Privacy policy
Version dated August 30, 2023
With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website. We specifically detail the purposes, methods, and locations of the processing of personal data. Additionally, we provide information about the rights of individuals whose data we process.
For specific or additional activities and operations, separate privacy policies and other legal documents such as General Contract and Travel Terms (GCTT), Terms of Use, or Participation Conditions may apply. We adhere to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) with the General Data Protection Regulation (GDPR).
1. Contact Information
Responsible for the processing of personal data:
Big Cats of India GmbH
Altwiesenstrasse 181, 8051 Zurich
We will notify you if, in specific cases, other parties are responsible for the processing of personal data.
Data Protection Officer
We have the following Data Protection Officer or Data Protection Advisor to serve as a point of contact for individuals and authorities regarding privacy-related inquiries:
Luc Lippuner
Altwiesenstrasse 181, 8051 Zurich
If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Big Cats of India LLC. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, Big Cats of India LLC has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
2. Terms and legal basis
We process personal data in accordance with Swiss data protection laws, including the Federal Act on Data Protection (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
Where applicable, and to the extent that the General Data Protection Regulation (GDPR) is in force, we process personal data based on at least one of the following legal grounds:
-
Article 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
-
Article 6(1)(f) GDPR for the necessary processing of personal data to safeguard the legitimate interests of us or third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Legitimate interests include, in particular, our interest in conducting our activities and operations on a permanent, user-friendly, secure, and reliable basis and communicating about them, ensuring information security, protection against misuse, enforcing our legal claims, and complying with Swiss law.
-
Article 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the laws of member states in the European Economic Area (EEA), as applicable.
-
Article 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
-
Article 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
-
Article 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, scope and purpose
We process personal data that is necessary to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. Such personal data may include categories such as inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, and contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer required will be anonymized or deleted.
We may engage third parties to process personal data on our behalf. We may also process or transmit personal data in collaboration with third parties, particularly specialized service providers whose services we use. We ensure data protection when working with such third parties.
We generally process personal data only with the consent of the data subjects. Where and to the extent that processing is permissible for other legal reasons, we may forego obtaining consent. For instance, we may process personal data without consent to fulfill a contract, comply with legal obligations, or safeguard overriding interests.
In this context, we particularly process information voluntarily provided by data subjects when contacting us—such as through postal mail, email, instant messaging, contact forms, social media, or phone—or when registering for a user account. We may store such information in an address book or similar tools. When we receive data about other individuals, the transmitting parties are obligated to ensure data protection for these individuals and ensure the accuracy of their personal data.
Additionally, we process personal data obtained from third parties, gathered from publicly accessible sources, or collected during the exercise of our activities and operations, where such processing is legally permissible.
4. Personal data abroad
We primarily process personal data in Switzerland and the European Economic Area (EEA). However, we may export or transmit personal data to other countries, particularly for processing purposes.
We may export personal data to all countries and territories on Earth and elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and, if applicable, the decision of the European Commission under the GDPR guarantees adequate data protection.
We may transmit personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured for other reasons, such as through standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we will provide data subjects with information about any safeguards or provide a copy of any safeguards.
5. Rights of data subjects
5.1. Data protection claims
We grant data subjects all rights in accordance with applicable data protection law. Data subjects have, in particular, the following rights:
-
Access: Data subjects may request information about whether we process personal data about them and, if so, which personal data it concerns. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the processed personal data itself, but also information about the processing purpose, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
-
Correction and Restriction: Data subjects may have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
-
Deletion and Objection: Data subjects may request the deletion of personal data ("right to be forgotten") and object to the processing of their data for the future.
-
Data Disclosure and Data Portability: Data subjects may request the disclosure of personal data or the transfer of their data to another data controller.
We may, within the legally permissible framework, postpone, restrict, or deny the exercise of data subjects' rights. We may also inform data subjects of any prerequisites that may need to be met for the exercise of their data protection claims. For instance, we may refuse to provide information based on business secrets or the protection of other individuals, in whole or in part.
For example, we may also refuse to delete personal data based on statutory retention obligations, in whole or in part. We may exceptionally charge fees for the exercise of rights. We will inform data subjects in advance of any potential costs.
We are obligated to reasonably verify the identity of data subjects who request information or exercise other rights. Data subjects are obliged to cooperate.
5.2 Right to lodge a complaint
Data subjects have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal entities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority where the GDPR is applicable.
6. Data security
We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risks. However, we cannot guarantee absolute data security.
Access to our website is secured using transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication, like all digital communication, is subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We have no direct control over the processing of personal data by intelligence agencies, law enforcement agencies, and other security authorities.
7. Website usage
7.1 Cookies
We may use cookies, which can include both first-party cookies (cookies originating from our website) and third-party cookies (cookies from third-party services we use). Cookies are data stored in the browser and are not limited to traditional text-based cookies.
Cookies can be stored in the browser either temporarily as "session cookies" or for a specific period as "persistent cookies." Session cookies are automatically deleted when the browser is closed. Persistent cookies have a specified storage duration. Cookies, in particular, enable the recognition of a browser during the next visit to our website, allowing us to measure the reach of our website, among other purposes. Persistent cookies may also be used for online marketing.
Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be fully functional. We request, at least where necessary, explicit consent for the use of cookies.
For cookies used for measuring success and reach, or for advertising purposes, many services offer a general opt-out option through platforms such as AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAd-Choices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
7.2 Server Log Files
For each access to our website, we may collect the following information, provided it is transmitted from your browser to our server infrastructure or can be determined by our web server: Date and time, including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, specific subpage of our website accessed, including the amount of data transmitted, and the last webpage visited in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website on a permanent, user-friendly, and reliable basis, as well as to ensure data security and, in particular, the protection of personal data, even by third parties or with the assistance of third parties.
7.3 Tracking Pixels
We may use tracking pixels on our website, also known as web beacons. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can collect the same information as server log files.
7.4 Comments
We allow you to post comments on our website. In this context, we process information provided by the commenting person, including the Internet Protocol (IP) address, date, and time. This information is necessary to enable the publication of comments and to ensure protection against misuse, which is in our predominant legitimate interest.
8. Notifications and communications
We send notifications and communications via e-mail and other communication channels such as instant messaging or SMS.
8.1 Success and reach measurement
Notifications and communications may contain web links or tracking pixels that capture whether an individual message was opened and which web links were clicked. Such web links and tracking pixels may also capture personal usage data. We require this statistical usage data for success and reach measurement to effectively and user-friendly send notifications and communications based on the needs and reading habits of recipients while ensuring their long-term, secure, and reliable delivery.
8.2 Consent and Objection
You generally need to provide explicit consent for the use of your email address and other contact information, unless the use is permissible for other legal reasons. For any consent, we use the "Double Opt-in" procedure whenever possible. This means you will receive an email with a confirmation link that you must click to prevent misuse by unauthorized third parties. We may log such consents, including the Internet Protocol (IP) address, date, and time, for evidence and security reasons.
You can generally object to receiving notifications and communications, such as newsletters, at any time. By objecting, you can also opt out of the statistical usage data collection for success and reach measurement. Required notifications and communications related to our activities and operations remain exempt.
8.3 Notification Service Providers
We send notifications and communications with the assistance of specialized service providers.
We use, in particular:
-
Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA), a subsidiary of Intuit Inc. (USA); Privacy information: Privacy Policy (Intuit), including "Country and Region-Specific Terms," "Mailchimp Privacy FAQ," "Mailchimp and European Data Transfers," "Security," Cookie Statement, "Privacy Rights Requests," "Legal Terms."
9. Social media
We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (T&Cs) and usage terms, as well as privacy policies and other provisions of the individual operators of such platforms, apply. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, including the right to access.
For our social media presence on Facebook, including the so-called Page Insights, we are jointly responsible – if and to the extent the General Data Protection Regulation (GDPR) applies – with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including those in the USA). The Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.
Additional information about the type, scope, and purpose of data processing, information on data subjects' rights, as well as contact details for Facebook and Facebook's data protection officer can be found in Facebook's Privacy Policy. We have entered into an "Controller Addendum" with Facebook, agreeing, among other things, that Facebook is responsible for ensuring data subjects' rights. For the so-called page insights, the corresponding information can be found on the page "Information about Page Insights" including "Information on page insights data".
10. Third-party services
We use services provided by specialized third parties to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. With the help of such services, we can embed features and content into our website. When embedding such content, the used services may, for technical reasons, temporarily collect users' Internet Protocol (IP) addresses.
For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data needed to provide the respective service.
We use, in particular:
-
Google services: Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Privacy and security principles", Privacy policy, "We are committed to complying with applicable data protection laws ", "Google product privacy guide", "How Google uses information from sites or apps that use our services" (information provided by Google), "Google uses cookies", "Personalised advertising" (activation / deactivation / settings)
10.1 Digital Infrastructure
We use services provided by specialized third parties to access the digital infrastructure required for our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use, in particular:
-
Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); information about data protection: Privacy policy
-
Wix: Website builder and other infrastructure; Providers: Wix.com Ltd. (Israel), jointly with Wix.com Ltd. (USA) / Wix.com Inc. (USA) / Wix.com Luxembourg S.à r.l. (Luxembourg); Privacy information: Privacy Policy, "Privacy & security hub," including Cookie Policy.
10.2 Social media features and social media content
We use third-party services and plugins to embed features and content from social media platforms and enable content sharing on social media platforms and other channels.
We use, in particular:
-
Facebook (Social Plugins): Embedding Facebook features and content, such as "Like" or "Share"; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including those in the USA); information about data protection: Privacy Policy.
-
Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including those in the USA); information about data protection: Privacy Policy (Instagram), Privacy Policy (Facebook).
10.3 Maps
We use third-party services to embed maps into our website.
We use, in particular:
-
Google Maps, including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: "How Google Uses Location Information."
10.4 Audio and Video
We use third-party services to enable the direct playback of digital audio and video content, such as music or podcasts.
We use, in particular:
-
YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy and Safety Center," "Your Data in YouTube".
10.5 Fonts
We use third-party services to embed selected fonts, as well as icons, logos, and symbols, into our website.
We use, in particular:
-
Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts," "Privacy and Data Collection."
10.6 Advertising
We use the opportunity to display targeted advertising for our activities and operations on third-party platforms, such as social media platforms and search engines.
With such advertising, we aim to reach individuals who are already interested in or could be interested in our activities and operations (remarketing and targeting). To achieve this, we may transmit relevant – possibly personal – information to third parties enabling such advertising.
We may also determine the success of our advertising, especially whether it leads to visits to our website (conversion tracking).
Third parties on which we advertise and where you are logged in may potentially associate the usage of our website with your respective profile.
We use, in particular:
-
Facebook advertising (Facebook ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including those in the USA); data protection information: remarketing and targeting, in particular with the Facebook Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy, "advertising preferences" (user registration required).
-
Google ads: search engine advertising; provider: Google; Google Ads-specific information: Advertising based on search queries, among other things, using different domain names - in particular doubleclick.net, googleadservices.com and googlesyndication.com - for Google Ads, "Advertising" (Google), "Why do I see a certain ad?".
-
Instagram ads: social media advertising; provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection information: remarketing and targeting in particular with Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), "Advertising preferences" (Instagram) (user registration required), "Advertising preferences" (Facebook) (user registration required).
11. Success and outreach measurement
We try to determine how our online offer is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the effect of third-party links to our website. But we can also, for example, try out and compare how different parts or versions of our online offer are used ("A/B test" method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements to our online offer.
In most cases, the Internet Protocol (IP) addresses of individual users are stored for the purpose of measuring success and reach. In this case, IP addresses are always shortened ("IP masking") in order to comply with the principle of data economy through the corresponding pseudonymisation. Cookies may be used to measure success and reach and user profiles may be created. Any user profiles created include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. As a matter of principle, any user profiles are created exclusively on a pseudonymous basis and are not used to identify individual users. Individual services of third parties with which users are registered may be able to assign the use of our online services to the user account or user profile of the respective service.
We use in particular:
-
Google Analytics: performance and reach measurement; provider: Google; Google Analytics-specific information: We use in particular: Google Analytics: performance and reach measurement; provider: Google; Google Analytics-specific data, also across different browsers and devices (cross-device tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only transmitted in full to Google in the USA in exceptional cases, "Safeguarding your data", "Google Analytics opt-out browser add-on".
12. Final provisions
We have created this data protection declaration with the data protection generator of Datenschutzpartner. We can adapt and supplement this data protection declaration at any time. We will inform about such adjustments and additions in an appropriate form, in particular by publishing the respective current data protection statement on our website.