0
0
Subtotal: CHF 0.00
No products in the cart.

Data Protection Guideline

The protection of your personal data is of particular concern to us whenever you register via e-mail, use our products or visit a MyCityHighlight AG website. Our data protection guidelines are based on the European General Data Protection Regulation (GDPR).

In this privacy policy, we inform you about the most important aspects of data processing in connection with the use of our services. We provide you with a detailed overview of how we use the information you provide to us, or that we lawfully obtain in accordance with the terms defined herein.

We take all reasonable steps to ensure that your information is secured and used as described in this Privacy Policy.

We reserve the right to change this Privacy Policy at any time with effect for the future; the current version is available for download. In the event of ambiguities or contradictions, the German version shall prevail

1. Data Controller (hereinafter: “we”)

Detektiv-Trails
MyCityHighlight AG
Talgut-Zentrum 7
CH-3063 Ittigen
E-mail: hc.sliart-vitketedobfsctd@ofni or hc.thgilhgihyticymobfsctd@ofni

Further details about us can be found in our provider identification  (imprint).

2. Personal data, purposes of their processing and legal bases

The use of our website is usually possible without you having to provide personal data. However, the provision of personal data is required at the latest when ordering a product in our shop.

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person.

The purpose of the processing of data is to operate this website with information on our range of services, including contact options and online application options.

Personal data is only collected on our website if this is

  • for the use of the website (legal basis: Art. 6 para. 1 sentence 1 lit. a) and/or Art. 6 para. 1 sentence 1 lit. b) General Data Protection Regulation (GDPR),
  • to safeguard our interest in improving the user experience and maintaining the security of use (legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR),
  • for the use of the services offered on the website as well as pre-contractual measures, in particular for form entries (legal basis: Art. 6 para. 1 sentence 1 lit. a) and/or Art. 6 para. 1 sentence 1 lit. b) GDPR) or
  • for the conclusion of a contract and for the execution of the contract (legal basis: Art. 6 para. 1 sentence 1 lit. a) and lit. b) GDPR)

is required.

Further details on the processing of data can be found below under corresponding headings:

3. Access data/server log files

When you visit our website, our servers automatically store the information that your browser sends. Server log files. The information includes

  • Name of the website accessed,
  • File,
  • Date and time of retrieval,
  • Notification of successful retrieval,
  • Browser type and version,
  • User’s operating system,
  • Referrer URL,
  • IP address (anonymized),
  • Provider.

This data will not be merged with other data sources. In accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, the information is used exclusively for the analysis and maintenance of the technical operation of the servers and the network.

4. Cookies

Our website stores cookies. Cookies are small files that make it possible to store specific information related to the device on the user’s access device (PC, smartphone, etc.). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they serve to collect statistical data on website use and to be able to analyse it in order to improve the offer. You can find more information in the following paragraphs of our privacy policy. If you give consent for cookies that are not necessary, the legal basis is § 25 (1) TDDDG, Article 6 (1) sentence 1 lit. a) GDPR (consent). You can find further information on this and the cookies or services used in our consent management tool and revoke your consent at any time freely and without disadvantage with effect for the future.

As a user, you can influence the use of cookies. Most browsers have an option to restrict or disable the storage of cookies.

is completely prevented. However, it is pointed out that the use and in particular the comfort of use is limited without cookies. 

5. Contact by email

If you send us inquiries by e-mail, the information you provide in the e-mail, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions in accordance with Art. 6 (1) sentence 1 lit. b) GDPR. We will never pass on this data without your consent. We will treat the data you voluntarily provide as strictly confidential. We store and use personal data voluntarily provided by you, i.e. insofar as it is necessary for further correspondence with you.

6. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. We do not pass on this data without your consent.

7. Customer Account

Ordering a product in our shop is usually only possible with a customer account. If you do not yet have an account with us, a customer account with MyCityHighlight AG will automatically be created for you with every order. This customer account gives you access to your purchased products. The customer account is valid for all pages of MyCityHighlight AG.  You can request the deletion of your customer account at any time by sending an e-mail to hc.thgilhgihyticymobfsctd@ofni .

The information required for this (mandatory information) will be provided to you during the registration process. The provision of this data is necessary so that we can set up the customer account for you. The data processing is based on the requirement to carry out pre-contractual measures or to perform the contract in accordance with Art. 6 (1) sentence 1 (b) GDPR.

8. Google Analytics

Our website uses Google Analytics. The provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, in order to analyze our website and usage and thus make it more user-friendly and effective as well as to advertise and offer our services in the best possible way. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR or, if you have given your consent to the use of cookies on the basis of a notice provided by us on the website (“cookie banner”), the lawfulness of the use is based on Art. 6 para. 1 sentence 1 lit. a) GDPR, § 25 para. 1 TDDDG.

For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, EU is the responsible controller for Google services (hereinafter: “Google”). Google Ireland Limited is an affiliate of Google LLC whose services we integrate and which must also comply with the General Data Protection Regulation.

Since 10 July 2023, the European Commission has published the adequacy decision for the new EU-US Data Privacy Framework (DPF). U.S. companies can join the data protection framework by committing to comply with detailed data protection requirements. Google LLC already participates in this and is certified accordingly.

Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. However, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. IP anonymization is activated on our website. Your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage.

You can give your consent to the use of Analytics via the Cookie Policy in the cookie settings by opt-ins (activation) and then deactivate it again by opt-out. You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by  downloading and installing the browser plugin available under the link: https://tools.google.com/dlpage/gaoptout?hl=de: Further information on Google’s terms of use and data protection can be found here.

9. Google Consent Mode

We use Google Consent Mode to collect and respect privacy-compliant consents from our users to the use of cookies and other tracking technologies. Depending on the consent of the users, data is either processed anonymously or blocked completely.

Our website uses Google services such as Google Analytics and Google Ads. With the help of the Google Consent Mode, we process data depending on the consent of the users. If no consent is given, only anonymous data processing takes place, without cookies being set.

The processing of personal data is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. If no consent is given, only limited or anonymous data processing will take place.

10. Google Tag Manager

Our website also uses Google LLC’s Google Tag Manager. The Google Tag Manager is a solution with which the operators of a website can manage so-called tags via an interface. Google Tag Manager collects your IP address. However, IP anonymization is activated on our website. Your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Further information can be found there: https://www.google.com/intl/de/tagmanager/usepolicy.html. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR or, if you have given your consent to the use of cookies on the basis of a notice provided by us on the website (“CookieBanner”), the lawfulness of the use is based on Art. 6 para. 1 sentence 1 lit. a) GDPR, § 25 para. 1 TDDDG. You can also give your consent to the use of the Tag Manager via the cookie policy in the cookie settings opt-ins (activation) and deactivate it again by opting out.

11. Facebook Pixel

Within our online offer, we also use “Facebook pixels”. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR or, if you have given your consent to the use of cookies on the basis of a notice provided by us on the website (“cookie banner”), the lawfulness of the use is based on Art. 6 para. 1 sentence 1 lit. a) GDPR, § 25 para. 1 TDDDG.

With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as the target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). The processing of the data by Facebook is carried out within the framework of Facebook’s data use policy.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://dede.facebook.com/help/566994660333381. For more information, see Facebook’s Terms of Service and Facebook Privacy Policy. You can find them here at: https://de-de.facebook.com/about/privacy/ and https://dede.facebook.com/legal/terms.

12. Payrexx

On our website, we use the payment provider Payrexx, through which payment is processed by credit card and PayPal. Payrexx is operated by Payrexx AG, Burgstrasse 18, 3600 Thun, Switzerland. You can find more information about Payrexx’s privacy policy here: https://www.payrexx.com/de/rechtliches/?ref=dsgvo0518.

If you make the payment by credit card, the data required for this (card number, validity and security code) will be transmitted to the payment provider in encrypted form and will not be visible to the website operator. The payment provider may transfer, process and store personal data outside the EU that is necessary to process the payment. Payrexx is solely responsible for the processing of this data. If personal data is processed in the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.

Details on payment with Payrexx can be found in the terms and conditions and the privacy policy of the payment provider at: https://payrexx.com/sicherheit.

If you use the payment service PayPal provided by Payrexx, we refer to the following section of this privacy policy.

13. PayPal

For the purpose of payment processing via Payrexx, we also use PayPal via the credit card. This is an online payment service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

Your payment data will only be transmitted to PayPal if this is necessary for payment processing. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. If you use PayPal as a payment method, the bank details you have provided to PayPal will be used by PayPal for payment. We do not have access to this data. You can find PayPal’s privacy policy here.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, purchase on account. For this purpose, your payment data will be passed on to credit agencies in accordance with Art. 6 para. 1 lit. a) GDPR on the basis of your consent to the determination of your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal’s privacy policy.

You can object to this processing of your data at any time by sending a message to us or to PayPal. However, PayPal may then continue to be entitled to process your personal data if this is necessary for contractual payment processing in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.

14. MapsMarker Pro

For the display of maps on the website and during the game of our Detective-Trails, we use the tool MapsMarker pro. The provider is MapsMarker.com e.U., Lohwaggasse 13/4, 1220 Vienna, Austria. Users can navigate the game using Mapsmarker’s maps and view their live location. When you use it, your IP address is transmitted to the servers of MapsMarker. If you do not want MapsMarker to collect, process or use data about you, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display. For more information, please visit: https://www.mapsmarker.com/privacy-policy.

The legal basis for the use is Art. 6 para. 1 lit. b) GDPR, because it is used in the context of the performance of the contract. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. In all other cases, the assignment is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

15. Landbot

Landbot is also integrated into the game. The provider is Landbot IO. The provider is HELLO UMI S.L., Av de Josep Tarradellas 20-30 P.6, Barcelona, Spain. Landbot is a chat platform that allows website visitors to interact with our chatbot. The chat histories are stored in the Landbot IO application. For more information, please refer to Landbot IO’s Privacy Policy, available at https://landbot.io/privacy-policy.

User profiles can be created on the basis of the data collected. The data collected can also be used to improve our chatbots and their response behavior (machine learning). The data entered by you in the course of the communication will remain with us or the chatbot operator until you ask us to delete it, revoke your consent to the storage or the purpose for which the data is stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

The legal basis for the use is Art. 6 para. 1 lit. b) GDPR, because it is used in the context of the performance of the contract. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. In all other cases, the assignment is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

16. LearnDash

We use LearnDash to run our games, so that players solve puzzles and get access to the integrated MapsMarker map and the LandbotChat. The provider is LearnDash, 2531 Jackson Avenue, Ann Arbor, MI 48103, USA.

As part of the use of the LearnDash function, your personal data is stored solely in our web environment, the data is used exclusively internally, for example, to automatically issue a confirmation of participation at the end of the course and to administer our users. Further information can be found in LearnDash’s privacy policy at: https://www.learndash.com/privacy-policy/.

The legal basis for the use of LearnDash is Art. 6 (1) (b) GDPR, because it is used in the context of the performance of the contract. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. In all other cases, the assignment is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

17. Uncanny Automator

We use Uncanny Automator to run our games. The provider is Owl Inc, RBC WaterPark Place, 20 Bay St. 11th floor, Toronto, ON M5J 2N8, Canada. With the help of this plugin, we set a number of automations. No user data is collected and stored. Only when the user finishes the game, a review email will be sent to the e-mail address provided by him.

The legal basis for the use of Uncanny Automator is Art. 6 (1) (b) GDPR, because it is used in the context of the performance of the contract. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. In all other cases, the assignment is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

18. WooCommerce

We have integrated the open-source shop system WooCommerce on our website to provide our online shop as a plugin. This WooCommerce plugin is based on the content management system WordPress, which is a subsidiary of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Information that you actively enter in a text field in our online store may be collected and stored by WooCommerce or Automattic. So when you sign up with us or order a product, Automattic may collect, process and store this data. In addition to e-mail address, name or address, this can also be credit card or billing information. Automattic can then also use this information for its own marketing campaigns. In addition, there is also information that Automattic automatically collects from you in so-called server log files: IP address, browser information, preset language setting, date and time of web access.

WooCommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons), for example, to clearly identify you as a user and possibly to be able to offer interest-based advertising. WooCommerce uses a number of different cookies that are set depending on the user’s action. This means that, for example, if you add a product to your shopping cart, a cookie is set so that the product remains in the shopping cart when you leave our website and come back at a later date.

The legal basis for the use of WooCommerce is Art. 6 para. 1 lit. f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. In all other cases, the assignment is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

More details about the privacy policy and what data is collected by WooCommerce and in what way can be found on https://automattic.com/privacy/.

We use an SMS bot to carry out some of our games (Bulk SMS (A2P SMS) service) of the company NTH mobile, so that the players receive further hints on how to solve the game after solving puzzles. The provider is NTH AG, Hardturmstrasse 161, 8005 Zurich, Switzerland.

This mobile phone number of the customers is no longer used.

19. Recipients of personal data

Notwithstanding the above paragraphs, we disclose personal data to the following categories of recipients:

To our employees and to the host of our website. The hoster is cyon GmbH, Brunngässlein 12, CH – 4052 Basel.

In addition, your personal data will not be passed on to third parties without your express consent, unless we are legally obliged to do so within the meaning of Art. 6 para. 1 sentence 1 lit. c) GDPR or the data disclosure is absolutely necessary for the performance of a contractual relationship in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

20. Duration of storage

We delete your personal data immediately after the purpose has been achieved. For example, we store your data from your e-mails and the contact form until your request has been fully processed and dealt with. After that, the information is usually deleted.

In addition, we will check every year whether the data stored by you can be deleted.

Session cookies are automatically deleted by us after your visit to the website. Access data and server log files are deleted after one week.

Please note that there are retention obligations under commercial and tax law of at least six (§ 257 HGB) or ten (§147 AO) years for certain data.

21. Rights of Data Subjects

You are not required by law to provide your personal data. However, the provision may be necessary for the conclusion of a contract or for functions of the website. In the event of non-provision, a contract or a function on the website may not be offered.

There is no automated decision-making on the website, profiling does not take place.

The rights of data subjects arise in particular from Articles 15 to 23 and Article 77 of the GDPR as well as from Sections 32 to 37 of the Federal Data Protection Act (BDSG).

With regard to your personal data, you have the right to

  • Information, Art.15 GDPR
  • Rectification, Art. 16 GDPR
  • Erasure, Art. 17 GDPR
  • Restriction of processing, Art. 18 GDPR
  • Portability, Art. 20 GDPR.

If you have given your consent to the processing of personal data, you have the right of the

  • Revocation, Art. 7 GDPR with effect for the future.

You also have the right to object to the processing of personal data

  • Objection to raising Art. 21 GDPR.

1. You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR (data processing on the basis of a balancing of interests) for reasons arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. In individual cases, we process personal data in order to conduct direct marketing. If this is the case for you, you have the right to object at any time to the processing of data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made in any form and should be addressed to us if possible, see above under 1.

If you are of the opinion that the processing of personal data concerning you violates data protection law, you must always

  • Right to lodge a complaint

with the competent supervisory authority, cf. Art. 77 GDPR. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

The contact details of the data protection officers in the federal states, the supervisory authorities for the non-public sector, broadcasting, churches, in Europe and other countries, as well as the Virtual Data Protection Office can be found there: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The supervisory authority responsible for us is the Hamburg Commissioner for Data Protection and Freedom of Information of the Free and Hanseatic City of Hamburg, LudwigErhard-Str 22, 7th floor, 20459 Hamburg.

In Switzerland, you can access information and a reporting portal via the website of the Swiss Confederation, Federal Data Protection and Information Commissioner FDPIC here.

Scroll to Top

Medienpartner

🎁 Verschenke unvergessliche Erlebnisse! 🎁

 Überrasche deine Liebsten mit einem Gutschein für unsere Detektiv-Trails und schenke Abenteuer, die in Erinnerung bleiben.

Jetzt bestellen

✨🌲 ✨