Privacy Policy

1. INTRODUCTION

With this Privacy Policy, we inform you about which personal data we process in connection with our Jamatu.com website and our other online services—how, where, and for what purpose. This Privacy Policy also outlines the rights of individuals whose data we process.

Specific, additional, or supplementary privacy policies as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply for individual or additional services and offerings.

Our online offering is subject to Swiss data protection law and, where applicable, foreign data protection laws—particularly the General Data Protection Regulation (GDPR) of the European Union (EU). The European Commission recognizes Swiss data protection law as providing adequate protection.

2. PROCESSING OF PERSONAL DATA

2.1 Definitions
Personal data refers to any information that relates to an identified or identifiable individual. A data subject is an individual whose personal data is being processed. Processing encompasses any handling of personal data, regardless of the means and procedures used—in particular storing, disclosing, collecting, recording, deleting, saving, modifying, destroying, and using personal data.

The European Economic Area (EEA) includes the EU as well as the Principality of Liechtenstein, Iceland, and Norway. The GDPR refers to the processing of personal data as the “processing of personal data.”

2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

If and to the extent that the GDPR is applicable, we process personal data in accordance with at least one of the following legal bases:

Art. 6(1)(b) GDPR – for processing necessary to perform a contract with the data subject or to take pre-contractual measures.
Art. 6(1)(f) GDPR – for processing necessary to safeguard our legitimate interests or those of third parties, provided such interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests include providing our online services reliably, securely, and user-friendly, advertising them if necessary, ensuring information security, preventing misuse and unauthorized use, enforcing legal claims, and complying with Swiss law.
Art. 6(1)(c) GDPR – for processing necessary to comply with a legal obligation to which we are subject under EEA law.
Art. 6(1)(e) GDPR – for processing necessary for the performance of a task carried out in the public interest.
Art. 6(1)(a) GDPR – based on the consent of the data subject.
Art. 6(1)(d) GDPR – for processing necessary to protect the vital interests of the data subject or another natural person.

2.3 Nature, Scope, and Purpose
We process personal data as necessary to provide our online offering in a sustainable, user-friendly, secure, and reliable manner. These data may fall into categories such as master and contact data, browser and device data, content data, metadata or peripheral data, usage data, location data, sales, contract, and payment data.

We retain personal data for as long as is necessary for the purposes described or as required by law. Data no longer required will be anonymized or deleted. Data subjects generally have the right to have their data deleted.

We typically process personal data only with the data subject’s consent unless permitted by other legal grounds—e.g., for fulfilling a contract, pre-contractual measures, overriding legitimate interests, or where the processing is evident from the circumstances or preceded by notice.

This includes information voluntarily provided by a data subject when contacting us (via post, email, contact form, social media, or phone) or during account registration. We may store such data in address books, CRM systems, or similar tools. If you share personal data of third parties, you are responsible for ensuring the protection and accuracy of that data.

We may also process personal data that we obtain from third parties, from public sources, or collect during the provision of our services, where such processing is legally permissible.

2.4 Processing by Third Parties, Including Abroad
We may have personal data processed by authorized third parties or jointly with them or transmit data to them. These include service providers whose services we use. We ensure adequate data protection for such third parties.

These third parties are generally located in Switzerland or the EEA but may also be located elsewhere, provided they ensure adequate data protection according to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, where applicable, the European Commission. This can be through standard contractual clauses or certification (e.g., Privacy Shield in the USA). In exceptional cases, third parties may be in countries without adequate protection, in which case we ensure compliance through legal mechanisms such as explicit consent.

3. RIGHTS OF DATA SUBJECTS

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information, correction, deletion, or blocking of data.

If and to the extent that the GDPR applies, data subjects also have the right to confirmation of whether their personal data is being processed, to access, restrict processing, exercise the right to data portability, and request correction, deletion (“right to be forgotten”), blocking, or completion of their data.

They may also withdraw previously given consent with future effect and object to the processing of their data at any time.

Data subjects have the right to lodge a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

4. DATA SECURITY

We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, the processing of personal data on the internet can still pose security vulnerabilities despite such measures. Therefore, we cannot guarantee absolute data security.

Access to our online offering is secured through transport encryption (SSL/TLS, particularly via Hypertext Transfer Protocol Secure, or HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Access to our online offering—like any use of the internet in general—is subject to indiscriminate and suspicionless mass surveillance and other forms of monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA), and other countries. We have no direct control over the handling of personal data by intelligence services, police departments, or other security authorities.

5. USE OF THE WEBSITE

5.1 Cookies

We may use cookies on our website. Cookies – both our own (first-party cookies) and those from third parties whose services we use (third-party cookies) – are text-based data stored in your browser. Cookies cannot execute programs or transmit malware such as trojans or viruses.

Cookies may be stored in your browser temporarily as “session cookies” or for a specified duration as so-called persistent cookies. Session cookies are automatically deleted when you close your browser. Persistent cookies allow your browser to be recognized the next time you visit our website, enabling features such as reach measurement. Persistent cookies may also be used for online marketing purposes.

You can disable or delete cookies in your browser settings at any time, either completely or partially. Without cookies, some parts of our online offering may no longer be fully functional. Where necessary, we will explicitly request your consent for the use of cookies.

For cookies used in performance and reach measurement or for advertising purposes, many services provide a general opt-out option through:

5.2 Server Log Files

We may collect the following data for every access to our website, provided it is transmitted by your browser or determined by our web server: date and time including time zone, IP address, access status (HTTP status code), operating system including interface and version, browser including language and version, accessed pages of our website including transferred data volume, and the last page visited in the same browser window (referrer).

We store this data, which may constitute personal data, in server log files. This information is necessary to maintain a reliable, user-friendly, and secure online offering and to ensure data security – including through third parties where applicable.

5.3 Web Beacons (Tracking Pixels)

We may use web beacons, also known as tracking pixels, on our website. These are small images – sometimes provided by third parties – that are automatically retrieved when visiting our website. Web beacons can collect the same data as server log files.

6. NOTIFICATIONS AND MESSAGES

We send notifications and messages, such as newsletters, via email and other communication channels, including instant messaging.

6.1 Performance and Reach Measurement

Notifications and messages may include web links or tracking pixels to determine whether a specific message has been opened and which links have been clicked. Such tracking can also collect personal usage data. This statistical analysis helps us tailor notifications and messages to the needs and reading habits of recipients, and to offer them effectively, user-friendly, securely, and reliably.

6.2 Consent and Opt-Out

You generally must explicitly consent to the use of your email address and other contact information unless such use is legally permitted. We use the “double opt-in” procedure whenever possible. This means you will receive an email with a confirmation link, which you must click to ensure that no unauthorized third party has subscribed you.

We may log consents, including your IP address as well as the date and time, for legal and security reasons.

You may unsubscribe from notifications and messages, such as newsletters, at any time. This does not apply to messages that are essential for our online offering. By unsubscribing, you also object to statistical usage tracking related to performance and reach measurement.

6.3 Service Providers for Notifications and Messages

We use third-party services and providers to send and manage notifications and messages. These may also use cookies. We ensure an adequate level of data protection when using such services.

6.3.1 Wix

We use Wix to send and manage newsletters. Wix is a service provided by Wix.com Ltd., a company based in Israel. For more information about the nature, scope, and purpose of data processing, please see Wix’s privacy policy. Wix ensures adequate data protection in accordance with the GDPR and relevant data protection laws.

6.3.2 Mandrill

We use Mandrill to send and manage user emails. Mandrill is a service provided by The Rocket Science Group LLC, which also operates MailChimp. Mandrill uses MailChimp’s infrastructure. For more information, see the MailChimp privacy policy and the pages on MailChimp, the Privacy Shield, and GDPR.

7. SOCIAL MEDIA

We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and to provide information about our online offering. In doing so, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The terms and conditions, usage policies, and privacy policies of the respective platform operators also apply. These documents contain information about the rights of data subjects, including, in particular, the right to access information.

For our social media presence on Facebook, we are—where and insofar as the GDPR applies—jointly responsible with Facebook for the so-called Page Insights. Page Insights provide information on how visitors interact with our Facebook page. We use these insights to provide our Facebook presence effectively and user-friendly. Facebook has published information on Page Insights data and a supplement regarding Page Insights responsibilities.

Users of social media platforms may log in or register for our online services using their corresponding accounts (“social login”). The respective terms of service and privacy policies of the social media platforms apply, such as terms and conditions or privacy statements.

8. THIRD-PARTY SERVICES

We use services provided by third parties to ensure the long-term, user-friendly, secure, and reliable delivery of our online offering. These services also allow us to embed content into our website. These third-party services—such as hosting, storage, video, or payment services—require your IP address, as they cannot otherwise transmit content to your browser. These services may be located outside of Switzerland and the European Economic Area (EEA), provided adequate data protection is guaranteed.

For their own security-related, statistical, and technical purposes, third parties whose services we use may also process data related to our online offering and other sources in aggregated, anonymized, or pseudonymized form—using cookies, log files, or tracking pixels.

8.1 Social Media Features and Content

8.1.1 Facebook

We use social plugins from Facebook to integrate Facebook functions and content into our website. These include features like “Like” or “Share” and may involve the use of cookies. More information is available on Facebook’s Social Plugins page.

The plugins are provided by Facebook Ireland Ltd. (Ireland) or Facebook Inc. (USA). If you are logged into Facebook, Facebook may associate the use of our online offering with your profile. Details on data processing can be found in Facebook’s Data Policy.

8.1.2 Instagram

We integrate Instagram features and content into our website. For example, we may display images published on Instagram. This may involve cookies.

Instagram is a service provided by Facebook Ireland Ltd. or Facebook Inc. Logged-in users may have their activity associated with their profile. Details are available in Instagram’s Privacy Policy.

8.1.3 LinkedIn

We embed LinkedIn functions and content, such as a “Share” button, into our website. This may involve cookies. More info is available on LinkedIn’s plugin page.

LinkedIn plugins are provided by LinkedIn Ireland Unlimited Company or LinkedIn Corporation (USA). Logged-in users may have their usage data linked to their profile. See LinkedIn’s Privacy Policy, Cookie Policy, and Data Protection Portal.

8.2 Maps

Wir verwenden Google Maps, um Karten in unsere Website einbetten zu können. Dabei kommen auch Cookies zum Einsatz. Google Maps ist ein Dienst der amerikanischen Google LLC. Für Nutzerinnen und Nutzer im Europäischen Wirtschaftsraum (EWR) und in der Schweiz ist die irische Google Ireland Limited verantwortlich. Weitere Angaben über Art, Umfang und Zweck der Datenbearbeitung finden sich in den Grundsätzen für Datenschutz und Sicherheit und in der Datenschutzerklärung jeweils von Google, im Leitfaden zum Datenschutz in Google-Produkten (einschliesslich Google Maps), in den Informationen, wie Google Daten von Websites verwendet, auf denen Google-Dienste genutzt werden und in den Informationen über Cookies bei Google. Ausserdem besteht die Möglichkeit, Widerspruch gegen personalisierte Werbung zu erheben.

8.3 Fonts and Icons

8.3.1 Font Awesome

We use Font Awesome to embed selected icons into our website. Cookies may be used in the process. This is a service provided by Fonticons Inc. (USA), which states that it complies with European data protection laws. Further details on the nature, scope, and purpose of data processing can be found in Font Awesome’s Privacy Policy.

8.3.2 Google Fonts

We use Google Fonts to embed selected fonts into our website. No cookies are used in this process. Google Fonts is a service provided by Google LLC (USA), offered independently of other Google services. For users in the European Economic Area (EEA) and Switzerland, Google Ireland Limited is responsible.

Further information on the nature, scope, and purpose of data processing can be found in Google’s Privacy and Security Principles, Privacy Policy, and related documentation.

8.4 Payments

We use payment service providers to process our customers’ payments securely and reliably. We only use payment service providers that ensure adequate data protection. Their respective terms and conditions, such as general terms and privacy policies, apply.

We specifically use Stripe to handle payments. Stripe is a service provided by Stripe Inc. (USA). For users in the European Economic Area (EEA) and Switzerland, Stripe Payments Europe Ltd., based in Ireland, is responsible.

Details on the nature, scope, and purpose of data processing can be found in Stripe’s Privacy Policy.

8.5 Analytics and Reach Measurement

8.5.1 Google Analytics

We use Google Analytics to analyze website usage and measure third-party referral success.

Service provider: Google LLC (USA) or Google Ireland Limited (Ireland).

Cookies and anonymized IP addresses are used.

More info: Google Privacy Policy, Google Analytics Help, and Google’s data practices.

8.5.2 Google Tag Manager

We use Google Tag Manager to manage Google and third-party services.

No cookies are used directly, but embedded services may use them.

More info via Google Privacy Policy.

8.5.3 Hotjar