Privacy policy


Data protection

 

Privacy Policy

We, GONSER AG, Bahnhofstrasse 4, 6048 Horw, Switzerland (hereinafter referred to as "we/our"), appreciate your interest in our online shop. The protection of your privacy is very important to us. In this privacy policy, we explain how we collect and process personal data. This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DSG") and the revised Swiss Data Protection Act ("revDSG"). Below we inform you in detail about the handling of your data.

1. Responsible Party

Contact address for data protection concerns:
Gonser AG
Bahnhofstrasse 4
6048 Horw
info@gonser.ch

2. Access Data and Hosting

You can visit our website without providing any personal information. Each time a website is accessed, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access.

This access data is analysed exclusively for the purpose of ensuring trouble-free operation of the site and improving our offering. In accordance with Article 6(1) Sentence 1 lit. f GDPR, this serves to protect our legitimate interests in a correct presentation of our offer, which predominate in the context of a balancing of interests. All access data will be deleted no later than seven days after the end of your visit to our website.

Hosting Services by a Third-Party Provider

As part of processing on our behalf, a third-party provider provides us with the services for hosting and displaying the website. This serves to safeguard our legitimate interests in the correct presentation of our website, which are overriding in the context of a balancing of interests. All data collected as part of the use of this website or in the forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers only takes place within the scope described here.

This service provider is located within a country of the European Union or the European Economic Area.

3. Data Collection and Use for Contract Processing and when Opening a Customer Account

We collect personal data if you voluntarily provide it to us as part of your order, when contacting us (e.g. via contact form or e-mail) or when opening a customer account. Mandatory fields are labelled as such, as in these cases we require the data to process the contract or to process your contact or open the customer account and you cannot complete the order and/or open the account or send the contact without providing it. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Article 6(1) sentence 1 lit. b GDPR for contract processing and processing your enquiries. After completion of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

4. Data Transfer

In order to fulfil the contract in accordance with Article 6(1) sentence 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we will pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

We use payment service providers that are based in a country outside the European Union. The transfer of personal data to these companies only takes place within the scope of the necessity to fulfil the contract.

Data Transfer to Shipping Service Providers

If you have given us your express consent to this during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Article 6(1) sentence 1 lit. a GDPR so that they can contact you before delivery for the purpose of delivery notification or coordination.

You can revoke your consent at any time by sending us a message. After revocation, we will delete the data you have provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

5. E-Mail Newsletter

E-Mail Advertising with Newsletter Registration

When you register for our newsletter, the e-mail address is verified using the double opt-in procedure. We use the data required for this or separately provided by you to send you our e-mail newsletter regularly on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

Email Advertising Without Subscribing to the Newsletter and Your Right to Object

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar products to those you have already purchased from our range by e-mail. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in a promotional approach to our customers.

You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

The newsletter is sent as part of processing on our behalf by a service provider based in Switzerland, to whom we pass on your e-mail address for this purpose. The mailing data is stored both on the website's hosting server and on encrypted servers in Switzerland. Data on unsubscriptions and clicks are automatically collected for the purpose of evaluation, but these are only used to monitor success and improve the newsletter content and mailing frequency.

6. Cookies and Web Analytics

Cookies

We use cookies on various pages to make our website more attractive and to enable the use of certain functions, to display suitable products or for market research. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in an optimised presentation of our offer in accordance with Article 6(1) sentence 1 lit. f GDPR. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

If cookies are not accepted, the functionality of our website may be restricted.

As part of the use of Google Analytics (see below), this website also uses the so-called DoubleClick cookie, which enables your browser to be recognised when you visit other websites. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Article 6(1) sentence 1 lit. f GDPR. The information automatically generated by the cookie about your visit to this website is transmitted to a Google server in the USA and stored there. The IP address is shortened by activating IP anonymisation on this website before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google will use this information to compile reports on website activity and to provide other services relating to website activity and internet usage. This serves to protect our legitimate interests in optimising the marketing of our website, which outweigh our interests. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The data collected in this context will be deleted once the purpose has ceased to apply and we have stopped using Google DoubleClick.

Google Double Click is an offer from Google LLC. (www.google.com). Google LLC is headquartered in the USA and is certified under the EU-US-Data Privacy Framework. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Data Privacy Framework.

You can deactivate the DoubleClick cookie via this link. You can also obtain information from the Digital Advertising Alliance about the setting of cookies and make settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted.

Use of Google Analytics for Web Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC (www.google.com), to analyse web pages. This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in an optimised presentation of our offer in accordance with Article 6(1) sentence 1 lit. f GDPR. Google Analytics uses methods that enable your use of the website to be analysed, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymised IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected in this context will be deleted after the end of the purpose and use of Google Analytics by us.

Google LLC is headquartered in the USA and is certified under the EU-US-Data Privacy Framework. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Data Privacy Framework.

You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

As an extension to Google Analytics, Google signals are used in connection with this website to create cross-device reports. If you are logged into your Google account and have allowed personalised advertising, Google can use Google Analytics to analyse your usage behaviour across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only aggregated statistics. If you wish to prevent cross-device analysis, you can deactivate the "Personalised advertising" function in the settings of your Google account here

Use of Hotjar for Web Analysis

We use Hotjar to better understand our users‘ needs and to optimise the services and experience on this website. With the help of Hotjar technology, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users' behaviour and their devices, in particular the device's IP address (captured and stored only in anonymised form when you use our website), screen size, device type (unique device identifiers), information on the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

7. Advertising via Marketing Networks

Google Ads Remarketing

We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, the so-called remarketing cookie is set by Google when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you visit. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our website in accordance with Article 6(1) Sentence 1 letter f of the General Data Protection Regulation (GDPR). After the end of the purpose and the end of the use of Google Ads Remarketing by us, the data collected in this context will be deleted.

Any further data processing will only take place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalise ads that you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google will temporarily link your personal data with Google Analytics data to create target groups.

Google Ads Remarketing is an offer from Google LLC (www.google.com). Google LLC is headquartered in the USA and is certified under the EU-US-Data Privacy Framework. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has established an adequate level of data protection for companies certified under the Data Privacy Framework.

You can deactivate the remarketing cookie via this link. You can also obtain information from the Digital Advertising Alliance about the setting of cookies and make settings for this.

The website uses “enhanced conversions” from Google Ads. For this purpose, encrypted user data is transferred to Google and synchronised with registered Google accounts in order to allocate conversions.

Google Customer Match

We use a function called Google Ads Customer Match to target interested parties and customers with personalised advertisements. This enables us to address customers more precisely by better tailoring the adverts that are displayed via Google Ads to the specific interests of the target group.

Please note that when using Google Ads customer matching, we do not pass on any personal data such as names or email addresses to Google. Instead, we only transmit a list of hashed codes generated from your customer data using one-way encryption. Google cannot decrypt these codes as long as the corresponding data is not already available in its own user database. This means that Google does not receive the uploaded customer data, but merely determines whether the data is already available at Google or not. Once the customer match lists have been created, the encrypted customer data is automatically deleted again.

Facebook

We use Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

Facebook uses so-called standard contractual clauses (= Art. 46, para. 2 and 3 of the GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Facebook data processing conditions, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed using Facebook Conversions API in the privacy policy at https://www.facebook.com/about/privacy.

Pinterest

We use Pinterest Web Analytics, a web analysis programme, on our website. The service provider is the American company Pinterest Inc. The company also has an Irish registered office at Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Pinterest also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Pinterest uses so-called standard contractual clauses (Art. 46, para. 2 and 3 of the GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find more information on Pinterest's standard contractual clauses at https://policy.pinterest.com/en/privacy-policy#section-residents-of-the-eea.

You can find out more about the data processed using Pinterest Web Analytics in the full privacy policy at https://policy.pinterest.com/en/privacy-policy.

8. Sending Evaluation Reminders by E-Mail

If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address as a reminder to submit an evaluation of your order via the evaluation system we use. This consent can be revoked at any time by sending a message to the contact option described.

9. Contact Options and your Rights

As the data subject, you have the following rights:

  • In accordance with Article 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
  • In accordance with Article 16 GDPR, you have the right to demand the immediate correction of incorrect or incomplete personal data stored by us;
  • In accordance with Article 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing is necessary
    • to exercise the right to freedom of expression and information;
    • to fulfil a legal obligation;
    • for reasons of public interest or
    • for the establishment, exercise or defence of legal claims;
  • in accordance with Article 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
    • the accuracy of the data is disputed by you;
    • the processing is unlawful, but you refuse to delete it;
    • we no longer need the data, but you need it for the establishment, exercise or defence of legal claims, or
    • you have objected to the processing pursuant to Article 21 GDPR;
  • in accordance with Article 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
  • in accordance with Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of consents granted or objection to a specific use of data, please contact us directly via the contact details in our imprint.

Right of Objection

Insofar as we process personal data as explained above in order to safeguard our legitimate interests, which outweigh your interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

10. Reservation of Amendment

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements and any changes in our services are reflected.

 

Status 01.10.2024 - Individual parts of this privacy policy were created using the Trusted Shops legal text editor and the AdSimple data protection generator.

Sign up now for the free newsletter and secure CHF 10 discount!

Minimum order value CHF 50. Your data will not be shared with third parties. Unsubscribe at any time.