Thank you for your interest in our website. It is extremely important to us to make sure that your privacy is protected. Detailed information about how personal data is processed in accordance with Article 13 of the General Data Protection Regulation (GDPR) can be found below. If you have any questions or comments about this data protection information, please contact our data protection officer at firstname.lastname@example.org or the party responsible for our data processing :
Hilderbrand & Cie SA
Route de Jussy 29
Tel. : 0041 22 349 00 24
Fax : 0041 22 349 02 81
E-mail : email@example.com
Personal data is processed in two categories:
- For contract implementation and advertising purposes, e.g. for sending out newsletters and advertising mail, we process all necessary data. Data is supplied to external service providers who play a part in implementing a contract (e.g. delivery firms, payment processors) to the extent necessary in each individual case.
- When you visit our website, a range of information is automatically exchanged between your device and our server. This may include personal data. We use the information gathered in this way to optimise our website or to show advertising in your device’s browser.
In this section, you can learn more about the purposes for which personal data is processed, the legal basis for this processing, the legitimate interests that we and some third parties have in processing it and the different categories of recipient to whom it may be supplied.
Data collection and use for the purpose of implementing a contract and opening a customer account
We process personal data for the purpose of implementing a contract and opening a customer account if it is supplied voluntarily when placing an order, when contacting us (e.g. by e-mail or using our contact form) or when opening a customer account. The data being collected can be seen from the different input forms used.
The data concerned is principally the following:
- first name, last name
- invoice address, delivery address
- e-mail address
- invoicing and payment data
- date of birth, if necessary
- telephone number, if necessary.
The legal basis for the processing of personal data for the purpose of contract implementation is Article 6 (1) (b) GDPR. Upon subscription to our newsletter using an e-mail address, a confirmation e-mail will be sent in accordance with Article 6 (1) (c) GDPR. Once a purchase has been made, we reserve the right, in accordance with Article 6 (1) (f), to send a newsletter containing offers for similar goods, unless explicitly informed otherwise. If contact details are not used for advertising purposes, we are permitted to store the data collected for contract implementation purposes until the end of the statutory or any contractual warranty/guarantee period. On the expiry of this period, we will continue to store contract information that is required by commercial and tax law for the relevant statutory periods. During this period (generally 10 years from conclusion of the contract), data will only be processed again if the tax authorities conduct an audit.
Opening of a customer account is voluntary. The legal basis for opening such an account is consent within the meaning of Article 6 (1) (a) GDPR. We are happy to inform customers, which data is stored in their account upon request.
In order to fulfil the contract concluded upon making a purchase, the following data processing is also necessary:
Disclosure of data for contract fulfilment and identity and credit checks
We supply e-mail addresses and possibly telephone numbers to the delivery firm we employ if this is necessary for delivery of the goods ordered, and as long as consent has been given either during or after placing an order, so that the firm can contact the customer itself in order to arrange delivery or inform the customer of arrival times.
Consent can be withdrawn at any time by contacting us or the delivery firm. To do this through us, please write to the e-mail or postal address included in our Company Details. If direct contact to our delivery firm is preferred, please write to firstname.lastname@example.org so that we can provide contact details.
For payment processing purposes, we supply the necessary data to the relevant bank and the payment service provider we employ or the payment service provider selected by the customer upon ordering.
We use a payment service provider based outside of the European Union. Personal data is only supplied to this company to the extent necessary for the fulfilment of a contract.
If necessary, we will conduct identity checks, on the legal basis of Article 6 (1) (b) and (f) GDPR, by obtaining information from service providers. This is to protect a customers identity and prevent attempts to commit fraud at our expense. Our enquiry and the results will be stored together with the corresponding customer account/guest account for the duration of our contractual relationship.
Credit checks and scores
If we supply goods before receiving payment, e.g. purchasing on invoice, we reserve the right to protect our legitimate interests by obtaining identity and credit rating information from providers specialising in this area (commercial credit agencies). For this purpose we supply personal data as required for a credit check to the following company/companies:
Créditreform Romandie GNT SA
Rue de la Synagogue 41
The credit report obtained may include probability figures (credit scores) calculated using scientifically recognised mathematical/statistical methods and based, for example, on address data. We use the information obtained about the statistical likelihood of a payment default in order to make a balanced decision about whether or not to accept an order. The legitimate interests of customers will be protected as required by law.
The legal basis for these information transfers is Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Data may only be transferred in accordance with these regulations if this is necessary in order to protect legitimate interests of our company or a third party and provided these interests are not overridden by the basic rights and freedoms of those affected to have their personal data protected.
Cases can be stated to the aforementioned credit agency and decisions can be contested.
Data processing for advertising
In accordance with Art. 6 (1) (f) GDPR, the party responsible for processing data for advertising purposes has a legitimate interest in doing so. On this legal basis, we reserve the right to make use of first name, last name, date of birth, street name, postcode and town for the purpose of personalised customer contact. The length of time for which personal data is stored for advertising purposes is determined by whether the storage is necessary for the purpose of targeted advertising. Our general policy is to delete data when no use has been made of it for advertising purposes for two years at the latest.
Own and third-party advertising
If a contract has been concluded or advertising materials requested, the recipients will be filed details as an existing or potential customer. In such cases names and addresses will be processed in order to send information about new products and services. In pursuit of our legitimate interests, we reserve the right to forward postal addresses to other companies belonging to our group and possibly to selected contract partners so that customer can also be informed about associated products.
Making advertising relevant
To ensure that we only send targeting advertising, we categorise and add additional information to customer profiles. This includes both statistical information and information about an individual (e.g. basic data from the customer profile). As stated, our aim is to only send advertising which is relevant to customer needs.
Processing to send out advertising
We have a service provider who sends out advertising for us, and we supply this provider with data for that purpose.
Right to object
Customers are entitled to object to future data processing for the above-mentioned purposes free of charge at any time, separately for each communication channel. To do this, it is sufficient to e-mail or write to the contact address supplied above.
Upon objection, relevant contact addresses will be blocked for any further data processing for advertising purposes. In exceptional cases, advertising may continue to be sent for a short period after the objection has been received as some advertising would already have been in the system and this should not be seen as an indication that the objection has not been acted upon.
Data use when you subscribe to the e-mail newsletter
When subscribing to our newsletter using the double opt-in procedure, we will use the data necessary or supplied separately in order to send the newsletter regularly. In this double opt-in procedure, enter your e-mail address on the form and we then send a confirmation link. After clicking on the confirmation link, the e-mail address is entered into our e-mail distribution list. E-mail address data will then be processed on the basis of consent as per Art. 6 (1) (a) GDPR. Consent can be withdrawn to any further such processing at any time. Newsletter registration can also be cancelled at any time by contacting us using the contact information supplied in our Company Details or by clicking on the link provided for this purpose at the end of each newsletter.
Data use for e-mail advertising without any newsletter subscription and right to object
If an e-mail adress is provided when purchasing goods or services, and if permission has not been refused, we reserve the right to pursue our legitimate interests by sending regular offers by e-mail which relate to products from our range similar to those already purchased. The e-mail address will then be processed in accordance with Art. 6 (1) (f) GDPR. Customers can object to the use of their e-mail address at any time by sending us a message using the contact information supplied in our Company Details or by clicking on the link provided for this purpose at the end of each newsletter.
We have a service provider who sends our newsletter out for us, and whom we supply with a customer’s e-mail address for that purpose.
In order to ensure a good experience when visiting our website and to enable the use of certain functions, we use so-called “cookies” on some pages. The legal basis for any processing of personal data with these cookies is Art. 6 (1) (f) GDPR. Our interest in optimising our website by this means is legitimate within the meaning of that statutory provision. Cookies are small text files which are installed on a device. Some of the cookies we use are deleted at the end of the browser session, i.e. when a customer browser has been closed (so-called session cookies). Others remain on the device and enable us to recognise the browser when visits our website again (persistent cookies). Browser settings can be set to inform the user when cookies are going to be stored on the device, leaving the user free to decide whether to accept them on a case-by-case basis, or to exclude cookie installation in specific cases or in general. If cookies are not accepted, some website functions may be restricted.
In this case, an opt-out cookie will be stored in your browser. If you delete your cookies, the opt-out must be reactivated when you visit our site again.