Privacy Policy

Please note: Only the German original of this Data Privacy Policy of Mike Wider Creative Works is legally binding. The English translation is provided for information purposes only and has no legal force. The German original can be accessed here.

Protecting your privacy is a top priority at Creative Works Records. In this privacy policy, we inform you about how and why we collect, process, and use personal data.

What is this Privacy Policy about? 🢓
Who is responsible for processing your data 🢓
What data do we process? 🢓
Purposes of Data Processing 🢓
Legal Basis for Data Processing 🢓
To whom do we disclose your data? 🢓
Do your personal data also reach abroad? 🢓
How long do we process your data? 🢓
How do we protect your data? 🢓
What rights do you have? 🢓
Do we use online tracking and online advertising techniques? 🢓
Severability 🢓
Can this privacy statement be amended? 🢓

1. What is this Privacy Policy about?

Michael Wider Creative Works (hereinafter referred to as “Creative Works” or “Creative Works Records”) collects and processes personal data related to you or other persons (so-called “third parties”). We use the term “data” here interchangeably with “personal data.”

“Personal data” means data relating to an identified or identifiable person, i.e., data that can infer the person’s identity either from the data itself or with additional data. “Sensitive personal data” is a category of personal data that current data protection laws particularly protect. Sensitive personal data includes, for example, data revealing racial or ethnic origin, health data, information about religious or philosophical beliefs, biometric data for identification purposes, and information about union membership. In section 3, you will find information on the data we process under this Privacy Policy. “Processing” means any handling of personal data, such as collecting, storing, using, modifying, disclosing, and deleting it.

We have aligned this Privacy Policy with both the Swiss Data Protection Act and the European General Data Protection Regulation (GDPR). Whether these and/or other data protection laws apply depends on the individual case.

In this Privacy Policy, we describe what we do with your data when you use www.creativeworks.ch or www.creativeworks.com (collectively referred to as “Website”), when you receive our services or products, when you otherwise interact with us within a contractual framework, communicate with us, or otherwise engage with us. We may inform you of additional processing activities not mentioned in this Privacy Policy by timely written notification.

If you provide us with data about other persons, we assume that you are authorized to do so and that the data is accurate. By submitting data about third parties, you confirm this. Please also ensure that these third parties are informed about this Privacy Policy.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”), and the revised Swiss Data Protection Act (“revDPA”). However, whether and to what extent these laws apply depends on the individual case.

2. Who is responsible for processing your data

For the data processing activities described in this Privacy Policy, Michael Wider Creative Works, Root (“Creative Works”), is legally responsible unless otherwise communicated in individual cases.

For each data processing activity, one or more entities are responsible for ensuring that the processing complies with data protection laws. This entity is called the controller. It is responsible, for example, for responding to information requests (section 10🢓) or ensuring that personal data is secured and not improperly used.

In sections 3, 7, and 12, you will find more information about third parties we collaborate with and who are responsible for their processing. For questions or to exercise your rights concerning these third parties, please contact them directly.

You can reach us for your data protection concerns and to exercise your rights according to section 10🢓 as follows:

info[at]creativeworks.ch

3. What data do we process?

We process various categories of data about you. The main categories are as follows:

3.1 Technical Data

When you use our website or other electronic offerings, we collect your device’s IP address and other technical data to ensure the functionality and security of these offerings. This data includes logs that record the use of our systems. We typically retain technical data for 6 months. To ensure the functionality of these offerings, we may also assign an individual code to you or your device (e.g., in the form of a cookie). Technical data alone does not generally allow conclusions about your identity. However, in the context of user accounts, registrations, access controls, or contract processing, they can be linked with other data categories (and thus possibly with your person). Technical data includes, among other things, the IP address and information about your device’s operating system, the date, region, and time of use, and the type of browser you use to access our electronic offerings. This can help us deliver the correct formatting of the website or show you a website adapted to your region. Although we know which provider you access our services through (and thus the region) from the IP address, we usually cannot infer who you are from it. This changes if you, for example, create a user account, as personal data can then be linked to technical data (e.g., we can see which browser you use to access an account on our website). Examples of technical data also include logs (“logs”) generated in our systems (e.g., the log of user logins on our website).

3.2 Registration Data

Certain offerings and services (e.g., login areas of our website, newsletter dispatch, etc.) can only be used with a user account or registration, which can be done directly with us or through our external login service providers. In doing so, you must provide us with certain data, and we collect data about the use of the offering or service. Registration data may also arise from access controls to certain facilities, which may include biometric data depending on the control system. We generally retain registration data for 12 months after the end of the service use or account termination. Registration data includes, among other things, the information you provide when creating an account on our website (e.g., username, password, name, email). Registration data also includes data we may require from you before you can use certain services, such as name, address, contact details, etc. You must also register if you want to subscribe to our newsletter.

3.3 Communication Data

If you contact us via the contact form, email, phone, chat, letter, or other communication channels, we collect the data exchanged between you and us, including your contact details and the communication metadata. Emails in personal mailboxes and written correspondence are generally kept for at least 10 years. Communication data includes your name and contact details, the manner and place and time of communication, and usually its content (i.e., the content of emails, letters, chats, etc.). This data may also include information about third parties.

3.4 Contract Data

These are data related to a contract conclusion or contract execution, such as information about contracts and the services to be provided or provided, as well as data from the pre-contractual stage necessary for execution and responses (e.g., complaints or satisfaction information). This data is usually collected from you, from contractual partners, and from third parties involved in the contract execution, but also from third-party sources (e.g., credit information providers) and publicly accessible sources. We generally retain this data for 10 years from the last contract activity, but at least from the contract’s end. This period can be longer if required for evidence or to comply with legal or contractual requirements or if technically necessary. Contract data includes information about the contract conclusion, your contracts, such as the type and date of contract conclusion, information from the application process (e.g., an application for our products or services), and information about the contract (e.g., its duration) and the execution and management of the contracts (e.g., information related to billing, customer service, support for technical matters, and the enforcement of contractual claims). Contract data also includes information about defects, complaints, and contract adjustments, as well as information on customer satisfaction, which we may collect through surveys.

3.5 Behavioral and Preference Data

Depending on our relationship with you, we try to get to know you better and tailor our products, services, and offerings to you. To do this, we collect and use data about your behavior and preferences. We do this by analyzing data about your behavior in our domain and may supplement this data with data from third parties – also from publicly accessible sources. Based on this, we can, for example, calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is sometimes already known to us (e.g., when you use our services), or we obtain this data by recording your behavior (e.g., how you navigate our website). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which can be between 2-3 weeks and 24 months (for product and service preferences), depending on the type of data. This period can be longer if required for evidence or to comply with legal or contractual requirements or if technically necessary. How tracking works on our website is described in section 12.

Behavioral data includes information about specific actions, such as your response to electronic communications (e.g., whether and when you opened an email) or your location. We may collect your location data when you use our website.

Preference data gives us insight into what needs you have, which products or services interest you. We derive this information from the analysis of existing data, such as behavioral data, so that we can get to know you better, tailor our advice and offerings more precisely to you, and generally improve our offerings. To improve the quality of our analyses, we may combine this data with other data we also obtain from third parties.

Many of the data mentioned in this Section 3 are provided by you directly (e.g., through forms, in communication with us, in connection with contracts, when using the website, etc.). You are not obligated to provide these, except in certain cases, e.g., due to legal obligations. If you wish to enter into contracts or claim services with us, you must provide us with certain data in accordance with your contractual obligations as per the relevant contract, especially basic, contract, and registration data. When using our website, the processing of technical data is inevitable. If you wish to gain access to specific systems, you must provide us with registration data. However, when it comes to behavioral and preference data, you generally have the option to object or not to give consent.

We only provide certain services to you if you transmit registration data to us because it is technically necessary or because we want to communicate with you. If you or a person you represent (e.g., your employer) wishes to enter into or fulfill a contract with us, we need to collect corresponding basic, contract, and communication data from you, and we process technical data if you wish to use our website or other electronic services. If you do not provide the data required for the conclusion and execution of the contract, you must expect that we may refuse the contract conclusion, that you may breach the contract, or that we may not fulfill the contract. Similarly, we can only respond to your inquiry if we process the relevant communication data and, if you communicate with us online, possibly also technical data. The use of our website is also not possible without receiving technical data.

4. Purposes of Data Processing

We process your data for the purposes outlined below. Further details for the online area can be found in Sections 12 and 13. These purposes, as well as the underlying objectives, represent legitimate interests of ours and, if applicable, third parties. Further information on the legal basis for our processing can be found in Section 5.

4.1 Communication

We process your data for purposes related to communication with you, particularly to respond to inquiries and assert your rights (Section 11), and to contact you for follow-up questions. We mainly use communication data and basic data and, in connection with offers and services you use, also registration data. We retain this data to document our communication with you, for training purposes, quality assurance, and follow-up.

This involves all purposes related to communication between us, whether in customer service, advice, authentication in the case of website use, or for training and quality assurance (e.g., in customer service). We further process communication data to maintain communication via email and phone, as well as other channels we have contact information for. Communication with you usually occurs in conjunction with other processing purposes, such as providing services or responding to a request for information. Our data processing also serves as proof of communication and its content.

4.2 Contract Fulfillment

We process data for initiating, managing, and executing contractual relationships. We enter into contracts of various kinds with our business and private customers, suppliers, subcontractors, or other contractual partners, such as partners in projects or parties in legal disputes. We mainly process basic data, contract data, and communication data, and, depending on the circumstances, also registration data of the customer or individuals to whom the customer provides a service.

During the business initiation phase, personal data – especially basic data, contract data, and communication data – is collected from potential customers or other contractual partners (e.g., in an order form or contract) or arises from communication. In connection with the contract conclusion, we also process data for creditworthiness checks and for opening the customer relationship. Some of this information may be checked to meet legal requirements.

During the contract execution phase, we process data to manage the customer relationship, deliver and claim contractual services (which may include involving third parties such as logistics companies, advertising service providers, or credit agencies that may provide data), offer advice, and provide customer support. The enforcement of legal claims from contracts (debt collection, court proceedings, etc.) is also part of the execution, as well as accounting, contract termination, and public communication.

4.3 Information & Marketing

We process data for marketing purposes and relationship management, e.g., to send our customers and other contractual partners personalized advertisements for our products and services and those of third parties (e.g., advertising partners). This can be done via newsletters and other regular contacts (electronically, by mail, by phone) or other channels where we have contact information, as well as in the context of individual marketing campaigns. You can reject such contacts at any time (see at the end of this Section 4) or refuse or withdraw consent for contact for marketing purposes. With your consent, we can direct our online advertising more specifically to you (see Section 12).
For example, we may send you information, advertisements, and product offers from us and third parties (e.g., advertising partners), in print, electronically, or by phone, with your consent. We process mainly communication and registration data for this purpose. Like most companies, we personalize messages to deliver individual information and offers that suit your needs and interests. We link data that we process about you, identify preference data, and use this data as a basis for personalization (see Section 3).

Relationship management also includes personalized communication with existing customers and their contacts based on behavioral and preference data. As part of relationship management, we may also operate a Customer Relationship Management system (“CRM”) where we store necessary data for relationship management with customers, suppliers, and other business partners, e.g., contact persons, relationship history (e.g., purchased or delivered products and services, interactions, etc.), interests, wishes, marketing actions (newsletters, event invitations, etc.), and other information.

All these processing activities are not only important for us to advertise our offerings effectively but also to make our relationships with customers and other third parties more personal and positive, to focus on the most important relationships, and to use our resources efficiently.

4.4 Market Research & Product Development

We further process your data for market research, to improve our services and operations, and for product development. We strive to continuously improve our products and services (including our website) and quickly respond to changing needs. For example, we analyze how you navigate through our website or which products are used by which demographic groups and how new products and services can be designed (for further details, see Section 12). This provides us with insights into the market acceptance of existing products and the market potential of new products and services. For this, we process mainly basic, behavioral, and preference data, but also communication data and information from customer surveys, polls, studies, and other data, e.g., from media, social media, the internet, and other public sources. Where possible, we use pseudonymized or anonymized data for these purposes. We may also use media monitoring services or conduct media observations ourselves and process personal data to conduct media work or understand and react to current developments and trends.

4.5 Security

We may process your data for security purposes and access control. We continuously monitor and improve the adequacy of security for our IT and other infrastructure. Like all companies, we cannot completely rule out data security breaches, but we take measures to minimize the risks. We process data for surveillance, control, analysis, and testing of our networks and IT infrastructures, for system and error checks, documentation purposes, and backup purposes.

4.6 Compliance with Legal Requirements

We process personal data to comply with laws, directives, and recommendations from authorities, as well as internal regulations (“Compliance”).
This includes, for example, the legally regulated fight against money laundering and the financing of terrorism. In certain cases, we may be required to conduct checks on customers (“Know Your Customer”) or report to authorities. Compliance with information, notification, or reporting obligations, e.g., in relation to supervisory and tax law obligations, may require or involve data processing, such as the fulfillment of archiving obligations and the prevention, detection, and clarification of crimes and other violations. This also includes the receipt and processing of complaints and other reports, monitoring communication, internal investigations, or disclosure of documents to authorities when we have a valid reason or are legally required to do so. Personal data may also be processed in external investigations, e.g., by law enforcement or supervisory authorities or appointed private entities.

5. Legal Basis for Data Processing

Depending on applicable law, data processing is only permitted if the relevant law specifically allows it. This does not apply under the Swiss Data Protection Act, but e.g., under the GDPR. If not specifically stated above for the respective purpose, the processing of your personal data is based on one of the following legal bases:

Your consent if we have asked for it, e.g., for newsletters, marketing cookies, etc. (Art. 6 para. 1 lit. a GDPR);
The fulfillment of a contract with you or pre-contractual measures, e.g., as part of a booking with us or one of our partners (Art. 6 para. 1 lit. b GDPR);
Legitimate interests, including our own interests such as increasing customer satisfaction, advertising and marketing activities, ensuring and organizing business operations, including developing websites, apps, and other systems, enforcement or defense of legal claims, and compliance with Swiss and foreign laws as well as internal rules (Art. 6 para. 1 lit. f GDPR).

In individual cases, other legal grounds may apply, which we will communicate to you separately as required.

6. To whom do we disclose your data?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and for the other purposes listed in section 4, we also transmit your personal data to third parties, in particular to the following categories of recipients:

6.1 Service providers

We work with service providers in Switzerland and abroad who process data about you on our behalf or jointly with us, or who receive data about you from us on their own responsibility (e.g., IT providers, shipping companies, advertising service providers, login service providers). In order to efficiently provide our products and services and focus on our core competencies, we obtain services from third parties in numerous areas. We provide these service providers with the data required for their services, which may also concern you. These service providers may also use such data for their own purposes.

We also conclude contracts with these service providers that provide for provisions for data protection, unless such provisions result from the law. Our service providers may also process data, such as how their services are used and other data that arises in the course of the use of their service, independently for their own legitimate interests (e.g., for statistical evaluations or billing). Service providers inform about their independent data processing in their own privacy policies.

6.2 Contractual partners including customers

This initially refers to the customers and other contractual partners of ours, because this data transfer results from these contracts. If you are acting on behalf of such a contractual partner, we may also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate.

6.3 Authorities

We may disclose personal data to authorities, courts, and other authorities in Switzerland and abroad if we are legally obligated or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you on their own responsibility, which they receive from us.

Application cases include, for example, criminal investigations, police measures (e.g., health protection concepts, violence prevention, etc.), regulatory requirements and investigations, judicial proceedings, reporting obligations and pre- and extra-judicial proceedings as well as legal information and participation obligations. Data may also be disclosed if we want to obtain information from public authorities, e.g., to justify an information request or because we have to say who we need information (e.g., from a register) about.

6.4 Other persons (special cases)

This refers to other cases where the involvement of third parties results from the purposes according to section 4.

Other recipients are, for example, delivery addresses provided by you that are different, or third-party recipients of payments, other third parties also in the context of agency relationships (e.g., if we send your data to your lawyer or bank) or persons involved in authority or judicial proceedings. When publishing content (e.g., photos, interviews, quotes, etc.) on the website or in other publications by us. As part of business development, we may sell or acquire businesses, business units, assets or companies or enter into partnerships, which may also involve the disclosure of data (including yours, e.g., as a customer or supplier or as a supplier representative) to the parties involved in these transactions. In the context of communication with our competitors, industry organizations, associations, and other bodies, data may also be exchanged, which also concerns you.

All these categories of recipients may themselves involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not by others (e.g., authorities, banks, etc.). Regardless, your data remains subject to appropriate data protection even after disclosure in Switzerland and the rest of Europe. For disclosure to other countries, the provisions of section 8 apply. If you do not want certain data to be disclosed, please let us know so that we can examine whether and to what extent we can accommodate you (section 2).

7. Do your personal data also reach abroad?

As explained in section 7, we also disclose data to other parties. These are not only located in Switzerland. Your data can therefore be processed both in Europe and in all countries required for the execution of the contract; in exceptional cases, however, in any country in the world.

8. How long do we process your data?

We process your data for as long as our processing purposes, legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require it or storage is technically necessary. Further information on the respective storage and processing periods can be found in the individual data categories in section 3 or in the cookie categories in section 12. If there are no legal or contractual obligations, we delete or anonymize your data after the expiry of the storage or processing period within the framework of our usual procedures.

Documentation and evidence purposes include our interest in documenting processes, interactions, and other facts in the event of legal claims, discrepancies, purposes of IT and infrastructure security, and demonstrating good corporate governance and compliance. Storage for technical reasons can occur if certain data cannot be separated from other data and therefore we have to store it with these.

9. How do we protect your data?

We take appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect them against unauthorized or unlawful processing, and to counteract the dangers of loss, accidental alteration, unintended disclosure, or unauthorized access.

Security measures of a technical and organizational nature may include measures such as encryption and pseudonymization of data, logging, access restrictions, storage of backups, instructions to our employees, and controls. We protect the data transmitted via our website during transport by suitable encryption mechanisms. However, we can only secure areas that we control. However, security risks cannot generally be completely excluded; residual risks are unavoidable.

10. What rights do you have?

The applicable data protection law grants you the right, under certain circumstances, to object to the processing of your data, particularly when it is used for direct marketing purposes, profiling for direct advertising, and other legitimate interests in processing.

To make it easier for you to control the processing of your personal data, you have the following rights in connection with our data processing, depending on the applicable data protection law:

The right to request information from us about whether and which data we process about you;
The right to request that we correct data if it is inaccurate;
The right to request the deletion of data;
The right to request the release of specific personal data in a commonly used electronic format or its transfer to another data controller;
The right to withdraw consent, if our processing is based on your consent;
The right to request additional information necessary for the exercise of these rights.

If you wish to exercise the rights mentioned above, please contact us in writing or, unless otherwise stated or agreed, by email; our contact details can be found in section 2. To prevent misuse, we must identify you (e.g., with a copy of your ID, if this is not possible otherwise).

Please note that these rights are subject to conditions, exceptions, or limitations under the applicable data protection law (e.g., to protect third parties or business secrets). We will inform you accordingly if necessary.

In particular, we may need to further process and store your personal data in order to fulfill a contract with you, protect legitimate interests, such as the assertion, exercise, or defense of legal claims, or comply with legal obligations. As far as legally permissible, especially for the protection of the rights and freedoms of other affected persons and to safeguard legitimate interests, we may therefore reject a request in whole or in part (e.g., by redacting content related to third parties or our business secrets).

If you disagree with how we handle your rights or data protection, please let us know (section 2). Particularly if you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the data protection authority of your country.

11. Do we use online tracking and online advertising techniques?

On our website, we use various techniques that allow us and third parties to recognize you during your usage and, in some cases, track you across multiple visits. This section informs you about that.

The core idea is that we can distinguish your accesses (through your system) from those of other users so that we can ensure the functionality of the website and perform evaluations and personalizations. We do not intend to draw conclusions about your identity, although we can do so if we or third parties hired by us can identify you by combining data with registration details. Even without registration data, however, the techniques used are designed to recognize you as an individual visitor every time you access the page, for example, by assigning a specific recognition number to your browser (known as a “cookie”).

Cookies are individual codes (e.g., a serial number) that our server or a server of our service providers or advertising partners transmits to your system when connecting to our website. Your system (browser, mobile device) receives and stores these codes until the programmed expiration time. Upon each subsequent access, your system transmits these codes back to our server or the server of the third party. This allows you to be recognized, even if your identity is unknown.

Whenever you access a server (e.g., when using a website or because an image is embedded in an email, visible or invisible), your visits can be “tracked.” If we integrate offers from an advertising partner or a provider of analysis tools on our website, they may also track you in the same way, even if you cannot be identified in individual cases.

We use such techniques on our website and allow certain third parties to do the same. You can configure your browser to block certain cookies or alternative techniques, fake them, or delete existing cookies. You can also extend your browser with software that blocks tracking by specific third parties. More information on this can be found in the help pages of your browser (usually under the keyword “privacy”) or on the websites of the third parties listed below.

The following cookies (and techniques with similar functions such as fingerprinting) are distinguished:

11.1 Necessary Cookies

Some cookies are necessary for the functioning of the website or specific features. They ensure, for example, that you can switch between pages without losing data entered in a form. They also ensure that you remain logged in. These cookies are temporary (“session cookies”). If you block them, the website may not function correctly. Other cookies are necessary to store decisions or inputs made by you over a session (i.e., a visit to the website), if you use this feature (e.g., chosen language, granted consent, automatic login function, etc.). These cookies have an expiration date of up to 24 months.

11.2 Performance Cookies

To optimize our website and adjust it better to users’ needs, we use cookies to record and analyze the use of our website, potentially even beyond the session. We do this using analysis services from third parties. These are listed below. Before we use such cookies, we ask for your consent. Performance cookies also have an expiration date of up to 24 months. Details can be found on our website under Cookie Policy or on the third-party website.

11.3 Marketing Cookies

We and our advertising partners are interested in targeting advertisements to specific audiences, i.e., showing ads to those we want to target. Our advertising partners are listed below. For this purpose, we and our advertising partners – if you consent – also use cookies to capture the content viewed or contracts entered into. This allows us and our advertising partners to display ads that we assume will interest you, both on our website and on other websites that display ads from us or our advertising partners. These cookies have an expiration period ranging from a few days up to [12] months, depending on the situation. If you consent to the use of these cookies, you will be shown relevant advertisements. If you do not consent, you will not see less advertising, but simply other kinds of ads.

In addition to marketing cookies, we use other techniques to manage online advertising on other websites and thereby reduce wasteful exposure.
We currently use services from the following providers and advertising partners (as long as they use data from you or cookies placed on you for ad targeting):

Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its data processor (both “Google”). Google tracks visitor behavior on our website through performance cookies (see above) and generates reports for us based on this. We have configured the service so that visitors’ IP addresses are anonymized by Google in Europe before being sent to the USA, making them untraceable. We have disabled the “Data Sharing” and “Signals” settings. Although we assume that the information we share with Google is not personal data, it is possible that Google may deduce the identity of visitors from this data, create personal profiles, and link this data to Google accounts. If you consent to the use of Google Analytics, you explicitly agree to such processing, which includes the transfer of personal data (especially usage data related to websites and apps, device information, and individual IDs) to the USA and other countries. More information on Google Analytics’ privacy practices can be found under https://support.google.com/analytics/answer/6004245, and if you have a Google account, further details on processing by Google are available at https://policies.google.com/technologies/partner-sites?hl=en].

12. Severability

If individual provisions of this privacy statement are invalid or unenforceable, it will not affect the validity of the remaining provisions or the privacy statement as a whole.

13. Can this privacy statement be amended?

This privacy statement is not part of a contract with you. We may amend this privacy statement at any time. The version published on this website is the most current version.