§ 1 Information about the collection of personal data
(1) In this document, we would like to inform you about the personal data that is collected when you use our website. Personal data shall mean any information relating to you personally, such as your name, address, email addresses, and behaviour. We collect personal data so that we can provide you with better services: For example, we optimise our web-site, web shop, and configurator. Moreover, we adapt our products to the needs of our customers, and personalise our services and communication for our customers. Collecting personal data also enables us to simplify your purchase as well as our customer service processes, so that you get what you want faster.
(2) The responsible party according to Art. 4 paragraph 7 of the General Data Protection Regulation (GDPR) is Ergoswiss AG Nöllenstrasse 15a 9443 Widnau, Switzerland Telephone: +41 71 727 06 70 Email: firstname.lastname@example.org www.ergoswiss.com You can reach our data protection officers on email@example.com or on our postal address, addressing the let-ter to “The Data Protection Officer”.
(3) When you contact us via email, configurator, web shop, in trade fairs or through a contact form, the data shared by you (name and contact details, email address, name, telephone number, residential and delivery address etc.) is saved by us to answer your questions. The data accumulated in this connection is collected and saved with us in CRM. This is how we can improve the service for you. (4) Your data is forwarded to shipping companies and insurance companies to fulfil individual functions of our website (e.g. for orders and deliveries). Furthermore, we use your data for commercial newsletters etc., as long as we have your permission.
§ 2 Your rights
(1) You have the following rights with respect to us for your personal data:
– Right to information
– Right to correction or deletion
– Right to limit the processing
– Right to object to the processing
– Right to data portability
(2) You also have the right to submit a complaint to a supervisory authority on data protection regarding the processing of your personal data done by us.
§ 3 Collection of personal data when you visit our website
(1) If the website is visited only for informational purposes, that is if you are not registered or if you send us information in any other way, we only collect the personal data sent by your browser to our servers. If you want to view our web-site, we collect the following data which we technically require to display our website to you and to ensure stability and security (the legal basis is Art. 6 paragraph 1 Pg. 1 lit. f GDPR):
– IP address
– Date and time of enquiry
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Data volume transferred each time
– Website from which the request comes
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the aforementioned data, Cookies are stored on your computer when you use our website. Cookies are small text files that are assigned and saved on your hard drive by the browser you use, and through which certain infor-mation flows to the point that installs the Cookie (here us). Cookies cannot execute any programs or transmit viruses to your computer. Cookies are used to make the internet service more user friendly and effective as a whole.
(3) Using Cookies:
a) This website uses the following types of cookies, the scope and functions of which are explained below:
– Transient cookies (explained in point b)
– Persistent cookies (explained in point c)
b) Transient cookies are deleted automatically when you close the browser. These especially include session cookies. Session cookies store a so-called Session-ID with which different requests of your browser can be assigned to the joint session. In this way your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted automatically after a specified duration which can vary depending on the cookie. You can delete the cookies using the security settings in your browser at any time.
d) You can configure your browser settings as you want and e.g. reject the installation of third party cookies or all cook-ies. We would like to point out that after doing so you may not be able to use all the functions of this website.
e) We install cookies so that we can identify you in your subsequent visits, if you have an account with us. Otherwise, you will have to log-in at every visit.
f) The flash cookies used are not recorded by your browser; rather they are recorded by your flash plug-in. Furthermore, we use HTML5 storage objects, that are stored on your end device. These objects store the necessary data independent of the browser you use and they do not have an automatic expiry date. If you do not want flash cookies to be pro-cessed, you must install an appropriate Add-On e.g. “Better Privacy” for Mozilla Firefox (https://ad-dons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you manually delete your cookies and the browser history regularly.
§ 4 Other functions and services of our website
(1) Apart from using our website for a purely informational purpose, we offer different services which you can use if they interest you. To be able to use the different services, in principle, you must give more personal information which we shall use for providing the respective service and to which the aforementioned principles of data processing apply.
(2) To some extent, we deploy external service providers (e.g. newsletter program, web shop, configurator etc.) to pro-cess your data. We select these external service providers very carefully. (3) Your personal data is not sent to third parties when promotional activities, competitions, contract conclusions or simi-lar services are offered by us. 4) If our service providers or partners are based in a country outside the European Economic Area (EEA), the data is processed in a third country or the data is processed in the scope of using services of third parties or it is disclosed or sent to third parties only if it is done to fulfil our (pre-) contractual duties, on the basis of your permission, a legal obliga-tion or on the basis of our legitimate interests. Subject to the legal or contractual permissions, the data is processed or we allow the processing of data in a third country, only if the special requirements according to Art. 44 ff. GDPR are met. That is, the data is processed e.g. on the basis of special guarantees, like the officially recognised ascertainment of an EU appropriate level of data protection, e.g. for USA the “Privacy Shield” or following officially recognised special con-tractual obligations (so-called “standard contractual clause”).
§ 5 Objection against processing of your data or revocation of the permission to process your data
(1) If you have given permission to process your data, you can revoke it at any time. Such a revocation influences the reliability of the processing of your personal data, after you have declared the revocation to us.
(2) If we base the processing of your personal data on the balancing of interests, you can file an objection against the processing. This is the case when the processing is not particularly required for fulfilling a contract with you, which we will explain in the following description of the functions. When raising such an objection, we request that you consider the reasons for why we should not process your personal data as we do. If your objection is justified, we shall review the situation and either stop the data processing or adapt it or demonstrate our compelling legitimate reasons to you because of which we would continue the processing.
(3) Naturally, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. To object against advertising, you can contact us on the following address: Ergoswiss AG Nöllenstrasse 15a 9443 Widnau, Switzerland Telephone: +41 71 727 06 70 Email: firstname.lastname@example.org www.ergoswiss.com
§ 6 Using our web shop
(1) If you want to order from our web shop, to complete the transaction it is necessary that you give your personal in-formation which we need for processing your order. The mandatory information required for processing orders is marked separately, providing any further information is voluntary. The data provided by you is processed by us to manage your order. For this, we could send your payment details that are relevant for processing the transaction to third parties. The legal basis for this is Art. 6 paragraph 1 Pg. 1 lit. b GDPR.
We can also process the data provided by you to inform you about other interesting products from our portfolio via a newsletter (if you have given your permission for it), or to send you emails with technical information.
(2) Due to commercial and tax regulations, we are obligated to store your address, payment and order details for the duration of ten years. However, after two years we limit the processing, i.e. your data is used only to comply with the legal obligations.
(3) To prevent unauthorised access to your personal data by third parties, especially financial information, the order pro-cess is encrypted using TLS technology.
§ 7 Newsletter
(1) By giving your consent, you can subscribe to our newsletter through which we can inform you about our latest inter-esting offers (e.g. free entry, participation at trade fairs etc.). The advertised goods and services are mentioned in the declaration of consent.
(2) To register for our newsletter, we deploy the so-called double opt-in process. This means that after you have regis-tered, we send you an email to the given email address in which we request a confirmation from you that you want to receive the newsletter.
Furthermore, we always save the IP addresses used by you and the time of registration and confirmation. The purpose of the process is to verify your registration and if necessary, to be able to clarify a potential misuse of your personal data.
(3) The mandatory information required in a form for sending the newsletter is your email address. For registering through our Popup Box, the mandatory information required is your email address. Providing further, separately marked information is voluntary and that information is used to be able to address you personally. After getting your confirma-tion, we save your email address for sending the newsletter. The legal basis is Art. 6 paragraph 1 Pg. 1 lit. a GDPR.
(4) You can revoke your permission to have the newsletter sent at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link which is provided in every newsletter email, by sending an email to email@example.com, or by sending a message to the contact details given in the company information.
(5) We would like to inform you that we evaluate your user behaviour when we send the newsletter. For this evaluation, the sent emails contain so-called web beacons or tracking pixels that display 1×1 pixel graphics which are saved on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your email address and an individual ID. Even the links in the newsletter have this ID. With the data collected in this way, we create a user profile to customise the newsletter for you according to your individual interests. In doing so, we collect information about when you read our newsletter, which links you click in the newsletter and from that we deduce your personal interests. We link this data with your activities on our website.
You can object to this tracking any time by unsubscribing from the newsletter. The information is saved until you are subscribed to the newsletter. After unsubscribing, the data is saved anonymously only for statistical purposes.
§ 8 Using Google Analytics
(1) This website uses Google Analytics, a web analytics service by Google Inc. (“Google”). Google Analytics uses so-called “Cookies”, text files, that are saved on your computer, to enable an analysis of your website activity. The infor-mation regarding your activity on this website generated through Cookies is transferred, as a rule, to a Google server in the USA and saved there. If IP anonymisation is activated on this website, your IP address is truncated in advance by Google within Member States of the European Union or in other States party to the Agreement on the European Eco-nomic Area. The full IP address is sent to a Google server in the USA and truncated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your website usage, to compile re-ports on the website activities, and to provide other services related to website and internet usage to the website opera-tor.
(2) The IP address sent from your browser in the scope of Google Analytics is not linked with other data collected by Google.
(3) You can stop the storage of Cookies by making the proper setting in your browser software; however, we would like to point out that after making that setting, it is possible that all the functions of this website cannot be used fully. Fur-thermore, you can stop the collection of the data generated through the Cookie as well as the data about your usage of the website (incl. your IP-Address) and the processing of this data by Google, by downloading the browser plug-in avail-able on the following link and installing it: http://tools.google.com/dlpage/gaoptout?hl=de
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. In this way, IP addresses are processed in a shortened form and individual identification can therefore be excluded. If a personal reference comes up from the data collected about you, it is immediately discarded and the personal data is promptly deleted.
(5) We use Google Analytics to analyse the usage of our website and to be able to improve the website regularly. With the help of the obtained statistics, we can improve our website and make it more interesting for you as the user. In ex-ceptional cases in which personal data is sent to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 paragraph 1 Pg. 1 lit. f GDPR.
(7) Moreover, this website uses Google Analytics for an analysis of visitor flows across devices that use one User-ID. On https://tools.google.com/dlpage/gaoptout?hl=de you can get information about how you can counter the use of Google Analytics.
§ 9 Social Media
1. Using social media plug-ins
(1) Currently we use the following social media plug-ins: Facebook, Twitter, and Pinterest. We use the so-called two-click solution here. That is, when you visit our website, at first personal data is not sent to the provider of the plug-ins in principle. The provider of the plug-ins can be recognised with the marking on the box with the initials or the logo of the provider. We offer you the opportunity to communicate directly with the provider of the plug-in using the button. Only when you click on the marked field and activate it, the plug-in provider receives the information that you have visited the respective website of our online service. In addition, the data mentioned in § 3 of this statement is sent. In case of Face-book and Xing, according to the respective providers in Germany, the IP address is anonymised immediately after it is recorded. By activating the plug-in, personal data is sent from you to the respective plug-in provider and saved there (in case of US providers in the USA). Since the plug-in provider collects data especially using cookies, we recommend that you delete all cookies using the security settings in your browser before clicking on the greyed out box.
(2) We do not have any influence on the collected data and the data processing operations, we are not aware of the full extent of the data collected, the purpose of processing, the storage durations. We do not have any information about the deletion by the plug-in provider of the data that is collected.
(3) The plug-in provider saves the data collected about you as user profiles and uses it for the purposes of advertising, marketing research and/or needs-based designing of the provider’s website. Such an evaluation is especially done (even for users who are not logged-in) for displaying needs-based advertisements and to inform other users on the social net-work about your activities on our website. You have the right to object to the creation of these user profiles, to exercise this right you must contact the respective plug-in provider. With the plug-ins, we give you the opportunity to interact on social networks, with other users, so that we can improve our website and make it more interesting for you as the user. The legal basis for using plug-ins is Art. 6 paragraph 1 Pg. 1 lit. f GDPR.
(4) The data is transferred irrespective of whether you have an account with the plug-in provider and are logged-in there. If you are logged in to the website of the plug-in provider, your data collected by us is directly assigned to your existing account with the plug-in provider. When you press the activated button, and e.g. link the page, the plug-in pro-vider also saves that information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button so that you can prevent an alloca-tion to your profile by the plug-in provider.
(5) More information on the purpose and scope of data collection and its processing by the plug-in providers is given in the privacy statements of these providers mentioned below. You can also get more information there about your rights in this respect and the settings options to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy statements:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/pri-vacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Pinterest, 651 Brannan Street, San Francisco, California 94107, USA; https://policy.pinterest.com/de/privacy-policy
2. Embedding YouTube videos
(1) We have embedded YouTube videos in our website, the videos are saved on http://www.YouTube.com and can be played directly from our website. All these videos are embedded in the “enhanced data protection mode”, i.e. infor-mation is not sent about you as the user to YouTube if you don’t play the videos. Only when you play the videos, the data mentioned in paragraph 2 is sent. We do not have any influence on this transfer of data.
(2) By visiting the website, YouTube gets the information that you have visited the respective sub-page of our website. In addition, the data mentioned in § 3 of this statement is sent. This happens irrespective of whether you have a user account with YouTube through which you are logged in, or whether there is no user account. If you are logged in to Google, your data is directly assigned to your account. If you do not want your profile with YouTube to be assigned, you must log out before activating the button. YouTube saves your data as user profiles and uses it for the purposes of ad-vertising, marketing research and/or needs-based designing of the provider’s website. Such an evaluation is especially done (even for users who are not logged-in) for displaying needs-based advertisements and to inform other users on the social network about your activities on our website. You have the right to object to the creation of these user profiles, to exercise this right you must approach YouTube.
(3) More information on the purpose and scope of data collection and its processing by YouTube is given in the privacy statement. You can also get more information there about your rights and the settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
3. Integration of Google Maps
(1) We use the service of Google Maps on this website. That is how we can show you interactive maps directly in the website and enable you to use the map function comfortably.
(2) By visiting the website, Google gets the information that you have visited the respective sub-page of our website. In addition, the data mentioned in § 3 of this statement is sent. This happens irrespective of whether you have a user ac-count with Google through which you are logged in, or whether there is no user account. If you are logged in to Google, your data is directly assigned to your account. If you do not want your profile with Google to be assigned, you must log out before activating the button. Google saves your data as user profiles and uses it for the purposes of advertising, marketing research and/or needs-based designing of its website. Such an evaluation is especially done (even for users who are not logged-in) for displaying needs-based advertisements and to inform other users on the social network about your activities on our website. You have the right to object to the creation of these user profiles, to exercise this right you must approach Google.
(3) More information on the purpose and scope of data collection and its processing by the plug-in providers is given in the privacy statements of the providers. You can also get more information there about your rights in this respect and the settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 10 Adaptations to the data privacy statement
We reserve the right to update this data privacy statement from time to time. Updates to this data privacy statement are published on the website. Changes shall be applicable following their publication on our website. Hence, we recommend that you visit this website regularly so that you are well informed about any updates.
As on: 30th June 2018