Privacy policy

Status: 5 November 2025

Responsible party

eos guitar quartet
c/o marcel ege
Ursprungstrasse 1c
CH-8044 Gockhausen
T +41 44 271 06 51

E-Mail-Adresse: ege@guitar-ege.ch

Overview of processing

The following overview summarises the types of data processed and the purposes for which they are processed, and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of data subjects

  • Service recipients and clients.
  • Prospective customers.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Office and organisational procedures.
  • Organisational and administrative procedures.
  • Feedback.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.
  • Business processes and business management procedures.

Relevant legal basis

Relevant legal basis under Swiss data protection law: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (abbreviated to ‘Swiss DSG’). Unlike the GDPR, for example, the Swiss FADP does not generally require a legal basis for the processing of personal data to be specified and stipulates that the processing of personal data must be carried out in good faith, lawfully and proportionately (Art. 6 (1) and (2) of the Swiss FADP). In addition, we only collect personal data for a specific purpose that is recognisable to the data subject and only process it in a manner that is compatible with this purpose (Art. 6 para. 3 of the Swiss DSG).

Security measures

In accordance with legal requirements, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability and separation relating to it. Furthermore, we have established procedures to ensure that the rights of data subjects are exercised, data is deleted and responses are made to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Transfer of personal data

In the course of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

International data transfers

Disclosure of personal data abroad: In accordance with the Swiss Federal Act on Data Protection (FADP), we only disclose personal data abroad if adequate protection of the persons concerned is guaranteed (Art. 16 FADP). If the Federal Council has not determined that adequate protection is provided (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by a Swiss adequacy decision dated 7 June 2024. In addition, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and set out contractual obligations to protect your data.

This double safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard data protection clauses serve as additional security. Should changes arise within the framework of the DPF, the standard data protection clauses serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

We will inform you whether individual service providers are certified under the DPF and whether standard data protection clauses are in place. The list of certified companies and further information on the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English).

Appropriate security measures apply to data transfers to other third countries, including international agreements, specific safeguards, standard data protection clauses approved by the EDÖB, or internal company data protection regulations that have been pre-approved by the EDÖB or a competent data protection authority in another country.

General information on data storage and deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or there are no further legal grounds for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the storage and deletion of data that applies specifically to certain processing procedures.

If there are several specifications regarding the retention period or deletion deadlines for a piece of data, the longest period shall always apply. We process data that is no longer required for its original purpose but is retained due to legal requirements or other reasons exclusively for the reasons that justify its retention.

Storage and deletion of data: The following general periods apply to storage and archiving under Swiss law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices, as well as all necessary work instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).

10 years – Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for processing related enquiries, based on previous business experience and customary industry practices, is stored for the statutory limitation period of ten years, unless a shorter period of five years is applicable in certain cases (Art. 127, 130 OR). After five years, claims for rent, lease and capital interest as well as other periodic payments, for the delivery of food, for meals and for innkeeper's debts, as well as for craftsmanship, small-scale sales of goods, medical services, professional services provided by solicitors, legal agents, attorneys and notaries, and from the employment relationship of employees (Art. 128 CO).

Business services

We process data relating to our contractual and business partners, e.g. customers and interested parties (collectively referred to as ‘contractual partners’), within the framework of contractual and comparable legal relationships and associated measures, and with regard to communication with contractual partners (or pre-contractual), for example to respond to enquiries.

We use this data to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of administrative tasks associated with these obligations and for company organisation. We also process the data on the basis of our legitimate interests in both proper and economic business management and in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, within the framework of this data protection declaration.

We inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for archiving for legal reasons (e.g. for tax purposes, generally ten years). We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications and, as a rule, after the end of the order.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact details (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
  • Data subjects: Service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; communication; office and organisational procedures; organisational and administrative procedures. Business processes and business management procedures.
  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.
  • Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Provision of online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Log data (e.g. log files relating to logins or the retrieval of data or access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods and services:

Collection of access data and log files: Access to our online offering is logged in the form of so-called ‘server log files’. Server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks), and to ensure server utilisation and stability; legal basis: legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that needs to be kept for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

Use of cookies

The term ‘cookies’ refers to functions that store and read information on users' end devices. Cookies can also be used for various purposes, such as to ensure the functionality, security and convenience of online services and to analyse visitor traffic. We use cookies in accordance with legal requirements. To this end, we obtain the consent of users in advance if necessary. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and retrieval of information is essential in order to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about their scope and which cookies are used.

Information on the legal basis for data protection: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. This allows, for example, the log-in status to be stored and preferred content to be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage duration of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users may revoke their consent at any time and also object to the processing in accordance with the legal requirements, including through the privacy settings of their browser.

  • Types of data processed: Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR

Further information on processing procedures, methods and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers specified in the consent management solution. This procedure is used to obtain, log, manage, and revoke consent, in particular with regard to the use of cookies and similar technologies that are used to store, read, and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers specified in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements.

  • Storage takes place on the server side and/or in a cookie (known as an opt-in cookie) or using comparable technologies in order to be able to assign consent to a specific user or their device. If no specific information is available about the providers of consent management services, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, details of the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used; legal basis: consent (Art. 6(1)(a) GDPR).

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, telephone, or social media) and within the scope of existing user and business relationships, the information provided by the inquiring persons will be processed to the extent necessary to respond to contact inquiries and any requested actions.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., text or image messages and posts, as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion.”
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing procedures, methods, and services:

  • Contact form: When you contact us via our contact form, by email, or through other means of communication, we process the personal data you provide in order to respond to and process your request. This usually includes information such as your name, contact details, and, if applicable, other information that you provide and that is necessary for us to process your request appropriately. We use this data exclusively for the stated purpose of establishing contact and communication; legal bases: fulfillment of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Newsletters and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter referred to as ‘newsletters’) exclusively with the consent of the recipients or on a legal basis. If the content of the newsletter is specified during registration, this content is decisive for the consent of the users. To subscribe to our newsletter, it is usually sufficient to provide your e-mail address. However, in order to offer you a personalised service, we may ask you to provide your name so that we can address you personally in the newsletter, or to provide further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of verifying that it has been carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents:

Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
    Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Created with the free Datenschutz-Generator.de from Dr. Thomas Schwenke.

Translated with DeepL.com (free version)