EVERER GmbH, Bahnhofstrasse 33B, 8703 Erlenbach ZH is the operator of the website vitamister.ch and the services offered on it and is therefore responsible for the collection, processing and use of your personal data and the compatibility of the data processing with the applicable data protection laws.
Your trust is important to us, which is why we take data protection seriously and ensure appropriate security. Therefore we comply with the statutory provisions of the Federal Data Protection Act (DSG), the Ordinance on the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR) .
So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.
1. Accessing our website
When you visit our website, our servers temporarily save each access in a log file. The following technical data is recorded, as is always the case with every connection to a web server, without any action on your part and until it is automatically deleted after 12 months stored by us:
This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and optimizing our website and for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit.f GDPR.
2. Opening a customer account
In order to place orders in the online shop, you can order as a guest or open a customer account. When registering for a customer account, we collect the following data:
The data is collected for the purpose of providing the customer with password-protected direct access to the basic data stored by us. The customer can view his completed and open orders or manage or change his personal data.
The legal basis for processing the data for this purpose is the consent you have given in accordance with Article 6 (1) (a) of the EU GDPR.
3. Purchasing in the online shop
If you would like to place orders in our online shop, we need the following data to process the contract:
Unless otherwise stated in this data protection declaration or you have not given your separate consent, we will only use the aforementioned data to process the contract, namely to process your orders, deliver products and ensure correct payment.
The legal basis for data processing for this purpose is the fulfillment of a contract in accordance with Article 6 (1) (b) EU GDPR.
4. Passing on the data to third parties
We only pass on your personal data if you have given your express consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims from the contractual relationship.
In addition, we pass on your data to third parties, insofar as this is necessary in the context of the use of the website and the contract processing (also outside the website), namely the processing of your bookings. This includes the respective transport service provider who has been entrusted with the dispatch of the ordered goods. A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host Infomaniak. The website is on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest within the meaning of Article 6, Paragraph 1, Letter f of the EU GDPR.
If we make advance payments, e.g. for a purchase on account, we can, if necessary, obtain credit information on the basis of mathematical-statistical procedures from a credit agency in order to safeguard our legitimate interests. For this purpose, we transmit the personal data required for a credit check to the credit agency MF Group/POWERPAY and use the information received about the statistical probability of default for a balanced decision on the establishment, implementation or termination of the contractual relationship. The credit report can contain probability values (score values) that have been calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes address data, among other things. Your interests worthy of protection are taken into account in accordance with the statutory provisions. For the purposes described above, we have a legitimate interest in data processing within the meaning of Article 6 (1) (f) EU GDPR.
Finally, when you pay by credit card on the website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all the necessary information. The legal basis for the transfer of data is the fulfillment of a contract in accordance with Article 6 (1) (b) EU GDPR. With regard to the processing of your credit card information by these third parties, we ask you to also read the general terms and conditions and the data protection declaration of your credit card issuer.
5. Transfer of data abroad
We are entitled to transfer your personal data to third parties (contracted service providers) abroad for the purpose of the data processing described in this data protection declaration. They are committed to data protection to the same extent as we are. If the level of data protection in a country does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
6. Cookies
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically saves on your computer's hard drive when you visit our website.
We use cookies, for example, to offer you the shopping cart function across several pages and to temporarily save your entries when filling out a form on the website so that you do not have to repeat the entry when calling up another subpage. Cookies may also be used to identify you as a registered user after registering on the website without having to log in again when you access another subpage.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
Deactivation of cookies can mean that you cannot use all functions of our website.
7. Tracking tools
a. General
We use the web analysis service of Google Analytics for the purpose of tailoring our website to requirements and continuously optimizing it. In this context, pseudonymised usage profiles are created and small text files that are stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transferred to the server of the provider of these services, stored there and processed for us. In addition to the data listed under item 1, we may receive the following information: the
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us.
b. Google Analytics
The provider of Google Analytics is Google Inc., a company of the Alphabet Inc holding company, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. In these cases, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.
You can find more information about the web analysis service used on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=de.
8. Note on data transfers to the USA
For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that there are monitoring measures by US authorities in the USA that generally store all personal data of all persons whose data comes from Switzerland were transmitted to the USA. This is done without differentiation, restriction or exception based on the pursued goal and without an objective criterion that makes it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are related to the Be able to justify access to this data as well as any intervention associated with its use. We would also like to point out that in the USA there are no legal remedies for the data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion, or there is no effective judicial protection against general US authorities have access rights. We explicitly point out this legal and factual situation to those affected in order to make an appropriately informed decision to consent to the use of their data.
We would like to point out to users residing in a member state of the EU that the USA does not have an adequate level of data protection from the point of view of the European Union - due to the issues mentioned in this section, among other things. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will either through contractual provisions with these companies or by ensuring that these companies are certified under the EU or Swiss-US -Privacy shield ensure that your data is protected to an adequate level with our partners.
9. Right to information, correction, deletion and restriction of processing; Right to data portability
You have the right to request information about the personal data that we store about you. In addition, you have the right to correct inaccurate data and the right to delete your personal data, provided there is no statutory retention requirement or a permission that allows us to process the data to the contrary.
You also have the right to request that we return the data that you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the e-mail address info@vitamister.ch. In order to process your requests, we can, at our own discretion, request proof of identity.
10. Data security
We use suitable technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been bound by us to secrecy and to comply with data protection regulations.
11. Storage of data
We only store personal data for as long as it is necessary in order to use the above-mentioned tracking and analysis services as well as further processing within the scope of our legitimate interest. We keep contract data longer, as this is required by statutory retention requirements. Retention obligations that oblige us to retain data arise from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
12. Right to complain to a data protection supervisory authority right
You have the right to complain to a data protection supervisory authority at any time.
Status: October 2021