With this privacy policy, we provide information about the processing of personal data in connection with our activities and operations, including our website www.soniaparchet.ch. In particular, we explain for what purposes, how, and where we process which personal data. We also inform about the rights of individuals whose data we process.

For specific or additional activities and operations, further privacy policies or other data protection information may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection laws such as, in particular, the data protection regulations of the European Union (EU), including the General Data Protection Regulation (GDPR).

On July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. This adequacy decision was confirmed by the European Commission in its report dated January 15, 2024.

Responsible for the processing of personal data:

Beau Line GmbH Bachmattenweg 4 5610 Wohlen AG

sonia@soniagriffiths.ch

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties.

Data subject: A natural person whose personal data we process.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: Data concerning trade union, political, religious, or ideological views and activities; data concerning health, privacy, or ethnic or racial origin; genetic data; biometric data uniquely identifying a natural person; data concerning criminal and administrative sanctions or prosecutions; and data regarding social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used. This includes, for example, querying, comparing, adjusting, archiving, storing, retrieving, disclosing, procuring, collecting, deleting, making accessible, organizing, modifying, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

To the extent that the European General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

Art. 6(1)(b) GDPR: For the processing of personal data necessary for the performance of a contract with the data subject or in order to take steps prior to entering into a contract.

Art. 6(1)(f) GDPR: For the processing of personal data necessary for the purposes of legitimate interests – including the legitimate interests of third parties – unless such interests are overridden by the fundamental rights and freedoms of the data subject. Legitimate interests include, in particular, the sustainable, user-friendly, secure, and reliable operation of our activities, ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.

Art. 6(1)(c) GDPR: For the processing of personal data necessary for compliance with a legal obligation to which we are subject under applicable laws of EEA member states.

Art. 6(1)(e) GDPR: For the processing of personal data necessary for the performance of a task carried out in the public interest.

Art. 6(1)(a) GDPR: For the processing of personal data based on the data subject’s consent.

Art. 6(1)(d) GDPR: For the processing of personal data necessary to protect the vital interests of the data subject or another natural person.

Art. 9(2) et seq. GDPR: For the processing of special categories of personal data, particularly with the consent of the data subject.

The GDPR refers to the processing of personal data as the “processing of personal data” and the processing of sensitive personal data as the “processing of special categories of personal data” (Art. 9 GDPR).

We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The personal data processed may include categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities, insofar as such processing is legally permissible.

Where required, we process personal data with the consent of the data subjects. In many cases, we may process personal data without consent—for example, to fulfill legal obligations or protect overriding interests. We may also request consent even when it is not legally required.

We process personal data for as long as necessary to fulfill the respective purpose. We anonymize or delete personal data, in particular in accordance with statutory retention and limitation periods.

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties primarily include specialized service providers we use.

We may disclose personal data to banks and other financial institutions, authorities, educational and research institutions, consultants and legal advisors, advocacy groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.

We process personal data to communicate with third parties. In this context, we primarily process data provided by the data subject when contacting us—for example, by mail or email. We may store such data in an address book or similar tool.

Third parties transmitting data about other individuals are obliged to ensure data protection for such individuals. This includes ensuring the accuracy of the transmitted data.

We use selected services from suitable providers to improve communication with third parties.

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. These measures are designed to safeguard the confidentiality, availability, traceability, and integrity of the processed data. However, we cannot guarantee absolute data security.

Access to our website and other online services is encrypted via transport encryption (SSL / TLS, in particular using Hypertext Transfer Protocol Secure – HTTPS). Most browsers warn users before visiting websites without transport encryption.

Our digital communication is subject—like virtually all digital communication—to mass surveillance by security authorities in Switzerland, across Europe, the United States, and other countries, regardless of any specific cause or suspicion. We have no direct influence on how personal data is handled by intelligence services, police departments, or other security agencies. We also cannot rule out that individual data subjects may be specifically monitored.

As a rule, we process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer data to other countries, particularly for processing or having it processed there.

We may export personal data to any country on Earth—or elsewhere in the universe—if the laws in that location ensure adequate data protection as recognized by the Swiss Federal Council or, if the GDPR applies, by the European Commission.

We may also transfer personal data to countries that do not ensure adequate data protection, provided that appropriate safeguards are in place—especially based on standard contractual clauses or other guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate protection if specific legal conditions are met—for example, with the express consent of the data subject or in direct connection with the conclusion or performance of a contract. Upon request, we will gladly inform data subjects about applicable safeguards or provide a copy.

We grant data subjects all rights provided by applicable data protection laws. Data subjects, in particular, have the following rights:

Access: Data subjects may request confirmation of whether we process personal data about them, and if so, which data. They also receive the necessary information to exercise their data protection rights and to ensure transparency. This includes the personal data processed, the purpose of processing, retention periods, any data disclosures or transfers to other countries, and the source of the data.

Correction and Restriction: Data subjects may request the correction of inaccurate data, the completion of incomplete data, and the restriction of data processing.

Deletion and Objection: Data subjects may request the deletion of their personal data ("right to be forgotten") and may object to the future processing of their data.

Data Portability: Data subjects may request the release of their personal data or the transfer of such data to another controller.

We may delay, restrict, or refuse the exercise of these rights within the legally permissible framework. We may inform data subjects of any conditions that must be met to exercise their rights. For example, we may partially or fully deny access based on confidentiality obligations, overriding interests, or the protection of third parties. Similarly, we may refuse to delete data, particularly due to legal retention obligations.

In exceptional cases, we may charge fees for the exercise of rights. We will inform data subjects in advance of any potential costs.

We are obligated to identify data subjects who request access or wish to exercise other rights using appropriate measures. Data subjects are required to cooperate in this process.

Data subjects have the right to assert their data protection rights through legal channels or to file a complaint with a supervisory authority.

In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) is the supervisory authority for private data controllers and federal bodies.

In the European Economic Area (EEA), data protection authorities are members of the European Data Protection Board (EDPB). In some EEA member states, such as Germany, supervisory authorities are federally organized.

We may use cookies. Cookies – including first-party cookies and third-party cookies used through third-party services – are data stored in the browser. These stored data are not necessarily limited to traditional text-based cookies.

Cookies can be stored temporarily as "session cookies" or for a specific duration as so-called "persistent cookies." Session cookies are automatically deleted when the browser is closed. Persistent cookies remain stored for a defined period. Cookies make it possible, for example, to recognize a browser during a future visit to our website and thus to measure our website's reach. Persistent cookies may also be used for online marketing purposes.

Cookies can be disabled or deleted in part or in full via browser settings at any time. Without cookies, our website may no longer be fully functional. We actively request explicit consent to the use of cookies – at least where legally required.

Many services used for performance and reach measurement or advertising support a general opt-out via platforms such as AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (EDAA).

We may log at least the following information for each access to our website and other online presences – provided this data is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific pages accessed including data volume, and the referring page (referrer).

We log such information, which may be personal data, in log files. This data is necessary to ensure the permanent, user-friendly, secure, and reliable provision of our online presence. It also helps ensure data security – including by or with the help of third parties.

We may include tracking pixels (also known as web beacons) on our online platforms. These are typically small, invisible images or JavaScript scripts that are automatically loaded when someone accesses our website – including those from third-party providers. These tracking pixels can collect the same types of data as server log files.

Notifications and communications may contain web links or tracking pixels that record whether a message was opened and which links were clicked. These links and pixels may also capture this data on a personal basis. We use such statistical tracking to measure the performance and reach of our communications, so we can send them in a user-friendly and targeted way, based on recipient preferences.

As a rule, we require your consent to use your email address and other contact information, unless another legal basis applies. We may use a "double opt-in" process to collect consent: you’ll receive a message with instructions for confirming your subscription. We may log collected consents including IP addresses and timestamps for evidence and security purposes.

You can unsubscribe from notifications and communications, such as newsletters, at any time. By doing so, you can also object to performance and reach measurement. Required notifications related to our services remain unaffected.

We maintain presences on social media and other online platforms to communicate with interested individuals and share information about our activities. In connection with such platforms, personal data may be processed outside of Switzerland and the EEA.

The terms of service, privacy policies, and other provisions of the platform operators apply. These typically provide data subjects with direct rights, including the right to access.

For our Facebook presence, including "Page Insights," we are – where the GDPR applies – jointly responsible with Meta Platforms Ireland Limited (Ireland), a part of the Meta Companies (including in the U.S.). Page Insights show how users interact with our Facebook page. We use this to manage our presence in a user-friendly way.

More information about the data processing, data subject rights, and contacts for Facebook and its data protection officer can be found in Facebook's privacy policy. We have entered into the "Page Controller Addendum" with Facebook, agreeing that Facebook is primarily responsible for ensuring data subject rights. Details are provided in Facebook’s “Page Insights Information.”

We use third-party services to ensure the long-term, user-friendly, secure, and reliable operation of our activities. These may include embedded content or features, requiring IP addresses to be transmitted for technical reasons.

For statistical, security-related, and technical purposes, third parties may process data in aggregated, anonymized, or pseudonymized form. This includes performance or usage data necessary for the provision of such services.

We specifically use:

Google Services (Google LLC, USA / Google Ireland Limited): Privacy and data use info available under “Privacy & Terms,” “How Google uses data,” and “Types of cookies used by Google.”

Infomaniak (INFOMANIAK NETWORK SA, Switzerland): Hosting. See their “Data protection” resources and certifications.

Zapier (Zapier Inc., USA): For automation and integration of apps and workflows. See their "Privacy Policy," “Data Privacy at Zapier,” and “Security & Compliance.”

We use specialized tools for virtual meetings, online classes, or webinars. Relevant privacy policies and terms of use apply. We recommend muting microphones and blurring backgrounds as a general privacy practice.

Facebook (Plugins) and Instagram: Meta Platforms Ireland Limited (Ireland) and other Meta companies. Used for embedding content or allowing social sharing. See privacy policies of Facebook and Instagram.

Google Maps: For embedding interactive maps. See "How Google uses location data."

Wistia (Wistia Inc., USA): For video hosting and embedding. See “Privacy and Data Protection” and Wistia’s privacy policy.

Google Fonts: To embed fonts, icons, and logos. See “Your privacy and Google Fonts.”

We operate e-commerce and use third-party services to offer content and products efficiently.

We use secure third-party providers for payment processing. Their terms and privacy policies apply.

PayPal (incl. Braintree) (PayPal Europe / PayPal Singapore): See PayPal’s Privacy Statement and Cookie Policy.

TWINT (TWINT AG, Switzerland): For payments in Switzerland. See TWINT’s Privacy Policy and security information.

We measure the success and reach of our digital offerings. This includes analyzing the effectiveness of external links and user interactions (e.g., via A/B testing). Based on these insights, we fix bugs, improve popular content, and optimize our services.

IP addresses are usually pseudonymized using IP masking. Cookies and user profiles may be used. Profiles may include visited pages, viewed content, screen or window sizes, and rough location data. These profiles are generally pseudonymized and not used for identifying individuals. If logged into third-party services, those providers may link usage data to the user account.

We use:

Google Marketing Platform, particularly Google Analytics: Includes cross-device tracking and IP masking. Data is transmitted to Google in the USA only in exceptional cases. See their privacy policy and browser opt-out add-on.

We may modify or supplement this Privacy Policy at any time. We will communicate changes appropriately, especially by publishing the updated version on our website.