Data protection

1. privacy policy for this website

Various data is collected when you visit our website. This is primarily done to provide you with convenient and secure access to our information and offers. Of course, we also pursue economic interests with our website, with which we want to strengthen both our image and our sales. For reasons of fairness and transparency, we would like to inform you about this in detail below in accordance with the EU General Data Protection Regulation (GDPR):

Who is responsible for data collection?
As the website operator (link to legal notice), we are responsible for the collection of data when you visit this website, as we are responsible for which technologies are used on our website and for what purposes.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of the page view).
This data is collected automatically as soon as you enter our website.

What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors.
Other data can be used to analyze your user behavior and improve our offer for you.

What rights do you have with regard to your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For further information on this and on the subject of data protection, you can contact us at any time at the address given in the legal notice.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as
For example, orders or inquiries that you send to us as the site operator use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. general notes and mandatory information

The operators of these pages take the protection of your personal data very seriously. When you use this website, various personal data is collected with which you can be personally identified. We treat your personal data (definition according to Art. 4 (1) GDPR) confidentially and in accordance with the statutory data protection regulations. This privacy policy explains what data we collect, what we use it for, how and for what purpose.
We would like to point out that even with the best possible security (e.g. when communicating by e-mail), data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body
The controller within the meaning of data protection law (Art. 4 (7) GDPR) is Swiss Retail Support AG (Imprint - hereinafter referred to as "Swiss Retail"). If you have any questions about the use of your data, please contact us.

3. your contact to our data protection officer

Every user has the right to receive information free of charge at any time about the personal data stored about them. For this information, the user can, for example, contact datenschutz@retailsupport.ch turn.

4. data collection on our website

Cookies
Our website uses so-called cookies. These serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored in the browser on your end device. Cookies do not cause any damage to your computer and do not contain viruses.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit and to apply the settings you have previously made for you.
You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are required to carry out the electronic communication process are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Google Analytics

If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can analyze the user behavior of visitors to our website in pseudonymized and anonymized form.

You can deactivate data processing by Google Analytics at any time in our "Cookie Dashboard". Alternatively, you can install a browser plug-in from Google that prevents data collection by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de .

The purposes of data processing are the analysis of user behavior and the measurement of the reach of our website and of advertisements placed to optimize our website.

The processed data are:

Google Analytics HTTP data:
This is log data that is generated for technical reasons when using the web analysis tool Google Analytics used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

Google Analytics end device data:
Data generated by the web analysis tool Google Analytics and assigned to your end device: This includes a unique ID for (re-)recognizing returning visitors (so-called "client ID") as well as certain technical parameters for controlling data collection for web analysis.
Google Analytics measurement data:
Device-related raw data (so-called "dimensions" and "measured values"), which are collected and analyzed by the web analysis tool Google Analytics when using our website: This primarily includes information about the sources from which visitors access our website, information about the location, browser and end device used, information about the use of the website (in particular page views, frequency of visits and time spent on pages accessed) and information about the fulfillment of certain goals (in particular transactions in the online store). The data is assigned to the client ID assigned to your end device. As a result, device-related usage profiles are created in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not allow us to identify you personally (i.e. by your real name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.
Google Analytics report data:
Data contained in aggregated segment and device-related reports generated by the web analytics tool Google Analytics based on the analysis of raw device-related data.the legal basis for the processing is Article 6(1)(a) GDPR (consent).the data is automatically provided by the user's browser.
The recipient of the data is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The basis for data processing in the USA is your consent given via the cookie consent banner (Art. 49 (1) (a) GDPR). In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies may access personal data without us or you being aware of this. Enforcement of your rights is probably not possible in the USA. You can revoke your consent at any time with effect for the future by clicking on the "Individual data protection settings" button.
The data will be deleted after 14 months.
The provision of data is not required by law or contract or necessary for the conclusion of a contract. The data subject is under no obligation to provide the data. If the data is not provided, we cannot carry out a web analysis using Google Analytics.

Server log files
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include

Referrer URL (the website you came from)
Browser type, browser version and language
Operating system used and its interface
IP address (anonymized)
Time of the server request
Http status code - access status
the amount of data transferred
Storage period is 7 days

This data is not merged with other data sources.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the optimal presentation and security of the website based on our legitimate interest, without your interests in the exclusion of data collection prevailing.

5. visitor interaction of the website

Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by Swiss Retail for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass this data on to third parties without your consent.

The data entered in the contact form is generally processed on the legal basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR (contract initiation or execution). Your data will remain with us until you ask us to delete it or the purpose for data storage no longer applies (e.g. after your request has been processed - but only if we do not have to comply with any retention periods).

Application form

If you apply via the application form, you agree that your data will be made available to all affiliated companies of the Promota Group for application purposes. We would also like to point out that the application data may be stored for more than 6 months.

Request by e-mail, telephone

If you contact us by e-mail or telephone, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among others, to communicate with our customers, employees and other third parties. Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp receives access to metadata that is created during the communication process (e.g. sender, recipient and time).

The legal basis for the processing of this data is Art. 6 para. 1 lit. a GDPR (consent) and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in your end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. In addition, we have a legitimate interest in the efficient design of our customer service, in responding to your request as quickly as possible and in optimizing our service offering in accordance with Art. 6 para. 1 lit. f GDPR.

The recipient of your data is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have concluded an order processing agreement with WhatsApp that ensures the protection of your data and prohibits unauthorized disclosure to third parties.

In addition, we have agreed with WhatsApp that customer data will only be processed in the EU, so that data transfer to the USA is reduced to a minimum. However, data transfer to the USA cannot be completely ruled out. We would like to point out that WhatsApp states that it shares personal data of its users with its parent company Meta Platforms, which is based in the USA. Meta Platforms is headquartered in Menlo Park, California, United States (USA). The EU Commission has not yet issued an adequacy decision for the USA. Data is therefore transferred on the basis of standard contractual clauses, among other things, as suitable guarantees for the protection of personal data. Both Meta Platforms and US state authorities can nevertheless access your data. You can find more information on terms of use and data protection at https://www.whatsapp.com/legal/#privacy-policy.

The communication content exchanged between you and us and on WhatsApp will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected. However, complete deletion of your data from WhatsApp and Meta Platforms cannot be guaranteed due to a lack of access options.

Communication via 3CX

We use the 3CX communication system to make online phone calls, chats and/or video conferences. When using 3CX, various types of personal data are processed. The scope of data processing also depends on the information you provide before or during participation in a web meeting and the settings you make. The personal text, audio and video data of you as a participant is also collected and, if applicable, stored if you participate in the web meeting yourself by triggering the corresponding functions via chat or video. The legal basis in this respect is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you give by activating the corresponding functions in 3CX. By using 3CX, you accept the terms of use and data protection provisions of 3CX in the valid original version. These data protection provisions are accepted by the user when registering in the 3CX Cloud. The following personal data is processed:

User details: The data stored with 3CX is processed. This may include: Your first and last name, e-mail address, password, profile picture (if you have provided it).

6. plugins

Social plugins

Facebook

We offer a Facebook plug-in on our website. Facebook is a social media network. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5 Ireland. Facebook receives all information that your browser automatically transmits (including your IP address). Facebook also places its own cookies on your end device. This happens even if you do not have a Facebook user account. If you are logged in to Facebook, your data will be assigned directly to your account. If you do not wish your data to be associated with your Facebook user account, you must log out of Facebook.

The legal basis for enabling the collection of personal data via our website is Art. 6 para. 1 sentence 1 lit. a GDPR (consent) and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Your data is also processed on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in a varied and entertaining design of its website.

Die Verarbeitung Ihrer Daten erfolgt ausschließlich im Verantwortungsbereich der Meta Platforms Ireland Limited. Meta Platforms Ireland Limited setzt jedoch die Meta Platforms Inc. in den USA (1 Hacker Way, Menlos Park, CA 94025, USA) als Dienstleister ein. Über weitere Details der Verarbeitung personenbezogener Daten im Verantwortungsbereich von Facebook sowie eine mögliche Datenverarbeitung in den USA haben wir keine Kenntnis. Wir nehmen keinen Einfluss auf die Datenverarbeitung von Facebook. In den USA besteht trotz des aktuellen Data Privacy Framework Agreements, abrufbar unter https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf voraussichtlich kein mit den Vorgaben der DSGVO vergleichbares Datenschutzniveau. Es ist daher nicht ausgeschlossen, dass staatliche Stellen in den USA auf personenbezogene Daten zugreifen, ohne dass wir oder Sie davon erfahren. Eine Durchsetzung Ihrer Rechte ist in den USA voraussichtlich nicht möglich.

Facebook undertakes to comply with data protection when processing relevant data outside the EU via the standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) and (3) GDPR.

We will forward you to Facebook via a link. Facebook is responsible for the further processing of your data.
If you have any questions about data collection and processing by Facebook, you can find information directly on the following page: https://www.facebook.com/policy.php/

Instagram

We offer an Instagram plug-in on our website. Instagram is a social network with a focus on video and photo sharing from the US provider Instagram LLC, 1601 Willow Rd, Menlo Pak CA 94025.

Instagram LLC is a subsidiary of Meta Platforms Inc. which, as the operator of Instagram, receives all information that your browser automatically transmits (including your IP address) when you use our plug-in. Meta also sets its own cookies on your end device. This also happens if you do not have an Instagram or Facebook or Meta user account. If you are logged in to Instagram or Facebook, your data will be assigned directly to your account. If you do not want the assignment to your Instagram or Facebook user account, you must log out of Instagram and Facebook before using the plug-in. Facebook receives all information that your browser automatically transmits (including your IP address). Facebook also sets its own cookies on your end device. This also happens if you do not have a Facebook user account. If you are logged in to Facebook, your data will be assigned directly to your account. If you do not wish your data to be associated with your Facebook user account, you must log out of Facebook.

Die Verarbeitung Ihrer Daten erfolgt ausschließlich im Verantwortungsbereich der Instagram LLC bzw. der Meta Platforms Inc. in den USA (1 Hacker Way, Menlos Park, CA 94025, USA). Über weitere Details der Verarbeitung personenbezogener Daten im Verantwortungsbereich von Instagram bzw. Meta sowie eine mögliche Datenverarbeitung in den USA haben wir keine Kenntnis. Wir nehmen keinen Einfluss auf die Datenverarbeitung von Instagram oder Meta. In den USA besteht trotz des aktuellen Data Privacy Framework Agreements, abrufbar unter https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf voraussichtlich kein mit den Vorgaben der DSGVO vergleichbares Datenschutzniveau. Es ist daher nicht ausgeschlossen, dass staatliche Stellen in den USA auf personenbezogene Daten zugreifen, ohne dass wir oder Sie davon erfahren. Eine Durchsetzung Ihrer Rechte ist in den USA voraussichtlich nicht möglich.

Meta undertakes to comply with data protection when processing relevant data outside the EU via the standard contractual clause approved by the EU Commission in accordance with Art. 46, para. 2 and 3 GDPR. We will redirect you to Meta via a link. Meta is responsible for the further processing of your data. If you have any questions about data collection and processing by Instagram, you can find out more directly on the following page: https://help.instagram.com

LinkedIn Insight Tag

If you have given your consent to this, we use the so-called "LinkedIn Insight Tag". This involves the use of cookies from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The "LinkedIn Insight Tag" enables LinkedIn to collect information about the activities of users of our website, among other things. By integrating the "LinkedIn Insight Tag", we enable LinkedIn to collect personal data. The data processed is according to LinkedIn:

LinkedIn Insight Tag HTTP data

This is log data that is generated for technical reasons when the LinkedIn Insight tag used on the website is used via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

LinkedIn Insight Tag - end device data

Data assigned to your end device by the LinkedIn Insight Tag: This includes a unique ID for (re-)recognizing returning visitors.

LinkedIn Insight Tag report data

Data that LinkedIn generates on the basis of the information collected by the LinkedIn Insight Tag by assigning it to the unique visitor ID of the respective visitor contained in the LinkedIn Insight Tag end device data: This includes information about the effectiveness of LinkedIn ads and assignments of users to target groups for LinkedIn ads. LinkedIn may use the information collected to generate additional data for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by LinkedIn.

LinkedIn only provides us with the evaluations or other information created on the basis of the data collected in aggregated, anonymized form. We cannot assign the information provided to us to any natural person. You can deactivate data processing by LinkedIn at any time in our cookie banner. Alternatively, you can deactivate LinkedIn Insight Tag for the browser you are currently using by deactivating the storage of cookies in your browser settings.

Empfänger der über unsere Webseite erhobenen Daten ist LinkedIn Ireland Unlimited Company als der Verantwortliche für die Erhebung und Verarbeitung personenbezogener Daten. LinkedIn Ireland Unlimited Company setzt die LinkedIn Corporation in den USA (1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) als Dienstleister ein. Über die Details der Verarbeitung personenbezogener Daten im Verantwortungsbereich von LinkedIn in den USA haben wir darüber hinaus keine Kenntnis. Wir nehmen keinen Einfluss auf die Datenverarbeitung von LinkedIn. In den USA besteht trotz des aktuellen Data Privacy Framework Agreements, abrufbar unter https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf voraussichtlich kein mit den Vorgaben der DSGVO vergleichbares Datenschutzniveau. Es ist daher nicht ausgeschlossen, dass staatliche Stellen in den USA auf personenbezogene Daten zugreifen, ohne dass wir oder Sie davon erfahren. Eine Durchsetzung Ihrer Rechte ist in den USA voraussichtlich nicht möglich.

For more information about LinkedIn's processing of personal data, please refer to LinkedIn's data policy: https://www.linkedin.com/legal/privacy-policy.

Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. These fonts are stored there for 1 year in order to improve loading times. Furthermore, the administrative effort and sources of error for font updates via Google are reduced.
For this purpose, the browser you are using must establish a connection to Google's servers. This gives Google knowledge that our website has been accessed via your IP address (with browser and device data). The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

7 What rights do you have under the EU GDPR?

The EU GDPR aims to ensure that you as the data subject have the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is considered personal data. To enable you to effectively exercise control over your data, you have the following rights vis-à-vis us:
Right to information in accordance with Article 15 EU GDPR,
the right to rectification in accordance with Article 16 GDPR,
the right to erasure in accordance with Article 17 GDPR,
the right to restriction of processing in accordance with Article 18 EU GDPR
the right to object under Article 21 EU GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR if you believe that we are processing your data unlawfully. You can find a list of all supervisory authorities here: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The right to data portability pursuant to Art. 20 is only relevant when visiting our website if you have the option of creating a profile (e.g. applicant profile, member profile or similar) or entering corresponding information about yourself.