Privacy policy

Privacy and Data Protection Policy of the Museum of Illusions Geneva

CONTEXT AND DATA CONTROLLER
The Museum of Illusions Geneva (“MOI”, “we”, “our” or “us”) attaches great importance to protecting your privacy and personal data.
The data controller within the meaning of the Federal Act on Data Protection (FADP) is:
BeFun SA – Rue de la Confédération 2 – CH-1204 Geneva, IDE CHE-378.515.214
By using this website (the “Service”), you consent to this Policy, which applies to the collection, processing, and handling of data gathered through our website. We collect information about the applications, browsers, and devices you use to access our Services in order to improve the user experience.
If you do not agree with these terms, please do not use our website.
This Policy applies exclusively to information collected through our website https://www.moigeneve.ch. It has been established in accordance with the Swiss Federal Act on Data Protection (nFADP) and its Ordinance (OFADP).
It does not apply to information you may share on other platforms (such as Facebook, Instagram, YouTube, or X/Twitter), which are governed by their own privacy policies.
WHAT INFORMATION DO WE COLLECT?
We collect information about you when you voluntarily provide it (e.g., by registering your email address, subscribing to a newsletter, or participating in a contest or survey) or when you use the website.
You may always choose not to provide certain information, but this may limit your access to certain site features.
A. Data collected directly
We collect data that you submit, including:

First and last name
Email address (for newsletters or contests)
Survey and form responses
B. Data collected automatically
When you access the website, we automatically receive technical information such as:
Your IP address, browser type, pages visited, and session duration
The unique identifier of your device, its type, and operating system
Aggregated information about site usage (frequency, events, performance data)

Information stored through analytics software is anonymized and not linked to the personal data you provide.
This data is collected to ensure the proper functioning of the website, enhance user experience, and analyze site usage in an anonymous and statistical manner.
Modification of your data: To modify any personal information you have shared with us, please contact us at [email protected] .

PURPOSES AND LEGAL BASES FOR PROCESSING (nFADP)
In accordance with Article 6 of the Federal Act on Data Protection (FADP), we process your personal data for strictly defined and justified purposes.
Contract Performance (Art. 6 para. 1 lit. b FADP): Processing is essential for managing your requests, executing orders placed (tickets, products), and providing the services requested.
Legitimate Interest (Art. 6 para. 1 lit. f FADP): Data processing is necessary for performing statistical analyses, performance tests, and product development to optimize our service and user experience, as well as for administering our contests and promotions.
Consent (Art. 6 para. 1 lit. a FADP): Sending direct marketing communications and newsletters is based on your express consent. This consent may be withdrawn at any time by clicking the unsubscribe link present in every email, without affecting the legality of the processing carried out prior to its withdrawal.
Legal Obligation (Art. 6 para. 1 lit. c FADP): Processing is necessary to comply with any applicable legal, regulatory, or administrative obligation (e.g., accounting, responding to authorities).
DATA SECURITY AND PROTECTION
The security of your personal information is of utmost importance to us. We implement and maintain appropriate security procedures and practices according to the nature of the data we store, to protect it from unauthorized access, use, or disclosure.
Please note that no security system is infallible. We cannot guarantee the absolute security of your data, including during transmission or storage on your device. We are, however, committed to notifying you and taking the necessary protective measures in the event of a data breach.
DATA COLLECTION THROUGH TECHNOLOGY AND THIRD PARTIES
A. Non-personal data
We automatically collect and store non-personal or anonymous information about your visit, including the date, time, pages viewed, referring link, and technical capabilities of your device. We use this aggregated information to improve the website’s security and usability.
B. Cookies and Similar Technologies
Cookies are small data files transferred to your device to recognize you and simplify your future visits (e.g., personalized ads, improved service performance). We also use Flash cookies and other local storage technologies.
Our website uses the following types of cookies:

Necessary cookies: essential for the website’s operation (loading, security, language, etc.)
Statistical cookies: used to measure and analyze site traffic anonymously
Marketing cookies: used only with your explicit consent, to personalize content and offers
You can manage your preferences at any time via our cookie management center or your browser settings.
Please note: disabling or deleting cookies may affect certain website features or cause them to display improperly.
“Do Not Track” signals: We do not respond to “Do Not Track” or similar signals. You can manage this preference in your browser settings.
C. Partners and Third Parties
We engage third parties to provide analytics on user behavior and navigation patterns. They may record device type, operating system, and on-site events.
We may share aggregated or anonymized visitor data with third parties. We are not responsible for the privacy practices of third-party websites linked from ours.

DATA RETENTION AND SHARING
We retain your information only for as long as necessary for the purposes for which it was collected, or until you request its deletion — whichever occurs first.
You may request deletion of your data at any time (see section below).
A. Data Sharing
We do not sell, trade, or otherwise transfer personally identifiable information to external parties, except in the following cases:
Service Providers: hosting partners or other entities assisting us in operating our website (subject to confidentiality agreements).
Legal Obligation: to comply with applicable law, court orders, or to protect our rights, property, or safety.
Business Transfers: in the event of a sale, merger, or acquisition, personal data may be included among the transferred assets.
B. Cross-Border Data Transfers
Your information may be stored and processed in any country where we maintain facilities or conduct operations. By using our website, your personal data may be transferred outside Switzerland.
In such cases, we implement contractual safeguards to ensure an equivalent level of data protection as required under Art. 16 of the nFADP.
YOUR RIGHTS UNDER THE nFADP
As a user, you have the following rights regarding the processing of your personal data:

The right to access a copy of your personal information (Art. 25 nFADP)
The right to rectify your personal data (Art. 32 nFADP)
The right to erasure (“right to be forgotten”)
The right to data portability (Art. 28 nFADP)
The right to object to the processing of your personal data (Art. 30 nFADP)
The right to withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal
To exercise any of these rights, please contact us at [email protected] .
We may verify your identity before fulfilling any request, to protect your data from fraud.

MISCELLANEOUS PROVISIONS
Children’s Guidelines:
If you are under 16 years of age, you may use the MOI website only with the involvement of a parent or guardian. We do not knowingly collect or store any personal information from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] so that we can delete it.

Policy Updates:
We reserve the right to update this Policy at any time. Any changes will be posted on this page, with the revision date updated accordingly. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.
Contact:
For any questions or requests regarding data protection, please contact us at: [email protected]

Effective date: October 1, 2025

Name	Provider	Purpose	Expiration
Wordpress_test_cookie	Wordpress	This cookie is used to check if the user's browser supports cookies.	Session
Wordpress_sec	Wordpress	This cookie is essential for the website's security functionality and is used to authenticate logged-in users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.	Session
Wordpress_logged_in_	Wordpress	This cookie is used to indicate when a user is logged in and who they are for most interface use.	14 days
PH_HPXY_CHECK	Wordpress	This cookie is used to save the information about the current session.	session
__cf_bm	Cloudflare	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.	1 hour
__cf_bm	Cloudflare	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.	1 hour
apbct_timestamp	CleanTalk	CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site.	never
apbct_urls	CleanTalk	CleanTalk Spam Protect sets this cookie to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.	never
ct_has_scrolled	CleanTalk	CleanTalk sets this cookie to store dynamic variables from the browser.	never
apbct_headless	CleanTalk	Cleantalk set this cookie to detect spam and improve the website's security.	never
apbct_visible_fields	CleanTalk	CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site.	never