Data protection

Privacy Policy

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Schrader GmbH
Säntisstrasse 13
8599 Salmsach

Email: info@candy24.ch
Website: https://www.candy24.ch/

General note

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG), every person has the right to privacy and protection against the misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as effectively as possible against unauthorized access, loss, misuse, or falsification.

Please note that data transmission over the internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as pages viewed or the names of files accessed, as well as the date and time, are stored on the server for statistical purposes, without this data being directly linked to you personally. Personal data, in particular your name, address, or email address, is collected on a voluntary basis whenever possible. Your data will not be shared with third parties without your consent.

Processing of personal data

Personal data is any information relating to an identified or identifiable natural person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, collection, erasure, storage, alteration, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, to the extent that the EU GDPR is applicable, we process personal data in accordance with the following legal bases pursuant to Article 6(1) GDPR:

  • lit. a) Processing of personal data with the consent of the data subject.
  • lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
  • lit. c) Processing of personal data to fulfill a legal obligation to which we are subject under applicable EU law or under applicable law of a country in which the GDPR is wholly or partially applicable.
  • lit. d) Processing of personal data to protect the vital interests of the data subject or of another natural person.
  • lit. f) Processing of personal data to protect our legitimate interests or those of third parties, unless the fundamental freedoms and rights and interests of the data subject override those interests. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims, and compliance with Swiss law.

We process personal data for the duration necessary for the respective purpose(s). Where longer retention periods are required due to legal or other obligations to which we are subject, we restrict processing accordingly.

Privacy policy for cookies

This website uses cookies. These are small text files that make it possible to store specific, user-related information on the user's device while they are using the website. Cookies allow us, in particular, to determine the frequency of use and number of users of the pages, to analyze user behavior on the site, and also to make our website more user-friendly. Cookies remain stored after a browser session ends and can be retrieved when the website is visited again. If you do not wish this, you should configure your internet browser to refuse the acceptance of cookies.

Privacy policy for SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential information, such as inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

When SSL encryption is enabled, the data you send to us cannot be read by third parties.

Third-party services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services from the American company Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA. We assume that no personal tracking takes place solely through the use of our website.

Google has committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shield frameworks.

Further information can be found in Google's privacy policy .

Privacy policy for contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

Privacy policy for newsletter data

If you wish to subscribe to the newsletter offered on this website, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not share it with third parties.

You can revoke your consent to the storage of your data, email address and its use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter.

Privacy policy regarding the right to information, erasure, and blocking.

You have the right to request information, free of charge, about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to rectification, blocking, or erasure of this data. For this purpose, and for any further questions regarding personal data, you can contact us at any time at the address provided in the legal notice.

Privacy policy for objecting to advertising emails

The use of contact details published as part of the legal notice for sending unsolicited advertising and informational materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

Google AdWords

This website uses Google Conversion Tracking. If you reached our website via an ad placed by Google, Google AdWords will place a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of different AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. These customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can refuse the necessary placement of a cookie – for example via a browser setting that generally deactivates the automatic placement of cookies or by configuring your browser to block cookies from the domain "googleleadservices.com".

Please note that you must not delete the opt-out cookies if you wish to prevent the recording of measurement data. If you have deleted all your browser cookies, you will need to set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. This function serves to present website visitors with interest-based advertisements within the Google advertising network. A so-called "cookie" is stored in the website visitor's browser, which makes it possible to recognize the visitor when they visit websites that belong to Google's advertising network. On these pages, the visitor may be presented with advertisements that relate to content that the visitor previously viewed on websites that use Google's remarketing function.

According to Google, no personal data is collected during this process. However, if you do not wish to use Google's remarketing function, you can deactivate it by adjusting the settings at http://www.google.com/settings/ads . Alternatively, you can deactivate the use of cookies for interest-based advertising via the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp .

Privacy policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de . Google Analytics uses cookies. These are small text files that make it possible to store specific, user-related information on the user's device. This allows Google to analyze the use of our website. The information generated by the cookie about your use of our website (including your IP address) is generally transmitted to and stored by Google on servers in the United States. Please note that on this website, Google Analytics has been extended with the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (IP masking). If anonymization is activated, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which means that no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google complies with the data protection regulations of the "Privacy Shield" agreement and is registered with the "Privacy Shield" program of the US Department of Commerce. Google uses the collected information to evaluate the use of our websites, to compile reports for us in this regard, and to provide us with other related services. You can find out more at https://www.google.com/intl/de/analytics/privacyoverview.html .

Privacy policy for Google AdSense

This website uses Google AdSense, a service for integrating advertisements from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google AdSense uses so-called "cookies," text files that are stored on your computer and enable an analysis of your website usage. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons allow information such as visitor traffic on these pages to be evaluated. The information generated by cookies and web beacons about your use of this website (including your IP address) and the delivery of advertising formats is transmitted to and stored on a Google server in the USA. This information may be shared by Google with its partners. However, Google will not associate your IP address with any other data stored by Google. You can prevent the installation of cookies by adjusting your browser software settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Facebook Privacy Policy

This website uses features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plugins, a connection is established between your browser and Facebook's servers. Data is then transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular using a comment function or clicking a "Like" or "Share" button, are also transmitted to Facebook. You can find out more at https://de-de.facebook.com/about/privacy .

Instagram Privacy Policy

Our website integrates features of the Instagram service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

External payment service providers

This website uses external payment service providers through whose platforms users and we can process payment transactions. For example, via

  • PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
  • Visa (https://www.visa.de/USE Conditions/visa-privacy-center.html)
  • Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
  • American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
  • Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
  • Bexio AG (https://www.bexio.com/de-CH/datenschutz)
  • Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
  • Apple Pay (https://support.apple.com/de-ch/ht203027)
  • Stripe (https://stripe.com/ch/privacy)
  • Klarna (https://www.klarna.com/de/datenschutz/)
  • Skrill (https://www.skrill.com/de/fusszeile/datenpolitik/)
  • Giropay (https://www.giropay.de/rechts/datenschutz-agb/) etc.

In order to fulfill contracts, we use payment service providers on the basis of the Swiss Federal Act on Data Protection and, where necessary, Article 6(1)(b) of the EU General Data Protection Regulation (GDPR). Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Federal Act on Data Protection and, where necessary, Article 6(1)(f) of the EU GDPR, in order to offer our users effective and secure payment options.

The data processed by payment service providers includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount, and recipient-related information. This information is required to process the transactions. However, the entered data is processed and stored only by the payment service providers. We, as the operator, receive no information about (bank) accounts or credit cards, but only confirmation (acceptance) or rejection of the payment. The payment service providers may transmit the data to credit agencies for identity and creditworthiness verification. Please refer to the terms and conditions and privacy policies of the payment service providers for further information.

The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions and can be accessed on their respective websites or transaction applications. We also refer you to these documents for further information and to exercise your rights of withdrawal, access, and other data subject rights.

Order processing in the online shop with customer account

We process our customers' data in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU GDPR, within the framework of order processes in our online shop, in order to enable them to select and order the chosen products and services, as well as to make payment and delivery or execution of these.

The data processed includes master data (inventory data), communication data, contract data, and payment data. The individuals affected by this processing include our customers, prospective customers, and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, including invoicing, delivery, and customer service. We use session cookies, for example, to store the contents of the shopping cart, and persistent cookies, for example, to store the login status.

The processing of your data is based on Article 6(1)(b) (performance of a contract) and (c) (compliance with legal requirements) of the GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We only disclose your data to third parties for the purposes of delivery, payment, or as permitted by law. Data is only processed in third countries if this is necessary for the performance of the contract (e.g., at the customer's request for delivery or payment).

Users can optionally create a user account, which allows them to view their orders. During registration, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines such as Google. If users terminate their user account, their data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until its deletion, with subsequent archiving in the event of a legal obligation. It is the users' responsibility to back up their data before the end of the contract if they have terminated their account.

As part of the registration and subsequent login processes, as well as the use of our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for the enforcement of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR.

Data is deleted after the expiry of statutory warranty periods and similar obligations; the necessity of retaining the data is reviewed periodically. In the case of statutory archiving obligations, deletion occurs after their expiry.

Copyrights

The copyright and all other rights to content, images, photos, or other files on this website belong exclusively to the operator of this website or the specifically named rights holders. Prior written consent from the copyright holder is required for the reproduction of any files.

Anyone who commits copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly damages.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any updates by email or other suitable means.

Questions for the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization, whose contact details are listed at the beginning of the privacy policy.

Winterthur, September 16, 2018
Source: SwissAnwalt