With the following information, we would like to give you as a data subject an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If there is no legal basis for the processing of personal data, we generally ask for your consent.
The processing of your personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to our company. This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use and process.
As the data controller, we have taken numerous technical and organizational measures to ensure that the personal data processed via this website is protected as comprehensively as possible. Nevertheless, data transmissions on the Internet can generally have security gaps, so that absolute protection cannot be guaranteed. You can therefore also transmit personal data to us by alternative means, for example by telephone or post.
The controller within the meaning of the GDPR is
Webface, Flawilerstrasse 31, 9500 Wil, Switzerland
Representative of the controller: Dr. Meriton Ceka
For questions and concerns regarding the processing of your data and your data protection rights towards us, please contact
Webface
Data protection office
Flawilerstrasse 31
9500 Wil
Switzerland
This Privacy Policy is based on the terminology used by the European Directive and Regulation Giver in the formulation of the General Data Protection Regulation (GDPR). The aim of our privacy policy is to be understandable and easily accessible for the public as well as for our customers and business partners. To achieve this, we would first like to explain the terms used in this statement.
In this privacy policy, we use the following terms, among others
Personal data includes all information that relates to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social aspects of that person’s identity.
A data subject is any natural person who is identified or identifiable and whose personal data is processed by the controller (our company).
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes activities such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
Restriction of processing means the marking of stored personal data with the aim of limiting its future processing.
Profiling includes any form of automated processing of personal data that is used to evaluate specific personal characteristics relating to a natural person. This includes, in particular, the analysis or prediction of aspects such as work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement patterns of that natural person.
Pseudonymization refers to the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information. This requires that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.
Consent is the voluntary, specific, informed and unambiguous agreement of a data subject, expressed by a statement or other clearly affirmative act. The data subject thereby signals their consent to the processing of their personal data.
Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as operations necessary for the supply of goods or the provision of a service, the processing is based on Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another person. This would be the case if a person were injured in our company and information such as name, age, health insurance data or other important data would have to be passed on to medical personnel or third parties. The processing would then be based on Art. 6 para. 1 lit. d GDPR.
Finally, processing operations could be based on Art. 6 para. 1 lit. f GDPR. This legal basis includes operations that are not covered by any of the aforementioned bases if the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The latter took the view that a legitimate interest could be assumed if the data subject is a customer of our company (Recital 47 Sentence 2 GDPR).
If you work as a freelancer, coach, or digital service provider and have given us your contractual consent in accordance with Art. 6 para. 1 lit. a) GDPR, we reserve the right to publish your name, your specialist area, a profile description and, if available, a picture of you on selected websites operated by us.
In addition, we store your contact information (e-mail address and telephone number) for communication purposes, price information, quotation preparation and service provision as well as your billing address for billing purposes. We process this data on the basis of Art. 6 para. 1 lit. b) GDPR to fulfill the contract or to carry out pre-contractual measures.
Webface collects and processes the personal data of applicants exclusively for the purpose of handling the application process. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a form on the website. If Webface concludes an employment contract or a contract for cooperation on a freelance basis with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no contract is concluded with the applicant, the application documents will be deleted three months after receipt of the documents, provided that no other legitimate interests on the part of Webface prevent deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Your personal data will not be transmitted to third parties for purposes other than those listed below.
Your personal data will only be passed on to third parties if:
you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is permissible to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that are sent to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser displays “https://” instead of “http://” and a lock symbol appears in your browser line.
This technology is used to secure the data you transmit.
When you use our website for informational purposes only, i.e. without registering or transmitting information, we only collect the data that your browser sends to our server (in so-called “server log files”). Each time you or an automated system accesses our website, certain general data and information is collected and stored in the server log files. The following can be recorded:
Browser types and versions used,
the operating system used by the accessing system
the website from which an accessing system accesses our website (so-called referrer)
the sub-websites which are accessed via an accessing system on our website
the date and time of access to the website
a shortened Internet Protocol address (anonymized IP address)
the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to
deliver the content of our website correctly
optimize the content of our website and the advertising for it
ensure the long-term functionality of our IT systems and the technology of our website, and
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
The data and information we collect is evaluated statistically and used to improve data protection and data security in our company. Our aim is to ensure a high level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in data collection arises from the above-mentioned purposes.
On our website, we use cookies, small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.
The cookies store information related to the device used. However, this does not mean that we directly learn your identity.
Cookies are used to make the use of our website more convenient for you. For example, we use session cookies to recognize that you have already visited certain pages of our website. These are automatically deleted after you leave our site.
We also use temporary cookies that are stored on your device for a specified period of time to improve user-friendliness. When you visit our site again, it automatically recognizes that you have already been there and which entries and settings you have made so that you do not have to make them again.
Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the optimization of our offer. These cookies allow us to automatically recognize that you have already visited our website when you return. They are automatically deleted after a specified period of time.
The data processed by cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
For all other cookies, you have given your consent to this via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.
The personal data collected by us in the context of contract processing will be forwarded to the transport company commissioned with the delivery of the goods, insofar as this is necessary for the delivery of the goods. Your payment information will be transmitted to the relevant credit institution for the processing of the payment. If you use payment service providers, we will inform you separately. The legal basis for the transfer of this data is Art. 6 para. 1 lit. b GDPR.
For all other cookies, you have given your consent to this via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.
If you contact us (e.g. via a contact form or by email), personal data will be collected. The type of data collected when using a contact form can be found in the respective form. This data is used and stored exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is also to be used as the legal basis. Your data will be deleted after final processing of your request, provided that it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no statutory retention obligations to the contrary.
We only pass on personal data to third parties if this is necessary for the execution of the contract, for example to the financial institution responsible for processing payments.
Your data will not be transmitted beyond this or only if you have expressly consented to such transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
In order to communicate with you on social networks and inform you about our services, we have our own pages on these platforms. When you visit our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Art. 26 GDPR with regard to the processing of personal data triggered by this.
We are not the original providers of these sites, but use them within the scope of the options provided by the respective providers.
It is possible that your data may also be processed outside the European Union or the European Economic Area. This may entail data protection risks, as it may be more difficult to protect your rights such as access, erasure, objection, etc. The providers of social networks often use the data directly for advertising purposes or to analyze user behavior without us having any influence over this. If user profiles are created, cookies are often used or the user behavior is assigned directly to your profile on the social networks (if you are logged in there).
Personal data is processed on the basis of our legitimate interest and the interest of the providers in accordance with Art. 6 para. 1 lit. f GDPR in order to communicate with you in a timely manner and to inform you about our services. If you have given the providers your consent to data processing, the legal basis is based on Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.
As we do not have access to the providers’ databases, we recommend that you assert your rights (e.g. to information, rectification, erasure, etc.) directly with the respective providers. Below you will find further information on data processing in social networks as well as options for exercising your rights of objection or revocation (so-called opt-out) with the social network providers we use.
The following social networks are integrated into our website through links:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875
The LinkedIn pixel of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) may be used on our website.
The LinkedIn pixel makes it possible to track user behavior during visits to our website. The usage data generated by the service is usually transferred to servers in a LinkedIn data center and stored there. This data enables us to optimize our offer and the user experience. LinkedIn uses the information collected to measure the effectiveness of advertisements and to display LinkedIn advertisements. If you are logged into your LinkedIn account during your visit to our website, LinkedIn may be able to link the data to your LinkedIn user account. If you do not want LinkedIn to collect data, you can adjust the settings in your LinkedIn account.
The legal basis for the processing of your data is based on our legitimate interest in analyzing user behavior in order to optimize our offering. Further information can be found at: linkedin.com/legal/privacy-policy.
This website uses the “Facebook pixel” from Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (‘Facebook’). With your express consent, it enables us to track the behavior of users who have seen or clicked on a Facebook ad. This method is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to improve advertising measures in the future.
The data we collect is anonymous and does not provide us with any information about the identity of the user. However, Facebook stores and processes the data, which enables a connection to the respective user profile. Facebook may use the data for its own advertising purposes in accordance with its Data Usage Policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to place advertisements on Facebook and outside of Facebook. A cookie may be stored on your device for this purpose. This processing only takes place with your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
On our websites, we use Google Analytics 4 (G4), a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland). Pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), time of the server request, are transmitted to a Google server in the USA and stored there. The IP addresses are anonymized (IP masking).
You can prevent the installation of cookies by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
Further information can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies. For more information, visit the Microsoft Privacy Statement.
If you subscribe to our free newsletter, you provide us with your e-mail address and optionally your name and address. We also record the IP address, date and time of registration. Your consent is obtained during registration. Legal basis: Art. 6 para. 1 lit. a GDPR. You can unsubscribe at any time via the link in the newsletter.
Google Ads is used to promote our website through interest-based ads. If you reach our website via a Google ad, a conversion cookie is placed. Legal basis: Art. 6 para. 1 lit. a GDPR. More info: https://www.google.de/intl/de/policies/privacy/
Information obtained through the conversion cookie helps to compile statistics. You can refuse cookies by adjusting your browser settings. More info: https://privacy.microsoft.com/de-de/privacystatement
Used to detect automated input. Legal basis: Art. 6 para. 1 lit. a GDPR.
Used to display fonts uniformly. Legal basis: Art. 6 para. 1 lit. a GDPR.Used to detect automated input. Legal basis: Art. 6 para. 1 lit. a GDPR.
Used to send form data securely. Legal basis: Art. 6 para. 1 lit. f GDPR (or a GDPR if using cookies).
We use the “Cookie Notice” plugin to obtain consent. Legal basis: Art. 6 para. 1 lit. f GDPR.
Used to send newsletters. Data is processed by The Rocket Science Group, LLC. Legal basis: Art. 6 para. 1 lit. a GDPR. More info: http://mailchimp.com/legal/privacy/
If you choose PayPal, your payment data is transmitted to PayPal (Europe) S.à.r.l. & Cie. S.C.A. Legal basis: Art. 6 para. 1 lit. f GDPR. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Your personal data will only be processed and stored by us for as long as is necessary or legally required. Once the purpose ceases or retention expires, data is deleted or blocked.
The duration depends on statutory retention periods. After expiry, the data is routinely deleted unless further storage is necessary.
The current version of this privacy policy is valid and is dated:
July 22, 2025
We give your website a face – and a brain.