DATA PRIVACY STATEMENT

The following data privacy statement applies on the use of our online-services at www.stempelgarten.ch (hereinafter called «website »).

The protection of your personal data is important to us. The collecting and processing of your personal data will be conducted in compliance with the applicable data protection regulations of the Swiss Data Protection Act (« DPA ») and the General Data Protection Regulation of the European Union (« GDPR »).

Responsible data controller for the collection, procession and use of your personal data and contact address for all related inquiries is:

Alexandra Härtenstein – Klemm
Firma Stempelgarten
Rietstrasse 12
8630 Rüti ZH
Tel: +41 (0)55 240 63 28
Mobile: +41 (0)79 293 29 32
E-Mail: info@stempelgarten.ch

In case you want to object to the processing of your personal data according to the terms of this Privacy Statement, be it in general or for single measures, or if you wish to withdraw your consent, you may contact the data controller declaring your objection or withdrawal.

General purpose of the data processing
We are using personal data for the purpose of operating our website and selling our goods through the online shop. You have as well the option to register for a newsletter or to participate in blogs.

Scope and purpose of the data processing

Hosting
The hosting contracted by us from a third party provider contains specifically the following services: Infrastructure and platform services, server performance, storage capacity and data base services, security services and technical support services, which are all required for the operation of this website.

For this purpose, we – respectively our hosting provider being a data processor mandated by us – are processing basic, contact, content, contract, meta and communication data of customers, interested parties and website visitors on the grounds of our legitimate interest of an efficient and secure operation of our website. The relevant statutory provisions are Art. 4 sec. 3, 13 sec. 2 lit. a in relation with Art. 10a DPA as well as Art. 6 sec. 1 lit. f in relation with Art. 28 GDPR.

Access data
We are collecting information about you if you are using the website. We are automatically gathering information on your user behaviour and your interactions with us and we are storing data of your computer or your mobile phone. We are collecting, saving and using data on every access on our website (so-called server log files). Access data are:

- Name und URL of the accessed data file
- date and time of access
- transmitted data volume
- http response code
- browser type and version
- operating system
- referer URL
- websites, opened by the system of the user through our website
- internet service provider of the user
- IP address of the inquiring provider.

We are using these protocol data without allocating them to you and without any profiling but only for statistical reasons, for the purpose of the operation, security and optimization of our website and as well for the anonymous determination of the number of visitors (traffic) and for the extent and type of use of our website.

We reserve the right to examine the protocol data later if there is reasonable grounds for a suspicion of illegal use. IP addresses are saved in the log files for a limited time if this is necessary for reasons of security or performance. In addition we save the date of your last customer account visit (e.g. registration, login, opening of links etc.).

Cookies
This website uses cookies. These are small data files enabling to set information on your hard disk device (PC, smartphone etc.). They enhance the user friendliness of this website. They are installed on your device as long until you delete them. You can prevent the storage of cookies on your hard disk by turning off the cookie setting in your browser adjustments; however this may limit the use of this website`s offerings. At every opening of the website you are informed about the use of cookies and asked whether or not you agree to it.

Contract data required in the ordering process
We are processing personal data which we are using for performing our contractual obligations, such as name, address, e-mail-address, ordered goods, billing and payment data. The collection of these data is required for the conclusion of the contract. To be able to order goods from us, you must register as a customer and open an account.

Your personal data will be deleted after expiration of the warranty period and statutory storage obligations. Personal data connected to an account will be stored as long as the account is active.

Customer account
You may open a customer account on our website. If so, you will be required to provide the personal data requested. At every later login you will need only your e-mail or user name and your password.

For every new registration we collect some master data (such as name, address), communication data (e.g. e-mail-address), shipping and payment data and access data (user name and password).

Upon successful registration we will send you a welcome e-mail.

You may at any time request from us the deletion of your account. Your message in text format to the contact address by letter or e-mail is sufficient. We will then delete your personal data, if we are not required to keep them for the handling of your order, during warranty period or based on statutory storage requirements.

Legal justification for the processing of your personal data is the preparation and handling of an order / a contract upon your request and your voluntary consent (Art. 13 sec. 1, 13 sec. 2 lit. a DPA ; Art. 6 sec. 1 lit. a and b GDPR).

Newsletter
We are offering to you a newsletter in which you are informed on current sales offers and new products. If you wish to register for the letter you need to provide a valid e-mail address. In case you are clicking the box at the respective entry field, you allow us to save your e-mail address including date of registration, IP address and the list name of the desired newsletter. We are using your e-mail and the collected personal data only for the operation and the forwarding of the desired newsletter at the frequency stated. You are free to unsubscribe from our newsletter at any time. You will find the respective link at the end of every newsletter. Subsequently you will not receive it any more and your e-mail and all other data will be deleted unless there is no other legitimate reason to save them (for instance in the customer data base). Your e-mail address will not be disclosed to third parties, specifically not to marketing companies.

E-mails and contact form
If you get in contact with us (e.g. in a contact form or by e-mail), we will process your data only to handle your request and in case of follow-up questions. If the data processing is the consequence of your inquiry for the conclusion of contract, or, in case you are an existing customer, of the conclusion of another contract, then the legal basis for the data processing is Art. 13 sec. 2 lit. a DPA or Art. 6 sec. 1 lit. b GDPR.

More personal data will only be processed, if you agree to it or if we have a legitimate interest to the processing, such as, for instance, in order to respond to your e-mail.

Blog
Through your google account you may participate in one of our blogs. The data privacy statements of Google and this Data Privacy Statement both apply. We are free to exclude you at any time as a participant in the blog and to remove your comments at our free discretion should they contradict our ethical standards. If you leave an entry or a comment, your IP address will be stored. This is based on our legitimate interest and for our security as the owner of this website including the blogs. Since we might be held liable, should your entry or comment violate applicable law, we have an interest to know the identity of the author of the entry or comment.

Google Analytics
This website is not using Google Analytics, a web analysis service of Google Inc.

Limitation of storage
If not explicitly stated otherwise, we are storing personal data only as long as it is required for the pursued purpose. Your customer data will be stored as long as you own a customer account.

In certain cases applicable law requires us to retain personal data. In these cases such data will be stored only for this lawful purpose but not processed otherwise and will be deleted after expiration of the legal obligation.

Your rights as a data subject
Under applicable laws you as the « data subject » are entitled to various rights towards us (as the « controller ») regarding personal data. If you want to exercise your rights, you may send your request including proof of your identity by e-mail or letter to the address mentioned in the first section above.

In the following, there is an overview of your rights as a data subject.

Right of confirmation and access
The data subject shall have at any time the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, free of cost information including a copy of the personal data processed and the following information:

1. the purposes of processing;
2. the categories of personal data concerned ;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries outside Switzerland or the EU or international organizations ;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from the controller rectification or erasure of personal data or the restriction of processing of personal data concerning the data subject or to object such processing ;
6. the right to lodge a complaint with a supervisory authority ;
7. where the personal data are not collected from the data subject, any available information as to their source;
8. the existence of automated decision-making, including profiling (if applicable);
9. Where personal data are transferred to a third country outside Switzerland or the European Union or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer (we are not transferring any personal data outside of Switzerland or the European Union).

Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent on which the processing is based according and where there is no other legal ground for the processing;
3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Switzerland`s or the European Union`s legislation;

Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following presumptions applies:

1. if the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:

1. the processing is based on the process of a contract conclusion or a contract execution and
2. the processing is carried out by automated means.

In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if the processing is for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Stempelgarten does not perform automated decision-making or profiling based on the personal data collected.

Right to withdraw a consent
The data subject has the right to withdraw at any time a consent given to the processing of his or her personal data. The processing of personal data prior to such withdrawal remains lawful.

Right to a complaint to a supervisory authority
The data subject is entitled to file a complaint at a supervisory authority, specifically in the State of his or her habitual residence, of his or her work place or in the State of the infringement, if the data subject is of the view that the processing of his or her personal data is unlawful. In Switzerland the competent supervisory body is the Federal Data Protection Officer:

https://www.edoeb.admin.ch/edoeb/de/home.html

Data Security
We strive to secure your personal data given the technical possibilities and according to applicable data protection laws.

Your personal data which you transmit to us in the order process or through your customer login are encrypted. We are using the SSL (Secure Socket Layer) state-of-the-art encryption coding system; however, we may point out to you that in transmitting data through the internet (e.g. by e-mail communication) security gaps may occur. A complete protection of the data from third party access is not possible.

In order to protect your personal data, we maintain technical and organizational security measures and permanently adapt them to the latest technical developments in line with Art. 7 of the Swiss Data Protection law and the related provisions of the Decree on Swiss Data Protection as well as Art. 32 of the General Data Protection Regulation of the European Union.

We do not warrant uninterrupted and error-free availability of our offering services. Malfunctions, interruptions or technical failures cannot be excluded. There is a regular and careful back-up of our servers.

Transfer of Data to third parties; no transfer to countries outside CH and EU
As a rule, we are using your personal data only within our own company. If and insofar as we involve third parties in fulfilling contracts (e.g. for logistic or e-mail services), they receive the personal data only to the extent required for the completion of the respective service.

If we outsource certain parts of the data processing to a third party, as, for instance, to our hosting partner, we oblige the data processor in a written contract to process the personal data strictly in compliance with the requirements of the data protection laws and to guarantee the rights of the data subjects.

We do not transfer personal data to instances, companies or individuals outside Switzerland or the European Union and we are not planning to do so in the future.

Legal basis
The processing of personal data is based on the actual provisions of the Swiss Data Protection Act, specifically Art. 13 sec. 1 and sec. 2 lit. a DPA and on the actual EU regulations, namely Art. 6 sec. 1 lit. a, b and f of the General Data Protection Regulation.