We only process personal data that we need to provide our services, namely the following categories of personal data:
Personal details: in particular first and last name, single name, home address, place of residence, nationality, telephone number, e-mail address, age, date of birth, gender, marriage status, family members, details of a potential emergency contact, photograph;
Data in connection with the marketing of Services: in particular newsletter opt-ins and opt-outs, invitations and participation in events and special activities, personal preferences and interests, consultation protocols;
Data related to the use of our Services, server log (which is mostly non-personal data): in particular, connection data, IP address and other identifiers (e.g. social media username, MAC address of smartphone or computer, data from cookies and similar technologies), date and time of the visit to the Service, duration of the visit to the Service, requested internet address (uniform resource locator, URL), referrer URL (i.e. the internet address of the website from which you accessed our website, if applicable with the search term used), browser type and version, operating system used, amount of data sent in bytes, geolocation data;
Communication data: in particular, preferred communication channel, correspondence with MusicBird (including records of communication);
We receive personal data from:
Direct sources: Generally, we process personal data that we receive directly from you, for example, in the course of our business relationship, while you visit the Services, at events organised by MusicBird, or in direct communication by email, telephone or other means.
Indirect sources: In certain cases we may collect personal data indirectly. This is when someone else (e.g. a friend of yours) recommends you to us. We may also purchase additional information from data sources (e.g. credit reference agencies, social media, address brokers). We can obtain personal data from publicly accessible sources (e.g. from debt enforcement registers or debtor lists, land registers, trade and association registers, the press, the internet). In individual cases, it is possible that personal data is derived from the combination of various non-personal data.
We process personal data in accordance with the provisions of the Swiss Data Protection Act (DPA):
4.1 For the performance of contracts
We process personal data in direct connection with the conclusion and performance of contracts. The purposes of data processing are primarily determined by the specific Service. The relevant additional data protection information, in particular the specific processing purposes, can be found in the respective contractual documents, including terms and conditions.
4.2 To comply with legal obligations
We process personal data where there is a legal or regulatory obligation to do so. Processing purposes may include in particular:Documentation of compliance with certain legal and regulatory requirements;Assisting in investigations and proceedings, cooperating with and responding to enquiries from authorities and courts.
4.3 Based on your consent
If you have given us your consent for certain processing purposes, such consent will form the legal basis for the processing.
4.4 For the protection of legitimate interests
We process personal data if this is necessary to protect the legitimate private interests of us or of third parties or to protect legitimate public interests. Examples:
Ensuring IT security and IT operations: in particular troubleshooting, operation and further development of our IT systems and our Services, identity checks;
Quality control: in particular, reporting on users, transactions, activities, Services and other business aspects of MusicBird for business management and development, compiling statistics, budgets, records and management information, organising business operations, project management, research, development and enhancement of services;
Advertising: in particular market and opinion research, web analytics and tracking (e.g. via cookies), improving our visibility, promoting the content of our Services, sending newsletters and promotional material, personalised offers (e.g. via web banner advertising);
Client management: in particular, maintaining and developing client relationships, running client programmes, providing preferential services, granting special conditions and promotions, managing memberships, managing the users of our Services, communication, client service and support, including outside of contract execution;
Risk management: in particular consultation of and data exchange with information agencies to determine creditworthiness and default risks;
Ensuring compliance: in particular, monitoring compliance with internal rules of MusicBird;
Carrying out corporate transactions: in particular the sale or purchase of business divisions, companies or parts of companies and the associated transfer of personal data;
Dealing with legal disputes: in particular assertion of legal claims and legal defence;
Self-protection and protection of third parties: in particular protection of third parties and our employees, our data, business secrets and assets as well as assets entrusted to us, safeguarding of property rights, security of our facilities and buildings (e.g. access controls, video surveillance);
Prevention and investigation of criminal offences: in particular, combating abuse, collecting evidence in the case of offences [such as robberies and fraud].
Most of the cookies we may use are so-called session cookies. They save your entries while you are navigating the website within the same session. Session cookies are automatically deleted once you have finished visiting our website. Permanent cookies, on the other hand, remain stored on your device over several sessions and enable us to recognise your browser the next time you visit the website (and, for example, to display the website in your preferred language). Such permanent cookies are deleted when they expire or when you delete them.
You can block or delete cookies and similar technologies via the privacy settings of your browser and e-mail programme, although deletion may affect your use of the Services.
Within MusicBird, access to your data is granted to those positions that require it for the fulfilment of the outlined processing purposes.
In addition, we may disclose personal data to the following categories of third parties, provided that the disclosure serves the fulfilment of the aforementioned processing purposes:
processors on behalf of MusicBird, including service providers;
group companies of MusicBird;
business partners, including distributors and suppliers;
clients of MusicBird;
acquirers of, or parties interested in acquiring, divisions, companies or other parts of MusicBird;
other parties to potential or actual legal proceedings;
local, national and foreign governmental authorities and agencies;
the public, including visitors to MusicBird’s website and social media.
We may transfer personal data to any country in the world, in particular to all countries where our data processors process personal data. Personal data may be transferred to a country without adequate data protection, if:
We reserve the right to redact such copies for reasons of data protection or confidentiality;
you give your express consent;
it is necessary for the performance of a contract with you or a contract in your interest;
it is necessary for the fulfilment of a legal obligation;
it is necessary to protect overriding public interests, to establish, exercise or enforce legal claims or to protect the life or physical integrity of you or a third party;
you have made the personal data generally accessible and do not expressly prohibit processing;
or the personal data originates from a register provided for by law which is accessible to the public or to persons with a legitimate interest, provided that the legal prerequisites of consultation are fulfilled in the specific case.
We keep personal data as long as it is necessary for the purpose for which we collected it. If the personal data is no longer required to fulfil the purpose, we generally delete it.
In certain cases, a contractual or legal obligation may require us to retain the data (e.g. retention of business records in accordance with the Swiss Code of Obligations). We generally store contract-related personal data for the duration of the contractual relationship and for ten years beyond the termination of the contractual relationship. For the purpose of proof, we may store personal data for the duration of the applicable limitation period, which is usually five or ten years.
Subject to an express contractual agreement, we are under no obligation to you to retain personal data for a specific period of time.
You have the right of:
access to personal data concerning you;
correction deletion or destruction of personal data;
objection to, or restriction of, the processing of personal data;
revocation of consent, if the processing of personal data is based on your consent. The revocation is possible at any time and is effective for the future. The revocation does not affect the lawfulness of the data processing that took place until the revocation;
data portability in certain cases and in a common electronic format that allows further use and transmission;
We will inform you separately about your rights in connection with any automated individual decision-making, insofar as this is prescribed by law. In principle, we do not use any methods of automated individual decision-making for the establishment and performance of any business relationship.
To exercise your rights, please address yourself to the contact point mentioned at the beginning. You can also use options that may be embedded in our Services, e.g. a link in an e-mail to unsubscribe from a newsletter. It is usually required that you clearly prove your identity in order to exercise your rights. We also draw your attention to the fact that deleting your personal data may result in certain Services no longer being available or usable in whole or in part.
We reserve the right to restrict your rights within the framework of the applicable law and, for example, not to provide complete information or not to delete data.
You have the right to lodge a complaint with the competent data protection authority, which is the Swiss Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
We would like to point out that the Internet is generally not a secure environment because it is an open network that can be accessed by anyone. Therefore, we also call on you to take personal responsibility for the handling of your personal data. To the extent permitted by law, we accept no liability for the security of data that you transmit to us via the internet or other electronic channels, or for any direct or indirect damage. We ask you to choose other communication channels if this appears necessary or reasonable for security reasons.