Version effective as of 01 May 2020.
The term "personal data" in this Policy shall mean any information that identifies or could reasonably be used to identify any person.
If you provide us with personal data of other persons (such as family members, work colleagues, etc.), please make sure the respective persons are aware of this Policy and only provide us with their data if you are allowed to do so and such personal data is correct.
This Policy is in line with the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it may be relevant for us. The Swiss data protection legislation (FADP) is heavily influenced by the law of the European Union. In addition, companies outside of the European Union or the European Economic Area (EEA) must comply with the GDPR in certain cases.
Malarena SA is the operator of the Website www.malarena.com and is therefore responsible for the collection, processing and use of information about you and the compatibility of that data processing with Swiss law.
Malarena SA is a limited liability company based in Switzerland. Full company details, including contact information, can be found here.
2. Collection and Processing of Personal Data.
When you visit our Website our Web Servers automatically log information such as the domain name or IP address of the requesting computer, the date and time of your visit, the filename and URL of any file request and any HTTP response code, the browser type and operating system of the computer and browser you use, and the country and website from which you are visiting.
The collection and processing of this information is for the purpose of enabling the use of our Website, to ensure the long-term security and stability of the system, to optimise our website, and for internal statistical purposes. Furthermore, in case of attacks on our network infrastructure the IP address will be evaluated to help us understand from where the attacks may have originated.
We also provide an optional Information Request form (available under “Contact Us”) on our Website to facilitate contacting us. Information requested on the form is mandatory and includes your Name, Email Address, Subject and Message. The form is delivered to us via Email. We only use the data in this form to answer your specific request in a personal way.
We typically use "cookies" and similar techniques on our Websites, which allow for an identification of your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our Website. If you revisit our Website, we may recognise you, even if we do not know your identity.
If required, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are pre-set to accept cookies.
Cookies simplify the use of websites that require user input. Cookies can also help us to offer you an individualised and relevant surfing experience if you grant your consent to this. If you block cookies, it is possible that certain functions on our Website are no longer available to you.
4. Web Analytics.
Other than the log file analysis mentioned under section 2 above we currently do not use additional Web Analysis tools on our Website.
5. Social Media Plug-Ins.
We use plug-ins from social networks such as Facebook, Twitter and LinkedIn on our Website. This is visible to you typically through “Share” buttons that display the respective company symbols. We have configured these elements to be enabled only when clicked. If you activate them (by clicking on them), the operators of the respective social networks may record that you are on our website and where on our website you are exactly and may use this information for their own purposes. This processing of your personal data lays in the responsibility of the respective operator and occurs according to its data protection regulations. We do not receive any information about you from the respective operator through this process.
6. Data Transfer and Transfer of Data Abroad.
In order to offer you our products and services on the basis of our contractual obligations or legitimate interests, we use service providers and third parties such as service centres, payment providers, logistics, postal and courier companies or IT service providers. If these service providers are processors as per Article 28 GDPR, they will have been carefully selected and work solely in accordance with our instructions. They provide sufficient guarantees for complying with data privacy obligations.
It may be the case that personal data is transferred to recipients within Switzerland, but there may be other organisations located in any country worldwide. In particular, you must anticipate your data may be transmitted to any country in Europe and the USA where some of our service providers are located. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission, which can be accessed here) or binding corporate rules or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned.
7. Retention Periods for Personal Data.
We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymised, to the extent possible.
8. Data Security.
We use appropriate technical and organisational security measures to protect the information that we store about you against manipulation, partial or complete loss and against unauthorised access by third parties.
9. Personal Data required from you.
In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations (as a rule, there is no statutory requirement to provide us with data). Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address)
10. Your rights.
You have the right to receive information about the personal data that we store about you. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as long as there is no statutory storage obligation or an authorisation requirement that allows us to process the data.
You have the right to demand a restriction of data processing and to oppose data processing. You also have the right to reclaim from us the data you have given us. On request, we can also pass the data on to a third party of your choice.
You can contact us for the above purposes via the “Contact Us” form or via the contact details included in Section 1 above. In general, exercising these rights requires that you are able to prove your identity. If exercising certain rights will incur costs on you, we will notify you of these in advance.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner, details of which can be found here.