ERSTE SANE

PRIVACY POLICY

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Erste Sane
Sandra Glaus
Im Stöckli, 27
8854 Galgenen
Telefon: +41795186591
E-Mail: erstesane.ch@gmail.com
WebSite: http://www.erstesane.ch/

General remark

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG), every person has the right to the protection of their privacy and protection from misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data as described below. In principle, this website can be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is any information relating to an identified or identifiable person. A data subject is a person through which personal data is processed. Editing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procuring, deletion, storage, modification, destruction and use of personal data. 
We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Article 6(1) GDPR: 
• lit. a) Processing of personal data with the consent of the data subject. 
• lit.b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures. 
• lit.c) Processing of personal data in order to fulfil a legal obligation to which we are subject to any applicable EU law or, if applicable, of a country in which the GDPR is fully or partially applicable. 
• lit. d) processing of personal data in order to protect the vital interests of the data subject or another natural person. 
• lit. f) Processing of personal data in order to safeguard the legitimate interests of us or third parties, unless the fundamental freedoms and fundamental rights as well as the interests of the data subject prevail. Eligible interests are, in particular, our business interest in providing our website, information security, the enforcement of our own legal claims and compliance with Swiss law. 
We process personal data for the duration required for the respective purpose or purpose. In the case of longer-lasting retention obligations due to legal and other obligations to which we are subject, we restrict the processing accordingly.•

Privacy policy for newsletter

If you wish to receive the newsletter offered on this website, we require you to provide an e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data will be collected. We use this data exclusively for the sending of the requested information and do not pass it on to third parties. 
 You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "Unsubscribe link" in the newsletter. 
Order processing in the online shop with customer account 
We process the data of our customers in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU GDPR, within the scope of the ordering processes in our online shop, in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution. 
The data processed includes master data (stock data), communication data, contract data, payment data and the data affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of the provision of contractual services within the framework of the operation of an online shop, billing, delivery and customer service. We use session cookies, e.B. for storing the shopping cart content and permanent cookies, e.B. for storing the login status. 
The processing is carried out on the basis of Art. 6 (1) lit.b (execution of order operations) and c (legally required archiving) GDPR. The information identified as necessary is required for the establishment and performance of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permits and obligations. The data will only be processed in third countries if this is necessary for the performance of the contract (e.B. upon delivery or payment at the request of the customer). 
Users can optionally create a user account by viewing their orders in particular. As part of the registration process, the required information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines, e..B g. Google. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention, for commercial or tax reasons. Art. 6 sec. 1 lit.c GDPR necessary. Information in the customer's account remains until it is deleted with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to secure their data before the end of the contract if they are terminated. 
As part of the registration and re-registration as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 sec. 1 lit.c GDPR. The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of the retention of the data is checked at irregular intervals. In the case of the statutory archiving obligations, the deletion takes place after their expiry.

Changes

We may change this Privacy Policy at any time without notice. The current version published on our website applies. Insofar as the Privacy Policy is part of an agreement with you, we will notify you of the change by e-mail or other appropriate means in the event of an update.

Questions to the Data Protection Supervisor

If you have any questions about data protection, please send us an E-mail.

GALGENEN, 29.04.2020
SOURCE: SWISSANWALT