Privacy Policy Photobooth

Thank you for your interest in our photobooth. On this page you will find information on how we, Lindt & Sprüngli (Schweiz) AG, Seestrasse 204, 8802 Kilchberg, Switzerland, as the controller, process your personal data in connection with the photobooth.


Privacy Policy Photobooth

We are committed to handling your personal data responsibly. Consequently, we consider it as self-evident to comply with the statutory requirements of the Swiss and European Data Protection Law.

1. Data processing when taking a photo

Our photobooth automatically recognizes when a face is looking at the display and starts interacting. However, a recording or other processing of personal data only takes place by taking a photo if you have given your verbal consent. This consent constitutes our legal basis for the processing of your data within the meaning of Art. 6 para. 1 (a) of the EU GDPR.

2. Storage of your photo and withdrawal of consent

You can withdraw your consent at any time with effect for the future. In the case of photographs that you have not selected as a cover, the withdrawal will be made immediately by your selection of the preferred photograph. All other photos will be deleted immediately. Your cover photo will be stored until 31 December 2019 in order to enable you to access it for a limited period of time after the day the photo was taken. After this date, the photo will be automatically deleted. You can request the deletion of the photo und thereby withdraw your consent by sending us an email to:
. In order to identify you, we need the URL of the picture from the QR code.

3. Data processing when visiting the QR-Code-landing-page

If you scan the QR-code on the display of the photobooth and subsequently visit our landing page, our web server processes the following data:

This processing is necessary to connect your mobile device to our web server. The collection and processing of this data also serves the purposes of ensuring system security and stability, error and performance analysis as well as for internal statistical purposes. We will retain and evaluate this information on the visits to our website and about the functions used (e.g. download, print or share) for analytics purposes in order to understand how we can optimise our website and our marketing campaigns. In the aforementioned purposes, we have a legitimate interest in data processing pursuant to Art. 6 para. 1 (f) of the EU GDPR.

4. Use of cookies

In order to enable the use of certain functions of our website, we use so-called cookies. These are small text files that are stored on your end device. Cookies store certain settings about your browser and data about the exchange with the website. When a cookie is activated, it can be assigned an identification number that identifies your browser and allows the use of the information contained in the cookie. The cookies used on our website are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies).

Most web browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored on your computer or to always display a message when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies:

Disabling or rejecting cookies may prevent you from using the features of our website. Our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR is the legal basis for the data processing described above.

5. Disclosure of data to third-parties

Our website is operated by Ombori Apps AB (Centralplan 15, 11120 Stockholm, Sweden) on our behalf. The personal data described is stored on servers of Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521) in the Netherlands.

These service providers will use your data exclusively in accordance with our instructions and for the purposes set out in this privacy policy. They will also comply with the applicable data protection and security requirements.

In addition, your data may be disclosed if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from the use of the photobooth or the website.

Our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR is the legal basis for the data processing operations described.

6. Transfer of personal data abroad

The disclosure of personal data to third parties described in this data privacy policy may also involve the transfer of data abroad. If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies through contractual arrangements with these companies and by making sure that these companies are certified under the CH/EU-US Privacy Shield.

7. Right to information, deletion and correction

You have the following rights with regard to your personal data:

To exercise your rights, please send us an e-mail to: With regard to the exercise of the right of opposition and the withdrawal of consent, see also the previous sections of this privacy policy. In addition, you have the right to file a complaint with a data protection authority at any time.

8. Advice for children and parents

It is forbidden for children under 16 years of age, to transmit personal data about themselves to us. If we detect that such data has been transmitted to us, it will be deleted from our server. The parents (or legal guardians) of the child may contact us and request deletion of the data. For this purpose, we require a copy of an official document confirming you as a parent or guardian.

Last Update: June 2019