Menu
311Days
17Hours
35Min.

Buy your tickets now

Data protection

1. Scope

This privacy policy applies to the handling of personal data of visitors to our website, supporters, testimonials and other interested parties (the “data subjects”) by BadenEnergy (hereinafter “BadenEnergy”, “we” or “us”).

The Swiss Federal Act on Data Protection (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR) apply.

Please note that this privacy policy may be subject to change from time to time. The current version published on our website applies.

2. Information about the controller

BadenEnergy is the controller responsible for processing personal data within the meaning of Art. 4 No. 7 GDPR and the revDSG.

If you have any data protection concerns, please contact us at: hello@badenenergy.ch

3. Collection and processing of personal data

3.1 When you visit our website

When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is collected without your intervention:

  • Name of the file accessed
  • Date and time of access
  • Amount of data transferred
  • Notification of whether the retrieval was successful
  • Description of the type of web browser used
  • Operating system used
  • The previously visited page
  • Provider
  • Your IP address

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of our website).

Storage period: Log files are stored for a maximum of 6 months and then deleted. Data that needs to be stored for further evidence purposes is excluded from deletion until the respective incident has been finally clarified.

We use this data to ensure a smooth connection, comfortable use of the website, evaluation of system security and stability, and for other administrative purposes. We do not use the collected data to draw conclusions about your person.

In addition, we use cookies and analysis and marketing services on our website. These are only activated after you give consent through our cookie banner. You can find more detailed information in sections 5 and 6 of this privacy policy.

3.2 When using our contact form

If you have any questions, we offer you the option of contacting us via a contact form provided on the website. To answer your questions, we require your contact details (first name, email address) and a message. Further information can be provided voluntarily (surname, telephone number).

Legal basis: Art. 6(1)(a) GDPR (consent) and, where applicable, Art. 6(1)(b) GDPR (steps prior to entering into a contract).

Storage period: Data submitted through the contact form is stored for as long as needed to handle your enquiry and any related follow-up, and is then deleted. Statutory retention obligations remain reserved.

3.3 Newsletter

When you subscribe to the newsletter and confirm your subscription via the link in the email you receive (double opt-in), we process the following personal data: surname, first name, email address. The data is processed for the purpose of authenticating the subscriber during registration and sending the newsletter.

We use the Mailchimp service (operated by Intuit Inc., via The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) to send our newsletters. Mailchimp allows us to organise and analyse the sending of newsletters. When you subscribe, your data is stored on Mailchimp’s servers in the USA. When you open an email sent via Mailchimp, a file contained in the email (a “web beacon”) connects to Mailchimp’s servers, allowing us to determine whether a newsletter has been opened and which links have been clicked. In addition, technical information such as the time of retrieval, IP address, browser type and operating system is collected for statistical analysis of newsletter campaigns.

Legal basis: Art. 6(1)(a) GDPR (consent).

Storage period: Data is stored for as long as you remain subscribed to the newsletter. You can unsubscribe at any time via the “unsubscribe” link in any newsletter, after which your data will be deleted from the active mailing list.

International transfer: Data is transferred to the USA. The transfer is based on the EU-US Data Privacy Framework, under which Intuit Inc. is certified, as well as on the European Commission’s standard contractual clauses where applicable.

Further information can be found in Mailchimp’s privacy notice: https://mailchimp.com/legal/privacy/

The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4. Purposes of data processing and legal bases

We process personal data for the following purposes:

  • Operating the website securely and reliably. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
  • Providing information about BadenEnergy, including upcoming events and the summit programme. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent), depending on the channel.
  • Responding to your enquiries. Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (pre-contractual measures).
  • Statistics and marketing, including understanding how our website is used and reaching potential attendees with relevant information about our events. Legal basis: Art. 6(1)(a) GDPR (consent), given via our cookie banner. You can withdraw consent at any time.
  • Protection against spam and abuse, in particular through CAPTCHA services on our forms. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing automated abuse) and, where loaded only after consent, Art. 6(1)(a) GDPR (consent).
  • Ticket purchases. When buying tickets, you will be redirected to a third-party ticketing platform; the data protection provisions of that provider apply.
  • Accounting, archiving and fulfilment of legal obligations. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

5. Cookies and consent management

We use cookies and similar technologies on our website to identify your browser or device. A cookie is a small file that is sent to your computer or stored automatically on your computer or mobile device by the web browser you use when you visit our website. When you visit this website again, we can recognise your browser, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit (“session cookies”), cookies can also store user settings and other information for a defined period (“permanent cookies”).

5.1 Consent management with Borlabs Cookie

We use Borlabs Cookie, a consent management platform provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany, to manage your cookie preferences. When you visit our website for the first time, the Borlabs Cookie banner asks you to choose which categories of cookies and services you want to allow. Only strictly necessary cookies are set before you make this choice. All other cookies and services are only activated after you give explicit consent.

Borlabs Cookie stores your consent choices in a cookie on your device so that the banner does not reappear on every visit. No personal data is transferred to Borlabs.

You can change or withdraw your consent at any time by reopening the cookie settings via the link in our website footer. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

We use Google Consent Mode v2 to ensure that your consent choices are signalled to relevant Google services and that no statistics or marketing tags load until you have given consent.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent for non-essential cookies under applicable ePrivacy rules) and Art. 6(1)(f) GDPR (legitimate interest in documenting consent).

5.2 Essential services

The following services are required for our website to function correctly. They are loaded without requiring your consent.

Borlabs Cookie (see section 5.1 above) is used to manage and document your consent choices.

WPML is a multilingual plugin provided by OnTheGoSystems Limited that allows our website to be displayed in different languages. WPML sets a cookie to remember your preferred language during your visit. No personal data is transferred to WPML.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functioning, multilingual website).

5.3 Statistics (consent required)

The following services are only loaded after you give consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR (consent).

Google Tag Manager

We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to integrate the services described below into our website. Google Tag Manager itself does not process personal data; it manages the loading of other tags in line with your consent choices.

Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies to help us analyse how users use the site. The information generated by the cookie about your use of the website (such as event data, device information and a truncated IP address) is transmitted to and processed by Google. Google Analytics 4 does not log or store IP addresses by default and applies IP truncation before processing.

On our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

International transfer: Data may be transferred to Google servers in the USA. The transfer is based on the EU-US Data Privacy Framework, under which Google LLC is certified, and on the European Commission’s standard contractual clauses where applicable.

Further information is available at https://policies.google.com/privacy.

5.4 Marketing (consent required)

The following services are only loaded after you give consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR (consent).

LinkedIn Insight Tag

We use the LinkedIn Insight Tag, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (parent company: LinkedIn Corporation, 1000 W Maude Avenue, Sunnyvale, CA 94085, USA). The Insight Tag enables the collection of data about visits to our website, including URLs, referrer URLs, IP addresses, device and browser characteristics, time stamps and page views. This data allows us to measure the performance of our LinkedIn advertising campaigns and to deliver targeted content to relevant audiences on LinkedIn.

LinkedIn shortens IP addresses and removes direct identifiers from member data within seven days to pseudonymise the data. The remaining pseudonymised data is then deleted within 180 days.

International transfer: Data may be transferred to LinkedIn servers in the USA. The transfer is based on the EU-US Data Privacy Framework, under which LinkedIn Corporation is certified, and on the European Commission’s standard contractual clauses where applicable.

Further information is available in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

6. External media and content

The following services are only loaded after you give consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR (consent).

6.1 Web fonts

To display fonts consistently on our website, we use the following font services. When fonts are loaded, your browser establishes a connection with the provider’s servers and transmits information about which of our pages you have visited and your IP address.

Adobe Fonts (Typekit), provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (parent company: Adobe Inc., 345 Park Avenue, San Jose, CA 95110, USA). International transfer to the USA is based on the EU-US Data Privacy Framework, under which Adobe Inc. is certified, and on the European Commission’s standard contractual clauses where applicable. Further information: https://www.adobe.com/privacy/policy.html

Google Fonts, provided by Google Ireland Limited. International transfer to the USA is based on the EU-US Data Privacy Framework, under which Google LLC is certified, and on the European Commission’s standard contractual clauses where applicable. Further information: https://policies.google.com/privacy

6.2 CAPTCHA and bot protection

To protect our forms from automated abuse and spam, we use the following CAPTCHA services. These services analyse user behaviour and technical signals (such as IP address, mouse movement and browser characteristics) to determine whether an interaction is performed by a human or a bot.

Google reCAPTCHA, provided by Google Ireland Limited. International transfer to the USA is based on the EU-US Data Privacy Framework, under which Google LLC is certified, and on the European Commission’s standard contractual clauses where applicable. Further information: https://policies.google.com/privacy

hCaptcha, provided by Intuition Machines, Inc., 1065 SW 8th St #704, Miami, FL 33130, USA. International transfer to the USA is based on the EU-US Data Privacy Framework, including the Swiss-US extension, under which Intuition Machines, Inc. is certified, and on the European Commission’s standard contractual clauses where applicable. Further information: https://www.hcaptcha.com/privacy

Cloudflare Turnstile, provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. International transfer to the USA is based on the EU-US Data Privacy Framework, under which Cloudflare, Inc. is certified, and on the European Commission’s standard contractual clauses where applicable. Further information: https://www.cloudflare.com/privacypolicy/

7. Other recipients of your data

Your personal data will not be transferred to third parties for purposes other than those listed.

We may, however, use processors within the meaning of Art. 28 GDPR, particularly external IT service providers. These processors carry out the relevant data processing exclusively on our behalf and on our documented instructions, and are bound by data protection obligations equivalent to ours under a data processing agreement.

8. International data transfers

Data processing by BadenEnergy generally takes place in Switzerland or the European Economic Area (EEA). Where data is transferred to third countries (in particular the USA, see sections 3, 5 and 6), the transfer is based on one of the following safeguards under Art. 44 et seq. GDPR:

  • an adequacy decision of the European Commission, including the EU-US Data Privacy Framework where the recipient is certified;
  • the European Commission’s standard contractual clauses, supplemented by additional safeguards where required;
  • your explicit consent under Art. 49(1)(a) GDPR.

You can request a copy of the safeguards applied by contacting us at the address in section 2.

9. Rights of data subjects

In connection with the processing of personal data, data subjects have the following rights:

  • Right of access (Art. 15 GDPR / Art. 25 revDSG): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to receive information about that data.
  • Right to rectification (Art. 16 GDPR): You have the right to have inaccurate personal data corrected.
  • Right to erasure (Art. 17 GDPR): You have the right to have your personal data deleted, in particular if it is no longer necessary for the purposes for which it was collected or if you have validly withdrawn your consent.
  • Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you may request the restriction of the processing of your personal data.
  • Right to data portability (Art. 20 GDPR) / Right to data disclosure (Art. 28 revDSG): You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)(f) GDPR. Where personal data is processed for direct marketing purposes, you have the right to object at any time without giving reasons.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR / Art. 49 revDSG): You have the right to lodge a complaint with a supervisory authority. The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC, https://www.edoeb.admin.ch/). In the EU, you may contact the supervisory authority of your member state of residence.

To exercise any of these rights, please contact us at the address in section 2.

10. Automated decision-making and profiling

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

11. Children’s data

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us so that we can delete the data.

12. Data security

We take appropriate technical and organisational security measures within the meaning of Art. 32 GDPR to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing, and to counteract the risks of loss, accidental alteration, unintentional disclosure or unauthorised access.

13. Storage period

Personal data is stored for as long as is necessary to fulfil the purposes for which it was collected or for as long as we have a legitimate interest in doing so. Specific retention periods are stated in the relevant sections above. If you withdraw your consent, we will delete the relevant data from that point onwards, subject to any statutory retention obligations (in particular under Swiss commercial and tax law, typically 10 years).