Imprint & Privacy Policy
Imprint
Company information:
Noëmi Thum Consulting GmbH
Bahnhofstrasse 34
8854 Siebnen, Switzerland
UID: CHE-375.171.621
Commercial Register entry:
Schwyz
Support:
Noëmi Thum
E-Mail: info@noemithum.com
EU dispute resolution:
The European Commission provides a platform for online dispute resolution (ODR), which you can find at http://ec.europa.eu/consumers/odr . Noëmi Thum Consulting GmbH is not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.
Privacy Policy
With this privacy policy, I provide information about the processing of personal data in connection with my activities and operations, including my website under the domain name www.noemithum.com. In particular, I provide information on why, how and where I process which personal data. I also provide information about the rights of persons whose data I process.
I may publish additional privacy statements or other privacy information for individual or additional activities and operations.
1. Contact details
Responsibility for processing personal data:
Noëmi Thum
Bahnhofstrasse 34
8854 Siebnen
In some cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.
2. Terms and legal information
2.1 Terms
Data subject: Natural person about whom I process personal data.
Personal data: Any information relating to an identified or identifiable individual.
Sensitive personal data: Data concerning trade union, political, religious or philosophical opinions and activities, data concerning health, life or membership of an ethnic or racial group, genetic data, biometric data that uniquely identifies a natural person, data concerning criminal or administrative sanctions or prosecutions and data concerning social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, collecting, recording, deleting, disclosing, arranging, organizing, storing, modifying, disseminating, interconnecting, destroying and using personal data.
2.2 Legal information
I process personal data in accordance with Swiss data protection legislation, in particular the Federal Data Protection Act (DSG) and the Data Protection Ordinance (DPO).
3. Nature, scope and purpose of the processing of personal data
I process the personal data necessary to carry out my activities and operations in a sustainable, humane, secure and reliable manner. The personal data processed may fall into the following categories: browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data.
We also process personal data that we receive from third parties, that we obtain from publicly available sources, or that we collect in the course of our activities and operations, to the extent that such processing is permitted by law.
Where necessary, I process personal data with the consent of the data subject. In many cases, I may process personal data without consent, for example to comply with legal obligations or to protect overriding interests. I may also ask data subjects for their consent where their consent is not required.
I process personal data for as long as necessary for the purpose. I will anonymize or delete personal data, in particular in accordance with statutory retention and limitation periods.
4. Bekanntgabe von Personendaten
Ich kann Personendaten an Dritte bekanntgeben, durch Dritte bearbeiten lassen oder gemeinsam mit Dritten bearbeiten. Bei solchen Dritten handelt es sich insbesondere um spezialisierte Anbieter, deren Leistungen wir in Anspruch nehmen.
Ich kann Personendaten beispielsweise an Banken und andere Finanzdienstleister, Behörden, Bildungs- und Forschungseinrichtungen, Berater und Rechtsanwälte, Interessenvertretungen, IT-Dienstleister, Kooperationspartner, Kredit- und Wirtschaftsauskunfteien, Logistik- und Versandunternehmen, Marketing- und Werbeagenturen, Medien, Organisationen und Verbände, soziale Einrichtungen, Telekommunikationsunternehmen und Versicherungen bekanntgeben.
5. Communications
I process personal data in order to communicate with individuals as well as with authorities, organizations and companies. In particular, I process data that a data subject transmits to me when contacting me, for example by post or e-mail. I may store such information in an address book or similar tool.
Third parties who provide me with data about other individuals are required to independently ensure the privacy of those individuals. In particular, they must ensure that such data is accurate and may be transmitted.
I use selected services from appropriate providers to enable and improve communication with individuals and other communication partners. I may also use such services to manage and otherwise process the data of data subjects beyond direct communication.
In particular, I use
Wix CRM: Customer Relationship Management (CRM); Provider: Wix; Wix CRM specific information: Wix CRM.
6. Data privacy
I take appropriate technical and organizational measures to ensure data security commensurate with the risk involved. In particular, my measures guarantee the confidentiality, availability, traceability and integrity of the processed personal data, without, however, being able to guarantee absolute data security.
The access to my website and my other online presence is carried out by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers warn against visiting websites without transport encryption.
My digital communication - like all digital communication in general - is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. I have no direct control over the processing of personal data by intelligence services, police forces and other security authorities. Nor can I rule out the possibility that a data subject may be subject to targeted surveillance.
7. Personal data abroad
I usually process personal data in Switzerland. However, I may disclose or export personal data to other countries, in particular to process or have processed personal data there.
I may disclose personal data to all countries on earth and elsewhere in the universe, provided that the law there guarantees an adequate level of data protection in accordance with the decision of the Swiss Federal Council. I may disclose personal data to countries whose laws do not provide an adequate level of data protection, provided that an adequate level of data protection is otherwise ensured, in particular on the basis of standard data protection clauses or other appropriate guarantees. By way of exception, I may export personal data to countries without adequate or appropriate data protection if the special requirements under data protection law are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, I will be happy to inform individuals about any warranties or provide a copy of the warranties.
8. Data subject rights
8.1 Privacy claims
I grant data subjects all rights under applicable data protection laws. In particular, data subjects have the following rights
-
Information: Data subjects may request information as to whether I process personal data about them and, if so, what personal data is involved. Data subjects will also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data as such, but also information about the purpose of the processing, the duration of storage, any transfer or export of data to other countries, and the origin of the personal data.
-
Correction and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
-
Erasure and objection: Data subjects may have personal data erased ("right to be forgotten") and object to the processing of their data with effect for the future.
-
Data disclosure and transfer: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.
I may postpone, restrict or deny the exercise of data subjects' rights to the extent permitted by law. I may inform data subjects of any conditions that must be met in order to exercise their rights under data protection law. For example, I may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of others. For example, I may also refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.
In exceptional cases, I may charge costs for exercising rights. I will inform the data subject in advance of any such costs.
I am required to take reasonable steps to identify data subjects who request information or assert other rights. Data subjects are required to cooperate.
8.2 Legal protection
Data subjects have the right to enforce their data protection rights through the courts or by lodging a complaint with a data protection authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
9. Use of the site
9.1 Cookies
I may use cookies. Cookies - both my own cookies (first-party cookies) and cookies from third parties whose services I use (third-party cookies) - are data that are stored in the browser. Such stored data need not be limited to traditional text cookies.
Cookies can be stored in the browser temporarily as "session cookies" or for a certain period of time as so-called permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies are stored for a specific period of time. In particular, cookies make it possible to recognize a browser the next time it visits our website and thus, for example, to measure the reach of my website. Persistent cookies can also be used for online marketing purposes.
Cookies can be completely or partially disabled and deleted at any time in the browser settings. Without cookies, my website may not be fully available. I actively request your express consent to the use of cookies - at least when and to the extent necessary.
For cookies that are used to measure success and reach or for advertising, a general opt-out is available for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
I may log at least the following information for each access to my website and our other online presence, insofar as this information is transmitted to my digital infrastructure during such accesses Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of my website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).
I log this information, which may include personal information, in log files. The information is necessary to provide my online presence in a permanent, user-friendly and reliable manner. The information is also needed to ensure data security - even by third parties or with the help of third parties.
9.3 Tracking pixel
I can integrate tracking pixels into my website. Web beacons are also known as tracking pixels. Tracking pixels - including those from third parties whose services I use - are typically small, invisible images or scripts written in JavaScript that are automatically retrieved when my site is accessed. Web beacons can be used to collect at least the same information as log files.
9.4 Comments
I allow you to post comments on my website. In particular, I process the information that a commenting person sends to me, as well as the IP address used and the date and time. This information is necessary to enable the publication of comments and to ensure protection against misuse, which is in my overriding legitimate interest.
10. Notifications and messages
10.1. Measurement of success and reach
Alerts and Messages may contain web beacons or tracking pixels that record whether an individual message was opened and which web beacons were clicked. Such web beacons and tracking pixels may also record usage of Alerts and Messages on an individual basis. I need this statistical tracking of usage to measure success and reach in order to deliver notifications and messages in an effective, human-friendly, persistent, secure and reliable manner based on the needs and reading habits of the recipients.
10.2. Opting in and opting out
You must always consent to the use of your email address and other contact information, unless the use is permitted for other legal reasons. I can use the "double opt-in" process to get double-confirmed consent. In this case, you will receive a message with double opt-in instructions. I may log any consent I receive, including the IP address and timestamp, for evidence and security purposes.
You may at any time object to receiving notifications and communications such as newsletters. With such an objection, you can also object to the statistical recording of usage to measure success and reach. Necessary notifications and communications in connection with my activities and operations remain reserved.
10.3 Service Provider for notifications and messages
I send notifications and messages using specialized service providers.
In particular, I use
ActiveCampaign: Marketing automation platform, especially for email marketing; Service provider: ActiveCampaign LLC (USA); Privacy Information: Privacy Policy.
Manychat: Chatbot and instant messaging platform; Provider: Manychat Inc; Privacy Information: Privacy Policy, Privacy & Security at Manychat.
11. Social Media
I am present on social media platforms and other online platforms to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.
The general terms and conditions and terms of use as well as data protection declarations and other provisions of the individual operators of such platforms also apply in each case. In particular, these provisions provide information about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.
12. Third-party services
I use the services of specialized third parties to conduct my activities and operations in a sustainable, humane, secure and reliable manner. Among other things, I may use such services to embed features and content into my website. In the case of such embedding, the services used collect the IP addresses of users at least temporarily for technically compelling reasons.
For necessary security-related, statistical and technical purposes, third parties whose services I use may process data in connection with my activities and operations in aggregated, anonymized or pseudonymized form. This includes, for example, performance or usage data in order to be able to offer the respective service.
I use in particular:
-
Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland), in part for users in the European Economic Area (EEA) and Switzerland; General Privacy Information: Privacy Policy, "Privacy and security principles," "More information about how Google uses personal information," "Privacy Policy", "Google's commitment to comply with applicable data protection laws", "Privacy guides for Google products," "How we use information collected from websites and applications on or in which our services are used," "Types of cookies and similar technologies used by Google," "Advertising you can control" ("personalized advertising").
-
Services from Microsoft: Provider: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information about privacy: "Privacy at Microsoft", "Privacy and Data Protection," Privacy Statement, "Data and Privacy Settings".
12. 1 Digital infrastructure
I use the services of specialized third parties to provide the necessary digital infrastructure in connection with my activities and operations. This includes, for example, hosting and storage services from selected providers.
In particular, I use
-
Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Privacy Information: Privacy Policy.
-
Wix: Website builder and other infrastructure; Provider: Wix.com Ltd (Israel) together with Wix.com Ltd (USA) / Wix.com Inc (USA) / Wix.com Luxembourg S.à r.l. (Luxembourg); Privacy Policy: Privacy Policy, "Privacy & Security", "Wix Help Center 'Privacy'" including Cookie Policy.
12. 2 Automation and integration of applications and services
I use specialized platforms to integrate and connect existing third-party applications and services. I can also use such "no-code" platforms to automate processes and activities with third-party applications and services.
In particular, I use
-
Zapier: Automation and integration of applications and services; Vendor: Zapier Inc. (USA); Privacy Information: Privacy Policy, Data Privacy at Zapier, «Data Privacy & Security FAQ», «Security and Compliance».
12.3 Scheduling
I use the services of specialized third parties to arrange online appointments, such as meetings. In addition to this Privacy Policy, any directly visible terms and conditions of the services used, such as terms of use or privacy policies, also apply.
In particular, I use
-
Calendly: Meeting automation platform; Provider: Calendly LLC (USA); Privacy Information: Privacy Policy, "Security".
12.4 Audio and video conferencing
I use specialized audio and video conferencing services to communicate online. For example, I may use them to hold virtual meetings or conduct online classes and webinars. When I participate in audio and video conferences, I am also subject to the legal notices of those services, such as privacy policies and terms of service.
Depending on your life situation, we recommend that you mute your microphone by default and blur or display a virtual background when participating in audio and video conferences.
I particularly use
-
Google Meet: Video conferencing; Provider: Google; Google Meet-specific information: "Google Meet - User Security and Privacy".
12.5 Online collaboration
I use third-party services to enable online collaboration. In addition to this Privacy Policy, any directly visible terms and conditions of the services I use, such as terms of use or privacy policies, also apply.
I use in particular
-
Miro: Whiteboard platform; Service provider: RealtimeBoard Inc (USA); Information on data protection: Privacy Policy, "Miro Trust Center".
-
Notion: Team collaboration platform; Service provider: Notion Labs Inc (USA); Privacy Policy: Privacy Policy, "Security & Privacy", Cookie Policy.
12.6 Social media features and content
I use third-party services and plugins to embed social media features and content and to enable content sharing on social media platforms and in other ways.
In particular, I use
-
Facebook (social plugins): Embedding of Facebook functions and Facebook content, e.g. "Like" or "Share"; Provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy Information: Privacy Policy.
-
Instagram Platform: Embedding Instagram Content; Service Provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Privacy Policy: Privacy Policy (Instagram), Privacy Policy (Facebook).
-
LinkedIn Consumer Solutions Platform: Embedding features and content from LinkedIn, for example with plugins such as the "Share Plugin"; Provider: Microsoft; LinkedIn-specific information: Privacy Policy, Cookie Policy, Cookie Management / Opt-out of email and SMS communications from LinkedIn, Opt-out of interest-based advertising.
-
Pinterest (social plugins): Embedding of features and content or pins from Pinterest (example: "Pin Widget"); provider: Pinterest Inc (USA) / Pinterest Europe Ltd (Ireland) for users in the European Economic Area (EEA); Privacy Information: "Privacy, Security and Legal", Privacy Policy, "Personalization and Data", Cookie Policy.
12.7 Digital content
I use the services of specialized third parties to integrate digital content into my website. Digital content includes, but is not limited to, images, video, music, and podcasts.
In particular, I use
-
Spotify: Music and podcast platform; Provider: Spotify AB (Sweden); Privacy Information: "Privacy Center", Privacy Policy.
12.8 Dokumente
I use third-party services to integrate documents into my website. Such documents can include PDF files, presentations, spreadsheets, and text documents. This allows me to not only view, but also edit or comment on such documents.
In particular, I use
-
Canva: Digital Documents; Service Provider: Canva Pty Ltd (Australia); Privacy Policy: Privacy Policy, Trust, Security at Canva, Cookie Policy.
-
Google Docs: Documents, presentations, and spreadsheets; Service Provider: Google; Google Docs-Specific Information: "Privacy in Google Docs, Google Sheets and Google Presentations".
12.9. E-Commerce
I operate an e-commerce business and use third party services to successfully offer services, content or goods.
In particular, I use
Wix eCommerce: e-commerce platform; Provider: Wix; Wix eCommerce specific information: "About Wix Stores", "Selling with Wix".
12.10 Payments
I use specialized service providers to process payments securely and reliably. The legal texts of the individual service providers, such as general terms and conditions or privacy statements, also apply to the processing of payments.
In particular, I use
-
Apple Pay: Payment Processing; Provider: Apple Inc (USA) / Apple Distribution International Limited (Ireland) for persons in the EEA, the United Kingdom and Switzerland; information on data protection: "Apple Privacy Policy", "Apple Privacy Policy for Customer Data", Transparency Report.
-
Klarna: Payment processing service provider: Klarna Bank AB (Sweden); Privacy information: "Privacy Policy", Privacy Statement, Cookie Policy.
-
PayPal (including Braintree): Payment processing; Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) / PayPal Pte. Ltd (Singapore); Privacy Policy, "Statement on Cookies and Tracking Technologies".
-
Stripe: Payment Processing Provider: Stripe Inc. (USA) / Stripe Payments Europe Limited (SPEL, Ireland) for users in the European Economic Area (EEA) and Switzerland and in part in the United Kingdom / Stripe Payments UK Limited (United Kingdom) and Stripe Capital Europe Limited (Ireland) in part for users in the United Kingdom; Privacy Policy: "Stripe Privacy Center", Privacy Policy, Cookie Policy.
12.11 Werbung
I use the ability to display targeted advertising on third parties such as social media platforms and search engines for our activities and operations.
In particular, I would like to use such advertising to reach people who are already interested in or might be interested in our activities and operations (remarketing and targeting). In order to do this, I may share the relevant information - including personal information where appropriate - with third parties who enable such advertising. I may also determine whether our advertising is successful, in particular whether it results in visits to our website (conversion tracking).
Third parties with whom I advertise and where you are logged in as a user may be able to associate your use of my website with your profile there.
I use in particular:
-
Google Ads: Search Engine Advertising; Service Provider: Google; Google Ads specific data: Advertising based on search queries, including using various domain names - specifically doubleclick.net, googleadservices.com, and googlesyndication.com - for Google Ads, Advertising Privacy Policy, "Manage Displayed Ads Directly from Ads".
-
LinkedIn ads: Social media advertising; Provider: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy Policy: Remarketing and targeting specifically with the LinkedIn Insight Tag, Privacy, Privacy Policy, Cookie Policy, Opting Out of Personalized Advertising.
-
Meta Ads: Social Media Advertising on Facebook and Instagram; Service Provider: Meta Platforms Ireland Limited (Ireland) and other meta companies (including in the USA); Privacy Information: Targeting, including retargeting, specifically with the Meta Pixel and with Custom Audiences including Lookalike Audiences, Privacy Policy, "Advertising Preferences" (user registration required).
13. Measurement of success and reach
I try to measure the success and reach of my activities and operations. In this context, I may also measure the impact of third-party links or check how different parts or versions of my online offering are used (A/B testing method). Based on the results of the performance and reach measurements, I may correct errors, strengthen popular content or make improvements.
In most cases, the IP addresses of individual users are tracked to measure success and reach. In this case, IP addresses are generally shortened ("IP masking") in order to comply with the principle of data minimization through appropriate pseudonymization.
Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles that may be created include, for example, the individual pages visited or content viewed on my website, information about the size of the screen or browser window, and the - at least approximate - location. As a matter of principle, any user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Individual third-party services with which users are registered may be able to assign the use of my online offer to the user account or user profile of the respective service.
I use in particular:
Google Marketing Platform: Measuring success and reach, especially with Google Analytics; Provider: Google; Google Marketing Platform specific information: Measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only transmitted in full to Google in the USA in exceptional cases, Privacy Policy for Google Analytics, "Browser add-on to disable Google Analytics".
14. Final note on privacy policy
I have created this privacy policy using Datenschutzpartner's privacy policy generator.
I may update this privacy policy at any time. I will provide notice of updates in a reasonable manner, including by posting the current privacy policy on my website.