6 DSG or Art. 6 para. 1 lit. a DSGVO.

Purpose of data processing

The cookies are set by my website or the external web services in order to maintain the full functionality of my website, to improve user-friendliness or to pursue the purpose stated with your consent. Cookie technology also enables me to recognise individual visitors by means of pseudonyms, e.g. individual or random IDs, so that I can offer more personalised services. Details are listed in the table below.

Duration of storage

The cookies listed below are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. Details are provided in the following list:

​

• Cookie name: XSRF-TOKEN

  • Server: .wix.com, www.lialumiere.ch

  • Provider: Website operator

  • Purpose: This cookie is used to protect forms and form data from unauthorised access by third parties. In particular, it provides protection against cross-site request forgery by identifying each request from the client to the server to ensure that the request comes from the client.

  • Legal basis: Legitimate interest

  • Storage duration: Session

  • Type: Security

• Cookie name: __cf_bm

  • Server: .digitaloceanspaces.com

  • Provider: DigitalOcean

  • Purpose: Cloudflare places the __cf_bm cookie on end-user devices that access customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. The cookie contains information to calculate Cloudflare's own bot score and, if anomaly detection is enabled in bot management, a session identifier. The information in the cookie (with the exception of time-related information) is encrypted and can only be decrypted by Cloudflare.

  • Legal basis: Legitimate interest

  • Storage time: approx. 30 minutes

  • Type: Security

• Cookie name: bSession

  • Server: www.lialumiere.ch, wixlabs-wix-faq-11.appspot.com

  • Provider: Wix.com / wixapps.net /wixstatic.com / Parastorage.com

  • Purpose: Used to measure system effectiveness.

  • Legal basis: Consent

  • Storage time: approx. 30 minutes

  • Type: Analytics

• Cookie name: client-session-bind

  • Server: www.lialumiere.ch

  • Provider: Website operator

  • Purpose: This cookie enables me to save individual comfort settings you have selected and to retain them for your current and future visits to the site.

  • Legal basis: Consent

  • Storage duration: Session

  • Type: Configuration

• Cookie name: consent-policy

  • Server: .lialumiere.ch

  • Provider: Website operator

  • Purpose: The cookie is stored after the cookie banner is activated in order to temporarily store the cookie banner settings for the visit to the website.

  • Legal basis: fulfilment of legal obligations

  • Storage duration: approx. 12 months

  • Type: Cookie banner

• Cookie name: hs

  • Server: www.lialumiere.ch

  • Provider: Hubspot (HubSpot, Inc, 25 First Street, 2141 Cambridge, United States of America)

  • Purpose: This cookie assigns an ID to the site visitor and determines statistical data on the site visitor's website visits. This is used to personalise the advertising displayed to the user.

  • Legal basis: Consent

  • Storage duration: Session

  • Type: Marketing

• Cookie name: server-session-bind

  • Server: www.lialumiere.ch

  • Provider: Website operator

  • Purpose: This cookie enables me to save individual comfort settings you have selected and to retain them for your current and future visits to the site.

  • Legal basis: Consent

  • Storage duration: Session

  • Type: Configuration

• Cookie name: ssr-caching

  • Server: www.lialumiere.ch

  • Provider: Website operator

  • Purpose: The cookie ensures that the load distribution on the server can be carried out better.

  • Legal basis: Legitimate interest

  • Storage duration: Session

  • Type: Configuration

• Cookie name: svSession

  • Server: www.lialumiere.ch

  • Provider: Website operator

  • Purpose: This cookie identifies visitors under an ID and tracks a visitor's sessions on a website.

  • Legal basis: Consent

  • Storage duration: approx. 24 months

  • Type: Analytics

Possibility of objection, revocation of consent and deletion

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or to accept cookies in general. Cookies can be used for various purposes, e.g. to recognise that your access device is already connected to my website (permanent cookies) or to save recently viewed offers (session cookies). If you have expressly given me permission to process your personal data, you can revoke this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Data security and data protection, communication by e-mail

Your personal data is protected by technical and organisational measures during collection, storage and processing in such a way that it is not accessible to third parties. In the case of unencrypted communication by e-mail, I cannot guarantee complete data security on the transmission path to my IT systems, so I recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

Duration of data storage and rights of the data subject

Duration of storage

I only store the personal data to the extent and for as long as this is necessary to fulfil the purposes for which the personal data was collected, I have a legitimate overriding interest in storing the data or I am legally obliged to do so.

Right to information

You have the right to request confirmation as to whether I am processing your personal data. If this is the case, you have a right to information about the information specified in 25 ff. FADP or Art. 15 para. 1 GDPR, provided that the information cannot be refused, restricted or postponed by the data controller (cf. Art. 26 f. FADP or Art. 15 para. 4 GDPR). I will also be happy to provide you with a copy of the data.

Right of rectification

In accordance with Art. 32 para. 1 DSG or Art. 16 GDPR, you have the right to demand that incorrectly stored personal data (e.g. address, name, etc.) be corrected, provided that this claim does not conflict with any legal obligation. You can also request the completion of the data stored by me at any time. A corresponding adjustment will be made immediately.

Right to cancellation

Pursuant to Art. 17 (1) GDPR, you have the right to request that I erase the personal data collected about you if
 

• the data is either no longer required;

• the legal basis for the processing no longer applies due to the withdrawal of your consent;

• there are no longer any legitimate grounds for the processing;

• your data is being processed unlawfully;

• a legal obligation requires this.

Pursuant to Art. 17 (3) GDPR, the right does not exist if
 

• the processing is necessary for exercising the right of freedom of expression and information

• your data has been collected on the basis of a legal obligation;

• the processing is necessary for reasons of public interest

• the data is necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing

According to Art. 18 para. 1 GDPR, you have the right to request the restriction of the processing of your personal data in individual cases.

This is the case if
 

• the accuracy of the personal data is disputed by you

• the processing is unlawful and you do not consent to its erasure;

• the data is no longer required for the purpose of processing, but the data collected serves the establishment, exercise or defence of legal claims

• an objection to the processing pursuant to Art. 21 para. 1 GDPR has been lodged and it is still unclear which interests prevail.

Right of cancellation

If you have given me your express consent to the processing of your personal data (Art. 6 para. 6 FADP and Art. 31 para. 1 FADP; Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you can revoke this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. Data for which I am legally obliged to retain will be deleted after the deadline.

Right to object

In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you that has been collected on the basis of Art. 6 para. 1 lit. f GDPR (in the context of a legitimate interest). If you have given me your express consent to the processing of your personal data (Art. 6 para. 6 GDPR and Art. 31 para. 1 GDPR), you can revoke this at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. You only have this right if there are special circumstances that speak against the storage and processing. Data for which I am legally obliged to store will be deleted after the deadline has expired.

How do you exercise your rights?

You can exercise your rights at any time by contacting me using the contact details below:

​

Celia Fässler

Hauptstr. 95

9052 Niederteufen

Schweiz

info@lialumiere.ch

+41774097510

Whatsapp

Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you. I will provide the data in a structured, commonly used and machine-readable format. The data can be sent either to yourself or to a data controller named by you.

I will provide you with the following data on request:
 

• Data collected on the basis of consent (Art. 31 para. 1 FADP and Art. 6 para. 1 let. a GDPR);

• Data that I have received from you as part of existing contracts (Art. 31 para. 2 let. a FADP and Art. 6 para. 1 let. b GDPR and Art. 9 para. 2 let. a GDPR);

• Data that has been processed as part of an automated procedure.

I will transfer the personal data directly to a controller of your choice insofar as this is technically feasible. Please note that I may not transfer data that interfere with the overriding interests of third parties in accordance with Art. 26 para. 1 let. b FADP or Art. 20 para. 4 GDPR, or only to a limited extent.

Notifications to the FDPIC and the right to lodge a complaint

Pursuant to Art. 49 FADP, data subjects may file a complaint with the supervisory authority if there are sufficient indications that data processing may violate data protection regulations. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Further information can be found in the FDPIC's contact form: https://www.edoeb.admin.ch/edoeb/de/home/deredoeb/kontakt.html

If you suspect that your data is being processed unlawfully on my website, you can bring about a judicial clarification of the problem in accordance with Art. 32 FADP. As a rule, an action under Art. 28 ff. ZGB should be sought. If you are affected by the processing of data by federal bodies, the procedure is governed by Art. 41 FADP. You can also contact the FDPIC in this case (see reference to the contact form above).

Right to lodge a complaint with the supervisory authority pursuant to Art. 77 para. 1 GDPR

If you suspect that your data is being processed unlawfully on my website, you can of course seek legal clarification of the issue at any time. You also have every other legal option available to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 para. 1 GDPR. The right to lodge a complaint pursuant to Art. 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority with which the complaint has been lodged will then inform you of the status and outcome of your complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Status 29 March 2025