Data protection

Data protection declaration

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is

lisi-bisi
by Marlies Garbani
Grindelwaldstrasse 95
3818 Grindelwald

Phone: 079 398 88 53 (8 a.m. - 5 p.m.)
E-Mail: info@lisi-bisi.ch
Website: http://www.lisi-bisi.ch/

General information

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we endeavor to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages called up or the name of the file called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. No data will be passed on to third parties without your consent.

Processing of personal data

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR, insofar as the EU GDPR is applicable:

lit. a) Processing of personal data with the consent of the data subject.
lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
lit. c) Processing of personal data for compliance with a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR is applicable in whole or in part.
lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person
lit. f) Processing of personal data in order to protect the legitimate interests of us or third parties, except where such interests are overridden by the fundamental freedoms and rights and interests of the data subject. Legitimate interests are, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

This website uses cookies. These are small text files that make it possible to store specific user-related information on the user's device while they are using the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyze the behavior of page use, but also to make our offer more customer-friendly. Cookies remain stored at the end of a browser session and can be called up again when you visit the site again. If you do not wish this to happen, you should set your Internet browser to refuse to accept cookies.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.

Rights of data subjects

Right to confirmation

Every data subject has the right to request confirmation from the website operator as to whether personal data concerning them is being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

Right to information

Any person affected by the processing of personal data has the right to receive information free of charge from the operator of this website at any time about the personal data stored about them and a copy of this information. The following information can also be provided, where applicable

the purposes of processing
the categories of personal data being processed
the recipients to whom the personal data have been or will be disclosed
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the existence of the right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If you would like to exercise this right to information, you can contact our data protection officer at any time.

Right to rectification

Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If you wish to exercise this right to rectification, you can contact our data protection officer at any time.

Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right to demand from the controller of this website that the personal data concerning them be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary
The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing
The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and associated profiling
The personal data has been processed unlawfully
The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject
The personal data have been collected in relation to the offer of information society services directly provided to a child

If one of the above reasons applies and you would like to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the request for erasure is complied with immediately.

Right to restriction of processing

Any person affected by the processing of personal data has the right to request the controller of this website to restrict processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims
The data subject has objected to the processing on grounds relating to his or her particular situation and it is not yet clear whether the legitimate grounds of the controller override those of the data subject

If one of the aforementioned conditions is met, and you wish to request the restriction of the processing of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the restriction of processing.

Right to data portability

Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. They also have the right to have this data transmitted to another controller if the legal requirements are met.

Furthermore, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Right to object

Any person affected by the processing of personal data has the right to object to the processing of personal data concerning them at any time for reasons arising from their particular situation.

In the event of an objection, the operator of this website will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

To exercise your right to object, you can contact the data protection officer of this website directly.

Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw consent, you can contact our data protection officer at any time.

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Chargeable services

For the provision of chargeable services, we request additional data, such as payment details, in order to be able to process your order. We store this data in our systems until the statutory retention periods have expired.

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already transmitted to Facebook in the process. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a "Like" or "Share" button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

You can find more information on this in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

External payment service providers

This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example via

PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Stripe (https://stripe.com/ch/privacy)
Klarna (https://www.klarna.com/de/datenschutz/)
Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.

As part of the fulfillment of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU-DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. As the operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.

Payment transactions are subject to the terms and conditions and data protection information of the respective payment service providers, which can be accessed on the respective website or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

Order processing in the online store with customer account

We process the data of our customers in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU-DSGVO, as part of the ordering processes in our online store, in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.

The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. We use session cookies, e.g. to store the contents of the shopping cart, and permanent cookies, e.g. to store the login status.

The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as necessary is required to justify and fulfill the contract. We only disclose the data to third parties in the context of delivery, payment or within the scope of legal permissions and obligations. The data is only processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).

Users can optionally create a user account in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until it is deleted with subsequent archiving in the event of a legal obligation. It is the responsibility of users to back up their data before the end of the contract in the event of termination.

We store the IP address and the time of the respective user action as part of the registration and renewed logins and use of our online services. This data is stored on the basis of our legitimate interests as well as those of the user to protect against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed at irregular intervals. In the case of statutory archiving obligations, deletion takes place after their expiry.

Contractual services

We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as "contractual partners") in accordance with the data protection provisions of the federal government (Data Protection Act, DSG) and the EU GDPR in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide our contractual services to them. GDPR, in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contract data (e.g. services used, contract content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).

We do not process special categories of personal data unless they are part of commissioned or contractual processing.

We process data that is necessary for the establishment and fulfillment of the contractual services and point out the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies only takes place if it is necessary within the framework of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.

When using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.

The data will be deleted when the data is no longer required to fulfill contractual or legal duties of care and to deal with any warranty and comparable obligations, whereby the necessity of storing the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations apply.

Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.

Anyone who commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and may be liable for damages.

General disclaimer

All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, accuracy and topicality of information, including journalistic and editorial information. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless there is evidence of willful intent or gross negligence.

The publisher may change or delete texts at its own discretion and without prior notice and is not obliged to update the content of this website . The use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, accidental, pre-determined or consequential damages, which are allegedly caused by visiting this website and therefore assume no liability for this.

The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or offend common decency.

Amendments

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

Questions for the data protection officer

If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization listed at the beginning of the privacy policy directly.

Grindelwald, 24.11.2020
Source: SwissAnwalt