Privacy policy of ZÜCO Bürositzmöbel AG

We welcome your visit to our website and are delighted that you are interested in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable laws governing the protection of personal data, in particular the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementing laws that apply to us. We want to use this privacy policy to provide you with detailed information about how your personal data is processed by ZÜCO Bürositzmöbel AG and the rights that you enjoy. 

Personal data is any information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, phone number, e-mail address but also your IP address.

Data is deemed to be anonymous if no personal link to a user can be established.

 

Responsible office and data protection officer

Address                               Schuppisstrasse 7

                                           9016 St. Gallen, Switzerland

 

Contact information               Tel.: +41 71 775 87 87

                                           Fax: +41 71 775 87 97

 

Data protection contact          datenschutz@dauphin.de

 

Your rights as a data subject

We would firstly like to inform you here about your rights as a data subject. These rights are set out in Art. 15 - 22 EU-GDPR. They encompass:

  • The right to access information (Art. 15 EU-GDPR),
  • The right to erasure (Art. 17 EU-GDPR),
  • The right to rectification (Art. 16 EU-GDPR),
  • The right to data portability (Art. 20 EU-GDPR),
  • The right to restriction of processing (Art. 18 EU-GDPR),
  • The right to object to data processing (Art. 21 EU-GDPR).

In order to exercise these rights, please contact: datenschutz@dauphin.de. You should also do this if you have questions about how our company processes data or wish to withdraw consent you have granted. You furthermore have the right to lodge a complaint with a data protection supervisory authority.

 

Rights of objection

Please note the following in relation to your rights to object:

If we process your personal data for direct marketing purposes, you shall have the right to object to this data processing at any time without stating reasons for doing so. This also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, we shall no longer process your personal data for these purposes. Objection is free of charge and can be made informally, ideally by e-mailing: datenschutz@dauphin.de.

In the event that we process your data in order to safeguard legitimate interests, you can object to such processing for reasons appertaining to your particular circumstances at any time; this also applies to any profiling based on these provisions.

We shall then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

 

Purposes and legal bases of the data processing

When it comes to processing your personal data, the provisions of the EU-GDPR and all other applicable provisions of data protection law are complied with. The legal bases for the data processing are set out in particular in Art. 6 EU-GDPR.

We use your data for the purpose of initiating business, for meeting contractual and legal obligations, for implementing the contractual relationship, for offering products and services, and for strengthening the customer relationship, which may also include analyses for marketing purposes and direct advertising.

A requirement for permission under data protection law may also constitute your consent to data processing. Before you give your consent, we shall make you aware of the purpose of the data processing and your right to object.

If the consent also relates to the processing of special categories of personal data, we shall point this out to you explicitly in the consent. Processing of special categories of personal data in accordance with Art. 9 EU-GDPR shall only take place if this if necessary as a result of legal regulations and there is no reason to assume that you have an overriding legitimate interest in excluding the processing.

 

Passing on to third parties

We shall only pass on your data to third parties within the scope of the legal provisions or where appropriate consent has been given. Otherwise, there shall be no passing on to third parties, unless we are obliged to do this by mandatory laws (passing on to external bodies such as supervisory authorities or law enforcement authorities).


Recipients of the data / categories of recipients

Within our company, we make sure that only those people who require your data to fulfil contractual and legal obligations actually receive this data.

In certain cases, service providers assist our departments in fulfilling their tasks. The necessary set of agreements under data protection law have been entered into with all service providers.

 

Transfer to a third country / intention to transfer to a third country

Transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if this is required to fulfil the contractual relationship, prescribed by law or you have given us your consent to this.

We shall not transfer your personal data to any service provider or group company outside the European Economic Area.

 

Period of retention of the data

We shall retain your data for as long as it is required for the specific purpose of the processing. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention requirements under commercial law or fiscal law (e.g. Commercial Code, Fiscal Code, etc.). Unless there are any further retention requirements, the data shall routinely be erased once it has served its purpose.

We may also retain data if you have given us your consent to this or if there are legal disputes and we utilise evidence within statutory limitation periods, which can be up to thirty years; the standard limitation period is three years.

 

Secure transfer of your data

In order to protect the data that we store in the best way possible against random or deliberate manipulation, loss, destruction or being accessed by unauthorised persons, we take appropriate technical and organisational security measures. The security levels are constantly reviewed and upgraded to new standards in collaboration with security experts.

Any exchange of data from and to our website is done in encrypted format. The transmission protocol that we offer for our website is HTTPS, using the latest encryption protocols in each case. It is also possible to use alternative communication methods (e.g. sending by post).

 

Obligation to provide the data

Various items of personal data are required for establishing, implementing and terminating the contractual relationship and the contractual and legal obligations associated with it. The same applies to using our website and the various functions that it provides.

We have summarised details of this for you in the abovementioned point. In certain cases, data must also be collected or provided as a result of statutory provisions. Please note that your request cannot be processed or the contractual relationship on which it is based cannot be implemented if this data is not provided.

 

Categories, sources and origin of the data

The data we process is determined by the specific context: This depends, for example, on whether you are submitting an order online or entering a request in our contact form, whether you are sending us an application or lodging a complaint.

Please note that we may also provide information for particular processing situations separately at a suitable point, e.g. when uploading application documents or submitting a contact request.

 

When our website is visited, we collect and process the following data:

  • Name of the internet service provider
  • Details of the website that you access us from
  • Web browser and operating system used
  • The IP address assigned by your internet service provider
  • Files requested, amount of data transferred, downloads/file export
  • Details of our web pages that you access, including the date and time

 

As part of a contact request/request for promotional materials, we collect and process the following data:

  • Last name, first name
  • Contact details
  • Form of address
  • E-mail address
  • Details of wishes and interests/your message

 

As part of the registration process, we process the following data:

  • Last name, first name
  • Contact details
  • Form of address
  • E-mail address
  • Password

 

As part of the ordering process, we process the following data:

  • Last name, first name
  • Contact details
  • Form of address
  • E-mail address
  • Delivery address
  • Billing address

 

Contact request/request for promotional materials/contact by e-mail (Art. 6 (1) (a) (b) EU- GDPR)

Our website provides a contact form which can be used to contact us electronically or submit a request for promotional materials. If you write to us using the contact form, we shall process the data you provide in the contact form for the purpose of contacting you and responding to your questions and wishes.

In doing so, we observe the principles of data economy and data reduction in that you are only required to provide the data that is essential for us to contact you. This data is your e-mail address and the message field itself. In addition, for reasons of technical necessity and legal security, your IP address is also processed. All other fields are optional, so any further data you provide (e.g. for a more personalised response to your questions) is voluntary.

To protect the security and confidentiality of your data in the best way possible, we take appropriate security measures. Your request is sent to us in encrypted format.

If you contact us by e-mail, we shall use the personal data you provide in the e-mail exclusively for the purpose of processing your request.

 

Registration/customer account (Art. 6 (1) (a) (b) EU-GDPR)

On our website we give users the option to register by specifying personal data. The particular advantage of doing this is that you can view your order history and the data which you provide is stored for the order form. This means when you place another order, you do not have to enter this data again.

The registration is therefore required or possible either for fulfilling a contract with you (through our online shop) or carrying out precontractual measures if guest access is also provided.

The basic principle of data economy and data avoidance is observed here because only the data which is actually required for registration is marked as a required field with an asterisk (*). Examples of such data are the e-mail address and password including reconfirming the password.

To place an order in our online shop, we also require the billing address details (title, first name, last name, address) to be able to make a delivery. If the delivery address is different to the billing address, the above details must also be provided for the delivery address.

When a user registers on our website, the user’s IP address, the date and the time of registration will also be saved (technical background data). When you press the “Register now” button, you give your consent to the processing of your data.

Please note: The password which you assign is stored by us in encrypted form. Employees of our company are not able to read this password. They are therefore unable to give you any information if you have forgotten your password.

In this case, use the “Forgot password” function which will e-mail you a new password that is generated in automated fashion. No employee is authorised to ask you for your password by phone or in writing. Please therefore never reveal your password if you receive such requests.

When you complete the registration process, your data is stored with us for use in the protected customer section. As soon as you register on our website with your e-mail address as your user name and a password, this data will be provided for actions that you perform on our website (e.g. when you place orders in our online shop). Orders which have been executed can be viewed in the order history. You can specify any changes to the billing or delivery address here.

People who are registered can make changes/corrections to the billing or delivery address themselves in the order history. Our customer service team will also be happy to make any changes/corrections if you contact them. You can of course also close or delete your registration or customer account again.

 

Web shop (Art. 6 (1) (b) EU-GDPR)

We shall only process the data which you provide on the order form for the purpose of implementing or handling the contractual relationship if you do not consent to any further use.

The basic principle of data economy and data avoidance is observed because you only need to provide us with the data that we absolutely require to implement the contract or to fulfil our contractual obligations (including your name, address, e-mail address) or that we are legally obliged to collect.

In addition, for reasons of technical necessity and legal security, your IP address is also processed. Without this data, we shall unfortunately have to decline to enter into the contract because we cannot then implement it or may have to terminate an existing contract. You can of course decide yourself to provide even more data if you wish to.

 

Automated case-by-case decisions

We do not use any purely automated processing operations to reach a decision.

 

Cookies (Art. 6 (1) (1) (a) (f) EU-GDPR, Section 25 (1, 2) TTDPA)

Our website uses what are known as cookies in several places. Cookies are small text files that are placed and stored on your end device. They are used to make our offering more user-friendly, more effective and more secure.

These cookies enable us to analyse how users are using our websites. This allows us to design the website content to reflect the needs of users. In addition, the cookies allow us to measure the effectiveness of a specific advertisement and to place it to reflect the topics that users are interested in, for example. The legal basis for this is your consent pursuant to Art. 6 (1) (a) EU- GDPR, Section 25 (1) TTDPA; in the case of cookies which are technically required to operate the website, the legal basis is Art. 6 (1) (f) EU-GDPR. Furthermore, we use cookies without your consent if their sole purpose is storing or accessing information stored on the device for transmitting messages or this information is essential to be able to provide the service you have explicitly requested, Section 25 (2) TTDPA.

Most of the cookies that we use are what are known as session cookies. They are deleted automatically after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser the next time you visit.

Most web browsers accept cookies automatically. But you can generally also change your browser settings if you would prefer not to send this information.

Cookies are stored on the user’s computer and transferred from it to our website. You as the user have control over the use of cookies. You can change the settings in your internet browser to disable or restrict the transfer of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This can be done in all standard internet browsers.

Please note: If you disable the placement of cookies, you may not be able to use all the features of our website in full.


Google Analytics (web tracking method, Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA)

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are placed on your computer to allow the way that you use the website to be analysed. The information generated by the cookie about the use of this website is generally transmitted to and stored by Google on a server in the United States. However, as IP anonymisation is activated on this website, your IP address will first be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address first be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purposes of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. The necessary set of agreements under data protection law have been entered into with the provider.

The legal basis for this is your informed consent in accordance with Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA.

Users’ personal data is deleted or anonymised after 14 months.

You can find more information about terms of use and data privacy at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.

You may refuse the storage of cookies by selecting the appropriate setting in your browser software; however, please note that in this case you may not be able to make full use of all the functions of this website.

You can also opt out of Google tracking and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin which is available via the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

Furthermore, you can withdraw your consent for the future at any time. To do this, simply access our consent banner and unselect the corresponding cookie(s). Please note that the change to the consent banner settings must be made individually for each device.

Revoke your acceptance of cookies


Matomo (Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA)

On our website we use the web tracking tool Matomo. The legal basis for this is Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA.

Matomo uses “cookies”, which are text files that are stored on your computer and allow us to analyse how the website is used. For this purpose, the use information which is generated by the cookie (including your shortened IP address) is transmitted to our server and stored for use analysis purposes, which then allows us to optimise the website. In this process, your IP address is immediately anonymised so that you as a user remain anonymous to us. The information about your use of this website which is generated by the cookie is not passed on to third parties. You can prevent the use of cookies by making an appropriate setting in your browser software, but in this case you may not be able to make full use of all the functions of this website.

You can find further information and the relevant privacy policy of Matomo at https://matomo.org/privacy/.

Furthermore, you can withdraw your consent for the future at any time. To do this, simply access our consent banner and unselect the corresponding cookie(s). Please note that the change to the consent banner settings must be made individually for each device.

Revoke your acceptance of cookies


Google Maps (Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA)

We use Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Maps is a web service for depicting interactive (country) maps in order to present geographical information visually. When you make use of this service, you will be shown our location and you can plan how to get here. When you first access the website, Google Maps is deactivated and there is no processing of data by Google. A direct link to the Google servers is only established when you activate Google Maps yourself or have given your consent in accordance with Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA through our cookie banner. You can withdraw your consent here at any time.

Revoke your acceptance of cookies


This prevents your data being transferred to Google the first time you access the site. Following activation, Google Maps will store your IP address. This will then generally be transferred to a Google server in the USA and stored there. You can find additional information on how user data is handled in the Google privacy policy: https://policies.google.com/privacy?hl=en&gl=en

 

Videos on our website (Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA)

Various videos from the Google-operated site YouTube are embedded on our website. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use the enhanced privacy mode of YouTube for the embedded videos. This means that, if you are not logged into your YouTube account, no cookies will be set by YouTube.

We have embedded at least one plugin from YouTube on our website. When you access our website, your browser will establish a direct connection to the YouTube servers. This will tell YouTube that your browser has visited the corresponding page on our website, even if you do not have a YouTube account or are not logged in to your account. This information is sent from your browser directly to a YouTube server in the USA and stored there.

In addition, when you access our website with the embedded YouTube video, your browser establishes a direct connection to the Google Marketing Platform (formerly DoubleClick). This gives Google at least the information that your browser has visited the corresponding website. This information is sent from your browser directly to a Google server and stored there. As soon as you click on the video, more data is also sent to the Google servers, but we do not have any influence on this.

If you are logged in to your YouTube account at the same time, it is also possible to assign the website access to your YouTube account and you would enable YouTube to assign your surfing behaviour directly to your personal profile.

If you want to prevent this transfer and storage of your data and your activity on our website by YouTube, you need to log out of YouTube before you visit our website and if necessary delete any cookies that have been placed by YouTube.

You can get more information about how your data is collected and used by YouTube in the Google privacy policy at

https://policies.google.com/?hl=en

When it comes to collecting data, we invoke your consent in accordance with Art. 6 (1) (a) EU- GDPR, Section 25 (1) TTDPA for the corresponding data processing.

You can withdraw your consent here at any time.

Revoke your acceptance of cookies


Facebook Custom Audiences (“Custom Audiences Pixel”)

This website uses the “Facebook Pixel” from the social media network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter also referred to as “Facebook”).

The data processing here is based on your consent in accordance with Art. 6 (1) (a) EU-GDPR, and if cookies are used also Section 25 (1) TTDPA.

You can also withdraw your consent for the future at any time. To do this, simply access our consent banner and unselect the corresponding setting. Please note that the change to the consent banner settings must be made individually for each device.

Revoke your acceptance of cookies


Personal data may be transferred by Meta Platforms Inc. to the USA. Corresponding contractual arrangements and guarantees are in place to ensure that the European level of data protection is complied with for the transfer of data to, and processing of data in, third countries.

The Facebook Pixel enables Facebook firstly to determine the visitors to our online offering as a target group for displaying advertisements (known as “Facebook ads”). Accordingly, we use the Facebook Pixel to display the Facebook ads which we place only to those Facebook users that have also shown an interest in our online offering or that have certain characteristics (e.g. interest in specific topics or products which are determined on the basis of the web pages that are visited) which we communicate to Facebook (“custom audiences”). We also want to use the Facebook Pixel to ensure that our Facebook ads reflect the potential interest of users and are not perceived as annoying. For these purposes, a cookie may be stored on the computer of users. The Facebook Pixel can be used to track the user behaviour over several pages once a Facebook ad has been viewed or clicked on. In this context, we also use cross-device tracking, which makes it possible to process the user data for marketing purposes across multiple devices.

This procedure is designed to evaluate the effectiveness of the Facebook ads for statistical and market research purposes and may help to optimise future advertising campaigns.

The data collected is usage data, location data, meta data and communication data (e.g. IP addresses and device information).

If you do not wish to receive any interest-based advertising, you also have the option of disabling the use of cookies by Facebook for these purposes in your browser settings. However, this may restrict some of the functionality of our web offering. We therefore also recommend the option to object at https://www.youronlinechoices.eu or http://optout.aboutads.info.

 

Social media (Art. 6 (1) (f) EU-GDPR)

On our website you will find links to our social media sites on YouTube, Pinterest, Instagram, LinkedIn and Facebook. You can identify links to these social media websites by the respective corporate logo. If you follow this link, you will access our company's presence on the respective social media network. When you click on a link to a social media network, a connection to the servers of the respective social media network is established. This tells the servers of the social media network that you have visited our website. In addition, further data is transmitted to the provider of the social media network. Examples of this data include:

  • Address of the website containing the activated link
  • Date and time that the website was accessed or the link was activated
  • Information about the browser and operating system use
  • IP address

In addition to us, the party responsible for the corporate sites within the meaning of the EU-General Data Protection Regulation (EU-GDPR) and other provisions of data protection law is

  • Facebook
    (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
     
  • Instagram
    (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
     
  • LinkedIn
    (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
     
  • YouTube
    (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
     
  • Pinterest
    (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)

If you are already logged in to the corresponding social media network at the time that the link is activated, the provider of the social media network may be able to determine your user name and possibly even your real name from the data which is transmitted and assign this information to your personal user account with the social media network. You can exclude this possibility of data being assigned to your personal user account if you log out of your user account first.

The servers of the social media network are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the social media network in countries outside the European Union. Please note that companies in these countries may be subject to data protection law that may not generally confer the same level of protection on personal data as the level that applies in the member states of the European Union.

Please note that we do not have any influence over the scope, nature and purpose of the data processing by the provider of the social media network. If you require more detailed information about how your data is used by the social media networks which are integrated on our website and your options for objecting to this, please visit the links below:

 

Online offers for children

 

Persons under 16 years of age may not transfer any personal data to us or submit a declaration of consent without the consent of a parent or guardian. We would like to encourage parents and guardians to actively participate in the online activities and interests of their children.

 

Links to other providers

 

Our website also contains – as is manifestly apparent – links to the websites of other companies. If there are links to websites run by other providers, we do not have any influence over their content. We therefore cannot give any guarantee or accept any liability in respect of this content. The respective provider or operator of the web pages is responsible for the content of these pages.

 

The linked pages were checked at the time that the link was set up for possible infringements and any discernible violations of the law. No unlawful content was discernible at the time the link was set up. However, it is not reasonable to expect the content to be checked constantly without specific indications of a violation of the law. If we become aware of any violations of the law, such links are removed immediately.