Privacy Policy

The entity responsible for this data privacy policy as per data privacy laws, in particular the EU’s General Data Protection Regulation (GDPR), is:

Claudia Güdel GmbH
Markgräflerstrasse 34
CH-4057 Basel

Phone: +41 61 631 11 02
Email: [email protected]

We are a Swiss fashion label registered in Basel, and we operate an online shop in order to present and sell our products. Additional information about our company is available under the link “About Us”.

General Information
As stated in Article 13 of the Swiss Federal Constitution and in the data privacy provisions in the Federal Act on Data Protection (FADP), every person has the right to protection of his or her privacy and protection against the misuse of his or her personal data. We handle your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy policy.

Together with our web hosting providers, we strive to protect our databases against unauthorised access, loss, misuse, or falsification. Please note that security flaws can occur when transferring data over the internet (e.g. when communicating via email). Absolute protection against third-party access is not possible.

By using this website, you consent to the collection, processing, and use of data as outlined in the following. Generally, the use of this website does not require registration. When you access this website, data such as pages accessed, names of files accessed, and the time and date is saved on the server for statistical purposes without being tracked back to you as the user. Personal data, in particular your name, address, or email address, is collected on a voluntary basis as far as possible. Your data is not shared with third parties without your consent.

Data Privacy Policy for SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send us as the website’s operator. It is possible to identify an encrypted connection by looking at your browser’s address bar: “http://” becomes “https://” and a lock symbol appears.

When SSL or TLS encryption is activated, third parties are unable to read any data you send us.

Processing of Personal Data
Personal data is all information relating to an identified or identifiable person. A data subject is a person whose data is processed. Processing includes any handling of personal data, irrespective of the means used and the procedure, and in particular the storage, disclosure, collection, deletion, saving, alteration, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection regulations. Furthermore, we process personal data according to the EU’s GDPR – where and to the extent it is applicable – by applying the following legal principles from Art. 6 para. 1 of the GDPR:

processing of personal data with the consent of the data subject
processing of personal data that is necessary for the fulfilment of a contract with the data subject and for the implementation of corresponding pre-contractual measures
processing of personal data necessary for the fulfilment of a legal obligation to which we are subject in accordance with any applicable law of the EU or any applicable law of a country in which the GDPR partially of completely applies
processing of personal data in order to protect our legitimate interests or the legitimate interests of third parties, except where such interests are overridden by the interests or fundamental freedoms and rights of the data subject; legitimate interests include, in particular, our business interest to operate our website, information security, the exercise of our legal claims, and compliance with Swiss law.

We process personal data for the duration required for a particular purpose or purposes. When we are required to store data for longer periods because we are subject to legal or other types of obligations, we restrict processing accordingly.
 

Data Privacy Policy for Cookies
This website uses cookies. Cookies are small text files that make it possible to store specific, user-related information on a user’s device while he or she visits our website. In particular, cookies make it possible to determine the frequency and number of users who access pages, to analyse users’ activity while on pages, and to make our site more customer-friendly. Cookies are stored until the end of a browser session and can be reactivated when a user visits our site again. If you wish to prevent this, you can adjust your internet browser's settings to refuse cookies.

It is possible to declare a general objection to the use of cookies that are used for online marketing purposes for many services, especially for tracking. This can be done via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. It is also possible to block cookies by disabling this feature in your browser's settings. Please be aware that if you block or refuse cookies, some parts of our website may not function properly.

Third-Party Services
This website may use Google Maps to embed maps, Google Invisible reCAPTCHA to protect against bots and spam, and YouTube to embed videos.

These services of the US company Google LLC use cookies, among other technologies. As a result, data is transmitted to Google in the USA; however, we assume that within this context, no personal tracking occurs solely due to the use of our website.

Google has undertaken the obligation to ensure adequate data protection according to the EU–U.S. and Swiss–U.S. Privacy Shield Frameworks.

Additional information is available in Google's Privacy Policy: https://policies.google.com/privacy?hl=en-US.

Privacy Policy for Newsletter Data
If you wish to receive the newsletter offered on this website, we need you to provide an email address and information that allows us to verify that you own the provided email address and that you consent to receiving our newsletter. No other data is collected. We use this data exclusively for sending the requested information and do not share it with third parties.

You may unsubscribe to our newsletter at any time, for instance by using a link in the newsletter, and thereby withdraw your consent to the saving of data and your email address as well as their being used to send the newsletter.

Rights of Data Subjects

Right to Obtain Confirmation

Every data subject has the right to obtain confirmation from the website’s operator as to whether or not personal data concerning him or her is being processed.

If you wish to exercise this right to obtain confirmation, you may contact our data protection officer at any time.

Right to Obtain Information
Every data subject affected by the processing of personal data has the right to request at any time that the website's operator provide information, free of charge, on personal data that has been saved; a data subject may also request a copy of this information. Furthermore, where required, information can be provided on the following matters:

the purposes of the processing
the categories of personal data being processed
the recipients to whom the personal data has been or will be disclosed
where possible, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used to determine this period
the existence of the right to request from the website’s controller the rectification or erasure of the data subject’s personal data or the restriction of processing personal data or to object to such processing
the right to lodge a complaint with a supervisory authority
where personal data is not collected from the data subject, all available information as to its source.

In addition, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or an international organisation. If such a transfer has occurred, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

If you wish to exercise this right to obtain information, you may contact our data protection officer at any time.

Right to Correction
Every data subject affected by the processing of personal data has the right to correction, without undue delay, of inaccurate data related to his or her person. Furthermore, taking into the account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If you wish to exercise this right to correction, you may contact our data protection officer at any time.

Right to Erasure (Right to Be Forgotten)
Every data subject affected by the processing of personal data has the right to demand from this website’s controller that personal data related to him or her is erased without undue delay where one of the following grounds applies and the processing of the data is not necessary:

the personal data is no longer necessary for the purposes for which it was collected or otherwise processed
the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing
the data subject objects to the processing on grounds related to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of his or her personal data for direct marketing purposes and any related profiling
the personal data has been unlawfully processed
the personal data is required to be erased for compliance with a legal obligation in European Union or Member State law to which the website controller is subject
the personal data has been collected in relation to the offer of information society services directly to a child.

If any of the grounds listed above applies and you wish to arrange for the erasure of personal data that the operator of this website has stored, you may contact our data protection officer at any time. The data protection officer will ensure that your request for erasure is granted without delay.

Right to Restriction of Processing
Every data subject affected by the processing of personal data has the right to demand from this website’s controller the restriction of processing where one of the following conditions applies:

the accuracy of the personal data is contested by the data subject and namely for a period that enables the controller to verify the accuracy of the personal data
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
the controller no longer needs the personal data for the purposes of processing, but the data subject requires the data for the establishment, exercise, or defence of legal claims
the data subject has objected to the processing on grounds related to his or her particular situation and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If any of the conditions listed above applies, and you wish to demand a restriction on the processing of personal data that the operator of this website has stored, you may contact our data protection officer at any time. The data protection officer will arrange for processing to be restricted.

Right to Object
Every data subject affected by the processing of personal data has the right, on grounds related to his or her particular situation, to object at any time to the processing of personal data concerning him or her.

In the event an objection is raised, the operator of this website will no longer process personal data unless we are able to demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.

If you wish to exercise your right to object, you may contact our data protection officer directly.

Right to Withdraw Consent Given under Data Protection Laws
Every data subject affected by the processing of personal data has the right to withdraw at any time his or her consent to the processing of personal data.

If you wish to exercise your right to withdraw consent, you may contact our data protection officer at any time.

Data Protection Policy on Our Objection to Marketing Emails
We hereby object to the use of contact data that is published as part of the statutory information requirement for websites (Impressumspflicht) for the transmission of unsolicited advertisements and information material. The operator of this website expressly reserves the right to take legal action if unsolicited marketing information is transmitted, for example via spam emails.

Services Requiring Payment
In order to render services that require payment, we ask you for additional information such as payment details. This enables us to fill your orders and provide any services you have requested. We store this this data in our systems until the statutory retention period expires.

Data Privacy Policy for Facebook
This website uses functions of Facebook Inc., 1601 S. California Ave., Palo Alto, CA, 94304, USA. When accessing our web pages with Facebook plug-ins, a connection is made between your browser and Facebook’s servers. With this connection, data is transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be attributed to your Facebook account, please log out of Facebook before visiting our website. Data is also sent to Facebook during certain interactions, in particular when using comment functions or clicking on Like or Share buttons. Additional information is available in Facebook’s Data Privacy Policy: https://www.facebook.com/about/privacy.

Data Privacy Policy for Instagram
Certain Instagram functions are integrated into our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. When you are logged in to your Instagram account, you can link content from our website to your Instagram profile by clicking on the Instagram button. This makes it possible for Instagram to attribute your visit to our web pages to your user account. Please note that as the operator of this website, we do not receive any information regarding the content of the data transmitted to Instagram or how it is used by Instagram.

Additional information is available in Instagram’s Data Policy: https://help.instagram.com/519522125107875.

External Payment Service Providers
This website uses external payment service providers whose platforms enable us and our users to make payment transactions. For example, we use:

PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)
Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Klarna (https://www.klarna.com/de/datenschutz/)

Within the scope of fulfilling our contracts, we use payment service providers in accordance with the Swiss Ordinance to the Federal Act on Data Protection and, to the extent necessary, Art. 6 para. 1 let. b of the EU’s GDPR. In addition, in order to provide our users with a safe and effective method of payment, we use external payment service providers on the basis of our legitimate interests in accordance with Swiss data protection regulations and, to the extent necessary, Art. 6 para. 1 let. f of the EU’s GDPR.

The data processed by payment service providers includes user data such as name and address, bank information – including account numbers, credit card numbers, passwords, TANs, and verification numbers – and information related to contracts, amounts, and recipients. This information is required to carry out transactions. However, the data entered is processed and stored only by the payment service providers. As the operator of this website, we do not receive any information related to (bank) accounts or credit cards; we solely receive information regarding whether payment was confirmed (accepted) or rejected. Under certain circumstances, the payment service provider shares this information with credit agencies. The purpose of sharing this data is to confirm a person’s identity or solvency. For more information, please refer to the payment service provider’s general terms and conditions and data protection policy.

Payment transactions are subject to the general terms and conditions and the data protection policies of the relevant payment service provider; these are made available on the provider’s website or within its transaction application. For more information or to exercise your right to withdraw, your right to access, or any other rights, please refer to the payment service provider’s policies.

Newsletter via Mailchimp
Our newsletter is sent using the delivery service provider Mailchimp, a newsletter delivery platform operated by the US provider The Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA, 30308, USA. Mailchimp's Privacy Policy is available here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC, dba Mailchimp, is certified under the Privacy Shield Framework and thereby guarantees its compliance with European data protection requirements. The delivery service provider is used on the basis of our legitimate interests according to Art. 6 para. 1 let. f of the GDPR and a contract processing agreement according to Art. 28 para. 3 sentence 1 of the GDPR.

The delivery service provider may use recipients’ data in an anonymised form (i.e. in a form that does not allow the data to be attributed to a user) in order to optimise or improve its own services (e.g. to optimise technical aspects of delivery and the appearance of the newsletter or for statistical purposes). However, the delivery service provider does not use the data from our newsletter’s recipients to contact them directly or to transmit the data to third parties.

Information Regarding Data Transmission in the USA
Our website uses tools and other functions that are linked to companies in the USA. When these tools are active, your personal data may be transmitted to the corresponding company’s US server. Please be aware that, from the perspective of EU data privacy law, the USA is not considered a secure third country. US companies are required to provide personal data to security authorities, and you as the data subject are unable to take legal steps to prevent this. Therefore, it is impossible to rule out the possibility that US authorities (e.g. US intelligence agencies) process, analyse, or permanently save your data that is on US servers for monitoring purposes. We have no influence over these processing activities.

Processing Orders in Our Online Shop with a Customer Account
When processing orders in our online shop, we process our customers’ data in accordance with Switzerland’s data privacy provisions (Federal Act on Data Protection, FADP) and the EU’s GDPR. This enables you to select, order, and pay for products and services, and it enables us to fill and deliver orders and provide services.

Data that is processed includes master data (user data), communication data, contract data, and payment data. Data subjects affected by data processing include our customers, interested parties, and other business partners. The purpose of data processing is to provide contractual services related to operating our online shop and to facilitate billing, delivery, and customer service. In doing this, we use session cookies (e.g. to save the contents of the shopping cart) and permanent cookies (e.g. to save the login status).

Data processing is conducted in line with Art. 6 para. 1 let. b (processing of orders) and let. c (legal obligation to archive data) of the GDPR. As such, any information marked as required constitutes information needed to establish and fulfil the contract. We disclose data to third parties only within the scope of delivery or payment or within the scope of legal permissions and obligations. Data is processed in third countries only when it is necessary to fulfil our contract (e.g. when requested by the client for delivery or payment).

Users have the option to create a user account, which enables them, in particular, to view their orders. During the registration process for a user account, required information is communicated to users. User accounts are not public, and it is not possible for search engines (e.g. Google) to index them. When a user terminates his or her user account, data connected to that user’s account is deleted, unless it must be stored for commercial or tax purposes in accordance with Art. 6 para. 1 let. c of the GDPR. Information in a user’s account is retained until it is deleted and, if legally required, subsequently archived. Following their notice of termination, users are responsible for saving their data before the contract is terminated.

During the registration process and subsequent log-in processes as well as the use of our online services, we save the IP address and time of the related user activity. We save this data based on our legitimate interests and in order to protect the user from fraud and other unauthorised use. As a general rule, this data is not transmitted to third parties, unless it is necessary in order for us to assert our claims or a legal obligation to do so exists according to Art. 6 para. 1 let. c of the GDPR.

Data is deleted after the statutory warranty obligation and other related obligations expire. The necessity to store data is checked at irregular intervals. If a legal obligation to archive data exists, data is deleted after this obligation expires.

General Disclaimer
All of the information on our website has been carefully reviewed. We make every effort to ensure that the information we provide on this website is correct, complete, and current. Nevertheless, it is not possible to completely rule out the incidence of errors. We are therefore unable to guarantee the correctness, completeness, or most current status of information, including that of a journalistic or editorial nature. Liability claims arising from material or non-material damages caused by the use of information provided on this website are excluded to the extent that there is no evidence of wilful intent or gross negligence.

This website’s publisher may change or delete texts at its own discretion and without prior notice; the publisher is under no obligation to update the content of this website. Visitors use and access this website at their own risk. The publisher, its clients, and its partners are not responsible for any damages, including direct, indirect, accidental, foreseeable, or consequential damages alleged to have been caused by visiting this website. Consequently, they assume no liability for any damages.

In addition, the publisher assumes no responsibility or liability for the content and availability of third-party websites that may be accessed via external links on this website. The operators of linked websites bear sole responsibility for their content. The publisher hereby expressly distances itself from all third-party content that may violate criminal or liability law or that violates moral or ethical standards. 

Changes to This Data Privacy Policy
We may change this data privacy policy at any time and without notice. The current version published at any one time on our website is applicable. If this data privacy policy is part of an agreement with you, we will notify you of any changes via email or other appropriate means.

Questions for the Data Protection Officer
If you have any questions regarding data protection, please send us an email or contact the person in our organisation who is responsible for data protection and is listed at the beginning of this data protection policy.

Basel, 21 September 2020
Source of the original German text: SwissAnwalt

This English translation is provided for informational purposes and has no legal force. Only the original German version is binding.