Privacy Policy

Summary

 

Last modified: 09/27/2023

1. Introduction

Welcome to www.tribusurbaines.com (hereinafter referred to as the “Site”), a website operated by Tribus Urbaines SA (hereinafter referred to as “We” or “Our” or “Tribus Urbaines”), a brand of inclusive hair salons (specializing in all hair types and textured hair care and styling) promoting self-love, regardless of differences. If you use this site, you are considered a user (hereinafter referred to as “You” or “Your” or “User”). This privacy policy (hereinafter referred to as the “Policy”) governs how we collect, use, store, and disclose information about you when you use this site. This Policy also applies to information collected by third-party services we use to enhance your experience on the Site (hereinafter referred to as “Third-Party Services”).

1.1 Objectives of this Policy

The objectives of this Policy are to inform you about:

  • The types of information we collect
  • How we use this information
  • With whom we share this information
  • Your data protection rights

1.2 What is GDPR?

GDPR, or General Data Protection Regulation (2016/679), is a European Union law that came into effect on May 25, 2018. GDPR aims to give EU citizens full control over their personal data and simplify the regulatory framework for international trade by harmonizing data protection regulations within the EU.

1.3 What is DPA (nouvelle loi fédérale sur la protection des données)?

DPA, or new federal law on data protection, is Swiss legislation on personal data protection. It came into effect on September 1, 2023, with the aim of safeguarding individuals’ privacy and ensuring the secure processing of personal data.

1.4 What Information is Collected

We collect various types of information to provide you with our services. This information may include but is not limited to:

  • Personal data (name, email address, etc.)
  • Browsing data (visited pages, time spent on the site, etc.)
  • Technical data (browser type, IP address, etc.)

2. Contact Information

If you have any questions or concerns about this Policy or how we handle your data, you can contact the data protection officer of Tribus Urbaines:

  • Company Name: Tribus Urbaines SA
  • Address: Avenue Floréal 7, 1006 Lausanne, Switzerland.
  • Representative Name: Mrs. Sylvie Makela Samouiller
  • Phone Number: +41 21 311 33 31
  • Email Address: info@tribusurbaines.com

3. Lawfulness of Processing

In this section, we will explain the legal bases on which we rely for processing your personal data in accordance with the provisions of GDPR and DPA.

The processing of your personal data is based on one or more of the following legal bases:

When you use this Site, you give your consent to the processing of your personal data for specific purposes, as provided in Article 6(1)(a) of GDPR and Article 6(6) of DPA. You have the right to withdraw this consent at any time by contacting us.

3.1.2 Legitimate Interests

We may process your data when it is necessary for our legitimate interests or those of a third party, provided that these interests do not override your rights and interests, as stipulated in Article 6(1)(f) of GDPR and in accordance with the principles set forth in Article 6 of DPA.

3.1.3 Contractual Necessity

Processing of your data may be necessary for the performance of a contract to which you are a party or for taking pre-contractual steps at your request, in accordance with Article 6(1)(b) of GDPR and Article 31 of DPA.

We may process your data when it is necessary to comply with a legal obligation to which we are subject, in accordance with Article 6(1)(c) of GDPR and Article 31 of DPA.

3.1.5 Vital Interests

In situations where a person’s life or health is at stake, we may process personal data if it is necessary to safeguard vital interests, in accordance with Article 6(1)(d) of GDPR and Article 31 of DPA.

3.1.6 Public Interest

We may also process your personal data when such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, in accordance with Article 6(1)(e) of GDPR and Article 31 of DPA.

3.2 Summary

The lawfulness of processing your personal data by Tribus Urbaines is established on several legal bases, including your consent, our legitimate interests, contractual necessity, legal obligations, safeguarding vital interests, and tasks of public interest. Each data processing is aligned with at least one of these legal bases to ensure transparent and appropriate use of your data.

4. Rights of Concerned Individuals

As a User, you have certain rights regarding the processing of your personal data. We are committed to respecting these rights and facilitating their exercise, in accordance with the provisions of GDPR and the Swiss Federal Data Protection Act (FADP).

4.1 Right of Access

According to Article 15 of GDPR and Article 25 of the Swiss Federal Data Protection Act (FADP), you have the right to know if your personal data is being processed, access it, and receive additional information about its use.

4.2 Right to Rectification

Under Article 16 of GDPR and Article 32 of the Swiss Federal Data Protection Act (FADP), you have the right to request the correction of your personal data if it is inaccurate or incomplete.

4.3 Right to Erasure / Right to Be Forgotten

According to Article 17 of GDPR and Article 32(c) of the Swiss Federal Data Protection Act (FADP), you have the right to request the deletion of your personal data under certain conditions, especially when such data is no longer necessary for the purposes for which it was collected.

4.4 Right to Restriction of Processing

According to Article 18 of GDPR, you can request the restriction of the processing of your personal data in certain circumstances, particularly when you dispute the accuracy of such data.

4.5 Right to Data Portability

Under Article 20 of GDPR and Article 28 of the Swiss Federal Data Protection Act (FADP), you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another data controller without hindrance from us.

4.6 Right to Object

According to Article 21 of GDPR, you have the right to object to the processing of your personal data in certain situations, especially when such processing is based on our legitimate interests.

4.7 Right Not to Be Subject to Automated Decision-Making

Under Article 22 of GDPR and Article 21(2) of the Swiss Federal Data Protection Act (FADP), you have the right not to be subject to a decision based solely on automated processing, including profiling, when it has legal effects on you or significantly affects you.

4.8 Summary

You have various rights related to your data: the right of access, the right of rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object, and the right not to be subject to automated decision-making. If you wish to exercise any of these rights, please contact us using the information provided in the “Contact Details of the Responsible Person” section.

5. Data Collection

When you use our Site, various categories of information may be gathered to provide you with an optimal user experience, in line with our service objectives. This data collection is carried out in compliance with GDPR and the Swiss Federal Data Protection Act (FADP).

5.1 Information Provided Directly by the User

When you browse the Site or use certain of our services, you have the option to provide us with data such as your name, email address, phone number, and more. This data collection is done with your consent and is necessary to provide you with our services, in accordance with Article 6(1)(a) of GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

5.2 Information Automatically Collected

When you visit the Site, certain information may be automatically collected, such as your IP address, browser details, operating system, and more. This automatic information collection is aimed at analyzing and improving the quality of our services, in accordance with Article 6(1)(f) of GDPR based on legitimate interest, as well as the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

5.3 Information from Third-Party Services

We may also receive information about you from Third-Party Services we use. This information is collected to better understand our users and improve our Site. This collection is in accordance with Article 6(1)(f) of GDPR based on legitimate interest, as well as the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

If you have questions regarding the collection of your personal data, feel free to refer to the “Contact Details of the Responsible Person” section.

6. Use of Your Personal Data

The personal data we collect is used for various purposes, always in strict compliance with applicable laws. Each use is governed by either GDPR or the FADP to ensure the absolute respect of your rights.

6.1 Communication and Service

We process your data, such as your email address, to communicate with you, keep you informed of our service updates, or respond to your requests. This use arises from our contractual obligation to provide you with the service for which you have registered. It is therefore in accordance with Article 6(1)(b) of GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

6.2 Service Improvement

Automatically collected information, such as those related to your browser or operating system, helps us understand how users interact with our Site. This understanding allows us to enhance our services to better meet your needs. This use is based on Article 6(1)(f) of GDPR regarding legitimate interest and complies with the principles stated in Article 6 of the Swiss Federal Data Protection Act (FADP).

We may also use your data to comply with our legal obligations, for example, to respond to a request from a judicial authority. This use is in accordance with Article 6(1)(c) of GDPR and respects the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

If you have questions regarding the use of your personal data, feel free to refer to the “Contact Details of the Responsible Person” section.

7. Sharing of Your Personal Data

We attach great importance to the privacy of your data. However, in certain situations, it may be necessary to share your personal data. Each sharing is strictly regulated by GDPR and the FADP, ensuring the highest protection of your information.

7.1 Service Partners

We may share your data with third-party partners who assist us in operating the Site, providing our services, or processing transactions on our behalf. These third parties are required to process this data in accordance with the law and in compliance with our commitment to protecting your privacy. This practice aligns with Article 28 of the GDPR and Article 9 of the Swiss Federal Data Protection Act (FADP).

We may be obligated to disclose your data if required by law, when we believe such disclosure is necessary to protect our rights, the safety of others, or to respond to a judicial or governmental request. This practice aligns with Article 6(1)(c) of the GDPR and Article 31 of the Swiss Federal Data Protection Act (FADP).

7.3 International Transfers

If we need to transfer your data outside of the EEA (European Economic Area) or Switzerland, we ensure that these transfers comply with the requirements of the GDPR and the FADP, thus ensuring adequate protection of your data. This practice aligns with Chapter V of the GDPR and Article 16 of the Swiss Federal Data Protection Act (FADP).

7.3.1 EU-US Privacy Shield

The EU-US Privacy Shield is an agreement between the European Union and the United States designed to protect the fundamental rights of individuals whose personal data is transferred from EU member states to the United States. This agreement provides legal protection to companies engaged in such transfers.

The EU-US Privacy Shield was adopted by the European Commission on July 12, 2016, and became effective on August 1, 2016, replacing the previous “Safe Harbor” invalidated by the European Court of Justice in October 2015.

According to Article 45 of the GDPR, the transfer of personal data to a third country, such as the United States, is allowed if the European Commission has determined that the country provides an adequate level of protection. The EU-US Privacy Shield is recognized as offering this level of protection.

In Switzerland, the FADP also recognizes the EU-US Privacy Shield as a valid mechanism for ensuring an adequate level of protection when transferring data to the United States.

For more information on the EU-US Privacy Shield, you can visit the official website.

In summary: The EU-US Privacy Shield is an agreement between the EU and the United States that allows the transfer of personal data from the EU to the United States, provided that companies adhere to certain data protection standards.

If you have any questions regarding the sharing of your personal data, please refer to the “Contact Details of the Responsible Person” section.

8. Data Collected

Our Site uses various technologies to collect and store information when you visit it. This may include the use of cookies or similar technologies to identify your browser or device.

8.1 Cookies

A cookie is a small text file sent to your browser by a website you visit. When you consent, these files are stored on your device to distinguish users of the Site. Cookies are mainly used to enhance the user experience. For example, they make it easier to remember information about your visit, such as your preferred language and other settings, to make your next visit more convenient and useful. You have the option to refuse the use of cookies by modifying your browser settings, although this may affect your ability to use certain features of the Site.

To manage cookies and similar technologies (such as tracking pixels and web beacons) and associated consents, we use the consent management tool called “Real Cookie Banner.” You can get details on how it works by visiting the following link: https://devowl.io/rcb/data-processing/.

Real Cookie Banner uses various cookies to record user consent on the Site. Here is a list of commonly used cookies:

Cookie Name Example Value Purpose Persistence
real_cookie_banner* 1695556215%3A6679e4d8-f483-4d79-b60c-[hash] Stores the Universally Unique Identifier (UUID) allocated to the consent given by the visitor. 1 year
real_cookie_banner-*-tcf COtybnMOpzYcSABABAENAk-AAAqyAAA Stores consent given via the Transparency & Consent Framework (TCF). 1 year
real_cookie_banner-test a3d2e4f5b679c8d9e01f2g3h4i567890 The cookie is set to test whether HTTP cookies can be set. It will be deleted immediately after the test. 1 year

The processing of personal data in this context is based on Article 6(1)(c) of the GDPR and Article 31 of the Swiss Federal Data Protection Act (FADP), as well as Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP). Our legitimate interest lies in the management of cookies and similar technologies, as well as associated consents.

Providing personal data is neither contractually required nor necessary. You are not obliged to provide this data. However, please note that without this personal data, we will not be able to manage your consents.

Cookies come in different types, classified by their origin, function, and lifespan:

  • First-party cookies: Issued by the site you visit. They are often necessary for the proper functioning of the site, such as maintaining your session active during your visit.
  • Third-party cookies: Issued by domains other than the site you visit, such as external analytics tools or social media sharing buttons.
  • Session cookies: Temporary, they are only stored for the duration of your browsing session and disappear when you close your browser.
  • Persistent cookies: Stored on your device for a specified period, even after you close your browser. They are used, for example, to remember user preferences across multiple sessions.
  • Performance cookies: Collect information on how visitors use a website, such as the most visited pages and any error messages. The collected data is anonymous and helps improve the site’s performance.
  • Functionality cookies: Allow the site to remember choices you have made (such as your username, language, or region) and provide enhanced, more personalized features.
  • Targeting or advertising cookies: Used to deliver more relevant advertisements based on your interests. They are also used to limit the frequency at which you see an ad and measure the effectiveness of advertising campaigns.
  • Geolocation cookies: Used to determine the geographic region of your computer, tablet, or phone, enabling the delivery of location-appropriate content or ads.
  • Analytical cookies: Help understand how visitors interact with the website by providing information about visited areas, time spent on the site, and any encountered issues such as error messages.

Here is a concrete example of a cookie used by Google reCAPTCHA on our site:

Cookie Name Value Purpose Persistence Duration
_grecaptcha AQzOHyfRgRjYU1-2f This cookie is used to distinguish humans from automated robots. It helps the site prevent unwanted automated form submissions. Session (disappears when the browser is closed)

Cookies are essential for the proper functioning of a website, and on our Site, they serve the following purposes:

  • Authentication: Some cookies are essential to identify and authenticate users when accessing certain parts of the Site. They ensure that each user only accesses their personal information and maintain the user’s logged-in state throughout their session.
  • Preferences and features: These cookies allow our Site to remember choices you make, such as language, font size, or other display preferences, making your browsing experience more personalized and enjoyable.
  • Analytics: We use analytical cookies to better understand how our visitors use the Site, determine which content and features are most popular, and understand any challenges they may face. This helps us improve the browsing experience and optimize the Site’s functionality.
  • Advertising and targeting: These cookies are used to display relevant ads to users based on their interests. They are also used to limit how often a user sees an ad and to measure the effectiveness of advertising campaigns.
  • Security: Some cookies are essential to ensure the security of users and the Site. They help detect suspicious or fraudulent behavior and provide features such as form validation or protection against brute force attacks.

It is important to note that some cookies are necessary for certain website features to work correctly, while others are used to enhance performance and the user experience.

The retention duration of a cookie varies depending on its type. Session cookies expire when you close the browser, while persistent cookies have a defined expiration date.

You have the option to delete cookies directly from your browser settings. Here’s how to do it for the most commonly used browsers:

  • Google Chrome:
    1. Open Chrome on your computer.
    2. Click the menu icon (three vertical dots) in the upper right corner.
    3. Select More tools, then Clear browsing data.
    4. Choose the time range. To delete everything, select All time.
    5. Check the box for “Cookies and other site data” and click Clear data.

    Google Chrome Official Documentation

  • Safari:
    1. Open Safari.
    2. Choose Preferences from the menu bar, then click the Privacy tab.
    3. Click either Remove All Website Data or Details to delete cookies selectively.

    Safari Official Documentation

  • Firefox:
    1. Open Firefox.
    2. Click the menu icon (three horizontal lines) in the upper right corner.
    3. Select Options, then the Privacy & Security tab.
    4. Go to the “Cookies and Site Data” section and click Clear Data….

    Firefox Official Documentation

  • Internet Explorer:
    1. Open Internet Explorer.
    2. Click the gear icon, then select Internet options.
    3. In the General tab, under Browsing history, click Delete….
    4. Check the box for “Cookies and website data” and click Delete.

    Internet Explorer Official Documentation

  • Microsoft Edge:
    1. Open Microsoft Edge.
    2. Click the menu icon (three horizontal dots) in the upper right corner.
    3. Select Settings.
    4. Scroll down and click Choose what to clear.
    5. Check the box for “Cookies and saved website data” and click Clear.

    Microsoft Edge Official Documentation

Deleting cookies may impact the functionality of some websites and may result in the reset of certain browsing preferences.

The legal basis for using cookies is our legitimate interest in providing and improving the Site for our users, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.1.8 In Summary

Cookies are small text files used to store information about browsers. They are used for features such as authentication, remembering preferences, and analyzing user behavior. You can manage and delete them through your browser settings.

8.2 WordPress Comments

8.2.1 Definition

WordPress Comments is a feature of WordPress that allows users to leave comments on published articles. It provides a platform for interaction between the reader and the content author, as well as among readers themselves.

8.2.2 Purpose

The purpose of WordPress Comments is to facilitate open discussion and encourage feedback on published content. It also helps strengthen community engagement and can provide valuable insights to the author or site administrator.

8.2.3 Data Stored

When you leave a comment on our site, the data you enter in the comment form, along with your IP address and browser user agent, are collected to assist us in detecting unwanted comments.

8.2.3.1 Cookies Used by WordPress Comments

WordPress Comments uses various cookies to function properly and enhance the user experience. Here is a list of commonly used cookies:

Cookie Name Example Value Purpose Persistence
comment_author_[hash] JohnDoe Stores the name of the comment author to pre-fill the field on subsequent visits. 1 year
comment_author_email_[hash] john.doe@example.com Stores the email address of the comment author to pre-fill the field on subsequent visits. 1 year
comment_author_url_[hash] http://example.com Stores the URL of the comment author’s website to pre-fill the field on subsequent visits. 1 year

8.2.4 Data Retention

Comments and their metadata are retained indefinitely. This allows for the automatic recognition and approval of subsequent comments instead of leaving them pending moderation.

8.2.5 How to Delete or Prevent Data Storage

You have the right to request the deletion of your comments at any time. To do so, please contact us. However, please note that deleting your comment may impact ongoing discussions.

The legal basis for processing this data is based on Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP), which permit data processing for the legitimate interests pursued by the data controller or a third party.

8.2.7 In Summary

WordPress Comments is a feature of WordPress that allows users to leave comments. The collected data includes information from the form, IP address, and user agent. This data is retained indefinitely but can be deleted upon request.

8.3 WordPress Emojis

8.3.1 Definition

WordPress Emojis are small icons or symbols used to express an emotion or idea. WordPress, whose responsible entity is Automattic Inc., based at 60 29th Street #343, San Francisco, CA 94110, United States, provides its own version of standard emojis typically found on mobile devices.

8.3.2 Purpose

WordPress Emojis allow users and content authors to add a visual touch to their posts and comments to better express their emotions or reinforce their message.

8.3.3 Data Stored

No personal data is stored by WordPress Emojis. However, to display these emojis, WordPress may use external servers.

8.3.3.1 Loading External Data

Files related to WordPress Emojis are stored on the servers of WordPress’s parent company, Automattic Inc., in the United States. Therefore, when you use or display WordPress Emojis, some data, such as your IP address, may be transmitted and stored in the United States. Under data protection laws, this may have legal implications regarding the cross-border transfer of personal data.

When processing data outside the European Union (especially in the United States), WordPress relies on “Standard Contractual Clauses” (in accordance with Article 46, paragraphs 2 and 3 of the GDPR and Article 16 of the Swiss Federal Data Protection Act (FADP)). Standard Contractual Clauses (SCC) are models provided by the European Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries like the United States. Through these clauses, WordPress commits to respecting the European data protection level when processing your data, even if it is stored, processed, and managed in the United States.

It’s also important to note that Automattic Inc. is self-certified under the Trans-Atlantic Data Privacy Framework, ensuring secure data processing in the United States. To learn more about this framework, you can visit the official Privacy Shield website.

We encourage users to review Automattic Inc.’s privacy policy to learn more about how they handle data.

8.3.4 Data Retention

Since no personal data is stored by WordPress Emojis, there is no specific data retention period for this data.

8.3.5 How to Delete or Prevent Data Storage

To ensure an optimal experience while respecting your privacy preferences, we have provided a privacy settings feature on our site. If you wish to prevent the loading of WordPress Emojis, simply go to the privacy menu at the top of this page and disable items in the “Functional” group. This will block the loading of emojis and ensure your privacy preferences are respected.

The legal basis for using WordPress Emojis depends on the specific use of data. In most cases, the use is based on the legitimate interest of the website to enhance the user experience. However, this may vary depending on local regulations and specific site policies.

8.3.7 In Summary

WordPress Emojis are icons used to express emotions. No personal data is stored, but external URLs may be loaded, which can transmit data such as the IP address. This feature can be disabled via WordPress settings.

8.4 Gravatar

8.4.1 Definition

Gravatar is a globally recognized avatar management service associated with an email address. This service is provided by Aut O’Mattic A8C Ireland Ltd., with its European headquarters located at Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. It is widely integrated into many platforms, including WordPress, allowing users to display the same avatar image on different websites and forums.

8.4.2 Purpose

The primary purpose of Gravatar is to provide a unified way for internet users to display a representative image or avatar associated with their email address. This enables easier and consistent recognition of contributors on blogs, forums, and other online platforms.

8.4.3 Data Stored

When you use Gravatar, your email address (hashed for privacy), along with any image you upload as an avatar, is stored. If you add additional information to your Gravatar profile, such as a display name or biography, this data is also collected.

8.4.4 Data Retention

The data stored by Gravatar, such as the avatar and associated email address (in hashed form), is retained as long as the Gravatar account is active. Users can update or delete their avatar or other profile information at any time.

8.4.5 How to Delete or Prevent Data Storage

To avoid using Gravatar, do not link your email address to a Gravatar account or refrain from using platforms that integrate Gravatar. If you already have a Gravatar account and wish to delete or obtain information about your data, contact us directly or manage your account on the Gravatar website.

The data processed by Gravatar is based on the individual’s consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). For more information on how Gravatar processes your data, please refer to their privacy policy.

8.4.7 In Summary

Gravatar is a service that allows users to have a universal avatar image associated with their email address. Data is retained as long as the Gravatar account is active and can be modified or deleted upon request or through account management on the Gravatar website.

8.5 Google Maps

8.5.1 Definition

Google Maps is an online mapping service offered by Google Ireland Limited, with its European headquarters located at Gordon House, Barrow Street, Dublin 4, Ireland. This service enables users to search for places, obtain directions, and explore interactive maps.

8.5.2 Purpose

The goal of Google Maps is to provide accurate geographical information to users, help them find places, plan routes, and visualize maps for a better understanding of locations.

8.5.3 Data Collected

Google Maps collects various data, including the user’s location, search queries, planned routes, and information about visited places. This data can be used to improve the quality of the service and personalize recommendations.

Google Maps uses different cookies to enhance the user experience and provide essential functionality. Here is an overview of cookies used by Google Maps:

Cookie Name Host Purpose Persistence
NID .google.com Stores authentication information to customize the user’s experience. 6 months
__Secure-3PSIDCC .google.com Used for targeted advertising based on the user’s browsing history. 1 year
__Secure-1PSIDCC .google.com Used for targeted advertising based on the user’s browsing history. 1 year
SIDCC .google.com Stores authentication information to improve user security. 1 year
__Secure-3PAPISID .google.com Used to personalize advertising based on user interests. 13 months
SSID .google.com Stores authentication information to personalize the user’s experience. 13 months
__Secure-1PAPISID .google.com Used to personalize advertising based on user interests. 13 months
HSID .google.com Stores authentication information to improve user security. 13 months
__Secure-3PSID .google.com Used for targeted advertising based on the user’s browsing history. 13 months
__Secure-1PSID .google.com Used for targeted advertising based on the user’s browsing history. 13 months
SID .google.com Stores authentication information to improve user security. 13 months
SAPISID .google.com Stores authentication information to personalize the user’s experience. 13 months
APISID .google.com Stores authentication information to personalize the user’s experience. 13 months
CONSENT .google.com Stores the user’s consent for the use of cookies. 13 months
__Secure-ENID .google.com Used to personalize advertising based on user interests. 13 months
AEC .google.com Stores authentication information to personalize the user’s experience. 6 months
8.5.3.2 Loading External Data

When you use Google Maps, data such as maps and images may be downloaded from Google’s servers. This data may be transferred to Google’s servers, including those located in the United States. Google is committed to complying with data protection standards when processing this information.

For more information on Google’s privacy policy, please refer to Google’s privacy policy.

8.5.4 Data Retention

Data collected by Google Maps may be retained for improving future services, but it is not stored indefinitely. Google may set its own data retention policy.

8.5.5 How to Delete or Prevent Data Storage

If you wish to prevent Google Maps from tracking your activities on this site or other sites and want to control these interactions or limit data collection, here are some measures you can take:

  • Preferences on our site: To personalize your experience while preserving your privacy, we offer a privacy menu on our site. If you prefer to prevent the use of Google Maps, you can access the privacy menu at the top of this page and disable the elements associated with the “Google Maps” service in the “Functional” group.
  • Your browser settings: Most browsers provide options to manage stored data, including the ability to block specific elements. Please refer to your browser’s documentation to learn more about managing stored data.
  • Browser settings: Most browsers offer the option to disable cookies or only disable specific cookies. Additionally, browsers allow you to delete already installed cookies. Please note that you need to configure settings separately for each browser and each computer you use. How to adjust these settings varies from one browser to another. Here’s how you can do it for different browsers:

Please note that disabling cookies may affect some functions of our site.

The legal basis for using Google Maps is the individual’s consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

8.5.7 In Brief

Google Maps is an online mapping service that allows users to search for places, obtain directions, and explore interactive maps. It may collect data to improve the service, but users have options to limit data collection if they wish.

8.6 Google Tag Manager

8.6.1 Definition

Google Tag Manager is an online tag management service offered by Google Ireland Limited, with its European headquarters located at Gordon House, Barrow Street, Dublin 4, Ireland. It allows website owners to easily manage and deploy tags on their site without the need to modify the source code. Tags are snippets of JavaScript code used to collect data on user behavior and integrate third-party analytics tools.

8.6.2 Purpose

The purpose of Google Tag Manager is to simplify the process of managing tags on a website. It enables site administrators to configure, update, and deploy tags quickly, facilitating data collection for site analysis and other marketing objectives.

8.6.3 Data Stored

Google Tag Manager can collect data related to site usage, including information about user interactions with site content and features. However, Google Tag Manager does not directly record personal data about users unless such information is included in the tags configured by site owners.

8.6.3.1 Tag Settings

Google Tag Manager allows for the configuration of various tags, each with a specific purpose. Here is an overview of commonly used tag types and their purposes:

 

Tag Name Purpose
Website Analyzer (e.g., Google Analytics) Collects data on user behavior for analysis purposes.
Conversion Tracking Pixel (e.g., Facebook Pixel) Tracks user actions after clicking on ads to measure advertising campaign effectiveness.
Live Chat Integration Enables real-time communication with site users.

8.6.4 Data Retention

Data collected by Google Tag Manager is typically retained for the duration necessary to achieve the purpose for which it was collected. The data retention period depends on the specific settings configured in each tag. Website owners are advised to establish appropriate data retention policies for their tags.

8.6.5 How to Delete or Prevent the Use of Google Tag Manager

If you wish to prevent the use of Google Tag Manager on this site or other sites, you have several options:

  • Site Preferences: Disable this option from the privacy menu at the top of this page and deactivate elements in the “Marketing” group.
  • Browser Extensions: Use browser extensions to control or block trackers, such as uBlock Origin or Ghostery.
  • Browser Settings: Most browsers offer the option to disable cookies or only disable specific cookies. Additionally, browsers allow you to delete already installed cookies. Note that you need to configure settings separately for each browser and computer you use. How to adjust these settings varies from one browser to another. Here’s how you can do it for different browsers:

<h4″ id=”legal-basis-for-facebook-pixel”>8.6.6 Legal Basis

The legal basis for the use of Google Tag Manager depends on the specific purposes for which it is used. Generally, individual consent may be required for the collection of personal data through tags configured in Google Tag Manager, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss FDPA. Additionally, the legitimate interest of the website owner in improving the accuracy of their marketing campaigns may also serve as a legal basis, in accordance with Article 6(1)(f) of the GDPR and the principles set out in Article 6 of the Swiss FDPA.

8.6.7 In Summary

Google Tag Manager is a convenient tool for managing tracking tags on a website. It simplifies tag management without requiring frequent source code modifications. Site owners can configure various tags to achieve different objectives, but they must ensure the privacy of users and compliance with applicable data protection laws.

8.7 Google Analytics

8.7.1 Definition

Google Analytics is a web analytics service offered by Google Ireland Limited, with its European headquarters located at Gordon House, Barrow Street, Dublin 4, Ireland. It allows tracking, reporting, and analysis of website traffic. Google uses the collected data to monitor and analyze the use of our service.

8.7.2 Purpose

The purpose of Google Analytics is to analyze the flow of visitors to our site, better understand their preferences, and thereby enhance the user experience. This analysis helps us refine the content of our site and adapt our marketing strategies.

8.7.3 Data Stored

Google Analytics collects various types of data, including IP address, browser type, time spent on the site, pages visited, and more. This data is collected using cookies.

Google Analytics uses different cookies to track and analyze user behavior on our website. Here is an overview of the cookies used by Google Analytics and their purposes:

Cookie Name Host Purpose Persistence
_ga .tribusurbaines.com Used to distinguish users. 2 years
_gid .tribusurbaines.com Used to distinguish users. 24 hours
_gat .tribusurbaines.com Used to limit the request rate. 1 year
AMP_TOKEN .tribusurbaines.com Contains a token that can be used to retrieve a client ID from the AMP Client ID server. 1 year
_gac_* .tribusurbaines.com Contains user-related information about the ad that was displayed, such as the campaign group, ad information, and keywords. 90 days
_gat_gtag_* .tribusurbaines.com Used to limit the request rate. 1 minute
8.7.3.2 Loading External Data

When you visit our website, files from external servers may also be downloaded. In the case of Google Analytics, these servers belong to Google Inc. When you access our site, your data may be transferred to the United States. In this regard, Google uses standard contractual clauses to ensure a level of data protection equivalent to that of Europe. These clauses ensure that Google, even when processing your data in the United States, adheres to the European data protection level.

For more information, you can refer to Google’s privacy policy.

8.7.4 Data Retention

Data collected by Google Analytics is retained for 26 months. After this period, the data is automatically deleted.

8.7.5 How to Delete or Prevent Data Storage

If you want to prevent Google Analytics from tracking your activities on this site or other sites, you have several options:

  • Site Preferences: You can disable this option from the privacy menu at the top of this page and disable elements in the “Statistics” group.
  • Browser Extensions: You can use the “Google Analytics Opt-out Browser Add-on” developed by Google to disable Google Analytics.
  • Browser Settings: Most browsers offer the option to disable cookies or only disable certain cookies. Additionally, browsers allow you to delete already installed cookies. Note that you need to configure settings separately for each browser and computer you use. How to adjust these settings varies from one browser to another. Here’s how you can do it for different browsers:

Please note that if you disable cookies, some functions of our site may not work correctly.

The legal basis for using Google Analytics is individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). It also relies on the legitimate interest in analyzing the behaviors of visitors to our site to improve our service, both technically and economically, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.7.7 In Summary

Google Analytics is an analytical tool that helps us understand how visitors interact with our site. It uses cookies to collect data, which is then analyzed. The data is retained for 26 months, and users can avoid tracking by using a disabling browser add-on.

8.8 Facebook Pixel

8.8.1 Definition

The Facebook Pixel is an analytics tool offered by Meta Platforms Limited (formerly known as Facebook Inc.), with its European headquarters located at 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. It allows for measuring the effectiveness of advertisements by tracking actions taken by individuals on a website. Website owners can obtain data that helps them deliver ads to people likely to be interested, providing a better user experience.

8.8.2 Purpose

Facebook Pixel is used to understand and analyze visitor behavior on the site, optimize Facebook ads, create target audiences for ads, and ensure that ads are shown to the right people.

8.8.3 Stored Data

Facebook Pixel collects information about users, such as pages visited, actions taken on the site, and other information derived or provided by the visitor. This data can be used to target ads on Facebook or other platforms.

The Facebook Pixel uses cookies to collect information about users and their interactions with the site. Here is a non-exhaustive list of cookies used by the Facebook Pixel:

Cookie Name Host Purpose Persistence
_fbp .tribusurbaines.com Used by Facebook to provide a range of advertising products. 3 months
fr .facebook.com Used by Facebook to provide a range of advertising products. 3 months
c_user 012345678901234 Stores the Facebook user ID. 1 month
datr .facebook.com Identifies browsers for security and site integrity purposes. 2 years
spin .facebook.com Used for security purposes. 1 day
wd .facebook.com Stores browser window dimensions and is used by Facebook to optimize rendering performance. 7 days
presence .facebook.com Indicates whether the user is logged into Facebook. Session
xs .facebook.com Maintains user session. 1 year
sb .facebook.com Used by Facebook to improve friend suggestion. 2 years
act .facebook.com Records time spent on each page. Session
8.8.3.2 Loading of External Data

For tracking and analysis purposes, our website integrates external content provided by Facebook. When you visit our website, your browser establishes a direct connection with Facebook’s servers, allowing Facebook to collect information about your visit to our site. This integration enables Facebook to know that your browser has accessed a specific page on our site, even if you do not have a Facebook profile or are not currently logged into Facebook.

The “Facebook Pixel” service relies on servers operated by Meta Platforms Limited. When you visit our website, your browser establishes a direct connection with this company’s servers. The content of the pixel is directly transferred to your browser, which integrates it into the site. We have no influence over the scope of data collected and stored by Meta Platforms Limited via the Facebook Pixel.

It’s worth noting that Meta Platforms Limited is self-certified under the Trans-Atlantic Data Privacy Framework for secure data processing in the United States. This certification ensures that the company adheres to strict data protection and privacy standards when processing data outside of the European Economic Area.

When it comes to processing data outside the European Union (especially in the United States), Facebook relies on “Standard Contractual Clauses” (in accordance with Article 46, paragraphs 2 and 3 of the GDPR and Article 16 of the Swiss Federal Data Protection Act (FADP)). Standard Contractual Clauses (SCC) are templates provided by the European Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries like the United States. Through these clauses, Facebook commits to maintaining a European level of data protection when processing your data, even if it’s stored, processed, and managed in the United States.

Data Retention

Data collected by the Facebook Pixel is stored and processed by Meta Platforms Limited, primarily in the United States. The retention period for this data may vary, but Meta Platforms Limited typically commits to deleting or anonymizing all personal identifier data after 180 days.

For more information on how Meta Platforms Limited processes your data, please refer to the Facebook Privacy Policy.

8.8.5 How to Delete or Prevent Data Storage

If you wish to prevent the loading and storage of data by Facebook Pixel, you can:

  • Site Preferences: Disable this option from the privacy menu located at the top of this page and disable items in the “Marketing” group.
  • Browser Extensions: Use browser extensions to control or block trackers, such as uBlock Origin or Ghostery.
  • Browser Settings: Most browsers offer the option to disable cookies or only disable certain cookies. Additionally, browsers allow you to delete already installed cookies. Note that you must configure settings separately for each browser and computer you use. How to adjust these settings varies from one browser to another. Here’s how you can do it for different browsers:
  • Facebook Settings: If you are a Facebook user, you can adjust your ad settings from Facebook Ad Preferences. There, you can see the information Facebook uses to show you ads and choose to opt out of using this information for targeted advertising.

The use of Facebook Pixel for tracking conversions and optimizing advertising campaigns is based on individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). It also relies on the legitimate interest of the website owner in improving the accuracy of its marketing campaigns, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.8.7 In Summary

Facebook Pixel is an analytics tool that helps measure advertising effectiveness, optimize advertising campaigns, and target users with relevant ads.

8.9 Google Fonts

8.9.1 Definition

Google Fonts is a service provided by Google Ireland Limited, whose European headquarters is located at Gordon House, Barrow Street, Dublin 4, Ireland. This service allows for the integration of fonts directly into a web page. The fonts are hosted on Google’s servers and are integrated into the site via a link pointing to this service.

8.9.2 Purpose

The purpose of using Google Fonts is to enhance the visual presentation of our website. The use of consistent fonts helps maintain a consistent site appearance for all users, regardless of the device used to access the site.

8.9.3 Data Stored

When using Google Fonts, certain data, such as the user’s IP address, may be transmitted to Google’s servers in the United States. This is necessary for fonts to be provided and integrated into the website.

8.9.3.1 Loading of External Data

Google Fonts is a service provided by Google LLC, a company based in the United States. Therefore, when using this service, data may be transferred to Google’s servers located in the United States.

Data protection standards in the United States do not meet the same criteria as those of the European Union. However, Google LLC has committed to adhering to EU Standard Contractual Clauses, thereby ensuring an adequate level of data protection. These clauses require Google to maintain a data protection level in line with European standards, even when data is processed in the United States.

For more information on how Google processes data, you can refer to the Google Privacy Policy.

8.9.4 Data Retention

Google retains usage data and user information from Google Fonts for a limited period. This data is used for service optimization and maintenance purposes.

8.9.5 How to Delete or Prevent Data Storage

While Google Fonts does not directly store cookies on your device, it can influence how other third-party services interact with your browser. If you wish to limit these interactions, there are several measures you can take:

  • Preferences on our site: To ensure an optimal experience while respecting your privacy preferences, we have provided a privacy settings feature on our site. If you wish to prevent the loading of Google Fonts, simply go to the privacy menu at the top of this page and disable items in the “Functional” group.
  • Your browser settings: Most browsers allow you to choose what data is stored and for how long. Refer to your browser’s documentation to learn how to manage stored data.
  • Browser extensions: There are extensions available for most browsers that allow you to block third-party trackers, including those associated with Google Fonts. Here are some of the most popular ones:

The use of Google Fonts to enhance the aesthetics of the website is based on individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). It also relies on the legitimate interest of the website owner in enhancing the user experience, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.9.7 In Summary

Google Fonts allows us to use specific fonts on our website. During the visit to our site, certain data may be transmitted to Google for font display.

8.10 Google reCAPTCHA

8.10.1 Definition

Google reCAPTCHA is a service provided by Google Ireland Limited, whose European headquarters is located at Gordon House, Barrow Street, Dublin 4, Ireland. This service helps protect websites from spam and abuse. It uses advanced risk analysis and adapts to real-time challenges to distinguish between humans and robots.

8.10.2 Purpose

The primary purpose of Google reCAPTCHA is to determine whether interactions on your website come from malicious robots or legitimate human users. This contributes to website security and enhances the user experience.

8.10.3 Data Stored

Google reCAPTCHA collects IP addresses and may collect other user browsing-related information to determine whether it’s a robot or a human user. This information is processed by Google.

Google reCAPTCHA uses multiple cookies to function correctly and provide its robot protection services. Here is a non-exhaustive list of cookies used by Google reCAPTCHA:

Cookie Name Host Purpose Persistence
_grecaptcha .google.com Used to distinguish between humans and robots. Session
SSID .google.com Stores authentication information. 2 years
HSID .google.com Stores authentication information. 2 years
SID .google.com Stores authentication information. 2 years
SIDCC .google.com Performance and security measurement. 1 year
__Secure-3PAPISID .google.com Profiling for personalized advertising. 2 years
SAPISID .google.com Profiling for personalized advertising. 2 years
APISID .google.com Profiling for personalized advertising. 2 years
__Secure-3PSID .google.com Profiling for personalized advertising. 2 years
1P_JAR .google.com Transfers data for advertising purposes. 1 month
CONSENT .google.com Records user consent. 18 years
NID .google.com Customizes ads in Google services. 1 year
SEARCH_SAMESITE .google.com Ad effectiveness measurement. 6 months
8.10.3.2 Loading of External Data

Google reCAPTCHA is a service by Google Inc., with servers located in the United States. Therefore, data collected by reCAPTCHA is transmitted and stored on Google servers located in the United States.

To ensure an adequate level of data protection when transferring this data to the United States, Google uses standard contractual clauses, in accordance with Article 46, paragraphs 2 and 3 of the GDPR. These standard contractual clauses are templates provided by the European Commission to ensure that personal data transferred outside the EEA benefits from an appropriate level of protection.

By using these clauses, Google commits to maintaining a level of data protection in line with European standards, even when data is processed in the United States. This approach is based on an implementing decision of the European Commission.

For more information on how Google processes data, including data collected by reCAPTCHA, you can refer to the Google Privacy Policy.

8.10.4 Data Retention

Data collected by Google reCAPTCHA is retained in accordance with Google’s Privacy Policy. It is recommended to consult this policy for specific details on the retention period.

8.10.5 How to Delete or Prevent Data Storage

Google reCAPTCHA is an essential security service for most websites to prevent malicious automated actions. However, if you wish to limit interaction with Google reCAPTCHA, here are some steps you can take:

  • Site Preferences: You can disable reCAPTCHA directly from our site. To do this, go to the privacy menu at the top of this page and disable elements in the “Functional” group. However, this action may degrade your user experience as it may result in additional security challenges during interactions on the site.
  • Disable Third-Party Cookies: Disabling third-party cookies in your browser settings will prevent reCAPTCHA and other services from storing cookies on your device. Here’s how you can do it for different browsers:
  • Use a Script Blocker: There are browser extensions like NoScript that allow you to control the execution of JavaScript scripts, which reCAPTCHA relies on.
  • Privacy Extensions: There are several extensions that block various trackers and scripts to enhance privacy, such as:

Please note that disabling or blocking reCAPTCHA may affect the functionality of certain websites and may result in the inability to access certain parts or features of these sites.

The use of Google reCAPTCHA is based on individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). It also serves the legitimate interest of protecting the website from malicious activities, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.10.7 In Brief

Google reCAPTCHA protects the website from malicious bots by analyzing user behaviors. The collected data is retained in accordance with Google’s policy, and measures can be taken to control or block this collection.

8.11 Contact Form 7

8.11.1 Definition

Contact Form 7 is a WordPress plugin that allows easy integration of contact forms on websites. It offers advanced customization while remaining user-friendly.

8.11.2 Purpose

The primary purpose of Contact Form 7 is to provide an efficient means for website visitors to communicate with site owners or administrators, whether for inquiries, suggestions, or feedback.

8.11.3 Data Stored

When you fill out a form created with Contact Form 7, the data you enter (such as your name, email address, subject, and message) is collected. This data is transmitted to the form’s recipient (usually the site administrator) for processing.

8.11.4 Data Retention

Data submitted via Contact Form 7 is typically stored for a duration determined by the site administrator, based on the specific needs of each site and the purpose of the form.

8.11.5 How to Delete or Prevent Data Storage

To avoid submitting your data via Contact Form 7, do not fill out and submit the form on the site. If you have already submitted data and wish to delete it or obtain more information about it, contact us directly.

Data processed via Contact Form 7 is based on individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

8.11.7 In Brief

Contact Form 7 is a WordPress form plugin. It collects information entered into the form and transmits it to the site administrator. Data retention is determined by the site’s needs and can be deleted upon request.

8.12 Instagram

8.12.1 Definition

Instagram is a photo and video sharing platform owned by Meta Platforms Inc., formerly known as Facebook Inc., with its European headquarters located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Instagram allows users to post, share, and interact with visual content, as well as communicate with other users.

8.12.2 Purpose

The purpose of Instagram is to enable users to share their lives through images and videos, connect with others, and discover visual content. It also serves as a marketing platform for businesses and content creators.

8.12.3 Data Collected

Instagram collects various data, including posts, interactions, profile information, preferences, browsing activities, and location data when the user enables this feature. This data is used to personalize content, display targeted ads, and enhance the user experience.

Instagram uses different cookies to provide an optimal user experience and essential features. Here’s an overview of the cookies used by Instagram:

Instagram uses different cookies to provide an optimal user experience and essential features. Here’s an overview of the cookies used by Instagram:

Cookie Name Host Purpose Persistence
csrftoken .instagram.com Used to prevent Cross-Site Request Forgery (CSRF) attacks. 1 year
sessionid .instagram.com Session identifier for user authentication. 1 year
rur .instagram.com Routing identifier to manage traffic distribution. Session
urlgen .instagram.com Used to ensure efficient navigation on the platform. 1 year
mid .instagram.com User identifier to personalize content. 13 months
shbid .instagram.com Used to identify the user’s browser and provide security features. 7 days
shbts .instagram.com Used to secure user interactions with the platform. 7 days
ds_user_id .instagram.com User identifier to personalize content. 3 months
ig_did .instagram.com Used to track visits by Instagram users. 1 year
8.12.3.2 Loading of External Data

When you use Instagram, data such as images, videos, and content shared by other users is downloaded from Instagram’s servers. This data may be stored in the United States or in other countries where Instagram operates. Instagram implements measures to protect your data in accordance with applicable laws.

It should be noted that Meta Platforms Limited is self-certified under the Trans-Atlantic Data Privacy Framework for secure data processing in the United States. This certification ensures that the company adheres to strict data protection and privacy standards when processing data outside the European Economic Area.

When it comes to processing data outside the European Union (especially in the United States), Instagram relies on “Standard Contractual Clauses” (in accordance with Article 46, paragraphs 2 and 3 of the GDPR and Article 16 of the Swiss Federal Data Protection Act (FADP)). Standard Contractual Clauses (SCC) are templates provided by the European Commission to ensure that your data adheres to European data protection standards, even when transferred and stored in third countries such as the United States. Through these clauses, Instagram commits to maintaining the European level of data protection when processing your data, even if they are stored, processed, and managed in the United States.

For more information about Instagram’s privacy policy, please refer to Instagram’s privacy policy.

8.12.4 Data Retention

Data collected by Instagram is retained for a specific period based on the nature of the data and the purposes of its use. Instagram defines its own data retention policy in accordance with its legal obligations and business needs.

8.12.5 How to Delete or Prevent Data Storage

If you want to manage your data on Instagram or limit data collection, here are some steps you can take:

  • Privacy Settings: Instagram offers privacy settings that allow you to control the visibility of your posts and manage interactions with other users.
  • Account Settings: You can adjust your account settings to manage shared data and notifications.
  • Ad Settings: Instagram provides options to personalize ads shown to you based on your preferences.
  • Delete Account: If you want to completely delete your Instagram account, you can do so by following the instructions provided in your account settings.

Instagram provides you with significant control over your data and your user experience.

The legal basis for the use of personal data on Instagram is generally based on user consent, in accordance with applicable data protection laws.

8.12.7 Summary

Instagram is a platform for sharing photos and videos that allows users to share visual content, connect with others, and discover content. The collected data is used to personalize content and display targeted ads. Users have significant control over their data and their experience on the platform.

8.13 YouTube

8.13.1 Definition

YouTube is a video-sharing platform owned by Google Ireland Limited, with its European headquarters located at Gordon House, Barrow Street, Dublin 4, Ireland. It allows users to upload, share, comment on, and watch videos. On our website, we use embedded YouTube videos to share content and enhance the user experience.

8.13.2 Purpose

By integrating YouTube videos on our website, we aim to enrich the content offered on our site and make your user experience more interactive. YouTube videos may contain information, demonstrations, tutorials, or any other content that we consider beneficial for our users.

When you watch an embedded YouTube video on our site, certain information, including your IP address, may be transmitted to Google. This transmission occurs whether or not you have a Google account or are logged into your account. If you are logged into your Google account, Google may directly associate your browsing information with your personal profile. If you do not want to be associated with your YouTube profile, you should log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or customization of its website as needed.

8.13.3 Data Collected

When you watch an embedded YouTube video on our site, YouTube collects information about the device you are using, your browser, your IP address, the web pages you visit, the date and time of your visit, the websites you visited before accessing our site, and your interactions with the video (e.g., whether you clicked pause, fast forward, or rewind in the video). YouTube also uses cookies to collect information about your browsing activity.

If you are logged into your Google account, in addition to the above information, Google may also collect information about your preferences, your YouTube usage habits, the videos you watch, the comments you post, the people you follow or who follow you, and other interactions on YouTube. For more information, you can refer to YouTube’s privacy policy.

8.13.3.1 Cookies Used

Here are the specific cookies used by YouTube on our website:

Cookie Name Host Purpose Persistence
SIDCC .google.com The SIDCC cookie is used by Google to store security information for user authentication, fraud prevention, and protecting user data against unauthorized access. 1 year
NID .google.com The NID cookie contains a unique identifier used by Google to remember user preferences, such as preferred language, personalized search results, etc. 6 months
YSC .youtube.com The YSC cookie is associated with embedded YouTube videos on external pages. It is used to track video views and measure the performance of embedded videos. Session
VISITOR_INFO1_LIVE .youtube.com This cookie is used to track information about YouTube videos that the user has watched. It is used to personalize video recommendations. 6 months
PREF .youtube.com The PREF cookie contains user preferences such as playback volume, preferred video quality, etc., for a better viewing experience on YouTube. 1 year
LOGIN_INFO .youtube.com This cookie stores user login information to enable automatic login to a Google account associated with YouTube. 13 months
CONSENT .google.com The CONSENT cookie is used to store user consent to Google and YouTube’s privacy policies. 9 months
CONSENT .youtube.com The CONSENT cookie is used to store user consent to Google and YouTube’s privacy policies. 9 months
__Secure-3PAPISID .google.com This is a secure cookie used by Google to authenticate the user and prevent fraud. 13 months
__Secure-3PAPISID .youtube.com This is a secure cookie used by YouTube to authenticate the user and prevent fraud. 13 months
SAPISID .google.com The SAPISID cookie is used by Google to improve the relevance of ads displayed on YouTube based on user preferences. 13 months
APISID .google.com The APISID cookie is used by Google to personalize advertising based on user browsing history. 13 months
APISID .youtube.com The APISID cookie is used by YouTube to personalize advertising based on user browsing history. 13 months
HSID .google.com The HSID cookie is used to enhance user data security on YouTube and prevent fraudulent activities. 13 months
__Secure-3PSID .youtube.com This secure cookie is used to maintain the user’s session while logged into their Google account on YouTube. 13 months
__Secure-3PSID .google.com This secure cookie is used to maintain the user’s session while logged into their Google account on YouTube. 13 months
SSID .google.com The SSID cookie is used to improve the security of user information on YouTube and prevent unauthorized access. 13 months
SID .google.com The SID cookie is a session identifier used to maintain the user’s login to their Google account on YouTube. 13 months
SID .youtube.com The SID cookie is a session identifier used to maintain the user’s login to their Google account on YouTube. 13 months
OTZ www.google.com This cookie is used to personalize ads and content on YouTube based on user preferences. 1 day
OTZ accounts.google.com This cookie is used to personalize ads and content on YouTube based on user preferences. 1 day
__Host-GAPS accounts.google.com This secure cookie is used to manage user authentication and enhance session security on YouTube. 13 months
IDE .doubleclick.net The IDE cookie is used by Google DoubleClick to record and report user actions on the site after viewing or clicking on an ad, to measure advertising effectiveness and display targeted ads to the user. 9 months
SOCS .youtube.com This cookie is used to personalize ads and content on YouTube based on user preferences. 9 months
SOCS .google.com This cookie is used to personalize ads and content on Google based on user preferences. 9 months
__Secure-YEC .youtube.com This secure cookie is used to collect user preference information and personalize ads on YouTube. 1 year
test_cookie .doubleclick.net The test_cookie is used to check if the user’s browser supports cookies. 1 day
__Secure-1PSIDCC .google.com This secure cookie is used to secure the session of the user logged into their Google account on YouTube. 1 year
__Secure-1PAPISID .google.com This is a secure cookie used to authenticate the user and prevent fraud. 1 year
__Secure-1PAPISID .youtube.com This is a secure cookie used to authenticate the user and prevent fraud. 1 year
__Secure-3PSIDCC .youtube.com This secure cookie is used to enhance the security of user sessions on YouTube. 1 year
__Secure-3PSIDCC .google.com This secure cookie is used to enhance the security of user sessions on YouTube. 1 year
__Secure-1PSID .youtube.com This is a secure cookie used to maintain the session of the user logged into their Google account on YouTube. 13 months
__Secure-1PSID .google.com This is a secure cookie used to maintain the session of the user logged into their Google account on YouTube. 13 months
__Secure-ENID .google.com This secure cookie is used to enhance user data security on YouTube. 1 year
AEC .google.com The AEC cookie is used to measure the effectiveness of advertising on YouTube. 6 months
__Host-3PLSID accounts.google.com This secure cookie is used to store session information for the user logged into their Google account on YouTube. 13 months
LSID accounts.google.com The LSID cookie is a session identifier used to maintain the user’s login to their Google account on YouTube. 13 months
ACCOUNT_CHOOSER accounts.google.com This cookie is used to manage account choice when logging into a Google account on YouTube. 13 months
__Host-1PLSID accounts.google.com This secure cookie is used to store session information for the user logged into their Google account on YouTube. 13 months

8.13.4 Data Retention

Cookies created by YouTube are typically retained for a defined period, which is set by YouTube in accordance with its privacy policy. You can delete these cookies at any time through your browser settings.

For more information on data retention by YouTube, please refer to YouTube’s privacy policy.

8.13.5 How to Delete or Prevent Data Storage

YouTube uses cookies to collect information about your browsing activity when you watch embedded videos on our site. If you do not want YouTube to collect this information, you can manage or disable cookies in your browser settings.

If you wish to limit interaction with YouTube, here are some steps you can take:

  • Site Preferences: You can disable YouTube directly from our site. To do this, go to the privacy menu at the top of this page and disable items in the “Functional” group. However, this action could affect your user experience as it may prevent you from viewing video elements on the site.
  • Disable Third-Party Cookies: Disabling third-party cookies in your browser settings will prevent YouTube and other services from storing cookies on your device. Here’s how you can do it for different browsers:
  • Use a Script Blocker: There are browser extensions like NoScript that allow you to control the execution of JavaScript scripts, which YouTube relies on.
  • Privacy Extensions: There are several extensions that block various trackers and scripts to enhance privacy, such as:

Please note that disabling or blocking YouTube may affect the functionality of certain websites and may result in the inability to access certain parts or features of those sites.

For more information on managing your data on YouTube, please visit the YouTube Help page.

The use of YouTube is based on individual consent, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). It also serves the legitimate interest in enriching the content of our website with relevant videos in accordance with Article 6(1)(f) of the GDPR and the principles set out in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.13.7 In Brief

We use YouTube to enrich the content of our website with relevant videos. Some cookies may be stored in your browser when you watch an embedded YouTube video on our website. You can disable these cookies by adjusting your browser settings.

8.14 WPML

8.14.1 Definition

WPML, which stands for “WordPress Multilingual Plugin,” is a popular WordPress extension designed to enable the creation of multilingual websites. It offers advanced features for content management in multiple languages, making it easier to create websites suitable for international audiences. WPML is developed by OnTheGoSystems Limited, headquartered at 22/F 3 Lockhart Road, Wanchai, Hong Kong.

8.14.2 Purpose

The primary purpose of WPML is to allow website owners to create multilingual versions of their content, which is crucial for reaching a global audience. This extension facilitates the translation, management, and publication of content in different languages, providing a seamless user experience for site visitors, regardless of their language.

8.14.3 Data Stored

WPML does not store any personally identifiable user data. Its operation is limited to language and translation management on the site. Specifically, WPML does not record names, email addresses, payment information, or other personal data. However, WPML may use cookies to retain user language preferences, making site navigation easier in the chosen language.

WPML uses various cookies to enhance user experiences by retaining their language preferences. Here’s an overview of cookies used by WPML:

Cookie Name Host Purpose Persistence
wp-wpml_current_language tribusurbaines.com Stores the user’s preferred language to display content in the appropriate language. 1 day
wp-wpml_current_admin_language_* tribusurbaines.com Stores the preferred language of the site administrator to display the admin interface in the appropriate language. 1 day
_icl_visitor_lang_js tribusurbaines.com Stores the user’s preferred language to display content in the appropriate language via JavaScript. Session
wpml_browser_redirect_test tribusurbaines.com A test cookie to automatically redirect visitors to the appropriate language of the site. Session

These cookies do not contain personally identifiable information and are solely used to enhance the multilingual functionality of the site.

8.14.4 Data Retention

Data related to language management and translations is typically retained for as long as necessary to maintain the operation of the multilingual site. The retention period may vary depending on the specific needs of the site and administrator preferences.

8.14.5 How to Delete or Prevent Data Storage

It’s important to note that WPML does not collect or store any personally identifiable user data. It primarily functions by managing language preferences on the site, and as such, it cannot be disabled as it’s essential for the proper functioning of the multilingual site.

However, if you wish to prevent the use of cookies by WPML, you can disable cookies in your browser settings. This will result in displaying the site in its original language edition, disregarding your previous language preferences.

Disable Third-Party Cookies: Disabling third-party cookies in your browser settings will prevent WPML from storing cookies on your device. Here’s how you can do it for various browsers:

Please note that disabling cookies may impact the browsing experience on the site, as some features related to language management may no longer work as expected.

To manage data related to WPML, users can typically adjust their language settings within the extension or contact the site administrator for assistance. If you wish to delete your data or have specific questions, it’s recommended to contact us using the information provided in the “Contact Person Details” section.

Data processing through WPML is often based on individual consent, as users typically choose their preferred language. This is in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP). Additionally, there is a legitimate need to enrich our website content with a language suitable for visitor needs, in accordance with Article 6(1)(f) of the GDPR and the principles outlined in Article 6 of the Swiss Federal Data Protection Act (FADP).

8.14.7 In Brief

WPML is a WordPress extension enabling the creation of multilingual websites. It collects and processes data related to language and translations on the site. Data is typically retained for as long as necessary to maintain the multilingual site, and users can manage their language preferences via the extension.

9. Third-Party Service Providers

We engage third-party service providers to assist us in managing and improving our website. These providers may process or store personal data as part of providing these services. We ensure that these third-party service providers adhere to the same privacy and security standards as us. We only share your personal data with these third parties to the extent necessary for them to provide the respective services.

These third parties include:

  • Web hosting and IT service providers to support our website and the services we offer.
  • Website analytics and tracking service providers who help us understand how users interact with our website and identify areas for improvement.
  • Online security service providers who assist us in protecting our website and maintaining the security of user data.

Please note that our website contains links to other websites that are not operated by us. We are not responsible for the privacy practices of these websites. We encourage users to be aware when leaving our website and to read the privacy policies of any website that collects personal information.

9.1 Web Hosting

Our online services are hosted by Informaniak Network SA, a leading web hosting company based in Switzerland. As a web hosting provider, Informaniak offers a robust and secure server infrastructure for our website.

Informaniak Network SA: Avenue de la Praille, 26 – 1227 Carouge – Switzerland.

Hosting our website with Informaniak complies with Swiss and European legal requirements for data protection. Data is stored in highly secure data centers that provide physical protection against theft, fire, and other risks. Furthermore, data access is protected by technical security measures such as encryption and two-factor authentication.

As a host, Informaniak ensures the technical availability of our website. However, the responsibility for processing personal data lies with us. We have implemented appropriate security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Informaniak is ISO 27001 and ISO 50001 certified. These certifications ensure that the company complies with international standards for information security management and energy efficiency. Informaniak also commits to complying with the GDPR and other data protection laws.

For more information on Informaniak’s privacy practices, please refer to their privacy policy.

Please note that transmitting information over the internet is not entirely secure. While we do our best to protect your personal data, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we receive your information, we use strict security procedures and features to try to prevent unauthorized access.

9.2 Newsletter

Tribus Urbaines uses the services and infrastructure of Mailchimp to send our newsletter.

9.2.1 Definition

A newsletter is a periodically sent email newsletter to our subscribers. It contains information, news, and other content relevant to registered users.

9.2.2 Double Opt-in

To ensure that you want to receive our newsletter, we use a double opt-in system. After registration, you will receive a confirmation email containing a link. By clicking on this link, you confirm that you wish to receive the newsletter and authorize the storage of your data for this purpose.

9.2.3 Data Stored

When you subscribe to our newsletter, we store your first name, email address, as well as the date and time of your registration.

9.2.4 Data Retention

Your data is retained as long as you are subscribed to the newsletter. If you unsubscribe, your newsletter-related data will be deleted within 30 days.

9.2.5 How to Delete or Prevent Data Storage

You can unsubscribe from the newsletter at any time using the unsubscribe link provided in each email or by contacting us directly. Once unsubscribed, your newsletter-related data will be deleted.

The legal basis for processing your data for newsletter delivery is your consent given during registration, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

9.2.7 In Brief

We use the Mailchimp platform for sending our newsletter. We collect your email with your consent and use the double opt-in system to confirm your subscription. You can unsubscribe at any time.

9.3 Online Payments

We use secure online payment platforms to facilitate transactions on our website. The security of your financial information is a priority for us, and we take measures to ensure the protection of your data during any transaction made on our site.

We carefully choose our online payment platforms for their reputation in security and compliance with industry standards. They also adhere to Swiss and European legal requirements regarding data protection.

When you make a payment on our site, your financial information, such as credit card numbers or bank account information, is processed directly by our payment partners. We do not store your financial information on our server, significantly reducing the risk of unauthorized access to this data.

Our online payment partners use advanced security measures, such as SSL (Secure Socket Layer) encryption, to protect your information during transmission. Furthermore, they comply with PCI DSS (Payment Card Industry Data Security Standard) compliance standards to ensure the security of credit card transactions.

Despite our efforts to ensure the security of your online transactions, it’s important to note that absolute security does not exist on the Internet. You should take additional precautions to protect your information, such as safeguarding your password and regularly reviewing your financial statements.

If you have any questions or concerns regarding the use of online payment platforms on our site, please feel free to contact us. Your satisfaction and data protection are essential to us.

9.3.1 Use of the Stripe Payment Platform

9.3.1.1 Definition

Stripe is an online payment processing service that enables us to securely collect payments through our website. For customers located within the European Union, Stripe is provided by Stripe Payments Europe Ltd., with its European headquarters located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. This means that if you choose Stripe as a payment method, your payment will be processed by Stripe Payments Europe Ltd. The data required for the payment process will be transmitted to Stripe and stored on their servers.

9.3.1.2 Data Stored

When you make a payment through Stripe, certain information is collected and stored by Stripe, including transaction details, your credit card information, or bank account data required for the transaction. We do not store this information on our own server.

These primarily include transaction data, including payment method (credit card, debit card, or account number), bank code, currency, payment amount, and date. During a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication purposes. Additionally, Stripe may collect technical information about your device (such as IP address), your name, address, phone number, and country to combat fraud, generate financial reports, and provide their services comprehensively.

9.3.1.3 Data Transmission

Stripe implements rigorous security measures to ensure secure data transmission during transactions. When you make a payment via Stripe, your financial information, including transaction details and necessary personal data, is encrypted using SSL (Secure Socket Layer) technology to protect the confidentiality of your data.

Furthermore, Stripe is committed to adhering to international security standards for online payment processing. They use advanced security protocols and methods to ensure your data is protected from unauthorized access and security breaches.

Stripe strives to maintain a high level of security throughout the payment process, from data transmission to storage. They have implemented technical and organizational security measures to minimize fraud risks and ensure the confidentiality of your financial information.

Lastly, it should be noted that Stripe Payments Europe Ltd. takes all necessary measures to comply with applicable data protection and privacy standards, particularly within the European Union. When processing data outside the European Union (including the United States), Stripe relies on Standard Contractual Clauses (SCC) in accordance with Article 46(2) and (3) of the GDPR and Article 16 of the Swiss Federal Data Protection Act (FADP). Standard Contractual Clauses (SCC) are templates provided by the European Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries such as the United States. Through these clauses, Stripe commits to upholding the European data protection level when processing your data, even if it is stored, processed, and managed in the United States.

For more information on how Stripe processes your data, please refer to their privacy policy.

9.3.1.4 Purpose of Processing

The information collected by Stripe is used solely for the purpose of processing the transaction you initiated on our website. It is necessary to authorize the payment and ensure that the transaction is complete and successful.

9.3.1.5 Retention Period

Stripe retains transaction data in accordance with their own data retention policies, which may vary depending on the nature of the transaction and applicable regulations. We do not have control over the data retention period by Stripe, but we assure you that your data is handled in accordance with security standards.

9.3.1.6 Data Deletion

The deletion of data stored by Stripe is the responsibility of Stripe in accordance with their data retention policies. We do not retain copies of your financial information after the transaction.

If you have specific questions regarding the management of your data by Stripe or require further information, we invite you to contact Stripe support.

Data processed via Stripe is necessary for the performance of the contract between the user and the site owner, in accordance with Article 6(1)(b) of the GDPR and Article 31(a) of the Swiss Federal Data Protection Act (FADP), as well as the individual’s consent for other interactions with the site, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

9.3.1.8 Summary

We use Stripe as an online payment platform to securely process your transactions. Your financial data is collected by Stripe solely for the purpose of processing the transaction you initiated. The data retention and security of this data are managed by Stripe in accordance with their policies. The legal basis for this processing is the execution of the transaction contract you accepted.

9.3.2 Using Paypal Payment Platform

9.3.2.1 Definition

Paypal is an online payment processing service that enables us to securely collect payments through our website. For customers within the European Union, Paypal is provided by Paypal Europe S.à r.l. et Cie, S.C.A., with its European headquarters located at 22-24 Boulevard Royal, L-2449 Luxembourg. This means that if you choose Paypal as your payment method, your payment will be processed by Paypal Europe S.à r.l. et Cie, S.C.A. The data required for the payment process will be transmitted to Paypal and stored on their servers.

9.3.2.2 Data Stored

When you make a payment through Paypal, certain information is collected and stored by Paypal, including transaction details, your Paypal account information, or credit card and bank account data necessary for the transaction. We do not store this information on our own server.

This primarily includes transaction data such as the payment method (Paypal account, credit card, debit card, or account number), bank code, currency, payment amount, and date. During a transaction, your name, email address, billing address, or shipping address, and sometimes your transaction history, may also be transmitted. This data is necessary for authentication. Additionally, Paypal may collect technical information about your device (such as IP address), your name, address, phone number, and country to combat fraud, generate financial reports, and provide their services comprehensively.

9.3.2.3 Data Transmission

Paypal implements rigorous security measures to ensure secure data transmission during transactions. When you make a payment through Paypal, your financial information, including transaction details and necessary personal data, is encrypted using SSL (Secure Socket Layer) technology to protect the confidentiality of your data.

Furthermore, Paypal is committed to adhering to international security standards for online payment processing. They employ advanced security protocols and methods to ensure that your data is protected against unauthorized access and security breaches.

Paypal strives to maintain a high level of security throughout the payment process, from data transmission to storage. They have implemented technical and organizational security measures to minimize the risk of fraud and ensure the confidentiality of your financial information.

It is worth noting that Paypal Europe S.à r.l. et Cie, S.C.A. takes all necessary steps to comply with applicable data protection and privacy standards, especially within the European Union. When processing data outside of the European Union (including the United States), Paypal relies on “Standard Contractual Clauses” (SCC) in accordance with Article 46, paragraphs 2 and 3 of the GDPR and Article 16 of the Swiss Federal Data Protection Act (nLPD). Standard Contractual Clauses (SCC) are templates provided by the European Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries such as the United States. Through these clauses, Paypal commits to maintaining European data protection standards when processing your data, even if it is stored, processed, and managed in the United States.

For more information on how Paypal processes your data, please refer to their privacy policy.

9.3.2.4 Processing Purpose

The information collected by Paypal is used solely for the purpose of processing the transaction you initiated on our website. It is necessary to authorize the payment and ensure that the transaction is complete and successful.

9.3.2.5 Data Retention

Paypal retains transaction data in accordance with its own data retention policies, which may vary depending on the nature of the transaction and applicable regulations. We do not control the data retention duration by Paypal, but we assure you that your data is processed in compliance with security standards.

9.3.2.6 Data Deletion

The deletion of data stored by Paypal is the responsibility of Paypal Europe S.à r.l. et Cie, S.C.A. in accordance with its data retention policies. We do not retain copies of your financial information after the transaction.

If you have specific questions regarding the management of your data by Paypal or need further information, we invite you to contact Paypal support.

The data processed through Paypal is necessary to perform the contract between the user and the site owner, in accordance with Article 6(1)(b) of the GDPR and Article 31(a) of the Swiss Federal Data Protection Act (FADP), as well as the individual’s consent for other interactions with the site, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

9.3.2.8 Summary

We use Paypal as an online payment platform to securely process your transactions. Your financial data is collected by Paypal solely for the purpose of processing the transaction you initiated. The data retention and security of this information are managed by Paypal in accordance with their policies. The legal basis for this processing is the execution of the transaction contract you have accepted.

9.3.3 Using Twint Payment Platform

9.3.3.1 Definition

Twint is an online payment processing service that allows us to securely collect payments through our website. Twint is provided by Twint SA, a company based in Switzerland with its headquarters at Stauffacherstrasse 41, CH-8004 Zurich. This means that if you choose Twint as your payment method, your payment will be processed by Twint SA. The data required for the payment process will be transmitted to Twint and stored on their servers.

9.3.3.2 Data Stored

When you make a payment via Twint, certain information is collected and stored by Twint, including transaction details and the necessary information from your Twint account for the transaction. We do not store this information on our own server.

This primarily includes transaction data such as the payment method (Twint account), transaction code, currency, payment amount, and date. During a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Twint may also collect technical information about your device (such as IP address), your name, address, phone number, and country to ensure transaction security and provide their services comprehensively.

9.3.3.3 Data Transmission

Twint implements rigorous security measures to ensure secure data transmission during transactions. When you make a payment via Twint, your financial information, including transaction details and necessary personal data, is encrypted to protect the confidentiality of your data.

Twint is committed to adhering to international security standards for online payment processing. They use advanced security protocols and methods to ensure that your data is protected against unauthorized access and security breaches.

Twint strives to maintain a high level of security throughout the payment process, from data transmission to storage. They have implemented technical and organizational security measures to minimize the risk of fraud and ensure the confidentiality of your financial information.

Furthermore, due to Twint’s commitment to complying with applicable data protection and privacy standards in Switzerland, no data transmission outside of the European Union occurs when processing your payments via Twint.

For more information on how Twint processes your data, please refer to their privacy policy.

9.3.3.4 Processing Purpose

The information collected by Twint is used solely for the purpose of processing the transaction you initiated on our website. It is necessary to authorize the payment and ensure that the transaction is complete and successful.

9.3.3.5 Data Retention

Twint retains transaction data in accordance with its own data retention policies, which may vary depending on the nature of the transaction and applicable regulations. We do not control the data retention duration by Twint, but we assure you that your data is processed in compliance with security standards.

9.3.3.6 Data Deletion

The deletion of data stored by Twint is the responsibility of Twint SA in accordance with its data retention policies. We do not retain copies of your financial information after the transaction.

If you have specific questions regarding the management of your data by Twint or need further information, we invite you to contact Twint support.

The data processed via Twint is necessary to perform the contract between the user and the site owner, in accordance with Article 6(1)(b) of the GDPR and Article 31(a) of the Swiss Federal Data Protection Act (FADP), as well as the individual’s consent for other interactions with the site, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

9.3.3.8 Summary

We use Twint as an online payment platform to securely process your transactions. Your financial data is collected by Twint solely for the purpose of processing the transaction you initiated. The data retention and security of this information are managed in accordance with Twint’s policies. No data transmission outside of the European Union occurs when processing your payments via Twint due to Twint’s commitment to Swiss data protection standards.

9.3.4 Using Postfinance Pay Payment Platform

9.3.4.1 Definition

Postfinance Pay is an online payment processing service that allows us to securely collect payments through our website. Postfinance Pay is provided by La Poste Suisse, via PostFinance AG, a company based in Switzerland with its headquarters at Mingerstrasse 20, CH-3030 Bern. This means that if you choose Postfinance Pay as your payment method, your payment will be processed by La Poste Suisse. The data required for the payment process will be transmitted to Postfinance Pay and stored on their servers.

9.3.4.2 Data Stored

When you make a payment via Postfinance Pay, certain information is collected and stored by Postfinance Pay, including transaction details and the necessary information from your Postfinance Pay account for the transaction. We do not store this information on our own server.

This primarily includes transaction data such as the payment method (Postfinance Pay account), transaction code, currency, payment amount, and date. During a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Postfinance Pay may also collect technical information about your device (such as IP address), your name, address, phone number, and country to ensure transaction security and provide their services comprehensively.

9.3.4.3 Data Transmission

Postfinance Pay implements rigorous security measures to ensure secure data transmission during transactions. When you make a payment via Postfinance Pay, your financial information, including transaction details and necessary personal data, is encrypted to protect the confidentiality of your data.

Postfinance Pay is committed to adhering to international security standards for online payment processing. They use advanced security protocols and methods to ensure that your data is protected against unauthorized access and security breaches.

Postfinance Pay strives to maintain a high level of security throughout the payment process, from data transmission to storage. They have implemented technical and organizational security measures to minimize the risk of fraud and ensure the confidentiality of your financial information.

Due to Postfinance Pay’s commitment to complying with Swiss data protection standards, no data transmission outside of the European Union occurs when processing your payments via Postfinance Pay.

For more information on how Postfinance Pay processes your data, please refer to their privacy policy.

9.3.4.4 Processing Purpose

The information collected by Postfinance Pay is used solely for the purpose of processing the transaction you initiated on our website. It is necessary to authorize the payment and ensure that the transaction is complete and successful.

9.3.4.5 Data Retention

Postfinance Pay retains transaction data in accordance with its own data retention policies, which may vary depending on the nature of the transaction and applicable regulations. We do not control the data retention duration by Postfinance Pay, but we assure you that your data is processed in compliance with security standards.

9.3.4.6 Data Deletion

The deletion of data stored by Postfinance Pay is the responsibility of Postfinance Pay in accordance with its data retention policies. We do not retain copies of your financial information after the transaction.

If you have specific questions regarding the management of your data by Postfinance Pay or need further information, we invite you to contact Postfinance Pay support.

The data processed via Postfinance Pay is necessary to perform the contract between the user and the site owner, in accordance with Article 6(1)(b) of the GDPR and Article 31(a) of the Swiss Federal Data Protection Act (FADP), as well as the individual’s consent for other interactions with the site, in accordance with Article 6(1)(a) of the GDPR and Article 6(6) of the Swiss Federal Data Protection Act (FADP).

9.3.4.8 Summary

We use Postfinance Pay as an online payment platform to securely process your transactions. Your financial data is collected by Postfinance Pay solely for the purpose of processing the transaction you initiated. The data retention and security of this information are managed in accordance with Postfinance Pay’s policies. No data transmission outside of the European Union occurs when processing your payments via Postfinance Pay due to Postfinance Pay’s commitment to Swiss data protection standards.

10. Security Measures

10.1 Technical and Organizational Measures

The security of your personal data is of paramount importance to us. To ensure the protection of your data against loss, alteration, unauthorized access, disclosure, or destruction, we have implemented advanced technical and organizational measures. These measures include:

  • SSL (Secure Socket Layer) encryption to secure data in transit between your browser and our servers.
  • Physical security measures in our data centers to prevent unauthorized access to our storage systems.
  • Training for our employees and collaborators on the importance of data security and safe data handling practices.
  • Regular backup procedures and the ability to quickly restore data in case of loss.

10.1.1 SSL Encryption

SSL (Secure Socket Layer) encryption is a standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data transmitted between the web server and browsers remains private and integral. We use SSL to protect your personal information online and strive to maintain the confidentiality of your transactions on our site.

SSL encryption is an essential requirement of the General Data Protection Regulation, in compliance with Article 32 of the GDPR, which mandates that organizations implement appropriate technical and organizational measures to ensure a level of security suitable for the risk.

This requirement aligns with the principles outlined in Article 8 of the Swiss Federal Data Protection Act (FADP).

To verify that our site uses SSL encryption, you can check your browser’s address bar. You should see a padlock icon and the “https://” prefix before our site’s address, indicating a secure connection.

10.2 Breach Notification Process

Despite all precautions, no method of transmission over the Internet or electronic storage is 100% secure. If we become aware of a security breach, we will react promptly to attempt to block unauthorized access and will inform you in accordance with Article 33 of the GDPR and Article 24 of the Swiss Federal Data Protection Act (FADP). Our breach notification process includes:

  • Identifying the cause of the breach and potentially affected data.
  • Taking measures to contain the breach and prevent further violations.
  • Notifying all affected parties within 72 hours of discovering the breach.
  • Implementing any necessary changes to our security policies and procedures to prevent similar breaches in the future.

10.3 Data Retention Period

The personal data we collect is retained for the duration necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typically, we retain account data for three years from the user’s last activity. However, in certain cases, it may be necessary to retain information for a longer period, such as when required by law or for compliance, tax, legal, accounting, or auditing reasons. At the end of this period, your data will be securely deleted or anonymized.

For example, Swiss tax laws require us to retain customer billing information for a minimum period of ten years from the date of billing.

11. Changes to Our Privacy Policy

We reserve the right to modify this privacy policy at any time. If substantial changes are made to how we process your personal information, we will notify you through a prominently displayed notice on our website.

It is advisable to regularly review this privacy policy for any updates. The date of the last update is clearly indicated at the top of the privacy policy page. Any changes to this privacy policy will take effect when the revised privacy policy is published on the site.

12. Conclusion

Thank you for taking the time to go through our privacy policy. We understand it’s a lengthy text, but we hope you’ve learned something along the way! We greatly appreciate your trust in using our services, and we want you to know that your data is handled with the utmost care and respect.

If you have any questions or concerns about our use of your personal information, please don’t hesitate to contact us via the address provided in the “Contact Details of the Responsible Person” section. We will be more than happy to assist you.

This privacy policy is protected by copyright. It was written by graphicatelier. We kindly invite you to respect the author’s work. Reproduction, even in part, is prohibited without the author’s authorization under Directive 2019/790/EU of April 17, 2019, on copyright and related rights in the Digital Single Market.

And finally, if you’ve made it this far, we want to congratulate you! You are among the few people who read privacy policies to the end. Congratulations! Your dedication to protecting your personal data is impressive. You deserve a medal… but unfortunately, all we have to offer is this last sentence. Keep being amazing, and thank you for your trust!