Brands Are Live AG
CH – 8008 Zurich
Version March 2020. Valid up to revocation.
Brands Are Live AG (in the following also “us”) collects and processes personal data carefully and only to the extent permitted by law.
In the following we explain which policies we comply with and for what purpose we collect and process personal user data (in the following also “you” or “person”) via this website and other websites and applications operated by us or affiliated companies.
Data processing and intended use
When you register and use our services, we collect certain personal data so that we can provide our services targeted to you. Within the scope of communication and data collection, the following data is stored by us or by third party companies that provide the corresponding services:
- Registration data,
- Data that you have shared with social media services for sharing with the company,
- Activity data,
- In the case of invitations to enter in connection with competitions, we may collect further data, in accordance with the relevant invitation to enter,
- If you have registered for a newsletter, we will keep you informed about relevant developments and offers. If you are directed to our websites via a link in the newsletter, you also grant us permission to process and use your IP address together with geodata, web beacons or similar technologies in order to check whether the offers submitted to you in the course of this communication meet your requirements. In addition, we process and use the e-mail address you provide to send you personalized offers in connection with the newsletter. If you no longer wish to receive the newsletter, you can unsubscribe at any time in the newsletter itself,
- We do not collect any financial data from external service providers in the field of payments.
The purpose of this data capture is,
- to communicate with you,
- to provide the business services and functions,
- to give you the opportunity to comment on content,
- to minimize the risk of fraud,
- to be able to provide and improve our services in a contractual and targeted manner,
- the use of the data for marketing purposes,
- the use for research purposes, for example to develop new products and services, but also to participate in competitions,
- to comply with applicable legislation and case law and to be able to respond to requests from administrative or other state authorities,
- to provide the possibility of sharing on social media,
- to protect the company and third parties.
In the context of the European General Data Protection Regulation (GDPR) regulations apply which may also be applicable to companies and service providers domiciled in Switzerland. As far as these provisions may be relevant for us, we comply with these provisions. The most important of these rights are listed below. Further details can be found in the legal basis, which can be accessed via the following link: http://eur-lex.europa.eu/eli/reg/2016/679/oj:
The central aspects of these legal guidelines are listed below:
- Right to information
Where personal data are collected, the data subjects are to be provided with a range of information regarding the collection of data, in particular what data are collected and for what purpose.
- Right of access by the data subject
According to the GDPR, the person affected by the data processing is entitled to demand a confirmation that personal data are processed by him or that this is not the case. Where data is processed, the GDPR establishes various rights (e.g. the right to obtain a copy of the data).
- Right to rectification
The data subject shall have the right to request the controller to rectify any inaccurate personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
- Right to erasure (“right to be forgotten”)
The data subject has the right to request that personal data relating to him/her be deleted immediately and the personal data must be deleted immediately if one of the reasons listed in the GDPR applies, for example that the data are no longer necessary for the purpose for which they were collected.
- Right to restriction of processing
In certain cases, the data subject has the right to require the GDPR to restrict the processing of data. If such a restriction is requested, the data may only be retained, but may no longer be processed.
- Right of notification
According to the GDPR, all recipients to whom personal data have been disclosed must be informed of any correction or deletion of personal data or any restriction on processing, unless this proves impossible or involves disproportionate effort.
- Right to data transferability
The data subject has the right to receive the data that he has provided in a structured, common and machine-readable format and has the right to transfer this data to another data controller, for example to change the service provider. However, this right can only be exercised if the data processing is based on the consent of the data subject or on a contract.
- Right to object
The data subject shall also have the right to object at any time, for reasons arising from his or her particular situation, to certain processing of personal data relating to him or her, including profiling based on these provisions. Subsequently, the data may no longer be processed, unless the data processor can prove compelling reasons for the processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her for the purposes of such advertising, including profiling in so far as it is related to such direct marketing.
- Right to waive an automated decision in individual cases
In addition, the data subject has the right not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or her or significantly affects him or her in a similar manner.
- Right to be informed of data protection violations
Should the provisions on the protection of personal data be violated, the person affected by the violation will be informed, provided that this entails a high risk for personal rights and freedoms.
Special protection for children
Furthermore, the GDPR also provides special protection for children. For example, in the case of services offered directly to a child, consent to the processing of the child’s data must be given or authorised by the holder of parental responsibility, whereby the age limit in question may be defined differently in the various countries within the scope of application of the GDPR.
Technical measures for data security
We protect personal data through appropriate technical and organisational security measures and store them on secure servers. The website is protected against manipulation by the usual state-of-the-art measures and against access, modification or distribution by unauthorised persons. This includes taking data protection aspects into account as early as the planning phase of our services (“privacy by design”), and our new products or services are offered with data protection-friendly default settings (“privacy by default”).
Transfer of data to third parties
We are entitled to pass on your personal data to service providers for the purposes of the contract, including abroad. These are, for example, cloud service providers, other companies in the group, other providers of services relevant to the provision of corporate services, including, for example, IT service providers, management consultants and lawyers, and public authorities. These third parties are also obliged to comply with the legal provisions on data protection. A complete list of the data processors involved can be requested from us
Third party software
Third-party software is integrated on our website and applications. This is done in particular with the purpose of better understanding the interests of the user and for targeted communication, especially for marketing purposes.
Below supplementary information on the corresponding third-party applications, whereby these companies are also legally obliged to respect the provisions of the DSGVO:
- Google Analytics / Google Analytics for Firebase
Our applications use Google Analytics for Firebase, an app analytics service of Google Inc. “(“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics for Firebase collects data to better understand how users interact with the app in order to optimise the app. By using the applications, the user agrees to the data processing by Google as described above and for the mentioned purpose.
This website also uses plugins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). If you visit our website from Internet pages equipped with such a plugin, a connection to the Facebook servers is established. This transmits to the Facebook server which of our Internet pages you have visited in detail. If you are logged in as a member of Facebook, Facebook assigns this information to your personal Facebook user account. When using the plugin functions (e.g. clicking the “Like” button, submitting a comment) this information is also assigned to your Facebook account, which you can prevent by logging out before using the plugin. You can find more information on the collection and use of data by Facebook, on your rights in this regard and on ways to protect your privacy in the Facebook data protection information.
Our applications use Amplitude to better understand and optimize user behavior. Amplitude stores personal data in the form of generic IDs including timestamps and numerous other information, such as user ID, platform, device type, app version, geo-information, possibly the mobile phone provider, device language or browser details. This data does not constitute personally identifiable information for Amplitude. IP addresses are not stored. Furthermore, we are not aware of any other data that would allow Amplitude to repersonalize the data. Amplitude is certified under the US-EU data protection agreement “Privacy Shield” and is thus committed to comply with the EU data protection regulations.
The User ID, which Amplitude stores, is provided by us and enables a cross-platform understanding of user behavior. The user ID is a pseudonymised ID generated by us on demand and is not stored in our own database. A repersonalization of this user ID is theoretically possible if the algorithm is known, full access to the database by us, considerable resources are used for it and fully automatic machine-readable access to the amplitude user data exists. We have neither the possibility nor the interest to have fully automatic and machine readable access to the user data stored at Amplitude. We use the data stored at Amplitude only via the user interface provided by Amplitude and only in aggregated form.
Content & Links
All content on this page has been carefully checked and is continuously updated. We make every effort to provide accurate and complete information, however, we do not take any responsibility, guarantee or liability whatsoever, that all content is correct, complete or up-to-date. We reserve the right to change information on this website at any given point, without prior notification, and take no obligation to update respective information.
We have no influence on the content of external websites that are accessible via links on our website. We therefore accept no responsibility for the content of these external websites. The respective provider or operator of the sites is always responsible for the content of the linked sites. The linked sites were checked for possible legal violations at the time of linking. Illegal contents were not identifiable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. We will remove such links as soon as we become aware of any infringements.