General data protection declaration of Swiss Chocolate World
For your information we have translated the German version of this page into English. This translation is for informational purposes only, and the final version of this page is the German version governed by Swiss law.
Swiss Chocolate World is an offer from Swiss Chocolate World GmbH. Swiss Chocolate World GmbH, Campingstrasse 6b, 3785 Gsteig, Switzerland (hereinafter "Swiss Chocolate World" or "we") processes personal data relating to you or other persons in different ways and for different purposes. "Personal data" or "data" in the following is information that can be linked to a specific person and "process" means any handling of it, e.g. procurement, storage, use, disclosure and deletion.
This privacy notice explains our processing of such data when
- you purchase products online from us,
- you are otherwise associated with us under a contract (e.g. suppliers or their contact persons),
- you communicate with us,
- our website swisschocolateworld.com (hereinafter «website»),
- you register for services (e.g. our newsletter),
- You deal with us within the scope of all further data processing in connection with our offers.
We have aligned this data protection declaration with both the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). If the term "personal data" is used in the data protection declaration, this also means "personal data" according to the GDPR. However, whether and to what extent the GDPR is applicable at all depends on the individual case.
If you give us information about other people, we will assume that you have the right to do so and that this information is correct. Please ensure that these individuals have been informed of this privacy statement.
In order to make it easier to read, we use the masculine designations in this data protection declaration, but mean people of all genders.
If you have any questions or would like further information about our personal data processing, we are at your disposal (see Section 2).
Swiss Chocolate World is “responsible” for data processing in accordance with this data protection declaration, i.e. the body primarily responsible under data protection law (also “we”), unless otherwise communicated below and in individual cases.
If you have any questions about data protection, you are welcome to contact the following address:
Swiss Chocolate World GmbH
Depending on the purpose, we process different categories of personal data. You will find the most important categories below for your orientation, although this list is not exhaustive. Information on the purposes of this processing can be found in Section 4.
- base data
We define master data as data that we need to process our business relationships or for marketing and advertising purposes and that relate directly to your person and characteristics. For example, we process the following master data and, if you provide us with further master data, this too:
- Shipping and billing address
- telephone and mobile number
- Occupational information in business contacts
- in the case of contact persons of companies, also relationships with the company for which you work
- contract data
Contract data is information that arises in connection with the conclusion of the contract or the execution of the contract. We conclude contracts primarily with business partners (particularly suppliers) and customers. For example, we process the following contract data:
- Date, application process, information about the type and duration and conditions of the relevant contract;
- contact details and delivery addresses;
- Information about the use of services, claims, invoices and payments as well as selected payment modalities;
- Information about customer satisfaction, complaints, feedback, etc.
- communication data
Communication data is data in connection with our communication with you, e.g. if you contact us via the contact form or other means of communication. In doing so, we record the data exchanged between you and us, including your contact details and peripheral data of the communication (e.g. time, type and place of communication).
If necessary (e.g. if you submit a request for information), we also collect data to identify you, e.g. a copy of an ID card.
Technical data is generated in connection with the use of our website. This includes, for example, the following data:
- IP address of the end device and device ID
- Information about your device, the operating system of your end device or language settings
- Information about your Internet provider
- accessed content or logs in which the use of our systems is recorded
- Date and time you accessed the website and your approximate location
We can also assign you or your end device an individual code (e.g. through a cookie; see Section 5). This code is stored for a certain period of time, often only during your visit. As a rule, we cannot derive who you are from technical data, unless you register for the newsletter on our website, for example. In this case, we can connect technical data with master data - and thus with your person.
If you use our website or read newsletters (section 7), we try to get to know you and better tailor our services to you. To do this, we collect and use data about your behavior and your preferences by evaluating your use of our website. Behavioral data can also be collected on the basis of technical data. This includes, for example, information about your use of electronic communications (e.g. whether and when you opened an e-mail or clicked on a link, in particular when sending out newsletters).
We process personal data in particular for the following purposes:
- We process your data for the conclusion, processing and enforcement of contracts with you or with the company for which you work. For this purpose, we process master data and contract data in particular.
- We process your data in connection with communication with you, e.g. to answer inquiries and assert your rights and to contact you if you have any questions. For this purpose, we use communication data in particular, possibly also master data. We keep this data to document our internal communication with you and to be able to answer questions.
- We also process data for market research, marketing purposes and customer care. For example, we may send you information, advertising and product offers from Swiss Chocolate World. Like most companies, we also personalize marketing and other communications so that we can provide you with information and offers that are relevant to you. For these purposes, we use in particular your behavior and preference data and, if necessary, master data.
- To ensure IT security and for prevention: We process personal data to ensure IT security, to prevent fraud and misuse and for evidence purposes. This includes, for example, the evaluation of system-side records of the use of our systems (log data), the prevention, defense and investigation of security breaches, analyzes and tests of our networks and IT infrastructure and system and error checks.
- To comply with laws, instructions and recommendations from authorities and internal regulations (“compliance”). For these purposes, we use your master and contract data in particular.
- Under certain circumstances, we also process personal data to protect the law, i.e. to assert claims in court, before or out of court and before authorities at home and abroad or to defend ourselves against claims. For these purposes, we use your master, communication and contract data in particular.
You can object to the processing for marketing purposes by notifying us, also for individual communication channels (e.g. only advertising via e-mail) or for individual advertising campaigns (see Section 12).
We can also use other technologies, e.g. to store data in the browser [, but also for recognition, e.g. pixel tags or fingerprints. Pixel tags are invisible images or program code that are loaded from a server and thereby transmit certain information. Fingerprints are information about the configuration of your end device that makes your end device distinguishable from other devices.
We use third party services to measure and improve usability of the website and online advertising campaigns. Third-party providers may also be located outside of Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analytics services so that we can optimize and personalize our website. Third-party cookies and similar technologies also enable them to target you with customized advertising on our websites or on other websites and social networks that also work with that third party and to measure how effective ads are (e.g. whether you have read an ad came to our website and what actions you then carry out on our website). The relevant third-party providers can record the use of the website and connect their recordings with further information from other websites. In this way, they can record user behavior across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers can also use this information for their own purposes, e.g. for personalized advertising on their own website or other websites.
[[Two] The most important third-party providers are Google and Facebook. You will find further information on these below]. Other third-party providers usually process personal and other data in a similar way.]
- [Meta-Pixel, an analytics tool provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This allows us to control ads on Meta and Meta's partners so that they are only shown to users who are likely to be interested in the ads. We may also measure the effectiveness of such ads for statistical and market research purposes. We share responsibility with Meta for sharing data that Meta receives as a result, for displaying personalized ads, improving ad delivery, and personalizing content. The data is stored on servers in the EU/EEA and the USA. Users can send requests for information and other inquiries directly to Facebook. You can find more information on data protection at Meta and the corresponding setting options here.]
- [LinkedIn Insight Tag, an analytics tool provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). With LinkedIn Tag we are informed that you have visited our website, whereby your IP address is also collected. In addition, timestamps and events such as page views are saved. This enables us to statistically evaluate your use of our website in order to continuously optimize it. For example, we learn which LinkedIn ad or interaction on LinkedIn brought you to our website. This enables us to better control the display of our advertising. The data is stored on servers in the EU/EEA and the USA. We have configured LinkedIn Insight Tag to truncate or hash visitors' IP addresses prior to forwarding to the United States. Please note that LinkedIn can store the data so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. You can find more information on LinkedIn's data protection and the corresponding setting options here.]
We can operate our own presence on third-party platforms (in particular social networks) (e.g. Facebook, Instagram, Twitter, YouTube). If you communicate with us there or comment on content, we collect and process the relevant information. When you visit our social media presence, data can be transmitted directly to the relevant provider or collected by them (e.g. data on your user behavior), and the provider can process this data together with other data known to it. Further information on data processing by social network providers can be found in the data protection regulations of the relevant social networks.
If you fill out the contact form for the newsletter on our website, you give us your consent to send you electronic newsletters or invitations to events from Swiss Chocolate World or third parties (partners) by email. You can unsubscribe at any time via a link in the relevant emails.
When using newsletters, we can evaluate whether and when you open the newsletter and what content you click on, so that we can tailor newsletters to your interests. You will find further information on this in Section 3.5.]
In connection with the purposes stated in Section 4, we transmit your personal data to third parties, in particular the following categories of recipients:
- Service providers: We use various services from third parties, in particular IT services (examples are providers of hosting services), services for sending newsletters and operating our website, other shipping and logistics services and services from banks, the post office, consultants, etc You will find further information on service providers for our website under Section 5. These service providers can also process personal data to the extent required.
- Authorities: We can pass on personal data to offices, courts and other authorities at home and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities are responsible for processing data about you that they receive from us.
- Other Recipients: As our business develops, we may sell or acquire, or enter into partnerships with, any business, business, asset or business, which may also involve the disclosure of information to those involved in those transactions. If we participate in procedures, we can also disclose personal data to other participants in the procedure (e.g. counterparties).
Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply according to Swiss data protection law, but e.g. according to the GDPR, insofar as it applies (which can only be determined in individual cases). In this case, we base the processing of your personal data on the fact that it is necessary for the preparation and execution of contracts (Section 4), that it is necessary for our legitimate interests or that of third parties, e.g. for statistical evaluations or for marketing purposes (Section 4) that it is required or permitted by law or that you have separately consented to the processing. You will find the corresponding provisions in Art. 6 and 9 of the GDPR.
You are not obliged to disclose data to us, subject to individual cases (e.g. if you have to fulfill a contractual obligation and data is disclosed to us in the process). For legal and other reasons, however, we have to process data when we conclude and execute contracts. It is also not possible to use our website without data processing (see Section 5).
Not only do we process your personal data, but also service providers and other recipients. These may also be based outside of Switzerland and the EU/EEA, particularly in the USA. The laws of the respective countries do not always guarantee an appropriate level of data protection according to the standards of Swiss law. We therefore take contractual precautions to contractually compensate for the weaker legal protection, insofar as data protection law does not permit disclosure in individual cases for other reasons (e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the determination, exercise or enforcement of legal claims or for overriding public interests). These precautions include in particular the standard contractual clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC).
We store and process your personal data for as long as it is necessary for the purpose of processing, as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to a statutory are subject to a retention obligation. If there are no legal or contractual obligations to the contrary, we will destroy or anonymize your data after the storage or processing period has expired as part of our usual processes.
In order to make it easier for you to control the processing of your personal data, you have the following rights in connection with our data processing:
- Right to information: You have the right to request certain information about our processing of your personal data and a copy of personal data.
- Correction: You can request that we correct or supplement incorrect or incomplete data if, for example, it is incorrect.
- Deletion: You have the right to request the deletion or anonymization of data.
- objection and revocation: You can object to our processing for specific purposes (e.g. processing for marketing purposes). You have the right to revoke consent with effect for the future if processing is based on consent. Please note that even after you have revoked your consent, we are entitled to continue to process your personal data to the extent permitted by law.
- Transmission: You have the right to receive personal data that you have provided to us in a structured, common and machine-readable format or to have it transmitted to a third party, insofar as the corresponding data processing is based on your consent or is necessary to fulfill the contract.
If you wish to exercise rights against us, please contact us in writing. You will find our contact details in Section 2. In order to prevent misuse, we must identify you (e.g. with a copy of your ID, unless this is otherwise possible).
You are also free to lodge a complaint with a competent supervisory authority if you have concerns as to whether the processing of your personal data is legally compliant. The competent supervisory authority in Switzerland is Federal Data Protection and Information Commissioner (FDPIC).
Status of data protection declaration: 01. June 2022