Version valid from 01.01.2022
With this privacy policy, we, CrossFit Bern GmbH, Wylerringstrasse 36, CH-3014 Bern, registered in the commercial register of the Canton of Bern with company number CHE-036.4.051.184-8 (hereinafter: we or us), describe how we collect and process personal data. This privacy policy is not necessarily a comprehensive description of our data processing. It is possible that other privacy policies may apply to specific circumstances.
The term ‘personal data’ in this privacy policy refers to any information that identifies a person or could reasonably be used to identify a person.
If you provide us with personal data of other persons (such as users, employers, customers, potential customers, work colleagues), please ensure that the respective persons are informed about this privacy policy and only provide us with their data if you are authorised to do so and such personal data is accurate.
This privacy policy is in line with the EU’s General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it may be relevant to us.
Processor, data protection officer and representative of the controller in the EU
The data processor described in this privacy policy is Newsroom Technologies AG. You can inform us of any data protection concerns using the following contact details: CrossFit Bern GmbH, Wylerringstrasse 36, CH-3014 Bern, info@crossfitbern.ch.
Collection and processing of personal data
We process personal data that we receive from our business customers, from users of business customers, on behalf of our business customers from third parties who have made personal data publicly available on the Internet in the context of publications, events and other activities of business customers, from users when using Storyshaker, our websites, apps and other applications in the course of our business relationships with our business customers for the purpose of providing our services to our business customers for the purposes of our business customers.
We collect personal data that you make publicly available (e.g. on the Internet, social media), or we may receive such information from business customers. The categories of data we collect about you from third parties include, but are not limited to, publicly available information (e.g., the Internet, social media), information about you in correspondence with the business customer, information about your relationship with business customers, and information about business customers’ publications, events, activities, and data in connection with your use of our websites and apps.
Purpose of data processing and legal bases
We primarily use collected data to fulfil contracts with our business customers and to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as a user, employee, customer, potential customer, follower, fan, interested party or business partner of the business customer.
In addition, in accordance with applicable law and where applicable, we may process your personal data and personal data of third parties for the following purposes, which are in the legitimate interests of business customers (or, where applicable, third parties), such as:
- Provision and development of our products, services and websites, apps and other platforms on which we are active;
- Communicating with third parties and handling their enquiries (e.g. job applications, media enquiries);
- Advertising and marketing, unless you have objected to the use of your data for this purpose (if you are part of our customer base and receive our advertising, you can object at any time and we will block you for further advertising mailings);
- Market and opinion research, media monitoring;
- Assertion of legal claims and defence in legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis for fraud prevention);
- Ensuring our operations, including our IT, our websites, apps and other appliances;
If you have given us your consent to process your personal data for specific purposes (e.g. when registering to receive newsletters), we will process your personal data within the scope of this consent and on the basis of this consent, unless we have another legal basis, if we need one. The consent given can be revoked at any time, but this does not affect the data processed before the revocation.
Cookies / Tracking and other techniques / Social media plug-ins in connection with the use of websites and apps
We typically use ‘cookies’ and similar technologies on our websites and apps that enable us to recognise your browser or device. A cookie is a small text file that is sent to your computer and stored on your computer or mobile device by your web browser when you visit our website or install our app. When you visit our website again or use our app, we may recognise you, even if we do not know your identity. In addition to cookies that are only used during a session and deleted after you leave the website (‘session cookies’), we may use cookies to store user configurations and other information for a specific period of time (e.g. two years) (‘persistent cookies’). Notwithstanding the foregoing, you can configure your browser settings to reject cookies, store them only for a session, or delete them prematurely. Most browsers are set to accept cookies. We use permanent cookies to store user configuration (e.g. language, automated login), to understand how you use our services and content, and to show you customised offers and advertising (which may also appear on websites of other companies; if we know your identity, these companies will not learn your identity from us. They only know that the same user who visits their website has previously visited a specific website. Certain cookies are sent to you by us or by business partners with whom we collaborate. If you block cookies, certain functions (e.g. language settings, shopping cart, order processes) may no longer be available to you.
In accordance with applicable law, we may include visible and invisible image files in our newsletters and other marketing emails. When such image files are retrieved from our servers, we can determine whether and when you have opened the email so that we can measure and better understand how you use our offers and tailor them accordingly. You can disable this in your email programme, which is usually a default setting.
By using our websites, apps and agreeing to receive newsletters and other marketing emails, you consent to the use of such techniques. If you object, you must configure your browser or email programme accordingly or uninstall the app if the relevant setting is not available.
We may use Google Analytics or similar services on our website. These are third-party services that may be located in any country worldwide (in the case of Google Analytics, Google LLC is located in the United States at www.google.com) and that enable us to measure and evaluate the use of our website (anonymised). For this purpose, permanent cookies are used, which are set by the service provider. The service provider does not receive (and does not store) any personal data from us. However, the service provider may track your use of the website, combine this information with data from other websites you have visited and which are also collected by the respective service, and may use this information for its own purposes (e.g. to control advertising). If you have registered with the service provider, the service provider also knows your identity. In this case, your personal data will be processed by the service provider in accordance with its privacy policy. The service provider only provides us with data on the use of the respective website (but no personal data about you).
Data transfer and transfer of data abroad
In the course of our business activities and in accordance with the purposes of data processing set out in Section 3, we may transfer data to third parties, provided that such transfer is permitted and we deem it appropriate, so that they can process the data on our behalf or, where applicable, for their own purposes. In particular, the following categories of recipients may be involved:
- our service providers, including processors (such as IT providers);
- our business customers;
- domestic and foreign authorities or courts;
- the media;
- the public, including users of our websites and social media;
- other parties in potential or pending legal proceedings;
collectively, these are the recipients.
Certain recipients may be located in Switzerland, but they may be located in any country worldwide. In particular, you must expect that your data will be transferred to any country where our service providers are located (e.g. Google Analytics, Intercom Chat, Keyhole, Mailchimp). If we transfer data to a country without adequate legal data protection, we will ensure an adequate level of protection that is required by law by using appropriate contracts (in particular based on the European Commission’s standard contractual clauses), or we rely on the legal exceptions of consent, contract performance, establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.
Retention periods for your personal data
We process and store your personal data for as long as necessary to fulfil our contractual obligations and to comply with legal obligations or other purposes for which the data was collected, i.e. for the duration of the entire business relationship and beyond, in accordance with the statutory retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company, or to the extent that we are otherwise required to do so by law, or if legitimate business interests require further storage (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible. In general, shorter retention periods of no more than twelve months apply to operating data (e.g. system logs).
Data security
We have taken appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse.
Your rights
In accordance with and to the extent provided for by applicable law (as is the case with the GDPR), you have the right to access, correct and delete your personal data, restrict its processing or object to our processing, in addition to the right to receive certain personal data for transfer to another controller (data portability).
Please note, however, that we reserve the right to enforce legal restrictions on our part, for example if we are required to store or process certain data, have an overriding interest (if we can invoke such interests) or need the data to assert claims. If the exercise of certain rights incurs costs for you, we will inform you of this in advance. We have already informed you about the possibility of withdrawing your consent in section 3 above. Please also note that exercising these rights may conflict with your contractual obligations and may result in consequences such as premature termination of the contract or costs. In this case, we will inform you in advance, unless this has already been contractually agreed.
In general, exercising these rights requires you to prove your identity (e.g. by providing a copy of identification documents where your identity cannot be otherwise recognised or verified). To exercise these rights, please contact us at the addresses provided in Section 1 above.
In addition, every data subject has the right to enforce their rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
Changes to this privacy policy
We may change this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will notify you of any changes by email or other appropriate means.