Privacy Policy

Preamble

Jitterbugs GmbH is registered in the Swiss Commercial Register and is subject to Swiss data protection laws. We take data protection and the security of your personal data seriously. We are committed to processing data in compliance with the law and to maintaining open communication with data subjects.

In this Privacy Policy, we provide you with transparent information about what personal data we collect, why we process it, and what rights you have.

Scope of application

This Privacy Policy applies to all websites operated by Jitterbugs GmbH (including embedded web applications and online services offered), to course and festival registrations, to email communications, and to offline interactions at our events. It applies exclusively to the processing of data relating to natural persons.

Data processing is carried out in accordance with the Swiss Federal Act on Data Protection (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

The entity responsible for the collection, processing, and use of your personal data is:

Jitterbugs GmbH
Heiko Heckendorn
Bärenfelserstrasse 40a
4057 Basel
Switzerland

Email: info@baseljitterbugs.ch
Website: www.baseljitterbugs.ch

If you have any questions about data protection or exercising your rights, you can contact us at this address at any time.

2. What data we process and why

2.1 Hosting and Website Operations (Squarespace)

Our website is hosted by Squarespace Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA. Squarespace processes technical data on our behalf, such as IP address, browser type, operating system, pages viewed, date and time of access, and referrer URL.

This data is necessary to deliver the website and to ensure its secure and stable operation. No personal identification takes place; the data is used for statistical purposes and for error analysis. Log files are deleted after a maximum of 30 days, unless security-related incidents require them to be retained for a longer period.

Squarespace is certified under the Swiss-U.S. Data Privacy Framework and the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection for data transfers to the United States.

For more information: https://www.squarespace.com/privacy

Legal basis: Art. 31(2)(b) of the Revised Data Protection Act / Art. 6(1)(f) of the GDPR (legitimate interest in operating a secure website).

2.2 Cookies

We use cookies on our website. Cookies are small text files that are stored on your device. Among other things, they ensure that pages function properly, allow you to avoid re-entering all your information when booking, and enable us to analyze how the website is used.

We distinguish between:

  • Technically necessary cookies for the website's basic functions (e.g., shopping cart and login)
  • Analytics and marketing cookies (Google Analytics, Google Ads, Meta Pixel – see section 2.6)

For non-essential cookies, we obtain your consent via our cookie banner. You can withdraw your consent at any time via the cookie settings or block cookies altogether through your browser settings. If you disable cookies completely, certain website features may be limited.

Legal basis: Consent (Art. 6(3) revDSG / Art. 6(1)(a) GDPR) or legitimate interest for technically necessary cookies.

2.3 Course Registration and Contract Processing

When you register for a course, workshop, or festival, we process the necessary data:

  • First and last name
  • E-mail address
  • Phone number
  • Mailing address (for billing)
  • Dance role and level, if applicable
  • If applicable, information about your dance partner
  • Booking and Payment Information

We need this information to fulfill the course agreement, keep you updated on course-related information, and comply with our legal accounting obligations.

Legal basis: Performance of a contract (Art. 31(2)(a) revDSG / Art. 6(1)(b) GDPR) and statutory retention requirements (10 years in accordance with the Swiss Code of Obligations for accounting-related documents).

2.4 Health-related data (medical certificates, sick leave notifications)

In certain cases, we process health-related data—for example, when you submit a doctor’s note to have missed classes credited to your account, or when you withdraw from the program for health reasons. Health-related data is considered personal data requiring special protection.

We treat this information as confidential, do not share it with third parties, and delete it as soon as the specific purpose (e.g., processing your inquiry) has been fulfilled—but no later than the expiration of the statutory retention requirements for the underlying booking.

Legal basis: Explicit consent through the transmission of data (Art. 6(7)(a) revDSG / Art. 9(2)(a) GDPR) and the performance of a contract.

2.5 Billing and Payments

We use Run my Accounts AG, based in Switzerland, for invoicing and bookkeeping. To this end, we provide the data required for invoicing (name, address, service, amount). The processing and storage of this data takes place in Switzerland under a data processing agreement.

For festival registrations (e.g., Balboa Delight), we use the following payment service providers:

  • Payrexx AG, Burgstrasse 18, 3600 Thun, Switzerland (Swiss payment service provider; facilitates payments via credit card, Twint, PostFinance, and other methods). Privacy Policy: https://www.payrexx.com/de/datenschutz
  • Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Privacy Policy: https://stripe.com/ch/privacy

When making a payment, you enter your payment details (credit card number, bank account information, etc.) directly with the respective payment service provider—we do not receive or store this information ourselves. The payment service providers process your data in accordance with their own privacy policies.

Legal basis: Performance of a contract and legal obligations (Art. 31(2)(a) and (e) of the revDSG / Art. 6(1)(b) and (c) of the GDPR).

2.6 Web Analytics and Advertising

With your consent, we use the following analytics and marketing services:

Google Analytics & Google Ads provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users outside the U.S. and Canada).

  • Google Analytics helps us understand how our website is used. We have enabled IP anonymization, so your IP address is truncated before processing.
  • We use Google Ads (including conversion tracking) to measure the effectiveness of our online advertising and to reach people who might be interested in swing dancing.

Data may be transferred to Google LLC in the United States. Google LLC is certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks.

For more information: https://policies.google.com/privacy
Browser plugin for opting out: https://tools.google.com/dlpage/gaoptout

Meta tracking (Meta Pixel and Conversion API) provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

We use Meta’s tracking system (the Meta Pixel in the browser and the server-side Conversion API) to measure the effectiveness of our advertising on Facebook and Instagram and to target people with similar interests. In doing so, data may be transferred to Meta Platforms Inc. in the United States. Meta is certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks. We process data jointly with Meta based on a joint controllership agreement (Art. 26 GDPR).

For more information: https://www.facebook.com/privacy/policy

You can withdraw your consent for all analytics and marketing services at any time via our cookie banner.

Legal basis: Consent (Art. 6(3) revDSG / Art. 6(1)(a) GDPR).

2.7 External Marketing Support

To assist with the creation of marketing content, the development of marketing strategies, and the placement of advertisements, we work with an external marketing specialist (a freelancer based in the EU). As part of this collaboration, this individual is granted access to certain customer data—specifically, names, phone numbers, and information regarding booking behavior and course preferences—in order to develop targeted marketing initiatives.

This collaboration is governed by a Data Processing Agreement (DPA). The marketing specialist is contractually obligated to process the data exclusively on our behalf, in a confidential manner, and in accordance with applicable data protection regulations, and to delete it upon completion of the work. The marketing specialist will not use the data for their own purposes.

Legal basis: Legitimate interest in the professional marketing of our offerings (Art. 31(2)(b) revDSG / Art. 6(1)(f) GDPR).

2.8 Information via Email (Customer Information and Newsletters)

We send emails in three different ways. These are clearly distinct from one another and differ in terms of content and legal basis:

a) Contract-related communication

When you book a course, workshop, or festival with us, you will receive all contract-related information via email: booking confirmation, invoice, reminders, organizational notes, and course-related announcements (e.g., room changes or cancellations). This communication is part of the fulfillment of the contract and cannot be unsubscribed from as long as you are a participant in an ongoing program.

Legal basis: Performance of a contract (Art. 31(2)(a) revDSG / Art. 6(1)(b) GDPR).

b) Customer information on comparable offers

If you have booked with us, we will occasionally send you emails about similar events we are hosting (new classes, workshops, parties). We also mention this communication in our Terms and Conditions.

You can opt out of receiving these emails at any time—either by clicking the unsubscribe link in each email or by sending a message to info@baseljitterbugs.ch. The only costs incurred are the standard transmission fees.

Legal basis: Art. 3(2) UWG (direct marketing to existing customers regarding similar products or services offered by the company) and legitimate interest (Art. 31(2)(b) revDSG / Art. 6(1)(f) GDPR).

c) Newsletter (optional subscription)

Even if you haven't signed up for a class, you can still subscribe to our newsletter (for example, using the sign-up form on our website). The newsletter includes additional information about the swing scene, our activities, and special offers.

We use your email address, first name, and last name for this purpose. Registration is done via a double opt-in process: After signing up, you will receive a confirmation email that you must actively confirm.

You can unsubscribe from the newsletter at any time—either by clicking the unsubscribe link in each newsletter or by sending an email to info@baseljitterbugs.ch. Your registration information will be stored for as long as you remain subscribed to the newsletter.

Legal basis: Consent (Art. 6(3) revDSG / Art. 6(1)(a) GDPR).

Shipping

The mailings listed under b) and c) are sent using Squarespace’s newsletter feature (see section 2.1).

2.9 Email Contact

If you contact us by email, we will process your information (name, email address, content of your message) in order to respond to your inquiry. We use Google Workspace (Gmail) from Google Ireland Limited to handle our email. The same level of protection (DPF certification) applies here as well.

Legal basis: Performance of a contract or pre-contractual measures (Art. 31(2)(a) revDSG / Art. 6(1)(b) GDPR) or legitimate interest in efficient communication (Art. 6(1)(f) GDPR).

2.10 Use of AI-powered tools

To streamline our internal processes, we use AI-powered tools in some cases, specifically Claude from Anthropic PBC, San Francisco, USA. In certain instances, this may involve the transfer of personal data to Anthropic. Anthropic is certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and does not use API data to train its AI models. No automated decision-making takes place—the final processing is carried out by us. Further information: Anthropic Privacy Policy

Legal basis: Legitimate interest in the efficient conduct of business (Art. 31(2)(b) revDSG / Art. 6(1)(f) GDPR).

2.11 Photography and Videography at Events

During classes, parties, and festivals, we occasionally take photos and videos, which we use for marketing purposes (website, social media, newsletters). We’ll let you know before the event starts, and we’ll of course respect your wishes if you’d prefer not to be photographed—just let us know or speak directly to the person taking the photos.

Legal basis: Legitimate interest in promoting our services (Art. 31(2)(b) revDSG / Art. 6(1)(f) GDPR).

2.12 Social Media (Facebook, Instagram, Vimeo)

Our website includes links to our social media accounts. We do not use any active social media plugins that transmit data as soon as the page is loaded—these are simply links. Only when you click on a link will you be redirected to the respective platform, at which point its privacy policy applies:

3. Disclosure of Data

As a general rule, we do not share your personal data with third parties. In particular, we do not sell, exchange, or share data for marketing purposes. Exceptions:

  • Data processors who assist us in providing our services (Squarespace, Run my Accounts, Payrexx, Stripe, Google, Meta, Anthropic, external marketing specialist – see above). These parties are contractually obligated to process your data only in accordance with our instructions.
  • Government agencies, when we are legally required to do so.

4. Transfer of data abroad

Accounting and billing data is stored in Switzerland (Run my Accounts).

Some of our other service providers are based outside Switzerland and the EU, particularly in the United States. Transfers are made on the basis of the Swiss-U.S. and EU-U.S. Data Privacy Frameworks, which ensure an adequate level of data protection. Where this is not the case, we rely on standard contractual clauses or other appropriate safeguards in accordance with Art. 16 revDSG / Art. 46 GDPR.

5. Retention period

We retain personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations:

  • Server log files: up to 30 days
  • Email inquiries: until resolved, or for up to 2 years thereafter
  • Newsletter data: until you unsubscribe
  • Data relevant to accounting: 10 years (Art. 958f of the Swiss Code of Obligations)
  • Contract data not relevant for accounting purposes: up to 3 years after the end of the contract

6. Your Rights

You have the right at any time to:

  • To obtain information about what data we process about you (Art. 25 revDSG / Art. 15 GDPR)
  • To request the rectification of inaccurate data (Art. 32 revDSG / Art. 16 GDPR)
  • To request the deletion of your data, provided that no legal obligation to retain it precludes this (Art. 32 revDSG / Art. 17 GDPR)
  • Request restriction of processing (Art. 18 GDPR)
  • To request data portability, i.e., to receive your data in a commonly used format (Art. 28 revDSG / Art. 20 GDPR)
  • To object to the processing (Art. 21 GDPR)
  • To withdraw your consent at any time (effective for the future)
  • File a complaint with the relevant supervisory authority—in Switzerland with the FDPIC, and in the EU with the data protection authority in your country of residence

To exercise your rights, simply send an informal message to info@baseljitterbugs.ch. In cases where there is reasonable doubt, we reserve the right to request appropriate proof of identity in order to protect your data from unauthorized access.

7. Data Security

We take technical and organizational measures to protect your data against loss, tampering, and unauthorized access. Data is transmitted securely via SSL/TLS. We continuously update our security measures to reflect the latest technological advancements. Naturally, we cannot guarantee complete protection against all risks on the internet.

8. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy, for example, if legal requirements change or we introduce new services. You can always find the most current version on this page.

9. Contact

If you have any questions about data protection or exercising your rights:

info@baseljitterbugs.ch