1 Scope and overview
We collect personal data in order to provide better services to our customers. We are convinced that the alignment of our activities with the wishes and needs of our customers makes wine shopping even easier and more convenient. In the following, we inform about the processing of personal data when using our website and also offline in the context of customer relations and for the provision of services.
"Personal data" is any individual information about personal or factual circumstances of an identified or identifiable natural person. This means that it is information that is personally assigned to you and can say something about you. "Processing" in this context means any handling of your data, including in particular the collection, storage, administration, use, transmission, disclosure or deletion of personal data.
2 Responsible entity
processing on our website. We are at your disposal for questions regarding data protection of personal data for information, correction of data or the request for deletion of data, as far as this does not conflict with a legal obligation to retain data or a permissible circumstance that allows us to process the data. Please contact us via e-mail at email@example.com with the subject "Data Protection Request" or at our postal address with the addition "Data Protection Officer".
3 Scope and purpose of the personal data collected
3.1 Visit our website
When you visit our website, our servers store the access in a log file (so-called log files). The following technical data is collected automatically and without your intervention, as is the case with every connection to a web server:
the Internet Protocol (IP) address of the requesting computer
the name of the owner of the IP address range (usually your Internet access provider)
the date and time of access
the website from which the access was made (referrer URL) with the search term used, if applicable
the name and URL of the retrieved file
the status code (e.g. error message)
the operating system of your computer
the browser you are using (type, version and language)
the transmission protocol used (e.g. HTTP/1.1)
if applicable, your username from a registration/authentication
This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring and increasing the system security and stability of our systems and offers, analyzing the use of our offers and services, collecting general demographic information and enabling the optimization of our Internet offer (in particular, but not exclusively, product improvements, marketing measures, target group-specific advertising, etc.), as well as for internal statistical purposes.
An identification of you as a website user does not take place, except if you have a customer account and are registered (cf. para. 3.3 and 3.4).
3.2 Processing of orders
The aim of our website is to offer you wine in particular, as well as other goods and services. In this context, we process the personal data required for the conclusion, execution or termination of a contract. This includes in particular:
First name, last name
Billing and delivery address
Billing and payment information
Date of birth
Depending on the selected payment option, such as invoice, credit card or PayPal, the payment and thus also the processing of personal and payment data can take place via the corresponding payment system of the respective provider. In each case, the data protection provisions of the respective provider of the payment system also apply.
If you are registered and have a customer account, we may store your personal data in the customer account for the next purchase or contract conclusion. In particular, we store all information about your current and previous purchases and contract conclusions, i.e. the products, the services, the number of products and services per purchase, the payment amount. This data is used for analysis purposes (cf. para. 3.5).
3.3 Opening a customer account
To place orders in the online store, you can order as a guest or open a customer account. Which data is collected when opening a customer account can be seen from the input form provided for this purpose, whereby it is indicated which information is mandatory and which information can be provided voluntarily. For example, the following information can be requested and processed:
First name and surname
Complete postal address (home, shipping and/or billing address)
Credit card and account information (depending on the selected payment method)
Information about subscribed newsletters or other advertising
With the help of the customer account, we would like to provide you with protected and direct access to your basic data stored by us. You can view data about your completed, open and recently shipped orders and manage your address data, bank details and newsletter. In addition, lists of wines can be created (e.g. watch list, wish list).
We use the personal data for the processing and administration of our digital offers, for checking the plausibility of the data entered, i.e. for the establishment, content design, processing and modification of the contractual relationships concluded with you via your customer account and, in the case of chargeable services, for proper invoicing.
With your confirmation at the conclusion of the opening or the mutation of your data, you guarantee the correctness of the content of the data provided by you. You are obliged to treat the personal access data to the customer account confidentially and not to make them accessible to any unauthorized third party. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
3.4 Use of the website with a customer account
If you have a customer account and are logged in, we collect data for statistical reasons to enable the smooth functioning of the website and to analyze, optimize and personalize the use of our offers and services. Thus, we collect data on whether and how you use our digital offers, in particular, which functions and which content you perceive and how. Further information on the processing of this personal data can be found below.
3.5 Processing for marketing and analysis purposes; profiling
Our aim is to continuously improve the digital offers provided to you and to make them more needs-oriented and secure or to send you personalized advertising.
In some cases, your personal data is processed automatically in order to evaluate certain personal aspects (so-called profiling). This is used by us in particular to be able to inform and advise you in a targeted manner about certain services or products from us.
For this purpose, user-specific historical and future data that we have or will collect in the future may be linked on an ongoing basis using various analysis tools, and user behavior may be analyzed, aggregated, pseudonymized or anonymized across offers. To improve our database, we may consult publicly available data or data from third-party providers. For example, the following customer activities may be processed:
Contract data (including date of contract, type of contract, content of contract; contracting party; term of contract; value of contract; claims asserted under contract).
Purchasing information (including date of purchase; place of purchase; time of purchase; type, quantity, and value of goods and services purchased; shopping cart; abandoned shopping cart; payment methods used; paying agent; purchase history).
Customer service information (including returns of goods, complaints, warranty cases, delivery information)
Session data relating to visits to our websites, apps for mobile devices, or offers on Internet platforms, multimedia portals, or social networks (including duration and frequency of visits, language and country preferences, information about browser and computer operating system, Internet protocol addresses, search terms and search results; ratings submitted)
Location-based data when using mobile devices if you have activated location sharing
Communications via telephone, e-mail, or our live chat
The knowledge gained from your use of our offer may be used and exploited by other participating companies as part of the analysis of user behavior.
3.6 Contact and correspondence
We process personal data that you provide to us when you contact us via a contact form, by e-mail or via live chat, for example, by submitting personal data to us. We ask you to use your discretion in determining what data you wish to disclose to us through these means of communication.
Your personal data will be processed by us for the purpose of responding to your request, for quality assurance or optimization of our service offering, and for technical administration.
3.7 Lottery, prize draw, events and surveys
We process personal data that you provide to us for the respective purpose or that you have allowed us to use in accordance with these terms and conditions if you wish to participate in a lottery, prize draw, event or survey, etc.
We use the data you provide to organize and conduct the events and to notify and/or publish the winners on our portals, by means of direct notification or on social networks (e.g. Facebook, etc.).
We use the data you provide for conducting market research and surveys exclusively to improve the user experience and to further develop our products. The results consist exclusively of aggregated and anonymous data.
4 Newsletter, print magazine and direct marketing
You have the option to subscribe to our e-mail/SMS newsletter by providing your e-mail address and/or mobile phone number in order to receive regular information about our promotions, offers and news. The provision of further information, e.g. first name and surname, is voluntary and will be used to address you personally.
The newsletter will only be sent to you after you have entered your e-mail address or mobile phone number and clicked on the link in the confirmation message sent to you (so-called double opt-in procedure). By activating the confirmation link, you give us your consent to use your personal data. For the purpose of tracking your consent, we store your IP address or your mobile phone number as well as the date and time of your consent.
As a customer, you will receive regular postal advertising and/or e-mails and/or SMS with products and services of interest to you, in the case of e-mails based on your purchases, within the scope of the legal requirements and independently of the registration for our newsletter, unless you have already objected to this in the past. For this purpose, we use your postal address or, in the case of contact by e-mail, the e-mail address you have provided or, in the case of contact by SMS, the mobile telephone number you have provided. For the purpose of targeting advertising more closely to your interests, we may assign your data collected from business transactions such as purchases or returns to different customer or interest groups (profiling).
You can unsubscribe from the newsletter or our magazine at any time and without giving a reason either in your customer account or by e-mail or telephone. You can also unsubscribe from the e-mail/SMS newsletter yourself via the unsubscribe link included with each newsletter. By unsubscribing, you object to the use of your e-mail address or mobile phone number for the newsletter mailing.
5 Disclosure of data to third parties
We cooperate with other companies or persons or commission other companies or persons with the processing and storage of data. They may have access to your personal data or usage data, but only to the extent necessary to perform their tasks. If external processors are used, they are contractually obligated and technical and organizational measures are applied to ensure that they must comply with the same data protection law requirements and other obligations specified by applicable data protection law to which we are subject.
Except as described below, we will only disclose your personal information if
Your consent has been obtained;
there is a legal obligation;
this is necessary for the enforcement of our rights, in particular the enforcement of claims arising from the contractual relationship;
this is necessary for the fulfillment of the contract or the implementation of pre-contractual measures;
we have a legitimate interest in doing so and your contrary interests are not overridden; or
another legal permission exists.
5.1 Order processing
We share your data with third parties to the extent necessary in the context of the use of the website and the execution of the contract. For example, we share the necessary data with a transport service provider entrusted with the shipment of ordered goods, banks or other service providers. In the case of shipping service providers, they may also inform you about the delivery status of your packages.
5.2 Partner for credit checks and payment processing
Insofar as we make advance payments, e.g. in the case of a purchase on account, we may, if necessary, obtain creditworthiness information from a credit agency based on mathematical-statistical procedures in order to protect our legitimate interests. For this purpose, we transmit the address data required for a credit check to the credit agency CRIF Ltd. based in Zurich and use the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation, or termination of the contractual relationship. The creditworthiness information may include probability values (score values) calculated based on scientifically recognized mathematical-statistical methods, the calculation of which includes address data. Your interests worthy of protection are taken into account in accordance with the statutory provisions.
5.3 Entrepreneurial reorganizations
In the event of a sale, merger, or other reorganization of some or all of our company's assets, personal information may be transferred, sold or otherwise shared with third parties as part of that transaction or reorganization.
5.4 Partner for newsletter distribution by e-mail
For sending e-mail newsletters, we work together with "MailChimp" of the company The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (https://www.mailchimp.com/), to whom we pass on your data provided during the newsletter registration. Your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
Furthermore, MailChimp may use this data itself based on its legitimate interest in designing and optimizing the service to meet needs, as well as for market research purposes, for example, to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.
If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
To protect your data in the USA, we have concluded an order data processing agreement ("Data Processing Agreement") with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If interested, this data processing agreement can be viewed at the following internet address: https://mailchimp.com/legal/data-processing-addendum/ /.
5.5 Partner for sending SMS
For sending SMS in connection with the ordering process, newsletters, or wine tips, etc., we work with telXira Ltd liab. Co, Mühlebachstrasse 8008 Zurich, Switzerland (https://www.smsplattform.ch), to whom we pass on your contact details (e.g. first name, last name, cell phone number) provided during registration. Your data will generally be transferred to and stored in Switzerland, the EU/EEA, or the UK.
telXira uses this information to send and statistically evaluate SMS messages on our behalf. For the sent SMS messages, evaluations can be made, from which it is determined whether and when an SMS message was opened, and contents therein were clicked. In addition, technical information is recorded (e.g. time of retrieval). This data is used exclusively for statistical analysis, in particular concerning ordering processes, marketing measures and newsletter campaigns. The results of these analyses can be used to better adapt future orders, marketing measures and newsletters to the interests of the recipients.
Furthermore, telXira may use this data itself based on its legitimate interest in designing and optimizing the service in line with demand, as well as for market research purposes, for example, to determine which countries the recipients come from.
If you wish to object to the use of your mobile number for the receipt of SMS or the data analysis for statistical evaluation purposes, you must delete your mobile number from the customer account or unsubscribe from the receipt of SMS for the future via the www.flaschenpost.ch/en/sms page.
5.6 Partner for vouchers and special offers
As a thank-you for orders placed via our website, we provide you with access to vouchers and special offers for purchasing and obtaining other services from other providers on the Internet via Profity, an offer from our partner adfocus GmbH (Zug, Switzerland). In order to provide you with this access, we include a corresponding notice from adfocus when you complete orders on our website via an encrypted connection, whereby data such as your IP address in particular is exchanged with adfocus. Any personal data that is exchanged in this context is used exclusively to be able to offer Profity permanently, securely, and reliably.
5.7 Partner for communication with prospects and customers
For communication with prospects and customers (e.g., via e-mail, live chat, phone, messaging services), we work with Zendesk, Inc., 989 Market Street, San Francisco, CA 94103, USA (https://www.zendesk.com), to whom we pass on your contact data (e.g., first name, last name, cell phone number, e-mail address) provided during contact and communication. Your data is transferred to and stored on a Zendesk server in the European Economic Area (EEA).
Furthermore, for communication with prospects and customers, we use the services of Talkdesk, Inc., 201 Spare Street, Suite 1100, San Francisco, CA 94105, USA (https://www.talkdesk.com), to whom we pass on your contact data (e.g. first name, last name, cell phone number, e-mail address) provided when contacting and communicating with you. Your data is usually transferred to a Talkdesk server in the USA and stored there.
5.8 Hosting Partner
For the purpose of hosting and distributing website content, we use products from hosting partners based in Switzerland as well as abroad, who process our data on our behalf.
Hosting partners outside of Switzerland are:
Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA, ("AWS"). AWS is hosted exclusively at the AWS data center in Frankfurt a.M., Germany.
Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google's data centers are located in the Netherlands, Finland, Ireland and Belgium. Further information about the locations:
The transmission of data as well as the data storage in the data centers are encrypted. The data centers are organized globally and are characterized by high-security standards and the use of modern encryption technology. Among other things, all data and information are broken down into small pieces of information, additionally encrypted and stored in a distributed manner across the data center infrastructure. Access to clear data or even use of data by Google or its system administrators in the respective data centers is explicitly excluded by contract. If data is processed and stored in data centers outside the EU states or the European Economic Area, an appropriate level of data protection in accordance with Swiss and European data protection laws is ensured with EU standard contractual clauses. You can view further information on data protection and data security here: https://cloud.google.com/security/privacy
6 Transfer of personal data abroad
We are also entitled to transfer your personal data to commissioned third-party companies abroad. These are obligated to data protection to the same extent as we. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times. We ensure this in each case through one or more of the following measures:
by concluding standard contractual clauses of the European Commission with the commissioned service providers, cf. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
by the existence of Binding Corporate Rules (BCR) recognized by a European data protection authority at the contracted service providers, cf. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en
Most Internet browsers ("browsers") automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or a notice always appears when you receive a new cookie.
Deactivating cookies may mean that you can no longer fully use all the functions of our website.
8 Tracking and analysis tools
For the purpose of demand-oriented design and continuous optimization of our website, we use the following tracking and web analytics services from third-party providers, such as Google Analytics from Google Inc. In addition to the data listed in section 3, we may receive the following information:
Navigation path that a visitor takes on our website
Dwell time on the website or subpage
Subpage on which the website is left
Country, region, or city from where access is made
End device (type, version, color depth, resolution, width, and height of the browser window)
Information whether visitor is recurring or new.
This information is used to evaluate the use of the website, compile reports on website activity and provide other services related to website and internet use for the purposes of market research and demand-oriented website design. A transfer of data from our service partners to third parties only takes place due to legal regulations or within the framework of order data processing.
8.2 Analysis tools from Google
Due to the tools used by Google, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Google Analytics, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it.
Statistical evaluations are provided by Google. Based on these evaluations, we can see which of the advertising measures used is particularly effective. We do not receive any further data from the use of the advertising media; in particular, we have no way of combining the data with your personal data and identifying you.
8.2.1 Google Analytics
The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymizeIP") on this website. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is not returned to us. According to its own information, Google Inc. will in no case associate the IP address with other data concerning the user. For more information about the web analytics service used, please visit the Google Analytics website. A browser add-on to disable Google Analytics, can be found at https://tools.google.com/dlpage/gaoptout?hl=en.
8.2.2 Google Adwords
We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising tools (so-called Google Adwords) on external websites. We use this tool to display advertising that may be of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 90 days. The unique cookie ID, number of ad impressions per placement (frequency), internet browser, last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. If a user visits certain pages of the website and the cookie stored on his computer has not yet expired, Google can recognize that the user clicked on the ad at an earlier time and was redirected to this page.
8.2.3 Google Data Studio
We use the software Google Data Studio for the analysis, optimization and economic operation of our online offer, and for the visualization of data regarding user behavior on our website in the form of graphical reports. For this purpose, we use data from the Google Analytics web analytics service as well as other data sources (such as Google AdWords, Google Analytics, BigQuery). Entrepreneurs and developers use the Google web service BigQuery to be able to examine and move large amounts of data. For more information on using Google Data Studio, visit https://support.google.com/datastudio/answer/6283323?hl=en&ref_topic=6267740.
8.3 Analysis tools from Boxalino
We use the web analytics service Boxalino on our website. This service is operated by Boxalino Ltd., Hertistrasse 27a, 8304 Wallisellen, Switzerland ("Boxalino").
8.4 Use of social media plugins from Facebook
So-called social plugins ("plugins") of the social network Facebook are used on our website. Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
You can find an overview of the plugins here: https://developers.facebook.com/docs/plugins. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the corresponding social network or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider in the USA and stored there.
If you are logged in to one of the social networks, the providers can directly assign the visit to our website to your profile on Facebook. If you interact with the plugins, for example by clicking the "Like" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information will also be published on the social network and possibly displayed to your contacts there.
The purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this regard and setting options for protecting your privacy, can be found in the providers' data protection notices.
If you do not want Facebook to directly assign the data collected via our website to your profile in the respective social network, you must log out of Facebook before visiting our website.
You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. the Facebook plugins with the "Facebook Blocker".
8.5 Links to social media presences
Our website contains icons and buttons with references (links) to social media networks. This is merely a link to our presence on the relevant social media network and not so-called "social plugins". By clicking on the link, no user data is automatically transmitted to the social media network when the page is loaded.
The links lead to our social media presences in the following networks:
Facebook by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Instagram by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA,
When a link to one of our social media profiles is called up, a direct connection is established between the browser and the server of the social network concerned. This provides the network with the information that the customer visited our website with his IP address and called up the link. If you call up a link to a network while logged in with your account at the network in question, the content of our site can be linked to your profile at the network, which means that the network can assign the visit to our website directly to its user account. If you want to prevent this, you should log out of the respective network before you activate the corresponding links. An assignment will take place in any case if you log in to the relevant network after activating the link.
In order to be able to protect your privacy, please refer to the data protection notices of the providers of the social media networks for further details on the data collection and/or processing and use of your data by the respective social media network as well as your legal options and setting options:
8.6 A/B testing
In order to provide you with a better offer, we perform A/B tests during your visit to our website. In A/B tests, two different versions of a website are played. So some users get version A displayed, other users get version B of the website displayed. This is to determine which version is better received by the website users, in order to optimize the entire website bit by bit.
We use the web analytics services of the following providers for this purpose:
We use the online marketing services of the provider Criteo Ltd liab. Co, Gewürzmühlstr. 11, 80538 Munich, Germany.
Criteo's services allow us to display ads for and on our website in a more targeted manner to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he or she was interested in other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Criteo is active are called up, Criteo immediately executes a code from Criteo and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, dwell time and other information about the use of the online offer. The aforementioned information may also be combined by Criteo with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.
The processing of user data is pseudonymous, i.e. no clear user data (such as names) is processed and the IP addresses of users are shortened. Processing only takes place based on an online identifier, a technical ID. Any IDs communicated to Criteo (e.g. of a customer support system) or e-mail addresses are thus so-called hash values encrypted and stored as a series of characters that do not allow identification.
We use technologies of behamics Ltd., Davidstrasse 40, 9001 St. Gallen, Switzerland ("behamics").
The technologies serve us to individualize website content, play out behavioral incentives, and conduct tests to optimize user-friendliness. In this context, information about the behavior of users on our websites is processed. In addition to a cookie ID, information on the use of the shopping cart (added or removed items, total item prices), the order number and information on the called and/or selected items as they are displayed to the user as well as information on the visited pages as they are displayed to the user are recorded. As far as technically recognizable for us, the location of the user is also collected limited to the country and the (nearby) city. The collected information is transmitted to behamics together with a created SessionID and processed for evaluation.
This information is allocated to segments on our behalf according to various criteria in order to evaluate it for the purposes described above and thus enable us to offer user groups a tailored user experience on this basis.
The information is not used to identify individual users or merged with other data about individual users. Rather, the evaluation and any adjusted playout of content is carried out exclusively based on aggregated data within the framework of the segments formed. In particular, no information on names, contact details, addresses or customer numbers is collected. The SessionID and associated data in the segments are processed for a maximum period of 36 months in order to be able to evaluate seasonal effects. Re-identification of individual users does not take place.
We work with Microsoft Clarity and Microsoft Advertising to track how our store is used and interacted with. This is done through behavioral metrics, heat maps and session replays to improve and market our products/services. Website usage data is collected using first- and third-party cookies and other tracking technologies to determine the popularity of products/services and online activities. We also use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your information, please see the Microsoft Privacy Statement.
9 Data security
We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are continuously adapted and improved in line with technological developments.
You should always keep your account credentials confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
Internally, we have taken a variety of measures to protect your data and handle it with care. In doing so, our employees and the service companies we commission have been obligated to maintain secrecy and comply with the provisions of data protection law.
10 Retention period of personal data
We retain personal data only as long as deemed necessary to comply with applicable laws and to protect our rights (legal retention period, e.g., commercial and tax retention periods) or as long as necessary for the purposes for which it was collected.
In particular, we store the personal data collected from customers in accordance with the following periods and subsequently delete it, provided that there are no legal or operational storage obligations/reasons to the contrary, or we have informed you in advance about different storage periods:
Data collected during a purchase in the online store is generally kept for 10 years after the last processing operation for accounting reasons;
Personal data collected for marketing measures or web analyses are stored until the analysis is completed. The data is deleted at the latest two years after it is no longer used for advertising purposes or after expiry of the maximum retention period prescribed by law.
Data that is collected to provide the website is deleted when the respective session has ended. In the case of storage of data in log files, this is the case after three months at the latest.
11 Legal bases of the processing
If and to the extent that the European General Data Protection Regulation (GDPR) applies, the following provisions regarding the legal basis shall apply.
Article 6(1)(a) GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for compliance with tax obligations, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result, his or her name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital or another third party. Then the processing would be based on Article 6(1)(d) GDPR.
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out a safe and efficient provision and optimization of our online offer as well as our business activities in general for the benefit of the well-being of all our employees and our shareholders.
12 Entitlement to information, correction, deletion or complaint
You can request information at any time about all data available in our data collection that concerns you. In particular, you can request information about:
the processing purposes
the category of personal data
the categories of recipients to whom your data have been or will be disclosed
the planned storage period
The exercise of your rights requires that you prove your identity (e.g. by means of a copy of your ID card if your identity cannot be established otherwise). In addition, we reserve the right, in the event of a disproportionately large expense, to demand that you pay the effective costs in advance.
Further you are entitled,
obtain information about the legal basis of the processing;
immediately demand the correction of incorrect or completion of your personal data stored by us;
request the erasure of your personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion or defense of legal claims;
request the restriction of the processing of your personal data if (i) the accuracy of the data is contested by you, (ii) the processing is unlawful but you object to its erasure, (iii) we no longer require the data but you need it for the assertion, exercise or defense of legal claims or (iv) you have objected to the processing;
Receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another responsible party.
You may withdraw your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future.
We would like to point out that the exercise of your rights may be subject to legal restrictions. We reserve the right to assert these, e.g. if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require them for the assertion of claims. Please note that the exercise of your rights may, under certain circumstances, conflict with contractual agreements and may have corresponding effects on the performance of the contract (e.g. premature termination of the contract or cost consequences). Where this is not already contractually regulated, we will inform you in advance.
If your personal data is processed based on legitimate interests, you have the right to object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
In addition, you can complain to our Data Protection Advisor or to a supervisory authority at any time:
Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern, Tel: +41 (0)58 462 43 95
Status: June 27, 2022