Personal data is any information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, phone number, e-mail address but also your IP address.
Data is deemed to be anonymous if no personal link to a user can be established.
Responsible office and data protection officer
Address Schuppisstrasse 7
9016 St. Gallen, Switzerland
Contact information Tel.: +41 71 775 87 87
Fax: +41 71 775 87 97
Data protection contact firstname.lastname@example.org
Your rights as a data subject
We would firstly like to inform you here about your rights as a data subject. These rights are set out in Art. 15 - 22 EU-GDPR. They encompass:
- The right to access information (Art. 15 EU-GDPR),
- The right to erasure (Art. 17 EU-GDPR),
- The right to rectification (Art. 16 EU-GDPR),
- The right to data portability (Art. 20 EU-GDPR),
- The right to restriction of processing (Art. 18 EU-GDPR),
- The right to object to data processing (Art. 21 EU-GDPR).
In order to exercise these rights, please contact: email@example.com. You should also do this if you have questions about how our company processes data or wish to withdraw consent you have granted. You furthermore have the right to lodge a complaint with a data protection supervisory authority.
Rights of objection
Please note the following in relation to your rights to object:
If we process your personal data for direct marketing purposes, you shall have the right to object to this data processing at any time without stating reasons for doing so. This also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we shall no longer process your personal data for these purposes. Objection is free of charge and can be made informally, ideally by e-mailing: firstname.lastname@example.org.
In the event that we process your data in order to safeguard legitimate interests, you can object to such processing for reasons appertaining to your particular circumstances at any time; this also applies to any profiling based on these provisions.
We shall then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
Purposes and legal bases of the data processing
When it comes to processing your personal data, the provisions of the EU-GDPR and all other applicable provisions of data protection law are complied with. The legal bases for the data processing are set out in particular in Art. 6 EU-GDPR.
We use your data for the purpose of initiating business, for meeting contractual and legal obligations, for implementing the contractual relationship, for offering products and services, and for strengthening the customer relationship, which may also include analyses for marketing purposes and direct advertising.
A requirement for permission under data protection law may also constitute your consent to data processing. Before you give your consent, we shall make you aware of the purpose of the data processing and your right to object.
If the consent also relates to the processing of special categories of personal data, we shall point this out to you explicitly in the consent. Processing of special categories of personal data in accordance with Art. 9 EU-GDPR shall only take place if this if necessary as a result of legal regulations and there is no reason to assume that you have an overriding legitimate interest in excluding the processing.
Passing on to third parties
We shall only pass on your data to third parties within the scope of the legal provisions or where appropriate consent has been given. Otherwise, there shall be no passing on to third parties, unless we are obliged to do this by mandatory laws (passing on to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of the data / categories of recipients
Within our company, we make sure that only those people who require your data to fulfil contractual and legal obligations actually receive this data.
In certain cases, service providers assist our departments in fulfilling their tasks. The necessary set of agreements under data protection law have been entered into with all service providers.
Transfer to a third country / intention to transfer to a third country
Transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if this is required to fulfil the contractual relationship, prescribed by law or you have given us your consent to this.
We shall not transfer your personal data to any service provider or group company outside the European Economic Area.
Period of retention of the data
We shall retain your data for as long as it is required for the specific purpose of the processing. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention requirements under commercial law or fiscal law (e.g. Commercial Code, Fiscal Code, etc.). Unless there are any further retention requirements, the data shall routinely be erased once it has served its purpose.
We may also retain data if you have given us your consent to this or if there are legal disputes and we utilise evidence within statutory limitation periods, which can be up to thirty years; the standard limitation period is three years.
Secure transfer of your data
In order to protect the data that we store in the best way possible against random or deliberate manipulation, loss, destruction or being accessed by unauthorised persons, we take appropriate technical and organisational security measures. The security levels are constantly reviewed and upgraded to new standards in collaboration with security experts.
Any exchange of data from and to our website is done in encrypted format. The transmission protocol that we offer for our website is HTTPS, using the latest encryption protocols in each case. It is also possible to use alternative communication methods (e.g. sending by post).
Obligation to provide the data
Various items of personal data are required for establishing, implementing and terminating the contractual relationship and the contractual and legal obligations associated with it. The same applies to using our website and the various functions that it provides.
We have summarised details of this for you in the abovementioned point. In certain cases, data must also be collected or provided as a result of statutory provisions. Please note that your request cannot be processed or the contractual relationship on which it is based cannot be implemented if this data is not provided.
Categories, sources and origin of the data
The data we process is determined by the specific context: This depends, for example, on whether you are submitting an order online or entering a request in our contact form, whether you are sending us an application or lodging a complaint.
Please note that we may also provide information for particular processing situations separately at a suitable point, e.g. when uploading application documents or submitting a contact request.
When our website is visited, we collect and process the following data:
- Name of the internet service provider
- Details of the website that you access us from
- Web browser and operating system used
- The IP address assigned by your internet service provider
- Files requested, amount of data transferred, downloads/file export
- Details of our web pages that you access, including the date and time
As part of a contact request/request for promotional materials, we collect and process the following data:
- Last name, first name
- Contact details
- Form of address
- E-mail address
- Details of wishes and interests/your message
As part of the registration process, we process the following data:
- Last name, first name
- Contact details
- Form of address
- E-mail address
As part of the ordering process, we process the following data:
- Last name, first name
- Contact details
- Form of address
- E-mail address
- Delivery address
- Billing address
Contact request/request for promotional materials/contact by e-mail (Art. 6 (1) (a) (b) EU- GDPR)
Our website provides a contact form which can be used to contact us electronically or submit a request for promotional materials. If you write to us using the contact form, we shall process the data you provide in the contact form for the purpose of contacting you and responding to your questions and wishes.
In doing so, we observe the principles of data economy and data reduction in that you are only required to provide the data that is essential for us to contact you. This data is your e-mail address and the message field itself. In addition, for reasons of technical necessity and legal security, your IP address is also processed. All other fields are optional, so any further data you provide (e.g. for a more personalised response to your questions) is voluntary.
To protect the security and confidentiality of your data in the best way possible, we take appropriate security measures. Your request is sent to us in encrypted format.
If you contact us by e-mail, we shall use the personal data you provide in the e-mail exclusively for the purpose of processing your request.
Registration/customer account (Art. 6 (1) (a) (b) EU-GDPR)
On our website we give users the option to register by specifying personal data. The particular advantage of doing this is that you can view your order history and the data which you provide is stored for the order form. This means when you place another order, you do not have to enter this data again.
The registration is therefore required or possible either for fulfilling a contract with you (through our online shop) or carrying out precontractual measures if guest access is also provided.
The basic principle of data economy and data avoidance is observed here because only the data which is actually required for registration is marked as a required field with an asterisk (*). Examples of such data are the e-mail address and password including reconfirming the password.
To place an order in our online shop, we also require the billing address details (title, first name, last name, address) to be able to make a delivery. If the delivery address is different to the billing address, the above details must also be provided for the delivery address.
When a user registers on our website, the user’s IP address, the date and the time of registration will also be saved (technical background data). When you press the “Register now” button, you give your consent to the processing of your data.
Please note: The password which you assign is stored by us in encrypted form. Employees of our company are not able to read this password. They are therefore unable to give you any information if you have forgotten your password.
In this case, use the “Forgot password” function which will e-mail you a new password that is generated in automated fashion. No employee is authorised to ask you for your password by phone or in writing. Please therefore never reveal your password if you receive such requests.
When you complete the registration process, your data is stored with us for use in the protected customer section. As soon as you register on our website with your e-mail address as your user name and a password, this data will be provided for actions that you perform on our website (e.g. when you place orders in our online shop). Orders which have been executed can be viewed in the order history. You can specify any changes to the billing or delivery address here.
People who are registered can make changes/corrections to the billing or delivery address themselves in the order history. Our customer service team will also be happy to make any changes/corrections if you contact them. You can of course also close or delete your registration or customer account again.
Web shop (Art. 6 (1) (b) EU-GDPR)
We shall only process the data which you provide on the order form for the purpose of implementing or handling the contractual relationship if you do not consent to any further use.
The basic principle of data economy and data avoidance is observed because you only need to provide us with the data that we absolutely require to implement the contract or to fulfil our contractual obligations (including your name, address, e-mail address) or that we are legally obliged to collect.
In addition, for reasons of technical necessity and legal security, your IP address is also processed. Without this data, we shall unfortunately have to decline to enter into the contract because we cannot then implement it or may have to terminate an existing contract. You can of course decide yourself to provide even more data if you wish to.
Automated case-by-case decisions
We do not use any purely automated processing operations to reach a decision.
Cookies (Art. 6 (1) (1) (a) (f) EU-GDPR, Section 25 (1, 2) TTDPA)
Our website uses what are known as cookies in several places. Cookies are small text files that are placed and stored on your end device. They are used to make our offering more user-friendly, more effective and more secure.
Most of the cookies that we use are what are known as session cookies. They are deleted automatically after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser the next time you visit.
Most web browsers accept cookies automatically. But you can generally also change your browser settings if you would prefer not to send this information.
Please note: If you disable the placement of cookies, you may not be able to use all the features of our website in full.
Google Analytics (web tracking method, Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA)
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are placed on your computer to allow the way that you use the website to be analysed. The information generated by the cookie about the use of this website is generally transmitted to and stored by Google on a server in the United States. However, as IP anonymisation is activated on this website, your IP address will first be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address first be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purposes of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. The necessary set of agreements under data protection law have been entered into with the provider.
The legal basis for this is your informed consent in accordance with Art. 6 (1) (a) EU-GDPR, Section 25 (1) TTDPA.
Users’ personal data is deleted or anonymised after 14 months.
You may refuse the storage of cookies by selecting the appropriate setting in your browser software; however, please note that in this case you may not be able to make full use of all the functions of this website.
You can also opt out of Google tracking and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin which is available via the following link:
Furthermore, you can withdraw your consent for the future at any time. To do this, simply access our consent banner and unselect the corresponding cookie(s). Please note that the change to the consent banner settings must be made individually for each device.