Privacy Policy
With this Privacy Policy, we inform you about the processing of personal data by Nicolas Lehni (hereinafter "we" or "Nicolas Lehni"). This Privacy Policy applies to all activities and operations of Nicolas Lehni, including the use of our websites and online services. It describes how we collect, process, and use personal data, what rights individuals have, and how these can be exercised. In certain cases, additional privacy policies or other legal documents, such as general terms and conditions (GTC), terms of use, or participation terms, may apply to individual activities or services provided by Nicolas Lehni.
Nicolas Lehni takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Privacy Policy. The use of our website is generally possible without providing personal data. Where personal data (such as names, addresses, or email addresses) is collected on our pages, this is, as far as possible, always on a voluntary basis. This data will not be shared with third parties without your explicit consent. Please note that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against third-party access is not possible.
We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides adequate data protection.
1. Contact Addresses
The entity responsible for processing personal data is, unless otherwise specified:
Nicolas Lehni
Elfenaustrasse 60
3074 Muri
Switzerland
info@nicolaslehni.com
2. Terms and Legal Basis
2.1 Terms
Personal data includes any information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.
Processing includes any handling of personal data, regardless of the means and procedures applied, such as querying, comparing, adjusting, archiving, retaining, reading, disclosing, acquiring, recording, collecting, deleting, disclosing, ordering, organizing, storing, altering, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU), as well as Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO). We process personal data, where and to the extent that the General Data Protection Regulation (GDPR) is applicable, in accordance with at least one of the following legal bases:
Art. 6 (1) (b) GDPR for necessary processing of personal data for the fulfillment of a contract with the data subject as well as for pre-contractual measures.
Art. 6 (1) (f) GDPR for necessary processing of personal data to safeguard our legitimate interests or those of third parties, unless the fundamental freedoms and rights as well as the interests of the data subject override these. Legitimate interests include, in particular, our interest in being able to carry out our activities and operations permanently, user-friendly, securely, and reliably, as well as communicating about them, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
Art. 6 (1) (c) GDPR for necessary processing of personal data to fulfill a legal obligation to which we are subject according to applicable law of the Member States of the European Economic Area (EEA).
Art. 6 (1) (e) GDPR for necessary processing of personal data for the performance of a task carried out in the public interest.
Art. 6 (1) (a) GDPR for processing personal data with the consent of the data subject.
Art. 6 (1) (d) GDPR for necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, Scope, and Purpose
We process the personal data required to carry out our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may particularly include categories of inventory and contact data, browser and device data, content data, meta or margin data, usage data, location data, sales data, as well as contract and payment data. We process personal data for the duration necessary for the respective purpose or purposes, or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.
We may have personal data processed by third parties. We may jointly process personal data with third parties or transfer it to third parties. Such third parties are particularly specialized service providers whose services we use. We ensure data protection with these third parties. We process personal data only with the consent of the data subject unless the processing is permissible for other legal reasons. Processing without consent may be permissible, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, if the processing is evident from the circumstances, or after prior information.
In this context, we particularly process information that a data subject voluntarily provides to us when contacting us – for example, by letter, email, instant messaging, contact form, social media, or phone – or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system), or with comparable tools. If we receive data about other persons, the transmitting persons are obliged to ensure data protection for these persons and to ensure the accuracy of these personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the exercise of our activities and operations, insofar as and as far as such processing is permitted for legal reasons.
4. Applications
We process personal data of applicants required to assess suitability for an employment relationship or to carry out a subsequent employment contract. This includes data requested in job postings, as well as additional information that applicants voluntarily provide in their cover letters, resumes, application documents, and online profiles. In accordance with Art. 9 (2) (b) GDPR, we only process special categories of personal data if they are relevant and necessary for the application process. For job postings and managing applications, we use third-party services such as Personio. We ensure that these providers comply with data protection regulations and have entered into appropriate data processing agreements with them.
Applicants have the right to access, rectify, and delete their data, as well as the right to object to the processing of their data. Applicants may withdraw their consent to data processing at any time. Further information about your data protection rights can be found in our section [6. Data Subject Rights].
5. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, it may occur that we also transfer personal data to other countries or have it processed there.
Personal data is only transferred to countries outside of Switzerland and the EEA if the respective country, in the view of the Swiss Federal Council and – where applicable – the European Commission, ensures adequate data protection.
In countries where adequate data protection is not guaranteed, personal data is only transferred if other protective measures such as standard data protection clauses or similar appropriate guarantees are in place. In exceptional cases, personal data may also be transferred to countries without adequate or appropriate data protection if specific data protection conditions are met, such as the explicit consent of the data subjects or if the transfer is necessary for the conclusion or performance of a contract.
Data subjects may contact us to request further information on security measures or to view a copy of the guarantees.
6. Data Subject Rights
6.1 Data Protection Claims
We grant data subjects all claims under applicable data protection law. Data subjects, in particular, have the following rights:
Access: Data subjects may request information about whether we process personal data about them, and if so, which personal data. Data subjects will also receive the information required to assert their data protection rights and ensure transparency. This includes the processed personal data as such, but also information about the purpose of the processing, the duration of retention, any possible disclosure or export of data to other countries, and the origin of the personal data.
Rectification and Restriction: Data subjects may have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
Deletion and Objection: Data subjects may have personal data deleted ("Right to be Forgotten") and object to the processing of their data with future effect.
Data Release and Transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.
We may postpone, restrict, or deny the exercise of data subjects' rights to the extent legally permissible. We may inform data subjects of any requirements that must be met for the exercise of their data protection rights. For example, we may fully or partially refuse access with reference to trade secrets or the protection of other persons. We may also fully or partially refuse the deletion of personal data by referring to legal retention obligations. We may, in exceptional cases, foresee costs for exercising rights. We inform data subjects of any costs in advance. We are obliged to take reasonable measures to identify data subjects who request access or assert other rights. Data subjects are required to cooperate.
6.2 Right to Complain
Data subjects have the right to assert their data protection rights through legal channels or to lodge a complaint with a competent data protection supervisory authority. The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). Data subjects have – insofar as and to the extent that the General Data Protection Regulation (GDPR) applies – the right to lodge a complaint with a competent European Data Protection Supervisory Authority.
7. Data Security
We are aware of the importance of protecting your personal data and therefore take appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved. This includes measures for access control, data encryption, regular security checks, employee training and awareness, as well as precautions against physical and digital security risks. Access to our website is protected by transport encryption (SSL/TLS) to ensure the security of data transmission. Most web browsers indicate this encryption by a padlock icon in the address bar.
We acknowledge that no digital platform can guarantee absolute security. Our digital communication may potentially be subject to surveillance by security authorities. However, we are committed to taking all legal and practical measures to maximize the protection of your data and minimize unauthorized access and surveillance. In the event of a security incident, we will take appropriate action, including reporting to the relevant authorities and, if necessary, notifying affected individuals. We regularly review and update our security protocols and measures to maintain a high level of protection.
8. Use of the Website
8.1 Cookies
We use cookies on our website, which are files stored on your device to improve usability and enable certain functions. There are first-party cookies set by our website and third-party cookies from external service providers.
Session cookies are temporary cookies that are automatically deleted after you close the browser, while persistent cookies remain on your device for a defined period. We use cookies to store your preferences and to collect statistical data about the use of our website, which helps us improve our services.
Under Swiss data protection law, we are not required to provide a mechanism for disabling cookies. However, we would like to inform you that you have the option to disable cookies at any time, either partially or entirely, in your browser settings, as well as to delete them. Please note that some features of our website may no longer be fully available if cookies are disabled.
For cookies used for marketing purposes or for success measurement, we provide information on general opt-out options through AdChoices, the Network Advertising Initiative (NAI), YourAdChoices, or Your Online Choices (EDAA).
8.2 Server Log Files
We may collect the following information for each access to our website, if transmitted by your browser to our server infrastructure or determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed sub-page of our website including transmitted data volume, last website accessed in the same browser window (referrer or referrer).
We store such information, which may also be personal data, in server log files. The information is necessary to permanently, user-friendly, and reliably provide our website and to ensure data security and thus the protection of personal data – even through third parties or with the help of third parties.
8.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including from third parties whose services we use – are , usually invisible images automatically retrieved when you visit our website. Tracking pixels can capture the same information as in server log files.
9. Notifications and Communications
We send notifications and communications via email and other communication channels, such as instant messaging or SMS.
9.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that capture whether a particular message has been opened and which web links have been clicked. Such web links and tracking pixels may also capture the use of notifications and communications on a personal basis. We need this statistical collection of usage for success and reach measurement to send notifications and communications effectively and user-friendly, as well as permanently, securely, and reliably, based on the needs and reading habits of recipients.
9.2 Consent and Objection
You generally need to explicitly consent to the use of your email address and other contact addresses unless use is permissible for other legal reasons. For any consent, we use the "double opt-in" procedure where possible, meaning you receive an email with a web link that you need to click to confirm, preventing misuse by unauthorized third parties. We may log such consents, including Internet Protocol (IP) address, as well as date and time, for proof and security reasons.
You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can simultaneously object to the statistical collection of usage for success and reach measurement. This does not affect necessary notifications and communications related to our activities and operations.
9.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the individual platform operators apply. These provisions inform data subjects of their rights, such as the right to access, directly against the respective platform.
For our social media presence on Facebook, including the so-called page insights, we are – to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The page insights provide insight into how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and user-friendly.
Further information on the type, scope, and purpose of data processing, as well as information on the rights of data subjects and the contact details of Facebook, including Facebook's Data Protection Officer, can be found in the Facebook Privacy Policy. We have concluded the so-called "Page Controller Addendum" with Facebook, in particular agreeing that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, corresponding information is available on the Page Insights Information page, including Page Insights Data Information.
11. Third-Party Services
To improve the performance, usability, security, and reliability of our activities, we use specialized third-party services. These services may include functions and content integrated into our website. When embedding these services, the providers capture users' IP addresses for technical reasons, but only to the extent and for the duration necessary for providing the service.
Third parties may process data for necessary security purposes, statistical analysis, and technical optimization in aggregated, anonymized, or pseudonymized form. This includes performance and usage data required for offering their services.
11.1 Digital Infrastructure
We obtain the necessary digital infrastructure for our activities and services from specialized third-party providers. This includes hosting and storage services provided by carefully selected providers. We take precautions to ensure that these providers apply reliable security measures and adhere to data protection standards to protect your data.
The services we use may store and process data at locations both within and outside Switzerland and the European Economic Area (EEA). Regardless of the data processing location, we ensure, through contractual agreements with our providers, that your data privacy and security are maintained according to applicable data protection laws.
Using these services requires your consent to the data protection practices and terms of use of the respective providers. We encourage you to review these terms as they contain important information about your data protection rights and how to exercise them.
11.2 Contact Options
To improve our communication with interested parties, as well as potential and existing clients, we rely on services from selected providers for customer relationship management (CRM) and other communication services.
Your consent to the processing of your data by these services is important to us. You have the right to withdraw your consent at any time. We are committed to taking the necessary measures to respect users' rights and protect their data.
1.3 Scheduling
We use specialized third-party services to enable online appointment scheduling, for example, for meetings. In addition to this Privacy Policy, the terms directly visible on the services used, such as terms of use or privacy policies, also apply.
11.4 Advertising
We use the option to display targeted advertising for our activities and operations with third parties such as social media platforms and search engines.
With such advertising, we particularly aim to reach people who are already interested or may be interested in our activities and operations (remarketing and targeting). For this purpose, we may transmit relevant – potentially personal – information to third parties who enable such advertising. We may also determine whether our advertising is successful, i.e., whether it leads to visits to our website (conversion tracking).
Third parties where we advertise and where you are registered as a user may associate the use of our online offerings with your profile there.
12. Success and Reach Measurement
We aim to determine how our online offering is used. In this context, we may, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We may also, for example, test and compare how different parts or versions of our online offerings are used ("A/B testing" method). Based on the results of success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online offerings.
For success and reach measurement, Internet Protocol (IP) addresses of individual users are usually stored. In this case, IP addresses are generally truncated ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.
Success and reach measurement may involve the use of cookies and the creation of user profiles. Any user profiles created may include, for example, individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the – at least approximate – location. In principle, any user profiles created are only created pseudonymously and not used for identifying individual users. Certain third-party services where users are registered may associate the use of our online offerings with the user account or user profile on the respective service.
This Privacy Policy has been created and adapted with due regard to applicable data protection laws and standards and with the assistance of data protection resources and tools, including the data protection generator from Datenschutzpartner. The final responsibility for the content lies with Nicolas Lehni.
We reserve the right to change this Privacy Policy at any time to adapt it to new legal requirements or changes in our data protection practices. Changes will take effect as soon as they are published on our website. We encourage you to regularly review this page for updates. We will inform you of significant changes, where practically possible, for example, via email or a prominently visible notice on our website.
Last updated: 01.10.2024
imagining_my_mom_002.jpg)
imagining_my_mom_003.jpg)
imagining_my_mom_001.jpg)
imagining_my_mom_005.jpg)
imagining_my_mom_006.jpg)
imagining_my_mom_007.jpg)
imagining_my_mom_011.jpg)
imagining_my_mom_008.jpg)
imagining_my_mom_009.jpg)
imagining_my_mom_010.jpg)
imagining_my_mom_012.jpg)
imagining_my_mom_013.jpg)
