July 2020 version

In this data protection declaration, we at HSB-Weibel AG explain how we collect and otherwise process personal data. Personal data is understood to mean all information relating to a specific or identifiable person.

This data protection declaration is based on the EU Basic Data Protection Regulation (DSGVO). Although the DSGVO is a regulation of the European Union, it is important to us. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union or the EEA must comply with the DSGVO under certain circumstances.

1. person responsible / data protection officer / representative

Responsible for the data processing described here is HSB-Weibel AG, J. Schmidheinystrasse 244, 9435 Heerbrugg. If you have data protection concerns, you can send them to the following contact address: info@hsb-weibel.ch.

2. collection and processing of personal data

We primarily process the personal data which we receive from our customers and other business partners and other persons involved in the business relationship with them or which we collect from their users when operating our website and other applications. To the extent permitted, we also extract certain data from publicly accessible sources (e.g. commercial register, press, Internet) or obtain such data from associations, authorities and other third parties.

3. purposes of data processing and legal bases

Most of our services do not require registration, so you can visit our website without telling us who you are. However, some services may require you to provide personal information. In such a case, if you decide not to provide personal information requested by us, we may not be able to respond to your request.

We collect and use your personal data, for example, to offer you products or services, to introduce you to products and services which we believe may be of interest to you, or to communicate with you for other purposes which are apparent from the circumstances or which we inform you about when we collect the personal data.

We also process personal data for the following purposes:

• To offer and further develop our products, services, websites and other platforms on which we are present;
• Testing and optimisation of procedures for the analysis of requirements for the purpose of direct customer contact as well as the collection of personal data from publicly accessible sources for the purpose of customer acquisition;
• Advertising and marketing (including the organisation of events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time; we will then put you on a blacklist against further advertising mailings);

If you have given us your consent to process your personal data for specific purposes (for example, when you register to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent that has been granted can be revoked at any time, but this has no effect on data processing that has already taken place.

4. cookies / tracking and other technologies in connection with the use of our website

We sometimes use Google Analytics or comparable services on our websites. This is a service provided by third parties, which may be located in any country in the world (in the case of Google Analytics it is Google LLC in the USA, www.google.com), with which we can measure and evaluate the use of the website (not personal). Permanent cookies are also used for this purpose, which are set by the service provider. The service provider does not receive any personal data from us (nor does it keep any IP addresses), but it can track your use of the website, combine this information with data from other websites you have visited and which are also tracked by the service provider, and use this information for its own purposes (e.g. controlling advertising). If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us how our respective website is used (no information about you personally).

5. data transfer and data transmission abroad

HSB-Weibel AG does not pass on any personal user/customer information without the express permission of the person concerned. However, we reserve the right to process information and personal data and to pass it on to the competent civil and criminal prosecution authorities in order to comply with applicable laws, regulations, court proceedings or criminal investigations.

6. duration of the storage of personal data

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and, in addition, in accordance with the statutory storage and documentation obligations. It is possible that personal data may be retained for the time during which claims can be made against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or made anonymous as far as possible.

7. data collection on our online shop

Our online shop uses the platform Shopify Inc. ("Shopify"). When you place an order in our shop, you agree to the storage and processing of your personal data by Shopify. For this purpose, your personal data will be transferred to the Shopify data centre in the United States and processed. This storage and processing of the data is done for the purpose of supporting and processing your orders, authentication, handling of payment transactions and improvement of Shopify's services. For more information about Shopify's terms of use and privacy policy, please visit http://www.shopify.com/legal/privacy.

Registration on this website

You can register on our website to use additional features on the site. We will only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse registration.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time. All you need to do is send us an informal notification by e-mail. The legality of the data processing already carried out remains unaffected by the revocation.

The data collected during registration is stored by us for as long as you are registered on our website and is then deleted. Legal retention periods remain unaffected.

8. data security

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, IT and network security solutions, access controls.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing. The payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

9. payment provider

Shopify Payments (USA) Inc On our website we offer payment via Shopify Payments, among other things. If you choose to pay via Shopify Payments, the payment information you enter will be transmitted to Shopify Payments.

The transmission of your data to Shopify Payments is based on art. 6 para. 1 letter a DSGVO (consent) and art. 6 para. 1 letter b DSGVO (processing for the fulfilment of a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the validity of data processing operations carried out in the past.

10. obligation to provide personal data

Within the scope of our business relationship, you must provide us with the personal data required for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations (as a rule, you do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude or execute a contract with you (or the body or person you represent). Nor can the website be used if certain information to secure data traffic (such as IP address) is not disclosed.

11. rights of the data subject

Within the scope of the data protection law applicable to you, you have the right to information, correction, deletion, the right to limit data processing and otherwise object to our data processing and to surrender certain personal data for the purpose of transfer to another body (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to invoke this) or if we need them for the assertion of claims. We will inform you in advance if any costs are incurred by you.

12. changes

We may change this privacy policy at any time without notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.