Primarily, we process personal data that we collect through our website or other applications or, in the context of our business relationships with our customers and other business partners, from these persons and other persons involved.
We collect most of your personal data directly from you. We may also receive your personal data from a third party. The data may comprise the following categories:
Information from public sources (e.g. media, Internet)
Information from public registries (e.g. commercial register, debt collection register, land register)
Data relating to the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of visit, pages and content viewed, functions used, referring websites, location details)
Purposes and legal bases of data processing
We only process your data for defined purposes and only in legally admissible cases. In the following you will find the individual data processing activities on our website as well as the purposes and legal bases for processing the data.
The following reasons may apply as the legal basis:
- your consent
- the execution of a contract or pre-contractual measures;
- the fulfilment of legal provisions
- to safeguard your vital interests or those of another person or to perform a task in the public interest;
other relevant legal bases.
We may, under certain circumstances, require the services of third parties to provide our services and run our website, and may, therefore, outsource the processing of your personal data to third parties. In this case we will ensure, contractually, that these third parties adhere to the data privacy requirements. We may also be obliged to disclose your data to authorities or other third parties.
We will only disclose your personal data if one of the following conditions applies:
- You have given your consent
- a legal obligation applies
- if necessary so that we can enforce our rights, in particular to enforce claims arising from the contractual relationship
- if necessary to fulfil a contract or to carry out pre-contractual measures
- if we have a justified interest and your contrary interests do not outweigh it
- if some other legal permission applies.
In certain circumstances, your personal data may be also be transmitted to companies outside Switzerland for order processing. These companies are under the same data privacy obligations as we are. If the data privacy levels of the country to which the data are transmitted do not correspond to those of Switzerland or the European Union, we will contractually ensure that the same protection as in Switzerland or the European Union is guaranteed. This may be done through the standard data privacy provisions of the European Commission or a supervisory authority or an authorized and approved code of conduct in conjunction with binding and enforceable obligations placed on the recipient or authorized certification mechanisms combined with binding and enforceable obligations placed on the recipient.
Should the data be transmitted to a company in the USA, we will ensure that the necessary guarantees are obtained by contract.
We store personal data only for as long as is necessary to fulfil the individual purposes for which the data were collected. We store contract data for longer because we are obliged to do so by law. These retention periods arise from the legal provisions concerning the right to report suspicious activities, those concerning financial accounting, and from the tax laws. Under these provisions, business communications, signed contracts and posting documents must be stored for up to 10 years. Provided that we no longer require your data to perform the services, that data will be blocked. In this case, we only use the data for the purposes of financial accounting and taxes.
We take data security very seriously and apply appropriate technological and organizational security measures to protect your personal data from accidental or deliberate manipulation, loss, destruction or unauthorized access by third parties. We are continuously improving our security measures in line with technological developments.
Our website uses SSL (secure socket layer) combined with the highest encryption level supported by your browser. You can tell if a particular page of our website is encrypted because a closed lock icon is displayed on the status bar of your browser.
Obligation to provide certain personal data
In some instances, you may be obliged to disclose personal data to us in order to enter into a business relationship with us. These include personal data that are required to enter into and conduct a business relationship and to fulfil the respective contractual obligations. Without these data we are normally not in a position to enter into a contract with you (or the organization or person you represent).
In addition, the website can normally not be used unless certain details are disclosed to secure the data connection (such as the IP address).
You have the right to receive information from us about the personal data we have stored about you. You can also request the correction of incorrect data or the deletion of personal data if this is not prevented by a legal retention obligation or if a legally regulated activity permits such processing. Furthermore, you may, under certain circumstances, also limit or object to the processing of your personal data. You also have the right to request back the data you supplied to us (right to data portability). You have the right to receive the data in a common file format. We have already informed you, at the top of this document and in the sections about the respective data processing activities, of the option to revoke your consent.
Please note that legal restrictions may, under certain circumstances, apply to the exertion of your rights. We reserve the right to assert these rights, e.g. when we are obliged to store or process certain data, have an overriding interest in this (provided we are permitted to assert it) or if we require them to fulfil legal claims.
If you are affected by the processing of your personal data you have the right to enforce your rights through a court or to submit a complaint to the relevant supervisory authority. The relevant supervisory authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (http:www.edeob.admin.ch).
3. Individual data prozessing activities
Functioning of the website and creation of log files
When you visit our website, the Internet service provider automatically collects and stores information in “server log files” that your browser transmits to us. These include:
- Browser type and browser version
- Operating system used
- User’s Internet service provider
- Host name of connected device
- Date and time of server access
- User’s IP address
- Referrer URL (the page visited before)
- Time of server access
- Login status
These data cannot be attributed to a particular person and will not be merged with data from other sources. The purpose of storing log files is to guarantee the proper functioning of our website as well as the security of our IT systems. Consequently, such data are processed on the legal basis of the legitimate interests of the party processing the data.
Data are only stored for as long as is necessary to fulfil the purpose of being collected, and are therefore deleted automatically after a period of three months. Storing log files is essential for the operation of the website, and you therefore do not have the option of contesting this.
In the case of Google Analytics, Google will use the data on our behalf to evaluate your use of the website, compile reports on website activity and provide us with other services relating to the use of the website and the Internet. We use Google Analytics on the legal basis of our legitimate interest in analysing our website.
Our website uses Google Analytics including the functions of Universal Analytics. This allows us to analyse the activities on our website across devices (e.g. if it is accessed via a laptop and later via a smartphone). This is made possible by assigning a user ID to a user as a pseudonym. This is done, for example, when you register for a customer account or sign in with your customer account. No personal data will be forwarded to Google. The additional functions of Universal Analytics will not result in a limitation of the aforementioned data protection measures that include IP address anonymization and the Google Analytics opt-out.
Order processing in the online store and customer account
- We process the data of our B2B customers in the context of ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
- The processed data includes inventory data, communication data, contract data, payment data and the data subjects are our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of the operation of an online store, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
- We will treat your data as confidential, only forwarding them to third parties when necessary for the purpose of executing the contract. We must provide the forwarding agent (ProservicePac GmbH, D-Waiblingen, UPS) with your data for delivery purposes, and the relevant financial services provider with your payment details for payment purposes.
- Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information will be provided to users. User accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
- In the context of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against abuse and other unauthorized use.
The newsletter is dispatched via sendingblue.com (Sendinblue GmbH
Köpenicker Straße 126, 10179 Berlin, Germany). We forward your data to 1Sendinblue GmbH for this purpose.
You can rate our products and make comments on our website. If you make use of this option, we will store your IP address and your customer account number. We do this so that we can, if applicable, identify you at a later stage. If your comment violates the applicable law, we could be sued. We therefore have an interest in storing the data. Our legitimate interests in this regard serve as the legal basis.