privacy

Privacy statement

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

‍

Mirabelle
Larissa Mesmer
Limmatstraße 254
8005 Zurich

email: info@mirabelle.ag
Site: https://www.elmira.zuerich/

General notice

Based on Article 13 of the Swiss Federal Constitution and federal data protection regulations (Data Protection Act, DSG), every person is entitled to protection of their privacy and to protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as much as possible from third-party access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect data from access by third parties.

By using this website, you agree to the collection, processing and use of data in accordance with the following description. In principle, this website can be visited without registration. Data such as pages accessed or the name of the retrieved file, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, is collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is all information relating to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, alteration, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data — to the extent and insofar as the EU GDPR is applicable — in accordance with the following legal bases in connection with Article 6 (1) GDPR:

• Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.
• Legal obligation (Art. 6 (1) (c) GDPR) - Processing is necessary to fulfill a legal obligation to which the person responsible is subject.
• Protection of vital interests (Art. 6 (1) (d) GDPR) - Processing is necessary to protect the vital interests of the data subject or of another natural person.
• Legitimate interests (Art. 6 (1) (f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
• Application process as a pre-contractual or contractual relationship (Art. 9 para. 2 lit. b GDPR) - If, as part of the application process, special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as disability status or ethnic origin) are requested from applicants so that the person responsible or the data subject can exercise the rights conferred on him or her under employment law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Article 9 (2) lit. b. GDPR, in case of protection vital interests of applicants or other persons in accordance with Art. 9 para. 2 lit. c. GDPR or for health care or occupational medicine purposes, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 para. 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2) lit. a. GDPR.

We process personal data for the period necessary for the respective purpose or purposes. If there are longer storage obligations due to legal and other obligations to which we are subject, we will restrict processing accordingly.

Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures and answer inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to preserve our The legitimate interest is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Safety measures

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of data relating to it. We have also set up procedures that ensure the exercise of data subject rights, the deletion of data and responses to the data being compromised. In addition, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.

Transfer of personal data

As part of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or processing takes place as part of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we only process the data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses issued by the EU Commission, if certifications or binding internal data protection regulations are available (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Cookie privacy statement

This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online offer. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”)

The following types of cookies and functions are differentiated:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
• Persistent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users, which are used to measure reach or for marketing purposes, can also be stored in such a cookie.
• First-party cookies: First-party cookies are set by ourselves.
• Third party cookies (also: third party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
• Statistics, marketing and personalization cookies: In addition, cookies are usually also used as part of audience measurement and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles are used, for example, to show users content that matches their potential interests. This process is also known as “tracking”, i.e. tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when you obtain consent.

Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offering and improving it) or if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information about the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to withdraw your consent or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). You can first declare your objection using your browser settings, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further objection notices as part of the information on the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management process, within the framework of which users' consent to the use of cookies, or the processing and providers mentioned as part of the cookie consent management process, can be obtained and managed and withdrawn by users. The declaration of consent is saved so that you do not have to repeat the request again and to be able to prove your consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The period of storage of consent may be up to two years. A pseudonymous user identifier is created and stored at the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and device used.

• Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Users (e.g. website visitors, users of online services).
• Legal bases: Consent (Art. 6 para. 1 lit. a. GDPR), legitimate interests (Art. 6 para. 1 p. f. GDPR).

SSL/TLS Encryption Privacy Statement

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as a site operator. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Third party services

This website only uses Google Maps to embed maps, Google Invisible reCAPTCHA to protect against bots and spam, and YouTube to embed videos.

These services provided by the American Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place solely through the use of our website.

Google is committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shield.

Further information can be found in the Google's privacy policy.

Privacy statement for contact form

If you send us inquiries via the contact form, we will store your details from the enquiry form, including the contact details you provided there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.

Privacy policy for newsletter data

If you would like to receive the newsletter offered on this website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can withdraw your consent to the storage of the data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe link” in the newsletter.

Rights of data subjects

Right to confirmation

Every data subject has the right to request confirmation from the operator of the website as to whether personal data concerning data subjects is being processed. If you would like to exercise this right of confirmation, you can contact the data protection officer at any time.

‍

Right to information

Any person affected by the processing with personal data has the right to receive free information from the operator of this website about the personal data stored about him or her and a copy of this information at any time. In addition, the following information may be provided:

• the purposes of processing
• the categories of personal data that are processed
• the recipients to whom the personal data has been or will be disclosed
• If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• the existence of a right to correct or delete personal data concerning you or to restrict processing by the person responsible or a right to object to this processing
• the existence of a right of appeal to a supervisory authority
• if the personal data is not collected from the data subject: All available information about the origin of the data

In addition, the data subject has the right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.

If you would like to exercise this right to information, you can contact our data protection officer at any time.

‍

Right to rectification

Every person affected by the processing of personal data has the right to request the immediate correction of incorrect personal data concerning him or her. In addition, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

If you would like to exercise this right of rectification, you can contact our data protection officer at any time.

‍

Right to delete (right to be forgotten)

Any person affected by the processing of personal data has the right to request that the person responsible for this website delete the personal data concerning them immediately, provided that one of the following reasons applies and insofar as processing is not necessary:

• The personal data was collected or otherwise processed for purposes for which they are no longer necessary
• The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing
• The data subject objects to processing for reasons arising from their particular situation and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in the case of direct marketing and related profiling
• The personal data was processed unlawfully
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject
• The personal data was collected in relation to information society services offered directly to a child

If one of the above reasons applies and you would like to have personal data stored by the operator of this website deleted, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the deletion request is complied with immediately.

‍

Right to restrict processing

Any person affected by the processing of personal data has the right to request that the person responsible for this website restrict processing if one of the following conditions is met:

• The accuracy of the personal data is disputed by the data subject for a period of time which enables the person responsible to verify the accuracy of the personal data
• The processing is unlawful, the data subject refuses to delete the personal data and instead demands that the use of the personal data be restricted
• The controller no longer needs the personal data for processing purposes, but the data subject needs them to assert, exercise or defend legal claims
• The data subject has objected to processing for reasons arising from their particular situation and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject

If one of the above conditions is met, you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the processing to be restricted.

‍

Right to data portability

Every person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, common and machine-readable format. She also has the right to have this data transmitted to another person responsible if the legal requirements are met.

Furthermore, the data subject has the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

‍

Right to object

Every person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning him or her for reasons arising from their particular situation.

The operator of this website will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or if the processing serves to assert, exercise or defend legal claims.

To exercise the right to object, you can directly contact the data protection officer of this website.

‍

Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right to withdraw consent given to the processing of personal data at any time.

If you would like to exercise your right to withdraw consent, you can contact our data protection officer at any time.

Privacy policy for objecting to promotional emails

The use of contact data published as part of the legal notice obligation to send unsolicited advertising and information material is hereby rejected. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

Google Ads

This website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be traced via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not want to participate in tracking, you can refuse the necessary setting of a cookie — for example via a browser setting that generally deactivates the automatic setting of cookies or set your browser to block cookies from the “googleleadservices.com” domain.

Please note that you must not delete the opt-out cookies as long as you do not want measurement data to be recorded. If you have deleted all of your cookies in your browser, you must set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function provided by Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called “cookie” is stored in the website visitor's browser, which makes it possible to recognize the visitor when the visitor accesses websites that belong to Google's advertising network. On these pages, visitors can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to its own information, Google does not collect any personal data during this process. If you still do not want Google's Remarketing feature, you can always deactivate it by changing the appropriate settings under http://www.google.com/settings/ads carry out. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp follow.

Google Analytics Privacy Policy

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the person responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereafter referred to as “Google.”

Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage under “My data”, “personal data” in the settings there.

The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. Please note that the code “_anonymizeIp ();” has been added to Google Analytics on this website to ensure anonymized collection of IP addresses. As a result, IP addresses are further processed in abbreviated form, so that identification of a person can be ruled out. If the data collected about you is personally identifiable, this will therefore be immediately excluded and the personal data will be deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: Deactivate Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This stores a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies from your device, these opt-out cookies will also be deleted, i.e. you must set the opt-out cookies again if you want to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate Google Analytics and other Google marketing services into our online offering, for example. The tag manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, reference is made to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Instagram privacy policy

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please see Instagram's privacy policy: http://instagram.com/about/legal/privacy/

LinkedIn privacy policy

Within our online offering, we use the marketing services of the LinkedIn social network from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

These use cookies, i.e. text files that are stored on your computer. This enables us to analyse your use of the website. For example, we can measure the success of our ads and show users products they were previously interested in.

For example, this collects information about the operating system, the browser, the website you have previously visited (referrer URL), which websites the user visited, which offers the user has clicked on, and the date and time of your visit to our website.

The information generated by the cookie about your use of this website is transferred pseudonymized to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or email address of the respective user. Instead, the above data is only assigned to the person who created the cookie. This does not apply if the user has allowed LinkedIn to process without pseudonymization or has a LinkedIn account.

You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully use all functions of this website. You can also object to the use of your data directly on LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyse and regularly improve the use of our website. Using the statistics obtained, we can improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary to develop, perform and maintain the services takes place lawfully. If we ask users for consent, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. Otherwise, the legal basis for using LinkedIn Analytics is Art. 6 (1) (f) GDPR.

Information from the third party provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; user agreement and Privacy statement.

External payment service providers

The operators of this website use external payment service providers whose platforms users and we can use to make payment transactions. For example via

• Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
• American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
• Apple Pay (https://support.apple.com/de-ch/ht203027)
• Stripe (https://stripe.com/ch/privacy)
• TWINT (https://www.twint.ch/datenschutz-website/)

As part of the fulfilment of contracts, we use payment service providers on the basis of the Swiss Data Protection Regulation and, to the extent necessary, Article 6 (1) lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with Swiss Data Protection Ordinance and, to the extent necessary, in accordance with Article 6 (1) (f) of the EU GDPR to offer our users effective and secure payment options.

The data processed by payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by payment service providers and stored by them. As an operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Payment service providers may transfer the data to credit agencies. The purpose of this transfer is to verify identity and credit. In this regard, we refer to the terms and conditions and privacy policies of the payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which are available within the respective website or transaction applications. We also refer to these for further information and to assert revocation, information and other data subject rights.

Newsletters - Mailchimp

The newsletters are sent using the mailing service provider 'MailChimp', a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can read the shipping service provider's privacy policy here view. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection levels (PrivacyShield). The shipping service provider is used on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO and an order processing contract in accordance with Art. 28 para. 3 p. 1 GDPR.

The shipping service provider can use the recipients' data in pseudonymous form, i.e. without attribution to a user, to optimize or improve its own services, e.g. to technically optimize the delivery and presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass on the data to third parties.

Order processing in the online shop with customer account

We process our customers' data in accordance with federal data protection regulations (Data Protection Act, DSG) and the EU GDPR, as part of ordering processes in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery or execution.

The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services as part of operating an online shop, billing, delivery and customer services. In doing so, we use session cookies, e.g. to save the content of the shopping cart, and permanent cookies, e.g. to save the login status.

Processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as required is required to establish and fulfill the contract. We only disclose the data to third parties as part of delivery, payment or within the framework of legal permits and obligations. The data is only processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request upon delivery or payment).

Users can optionally create a user account, in particular where they can view their orders. As part of registration, the required mandatory information is provided to users. The user accounts are not public and cannot be indexed by search engines, such as Google. If users have cancelled their user account, their data will be deleted with regard to the user account, subject to their storage being necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until deleted with subsequent archiving in the event of a legal obligation. It is the responsibility of users to secure their data before the end of the contract in the event of termination.

As part of registration and re-registrations as well as using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

The deletion takes place after the expiry of legal warranty and comparable obligations, and the need to store the data is checked at irregular intervals. In the case of legal archiving obligations, they will be deleted after their expiry.

agency services

We process our clients' data in accordance with federal data protection regulations (Data Protection Act, DSG) and the EU GDPR as part of our contractual services.

In doing so, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, etc.), contract data (e.g. contract subject, duration), payment data (e.g. bank details, payment history), usage and metadata (e.g. as part of the evaluation and performance measurement of marketing measures). Those affected include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of processing is to provide contract services, billing and our customer service. The legal basis for processing results from Art. 6 para. 1 lit. b DSGVO (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that is necessary to establish and fulfill the contractual services and point out the need to provide them. Disclosure to external parties only takes place if it is necessary as part of an assignment. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Article 28 GDPR and do not process the data for any purposes other than those in accordance with the order.

We delete the data after expiry of legal warranty and comparable obligations. The need to store the data is checked at irregular intervals. In the case of legal archiving obligations, they will be deleted after their expiry. In the case of data that has been disclosed to us as part of an order by the client, we delete the data in accordance with the requirements of the order, generally after the end of the order.

Provision of our services in accordance with statutes

We process the data of our members, supporters, interested parties, customers or other persons in accordance with federal data protection regulations (Data Protection Act, DSG) and the EU GDPR in accordance with Article 6 (1) lit. b. GDPR, provided that we offer them contractual services or act as part of an existing business relationship, e.g. with members, or are recipients of services and benefits ourselves. In addition, we process the data of data subjects in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interests, e.g. when it comes to administrative tasks or public relations.

The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This generally includes inventory and master data of persons (e.g., name, address, etc.), as well as contact details (e.g. email address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer services or products subject to payment, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required to fulfill statutory purposes. This is determined in accordance with the respective tasks and contractual relationships. In the case of business processing, we store the data for as long as it may be relevant for the transaction and with regard to any warranty or liability obligations. The need to store data is checked at irregular intervals. In addition, the legal storage obligations apply.

Note on data transfer to the USA

Our website includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to disclose personal data to security authorities without you, as the person concerned, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

changes

We can amend this privacy policy at any time without notice. The current version published on our website applies. To the extent that the privacy policy is part of an agreement with you, we will inform you of the change by email or by other appropriate means in the event of an update.

Questions to the data protection officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the privacy policy directly.

Source: SwissAttorney