data protection
1. Contact addresses
Responsibility for processing personal data:
Cobrastreetcustoms
Herisauerstrasse72
9200 Gossau
Switzerland
We would like to point out if, in individual cases, there are other persons responsible for processing personal data.
2. Processing of personal data
2.1 Terms
personal data is all information that relates to a specific or identifiable person. One affected person is a person about whom personal data is processed. Edit includes every Handling of personal data, independent of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) includes the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) describes the processing of personal data as processing personal data.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular Federal law on data protection (DSG) and the Ordinance on the Federal Data Protection Act (VDSG).
We process personal data in accordance with - if and to the extent that the General Data Protection Regulation (GDPR) is applicable at least one of the following legal bases:
- Art. 6 Paragraph 1 Letter b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
- Art. 6 Para. 1 lit. f GDPR for the necessary processing of personal data in order to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights as well as the interests of the data subject outweigh this. Legitimate interests include, in particular, our interest in providing our offering in a permanent, user-friendly, secure and reliable manner and in being able to advertise it when necessary, information security and protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 Para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Art. 6 Para. 1 lit. e GDPR for the necessary processing of personal data to carry out a task that is in the public interest.
- Art. 6 Para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 Para. 1 lit. d GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
2.3 Type, scope and purpose
We process the personal data that necessary in order to be able to provide our offering on a permanent, user-friendly, secure and reliable basis. Such personal data may in particular fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data and usage data, location data, sales, contract and payment data.
We process personal data during that time Duration that is necessary for the relevant purpose(s) or by law. Personal data that no longer needs to be processed will be anonymized or deleted. People whose data we process basically a right to deletion.
We process personal data basically only with the consent of the data subject, unless the processing is permissible for other legal reasons, for example to fulfill a contract with the data subject and for corresponding pre-contractual measures to protect our overriding legitimate interests, because the processing is evident from the circumstances is or after prior information.
In this context, we particularly process information that a data subject provides when contacting us - for example by post, email, contact form, social media or telephone - or when registering for a user account voluntary and self transmitted to us. We can store such information, for example, in an address book or using comparable tools. If you transmit personal data about third parties to us, you are obliged to ensure data protection towards such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted for legal reasons.
2.4 Processing of personal data by third parties, including abroad
We may have personal data processed by commissioned third parties or processed jointly with third parties or with the help of third parties or transmitted to third parties. Such third parties are, in particular, providers whose services we use. We also ensure appropriate data protection for such third parties.
Such third parties are located basically in Switzerland and the European Economic Area (EEA). Such third parties can also be in other states and territories on earth as well as elsewhere in the universe, subject to their data protection laws Assessment of the Federal Data Protection and Information Commissioner (EDÖB) and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – according to Assessment of the European Commission adequate data protection is guaranteed, or if adequate data protection is guaranteed for other reasons, such as through an appropriate contractual agreement, in particular based on standard contractual clauses, or through appropriate certification. As an exception, such a third party may be located in a country without adequate data protection, provided that the data protection requirements are met, such as the express consent of the data subject.
3. Rights of data subjects
Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to information and the right to correct, delete or block the processed personal data.
Affected persons whose personal data we process can - if and to the extent that the General Data Protection Regulation (GDPR) is applicable - obtain confirmation free of charge as to whether we are processing their personal data and, if so, request information about the processing of their personal data and restrict the processing of their personal data to exercise their right to data portability and to have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Affected persons whose personal data we process can - if and to the extent that the GDPR is applicable - revoke their consent at any time with future effect and object to the processing of their personal data at any time.
Affected persons whose personal data we process have the right to lodge a complaint with a responsible supervisory authority. The supervisory authority for data protection in Switzerland is Federal Data Protection and Information Commissioner (EDÖB).
4. Data security
We take appropriate and appropriate technical and organizational measures to ensure data protection and in particular data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We therefore cannot guarantee absolute data security.
Access to our online offering is carried out using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
Access to our online offering is subject to – how basically any use of the Internet - mass surveillance without cause and without suspicion, as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot have any direct influence on the appropriate processing of personal data by secret services, police departments and other security authorities.
5. Use of the Website
5.1 Cookies
We may use cookies. Cookies - our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) - are data that are stored in your browser. Such stored data need not be limited to traditional text-based cookies. Cookies cannot run programs or transmit malware such as Trojans and viruses.
Cookies can be stored in your browser temporarily as “session cookies” or for a certain period of time as so-called permanent cookies when you visit. “Session cookies” are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognize your browser the next time you visit our website and thereby, for example, measure the reach of our website. Permanent cookies can also be used for online marketing, for example.
You can completely or partially deactivate and delete cookies in your browser settings at any time. Without cookies, our website may no longer be fully available. We actively ask you – if and to the extent necessary – for your express consent to the use of cookies.
For cookies that are used to measure success and reach or for advertising, a general objection (“opt-out”) is required for many services AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Server log files
We may collect the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP Status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, last website accessed in the same browser window (referrer).
We store such information, which can also represent personal data, in server log files. The information is necessary in order to provide our online offering on a permanent, user-friendly and reliable basis and to ensure data security and therefore in particular the protection of personal data - including by third parties or with the help of third parties.
5.3 Web beacons
We may use web beacons on our website. Web beacons are also known as web beacons. Web beacons - including those from third parties whose services we use - are small, usually invisible images that are automatically retrieved when you visit our website. Web beacons can be used to collect the same information as server log files.
6. Notifications and Communications
We send notifications and communications such as newsletters via email and other communication channels such as instant messaging.
6.1 Success and reach measurement
Notifications and messages may contain web links or web beacons that record whether an individual message was opened and which web links were clicked. Such web links and web beacons can also record the use of notifications and messages on a personal basis. We need this statistical recording of usage to measure success and reach in order to be able to offer notifications and messages based on the needs and reading habits of the recipients effectively and user-friendly as well as permanently, securely and reliably.
6.2 Consent and objection
You need to basically You expressly consent to the use of your email address and your other contact addresses, unless the use is permitted for other legal reasons. If possible, we use the “double opt-in” procedure to give you consent to receive emails, which means you will receive an email with a web link that you must click on to confirm so that there is no misuse by unauthorized third parties can be done. We may log such consent, including the Internet Protocol (IP) address and date and time, for evidentiary and security reasons.
you can basically Unsubscribe from notifications and communications such as newsletters at any time. By unsubscribing you can, in particular, object to the statistical recording of usage for success and reach measurement. Notifications and communications that are absolutely necessary for our offer remain reserved.
6.3 Service providers for notifications and communications
We send notifications and communications through third-party services or with the help of service providers. Cookies can also be used.
We use in particular:
- Mailchimp: communication platform; Provider: The Rocket Science Group LLC d/b/a Mailchimp (USA) as subsidiary Intuit Inc. (USA); Data protection information: Data protection (Intuit) including “Country and Region-Specific Terms”, Cookie Policy , “Privacy Rights Requests” , “Mailchimp and European Data Transfers” (“Mailchimp and European Data Transfers”) , “Security” .
7. Social media
We are present on social media platforms and other online platforms in order to be able to communicate with interested parties and provide information about our offerings. Personal data can also be processed outside of Switzerland and the European Economic Area (EEA).
The General Terms and Conditions (GTC) and terms of use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply. These provisions provide information in particular about the rights of data subjects, including, for example, the right to information.
For our Social media presence on Facebook including the so-called page insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland) if and to the extent that the GDPR is applicable. Meta Platforms Ireland Limited is part of Meta companies (including in the USA). The page insights provide information about how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook in an effective and user-friendly manner.
Further information about the type, scope and purpose of data processing, information about the rights of data subjects as well as the contact details of Facebook and Facebook's data protection officer can be found in the Facebook privacy policy . With Facebook we have the so-called “Addition for those responsible” concluded and in particular agreed that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the relevant information can be found on the page «About Page Insights» including «About Page Insights data» .