The Laurenz Foundation registered in Basel, Switzerland (“Laurenz Foundation” or “we”) manages the Schaulager Institution in Münchenstein/Basel, Switzerland (“Schaulager”) and the Schaulager website at www.schaulager.org (“Schaulager website” or “our website”).
This data protection statement explains what personal data we collect and process in connection with the management of Schaulager and the Schaulager website, how and why we do so and the personal data rights of data subjects.
Protection of your personal data is very important to us. We therefore collect and process your personal data in accordance with the applicable data protection law.
This data protection statement meets the requirements of Swiss data protection law and is based on the EU General Data Protection Regulation (GDPR).
1. What are personal data?
“Personal data” means any information relating to an identified or identifiable person, such as their address.
2. Who is the controller?
Laurenz Foundation, Münchenstein/Basel, Switzerland, is the controller for the purposes of the data processing described in this statement. If you have data protection concerns, you can tell us by writing to us at the following address:
3. What personal data are collected and processed?
We mainly process personal data which we collect in order to enter into and perform contracts with visitors, schools, universities, researchers, artists and museums and with service providers, suppliers and other third parties (“Partner(s)”). We also process the personal data of persons who use the Schaulager website (“Users”). These data are collected when Users visit and use the Schaulager website, place online orders and book guided tours via the Schaulager website, use the contact form and register for our newsletter or events. As a rule, personal data are only collected when you voluntarily provide us with the data (for example when you register for the newsletter). Where permitted by law, we also collect personal data from publicly accessible sources (e.g. telephone directories or similar public registers, trade registers, media) or from the internet in general.
4. Why are personal data collected and processed?
We process the personal data we collect as and where necessary for the purpose of taking precontractual measures and entering into and performing contracts (especially in order to discharge contractual obligations). In particular, we use the information you provide to us to process orders placed and provide services booked by you.
We also process the personal data collected as and where necessary to manage Schaulager, discharge statutory obligations, raise invoices and recover payments. Where permitted by law, we may also process personal data provided by you for the following purposes:
- to process general enquiries and enquiries about guided tours, research topics and advertising;
- to stay in contact with you and inform you about our current programme;
- to send out newsletters;
- to manage the Schaulager website;
- to analyse use of the Schaulager website and improve the website functions;
- to assert legal claims;
- to complete legal and official procedures.
5. On what legal basis are personal data collected and processed?
Where personal data need to be processed in order to enter into or perform a contract, data are processed on that legal basis. Personal data are also processed, where necessary and legally permissible, in order to safeguard our legitimate interests or discharge statutory obligations.
If the data subject has consented to processing of their personal data for a specific purpose (e.g. to register for the newsletter), we process the corresponding personal data within the framework of and based on that consent, unless another legal basis exists and is needed.
Consent may be revoked at any time; however, that will not affect previous data processing. In particular, newsletter subscribers can cancel the newsletter at any time, at which point their corresponding personal data will be erased immediately from that directory.
6. Are cookies and other technologies used in connection with our website and newsletter?
Most browsers are preset to accept cookies. However, you can set your browser so that it rejects cookies, only stores them for one session or otherwise deletes them straight away. If you block cookies, certain website functions (e.g. language selection, shopping basket, order processes) may stop working.
By using our website and consenting to receive the newsletter and other marketing emails, you agree to the use of these technologies. If you disagree, you will need to adjust your browser or email settings accordingly.
Schaulager uses MailChimp to send out newsletters. We use the MailChimp service to organise and analyse newsletter mailshots. Messages sent by us via MailChimp contain no third-party tracking other than MailChimp’s own analytics, which can record how many subscribers opened a message or clicked on the embedded link. MailChimp’s data protection guidelines can be found at www.mailchimp.com/legal. If you do not wish to be included in MailChimp analytics, you will need to unsubscribe from the newsletter by clicking on the unsubscribe link at the end of the newsletter. You can also email us at email@example.com and ask for your email address to be updated or deleted from our newsletter directory.
We use a Matomo web analytics application on our website. This application can measure and evaluate traffic on the website (anonymously). It too uses permanent cookies set by the service provider. We do not send the service provider any personal data (and it does not store any IP addresses); however, it can track how you use the website, combine that information with data from other websites which you have visited and which it also monitors and use the knowledge obtained for its own purposes (e.g. to control advertising). If you have registered personally with the service provider, you are also known to the service provider, in which case your personal data are processed by the service provider as the controller, in keeping with its data protection rules. This service provider simply tells us how our website is being used (without providing any information on you personally).
You can prevent cookies from being stored by setting your browser software accordingly. Please note, however, that this may prevent you from using all the website functions. The link to Matomo’s data protection statement can be found at: www.matomo.org/privacy
7. What data security measures do we take?
We take appropriate technical and organisational measures to ensure the security of the personal data which we collect, especially to protect personal data against unauthorised access by third parties and misuse. These security measures are updated in line with the state of the art. Our website and the forms embedded in it use a secure online transmission process known as a secure socket layer or SSL encryption to protect your personal data against unauthorised access and misuse.
8. How long do we store your personal data?
Unless agreed otherwise, as a rule the personal data which we collect are stored only for as long as necessary to perform a contract or for any other purpose for which they are processed and/or for as long as a statutory obligation to retain them or an overriding private interest exists. As soon as the personal data which we collect are no longer needed for the above purposes, they are, as a rule and where possible, erased or anonymised.
9. Are personal data disclosed to third parties and/or abroad?
Where permitted by law and where we consider appropriate, we may disclose the personal data which we collect to third parties (e.g. service providers, suppliers and other Partners) for processing for purposes in connection with our business activities. We are entitled in particular to instruct processors at home or abroad to process personal data and to disclose the personal data which we collect to them for that purpose, provided that they enter into a contract in which they undertake to process the personal data only on our instruction and for our purposes and to comply with this data protection statement and the applicable data protection laws.
Unless we are required to disclose personal data by law or under an official or court order, the personal data which we collect are only disclosed to third parties with the data subject’s consent.
Personal data are only transferred to countries without appropriate data protection laws where suitable contractual guarantees are given or where the law grants an exception, for example for the purpose of consenting to, establishing, exercising or asserting legal claims or performing a contract.
10. Must personal data be provided?
For the purpose of contracts with us, Partners must provide the personal data needed to enter into and perform the contract and discharge the associated contractual obligations. Without the Partner’s personal data, we are unable to enter into or perform a contract with them. As a rule, even the Schaulager website cannot be used without certain information needed for data communication purposes (e.g. IP address). However, as a rule, you are not required by law to provide us with data.
11. What are your rights?
You are entitled, under the laws which protect your personal data to access your personal data and to have them rectified, erased, restricted or transferred at any time, provided we are not required by law to retain your personal data or they are not needed in order to perform a contract.
Consent to data collection and processing can also be revoked at any time, but only for the future.
You may request access, rectification, erasure and restriction, exercise the right to object, revoke consent to data processing and request data transfer at any time by emailing us at firstname.lastname@example.org.
Finally, data subjects are also entitled to complain to the regulator if they believe that their personal data are not being processed lawfully. The Swiss data protection regulator is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
12. What happens if the data protection statement is amended?
By using the Schaulager website, Users consent to the collection and processing of their personal data in keeping with this data protection statement. If the data protection statement forms part of a contractual agreement between us and a Partner, the Partner consents to the collection and processing of their personal data in keeping with this data protection statement on entering into the contract or, where applicable, further to an enquiry addressed to us.
We may amend this data protection statement at any time without prior notice. The latest version published on the Schaulager website applies. By continuing to use the Schaulager website, Users accept the amendments. If the data protection statement forms part of a contractual agreement between us and a Partner, the Partner is advised of amendments by appropriate means.