Responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Sutter & Co. Watskin
P.O. Box 199
CH - 4663 Aarburg
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the federal government (Data Protection Act, DSG), every person has the right to the protection of their privacy and protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.
By using this website you consent to the collection, processing and use of data as described below. This website can generally be visited without registration. In doing so, data such as pages called up or the name of the file called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.
Processing of personal data
Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes all handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process - to the extent and insofar as the EU GDPR is applicable - personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR:
lit. a) Processing of personal data with the consent of the data subject.
lit. b) Processing of personal data to fulfill a contract with the data subject and to carry out corresponding pre-contractual measures.
lit. c) Processing of personal data to fulfill a legal obligation to which we are subject in accordance with any applicable law of the EU or in accordance with any applicable law of a country in which the GDPR is fully or partially applicable.
lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.
lit. f) Processing of personal data in order to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights as well as the interests of the data subject prevail. Legitimate interests are in particular our business interests in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration that is necessary for the respective purpose or purposes. In the case of longer-term storage obligations due to legal and other obligations to which we are subject, we limit the processing accordingly.
Data protection declaration for SSL / TLS encryption
This website uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Data protection declaration for server log files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not pass on this data without your consent.
Use of Google reCAPTCHA
This website uses the reCAPTCHA service from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). The purpose of the query is to distinguish whether the input is made by a person or by automated, machine processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. Your data may also be transmitted to the USA. There is an adequacy decision by the European Commission, the "Privacy Shield", for data transfers to the USA. Google participates in the "Privacy Shield" and has submitted to the requirements. By pressing the query, you consent to the processing of your data. The processing takes place on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation.
You can find more information about Google reCAPTCHA and the associated data protection declaration at: https://policies.google.com/privacy?hl=de
Data protection declaration for Google Analytics
This website uses Google Analytics, a web analysis service from Google Ireland Limited. If the person responsible for data processing on this website is outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.
We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under “My data”, “Personal data”.
The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website Google Analytics has added the code «_anonymizeIp ();» has been extended to ensure an anonymous collection of IP addresses. As a result, IP addresses are further processed in abbreviated form, so that personal references can be excluded. If the data collected about you can be linked to a person, this will be excluded immediately and the personal data will be deleted immediately.
The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This saves a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you want to continue preventing this form of data collection. The opt-out cookies are set for each browser and computer / device and must therefore be activated separately for each browser, computer or other device.
External payment service providers
This website uses external payment service providers through whose platforms the user and we can carry out payment transactions. For example about
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.
As part of the fulfillment of contracts, we use the payment service providers on the basis of the Swiss Data Protection Regulation and, if necessary, Art. 6 Para. 1 lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with. Swiss Data Protection Ordinance and, if necessary, in accordance with Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, such as the name and address, bank details, such as Account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. As the operator, we do not receive any information about your (bank) account or credit card, only information to confirm (accept) or reject the payment. Under certain circumstances, the data will be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection information of the respective payment service provider apply, which can be accessed on the respective website or transaction applications. We refer to these for the purpose of further information and assertion of rights of revocation, information and other data subjects.
Order processing in the online shop with customer account
We process the data of our customers acc. the data protection regulations of the federal government (Data Protection Act, DSG) and the EU-DSGVO, as part of the order processes in our online shop, to enable you to select and order the selected products and services, as well as their payment and delivery or execution.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. Processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. Here we use session cookies, e.g. for storing the contents of the shopping cart and permanent cookies, e.g. to save the login status.
The processing takes place on the basis of Art. 6 Abs. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as required is required for the establishment and fulfillment of the contract. We only disclose the data to third parties in the context of delivery, payment or within the framework of legal permits and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).
Users can optionally create a user account in which they can see their orders in particular. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and can be accessed by search engines, e.g. Google, not to be indexed. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is for commercial or tax reasons in accordance with Art. 6 Para. 1 lit. c GDPR necessary. Information in the customer account remains until it is deleted and then archived in the event of a legal obligation. It is up to the users to save their data before the end of the contract if they have canceled.
As part of the registration and renewed logins as well as the use of our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the users in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.
The deletion takes place after the expiry of legal warranty and comparable obligations, the need to store the data is checked at irregular intervals. In the case of the statutory archiving obligations, the deletion takes place after their expiry.
Notice regarding data transfers to the USA (United States of America)
For the sake of completeness, we would like to point out that for users based in Switzerland there are monitoring measures by the US authorities, which generally enable the storage of all personal data from Switzerland - which has been transmitted to the USA.
This happens without differentiation, restriction or exception based on the objectives pursued and without an objective criterion that makes it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes, those with access to be able to justify this data as well as interventions associated with its use. In addition, we would like to point out that in the USA there are no legal remedies for the data subjects from Switzerland that would allow them to gain access to the data concerning you and to have it corrected or deleted. there is no effective judicial protection against general access rights of US authorities. We explicitly point out this legal and factual situation to those affected in order to make an appropriately informed decision to consent to the use of their data.
We would like to point out to users residing in a member state of the EU that, from the point of view of the European Union, the USA does not have an adequate level of data protection.
All information on this website has been carefully checked. We strive to keep our information offering up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and topicality of information, including journalistic and editorial information. Liability claims for material or immaterial damage caused by the use of the information provided are excluded, unless it can be proven that there was willful intent or gross negligence.
The publisher can change or delete texts at his own discretion and without notice and is not obliged to update the content of this website. Use or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damage, such as direct, indirect, accidental, specifically to be determined in advance or consequential damage, which allegedly resulted from visiting this website and consequently assume no liability for this.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that is contrary to common decency.
We can adapt this data protection declaration at any time without prior notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, we will inform you of the change in the event of an update by e-mail or in another suitable manner.
Questions to the data protection officer
If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration.
Aarburg, September 1st, 2020
Translated with Google Translate