We place great importance on transparency in how we handle personal data. This privacy policy provides information about what personal data we collect, for what purposes, and to whom we may disclose it. To ensure a high level of transparency, this privacy policy is regularly reviewed and updated.

1. Services we use

Amazon Web Services
Vimeo
YouTube

2. Contact Information

If you have questions or concerns about how we protect your data, you can contact us at any time via email at ride@thecakemovement.ch. The entity responsible for data processing on this website is:

The Cake Movement GmbH
Kleinbergstrasse 1
9000 St. Gallen, Switzerland

Data Protection Officer:
Dominik Bokstaller ride@thecakemovement.ch

3. General Principles

3.1 What data do we collect from you and from whom do we receive it?
We primarily process personal data that you provide to us or that we collect in the course of operating our website. In some cases, we may also receive personal data about you from third parties. These may include the following categories:

Basic personal data (name, address, date of birth, etc.);
Contact information (mobile number, email address, etc.);
Financial data (e.g. bank details);
Online identifiers (e.g. cookie ID, IP addresses);
Location and traffic data;
Audio and visual recordings;
Particularly sensitive data (e.g. biometric data or health information).

3.2 Under what conditions do we process your data?
We treat your data confidentially and process it only for the purposes specified in this privacy policy. We ensure that processing is transparent and proportionate.

If, in exceptional cases, we are unable to comply with these principles, the data processing may still be lawful due to a justification, such as:

Your consent;
The execution of a contract or pre-contractual measures;
Our legitimate interests, provided your interests do not override them.

3.3 How can you revoke your consent?
If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of that consent, unless another legal basis applies.

You may revoke your consent at any time by sending an email to the address provided in the legal notice. This does not affect data processing that has already occurred.

3.4 In which cases may we share your data with third parties?

a. General
We may need to engage third-party services or affiliated companies to process your data (so-called data processors). Typical recipient categories include:

Accounting, fiduciary, and auditing firms;
Consulting firms (legal, tax, etc.);
IT service providers (web hosting, support, cloud services, website design, etc.);
Payment service providers;
Providers of tracking, conversion, and advertising services.

We ensure that these third parties and our affiliates comply with data protection requirements and treat your data confidentially.

We may also be legally required to disclose your personal data to authorities.

b. Visiting our social media channels
We may include links to our social media channels on our website. These are clearly visible (usually through corresponding icons). Clicking on them will redirect you to our social media channels.

In this case, the social media providers will know that you accessed their platform via our website. These providers may use this data for their own purposes. Please note that we do not receive any information about the content of the data transmitted or its usage by the providers.

c. Data transfers abroad
Your personal data may be transmitted to companies abroad as part of data processing. These companies are subject to the same data protection obligations as we are. Transfers may occur worldwide.

If the level of data protection does not match that of Switzerland, we will first assess the risks and contractually ensure equivalent protection (e.g., via the EU Commission’s new standard contractual clauses or other legally required measures). If our risk assessment is negative, we will implement additional technical safeguards.

You can find the EU standard contractual clauses at:
https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en

3.5 How long do we retain your data?
We retain personal data only as long as necessary to fulfill the purposes for which it was collected.

Data collected during your visit to our website is stored for twelve months. An exception applies to analytics and tracking data, which may be stored for longer.

We retain contract data for a longer period due to legal obligations. Business communication, concluded contracts, and accounting records must be stored for up to 10 years. If we no longer need this data for providing services, it will be restricted and used solely for accounting and tax purposes.

3.6 How do we protect your data?
We store your data securely and take all reasonable measures to protect it from loss, access, misuse, or alteration.

Our employees and partners who have access to your data are obligated to comply with data protection regulations. In some cases, we may need to forward your requests to affiliated companies. Your data will be treated confidentially in these cases as well.

On our website, we use the SSL (Secure Socket Layer) protocol with the highest level of encryption supported by your browser.

3.7 What are your rights?

a. Right to information
You can request information at any time about the data we store about you. Please send your request along with proof of identity to ride@thecakemovement.ch.

You also have the right to receive your data in a commonly used format if:

You have given your consent for processing; or
You have disclosed the data in connection with a contract.

We may restrict or deny your request if it conflicts with legal obligations, legitimate interests, or third-party interests.

The processing time for your request is 30 days by law. However, we may extend this period due to high request volumes, legal or technical reasons, or if we need more information. You will be informed of any extension in a timely manner and at least in text form.

b. Deletion and correction
You may request the deletion or correction of your data at any time. We may reject such requests if legal requirements mandate longer or unchanged retention or if another legal basis applies.

Please note that exercising your rights may conflict with contractual agreements and could impact the execution of the contract (e.g., early termination or cost implications).

c. Legal recourse
If you are affected by the processing of personal data, you have the right to assert your rights through the courts or file a complaint with the competent supervisory authority.

The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch

3.8 Changes to this privacy policy
We may amend this privacy policy at any time. Changes will be published, and you will not be specifically notified.

4. Specific Data Processing Activities

4.1 Website Provision and Log File Creation

What information do we receive and how do we use it?
When you visit our website, certain data is automatically stored on our servers or the servers of services and products we use and/or have installed. This data is stored for system administration, statistical, security, or tracking purposes. This may include:

The name of your internet service provider;
Your IP address (potentially);
Your browser software version;
The operating system of the device accessing the URL;
The date and time of access;
The website from which you accessed the URL;
The search terms you used to find the URL.

Why are we allowed to process this data?
This data cannot be assigned to specific individuals and is not merged with other data sources. Log files are stored to ensure the functionality of the website and the security of our IT systems. This constitutes our legitimate interest.

How can you prevent data collection?
Data is stored only as long as necessary to achieve the purpose of collection. Accordingly, the data is deleted at the end of each session. Storing log files is essential for the operation of the website, so you cannot object to it.

4.2 Amazon Web Services

Our website uses services from Amazon Web Services (AWS), a comprehensive cloud service provider of Amazon.com, Inc. AWS offers a variety of infrastructure technologies that allow us to operate our website and related services reliably and scalably.

When you visit our website or use services hosted on AWS, certain information, such as your IP address, usage data, and other relevant details, may be stored on AWS servers. This data is used to ensure website functionality and to provide us with analytics and insights into how our services are used.

Amazon processes your data in accordance with the AWS privacy policy. We recommend reviewing their policies for more information on how AWS uses your data.

4.3 Vimeo

Vimeo is a service provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. Vimeo is a platform that allows users to upload, share, and view videos. It also offers various tools for video creators to monetise their content and engage with their audience.

We use Vimeo to embed videos on our website and provide visitors with high-quality visual content. This may include product presentations, tutorials, or other relevant content. By embedding Vimeo videos, visitors can watch them directly on our site without being redirected to Vimeo.

When you access a page on our site that contains a Vimeo video, your browser establishes a direct connection to Vimeo’s servers. Certain information, including your IP address, is transmitted to Vimeo. Vimeo also uses cookies and similar technologies to collect information about the use of their service and to improve user experience.

4.4 YouTube

Our website includes videos from YouTube, a platform owned by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When videos are displayed or when you click the play button, data including your IP address and browser information is transmitted to and stored on Google's servers. This data is used to deliver the video, monitor performance, and enhance user experience.

If you are logged into your YouTube account, YouTube may associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

DATA PROTECTION