DATA PROTECTION

1 Responsibility

​

1.1 Data Controller

The data controller pursuant to Art. 5 of the Data Protection Act is:

Marlene Boehm

Feldstrasse 43 

8400 Winterthur 

Phone: +41 78 889 52 25

Email: info@atelierboehm.ch

1.2 Questions for the Data Protection Officer

If you have any questions regarding data protection, please send us a message or contact the person listed above directly.

​

2 General Information

​

In accordance with Article 13 of the Federal Constitution of the Swiss Confederation and the federal data protection regulations (Data Protection Act, DPA), every person has the right to have their privacy protected and to know that their personal data is safeguarded against misuse. We, the operators of this website, place the highest priority on the careful handling of your personal data. This data is treated confidentially in accordance with applicable legal data protection requirements and in accordance with this Privacy Policy.

In cooperation with our hosting service providers, we strive to optimally secure our databases against unauthorized access, data loss, improper use, or data falsification.

It is important to note that the transmission of data over the Internet (e.g., during email correspondence) may have vulnerabilities. Therefore, complete protection of data against unauthorized access by third parties cannot be guaranteed.

By using this website, you consent to the collection, processing, and use of data in accordance with the explanations below. You can generally visit this website without prior registration. During such a visit, information such as the pages accessed, file names, and the date and time of the visit is recorded on the server, without this information being directly linked to you personally. Personal data such as name, address, or email address is, as far as possible, collected only on a voluntary basis.

​

3 Processing of Customer Data

​

We process our customers’ data in accordance with the data protection regulations of Switzerland (Data Protection Act, DSG) and the EU General Data Protection Regulation (GDPR), specifically in the context of our contractual services.

Within this framework, we process:

Master data (e.g., customer master data such as names, addresses)

Contact data (e.g., email addresses, phone numbers)

Content data (e.g., text entries)

Contract data (e.g., subject matter of the contract, term)

Payment data (e.g., bank details, payment history)

Usage and metadata (e.g., for the evaluation and performance measurement of marketing measures)

The data subjects affected by the processing include our customers, prospects, their customers, users, website visitors, or employees, as well as third parties. The purpose of the processing is to provide contractual services, billing, and our customer service.

The legal basis for processing is provided by Article 6(1)(b) of the GDPR (contractual services) and Article 6(1)(f) of the GDPR (analysis, statistics, optimization, and security measures). Data required to establish and fulfill contractual obligations is processed, and we note that providing such data is necessary.

Data is only disclosed to third parties to the extent necessary within the scope of an order. When processing data entrusted to us within the scope of an order, we act in accordance with the client’s instructions and the legal requirements for data processing on behalf of a client pursuant to Article 28 of the GDPR.

We delete the data as soon as statutory warranty or similar obligations have expired. The necessity of data retention is reviewed at irregular intervals. In the case of statutory archiving obligations, deletion occurs upon their expiration. Data provided to us by clients within the scope of an order is deleted in accordance with the contractual agreements and in compliance with legal provisions, generally upon completion of the order.

​

4 Provision of the Online Service and Web Hosting

​

4.1 Online Service

To ensure the secure and effective availability of our online service, we rely on the services of one or more web hosting providers. The servers of these providers, or servers administered by them, enable access to our online service. In this context, we make use of infrastructure and platform services, computing power, storage capacities, database services, security measures, and technical maintenance services.

The information processed during the hosting service may include all data relating to the users of our online service that is generated during use and interaction. This generally includes IP addresses, which are necessary for delivering online content to the respective browsers, as well as all entries made within our online offering or on linked websites.

4.2 Email Transmission and Email Hosting

The web hosting services we use also include the transmission, receipt, and storage of electronic messages (emails). In this context, the email sender and recipient addresses, additional information regarding email transmission (such as the service providers involved), and the content of the respective emails themselves are processed. This data may also be used for the purpose of spam detection. It should be noted that the transmission of emails over the internet generally takes place unencrypted. Although emails are often encrypted during transmission, this generally does not occur on the servers from which the emails are sent or received, unless an end-to-end encryption method is used. Accordingly, we cannot assume any liability for the transmission path of the emails between the sender and our server.

4.3 Collection of Access Data and Log Files

The service provider for this website automatically collects and archives information in so-called server log files, which are transmitted to us by your web browser without your active intervention. This information includes:

Type and version of the browser

Operating system used

Referrer URL

Hostname of the computer accessing the site

Time of the request to the server

IP addresses

Please note that the storage of IP addresses is mandatory under Swiss law. This recorded data cannot be directly linked to a specific individual. This information is not combined with other data sources. However, we reserve the right to investigate this data retrospectively should we become aware of concrete evidence of illegal use.

​

5 What data do we collect and for what purpose

​

5.1 Contact form

If you submit inquiries to us using the contact form provided on this website, the information you provide in this form, including your contact details, will be stored for the purpose of processing your inquiry and any follow-up questions. This data will not be disclosed to third parties without your express consent.

​

6 Data Security

​

6.1 General Information

The information generated through your use of the website is stored on servers located in Switzerland or the European Union. Although internet communication is not considered completely secure, our website and associated systems are protected by technical and organizational measures. These measures are designed to prevent loss, damage, unauthorized access, alteration, or disclosure of data to unauthorized third parties. Nevertheless, we cannot provide an absolute guarantee of the security of data transmission over the Internet.

6.2 Secure Socket Layer

For security purposes and to protect the transmission of sensitive content, such as inquiries you send to us as the operator of this website, SSL/TLS encryption technology is used. A secure connection is indicated by the change in the URL in the browser’s address bar from “http://” to “https://” and by the presence of a lock icon in the browser bar.

When SSL or TLS encryption is activated, unauthorized third parties cannot view the data you send to us.

​

7 Your Rights

​

7.1 Right of Access

Any person whose personal data is being processed is entitled at any time to request, free of charge, information about the personal data concerning them that is stored by the operator of this website, as well as a copy of that information. In addition, information may be provided as needed regarding the following details:

the intended purposes of processing

the categories of personal data subject to processing

the recipients or categories of recipients to whom the personal data has been or will be disclosed

if feasible, the envisaged storage period for the personal data; if this is not feasible, the criteria for determining this period

the existence of a right to rectification or erasure of the personal data concerning them or to restriction of processing by the controller, as well as a right to object to such processing

the existence of a right to lodge a complaint with a competent supervisory authority

if the personal data were not collected from the data subject, any available information regarding the source of the data

In addition, the data subject has the right to be informed whether their personal data have been transferred to a third country or to an international organization. If this is the case, the data subject is also granted the right to receive information about the appropriate safeguards in the context of the data transfer.

To exercise this right of access, you may contact our company’s data protection officer at any time.

7.2 Right to Rectification

Any person affected by the processing of personal data has the right to request the prompt correction of inaccurate personal data concerning them. Furthermore, the data subject is granted the right to request the completion of incomplete personal data, taking into account the purposes of the processing, if necessary by providing an additional explanatory statement.

To exercise this right to rectification, you may contact our organization’s Data Protection Officer at any time.

7.3 Right to Erasure

Any person whose personal data is being processed has the right to request from the controller of this website the immediate erasure of the personal data concerning them, provided that one of the following grounds applies and provided that the data processing is not indispensable:

The personal data was collected or otherwise processed for purposes for which it is no longer needed.

The data subject withdraws the consent on which the processing was based, and there is no alternative legal basis for the processing.

The data subject objects to the processing of the data on the basis of their specific situation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and the associated profiling.

The personal data has been processed unlawfully.

The erasure of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

The personal data was collected in relation to information society services offered that were directed directly at a child.

If any of the above grounds apply and you wish to request the deletion of the personal data stored by the operator of this website, you may contact our data protection officer at any time for this purpose. The data protection officer of this website will arrange for the deletion without delay.

7.4 Right to Restriction of Processing

Any person whose personal data is being processed has the right to request that the controller of this website restrict the processing if any of the following conditions are met:

The data subject disputes the accuracy of the personal data, for a period of time sufficient to allow the controller to verify the accuracy of the personal data.

The processing is unlawful, and the data subject opposes the erasure of the personal data but instead requests the restriction of its use.

The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.

The data subject has objected to the processing for reasons arising from their particular situation, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If any of the above conditions apply and you wish to request the restriction of personal data stored by the operator of this website, you may contact our data protection officer at any time. The data protection officer of this website will arrange for the restriction of processing.

​​

​

8 General Disclaimer

​

All information on our website has been reviewed with the utmost care. We strive to continuously update the data and information provided and to present it in a factually accurate and complete manner. Nevertheless, the occurrence of errors cannot be entirely ruled out. Therefore, we assume no liability for the completeness, accuracy, or timeliness of the journalistic and editorial content provided. Liability claims arising from material or non-material damages resulting from the use of the information provided are excluded, unless intent or gross negligence can be proven.

The publisher reserves the right to modify or delete content without prior notice and is under no obligation to update the content of this website. Access to and use of this website are at the user’s own risk. Neither the publisher, its clients, nor its partners shall be liable for any direct, indirect, incidental, special, or consequential damages allegedly arising from the visit to or use of this website.

Furthermore, the publisher assumes no liability for the content or availability of third-party websites accessible via external links on this website. The operators of the linked sites are solely responsible for their content. The publisher hereby explicitly distances itself from any third-party content that may be relevant under criminal or tort law or that violates public decency.

​

9 Changes

​

We reserve the right to change this Privacy Policy at any time and without prior notice. The current version of the Privacy Policy is published on our website and is effective as of the date of publication. If the Privacy Policy is part of an agreement with you, we will notify you of any changes via email or by other appropriate means in the event of an update. It is therefore advisable to consult this Privacy Policy regularly to stay up to date.

Winterthur 2026