1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Arnold Cordova, The Inner Circle, Rue du Rhône 40, 1204 Genève, Switzerland, e-mail: office@innercirclezone.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e. when you do not register or otherwise transmit information to us, we only collect the data that your browser sends to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

• Our visited website

• Date and time of access

• Amount of data sent in bytes

• Source/reference from which you reached the page

• Used browser

• Used operating system

• Used IP address (if applicable: in anonymized form)

Processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to subsequently review server log files if there are specific indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

Wix

For hosting our website and providing the technical infrastructure required to display our content, we use the services of:

Data processing may also occur through affiliated companies of the provider, such as:

Wix.com Inc.
500 Terry A Francois Blvd
San Francisco, CA 94158
USA

and

Wix.com Luxembourg S.a.r.l.
5 Rue Guillaume Kroll
L-1882 Luxembourg

All data collected on our website is processed on Wix servers. We have concluded a Data Processing Agreement (DPA) with the provider, which ensures the protection of our visitors’ data and prevents unauthorized disclosure to third parties.

For data transfers to Israel, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
Data transfers to the United States are based on appropriate safeguards according to GDPR requirements (such as Standard Contractual Clauses).

4) Contacting Us

When contacting us (e.g. via contact form or e-mail), personal data is processed solely for the purpose of handling and responding to your request and only to the extent necessary.

The legal basis for this processing is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your request aims at a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred that the matter has been conclusively resolved, provided that no statutory retention obligations apply.

5) Use of Customer Data for Direct Marketing

Shopify Email

Our email newsletters are sent using this provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

Based on our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data you provided during newsletter registration to this provider in accordance with Art. 6(1)(f) GDPR, so that they may send the newsletters on our behalf.

With your express consent pursuant to Art. 6(1)(a) GDPR, the provider also conducts statistical performance analyses of newsletter campaigns using web beacons or tracking pixels included in the emails to measure open rates and interactions with content. Device information (e.g. access time, IP address, browser type, operating system) may also be collected and analyzed but is not merged with other data sets.
You may withdraw your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider to protect our visitors’ data and prohibit disclosure to third parties.

For transfers to Canada, an adequate level of data protection is ensured by a European Commission adequacy decision.

6) Data Processing for Order Handling

6.1 To the extent necessary for performing the contract for shipping and payment purposes, the personal data we collect is transferred to the commissioned transport company and the commissioned financial institution in accordance with Art. 6(1)(b) GDPR.

Where we are contractually obliged to provide updates for goods with digital elements or for digital products, we process your contact information provided at the time of the order to personally inform you as required by law under Art. 6(1)(c) GDPR. Your contact details are used strictly for this purpose and only to the extent necessary.

To process your order, we also work with the following service providers who assist us in fulfilling the contract. Certain personal data is transmitted to these providers under the conditions described below.

6.2 Electronic Cancellation Option for Subscription Contracts

Consumers who have concluded paid subscription contracts through this website may cancel them via an electronic cancellation button in accordance with the applicable notice periods.

Activating the button leads to a confirmation page where the consumer can provide cancellation details, verify their identity, and submit the cancellation electronically.

Personal data is collected and transmitted to us in accordance with Art. 6(1)(b) GDPR only to the extent necessary to process the cancellation properly. Based on Art. 6(1)(b) GDPR, the data is also used to confirm receipt and the effective cancellation date in text form electronically. Additional legal basis: Art. 6(1)(c) GDPR. We are legally obligated to provide such an electronic cancellation option.

7) Website Features

7.1 Google Maps

This website uses the online mapping service:
Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive maps to visually present geographic information. It shows you our location and helps you navigate to it.

When you access subpages containing Google Maps, information about your use of the website (such as your IP address) is transferred to Google servers and stored there. This may also involve transmission to servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account through which you are logged in. If you are logged in, your data will be directly associated with your account. To prevent this, log out of your Google account before activating the map.

Google stores user data (even for non-logged-in users) as usage profiles and evaluates them.

Collection, storage, and evaluation occur in accordance with Art. 6(1)(f) GDPR based on Google’s legitimate interests in personalized advertising, market research, and/or tailoring Google websites to user needs. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

If you do not agree to the future transfer of your data to Google during the use of Google Maps, you can completely deactivate the service by disabling JavaScript in your browser.

Where legally required, we obtained your consent under Art. 6(1)(a) GDPR for this processing. You may withdraw this consent at any time.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards.

Further privacy information: https://business.safety.google/intl/de/privacy/

7.2 hCaptcha

We use the CAPTCHA service of:
Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA

The service checks whether input is made by a human or misused through automated systems, helping prevent spam, DDoS attacks, and similar harmful activities. To ensure this, the provider collects and evaluates the IP address, browser and operating system details, as well as the date and duration of the visit, which may be sent to the provider’s servers.

Legal basis: our legitimate interest in determining individual responsibility on the internet and preventing misuse and spam in accordance with Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider to ensure data protection and prohibit unauthorized transfer to third parties.

For transfers to the USA, the provider relies on the European Commission’s Standard Contractual Clauses to safeguard the European level of data protection.

8) Rights of the Data Subject

8.1 Under applicable data protection law, you have the following rights regarding the processing of your personal data (conditions are based on the cited legal provisions):

• Right of access under Art. 15 GDPR

• Right to rectification under Art. 16 GDPR

• Right to erasure under Art. 17 GDPR

• Right to restriction of processing under Art. 18 GDPR

• Right to notification under Art. 19 GDPR

• Right to data portability under Art. 20 GDPR

• Right to withdraw consent under Art. 7(3) GDPR

• Right to lodge a complaint under Art. 77 GDPR

8.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THIS AT ANY TIME. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

9) Duration of Storage of Personal Data

The duration of storage is based on the applicable legal basis, the processing purpose, and—if relevant—the statutory retention periods.

For data processed based on consent under Art. 6(1)(a) GDPR, storage continues until the consent is withdrawn.

If statutory retention periods apply to data processed under Art. 6(1)(b) GDPR for contractual purposes, such data is routinely deleted after the retention period expires unless it is still required to fulfill or initiate a contract or unless we have a legitimate interest in further storage.

For data processed under Art. 6(1)(f) GDPR, storage continues until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override your interests or the processing serves legal claims.

For data processed for direct marketing under Art. 6(1)(f) GDPR, storage continues until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise stated in this privacy notice, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.