Privacy policy
With this data protection declaration we inform which personal data we process for what, how and where. With this data protection declaration, we also inform about the rights of persons whose data we process.
Special, supplementary or other data protection declarations as well as other legal documents such as General Terms and Conditions (GTC), Terms and Conditions of Use or Terms and Conditions of Use may apply to individual or additional offers and services.
Our offer is subject to Swiss data protection law as well as any applicable foreign data protection law such as that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures adequate data protection.
summary
General personal data
We process general personal data about you, such as name and contact details.
Financial
We process your financial data.
Data provided
We process personal data that you provide to us.
Data collected
We process personal data that we collect about you.
Received data
We process personal data about you that we receive from third parties.
Marketing
We use your personal data for marketing and advertising.
product development
We use your personal data for the development and improvement of products and services.
Not only Switzerland
We process your personal data not only in Switzerland.
No data sales
We do not sell your personal data.
1. Contact addresses
Responsibility for the processing of personal data:
H. R. Zimmermann AG
Neuzelgweg 362
5234 Villigen
Switzerland
info@extrabeef.ch
We would like to point out if there are other persons responsible for the processing of personal data in individual cases.
2. Processing of personal data
2.1 Terms
Personal data is any information relating to an identified or identifiable person. A data subject is a person through which personal data is processed. Editing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procuring, collection, deletion, storage, modification, destruction and use of personal data.
The European Economic Area (EEA) includes the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (DSG) and the Ordinance on the Federal Act on Data Protection (VDSG).
If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:
Art. 6 sec. 1 lit.b GDPR for the necessary processing of personal data for the performance of a contract with the data subject as well as for the implementation of pre-contractual measures.
Article 6 (1) lit.f GDPR for the necessary processing of personal data in order to safeguard the legitimate interests of us or third parties, unless the fundamental freedoms and fundamental rights as well as the interests of the data subject prevail. Eligible interests are in particular our interest in providing our offer permanently, user-friendly, secureand reliable and to be able to promote it if necessary, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.
Art. 6 sec. 1 lit.c GDPR for the necessary processing of personal data in order to fulfil a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
Article 6 (1) lit.e GDPR for the necessary processing of personal data in order to carry out a task which is in the public interest.
Art. 6 sec. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
Article 6 (1) lit. .d GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.
2.3 Type, scope and purpose
We process the personal data necessary to provide our offer permanently, user-friendly, securely and reliably. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.
We process personal data for the duration that is required for the respective purpose or purposes or by law. Personal data that is no longer required to be processed will be anonymized or deleted. Persons whose data we process have a fundamental right to deletion.
In principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons, for example for the performance of a contract with the data subject and for corresponding pre-contractual measures in order to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily and himself transmits to us when contacting – for example by post, e-mail, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a Customer Relationship Management System (CRM system) or with similar tools. If you transmit personal data about third parties to us, you are obliged to guarantee data protection with regard to such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, procure from publicly available sources or collect when making our offer available, if and to the extent that such processing is permitted for legal reasons.
2.4 Processing of personal data by third parties, also abroad
We may have personal data processed by commissioned third parties or processed together with third parties and with the help of third parties or transmitted to third parties. Such third parties are in particular providers whose services we use. We also guarantee adequate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). Such third parties may also be located in other states and territories on Earth and elsewhere in the universe, provided that their data protection law guarantees adequate data protection in the opinion of the Swiss Federal Data Protection and Public Information Officer (EDÖB) and, where and to the extent that the General Data Protection Regulation (GDPR) is applicable, in the opinion of the European Commission, adequate data protection is guaranteed, or if adequate data protection is ensured for other reasons, such as a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or by appropriate certification. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the data protection requirements such as the explicit consent of the data subject are met.
3. Rights of data subjects
Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to information as well as the right to rectification, deletion or blocking of the processed personal data.
Data subjects whose personal data we process can – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – have a free confirmation whether we process their personal data and, if so, request information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability and correct, delete their personal data ("right to be forgotten"), block or have it completed.
Data subjects, whose personal data we process, may – if and to the extent that the GDPR applies – revoke a given consent at any time with effect for the future and at any time object against the processing of their personal data.
Affected persons whose personal data we process have the right to complain to a competent supervisory authority. The Supervisory Authority for Data Protection in Switzerland is the Federal Data Protection and Public Information Officer (EDÖB).
4. Data security
We take appropriate and appropriate technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We cannot therefore guarantee absolute data security.
Our online offer is accessed by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark transport encryption with a padlock in the address bar.
Access to our online offering is subject to mass surveillance and other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries, as is basically any use of the Internet. We cannot have a direct influence on the appropriate processing of personal data by intelligence agencies, police departments and other security agencies.
5. Use of the website
5.1 Cookie
We may use cookies for our website. Cookies – for own cookies (first-party cookies) as well as for cookies from third parties whose services we use (third-party cookies or third-party cookies) – are data that are stored in your browser. Such stored data does not have to be limited to traditional cookies in text form. Cookies cannot run programs or transmit malware such as Trojans and viruses.
Cookies can be temporarily stored in your browser as "session cookies" or as so-called permanent cookies for a certain period of time. "Session cookies" are automatically deleted when you close your browser. Permanent cookies have a certain storage time. In particular, they enable you to recognize your browser the next time you visit our website and thereby measure, for example, the reach of our website. Permanent cookies can also be used, for example, for online marketing.
You can deactivate and delete cookies in your browser settings in whole or in part at any time. Without cookies, our website is no longer fully available. We actively ask you, if and if necessary, for your explicit consent for the use of cookies.
For cookies used for success and reach measurement or advertising, many services can opt(opt-out) through the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Server Log Files
We may collect the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including data transferred, most recently in the same browserwindow.
We store such information, which may also represent personal data, in server log files. The information is necessary in order to provide our online offer permanently, user-friendly and reliable, as well as to ensure data security and thus, in particular, the protection of personal data – also by third parties or with the help of third parties.
5.3 Zählpixel
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels, including those of third parties whose services we use, are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to collect the same information as in server log files.
6. Notifications and notifications
We send notifications and messages, such as newsletters, via e-mail and other communication channels such as instant messaging.
6.1 Success measurement and range measurement
Notifications and notifications can include web links or tracking pixels that record whether a single message has been opened and which web links have been clicked. Such web links and tracking pixels may also personalise the use of notifications and communications. We need this statistical recording of usage for success and range measurement in order to be able to offer notifications and notifications effectively and user-friendly, as well as permanently, securely and reliably, based on the needs and reading habits of the recipients.
6.2 Consent and opposition
In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. For any consent for the receipt of e-mails, we use the "DoubleOpt-in" procedure if possible, i.e. you will receive an e-mail with a web link, which you must click on for confirmation, so that no misuse by unauthorized third parties can take place. We may log such consents, including Internet Protocol (IP) address, as well as date and time for evidence and security reasons.
You can always unsubscribe from notifications and notifications such as newsletters. We reserve the right to receive notifications and notices that are strictly necessary for our offer. With the deregistration, you can object in particular to the statistical recording of the usage for success and range measurement.
6.3 Service providers for notifications and notifications
We send notifications and messages through third-party services or with the help of service providers. Cookies can also be used. We also ensure adequate data protection for such services.
We use acymailing to send and manage newsletters. Acymailing is a service of the French company Acyba. Information about the nature, scope and purpose of data processing can be found in Acyba's privacy policy as well as on the Acyba and GDPR page.
7. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested people and to inform about our offer. Personal data can also be processed outside Switzerland and the European Economic Area (EEA).
The General Terms and Conditions (GTC) and Terms of Use as well as data protection declarations and other provisions of the individual operators of such online platforms also apply. These provisions provide information, in particular, on the rights of data subjects, including, in particular, the right to information.
If and to the extent that the GDPR is applicable, we arejointly responsible for the so-called pageinsights for our social media presence on Facebook. The siteinsights provide information about how visitors interact with our Facebook presence. We use SiteInsightsto provideour social media presence on Facebook effectively and user-friendly. Facebook haspublished information about PageInsightsdata as well as an addition regarding the responsibilityfor PageInsights.
8. Success and range measurement
We use Matomo Cloud to measure the reach of our online offering using the free open source software Matomo (formerly Piwik). New Zealand's InnoCraft Ltd. operates the required server infrastructure. Cookies can also be used.
At Matomo Cloud, "100% data ownership" applies, i.e. InnoCraft does not collect data across websites and does not pass on data via our online offering to third parties. In addition, your Internet Protocol (IP) address will be anonymized before analysis. Further information on the nature, scope and purpose of data processing can be found in the Matomo Cloud Privacy Policy.
9. Services of third parties
We use third-party services to provide our services on a permanent, user-friendly, secure and reliable basis. Such services are also used to embed content on our website. Such services— such as hosting and storage services, video services, and payment services — require your Internet Protocol (IP) address, otherwise such services will not be able to deliver the appropriate content. Such services may be located outside Switzerland and the European Economic Area (EEA) provided that adequate data protection is guaranteed.
For their own security-relevant, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources – including cookies, log files and tracking pixels – in aggregate, anonymised or pseudonymised.
9.1 Digital infrastructure
We use third-party services to leverage the digital infrastructure we need for our offering. This includes, in particular, hosting and storage services from specialized providers. For this purpose, such providers process the data required for the operation of this infrastructure, usually exclusively on our behalf. This includes, in particular, your Internet Protocol (IP) address. We also guarantee adequate data protection for such providers.
9.2 Contact options
We use third-party services to better communicate with you and other persons, such as customers. We also guarantee adequate data protection for such third parties.
We use Facebook Messenger to better communicate with our customers and others, especially via email and other digital communication channels. Facebook Messenger is a ticketing system of the American Facebook Inc. Information about the type, scope and purpose of data processing can be found in Facebook's privacy policy.
9.3 Audio and video conferencing
We use audio and video conferencing services to communicate with our customers and others. In particular, we can conduct audio and video conferences, virtual meetings and training courses such as webinars.
We only use services that ensure adequate data protection. In addition to this privacy policy, any terms and conditions of the services used, such as terms of use or privacy statements, apply.
9.4 Entertainment
We use Youtube to embed videos in our website. Cookies are also used. Youtube is a service of the American Google Inc. Further information about the nature, scope and purpose of data processing can be found in the questions and answers on data protection on Youtube and in the data protection declaration of Youtube.
9.5 Payment
We use payment service providers to process payments from our customers securely and reliably. We only use payment service providers that ensure adequate data protection. The terms and conditions of the payment service providers concerned, such as General Terms and Conditions (GTC) or data protection declarations, apply to the processing.
In particular, we use Stripe for the processing of payments. Stripe is a service of the American Stripe Inc. Stripe Payments Europe Ltd. in Ireland is responsible for users in the European Economic Area (EEA) and Switzerland. Information on the nature, scope and purpose of data processing can be found in Stripe'sData Protection Principles.
10. Participation in Partner Programs
We participate in partner programs. On the one hand, we can be compensated for references to offers of third parties or the linking of offers of third parties. On the other hand, we may compensate third parties for pointing to our offer or linking to our online offer (affiliate marketing). In this context, it is possible to record, including personally, which offers are being perceived and which web links are followed. Cookies can also be used.
11. Final provisions
We may adapt and supplement this Privacy Policy at any time. We will inform about such adaptations and additions in an appropriate form, in particular by publishing the current data protection declaration on our website.