Privacy politics

In this data protection declaration, we, the Textile Museum St. Gallen, explain how we collect and otherwise process personal data. This is not a final description; At most, other data protection declarations or general terms and conditions, conditions of participation and similar documents regulate specific matters. Personal data is understood to mean all information relating to a specific or identifiable person.

This website can be used without providing personal information. The information is always given on a voluntary basis. Without your express consent, your data will not be passed on to third parties for advertising purposes etc.

If you provide us with personal data of other persons such as family members, work colleagues etc., please make sure that the person (s) are familiar with this data protection declaration and only provide us with the data if you are permitted to do so and the personal data is correct.

This data protection declaration is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is important to us. The Swiss Data Protection Act (DSG) is heavily influenced by EU law, and companies outside the European Union or the EEA must comply with the GDPR under certain circumstances.


Personal data

Personal data are all data related to an identified or identifiable natural person. A natural person is considered to be identifiable if he or she directly or indirectly, in particular by assigning an identifier such as a name, identification number, location data, an online pseudonym or one or more special characteristics such as the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that person, can be identified.

Affected person

The data subject is the identified or identifiable natural person whose personal data are processed by the controller.


Processing is any automated and / or performed process with or without help in connection with personal data such as reading, querying, using, disclosing through transmission, distribution, or another type of provision, comparison or linkage, deletion, or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting your future processing.


Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict the interests, reliability, behavior, location or change of location of this natural person.


Pseudonymization is the processing of personal data in such a way that the personal data cannot be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.


The person responsible or responsible for processing is the natural or legal person, public authority, agency, or other body that alone or together with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for naming them can be provided in accordance with Union law or the law of the Member States.


The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.


The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.

Third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor.


Consent is any expression of will voluntarily given by the data subject for the specific case in an informed manner and unequivocally in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data is.

1. Responsibility

The St. Gallen Textile Museum is responsible for the data processing we describe here. If you have any data protection concerns, you can send them to the following contact address:

Textile Museum St. Gallen 
Vadianstrasse 2
9000 Gallen

2. Collection and processing of personal data

We primarily process the personal data that we receive from these and other people involved in the course of our business relationship with our customers and other business partners, or that we collect from their users when operating our websites, apps and other applications.

3. Purposes of data processing and legal bases

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of the operation of the museum, contact with our customers and the purchase of products and services from our suppliers and subcontractors, as well as to meet our legal obligations at home and abroad. If you work for such a customer or business partner, you can of course also be affected in this function with your personal data.

If you have given us your consent to process your personal data for certain purposes, for example when you register to receive newsletters or carry out a background check, we will process your personal data within the framework of and based on this consent, unless we have another legal basis and we need one. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.

4. Cookies, tracking and other technologies related to the use of our website


Our website offers users email addresses based on legal requirements to enable direct communication with us. If you contact us by email, the personal data you have transmitted will be saved. The personal data transmitted on a voluntary basis is stored for processing and contacting you. This data is not passed on to third parties. This data is only collected to process your request.


We send newsletters (in part) with advertising content only with the explicit consent of the recipient or a legal permission.

The registration is logged in order to be able to demonstrate the process in accordance with the legal requirements. This includes storing the email address, the time of registration and confirmation, the IP address and any names.

The newsletter is sent to the newsletter service provider Sendinblu, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the data protection regulations of the shipping service provider here.

Your data will be sent to Sendinbluafter registration. Sendinblu is prohibited from selling your data and using it for purposes other than sending newsletters. The shipping service provider can use your data in pseudonymous form to optimize or improve its own services. Google Analytics creates anonymous usage statistics.

You can cancel the receipt of the newsletter at any time. You will find a link to cancel at the end of each newsletter.

Data collection by the website hosting provider

Our server / hosting provider is GoEast GmbH, Oberstrasse 222, 9014 St. Gallen, Switzerland.

The web servers of GoEast GmbH collect general data and information each time our website is accessed. These are saved in the server’s log files. Among other things, the browser used and its version, the operating system, the referrer website, the sub-websites, the date and time of access, an internet protocol address (IP), the internet service provider (ISP) and other data and information, which serve to ward off dangers in the event of system attacks.

We do not draw any conclusions about the person from this general data and information. Rather, this information is used to deliver the content correctly, to optimize the website, to ensure the functionality of our IT systems and to be able to provide the necessary information in the event of a cyber-attack by the law enforcement agency.

The data can be statistically evaluated, but no personal reference is made. The anonymous data of the server log files are stored separately from all personal data provided by one person for six months.

Shipping company

To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, part of your data will be passed on to the shipping company responsible for delivery. This can include the delivery address, your name and your email address (for tracking).

Google Maps

On our website, the map service Google Maps is used to display an interactive map via an API. Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, is the provider. By using Google Maps, information about the use of this website (including your IP address) can be transmitted to and stored by Google on servers located in the United States.

The data obtained through Google Maps can be transferred to third parties if this is required by law or third parties process the data on behalf of Google. Under no circumstances will your IP address be linked to other Google data. However, based on the data received, it is technically possible for Google to identify individual user data. We have no influence on the processing of user data by Google.

The use of Google Maps is in the interest of an appealing presentation of our online offer and to make it easier to find the locations specified on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

You can find more information on the handling of user data in Google’s data protection declaration.

Google Analytics

We use Google Analytics on our newsletters.

This is a service provided by Google LLC, with which we can measure and evaluate the readership of the newsletter. Permanent cookies that the service provider sets are also used for this. Google does not receive any personal data from us and your anonymized IP address will not be linked to any other Google, but Google can track your reading behavior, and this information is combined with data from other websites that you have visited and also from Google Analytics are tracked and use this knowledge for their own purposes (e.g. control of advertising). If you have registered yourself with Google, the service provider also knows you. The service provider is then responsible for processing your personal data in accordance with its data protection regulations. The service provider only tells us how our newsletters are read without information about you personally.

You can download the opt-out browser extension via this link.

You can find more information on the handling of user data in Google’s data protection declaration.


If you have activated the Do-Not-Track feature on your browser, Matomo will not be activated. For statistical analysis of visitor access, we use the open source software “Matomo”, which is hosted on the servers of GoEast GmbH. Your IP address is only saved anonymously. We use Matomo to analyze which content is relevant to you, where users come to our website from and where there are problems. There is no specific observation of our users as an identifiable person. Matomo uses cookies to enable analysis of the use of our website. The information collected is stored on servers in the EU and deleted after three months.


Both we and the third-party providers with whom we work (Newsletter2Go, Zetcom etc.) are entitled to use scripts, web beacons and cookies associated with your use of the service, third-party websites and mobile applications. Cookies can be placed on your computer, mobile device, sent emails and on our website. Cookies can transmit information about your use of our service such as IP addresses, browser types and the date and time of use.

You can use your browser to make some cookie settings that prevent or permanently object to the setting of cookies. Set cookies can also be deleted. However, this can impair the functionality of our website. The settings vary depending on the device and browser. They can usually be found under security settings.

Cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, they do not have to log in again each time they visit.

5. Data transfer and data transfer abroad

As part of our business activities and the purposes according to para. 3, to the extent permitted and appears to us to be known, also known to third parties, either because they process them for us or because they want to use them for their own purposes. The following positions are particularly important:

  • Service providers from us (both inside and outside, such as banks, insurance companies), including order processors (such as IT providers);
  • Dealers, suppliers, subcontractors and other business partners;
  • Customers;
  • domestic and foreign authorities, official offices or courts;
  • Media;
  • The public, including website and social media visitors;
  • Competitors, industry organizations, associations, organizations and other bodies;
  • Acquirers or interested parties in the acquisition of business areas, companies or other parts of the association;
  • other parties in possible or actual legal proceedings;

all common recipients.

6. Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. So, for example, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation requirements. It is possible that personal data is kept for the time in which claims can be made against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the purposes mentioned above, they will be deleted and anonymized as far as possible. For operational data (e.g. system logs, logs), generally shorter retention periods of twelve months or less apply.

7. Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training [, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls.

SSL encryption

For security reasons and to protect the transmission of confidential content, we use SSL encryption. An encrypted connection can be recognized by the fact that the URL in the browser begins with “https: //” instead of “http: //” and the lock symbol in the browser line. With activated SSL encryption, third parties have no access to the data you have transmitted without enormous effort.

8. Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude or conclude a contract with you (or the agency or person you represent). The website can also not be used if certain information to ensure data traffic (such as IP address) is not disclosed.

9. Rights of the data subject

You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing and to provide certain personal data for the purpose of transfer and within the scope of the data protection law applicable to you and to the extent provided therein (such as in the case of the GDPR) to another location (so-called data portability). Please note, however, that we reserve the right to assert the statutory restrictions on our part, for example if we are obliged to store or process certain data, have an overriding interest (insofar as we can rely on it) or use them to assert Need claims. If you incur any costs, we will inform you in advance. We have already discussed the possibility of withdrawing your consent in para. 3 informed. Please note that the exercise of these rights can conflict with contractual agreements and this can have consequences such as can have premature contract termination or cost consequences. In this case we will inform you in advance where this is not already contractually regulated.

The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your ID where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given above.

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner.

10. Changes

We can change this privacy policy at any time without notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, we will inform you in the event of an  update about the change by e-mail or in another suitable manner.