Privacy Policy

Types of data processed

·        Inventory data (e.g., names, addresses)

·        Contact data (e.g., e-mail, telephone numbers if provided)

·        Content data (e.g., text entries, messages)

·        Usage data (e.g., website visited, interest in content, access times)

·        Meta/communication data (e.g., device information, IP addresses)

Processing of special categories of data

No special categories of data are processed.

Categories of persons concerned by the processing

·        Visitors/ interested parties / suppliers

·        Visitors and users of the online offer

In the following, we also refer to the data subjects collectively as "users".

Purpose of processing

·        Provision of the online offer, its contents, and functions.

·        Provision of contractual services, service, and customer care

·        Answering contact requests and communication with users

·        Marketing, advertising, and market research

·        Security measures

Relevant legal basis

In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:

·        the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,

·        the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,

·        the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and

·        the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

Processing of personal data

a) Collection of access data and log files

We (that is Squarespace as our Content Delivery Network Provider and Host) collect data on every access to our website on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the web site accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

b) Online presence in social media

We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

c) Cookies

We use temporary and permanent cookies, i.e., small files that are stored on users' devices (for an explanation of the term and its function, see the last section of this privacy policy). In part, the cookies serve the purpose of security or are necessary for the operation of our online offer (e.g., for the display of the website) or to save the user decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are informed in our Cookie Policy.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/  or the EU site https://www.youronlinechoices.com/.  Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this online offer.

d) Google Analytics

We use Google Analytics, a web analytics service provided by Google. Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.

 We only use Google Analytics with IP anonymisation activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. 

You can find out more information about Google's use of data, setting and objection options on the Google website: https://www.google.com/intl/en/policies/privacy/partners. Otherwise, the personal data will be anonymised or deleted after a period of 14 months.

e) Squarespace Metrics

Our website also uses Squarespace Metrics, a web analytics service provided by Squarespace. Squarespace Analytics uses cookies. The information generated by the cookie about your use of this website is transmitted to and stored by Squarespace on servers in the United States. Squarespace will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Squarespace may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Squarespace's behalf.

Squarespace will never associate your personal data with any other data held by Squarespace. You may refuse the use of cookies by selecting the appropriate settings on your browser. In this case, you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Squarespace in the manner and for the purposes set out above. More info can be found in Squarespace`s privacy policy

f) Newsletter

On our website you have the possibility to register for our newsletter. The newsletter informs you about current and upcoming trips and other news about us. For the registration we need your name and e-mail address. We use your name to address you personally.

After sending the registration form, you will receive a confirmation e-mail from us. The registration will only become effective once you have clicked on the link in the confirmation e-mail. You can unsubscribe from the newsletter at any time. Simply use the unsubscribe link at the end of each e-mail. Your e-mail address will then be deleted from the distribution system.

g) Contacting us

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact enquiry and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. We delete the enquiries if they are no longer necessary. We review the necessity every 6 months. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law and tax law retention obligation).

h) Work with us (Provision of contractual services)

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

i) Information you provide to us as part of a donation

We store and process information that you give us as part of a donation primarily for the purpose of carrying out the collection of donations that you have instructed us to do. Your donation will be processed through PayPal and the payment data will not be passed on to any other third parties. The data collected is required for the execution of the donation. The user's e-mail address is required to confirm receipt of the donation. The data will not be used for any other purpose. The legal basis for the processing of the data is our legitimate interest.

j) Comments and contributions in our blog

When users leave comments or other contributions, their IP addresses are stored for 7 days on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR for 7 days. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.

Within the Blog you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data is publicly viewable. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, information helps you to get more from our Services. It’s your choice whether to include sensitive information on your comment and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the storage is Article 6 lit. f) GDPR.

k) Our Shop

We collect Personal Data if you voluntarily provide it to us in the context of your order (your name, e-mail address, shipping, and billing address, if different). Mandatory fields are marked as such, as we need the data in these cases to process the contract and we cannot process the order without you providing it. We use the data you provide to process your order.

It is also possible for you to register for your purchase at Sean and Emily Travels. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase later. We store the data you enter to set up a customer account through which your orders are recorded, executed, and processed. We will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.

If you make a purchase your payment will be processed via the payment system of Stripe. Payment data will solely be processed through the by Stripe. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

In the case of order fulfillment and the delivery of goods you have ordered we share your name, e-mail address, shipping, and billing address, with our fulfillment service provider Printful and the necessary logistics companies and the postal service provider specified when the order was placed. The legal basis is fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR.

l) Hosting

The services for hosting and displaying the website are provided by our service provider (Squarespace) as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact us.

m) Google reCAPTCHA

We use "Google reCAPTCHA" on our websites. The provider is Google Inc. The purpose of reCAPTCHA is to check whether the data input on our websites is made by a human being or by an automated programme, and reCAPTCHA also protects our users from SPAM when using the message function. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.

n) Amazon affiliate programme

Based on our legitimate interests (i.e., interest in the economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), this web site may be a participant in the Amazon affiliate programme, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.co.uk. Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognise that you have clicked on the partner link on this website.

For more information on Amazon's use of data, please see the Amazon 's privacy policy.

o) Video Content

We have integrated components from YouTube on our website. The integration requires that YouTube can perceive the IP address of the user. The IP address is required in order to send the video content to the user's browser. If you click on a YouTube video, your browser will be prompted by the component to download a corresponding representation of the component. In this way, YouTube knows which specific sub-pages you have visited. The legal basis for the data processing is our legitimate interest and your consent Art. 6 para. 1 lit. f. and a of the GDPR.

Security measures

We take appropriate technical and organisational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise.

Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).  The security measures include in particular the encrypted transmission of data between your browser and our server.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

Since we are based in Switzerland, we process data outside the European Union (EU) but within the the European Economic Area (EEA)). In this sense we are relying on the adequacy decision of the EU. If processing takes place outside the EEA this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

In accordance with the FDA and the GDPR you have individual data subject right. As both provisions afford the same right, we refer for consistency to the GDPR.

·        You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.

·        You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.

·        In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.

·        You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.

·        You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

·        You have the right to revoke any consent you have given in accordance with Art. 7 (3) of the GDPR with effect for the future.

·        You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.

The Supervisory Authority

The Data Protection Commissioner Basel is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the BDPIC (https://www.dsb.bs.ch/). We would, however, appreciate the chance to deal with your concerns before you approach the BDPIC so please contact us in the first instance.

Data Subject Access Request

For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

If you have any questions, please do not hesitate to contact us.