In this privacy policy we inform you about how we collect and process personal data when you visit our website at: www.royalracket.ch (“Website”), when you contact us or use our services.
What is this privacy notice about?
In this privacy notice, we explain how we process personal data, in particular in relation with our business activities and through our website. It should be read by
Our potential, current and prospective customers,
Their shareholders, directors, officers, and employees,
Other related persons such as beneficiaries, representatives, signatories, security providers,
Customers of our clients and their staff, and
Visitors on our website.
Additional information about how we process personal data can be found in other documentation, such as general terms and conditions, in additional privacy information presented separately, and in separate consent forms.
«Personal data» means any information that is about an individual or that can be associated with an individual, and «processing» means any operation with personal data, for example collecting, using, disclosing or deleting data. Our services are generally directed at individuals and businesses (and if an individual acts or works for a business, then we may also process personal data about this individual).
Who is the controller for your data?
For the data processing set out in this privacy notice, the «controller», i.e., the individual or entity that is primarily responsible for complying with data protection law (also «we» or «us»), is the following:
Peter Smetana
Royal Racket Tennis Academy
Hardackerstrasse 18
8302 Kloten
Switzerland
If you have any questions in relation with our processing of your personal data, please do not hesitate to contact us at info@royalracket.ch.
You may provide us with personal data relating to other individuals, for example about co-workers, line managers, directors, officers, beneficiaries, representatives, signatories, customers, clients and other related persons. Whenever you do this, we assume that this data is correct and that you are permitted to share it with us. However, we may not be in direct contact with these individuals and cannot tell them directly about our data processing. We therefore ask that you inform these individuals about our data processing, for example by pointing them to this privacy notice.
How do we process data in relation with our services?
When you use our services, we process personal data in order to prepare for and potentially enter into an agreement with you:
— If we are in contact with you in view of an agreement with you or with the company you act or work for, we process data about you and about other individuals whose data you provide to us or that we collect as part of the process, such as signatories, directors, and beneficiaries, for example if you book a group lesson with us. In each case this may include names, address information, contact information, birth date, copies of identification documents, information about the role or relation with a company, any other information you share with us, and information about services requested and the contact date. We use this information to “onboard” you, comply with tax controls and reporting obligations, prevent fraud, assess and manage risks, and learn more about your business. The legal basis for this processing is article 6(1)(b) and (f) GDPR, where applicable.
— We can also check the creditworthiness of our potential contractual partner, i.e., the likelihood of a default. For this purpose, we obtain address and credit information from a credit information agency. Where reasonably required we may also collect additional data from public registers (for example the commercial register) or from other public sources such as the media and the internet for this purpose. The legal basis is article 6(1)(b) and (f) GDPR, where applicable.
If we enter into an agreement with you or your company, we process the data collected in view of the agreement (see above) and information about the conclusion of the agreement (for example the date and subject matter of the agreement).
We also process personal data during and after the term of the agreement, for example information on the services rendered to you, but also on payments, on customer service contacts, claims, complaints, on the termination of the agreement and – if there should be a dispute in relation with the agreement – also on disputes and related procedures and investigations. Without these types of data processing, we would not be able to perform agreements, comply with applicable law, and safeguard our legitimate interests. The legal basis for this processing is article 6(1)(b), (c) and (f) GDPR, where applicable.
We also process the data set out above for statistics (for example: which services sell best, in which regions and when etc.). These statistics help with the improvement and development of our services as well as our business strategy. We may also use statistical data for personalized marketing (see sec. 4 for additional information). The legal basis for this processing is article 6(1)(f) GDPR, where applicable.
If and to the extent our clients are companies, the data set out above may be about the individuals who act for our clients or are otherwise related to them.
How do we process data in relation with marketing?
We also process personal data in order to advertise us and our services and services provided by third parties:
Marketing communication: We send electronic information which include advertising for our offers , but also for offers from other companies with which we cooperate. We will ask for you for consent first except where we advertise certain offers to existing customers.
Online advertising: We carry out advertising on partner websites, including personalized advertising through a process called “re-targeting”, which is explained in sec. 7 below.
Market research: We also process data to improve performance and develop new services, such as information about your bookings, your response to newsletters, information from customer surveys or from social media, as well as from media monitoring services and public sources.
How do we work with service providers?
We use various services provided by third parties, in particular IT services (examples are hosting providers), and other providers like banks, the post office, consultants, advisors etc. More information about our service providers in relation with our online offering can be found in sec. 7 below. All of these service providers may process personal data as required for their services. We have customary agreements with them.
Can we disclose data abroad?
The recipients of personal data are not all located in Switzerland. An example of a provider abroad is Google in Ireland, but this also includes others including the providers in relation with our online offering, as set out below in sec. 7. These providers may use additional providers in other countries in the EEA region and outside, potentially world-wide. We may also transfer data to authorities and other recipients abroad if we are under a legal obligation to do so or, for example in the context of an asset sale or legal proceedings (see sec. 9).
If a country does not provide an adequate level of data protection, we use agreements in order to provide additional protection. In certain cases, we may transfer personal data in accordance with applicable law without such agreements, for example if you have consented to the transfer or if the transfer is necessary for the execution of the agreement, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
How do we process data in relation with our online offering?
As most businesses, in particular businesses that operate an online service offering, we use providers that process data for us to learn about the actions our users take, optimize and personalize content, and display relevant ads on our website and on partner websites. The types of data used, and the providers that help us with these purposes, are explained below in more detail. We know it’s complicated, due to the variety of data collected and how advertising networks work, but please take the time to read through it. If you wish to disallow certain types of use, you have the option to use the consent management feature on our website. The legal basis for these types of processing is your consent (article 6(1)(a) GDPR), our legitimate interest (article 6(1)(f) GDPR) and the performance of an agreement, for necessary cookies and functions (article 6(1)(b) GDPR, where the GDPR applies).
LOG DATA
Each time our website (hereinafter “online offering”) is used, certain data is generated, for technical reasons, which is temporarily stored in log files. Key examples are the IP address of the device used, information about the internet service provider and the operating system of your device, information about the referring URL, information about the browser, the date and time of access, and the content accessed. We use this data so that our online offerings can be used, to ensure security and stability, to optimize our online offerings and for statistical purposes.
cookies and similar technologies
Our online offerings also use cookies. These are text files that your browser keeps on your device. This allows us to distinguish individual visitors from others, but usually without identifying them. Cookies may also contain information about pages accessed and the duration of the visit. Certain cookies («session cookies») are deleted when the browser is closed. Other cookies («persistent cookies») remain stored for a certain period of time so that we can recognize visitors when they visit us again. More information about the types of cookies we use can be found in our online offering, when you access the consent management function provided by Framer.com .
We may also use other technologies, for example to store data in the browser but also to recognize repeat visitors, for example pixels or fingerprints. Pixels are invisible images or program code that are called from a server through a coded link that transmit information. Fingerprints are pieces of information about the configuration of your device that make your device distinguishable from other devices.
The data collected through these technologies, including the data explained in more detail in sec. 7.3below, are usually not directly personally identifiable, i.e., we will not know the names of the users whose data is collected, but we can distinguish them from any other user. However, when you log into our online offering, we can connect your name and the usage data collected, which then becomes personally identifiable.
You can configure your browser in the settings to block certain cookies or similar technologies or to delete cookies and other stored data. You can find out more in the help pages of your browser (usually when you look for «data protection»). However, we ask for your consent before using cookies and other technologies, except those that are necessary for the proper operation of our online offering, through a consent management solution on our website.
These cookies and other technologies may be set by third-party companies that provide features to us. These may be located outside Switzerland and the EEA (see sec. 6 for more information). For example, we use analytics services to help us optimize and personalize our online offering.
Analytics, personalized communication and ad networks
In order to measure the use of our online offering and improve and personalize content, we use third parties to collect usage data and provide statistical information to us. These third parties may record the use of the online offering and combine these records with other information they have from other websites. This allows them to collect data about user behavior across multiple websites and devices, in order to provide statistical evaluations on this basis. The providers can also use this information for their own purposes, for example for personalized advertising on their own or other websites. If a user is registered with the provider, the provider can also link the usage data to that user. A key provider is Google. More information on the latter can be found below:
— Our online offering uses Google Analytics, an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects information about the behavior of users on the online offering and about the device used. The IP addresses of visitors are truncated in Europe before being sent onwards to the USA. Google provides us with statistical information based on the data recorded, but also uses some data for its own purposes. Information on Google Analytics privacy can be found here, and if you have a Google Account, you can find more information here.
Cookies and similar technologies from third parties help them to target you with individualized advertising on our or other websites and on social networks that work with the same third-party provider (called “re-targeting”), and to measure the effectiveness of ads (for example whether you came to our online offering through an ad and what actions you take on our online offering). These parties use not directly personally identifiable information such as location, language and device data and estimated demographic data such as age, gender, marital and parental status, and employment. For example, we participate in the ad network operated by Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland) to display personalized ads on other websites.
How do we process data through social media?
We operate pages on social networks and other platforms such as on Instagram, Facebook, YouTube, LinkedIn, etc. If you communicate with us there or comment on or redistribute content, we collect information that we use primarily for communication with you, for marketing purposes and for statistical evaluations (see sec. 3 and 4). Please note that the platform provider will also collect and use some data (for example about user behavior), possibly together with other data they have about a user, for example for marketing purposes or to personalize platform content.
Are there other types of processing?
Yes, because many things that we do necessarily involve processing personal data, also common and unavoidable internal processes. It is not always possible to know in advance if this will occur nor the specific extent of the data processed, but below you will find information on typical (not necessarily frequent) cases:
— Communication: When we are in contact with you (for example when you call customer service or get in touch by e-mail), we process information about the content and type, time and place of the communication. We may also process information to identify you.
— Compliance with law: We may process personal data and disclose data to authorities as required for our obligations or rights arising under applicable law, and to comply with internal regulations.
— Prevention: We process data to prevent criminal acts and other violations, for example in the context of fraud prevention or internal investigations.
— Legal proceedings: Where we are involved in legal proceedings (for example judicial or administrative proceedings), we process data for example about other parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to such parties and to courts and authorities, possibly also abroad.
— IT security: We process data for monitoring, controlling, analyzing, testing, securing and assessing our IT infrastructure, but also for backups and data archiving.
— Competition: We process data about our competitors and the market in general. In doing so, we may process data about key persons, in particular name, contact details, role or function and public statements.
— Transactions: If we sell or acquire receivables or other assets, we process data to the extent necessary to prepare and carry out such transactions, for example information about customers or their contact persons or employees, and we may also disclose such data to buyers or sellers.
— Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (for example contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal processes, anonymous statistics and evaluations, and protection of other legitimate interests).
How long do we process personal data?
We process personal data as long as it is necessary for the processing purpose (in the case of agreements, usually for the duration of the agreement), as long as we have a legitimate interest in the storage (for example to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to retention obligations (for example, a ten-year retention period applies for certain data). After expiry of these periods, we delete or anonymize your personal data.
Anything else to consider?
Depending on the applicable law, personal data may only be processed if applicable law specifically permits it. This does not apply under to the Swiss Data Protection Act, but it does, for example, under to the EU General Data Protection Regulation (GDPR), where it is applicable. In this case, our processing is based on the fact that it is necessary for the preparation and execution of agreements (sec. 3), that it is necessary for legitimate interests of us or third parties, for example statistical evaluations (sec. 3) or marketing purposes (sec. 4), that it is required or permitted by law or that you have separately given consent to the processing. The most relevant provision is article 6 of the GDPR, on which we have included more information in the sections above.
By the way, you are under no obligation to share data to us, except in specific cases (for example if you have to fulfil an agreed obligation, which may require disclosing data to us). However, for legal and other reasons, we have to process personal data when we conclude and execute agreements. Likewise, using our online offering is also not possible without data processing (see sec. 7).
We may update this privacy notice whenever needed. It is not part of an agreement with you, and the version posted on our website is the version currently applicable.
What are your rights?
Subject to the conditions and restrictions of applicable data protection law, you have certain rights in order to receive a copy of your personal data or have a say about our processing of your data:
— You can request a copy of your personal data and more information about our data processing;
— you can object to our data processing, in particular in connection with direct marketing;
— you can correct or complete incorrect or incomplete personal data or have us register a note of dispute;
— you may have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, where data processing is based on your consent or is necessary for the performance of an agreement;
— if we process data on the basis of your consent, you can withdraw your consent at any time. Withdrawing consent only affects our processing going forward, and we reserve the right to continue processing data on another basis, as permitted by applicable law.
If you wish to exercise your rights, please contact us (sec. 2). As a rule, we will have to verify your identity (for example by means of a copy of an ID document). You are also free to lodge a complaint against our processing with the competent supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC).
