data protection

Data protection

We, iBeautyBeauty Violante, Gustav Zeiler-Ring 14, 5600 Lenzburg, operate the online shop https://www.duftdeko.ch and are the provider of the products offered on the website. We are subsequently considered responsible for the collection, use and processing of your data.

Data protection is an important concern for us. We therefore only process your data in compliance with the relevant legal regulations. The information listed below refers to the Swiss Data Protection Act (DSG), taking into account the GDPR (EU General Data Protection Regulation).

Below we will show you whether and how we process your data:

1. Data processing, storage and deletion

We only process the personal data that we collect directly via our online shop, the associated applications, via external platforms, via so-called “landing pages” or as part of the business relationship with our customers and other business partners. Processing will only take place with consent or if there is a corresponding legal basis.

Within the scope of the consent you have given, we will only process your data within the limits of this consent, unless one of the following legal bases applies. We expressly point out that you can revoke your consent at any time, although any - lawful - processing action that has already taken place is not affected.

The following legal bases come into question:

  • Consent of the data subject (Art. 13 Para. 1 GDPR or Art. 6 Para. 1 lit. a GDPR);
  • Fulfillment of the contract with the data subject as a contracting party or necessary pre-contractual measures at the request of the data subject (Art. 13 Para. 2 lit. a DSG or Art. 6 Para. 1 lit. b GDPR);
  • Fulfillment of the necessary legal obligations of our company (Art. 13 Para. 1 DSG or Art. 6 Para. 1 lit. c GDPR);
  • Performing or exercising a task in the public interest (Art. 13 Para. 1 DSG or Art. 6 Para. 1 lit. e GDPR);
  • Legitimate interests of our company, provided that the interests of the person concerned or their fundamental rights do not outweigh them (Art. 13 Para. 1 DSG or Art. 6 Para. 1 lit. f GDPR).

The personal data collected will be deleted as soon as we no longer need it for the stated purpose or the purpose of storage no longer applies. However, storage must take place if Swiss or European legislators provide for a corresponding obligation in laws or regulations. Such obligations arise, among other things, from contract and tax law as well as from the provisions on commercial accounting. Business documents, contracts or accounting documents require a retention period of 10 years. This data, which also includes personal data but which we no longer need to provide our services, is blocked and then used solely for accounting and tax purposes.

2. Disclosure to third parties

As part of order processing, it may be necessary to use third-party services. In order to provide the service in accordance with the contract, it may be necessary to pass on data to these external service providers. The legal basis for disclosure is identical to the legal basis for lawful processing and can be viewed under section 2. In any case, we contractually ensure that third parties commissioned to process your data comply with data protection requirements. Finally, under certain circumstances we may also be required by official and court orders to release data to third parties or government bodies.

3. Provision of our services and creation of log files

As soon as you access our website, our system automatically collects and stores information in so-called log files. It refers to:

  • Browser type and version
  • operating system
  • IP address
  • Internet service provider
  • Date and Time

The aforementioned data cannot be directly assigned to any person. The data collected and stored in this way is not combined and stored with other personal data, but is in our system. The legal basis for the collection and storage in log files is Article 13 Paragraph 2 Letter a DSG and Article 6 Paragraph 1 Letter f GDPR (legitimate interests of our company).

The storage in log files serves exclusively the functionality of our services. In addition, it supports the optimization of our services and ensures the security of our information technology systems. In any case, the log files are only stored for as long as this corresponds to the purpose of their collection. Deletion takes place automatically after each session.

The collection of your data and its storage in log files is absolutely necessary for the operation of our website; there is no possibility of objection.

4. Cookies

We use cookies on our website. These are small text files that your browser saves on your computer (in the corresponding browser folder or under the program data). This enables your browser to be uniquely identified when you visit our website again. The display settings and login information are stored and transmitted in the cookies. We use cookies to make our website user-friendly and secure. The legal basis for this is Art. 13 Para. 2 DSG or Art. 6 Para. 1 lit. f GDPR (legitimate interests of our company).

Because cookies are stored on your computer system, you always have full control over their use. By changing the settings in your browser, you have the option to deactivate or restrict the transmission of cookies. You can also delete stored cookies at any time using your browser settings; this can also be done automatically. We would like to point out that deactivating cookies may mean that you can no longer use all of the services on our website.

5. Google Analytics

We use Google Analytics on our website, a web analysis service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies (see explanations in section 5), which are stored on your computer and enable your use of our website to be analyzed. As a rule, the information generated by the cookie (such as browser type, operating system, IP address, referrer URL) is transmitted to Google's own server in the USA and stored there. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted as part of Google Analytics is not combined by Google with other data collected by Google outside of our website.

On our behalf, Google will use the information stored to evaluate your use of our website, to create reports on our website activity and to provide us with other services related to website or internet usage.

By changing the settings in your browser, you have the option to deactivate or restrict the transmission of cookies. You can also delete stored cookies at any time using your browser settings; this can also be done automatically. We would like to point out that deactivating cookies may mean that you can no longer use all of the services on our website.

In addition, you can prevent the information generated by the cookie and related to your use of our website from being sent to Google and from being processed by Google. For this purpose, the following browser add-on was developed to deactivate Google Analytics and can be downloaded and installed directly from Google itself via the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Further information regarding Google Analytics can be found in the Google Analytics Terms ( https://marketingplatform.google.com/about/analytics/terms/de/ ), the Google Analytics Help ( https://support.google.com/analytics/ answer/6004245?hl=de ) and the associated data protection declaration ( https://policies.google.com ).

6. Klaviyo

We use Klaviyo, a marketing tool from the company of the same name, Klaviyo, 125 Summer St Floor 6, Boston, MA 02111, USA. The legal basis for the use of Klaviyo is your consent as a data subject when you register for this email service on our website. The processing activities may take place in the USA and/or be transferred to the USA for this purpose.

The basis for data processing and data transfer to the USA are so-called standard contractual clauses (see Article 46 Paragraph 2 and Paragraph 2 GDPR). Through these clauses, Klaviyo undertakes to comply with applicable European law and data protection levels.

Further information about the standard contractual clauses and/or the data that Klaviyo processes can be found at: https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/privacy -policy .

7. Shopify

For our online shop we use Shopify from the company of the same name Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify can also process the data in the USA, among other places. 

The legal basis for using Shopify is your consent as a data subject. In addition, we have a legitimate interest in using Shopify; This serves to optimize and ensure the security of our online offering. The basis for data processing and data transfer to the USA are so-called standard contractual clauses (see Article 46 Paragraph 2 and Paragraph 2 GDPR). Through these clauses, Shopify undertakes to comply with applicable European law and data protection levels. This also applies if the data is processed in a third country, such as the USA.

Further information about Shopify: https://www.shopify.de/legal/datenschutz

8. Contact form

Our website has various electronic contact forms and options for contacting you. These are used to enable you to contact us. Depending on the form, the following data you provide will be transmitted to us and stored: first and last name, telephone number, email address, subject and message. In the career area you also have the opportunity to upload your CV, which we will then save.

The information you provide to us is used solely to complete your request/message. By sending the request/message, you consent to the data processing described. The legal basis for this is Art. 13 Para. 1 DSG or Art. 6 Para. 1 lit. a GDPR (consent).

You can revoke your consent at any time. Data processing that has already taken place is not affected by such a revocation.

9. Social media plug-in: Facebook

On our website we use so-called social plug-ins from Facebook from the company of the same name, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. You can recognize the corresponding plug-ins by the Facebook logo, the “Like” button or the “Share” button on our site. You can find a corresponding overview under the link https://developers.facebook.com/docs/plugins . As soon as you visit our website, the respective plug-in creates a connection from your browser to the Facebook server. Regardless of whether you are logged in to Facebook or whether you even have a corresponding Facebook account, Facebook receives the information that you have visited our website with your IP address. This information is stored on the aforementioned server in the USA. If you are logged in to Facebook while visiting our website, Facebook can assign your visit to your profile.

We would like to point out that Facebook can use this information for the purposes of advertising, market research or for other purposes such as adapting the advertisements displayed; We have no influence on this. If you do not want your Facebook account to be assigned, we ask you to log out of your Facebook account before visiting our website. Further information can be found in Facebook's corresponding data protection declaration: https://www.facebook.com/about/privacy .

10. Social media plug-in: Instagram

On our website we use so-called social plug-ins from Instagram from the company of the same name Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. You can recognize the corresponding plug-ins by the Instagram logo or the “camera” button on our website. As soon as you visit our website, the respective plug-in creates a connection from your browser to the Instagram server. Regardless of whether you are logged in to Instagram or whether you even have a corresponding account, Instagram receives the information that you have visited our website with your IP address. This information is stored on the aforementioned server in the USA. If you are logged in to Instagram while visiting our website, Instagram can assign your visit to your profile.

Information regarding the purpose and scope of the respective data collection, the further processing and use of your data by Instagram as well as your rights and setting options can be found in Instagram's respective data protection information: https://help.instagram.com/155833707900388 .

If you do not want Instagram to be able to assign the data collected on our website directly to your account, you must log out of Instagram before accessing our website. Loading the Instagram plug-ins can also be completely prevented with an add-on for your browser.

11. Social media plug-in: TikTok

On our website we use so-called social plug-ins from TikTok from the Chinese company TikTok of the same name with its European branch TikTok Technology Limited at 2 Cardiff Lane Grand Canal Dock, Dublin 2, D02 E395. You can recognize the corresponding plug-ins by the TikTok logo. As soon as you visit our website, the respective plug-in creates a connection from your browser to the TikTok server. Regardless of whether you are logged in or whether you even have a corresponding account, TikTok receives the information that you have visited our website with your IP address. This information may be stored on servers outside of Europe (USA, China).

This information is stored on the aforementioned server in the USA. If you are logged in to Instagram while visiting our website, Instagram can assign your visit to your profile.

Further information about the standard contractual clauses and/or the data that Klaviyo processes can be found at: https://ads.tiktok.com/i18n/official/policy/controller-to-controller and https://www.tiktok.com /legal/page/eea/privacy-policy/de-DE .

12. Right to information

As a data subject, you can request confirmation from us as to whether personal data concerning you is being processed by us (see also Art. 8 DSG). If this is the case, you have the right to information about the following information (Article 15 GDPR):

  • The purposes for which the personal data are processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • The planned period of storage of the personal data concerning you or, if this is not possible, the criteria for determining this period;
  • The existence of a right to correct or delete personal data concerning you or to restrict processing by us or to object to such processing;
  • The existence of a right to lodge a complaint with a supervisory authority;
  • All available information about the origin of the personal data that was not collected from you;
  • The existence of automated decision-making, including profiling and meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You also have the right to request information as to whether personal data concerning you is being transferred to a third country or an international organization; in this case, you have the right to be informed of the appropriate safeguards related to the transfer.

13. Right to Rectification

You have the right to request that we immediately correct and/or complete incorrect and/or incomplete personal data relating to you.

14. Right to Erasure

You have the right to request that the personal data concerning you be deleted immediately if one of the following reasons applies (Art. 17 GDPR):

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent and there is no other legal basis for the processing;
  • You object to the processing for reasons arising from your particular situation and there are no overriding legitimate reasons for the processing or you object to the processing for direct advertising purposes;
  • Your personal data has been processed unlawfully;
  • The deletion of your personal data is necessary to fulfill a legal obligation;
  • The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 Para. 1 GDPR.

15. Right to restriction of processing

You – as the data subject – have the right to request that we restrict processing if one of the following conditions is met (Article 18 GDPR):

  • The accuracy of the personal data is disputed. The restriction may be requested for the period of time that enables us to verify the accuracy of the personal data;
  • The processing is unlawful and you – instead of deletion – demand the restriction;
  • We no longer need the personal data for processing, but you need it to assert, exercise or defend legal claims;
  • You object to the processing.

If the processing of personal data concerning you is restricted, we may, with the exception of storage, only use the data with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for public reasons Edit interest.

If you have restricted processing in accordance with the aforementioned requirements, we will inform you before this restriction is lifted (Art. 18 Para. 3 GDPR).

16. Information and obligation to notify third parties

If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 GDPR, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to identify the person responsible for data processing and/or the to inform the processor of personal data that you have requested the deletion of the personal data concerning you.

We will inform all recipients to whom personal data has been disclosed of any correction or deletion of the personal data as well as any restrictions on processing, unless this proves impossible or involves disproportionate effort.

17. Exceptions to the right to deletion

The right to deletion does not apply if the processing is necessary to exercise the right to freedom of expression and information and/or to assert, exercise and/or defend legal claims.

18. Right to data portability

You – as the data subject – have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent (Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR) or is based on a contract (Art. 6 Para. 1 lit. b GDPR) and the processing is carried out using automated procedures.

You also have the right to have the personal data concerning you transmitted directly from us to another person responsible, to the extent that this is technically feasible. This must not affect the rights and freedoms of other people.

19. Right to object

You - as a data subject - have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR ( Art. 21 GDPR). We will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms. An additional exception is processing for the purpose of asserting, exercising or defending legal claims.

If we process your personal data in order to conduct direct advertising, you have the right to object to the processing for the purpose of such advertising at any time. If you object to processing for the aforementioned purpose, we will no longer use your personal data for this purpose.

20. Revocation of consent

You have the right to withdraw your consent at any time. This revocation remains unaffected by the lawfulness of the – lawful – processing that has already taken place.

21. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular at your place of residence (EU/CH), your place of work or at the place of the alleged violation, if you are of the opinion that the processing of your data concerns you personal data violates the GDPR or the DSG.

The responsible authority for Switzerland is: Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern

The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a legal remedy (see Article 78 GDPR).

Duftdeko.ch, November 2022