Data protection is a matter of trust, and your trust is important to us. In this privacy policy, we inform you about how and why we collect, process, and use your personal data.
In this privacy policy, you will learn, among other things:
We have aligned this privacy policy with both the Swiss Data Protection Act and the European General Data Protection Regulation (GDPR). The GDPR has established itself globally as a benchmark for strong data protection. However, the applicability of the GDPR depends on the individual case.
This privacy policy applies to all individuals whose data we process (each “you”), regardless of how you interact with us, such as through an online shop, website, app, store, phone, social network, event, etc. It applies to the processing of both already collected and future collected personal data.
Our data processing may affect, in particular, the following categories of individuals when processing personal data:
Please also consult the terms and conditions for specific services (e.g., general terms and conditions, terms of use, or participation conditions). These may contain additional information on our data processing. For information on the collection and processing of personal data when using our websites, mobile apps, and social media presence, especially in connection with cookies and similar technologies.
“Personal data” refers to information that can be associated with a specific person. We process various categories of such personal data. The main categories are provided below for your reference. In individual cases, we may also process additional personal data. Section 5 provides more information on the origin of this data, and Section 6 details the purpose of the data processing.
Master data includes basic information about you, such as title, name, contact details, or date of birth. We collect master data particularly when you create a customer account. However, we also collect master data, for example, when you participate in a contest or sweepstakes or sign up for a newsletter. We also collect master data about contact persons and representatives of contractual partners, organizations, and authorities.
Master data includes, for example:
In some cases, you may log in to individual online offers using a third-party login (e.g., Apple, Google, or Facebook). In this case, we may access certain data stored by the respective provider, such as your name and email address, the scope of which you can usually determine. You can find information on this in the privacy policy of the respective provider.
Contract data are personal data that arise in connection with the conclusion or processing of a contract, e.g., information about contract conclusion, acquired claims and receivables, or information on customer satisfaction. We conclude contracts primarily with customers and business partners and job applicants. When you use offers from us based on a contract, e.g., buy products or use services, we often also collect behavioral and transaction data (see Section 4.4).
Contract data includes, for example, information:
Contract data are personal data that arise in connection with the conclusion or processing of a contract, e.g., information about contract conclusion, acquired claims and receivables, or information on customer satisfaction. We conclude contracts primarily with customers and business partners and job applicants. When you use offers from us based on a contract, e.g., buy products or use services, we often also collect behavioral and transaction data (see Section 4.4).
When you are in contact with us or we are in contact with you, e.g., when you contact customer service or when you write or call us, we process the exchanged communication contents and information about the type, time, and place of communication. In certain situations, we may ask you for proof of identity for identification purposes.
Phone and video conference calls with us may be recorded; we will inform you at the beginning of each call. If you do not want us to record such calls, you can always choose to end the call and contact us in another way (e.g., by email).
4.4 Behavioral and Transaction Data
When you shop with us, use our offers and infrastructure, or use our services, we often collect data about this usage. This is the case, for example, when you shop in an online store with us, when you become active in our communities, or when you use our websites and apps. If you act for third parties, personal data may also concern these third parties (e.g., your family members if you shop for them).
Behavioral and transaction data includes, for example, the following information, as far as it is personally available to us:
We aim to tailor our offers and services to our customers as best as possible. Therefore, we also process data about your interests and preferences. For this purpose, we may link behavioral and transaction data with other data and evaluate this data in a personalized and non-personalized manner. This allows us to draw conclusions about characteristics, preferences, and likely behavior, e.g., your affinity for certain products and services.
In particular, we can create segments (permanent or case-specific), i.e., groups of people who have similarities based on certain characteristics. Preference data can be used personally (e.g., to show you relevant advertising that may interest you) but also non-personally (e.g., for market research or product development).
The described processing can also be referred to as “profiling” in technical terms. You can find more information on profiling in Section 11.
When you use our websites or other electronic offerings from us, we collect certain technical data such as your IP address or device ID. Technical data also includes the logs in which we record the usage of our systems (log data). In some cases, we may assign a unique identifier (ID) to your device (tablet, PC, smartphone, etc.) using technologies like cookies or similar tools so that we can recognize it.
Based on technical data, we can also collect behavioral data, which includes information about your use of websites and mobile apps (see section 4.4). Generally, from technical data alone, we cannot determine your identity unless you create a customer account or register for other services. In such cases, we may link technical data with master data — and thus with your personal information.
Technical data includes, among other things:
These technical data points help us to provide and improve our services, customize your experience, and ensure the security and functionality of our systems and offerings.
5. Where do the personal data come from?
You provide us with personal data yourself in the following cases, for example:
Providing personal data is generally voluntary, meaning you are usually not obligated to disclose personal data to us. However, we must collect and process those personal data that are necessary for the management of a contractual relationship and to fulfill associated obligations or legal requirements, such as mandatory basic and contractual data. Otherwise, we may not be able to conclude or continue the relevant contract.
If you provide us with data about other persons (e.g., family members), we assume that you are authorized to do so and that this information is correct. Please also ensure that these other persons have been informed about this privacy policy.
We may also collect personal data about you either directly or automatically, for example, when you shop with us, use our services, or interact with our offerings. This often includes behavioral and transactional data as well as technical data (e.g., the time when you access our website).
We autonomously collect personal data about you in the following cases, for example:
We may also derive personal data from existing personal data, for example, by analyzing behavioral and transactional data. Such derived personal data often include preference data.
For instance, we may analyze behavioral and transactional data from purchases in our online shops to make assumptions about your personal interests, preferences, affinities, and habits. This allows us to tailor our offers and information to your individual needs and interests. Thus, we can provide you with a personalized selection of relevant offers. For more information on behavioral and transactional data, refer to section 4.4, and for profiling in this context, refer to section 11.
We may also receive personal data from other companies. For further details, refer to section 8. Additionally, we may receive information about you from other third parties, such as companies we cooperate with, individuals who communicate with us, or from public sources.
For example, we may receive information about you from the following third parties:
6. For what purposes do we process personal data?
We aim to stay in touch with you and address your individual concerns. Therefore, we process personal data for communication purposes, such as responding to inquiries and customer care. For this purpose, we primarily use communication and basic data and, if the communication pertains to a contract, also contractual data. We may also personalize the content and timing of messages based on behavioral, transactional, preference data, and other data.
The purpose of communication includes, in particular:
6.2 Contractual Processing
We aim to provide you with the best possible service. Therefore, we process personal data in connection with the initiation, administration, and fulfillment of contractual relationships, such as delivering an order, providing a service, mediating purchases and services, building our communities, conducting loyalty programs, or hosting competitions. Contractual processing also includes any agreed-upon personalization of services. We use basic, contractual, communication, behavioral and transactional data, as well as preference data for these purposes.
The purpose of contractual processing generally includes everything necessary or appropriate to conclude, execute, and if necessary, enforce a contract.
This includes, for example, processing:
We aim to offer you attractive deals. Therefore, we process personal data for relationship management and marketing purposes, such as delivering written and electronic communications and offers and conducting marketing activities. These may involve our own offers or offers from other companies or advertising partners. We may also act for other companies and take on the role of an agency to conduct advertising campaigns for their products.
Messages and offers may also be personalized to provide you with information that is likely to be of interest to you. For this purpose, we primarily use basic, contractual, communication, behavioral and transactional data, as well as preference data, but also image and sound recordings.
You can reject contacts for marketing purposes at any time (see section 15). For newsletters and other electronic communications, you can usually unsubscribe via your customer account or through an unsubscribe link integrated into the communication.
Personalizing our communications allows us to tailor information to your individual needs and interests and to offer you only relevant deals. For example, we can provide you with a personalized selection of products relevant to you or show you online content tailored to your needs. Overall, aligning our activities with the desires and needs of our customers simplifies processes such as purchases or sales, enabling you to reach your goals more quickly. For more information on profiling in this context, refer to section 11.
We aim to continuously improve our offerings and make them more attractive to you. Therefore, we process personal data for market research and product development. For this purpose, we process basic, behavioral, transactional, and preference data, as well as communication data and information from customer surveys, surveys, studies, and other sources such as media, the internet, and other public sources. Whenever possible, we use pseudonymized or anonymized data for these purposes.
Market research and product development include, in particular:
6.5 Security and Prevention
We want to ensure your and our security and prevent abuse. Therefore, we process personal data also for security purposes, to ensure IT security, theft prevention, fraud prevention, abuse prevention, and for evidentiary purposes. This may concern all categories of personal data mentioned in Section 4, especially behavioral and transaction data as well as image and sound recordings. We may collect, evaluate, and store this data for the aforementioned purposes.
The purpose of security and prevention includes, for example:
We may particularly automate the evaluation of video recordings for the purpose of security and prevention. In a specific suspicious case, for instance, we may define a combination of features (such as clothing or body size) and automatically search for this combination in existing video recordings over a specific period. This allows us to evaluate video recordings more efficiently and assists us in investigating criminal acts. However, we do not perform biometric data analysis (e.g., facial recognition) or automated analysis of behavioral patterns or similar analyses in this context.
We aim to meet the requirements for legal compliance. Therefore, we also process personal data to comply with legal obligations, prevent and detect violations, such as receiving and processing complaints and other reports, complying with court or authority orders, and taking measures to uncover and investigate abuses, as well as the legally required retention of telecommunications metadata (mobile subscriptions). This may concern all categories of personal data mentioned in Section 4.
Compliance with legal requirements includes in particular:
In all cases, these may be Swiss law but also foreign regulations to which we are subject, as well as self-regulations, industry and other standards, corporate governance or regulatory instructions.
We want to be able to enforce our claims and defend ourselves against claims of others. Therefore, we also process personal data for the purpose of asserting rights, e.g., to enforce claims in court, out-of-court or before authorities in Switzerland and abroad, or to defend ourselves against claims. Depending on the constellation, we process different categories of personal data, e.g., contact details and information about processes that have given rise to or could give rise to a dispute.
For the purpose of asserting rights, this includes in particular:
7. On what legal basis do we process personal data?
Depending on the purpose of data processing, our processing of personal data is based on different legal grounds. We can process personal data in particular when processing is:
We have a legitimate interest, in particular, in processing for the purposes described above in Section 6 and in disclosing data according to Section 8 and the associated objectives. These legitimate interests include our own interests and the interests of third parties.
These legitimate interests include, for example:
8. To whom do we disclose personal data?
We may disclose your personal data to companies when we use their services. Usually, these service providers process personal data on our behalf as so-called “data processors.” Our data processors are obligated to process personal data exclusively according to our instructions and to take appropriate measures to ensure data security. Certain service providers are also jointly responsible with us or independently responsible (e.g., debt collection agencies). We ensure data protection throughout the entire processing of your personal data by selecting service providers and through appropriate contractual agreements.
This concerns services in particular in the following areas:
It is also possible that we disclose personal data to other third parties for their own purposes, e.g., if you have given us your consent or if we are legally obligated or entitled to do so. In these cases, the recipient of the data is legally responsible in their own right.
These include, for example, the following cases:
In principle, we are not subject to any professional confidentiality obligations (such as banking or medical secrecy). Please inform us on a case-by-case basis if you believe that certain personal data are subject to professional confidentiality so that we can examine your request.
We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may disclose personal data to service providers and other recipients (see Section 8) located outside this area or processing personal data outside this area, generally in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a state, we ensure the protection of your personal data in an appropriate manner.
A means of ensuring adequate data protection is, for example, the conclusion of data transfer agreements with recipients of your personal data in third countries that ensure the required data protection. These include contracts approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Please note that such contractual arrangements may partially compensate for weaker or absent legal protection but cannot fully eliminate all risks (e.g., from state access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g., based on consent, in connection with legal proceedings abroad, or if the transfer is necessary for the execution of a contract.
Sure, here’s the translation of the text you provided into English:
10. How do we process particularly sensitive personal data?
Certain types of personal data are considered “particularly sensitive” under data protection law, e.g., information about health and biometric characteristics. Depending on the situation, the categories of personal data mentioned in Section 4 may also include such particularly sensitive personal data. Typically, we only process particularly sensitive personal data when it is necessary for providing a service, when you voluntarily provide us with this data, or when you have consented to its processing. Furthermore, we may process particularly sensitive personal data if necessary to assert legal claims or comply with domestic or foreign legal regulations, if the relevant data has been obviously publicly disclosed by the data subject, or if applicable law otherwise allows its processing.
We may process particularly sensitive personal data, for example, in the following cases:
“Profiling” refers to the automated processing of personal data to analyze personal aspects or predict behavior, e.g., analyzing personal interests, preferences, affinities, and habits, or predicting likely behavior. Profiling can derive preference data in particular (further details in Section 4.5).
Profiling is a common process, for example, in the automated processing:
We conduct profiling, for example, in connection with our online shops by evaluating your shopping behavior and assigning certain interests based on it. Such interests can be formed permanently or on a case-by-case basis and may relate, for example, to the motive for purchasing. This profiling allows us, for example, to deliver product suggestions relevant to you via newsletters.
To improve the quality of our analyses and predictions, we may link personal data from different sources as a basis for profiling, e.g., data collected through various of our services. This may also involve self-learning algorithms (specific programming in computer programs).
You can object to profiling in certain cases, as described in Section 15.
12. Do we make automated individual decisions?
“Automated individual decision-making” refers to decisions that are made fully automatically, i.e., without human intervention, and that have legal consequences for the data subject or significantly affect them in another way. We generally do not make automated individual decisions, but we will inform you separately if we use automated individual decisions in individual cases. In such cases, you have the option to have the decision reviewed by a human if you do not agree with it.
13. How do we protect personal data?
We take appropriate technical and organizational security measures to protect the security of your personal data, to protect it against unauthorized or unlawful processing, and to guard against the risk of loss, accidental alteration, unauthorized disclosure, or access. However, like all companies, we cannot completely eliminate data security breaches; certain residual risks are unavoidable.
Technical security measures include, for example, data encryption and pseudonymization, logging, access restrictions, and the storage of backups. Organizational security measures include, for example, instructions to our employees, training, and controls. We also require our processors to implement appropriate technical and organizational security measures.
14. How long do we process personal data?
We process and store your personal data:
In certain cases, we may also ask for your consent to store personal data longer (e.g., in job applications that we may keep pending). After the specified periods have expired, we delete or anonymize your personal data.
We adhere, for example, to the following retention periods, but we may deviate from them in individual cases:
15. What rights do you have regarding the processing of your personal data?
You have the right to object to data processing, especially when we process your personal data based on legitimate interests and meet other applicable requirements. You can also object to data processing related to direct marketing (e.g., advertising emails) at any time. This also applies to profiling to the extent that it is associated with such direct marketing.
If the respective applicable requirements are met and no legal exceptions apply, you also have the following rights:
Please note that these rights may be restricted or excluded in individual cases, e.g., if there are doubts about identity or this is necessary to protect other persons, safeguard legitimate interests, or comply with legal obligations.
You can exercise the most important of the above rights via the customer account or our help center. If you have a customer account, you can correct your master data (e.g., your address) stored there at any time. You can also request deactivation of the customer account or complete deletion of your personal data there. Additionally, you can unsubscribe from newsletters and other advertising emails by clicking on the corresponding link at the end of the email.
16. How can you contact us?
If you have any questions about this privacy policy or the processing of your personal data, you can contact the responsible company using the contact details provided on its website.
You can also contact us as follows:
For specific questions regarding data protection, you can contact our data protection officer:
17. Changes to this privacy policy
This privacy policy may be adjusted over time, especially if we change our data processing practices or if new legal regulations apply. We actively inform individuals whose contact details are registered with us about significant changes to such changes, if feasible without disproportionate effort. For data processing, the privacy policy in effect at the start of the respective processing applies.