Data protection statement

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:


Online Retail GmbH
Alte Bahnhofstrasse 4
7250 Klosters


 General notice

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person has the right to protection of their privacy as well as protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.

In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorised access, loss, misuse or falsification.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. In the process, data such as pages called up or names of the file called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. No data will be passed on to third parties without your consent.

 

Processing of personal data

Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, we process personal data - insofar as and to the extent that the EU Data Protection Regulation applies - in accordance with the following legal bases in connection with Art. 6 para. 1 DSGVO:

  • Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or purposes.
  • Contractual performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request.
  • Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 para. 1 p. 1 lit. d. DSGVO) - Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Rightful interests (Art. 6 para. 1 p. 1 lit. f. DSGVO) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
  • Application procedure as a pre-contractual or. contractual relationship (Art. 9(2)(b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application procedure, so that the data controller or the data subject can fulfil the obligations imposed on him or her by labour law and the law on data protection. If the data is requested from job applicants so that the data controller or the data subject can exercise his or her rights under labour law and social security and social protection law and fulfil his or her obligations in this respect, it is processed in accordance with Article 9(2)(b) of the GDPR. DSGVO, in the case of the protection of vital interests of the applicants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's fitness for work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 (2) lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is based on Art. 9 (2) lit. a. DSGVO.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

 

Relevant legal basis

In accordance with Art. 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy statement, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) DSGVO, the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

 

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

 

Transfer of personal data

In the course of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

 

Data processing in third countries

If we process data in a third country (ie, outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or undertakings, this will only take place in accordance with the legal requirements.

Subject to explicit consent or contractually or legally required transfer, we process the data only in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

Privacy policy for cookies

This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. The primary purpose of a cookie is to store information about a user during or after their visit within an online service. Stored information may include, for example, language settings on a website, login status, a shopping cart or where a video was watched. The term cookies also includes other technologies that fulfil the same functions as cookies (e.g. when user details are stored using pseudonymous online identifiers, also known as "user IDs")

The following cookie types and functions are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for range measurement or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user inputs or for security reasons).
  • Statistics, marketing and personalisation cookies: Furthermore, cookies are usually also used in the context of range measurement and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as "tracking", i.e. tracking the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the consent given. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Storage period: Unless we provide you with explicit information on the storage period of permanent cookies (e.g. in the context of a so-called cookie opt-in), you will not be able to access your personal data. cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the https://optout.aboutads.info and https://www.youronlinechoices.com/ websites. In addition, you can receive further objection notices within the scope of the information on the service providers and cookies used.

Processing of cookie data on the basis of consent: We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers named in the cookie consent management procedure, can be obtained and managed and revoked by users. The declaration of consent is stored in order not to have to repeat the request and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • People concerned: Users (e.g. website visitors, users of online services).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Privacy Policy for SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Data protection declaration for server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

 

Third-party services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services of the American Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.

Google has undertaken to ensure adequate data protection in accordance with the US-European and the US-Swiss Privacy Shield.

Further information can be found in the Privacy Policy of Google.

 

Privacy Policy for Contact Form

If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact data you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

 

Data protection declaration for newsletter data

If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to check that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data will be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.

 

Privacy policy for comment function on this website

For the comment function on this website, in addition to your comment, information on the time of the creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.

Storage of IP address

Our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribing to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this feature at any time via a link in the info emails.

 

Rights of data subjects

Right to confirmation

Every data subject has the right to request confirmation from the website operator as to whether personal data concerning him or her are being processed. If you would like to make use of this right of confirmation, you can contact the data protection officer at any time.


Right of access

Every data subject with personal data affected by the processing has the right to obtain information about the personal data stored about him or her and a copy of this information from the operator of this website free of charge at any time. Furthermore, information may be provided about the following, if applicable:

  • the purposes of processing
  • the categories of personal data processed
  • the recipients to whom the personal data have been or will be disclosed
  • if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that period
  • the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: Any available information on the origin of the data

Furthermore, the data subject has a right of access to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards in connection with the transfer.

If you wish to exercise this right of access, you can contact our data protection officer at any time.


Right of rectification

Any person affected by the processing of personal data has the right to request the immediate rectification of any inaccurate personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you wish to exercise this right of rectification, you may contact our data protection officer at any time.


Right to erasure (right to be forgotten)

Any person concerned by the processing of personal data has the right to obtain from the controller of this website the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

  • The personal data have been collected or otherwise processed for purposes for which they are no longer necessary
  • The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing
  • The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to processing in the case of direct marketing and related profiling
  • The personal data have been processed unlawfully
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law, to which the controller is subject
  • The personal data have been collected in relation to information society services provided directly to a child

If one of the above reasons applies and you wish to arrange for the erasure of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the deletion request to be complied with immediately.


Right to restriction of processing

Any person concerned by the processing of personal data has the right to obtain from the controller of this website the restriction of processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data
  • The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims
  • The data subject has objected to the processing on grounds relating to his or her particular situation, and it is not yet clear whether the legitimate interests of the controller override those of the data subject

If one of the aforementioned conditions is met, you may at any time request the restriction of personal data stored by the controller of this website by contacting our data protection officer. The data protection officer of this website will arrange the restriction of the processing.


Right to data portability

Every person affected by the processing of personal data has the right to receive the personal data concerning him or her in a structured, common and machine-readable format. He or she also has the right to have this data transferred to another controller if the legal requirements are met.

Furthermore, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

To assert the right to data portability, you may at any time contact the data protection officer appointed by the operator of this website.


Right to object

Every person concerned by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.

The operator of this website shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if the processing serves the purpose of asserting, exercising or defending legal claims.

To exercise the right to object, you can contact the data protection officer of this website directly.


Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right to revoke a given consent to the processing of personal data at any time.

If you wish to exercise your right to revoke a consent, you can contact our data protection officer at any time.

 

Privacy Policy for Contradictory Advertising Mails

The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

 

Payable services

For the provision of payable services, we request additional data, such as payment details, in order to be able to execute your order or your order. We store this data in our systems until the legal retention periods have expired.

 

Google Ads

This website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking, you can reject the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain "googleleadservices.com" are blocked.

Please note that you may not delete the opt-out cookies as long as you do not wish any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

 

Use of Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google". The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. For further information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://policies.google.com/terms?hl=de.

 

Privacy Policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" in order to ensure anonymised collection of IP addresses. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is personally identifiable, this is immediately excluded and the personal data is immediately deleted.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Disable Google Analytics.

In addition, you can also prevent the use of Google Analytics by clicking on this link: Disable Google Analytics. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.

 

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate, for example, Google Analytics and other Google marketing services into our online offering. The tag manager itself, which implements the tags, does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

External payment service providers

This website uses external payment service providers through whose platforms users and we can make payment transactions:

    • payrexx https://www.payrexx.com/de/home/

In the context of fulfilling contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, in accordance with Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the respective payment service providers, which can be accessed within the respective website or transaction applications, apply to the payment transactions. We also refer to these for further information and assertion of revocation, information and other data subject rights.

 

Newsletter - Mailchimp

The newsletter is sent using the mailing service provider 'MailChimp', a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with the European level of data protection (PrivacyShield). The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO and an order processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO.

The dispatch service provider may use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

 

Data protection statement for YouTube

Functions of the "YouTube" service are integrated on this website. "YouTube" is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.

Your legal agreement with "YouTube" consists of the terms and conditions to be found at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=en. These Terms constitute a legally binding agreement between you and "YouTube" regarding your use of the Services. Google's privacy policy explains how "YouTube" handles your personal data and protects your data when you use the service.

 

Order processing in the online shop with customer account

We process our customers' data in accordance with. The data protection provisions of the Federal Data Protection Act (Datenschutzgesetz, DSG) and the EU-DSGVO, in the context of the ordering processes in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.

The processed data include master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the scope of operating an online shop, billing, delivery and customer services. We use session cookies, e.g. for storing the contents of the shopping cart, and permanent cookies, e.g. for storing the login status.

The processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfilment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer's request in the case of delivery or payment).

Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines, e.g. Google. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention being necessary for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c DSGVO. Information in the customer account shall remain until it is deleted and subsequently archived in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.

We store the IP address and the time of the respective user action within the scope of registration and renewed registrations as well as use of our online services. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.

Deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of retaining the data is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiry.

 

Contractual Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), for example, in order to answer enquiries.

We process this data in order to fulfil our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only disclose the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We inform the contractual partners which data are required for the aforementioned purposes before or within the scope of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons (e.g. for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications of the order, generally after the end of the order.

If we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Customer account: Contractual partners can create an account within our online offer (e.g. customer or user account, "customer account" for short). If registration of a customer account is required, contractual partners will be advised of this as well as of the information required for registration. The customer accounts are not public and cannot be indexed by search engines. Within the scope of registration and subsequent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account.

When customers have cancelled their customer account, the data relating to the customer account are deleted, unless their storage is required for legal reasons. It is the responsibility of customers to save their data when their customer account is terminated.

 

Analyses and market research: For business reasons and in order to be able to identify market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of data subjects includes contractual partners and users, whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purpose of business management evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). Where available, we may take into account the profiles of registered users together with their details, e.g. services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarised data).

 

Shop and E-Commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such in the context of the order or comparable purchase process and includes the information needed for delivery or provision and billing as well as contact information in order to be able to contact you if necessary.

 

Agency services: We process the data of our customers in the context of our contractual services, which include e.g. conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services.

 

Copyright

The copyright and all other rights to content, images, photos or other files on the website, belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.

Whoever commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and possibly to damages.

 

General disclaimer

All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, accurate and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and up-to-dateness of information, including journalistic and editorial information. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect,will therefore be rejected unless there is evidence of wilful misconduct or gross negligence.

The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the contents of this website. Use of or access to this website is at the visitor's own risk. The publisher, its principals or partners are not responsible for any damages, such as direct, indirect, incidental, consequential or special damages, alleged to have been caused by the use of this website and consequently assume no liability for such damages.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed through external links on this website. The operators of the linked sites are solely responsible for their content. The publisher thus expressly dissociates itself from all third-party content that may be relevant under criminal or liability law or that may offend common decency.

 

Changes

We may adjust this privacy policy at any time without prior notice. The current version published on our website will apply. Where the Privacy Policy forms part of an agreement with you, we will notify you of the change by email or other appropriate means in the event of an update.

 

Questions to the data protection officer

If you have any questions about data protection, please write to us by e-mail or contact the person in our organisation responsible for data protection listed at the beginning of the data protection statement directly.

 


Source: SwissAnwalt