PRIVACY POLICY

This privacy policy provides information about how we process personal data in connection
with our activities and operations, including our website at the domain name
www.goldeneggproject.com. In particular, we provide information about why, how, and
where we process personal data. We also provide information about the rights of individuals
whose data we process.
We may publish additional privacy policies or other information on data protection for
individual or additional activities and operations.Table of contents1. Contact
2. Terms and legal basis
2.1 Terms
2.2 Legal
3. Type, scope, and purpose of personal data processing
4. Disclosure of personal data
5. Communication
6. Data
7. Personal data abroad
8. Rights of data subjects
8.1 Data protection claims
8.2 Legal
9. Use of the website
9.1 Cookies
9.2 Logging
9.3 Tracking pixels
10. Notifications and communications
10.1 Success and reach measurement
10.2 Consent and objection
10.3 Service providers for notifications and communications
11. Social media
12. Third-party services
12.1 Digital infrastructure
12.2 Scheduling
12.3 Audio and video conferencing
12.4 Social media features and social media content
12.5 Digital content
12.6 Fonts
12.7 Advertising
13. Website extensions
14. Success and reach measurement
15. Final notes on the privacy policy

1. Contact
The responsible party in terms of data protection law is:
Viktoria Köstler
Seestrasse 538
8038 Zürich[email protected]In individual cases, third parties may be responsible for the processing of personal data or
there may be joint responsibility with third parties. We will be happy to provide affected
persons with information about the respective responsibility upon request.
2. Terms and legal basis
2.1 Terms
Data subject: Natural person about whom we process personal data.
Personal data: All information relating to an identified or identifiable natural person.
Sensitive personal data: Data about trade union, political, religious, or ideological views
and activities, data about health, intimacy, or ethnic or racial origin, genetic data, biometric
data that uniquely identifies a natural person, data about criminal and administrative
sanctions or persecution, and data about social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used,
such as querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining,
recording, collecting, deleting, disclosing, arranging, organizing, storing, changing,
distributing, linking, destroying, and using personal data.
2.2 Legal basis
We process personal data in accordance with Swiss law, in particular the Federal Act on
Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data
Protection Ordinance, DPO).
3. Type, scope, and purpose of personal data
processing
We process personal data that is necessary to enable us to carry out our activities and
operations in a sustainable, people-friendly, secure, and reliable manner. The personal data
processed may fall into the categories of browser and device data, content data,
communication data, metadata, usage data, master data including inventory and contact data,
location data, transaction data, contract data, and payment data. The personal data may also
constitute particularly sensitive personal data.
We also process personal data that we receive from third parties, obtain from publicly
available sources, or collect in the course of our activities and operations, to the extent that
such processing is permitted.
We process personal data with the consent of the data subjects to the extent necessary. In
many cases, we may process personal data without consent, for example to fulfill legal
obligations or to protect overriding interests. We may
also ask data subjects for their consent if their consent is not required.
We process personal data for the period of time required for the respective purpose. We
anonymize or delete personal data in particular in accordance with statutory retention and
limitation periods.
4. Disclosure of personal data
We may disclose personal data to Drine, have it processed by third parties, or process it
jointly with third parties. Such third parties may, for example, be specialized providers
whose services we use.
Within the scope of our activities and operations, we may disclose personal data in
particular to banks and other financial service providers, authorities, educational and
research institutions, consultants and lawyers, interest groups, IT service providers,
cooperation partners, credit and economic information agencies, logistics and shipping
companies, marketing and advertising agencies, media, parent, sister and subsidiary
companies, organizations and associations, social institutions, telecommunications
companies, insurance companies, and payment service providers.
5. Communication
We process personal data in order to communicate with individuals, authorities,
organizations, and companies. In doing so, we process in particular data that a data subject
provides to us when contacting us, for example by letter or email. We may store such data in
an address book or using similar tools.
Third parties who provide us with data about other individuals are obliged to ensure the data
protection of these individuals independently. In particular, they must ensure that such data
is accurate and may be transferred.
We use selected services from suitable providers to enable and improve communication
with individuals and other communication partners. We may also use such services to
manage and otherwise process the data of data subjects beyond the scope of direct
communication.
6. Data security
We take appropriate technical and organizational measures to ensure data security
commensurate with the respective risk. With our measures, we ensure in particular the
confidentiality, availability, traceability, and integrity of the personal data processed,
without however being able to guarantee absolute data security.
Access to our website and our other digital presence is secured by transport encryption
(SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS).
Most browsers warn you before you visit a website without transport encryption.
Like all digital communication, our digital communication is subject to mass surveillance
without cause or suspicion by security authorities in Switzerland, the rest of Europe, the
United States of America (USA), and other countries. We have no direct influence on the
processing of personal data by secret services, police agencies, and other security
authorities. We also cannot rule out the possibility that a data subject may be subject to
targeted surveillance.
7. Personal data abroad
We generally process personal data in Switzerland. However, we may also disclose or
export personal data to other countries, in particular for processing or to have it processed
there.
We may disclose personal data to all countries on Earth and elsewhere in the universe,
provided that the local law guarantees adequate data protection in accordance with a
decision by the Swiss Federal Council.
We may disclose personal data to countries whose laws do not guarantee adequate data
protection if appropriate data protection is ensured for other reasons, in particular on the
basis of standard data protection clauses or other appropriate safeguards. In exceptional
cases, we may export personal data to countries without adequate or appropriate data
protection if the specific data protection requirements are met, for example, the express
consent of the data subjects or a direct connection with the conclusion or execution of a
contract. Upon request, we will gladly provide data subjects with information about any
guarantees or a copy of the guarantees.
8. Rights of data subjects
8.1 Data protection claims
We grant data subjects all rights under applicable law. Data subjects have the following
rights in particular:
▪ Information: Data subjects may request information about whether we process personal
data concerning them and, if so, what personal data is involved. Data subjects will also
receive the information necessary to assert their data protection rights and to ensure
transparency. This includes the personal data processed as such, but also information on
the purpose of processing, the duration of storage, any disclosure or export of data to
other countries, and the origin of the personal data.
▪ Correction and restriction: Data subjects may correct inaccurate personal data,
complete incomplete data, and restrict the processing of their data.
▪ Right to express one's own point of view and right to human review: Data subjects
may express their own point of view and request review by a human being in the case of
decisions based solely on automated processing of personal data that have legal
consequences for them or significantly affect them (automated individual decisions).
▪ Deletion and objection: Data subjects may have personal data deleted ("right to be
forgotten") and object to the processing of their data with effect for the future.
▪ Data disclosure and data transfer: Data subjects may request the disclosure of
personal data or the transfer of their data to another controller.
We may defer, restrict, or refuse the exercise of data subjects' rights within the limits
permitted by law. We may inform data subjects of any conditions that must be met in order
to exercise their data protection rights. For example, we may refuse to provide information
in whole or in part on the grounds of confidentiality obligations, overriding interests, or the
protection of other persons. We may also refuse to delete personal data in whole or in part,
in particular on the grounds of statutory retention obligations.
In exceptional cases, we may charge a fee for exercising these rights. We will inform the
persons concerned in advance of any costs.
We are obliged to take appropriate measures to identify data subjects who request
information or assert other rights. Data subjects are obliged to cooperate.
8.2 Legal protection
Affected persons have the right to enforce their data protection claims through legal
channels or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in
Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
9. Use of the website
9.1 Cookies
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from
third parties whose services we use (third-party cookies) – are data that are stored in your
browser. Such stored data are not necessarily limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as "session cookies" or for a specific
period of time as so-called permanent cookies. "Session cookies" are automatically
deleted when the browser is closed. Permanent cookies have a specific storage period.
Cookies enable us, in particular, to recognize a browser when you next visit our website
and thus, for example, to measure the reach of our website. However, permanent
cookies can also be used for online marketing, for example.
Cookies can be deactivated, restricted, or deleted in whole or in part at any time in your
browser settings. Browser settings often also allow for the automatic deletion and other
management of cookies. Without cookies, our website may not be fully available. We
actively seek your express consent to the use of cookies, at least to the extent required by
applicable law.
For cookies used for success and reach measurement or for advertising, a general objection
("opt-out") is possible for numerous services via AdChoices (Digital Advertising Alliance of
Canada), the Network Advertising Initiative (NAI), YourAd-Choices (Digital Advertising
Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance,
EDAA).
9.2 Logging
We may log at least the following information for each access to our website and our other
digital presence, provided that this information is transmitted to our digital infrastructure
during such access: Date and time including time zone, IP address, access status (HTTP
status code), operating system including user interface and version, browser including
language and version, individual subpages of our website accessed including the amount of
data transferred, the last website accessed in the same browser window (referrer).
We log such information, which may also constitute personal data, in log files. This
information is necessary to ensure that our digital presence is permanent, user-friendly, and
reliable. The information is also necessary to ensure data security, including by third parties
or with the help of third parties.
9.3 Tracking pixels
We may incorporate tracking pixels into our digital presence. Tracking pixels are also
known as web beacons. Tracking pixels – including those of third parties whose services we
use – are usually small, invisible images or scripts written in JavaScript that are
automatically retrieved when you access our digital presence. Tracking pixels can be used to
collect at least the same information as is logged in log files.
10. Notifications and messages
10.1 Success and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an
individual message has been opened and which web links have been clicked on. Such web
links and tracking pixels may also record the use of notifications and messages on a personal
basis. We require this statistical recording of usage for success and reach measurement in
order to be able to send notifications and messages effectively and in a people-friendly
manner, as well as permanently, securely, and reliably, based on the needs and reading
habits of the recipients.
needs and reading habits of the recipients in an effective and user-friendly manner, as well
as permanently, securely, and reliably.
10.2 Consent and objection
You must always consent to the use of your email address and other contact details, unless
such use is permitted for other legal reasons. We may use the "double opt-in" procedure to
obtain double confirmation of your consent. In this case, you will receive a message with
instructions for double confirmation. We may log the consent obtained, including your IP
address and time stamp, for evidence and security purposes.
You can object to receiving notifications and communications such as newsletters at any
time. By doing so, you can also object to the statistical recording of usage for the purpose of
measuring success and reach. We reserve the right to send you notifications and
communications in connection with our activities and operations.
10.3 Service providers for notifications and communications
We send notifications and communications with the help of specialized service providers.
We use the following in particular:
▪ Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA
Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); data protection information:
Privacy Policy (Intuit) including "Country and Region Specific Terms" ("Country and
Region-Specific Terms"), "Frequently Asked Questions About Mailchimp's Privacy
Policy" ("Mailchimp Privacy FAQs"), "Mailchimp and European Data Transfers"
("Mailchimp and European Data Transfers"), "Security," Cookie Policy, "Requests
Regarding Privacy Rights," "Legal Terms."
11. Social media
We are present on social media platforms and other online platforms in order to
communicate with interested parties and provide information about our activities and
operations. In connection with such platforms, personal data may also be processed outside
Switzerland.
The general terms and conditions (GTC) and terms of use as well as data protection
declarations and other provisions of the individual operators of such platforms also apply.
These provisions provide information in particular about the rights of data subjects directly
vis-à-vis the respective platform, including, for example, the right to information.

12. Third-party services
We use the services of specialized third parties to enable us to carry out our activities and operations in a sustainable, people-friendly, secure, and reliable manner. These services enable us, among other things, to embed functions and content in our website. When such embedding takes place, the services used collect the IP addresses of users, at least temporarily, for technically compelling reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data in order to be able to offer the respective service.
We use the following in particular:
Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) in part for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Privacy and security principles," "More information about how Google uses personal data," Privacy policy, "Google is committed to complying with applicable data protection laws," "Guide to privacy in Google products," "How we use data from websites or apps that use our services," Cookie policy,
"Ads you can control" (settings for personalized advertising).
Microsoft services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: "Data protection at Microsoft," "Data protection and privacy," Privacy statement, "Data and privacy settings."
Digital infrastructure
We use services from specialized third parties to provide the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
ALL-INKL.COM: Hosting; Provider: ALL-INKL.COM - Neue Medien Münnich (Germany); Information on data protection: Privacy Policy, "Data Center / Server Location Germany."
Amazon Web Services (AWS): Storage space and other infrastructure; provider: Amazon Web Services Inc. (USA); information on data protection: Privacy Policy, "Data Protection Center," "Frequently Asked Questions About Data Protection."
12.2 Scheduling
We use the services of specialized third parties to arrange appointments online, for example for meetings. In addition to this privacy policy, any terms and conditions of the services used, such as terms of use or privacy policies, which are directly visible, also apply.
In particular, we use:
Google Calendar: Online scheduling; provider: Google; Google Calendar-specific information: "Scheduling with Google Calendar," "Privacy in Google Calendar."
12.3 Audio and video conferences
We use specialized services for audio and video conferencing to communicate online. This allows us, for example, to hold virtual meetings or conduct online lessons and webinars. The legal texts of the individual services, such as privacy policies and terms of use, apply in addition to participation in audio and video conferences.
Depending on your situation, we recommend that you mute your microphone by default when participating in audio or video conferences and blur the background or display a virtual background.
We use the following in particular:
Jitsi Meet: Video conferences; provider: 8x8 Inc. (USA); data protection information: privacy policy (Jitsi Meet), privacy policy (8x8 Inc.).
Zoom: Platform for collaborative work, especially with video conferencing; provider: Zoom Video Communications Inc. (USA); information on data protection: "Data protection at Zoom," privacy policy, "Legal compliance."
12.4 Social media functions and social media content
We use third-party services and plugins to embed functions and content from social media platforms and to enable content to be shared on social media platforms and by other means.
In particular, we use:
Instagram platform: embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: privacy policy (Instagram), privacy policy (Facebook).
LinkedIn Consumer Solutions Platform: Embedding LinkedIn features and content, for example with plugins such as the "Share Plugin"; provider: Microsoft; LinkedIn-specific information: "Privacy," privacy policy, cookie policy, cookie management/objection to email and SMS communication from LinkedIn, objection to interest-based advertising.
12.5 Digital content
We use services from specialized third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.
We use the following in particular:
YouTube: video platform; provider: Google; YouTube-specific information: "Data protection and security center," "My data on YouTube."
12.6 Font
We use third-party services to embed selected fonts, icons, logos, and symbols on our website.
We use the following in particular:
Adobe Fonts: Fonts; providers: Adobe Inc. (USA) for users in North America / Adobe Systems Software Ireland Limited (Ireland) for users in the rest of the world; information on data protection: "Adobe Privacy Center," privacy policy (Adobe Fonts), privacy policy (Adobe), "Questions about privacy?"
"Adobe privacy settings," cookie policy.
Google Fonts: Fonts; provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts," "Privacy and data collection" (Google Fonts).
12.7 Advertising
We use the option of displaying targeted advertising for our activities and operations on third-party websites such as social media platforms and search engines.
We use such advertising in particular to reach people who are already interested in our activities and operations or who may be interested in them (remarketing and targeting). To this end, we may transfer relevant information, including personal data, to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e., in particular, whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile there.
We use the following in particular:
Google Ads: search engine advertising; provider: Google; Google Ads-specific information: advertising based, among other things, on search queries, whereby various domain names – in particular doubleclick.net, googleadservices.com, and googlesyndication.com – are used for Google Ads, privacy policy for advertising, "Manage ads displayed directly via ads."
LinkedIn Ads: Social media advertising; providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); information on data protection: remarketing and targeting, in particular with the LinkedIn Insight tag, "Privacy," privacy policy, cookie policy, objection to personalized advertising.
Meta Ads: Social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); Information on data protection: Targeting, including retargeting, in particular with Meta Pixel and Custom Audiences, including Lookalike Audiences, privacy policy, "advertising preferences" (registration as a user required).
Extensions for the website
We use extensions for our website to enable additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.
In particular, we use:
Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?"
14. Success and reach measurement
We try to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party information or check how different parts or versions of our digital presence are used (A/B testing method). Based on the results of the success and reach measurement, we can, in particular, correct errors, strengthen popular content, or make improvements.
In most cases, the IP addresses of individual users are collected for the purpose of measuring success and reach. In this case, IP addresses are always shortened ("IP masking") in order to comply with the principle of data minimization through pseudonymization.
Cookies may be used and user profiles created for success and reach measurement. Any user profiles created may include, for example, the individual pages or content viewed on our digital presence, information about the size of the screen or browser window, and the location (at least approximate) of the device used to access our digital presence.
Individual pages visited or content viewed on our digital presence, information about the size of the screen or browser window, and the location (at least approximately). As a matter of principle, any user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Individual third-party services to which users are registered may be able to associate the use of our online offering with the user account or user profile for the respective service.
We use the following in particular:
Google Marketing Platform: Performance and reach measurement, in particular with Google Analytics; provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking), data protection declaration for Google Analytics, "Browser add-on to disable Google Analytics."
15. Final notes on the privacy policy
We have created this privacy policy using the privacy policy generator provided by Datenschutz-partner.
We may update this privacy policy at any time. We will inform you of any updates in an appropriate manner, in particular by publishing the current privacy policy on our website.This privacy policy was automatically translated into English using DeepL Pro. The original and legally binding version in German can be found at the following link: https://www.datenschutzerklaerung.ch/goldeneggproject-com-688db8dbbab45/
In case of any legal discrepancies or disputes, only the German version shall apply.

IMPRINT
Responsible for this website:
Viktoria Köstler, Psychologist MSc, FSP
Seestrasse 538
8038 Zurich, Switzerland
Email: [email protected]DISCLAIMER
The content of this website is for general informational purposes only.
It does not constitute medical, psychotherapeutic, or legal advice.
Psychological consultations with Viktoria Köstler are not to be understood as psychotherapy under the Swiss Psychology Professions Act (PsyG).While the information provided has been carefully reviewed, no liability is accepted for the accuracy, completeness, or timeliness of the content. Use of this website is at your own risk.External links:
No responsibility is accepted for the content of external websites linked here. The operators of those websites are solely responsible for their content.Copyright:
All content on this website (texts, images, artworks) is protected by copyright law.
Any use, reproduction, or distribution requires prior written permission from Viktoria Köstler or the respective rights holders as indicated.