Responsible for data protection within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Pauline-Stoffel-Weg 10, 0
Email: info@blum Kaffee.ch
Website: https://www.blum coffee.ch/DECLARATION
Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the federal government (Data Protection Act, DSG), every person has the right to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we try to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
By using this website, you agree to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as the pages called up or the name of the file called up, the date and time are stored on the server for statistical purposes, without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.
Processing of personal data
Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR – insofar as and insofar as the EU GDPR is applicable:
lit. a) Processing of personal data with the consent of the person concerned.
lit. b) Processing of personal data to fulfill a contract with the data subject and to carry out corresponding pre-contractual measures.
lit. c) Processing of personal data to fulfill a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR is fully or partially applicable.
lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.
lit. f) Processing of personal data in order to safeguard our legitimate interests or those of third parties, provided that the fundamental freedoms and fundamental rights and interests of the data subject do not prevail. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration necessary for the respective purpose or purposes. In the case of longer-lasting storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
In order to provide services that are subject to a charge, we will ask for additional data, such as payment details, to process your order or to carry out your order. We store this data in our systems until the statutory retention periods have expired.
Use of Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google data protection information. There you can also change your personal data protection settings in the data protection center.
Detailed instructions for managing your own data in connection with Google products can be found here.
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages to your Instagram profile. This allows Instagram to associate your visit to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how it is used by Instagram.
External payment service providers
This website uses external payment service providers, via whose platforms the users and we can carry out payment transactions. For example about
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Giropay (https://www.giropay.de/rechts/datenschutz-agb/) etc.
As part of the fulfillment of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 Para. 1 lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Article 6 (1) (f) of the EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service provider includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. We as the operator do not receive any information about the (bank) account or credit card, only information to confirm (accept) or reject the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. We refer to the terms and conditions and data protection notices of the payment service providers.
The terms and conditions and the data protection information of the respective payment service provider apply to the payment transactions, which can be accessed within the respective website or transaction applications. We also refer to this for the purpose of further information and the assertion of revocation, information and other data subject rights.
Order processing in the online shop with a customer account
We process the data of our customers in accordance with the data protection regulations of the federal government (Data Protection Act, DSG) and the EU-DSGVO, as part of the ordering process in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery , or to enable execution.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospects and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. We use session cookies, e.g. for storing the contents of the shopping cart, and permanent cookies, e.g. for storing the login status.
The processing takes place on the basis of Art. 6 Para. 1 lit. b (implementation of order processes) and c (legally required archiving) DSGVO. The information marked as required is required for the establishment and fulfillment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer’s request for delivery or payment).
Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines such as Google. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention being necessary for commercial or tax reasons in accordance with Article 6 (1) (c) GDPR. Information in the customer account remains until it is deleted with subsequent archiving in the event of a legal obligation. It is the user’s responsibility to back up their data before the end of the contract in the event of termination.
As part of the registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR.
Deletion takes place after statutory warranty and comparable obligations have expired; the necessity of storing the data is checked at irregular intervals. In the case of legal archiving obligations, the deletion takes place after their expiry.
We can adjust this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, in the event of an update we will inform you of the change by e-mail or by other suitable means.
Questions to the data protection officer
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration.
Arbon, April 14, 2019
Source: SwissAnwalt data protection generator