- hereinafter referred to as "Swiss Mountain Essence AG" or "data controller" -.
Swiss Mountain Essence AG attaches great importance to the protection of the privacy of its customers and prospective customers. This applies in general, whether a data subject visits the Swiss Mountain Essence AG website or whether data is processed outside the website.
The use of the Swiss Mountain Essence AG website is possible without any indication of personal data. However, if a data subject wants to use special enterprise services via our website - for example, if he or she wants Swiss Mountain Essence AG to contact him or her - processing of personal data could become necessary. If the processing of personal data is necessary and there is no other legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the Data Protection Act of the Principality of Liechtenstein (DPA), and in accordance with the European Data Protection Regulation (DPR). By means of this data protection declaration, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed by means of this data protection declaration in particular about the rights to which they are entitled.
As the controller, Swiss Mountain Essence AG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always leave security gaps, so that absolute protection cannot be guaranteed. Complete protection of data against access by third parties cannot be guaranteed. Swiss Mountain Essence AG accepts no liability for any damage caused by such security gaps. Every data subject is free to transmit personal data to us by alternative means, for example by post.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Responsible party or data controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by the Data Protection Act of the Principality of Liechtenstein, Union law or Member State law, the controller or the specific criteria for its designation may be provided for under Union law or Member State law.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under the Data Protection Act of the Principality of Liechtenstein, Union law or Member State law shall not be considered as recipients.
j) Third party
Third party means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
2. name and address of the controller
The responsible party within the meaning of the data protection provision is:
Commercial register number: FL-0002.497.615-1, Commercial register Vaduz
If you have any questions regarding data protection, please do not hesitate to contact us using the above contact details.
3. What information and personal data is collected when I visit our website?
3.1 Access data
Swiss Mountain Essence AG processes some of the information usually transmitted by the browser when you access its website, insofar as your browser provides this information. The following data may be collected: Information about the browser type and version used, the operating system used, the Internet pages from which the visitor's system accesses our Internet pages (so-called referrers), the (sub)Internet pages that are accessed via the visitor's system on our Internet pages, the date and time of access to the Internet pages, an Internet protocol address (IP address) of the visitor, the visitor's Internet service provider and other similar data and information that serve to avert danger in the event of attacks on our information technology systems. This information is needed to deliver the content of our website correctly, to optimize the content of our website and the advertising for it, to ensure the long-term functionality of our information technology systems and the technology of our website, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. The data of the log files are always stored separately from other personal data of the users.
3.2 Cookies and connection data
Connection information or cookies allow us to link the origin of the information you enter with your identity. This allows us to tailor and improve our website to your needs. In addition to the optimized graphical display of content, this allows us to better recognize your preferences when visiting our websites and to tailor them to your needs. When you visit our website, your IP address is automatically registered. In addition, your usage behavior and technical data (e.g. browser used, language settings, etc.) are registered and analyzed during this visit.
3.3 General purpose and scope of data collection and processing
The information collected from you or gathered in the course of the connection is primarily processed in the course of processing orders for products and services (e.g. storage orders). The information collected is used to further develop the websites and improve the service provided by Swiss Mountain Essence AG. In addition, Swiss Mountain Essence AG processes personal information for the further development and improvement of its products and services. Legal requirements of due diligence legislation, money laundering and anti-terrorism financing may require Swiss Mountain Essence AG to process personal data. Swiss Mountain Essence AG collects personal data through its website that is expressly provided by the visitor (e.g., to enable Swiss Mountain Essence AG to contact the visitor). In these cases, Swiss Mountain Essence AG may use this personal information to provide customized offers and information about products and services.
4. registration and use of the internal area (financial information)
If authorized persons register for the internal area on the Swiss Mountain Essence AG website by entering their password, the data in the respective input mask will be transmitted to Swiss Mountain Essence AG. The registration with specification of the data is necessary for the provision of content. The data is stored exclusively for internal use by Swiss Mountain Essence AG.
When you register, your IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception to this is when there is a legal obligation to pass on the data.
5. e-mail communication
E-mail communication with Swiss Mountain Essence AG is always open and unencrypted. It can therefore not be ruled out that data sent can be viewed by third parties and that contacts made with Swiss Mountain Essence AG can be traced. Even if you use Secure Mail, the e-mail address of the sender and recipient is visible to third parties. In addition, data may circulate across borders, even if the sender and recipient are located in the same country.
The confidentiality of communication via e-mail is therefore not always sufficiently guaranteed.
6. Further information
Insofar as our online offers also contain links to other providers, we select these carefully. Nevertheless, in these cases we can unfortunately not guarantee that their data protection standards correspond to ours. The respective operators are responsible.
7. access protection and security
Swiss Mountain Essence AG takes appropriate technical and organizational measures to ensure that your personal data is protected against loss or unauthorized access by third parties.
This data will be used and disclosed only in accordance with applicable laws and regulations. Collected data may also be disclosed to authorities if required or permitted by applicable law.
The Internet is an open medium in which data is often transmitted in unencrypted form and can therefore in principle be viewed by third parties. Connections to Swiss Mountain Essence AG websites are always encrypted. If you provide us with personal information (name, e-mail, etc.) via our websites, this information is generally protected against unauthorized access. However, based on your IP address, it may still be possible to establish contact with Swiss Mountain Essence AG.
8. deletion and blocking of personal data
Swiss Mountain Essence AG will process your personal data only for the period of time necessary to achieve the purpose for which it was collected, or as required by law. Under certain circumstances, a deletion may be precluded by legal regulations governing data processing. In this case, Swiss Mountain Essence AG will continue to process the data only to the extent necessary to comply with legal data retention obligations.
If the purpose of the storage no longer applies or if legally required retention periods expire, the processing of the personal data will be restricted in accordance with the legal requirements or this data will be deleted.
9. rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the Data Protection Act and you have the following rights vis-à-vis Swiss Mountain Essence AG, Äulestrasse 2, 9490 Vaduz, Principality of Liechtenstein, as the controller:
Right to information
You may request confirmation from Swiss Mountain Essence AG as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from Swiss Mountain Essence AG about the following:
a) the purposes for which the personal data are processed;
b) the categories of personal data which are processed;
c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
e) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) any available information on the origin of the data, if the personal data are not collected from the data subject;
h) the existence of automated decision-making, including profiling, and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards in connection with the transfer.
Right to rectification
You have a right of rectification and/or completion vis-à-vis Swiss Mountain Essence AG if the personal data processed concerning you is inaccurate or incomplete. Swiss Mountain Essence AG shall carry out the rectification without delay.
Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
(a) if you contest the accuracy of the personal data concerning you for a period enabling Swiss Mountain Essence AG to verify the accuracy of the personal data;
b) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
c) Swiss Mountain Essence AG no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or
d) if you have objected to the processing and it is not yet clear whether the legitimate grounds of the controller override your interests.
If the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Principality of Liechtenstein, the EU or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, Swiss Mountain Essence AG will inform you before the restriction is lifted.
Right to deletion
You may request Swiss Mountain Essence AG to erase the personal data concerning you without undue delay, and Swiss Mountain Essence AG shall be obliged to erase such data without undue delay, if one of the following reasons applies:
(a) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
b) You revoke your consent on which the processing was based in accordance with the statutory provisions and there is no other legal basis for the processing.
c) You object to the processing in accordance with the legal provisions and there are no overriding legitimate grounds for the processing, or you object to the processing.
d) The personal data concerning you have been processed unlawfully.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under the law of the Principality of Liechtenstein, the EU or the law of the Member States.
The right to erasure does not exist insofar as the processing is necessary for
a) for the performance of a contract between you and Swiss Mountain Essence AG.
b) for the exercise of the right to freedom of expression and information;
c) for compliance with a legal obligation which requires processing under the law of the Principality of Liechtenstein, the EU or the law of the Member States, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Swiss Mountain Essence AG;
d) for reasons of public interest in the area of public health in accordance with statutory provisions;
e) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with legal provisions, insofar as the aforementioned right is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
f) for the assertion, exercise or defense of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against Swiss Mountain Essence AG, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against Swiss Mountain Essence AG to be informed about these recipients.
Right to data portability
You have the right to obtain the personal data concerning you that you have provided to Swiss Mountain Essence AG in a structured, commonly used and machine-readable format. In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from Swiss Mountain Essence AG to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Swiss Mountain Essence AG.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.
Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the law.
The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with the legal provisions.
10. use and application of Shopify
We use the store system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. For further information on Shopify's data protection, please visit the following website: https://www.shopify.de/legal/datenschutz.
Further processing on servers other than the aforementioned of Shopify takes place only within the framework communicated below.
11. use and application of Google Analytics with anonymization function
The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for the optimization of a website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this additive, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a Member State of the European Union or from another State party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical procedure to third parties.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
12. use and application of Google AdWords
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed by means of an automatic algorithm and in compliance with the previously defined keywords on topic-relevant Internet pages.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertising on our website.
If a data subject accesses our website via a Google advertisement, a so-called conversion cookie is stored by Google on the data subject's information technology system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages, for example the shopping cart of an online store system, have been called up on our website, provided that the cookie has not yet expired. Through the conversion cookie, both we and Google can track whether a data subject who has accessed our website via an AdWords ad has generated a sale, i.e. has completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.
By means of the conversion cookie, personal information, for example the Internet pages visited by the data subject, is stored. Each time the data subject visits our website, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical procedure to third parties.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.
Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/
13. use and application of Vimeo
Videos are embedded on this website via vimeo.com. This is a service of Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA ("Vimeo"). For this purpose, a connection is established to the servers of Vimeo in the USA. Through this, certain information (e.g. your IP address) is transmitted to Vimeo. It is also possible that Vimeo places cookies on your terminal device if you have consented to the use and storage of cookies from third-party providers. We do not obtain knowledge of the type and scope of the data collected by Vimeo and have no influence on its use. Through the integration, Vimeo can also receive the information that your browser has accessed the corresponding page of this website, even if you do not have a user account with Vimeo or are not logged in to Vimeo.
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
15. data processing when opening a customer account and for contract execution.
Pursuant to Art. 6 (1) lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data was reserved by us.
16. Comment function
In the context of the comment function on this website, in addition to your comment, information on the time of creation of the comment and the comment name you have chosen will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your e-mail address in order to contact you if a third party objects to your published content as being illegal. The legal basis for the storage of your data is Art. 6 para. 1 lit. b and f DSGVO. We reserve the right to delete comments if they are objected to by third parties as illegal.
17. use of customer data for direct advertising
17.1 Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on an appropriate link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a DSGVO. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.
17.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you e-mail offers for similar goods or services to those already purchased from our range. In accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f DSGVO. If you have initially objected to the use of your e-mail address for this purpose, no e-mails will be sent by us. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. For this, you will only incur transmission costs according to the prime rates. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.
17.3 Newsletter delivery via Shopify Email
Our email newsletters are sent via Shopify Email, a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), to whom we pass on the data you provided when you registered for the newsletter. This transfer takes place in accordance with Art. 6 (1) lit. f DSGVO and serves our legitimate interest in using an effective advertising, secure and user-friendly newsletter system. The data entered by you for the purpose of receiving newsletters (e.g. email address) is generally stored on Shopify's servers in the EU.
As part of Shopify's aforementioned services, data may also be transmitted to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on behalf of Shopify. In the case of transfer of data to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by adequacy decision of the European Commission.
Shopify uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the emails sent may contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, Shopify may use this data itself in accordance with Art. 6 (1) lit. f DSGVO due to its own legitimate interest in designing and optimizing the service in line with demand, as well as for market research purposes, for example to determine which countries the recipients come from. However, Shopify does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
We have entered into an order processing agreement with Shopify, which obliges Shopify to protect our customers' data and not to pass it on to third parties.
18. data processing for order processing
18.1 In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.
18.2 Transfer of personal data to shipping service providers
If the goods are delivered by the transport service provider Post CH (Schweizerische Post AG, Schweiz, Wankdorfallee 4, 3030 Bern), we will pass on your e-mail address to Post CH prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this in the ordering process.- Otherwise, we will only pass on the name of the recipient and the delivery address to Post CH for the purpose of delivery. The disclosure will only be made to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Post CH or the transmission of status information of the shipment delivery is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider Post CH.
18.3 Use of payment service providers (payment services)
If you opt for the "Apple Pay" payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the "Face ID" or "Touch ID" function of your terminal device is therefore required.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing pursuant to Art. 6 (1) lit. b DSGVO.
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. The anonymization completely eliminates any reference to individuals. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay," and uncheck "Allow payments on Mac."
For more information about Apple Pay privacy, please visit the following web address: https://support.apple.com/de-de/HT203027
If you select a Klarna payment service, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be forwarded to Klarna for the purpose of identity and credit checks, provided that you have expressly consented to this in accordance with Art. 6 para. 1 lit. a DSGVO during the ordering process. You can see which credit agencies your data may be forwarded to here:
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained about the statistical probability of non-payment for a weighed decision on the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna remains entitled to process your personal data, if applicable, insofar as this is necessary for the processing of payments in accordance with the contract.
or for data subjects based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
will be treated.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.
PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
If you choose a payment method of the payment service provider Stripe, the payment is processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b DSGVO. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
Stripe reserves the right to perform a credit check based on mathematical-statistical methods in order to safeguard the legitimate interest in determining the User's ability to pay. Stripe may transmit the personal data necessary for a credit check and obtained in the course of payment processing to selected credit agencies, which Stripe discloses to Users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the authorization to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the assigned credit agencies.
However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
19. Contact form and e-mail contact
If you fill out a contact form or send us an email or other electronic message, your information will only be stored for the processing of the request and possible related questions and used only in the context of the request.
The legal basis for processing your request is Art. 6 para. 1 lit. b DSGVO.
We will delete your e-mail address after your request has been dealt with.
20. legal basis of the processing
Article 6 I lit. a DS-GVO serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).
21. legitimate interests in the processing pursued by the controller or a third party.
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
22. duration for which the personal data are stored.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the performance of the contract or the initiation of the contract.
23. legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.
We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her (e.g. membership). Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact us. Swiss Mountain Essence AG will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law, by contract, or for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
24. existence of automated decision making
Swiss Mountain Essence AG does not use automated decision-making or profiling.