2.5. Log files
Whenever our websites are accessed, usage data is transmitted through the respective Internet browser and stored in log files, the so-called server log files. The data records stored in this way contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (originating URL from which you accessed the website), the amount of data transferred, as well as product and version information of the browser used. The IP addresses of the visitors are deleted or made anonymous after the end of use.
The personal data that we collect and process may be transferred to and stored in geographic regions in which data protection regulations differ from those in your own country. All such data transfers will be made in compliance with applicable law.
For the transfer of personal data, we rely on the adequacy decision or we ensure the personal data is protected through appropriate contracts, in particular, the so-called standard contractual clauses of June 4, 2021 (EU 2021/914) of the European Commission, the United Kingdom supervisory authority and the Swiss supervisory authority.
3. Data security
Your personal data is transmitted encrypted. This applies to your communication data if you use our contact form and when registering for MT announcements. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our websites and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
4. Categories of receipt of personal data
Insofar as we make use of the services of third parties to carry out our services, we process personal data according to the provisions of the GDPR and FADP. Service providers who support us in providing our services to you are the it-service providers, hosting providers and e-mail service providers.
5. Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. Thus we store your data on the basis of legal proof and storage obligations. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
6. Rights of the persons concerned
In accordance with the FADP, please note that you have the right to request from Museum Tinguely access to your personal data, a copy of your personal data, to rectify your personal data or to have Roche register a note dispute. Additionally, you have the right to erasure or anonymisation of your personal data if it is no longer needed for the purpose for which you provided it, and the right to restrict the processing of your personal data to specific purposes if erasure is not possible. If the processing of your personal data is based on your consent kindly note that you have the right to withdraw consent at any time. However, the withdrawal is only valid for the future and we reserve the right to continue to process personal data in the event of a withdrawal, based on a different basis.
For sending us a note to exercise your privacy rights, including withdrawal of consent, please see contact details in the section “Responsible authority” above. In the event you have the impression that our data processing is non-compliant with applicable privacy laws: You are entitled to lodge a complaint with the Swiss supervisory authority. If you have any questions regarding data protection, please contact us at tinguelybasel. admin@roche. com