1. EARDREAM
The website www.eardream.ch (hereinafter referred to as «Websites») is an offer of the company
EARDREAM (ETH Zurich Decision Neuroscience Lab)
Winterthurerstrasse 190
8057, Zurich
info@eardream.ch
as the owner. On the aforementioned websites, EARDREAM (ETH Zurich Decision Neuroscience Lab) (hereinafter «eardream») provides information about the services offered.
The topic of data protection has a high priority at eardream. Great importance is attached to privacy, the protection of personal data and compliance with applicable data protection regulations. It is important to us that you agree to the processing of your personal data by us. The following data protection regulations explain in more detail how eardream processes personal data. This privacy policy is intended to inform the user of the website about the nature, scope and purpose of the collection and use of personal data by the website operator.
This privacy policy will be updated as necessary due to changes in legal regulations, new technologies and the continuous development of this website. It is recommended that you check the data protection provisions each time you visit the website. By using our web pages, you declare that you agree with the version of our data protection regulations valid at the time of your visit. In the course of processing, your data will be stored on various servers.
2. definitions of terms
The data protection declaration of the eardream AG is based on the terms used by the European Directive and Ordinance Maker when issuing the Data Protection Regulation (DSGVO). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, eardream would like to explain in advance the terminology used. Among other things, the following terms are used in the privacy policy:
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter «data subject»). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject means any identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Profiling
Profiling is any type of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that such personal data can no longer be attributed to a specific data subject without the addition of further information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data has not been attributed to an identified or identifiable natural person.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that such personal data can no longer be attributed to a specific data subject without the addition of further information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data has not been attributed to an identified or identifiable natural person.
Person responsible (for processing)
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States of the European Union, the controller or the specific criteria for its designation may be provided for under Union law or the law of the Member States.
Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States of the European Union shall not be considered as recipients.
Third Party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
3. COLLECTION OF PERSONAL DATA
When accessing the web pages of the eardream, your Internet browser automatically transmits data for technical reasons. The following data is stored separately from other data that you may transmit to us:
– Date and time of access
– Browser type/version
– Operating system used
– URL of the previously visited website
– Amount of data sent
– IP address of the technical device used
– Website from which an accessing system arrives at the eardream website
– Sub-websites that are accessed via an accessing system on our website
– Internet service provider of the accessing system
– Similar data / information for the purpose of danger prevention in the event of attacks on the information technology system of eardream.
When using these general data and information, the eardream does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, to optimize the content of the website and the advertising for it, to ensure the long-term functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the necessary information in the event of a cyber attack. Therefore, the eardream analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection of our enterprise, to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data entered by a data subject.
eardream also processes personal data provided by you:
– Name and first name
– Address (billing address)
– Telephone number(s)
– E-mail address(es)
– Date of birth and age
– Gender (sex)
– Customer information
– Credit card and account information
– Payment information (e.g. invoice date / payment history / any dunning and collection procedures)
– Information on subscribed newsletters, advertising, etc.
– Information on customer satisfaction (contacts / complaints)
– Usage data arising from the use of the websites (e.g. frequency and duration of visits, time and date) or other data required to respond to an inquiry or to process the business relationship. Processing of data also includes obtaining, storing, using, reworking, transmitting, archiving and destroying personal data.
If necessary, external service providers may be used to provide the services offered by eardream. Information on the topic of «External Service Providers & Transfer of Data» can be found under «11. Transfer of Personal» Data.
4. purpose of processing
Your data will be collected and processed for the purpose of providing the services offered by eardream and for the purposes stated below. The processing as well as the collection of the personal data will be carried out to the extent necessary for the respective purpose in each individual case.
Primarily, eardream processes your personal data for the purpose of providing the agreed service. Furthermore, your personal data will be processed for marketing purposes. This includes, for example, sending newsletters, advertising and information, contacting you via various (social media) channels, as well as all other actions and measures that eardream takes in the future as part of marketing campaigns. In addition, the eardream processes your personal data to provide and improve the services offered and to analyze user behavior regarding our websites.
5. deletion of personal data
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
The data of the data subject will be stored on the servers used by eardream until the time when the storage purpose ceases to exist, taking into account any statutory or contractually agreed retention periods, and will then be irretrievably deleted.
6. subscription to the newsletter
On the website of the eardream, users are given the opportunity to subscribe to a newsletter of the company. The personal data transmitted to the controller when the user subscribes to the newsletter shall be specified in the input mask used for this purpose.
The eardream informs customers and business partners at regular intervals by means of a newsletter about enterprise offers. The newsletter of the eardream can basically only be received by the data subject, if the data subject has a valid e-mail address and if the data subject registers for the newsletter mailing. For legal reasons, a confirmation e-mail is sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.
The personal data collected in the context of a subscription to the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to the eardream newsletter can be cancelled by the data subject at any time. The consent for the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in each newsletter. Furthermore, it is also possible to safely unsubscribe from the newsletter mailing directly on the website of the controller at any time or to inform the controller of this in another way.
7 Newsletter Tracking
The newsletters of the eardream contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such e-mails that are sent in HTML format to enable log file recording and log file analysis. This enables statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded tracking pixel, the eardream may see if and when an e-mail was opened by a data subject, and which links contained in the e-mail were called up by the data subject. Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subjects. This personal data will not be disclosed to third parties. Data subjects are entitled to revoke declarations of consent given via the double opt-in procedure at any time. After a revocation, this personal data will be deleted by the controller. The eardream automatically regards a withdrawal from the receipt of the newsletter as a revocation.
8. contact possibility via the websites
Based on statutory provisions, the websites of the eardream contain information that enables a quick electronic contact to our enterprise, as well as direct communication with the eardream, which also includes an e-mail address. If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. No disclosure of this personal data to third parties will take place.
9. blog comment function
The eardream offers users the opportunity to leave individual comments on individual blog contributions within the framework of a blog, which is located on the websites of the responsible party. A blog is a portal on a website, usually publicly viewable, in which one or more persons (blogger / web blogger) can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented on by third parties.
If a data subject leaves a comment in the blog published on the websites, in addition to the comments left by the data subject, information on the time of comment entry and the user name (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned by the Internet service provider (ISP) of the person concerned is also logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties by posting a comment or posts illegal content. The storage of this personal data is therefore in the controller’s own interest, so that the controller can exculpate itself if necessary in the event of an infringement. There will be no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense of the controller.
10. RESPONSIBILITY FOR SECURITY
In the following, we inform you about the handling of your personal data in the context of the eardream websites. If you use one of the websites mentioned under point 1, personal data will be processed.
As the owner of the websites, eardream is responsible for their content and for the use and security of the personal data of the users of these websites. Both the collection and storage, as well as the use of this information, is therefore carried out exclusively within the framework of the legal provisions and – if necessary – only with the appropriate consent on your part. This applies in particular when personal data is collected by us. In order to secure our websites and other systems in use, appropriate technical and organizational measures have been implemented in compliance with legal requirements to protect against the loss, destruction, unauthorized access, alteration or dissemination of personal data by unauthorized persons.
If you have any questions or suggestions on the subject of data protection, please do not hesitate to contact us by e-mail at info@eardream.ch or info@eardream.ch or at the postal address given in the imprint.
11. TRANSFER OF PERSONAL DATA
eardream AG outsources certain processes and tasks to service providers in order to handle complex issues that require special knowledge or cannot be handled internally, or to fulfill contractual agreements, such as hosting our website, analyzing user behavior on our website, etc. We do not share your personal data with third parties. Therefore, data will transfer your data to the following categories of recipients:
– Technical service providers who work for us
– For web analytics and marketing purposes
.
The external service providers are selected with the utmost care to ensure that the security of personal data is guaranteed. When transferring personal data to other countries, we therefore ensure that the applicable laws and regulations are complied with, for example, by entering into agreements to ensure that the recipients of your data maintain an adequate level of data protection.
With the exception of the aforementioned constellation or on the basis of your consent to the processing of personal data, data will only be disclosed to third parties in the following cases:
– Insofar as necessary for legal prosecution, personal data may be forwarded to law enforcement agencies as well as injured parties – in particular in cases of misuse.
– A transfer may take place if this serves to enforce the terms of use or other agreements. In addition, eardream is obliged to provide information upon request from certain public authorities.
12. SEPARATE CONSENT
In certain scenarios, it is necessary to explicitly consent to data processing in order for it to be permissible. Any necessary consent will be requested on the website in each specific case. Consent given for the processing of personal data can be revoked at any time.
The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this. A missing or the complete revocation of consent to the processing of personal data can lead to the fact that the services provided by eardream are no longer available without restriction.
13. REACH MEASUREMENT & COOKIES
The websites operated by eardream use cookies for pseudonymized reach measurement, which are transmitted either from the server of eardream or the server of third parties to the user’s browser. Cookies are small files that are stored on your terminal device. Your browser accesses these files. Numerous websites and servers use cookies, many of which contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.
The use of cookies increases the user-friendliness and security of the website. If you do not agree to cookies being stored on your terminal device for the purpose of range measurement, you can object to their use here:
European or US websites:
http://optout.networkadvertising.org/?c=1#!/
http://optout.aboutads.info/?c=2&lang=EN
The data subject can also prevent the setting of cookies by the eardream website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. Note: There is no guarantee on the part of eardream that all functions of these web pages can be accessed without restrictions if the appropriate setting is made.
14. USE OF PLATFORM TOOLS
Google Analytics & Google Tag Manager
The eardream websites use Google Analytics and Google Tag Manager, web analytics services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter «Google»).
The information generated by Google Analytics & Google Tag Manager by cookie (for a definition of the term cookie, see Art. 6 of this Privacy Policy) about your use of the websites will be transmitted to and stored locally by Google on servers in the United States. You can prevent the collection of data generated by Google cookies and related to your use of the websites (including IP address) and the processing of this data by Google by downloading the available browser plugin under the following link (https://tools.google.com/dlpage/gaoptout?hl=de) and installing it afterwards. On behalf of the website operator, Google will use this information for the purpose of evaluating the use of the website visitor, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics and Google Tag Manager will not be merged with other Google data. For more information, please refer to the following link:
Support Google
Google AdWords
The websites of eardream use Google AdWords from Google. The remarketing function is used. This function is used to present interest-related advertisements to visitors of the website within the Google advertising network. According to its own information, Google does not collect any personal data during this process. For further information on the topic of «Google Remarketing» and Google’s privacy policy, please refer to the following link at http://policies.google.com/technologies/ads?hl=de.
Facebook Pixel
eardream uses «Facebook Pixel» to track users› actions after they have seen or clicked on a Facebook ad. This tool can be used to measure the effectiveness of the Facebook ad in terms of statistics and marketing. The data collected in this way is anonymized, i.e. no personal data of the respective user can be seen. The data is stored and processed by Facebook, about which you have been directly informed by Facebook to the knowledge of eardream. Facebook has the option to link this data to your personal Facebook account and also to use it for its own advertising purposes, in accordance with the Facebook Data Use Policy. For more information on this topic, please see the following link:
https://www.facebook.com/about/privacy
15. USE OF SOCIAL MEDIA PLUGINS
On the Internet pages, the eardream uses so-called social plugins. The plugins are recognizable by the logo of the respective social network.
All plugins used are set up in a 2-click process. This means that the respective plugins are only activated when the provider’s icon is clicked.
When you call up a page of our website that contains an activated plugin, your browser establishes a direct connection to the provider’s servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, certain information is transmitted to the third-party provider and stored by it.
If you are not a member of the corresponding social networks, there is still the possibility that they will learn and store your IP address via the social plugin. If you are logged into one of the social networks, the third-party providers can directly assign the visit to our website to your personal profile on the social network. If you interact with the plugins, for example by clicking the «Like», «+1», «Twitter» or «Instagram» button, the corresponding information is also transmitted directly to a server of the third-party provider and stored there. The information will also be published in the social network, on your Twitter or Instagram account and displayed there to your contacts. The purpose and scope of the data collection and the further processing and use of the data by the third-party providers, as well as your rights in this regard and setting options for protecting your privacy, can be found in the privacy notices of the third-party providers. A list of the plugins we use and further information from the respective providers can be found here:
Solution
Provider
Link
Facebook Facebook Inc.
1601 S. California Ave, Palo Alta, CA 94304, USA Privacy Policy
Plugins
LinkedIn Linkedin Corporation
2029 Stierlin Court, Mountain View, Santa Clara, CA 94043, USA Privacy Policy
Plugins
Twitter Twitter Inc.
795 Folsom St., Suite 600, San Francisco, CA 94107, USA Privacy Policy
Plugins
Vimeo Vimeo LLC
555 West 18th Street, NY, 10011, USA Data protection
Plugins
YouTube YouTube LLC
901 Cherry Ave, San Bruno, CA-94066, USA Privacy Policy
Plugins
Google+ Instagram LLC
1601 Willow Road, Menlo Park, CA-94107, USA
Google LLC
1600 Amphitheatre Parkaway, Mountain View, CA-94043 Data Protection
Plugins
Privacy
Plugins
16. RIGHTS AVAILABLE
The data subject is entitled at any time to the right to confirmation, information, rectification, erasure (right to be forgotten), revocation of consent under data protection law or restriction of the processing of personal data, a right to object to processing and a right to data portability. In addition, you have the right – without prejudice to other administrative or judicial remedies – to report to the competent supervisory authority.
Federal Data Protection and Information Commissioner (FDPIC):
Edoeb Admin
17. data protection in the application procedure
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, e.g. by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted three months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in legal proceedings.
18. legal basis of the processing
Art. 6 I lit. a DSGVO serves eardream as the legal basis for processing operations where consent is obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about products and services of eardream. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DSGVO. In rare exceptional situations (vital interests), the processing is based on Art. 6 I lit. d DSGVO.
Finally, processing operations may be based on Art. 6 I lit. f DSGVO. Processing operations which are not covered by any of the aforementioned legal bases are based on the aforementioned legal basis, if the processing is necessary for the protection of a legitimate interest of eardream or a third party, unless such interest is overridden by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted to eardream in particular because they are explicitly mentioned by the European legislator. Recital 47, sentence 2 of the GDPR assumes a legitimate interest to process personal data if the data subject is a customer of the controller.
19. CHANGES TO THE PRIVACY POLICY
eardream reserves the right to change this Privacy Policy. The most current version of the Privacy Policy is always available at www.eardream.ch/datenschutzerklaerung