PRIVACY POLICY

Introduction

With this privacy policy, we inform you about the processing of personal data within the scope of the use of our Internet pages. The abbreviation GDPR stands for General Data Protection Regulation and refers to persons in the EU who visit our website (hereinafter referred to as “persons from the EU”). The abbreviation SDPA stands for Swiss Data Protection Act and refers to persons in Switzerland who visit our website (hereinafter referred to as “persons from Switzerland”).

Business-related processing

We also inform you about the processing of contract data (subject, duration, and customer categories) as well as payment data (bank details, payment history), which we require for the provision of contractual services to you.
We also inform you about our services, customer care, marketing, advertising, and market research, which are made possible by the data.
The name and address of the data controller within the meaning of data protection legislation and other provisions of a data protection nature:

Jolanda Steiner
Alte Landstrasse 81
CH-8700 Küsnacht
+41 78 602 16 10

Purpose

We give you information about the purposes of the data processing and name the legal basis in each case.

Consent

We shall inform you if consent is necessary for the treatment of the personal data. In the case of particularly sensitive personal data such as personality profiles, we provide for explicit consent (double opt-in).

Your rights

Right to information

According to Art. 8 SDPA / Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you will be processed by us. If this is the case, you have a right of access to this personal data and to further information as specified in Art. 8 SDPA/ Art. 15 GDPR.

Right to rectification

According to Art. 5 SDPA / Art. 16 GDPR, you have the right to demand from us immediately the correction of incorrect personal data concerning you. In consideration of the purposes of the processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

Right to deletion

Persons from the EU have the right to demand that we immediately delete personal data concerning them. We are obliged to delete personal data immediately if the corresponding requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR. In the cases provided for by law, persons from Switzerland also have the possibility to request the deletion of data (e.g. if data is no longer required/necessary or the consent for processing has been revoked).

Right to data transferability

According to Art. 20 GDPR, persons from the EU have the right to receive the personal data concerning them that they have provided to us in a structured, common, and machine-readable format, and they have the right to transfer this data to another data controller without any hindrance from us provided that the processing is based on an agreement in accordance with Article 6, paragraph 1 a) GDPR or Article 9, paragraph 2 a) GDPR or on a contract in accordance with Article, 6 paragraph 1 b) GDPR and the processing is carried out using automated procedures.

Right of objection

According to Art. 21 GDPR, persons from the EU have the right to object to the processing of personal data concerning them on the basis of Article 6, paragraph 1e or f GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you wish to exercise any right you are entitled to, please contact us using the above contact details, or use any of the other methods offered by us to send this notice. If you have any questions, please do not hesitate to contact us.

Legal remedies

For your protection, persons from Switzerland may invoke the Swiss legal remedies in accordance with Art. 15 / 25 / 27 / 29 SDPA.

Server log files

When you call up our website, the company commissioned by us to operate the website processes and stores technical information about the terminal device you are using (operating system, screen resolution, and other non-personal features) as well as the browser (version, language settings), in particular the public IP address of the computer with which you visit our website, including the date and time of access. The IP address is a unique numeric address at which your terminal device sends or retrieves data to the internet. As a rule, we or our service provider do not know who is behind an IP address unless you provide us with data that enables us to identify you during the use of our website. Furthermore, a user may be identified if legal action is taken against him or her (e.g. in the event of attacks against our website) and we gain knowledge of his or her identity as part of the investigation procedure. As a rule, you do not have to worry that we will be able to assign your IP address to you.
Our service provider uses the processed data (not person-related) for statistical purposes so that we can track which end devices with which settings are used to visit our website so that any necessary optimisations can be made. These statistics do not contain any personal data. The legal basis for the compilation of the statistics is Art. 6, paragraph 1 f) GDPR.

The IP address is further used so that you can call up and use our website technically as well as for the recognition and defence of attacks against our service provider or our website. Unfortunately there are always attacks to harm the operators of websites or their users (e.g. preventing access, spying on data, spreading malicious software (e.g. viruses) or other illegal purposes). Such attacks would impair the proper functioning of the computer centre of the company commissioned by us, the use of our website or its functionality, and the security of visitors to our website. The processing of the IP address, including the time of access, is done to defend against such attacks. With this processing through our service provider, we pursue the legitimate interest to ensure the functionality of our website and to fend off illegal attacks against us and the visitors to our website. The legal basis for the processing is Art. 6, paragraph 1 f) GDPR.

The stored IP data is deleted (by anonymisation) when it is no longer needed for the detection or defence of an attack.

Cookies

For the operation of our website, we use cookies and similar technologies (local storage) in order to ensure the technical functionality of our website and to store default settings made by users in their browser.

A cookie is a small text file that is stored on your terminal device when our website is accessed by your browser. If you call up our website again later, we can read these cookies again. Cookies are stored for varying lengths of time. At any time you have the option of setting which cookies to accept. However this may result in our website no longer functioning properly. You can also delete cookies yourself at any time. If you do not do this, we can specify how long a cookie should be stored on your computer when you save it. A distinction must be made here between session cookies and permanent cookies. Session cookies are deleted from your browser when you leave our website or when you exit the browser. Permanent cookies are stored for the duration that we specify.

We use cookies for the following purposes:

  • Technically necessary cookies that are absolutely necessary for the use of the functions of our website (e.g. recognition of whether you have logged in). Without these cookies, certain functions could not be provided.
  • Functional cookies that are used to perform certain functions that you wish to use.
  • Third party cookies. Third-party cookies are stored by third parties whose functions we integrate into our website in order to enable certain functions (e.g. integrated YouTube videos). They can be used to analyse user behaviour.
    Most browsers used by our users allow you to choose which cookies are to be stored and make it possible to delete (certain) cookies again. If you limit the storage of cookies to certain websites or do not allow cookies from third party websites, it is possible that our website can no longer be used to its full extent. Here you will find information on how to adjust the cookie settings for the most common browsers:
  • Google Chrome (support.google.com/chrome/answer/95647?hl=de)
  • Internet Explorer (https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies)
  • Firefox (https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen)
  • Safari (https://support.apple.com/kb/PH21411?locale=de_DE)

Registration/customer account

When you create a customer account, we process the information you provide in order to create and manage it as well as to enable you to use the services associated with your customer account. The basis of the processing is your consent (legal basis GDPR: Art. 6, paragraph 1a). If the creation of the customer account serves the conclusion of a contract with us, the additional basis for the processing is the fulfilment of this contract (legal basis GDPR: Art. 6, paragraph 1 b).

These data are stored until the deletion of the customer account. If we are required by law to store data for a longer period of time (e.g. to fulfil accounting obligations) or if we are legally entitled to store data for a longer period of time (e.g. because a current legal dispute against the holder of a user account), the data will be deleted once the storage obligation or the legal entitlement has expired.

Comment function

If you use the comment function on our site, the following personal data will be stored: Comment, time of comment creation, email address and user name, IP address.

Data processing is carried out on the basis of our legitimate interest in providing a comment function, the analysis, improvement, and economic operation of our business operations, and our internet offering as well as to combat illegal comments (Art. 6, paragraph 1). 1f GDPR).

Comments and related data (e.g. IP address) are deleted when the commented content has been completely deleted.

Disclosure of data to third parties

As a matter of principle, we do not pass on the personal data provided to us to third parties (i.e. in particular, not to third parties for advertising purposes).

However, we cooperate with third parties for the operation of these internet pages or for the provision of products/services. It may happen that such third parties gain knowledge of personal data. We carefully select our service providers – particularly with regard to data protection and data security – and take all measures required under data protection law for permissible data processing.

Data processing outside the EU

We generally process data in Switzerland (data transfer at contract conclusion, server log files, contact form, registration, cookies). For Switzerland, the EU has established an adequate level of data protection with Resolution 2000/518/EC. Service providers of ours, whose plug-ins and tools we use, process data outside the EU. This will be disclosed within the framework of this privacy policy when clarifying the plug-ins/tools used.

The appropriate level of data protection is guaranteed within the framework of participation in the “Privacy Shield” and the measures taken by the service provider for data protection and data security.

 

Data transmission upon conclusion of contract

If you buy a product in our shop, we will process the data provided by you for the conclusion and implementation of the contract. To the extent necessary, data will be transferred to service providers for the shipping and billing of your purchase. The legal basis for the processing is Art. 6, paragraph 1 b) GDPR.

We also process this data to identify and prevent fraud attempts on the basis of Art. 6, paragraph 1 f) GDPR. Our goal is to protect ourselves against fraudulent transactions.

Data stored in connection with the conclusion of a contract for the purchase of a product will be deleted after expiry of the statutory retention obligation. Insofar as legal recording and storage obligations (e.g. storage of invoices in accordance with tax law) exist as a result of the execution of a sales contract, the legal basis for processing is Art. 6, paragraph 1 c) GDPR.

We delete or anonymise the data if they are no longer required for the execution of the respective contract and if there are no longer any legal storage obligations.

Adaptation of privacy policy

We always keep this privacy policy up to date. Therefore, we reserve the right to change them from time to time and to update changes in the collection, processing, or use of your data. The current version of the privacy policy is always available at the following address:

Link to current privacy policy