BLACK FRIDAY SPECIAL: 50% on all single treatments and 30% on packages - Book your appointment now

Data Protection

General

We at Studio Naturel GmbH take the protection of your personal data very seriously. Your personal data will be treated confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible. By using this website, you agree to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to you. Personal data, in particular name, address or email address, are collected on a voluntary basis wherever possible. The data will not be passed on to third parties without your consent.

With this privacy policy we inform you about which personal data we process about you, for what purposes it is used, to whom it is passed on and what rights you are entitled to as a result of the processing of your personal data.

 

Processing of personal data

Personal data is all information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, alteration, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, we process personal data – to the extent and insofar as the EU GDPR is applicable – in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR:

 

  • Consent (Article 6 (1) sentence 1 lit. a. GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
  • Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Article 6 (1) sentence 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Protection of vital interests (Article 6 (1) sentence 1 lit. d. GDPR) – Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests (Article 6 (1) sentence 1 lit. f. GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.
  • Application process as a pre-contractual or contractual relationship (Art. 9 Para. 2 lit. b GDPR) – If, as part of the application process, special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data, such as severe disability status or ethnic origin) are requested from applicants so that the controller or the data subject can exercise the rights arising from employment law and social security and social protection law and fulfill his or her obligations in this regard, their processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, in the case of protecting the vital interests of the applicants or other persons in accordance with Art. 9 Para. 2 lit. c. GDPR or for the purposes of healthcare or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 Para. 2 lit. h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

 

We process personal data for the period necessary for the respective purpose or purposes. If longer retention periods are required due to legal and other obligations to which we are subject, we restrict processing accordingly.

 

responsible person

Responsible for the processing of your personal data is:

Studio Naturel GmbH
Lindenstrasse 37
8008 Zurich

 

Studio Naturel determines the purposes and means for which personal data are processed and is responsible for the processing and use of personal data in accordance with this privacy policy and applicable law.

Please direct any data protection concerns or questions about how we process your personal data to selma@studio-naturel.ch.

 

scope of data processing

The personal data that we process about you includes:

 

Data collected:

Contact details, skin type, skin problems, allergies, products used, skin diseases, medications

 

Data collected:

Contact details, health information (allergies, well-being, injuries, illnesses, physical limitations), treatment preferences, treatment data (techniques, products, results, recommendations)

 

Data collected:

Contact details, health history including existing illnesses, allergies, medications, past treatments/procedures, skin type, medical findings, cosmetic treatment goals, before/after images

 

purposes of processing your personal data

We process your personal data for the above-mentioned purposes:

 

Purposes of data processing:

The data collected is used to carry out and adapt cosmetic treatments according to the wishes and needs of the customer. They enable recommendations for skin care products and help to avoid allergic reactions. The data as a whole is used to document the treatment in order to achieve better results. The contact details are used for communication with the customer and for the newsletter.

 

Purpose of processing:

The data collected is used to adapt the (wellness) treatment to individual needs and to provide advice on how to improve well-being. They ensure that the treatment can be carried out safely and without negative effects. The data as a whole is used to document the treatment in order to achieve better results. The contact details are used for communication with the customer and for the newsletter.

 

Purpose of processing:

The data collected is used to carry out the most appropriate treatment and to document aesthetic treatments. They enable the treatment methods to be adapted to individual needs and help to avoid allergic reactions or health complications. In addition, the contact details are used for communication with the customer and for the newsletter.

 

Relevant legal bases for data processing

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following legal bases apply:

  • for obtaining consent Art. 6 para. 1 lit. a and Art. 7 GDPR
  • for processing to fulfill our services and carry out contractual measures as well as answering inquiries Art. 6 para. 1 lit. b GDPR,
  • for processing to fulfill our legal obligations Art. 6 para. 1 lit. c GDPR
  • for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f GDPR
  • in the event that vital interests of the data subject or of another natural person require processing of personal data, Art. 6 (1) (d) GDPR.

 

 

Transmission of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

 

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only process the data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to it, input, transfer, ensuring availability and separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to data threats. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

 

Data protection for handwritten customer forms and medical questionnaires

If you fill out our customer forms by hand, we collect the data you provide for appointment booking and for the newsletter.

The medical questionnaires you fill out by hand are used to assess the possibility of treatment and to choose the most appropriate one.

 

Data protection for contact forms for online bookings

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. This data is only used for the newsletter or for making appointments. Medical data is used exclusively to review treatment options and to select the most suitable treatment. We will not pass on this data without your consent.

 

Data protection for the comment function

Privacy policy for comment function on this website

For the comment function on this website, in addition to your comment, information on the time the comment was created, your email address and, if you do not post anonymously, the user name you have chosen will be stored.

 

Storage of the IP address:

Our comment function stores the IP addresses of users who write comments. Since we do not check comments on our site before they are published, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

 

Subscribe to comments:

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to check whether you are the owner of the email address provided. You can unsubscribe from this function at any time using a link in the information emails.

 

Paid services

In order to provide paid services, we will ask for additional data, such as payment details, in order to be able to bill you for the service you have booked. We store this data in our systems until the statutory retention periods have expired.

 

Duration of storage of personal data

We will retain your personal data for as long as necessary for the purposes for which the data is collected or until you withdraw your consent or as long as we have a legitimate interest in retaining personal data, for example to enforce or defend claims.

 

Privacy Policy for Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We would like to point out that Google Analytics has been extended on this website to include the code «_anonymizeIp();» in order to ensure that IP addresses are recorded anonymously. This means that IP addresses are processed in a shortened form, which means that they cannot be linked to a person. If the data collected about you is personally identifiable, this will be excluded immediately and the personal data will be deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

Google Analytics uses cookies. The information on your use of this website generated through the cookie is usually transferred to a Google server in the USA and stored there. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: Deactivate Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This will save a so-called opt-out cookie on your data storage device, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, i.e. you must set the opt-out cookies again if you want to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

 

Google Fonts privacy policy

Google Fonts are used on this website. As far as we know, Google does not store any personal data. However, for technical reasons, your IP address must be transmitted to Google so that the fonts can be transferred to your browser. You can find more information from Google about Google Fonts here.

Use of Google Maps Type and purpose of processing:
We use Google Maps on this website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal data protection settings in the data protection center.

Detailed instructions on how to manage your data in connection with Google products can be found here.

 

social media

As part of our social media activities on Instagram, TikTok and Facebook, we process personal data in accordance with the applicable data protection regulations and this data protection declaration.

 

Your rights regarding your personal data

You generally have the following rights with regard to your personal data that we process:

 

right to information

According to Art. 8 DSG you have the right to inquire with the responsible body about the personal data that we have processed about you and to receive a copy of your personal data.

In any case, we will provide you with the following information based on your written request for information: identity and contact details of [Name Studio], the personal data being processed, the purpose of the processing, the retention period of the personal data or the criteria for determining this period, the available information on the origin of the personal data (if this was not obtained from the data subject), if applicable, the recipients or categories of recipients to whom personal data is disclosed, and the guarantees taken for any data transfer to a third country without an adequate level of data protection.

 

right to rectification

According to Art. 5 Para. 2 DSG, you have the right to request the correction of incorrect or incomplete data.

 

right to erasure

According to Art. 5 Para. 2 DSG, you have the right to request the deletion of your personal data under certain conditions set out in the data protection law.

 

right to restriction of data processing

According to Art. 12 DSG, you have the right to request that the processing of your personal data be restricted if, for example, the accuracy of the personal data is contested or the personal data has been processed unlawfully.

 

right to data disclosure and transfer

According to Art. 20 DSG, you are entitled, under the conditions set out in the applicable data protection law, to request that we provide you with your personal data in a common electronic format so that you can subsequently transmit this data to another person responsible for processing it.

When exercising your right to data portability, you also have the right to have us transmit your personal data directly to the new controller, provided this is technically feasible and reasonable.

 

Right to object to consent

According to Art. 4 DSG, you have the right to object to the further processing of your personal data, for example if the processing is based on our legitimate interest.

 

right to withdraw consent

If we process personal data on the basis of your consent, you have the right to revoke this consent at any time in the same form and in the same manner as you originally gave it. The legality of the processing of personal data prior to the revocation remains unaffected. Even after the revocation of consent, we may continue to process your personal data insofar as this is required or permitted by law.

 

right to complain

You can lodge a complaint regarding the processing of your personal data with the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, email: info@edoeb.admin.ch, as the competent supervisory authority.

 

General Liability Committee

All information on our website has been carefully checked. We make every effort to ensure that our information is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee that information, including information of a journalistic or editorial nature, is complete, correct and up-to-date. Liability claims for damages of a material or immaterial nature caused by the use of the information provided are excluded unless there is evidence of intentional or grossly negligent fault.

The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the content of this website. Use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages such as direct, indirect, incidental, specifically determined in advance or consequential damages allegedly caused by visiting this website and therefore assume no liability for this.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher therefore expressly distances itself from all third-party content that may be relevant under criminal or liability law or that violates common decency.

 

Changes

We may amend this privacy policy at any time without prior notice. The most recent version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of the change by email or in another appropriate manner in the event of an update.

 

Questions to the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection listed at the beginning of the data protection declaration.

Contact | Appointment