I. Legal framework, responsible body, definitions
II. data subject rights
III General information on data processing (data processing for informational use of the website, technical background, cookies, etc.)
IV. Special notes on data processing in the context of the use of additional functions
I. General information, responsible body and legal framework
1. Content of the data
protection declaration, legal framework and data processing principles.
In this data protection declaration, we inform you how and for what purpose we collect, process and use which of your personal data (we speak of personal data, cf. the definition below in section 3 lit. a)).
Specifically, we inform you here, among other things,
which personal data we collect and process
for what purposes we use your personal data;
who has access to your personal data;
how long we process your personal data;
what rights you have regarding your personal data;
and how you can contact us.
2. Responsible body
The data controller is responsible under data protection law for a specific data processing operation. The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
The responsible body (hereinafter also “we”, “us”, “our”) within the meaning of the Data Protection Act is:
CH 4125 Riehen
The contact details of our representative in the EU according to Art. 27 DSGVO are as follows:
Orth Kluth Rechtsanwälte PartG mbB,
Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when enacting the General Data Protection Regulation (DSGVO). We would like to explain essential terms below:
(a) Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
(c) 'processing' means any operation or set of operations which is performed upon personal data, whether by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
(d) Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
(e) profiling means any automated processing of personal data which consists in using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or change of location.
(f) 'pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
(g) Controller or controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
(h) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of and under the instructions of the controller in accordance with Article 28 GDPR.
(i) Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
(j) third party means a natural or legal person, public authority, agency or any other body apart from the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
(k) 'consent' means any freely given specific and informed indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed.
II. Data subject rights pursuant to Art. 15 et seq. and Art. 77 DSGVO and Art. 25 et seq. DSG
1. Right to object to
data collection in special cases and to direct marketing (Art. 21 DSGVO)
If the data processing is based on Art. 6 (1) e) or f) DSGVO, you are entitled to object to the processing of personal data relating to you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration.
If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you are entitled to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising.
2. revocation of your consent to data processing.Many data processing operations are only possible with your express consent. We obtain this from you before the start of the data processing that requires your consent. You can revoke this consent at any time. Insofar as it is not already possible to revoke consent by clicking on links or adjusting browser settings, it is sufficient to send us an informal message by e-mail. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
3. right of appeal to the competent supervisory authority
Data subjects have the right to lodge a complaint with the competent supervisory authority in the event of violations of data protection law.
The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
In Germany, the competent supervisory authority for data protection issues in the European Union is the State Data Protection Commissioner of the federal state in which our company has its headquarters.
A list of data protection commissioners and their contact details can be found at the following link:
The data protection authority responsible for us is:
State Commissioner for
Data Protection and Freedom of Information
PO Box 20 04 44
4. Right to data
You are entitled to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to another person responsible, in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
5 Information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in section I.2 above.
III. Data processing for informational use of the website, technical background, cookies, etc.
We collect and process
the personal data listed below in sections 3 to 7 for the purposes, based on the legal grounds and for the duration stated therein.
1. Legal basis and storage period
Insofar as you have consented to us processing your personal data within the meaning of Art. 4 No. 1 DSGVO, Art. 6 Para. 1 lit. a) DSGVO serves as the legal basis for the processing. The processing of personal data which we need to fulfil contractual or pre-contractual obligations is based on Art. 6 (1) (b) DSGVO. If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests, fundamental freedoms and fundamental rights of the data subject do not outweigh these, Art. 6 (1) f) DSGVO serves as the legal basis for us to process personal data.
For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
2. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, considering the state of the art, implementation costs and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see above).
3. data processed during the (informational) use of the website
Inevitably, we can only provide you with the benefits of our Internet offer if certain data relating to you, which is necessary for the operation of the website, is collected by us when you use it.
We collect and process the following data from you:
Device information: Access data includes the IP address, device ID, device type, device-specific settings, the date, and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the terminal device, browser type and operating system. This access data is processed to make the operation of the website technically possible.Information with your consent: We process other information (e.g., geolocation data, personal data such as name and e-mail address, etc.) if you allow us to do so.
4. Contacting us
When you (proactively) contact us, the data you provide will be stored by us to answer your inquiry. The provision of certain truthful data is required to process your inquiry, further details are voluntary. Mandatory data required to answer your inquiry are marked as such, the remaining data are provided voluntarily. The processing of the above data is based on your consent, which you have expressed by contacting us, in accordance with Art. 6 para. 1 lit. a) DSGVO and, insofar as special categories of personal data (e.g., health data or other “sensitive” data) are concerned, in accordance with Art. 9 para. 2 lit. a) DSGVO. The collected personal data will be deleted immediately after the complete processing of your request, unless it is required for the initiation or execution of a contract with you pursuant to Art. 6 para. 1 lit. b) DSGVO.
Cookies may be used in the operation of our website. Cookies are small text files that are stored on the device memory of your end device and, if applicable, assigned to the mobile device you are using and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your end device and therefore cannot cause any damage. They serve to make our internet offer more user-friendly and effective overall, i.e., more pleasant for you.
Cookies cannot directly identify a user, but they can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable.
A distinction is made between session cookies, which are deleted again as soon as you close your internet session, and permanent cookies, which are stored beyond the individual session.
Regarding their function, a distinction is made between cookies:
The following technically necessary cookies may be used on our website:
Cookie name: [necessary_opt_in]; Purpose and stored data: [Stores consent to set technically necessary cookies]; Validity period: Session Cookie name: [session_cookie]; Purpose and stored data: [Contains only reference ID to shopping cart content and personal preferences]; Validity period: We do not use session advertising, targeting or sharing cookies.
6. Group of recipients;
transfer to third countries
Within our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers, in particular order processors, in accordance with Art. 28 DSGVO or Art. 9 para. 1 DSG (Switzerland), insofar as we cannot or cannot reasonably perform services ourselves. These external service providers are primarily providers of IT services and telecommunications services. If certain service providers are explicitly mentioned, you will also find further information in the data protection declarations of the service providers.
A transfer to third countries outside the European Economic Area (EEA) only takes place under certain conditions within the framework of Art. 44 et seq. DSGVO or in Switzerland according to Art. 16ff. DSG.
Some third countries — including Switzerland, for example — have been certified by the European Commission as providing data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data (available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en), certificates or recognized codes of conduct.
Our website is not intended for children. Persons under the age of 16 may not transmit any personal data to us or submit declarations of consent without the consent of their legal guardians. We would like to urge parents and guardians and minors to comply with the requirements of the GDPR and not to circumvent any age restrictions.
8. No automated decision-making (including profiling)
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
IV. Special information on data processing in the context of the use of additional functions
For your purchase in our online shop, we offer you a choice of the following payment methods: VISA or Master Card credit card, TWINT, PayPal, bank transfer (prepayment).
To process the transaction, including billing, we process your payment data such as bank and credit card details for the purpose of payment processing and billing according to the selected payment method. For the processing of the transaction, your data required for the processing of the transaction will be passed on to the necessary extent to payment service providers and — if necessary — to debt collection service providers.
The legal basis for the processing of your personal data in connection with the order and billing is Art. 6 para. 1 b) DSGVO. In addition, please note the section on the group of recipients and third country transfer, as well as the data protection declarations of the respective payment service providers.
We reserve the right to change these data protection provisions at any time in compliance with the legal requirements.