Contract Design Lab (contractdesignlab.com)
The protection of your personal data is of the utmost importance to us. We therefore process your data exclusively on the basis of the applicable statutory provisions, in particular the General Data Protection Regulation (Regulation (EU) 2016/679; “GDPR”) and the Swiss Federal Act on Data Protection (FADP). This Data Protection Declaration informs you about the nature, scope, and purposes of the collection and processing of personal data when using our website.
1. Controller
The controller within the meaning of Art. 4(7) GDPR and Art. 5 lit. j FADP is:
Alexander Stremitzer
ETH ZĂĽrich, IFW E49
Haldeneggsteig 4
8092 Zurich, Switzerland
Rathausstrasse 19/3/23
1010 Vienna, Austria
Email: astremitzer@ethz.ch
2. Categories of Personal Data
We process the following categories of personal data when you register and use our services: User name, Email address, Date and time of account creation, Date and time of last login.
Providing a username and email address is mandatory for the creation of an account. Without this information, participation in our services is not possible.
3. Purpose and Legal Basis of Processing
Your personal data will be processed exclusively for the following purposes:
- Administration and provision of your user account
- Provision of course-related information and services
- Informing registered users about new material being made available
The legal basis for processing is Art. 6(1)(b) GDPR and Art. 31 Abs. 2 lit. a FADP (performance of a contract) insofar as processing is necessary for the provision of our contractual services.
Your data will not be used for advertising or unrelated purposes.
4. Payment Processing
Payment transactions are handled via Stripe Payments Europe, Ltd., located at The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland, and Stripe, Inc., San Francisco, USA.
Stripe acts as an independent controller within the meaning of the GDPR. Stripe stores customer data relating to European users in Europe. The applicable privacy policy and Data Processing Agreement can be accessed at: https://stripe.com/privacy
The transfer of payment data to Stripe is based on Art. 6(1)(b) GDPR and Art. 31 Abs. 2 lit. a FADP (performance of a contract).
5. Use of Third-Party Services (Vimeo)
Our website contains embedded videos provided by Vimeo. When you access a page containing such an embedded video, your browser establishes a direct connection to Vimeo’s servers. Vimeo may receive information including your IP address, browser type, and information about your interactions with the video.
Further information on Vimeo’s data protection practices can be found at: https://vimeo.com/privacy
6. Data Retention and Erasure
We retain your personal data only for as long as is necessary for the performance of the contract and in compliance with statutory retention obligations.
You may request deletion of your account at any time by sending an email to the contact listed in Section 1. Upon deletion, all personal data stored in connection with your user account will be erased without undue delay, unless statutory retention obligations require continued storage. In this case, your data will be restricted from further processing until the retention period has expired.
7. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR and Art. 21 FADP.
8. Rights of the Data Subject
You have the following rights with regard to your personal data under the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with the competent supervisory authority.
For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC):
https://www.edoeb.admin.ch/edo...
9. Amendments
We reserve the right to amend this Data Protection Declaration at any time in order to ensure compliance with current legal requirements or to reflect changes to our services. The version published on our website at the time of your visit shall apply.