Data privacy
1. General
surpriseBOX GmbH in Kirchdorf is the operator of the website beautyPALAST.ch and the services offered on it and is therefore responsible for the collection, processing and use of your personal data and the compatibility of data processing with applicable data protection law.Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. Of course, we observe the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (revDSG and GDPR).
So that you are aware of what personal data we collect from you and for what purposes we use it, please note the information below.
2. Personal data
Personal data is all information that says something about you and can be assigned to you personally. Personal data can be used for different purposes.3. Collection of personal data
The collection and processing of personal data serves the purpose of using our website and ensures long-term system security and stabilitythe optimization of our offer. It is also used for collection and processing
of personal data for internal statistical purposes.
3.1. Voluntary provision of your personal data
You usually provide us with your personal data, for example when you create a customer account or contact our customer serviceturn around. Providing your personal data is voluntary, which means you are not obliged to provide us with this information. However, it is necessary for us to collect and process certain personal data in order to perform a contract and fulfill related obligations, as required by law. Otherwise we cannot conclude or continue the contract. If you provide us with information about other people, such as family members, we will assume that you are authorized to do so and that this information is accurate. Please ensure that these other people have been informed of our privacy policy.
3.2. Personal data received
We may also receive personal data about you from third parties, for example from companies we work with, people who communicate with us, or from public sources. We may receive information about you from the following third parties:• from your employer and work colleagues, in connection with an application and with their job functions;
• from people around you, regarding your address for deliveries, references or powers of attorney;
• from credit reporting agencies, e.g. when we obtain credit reports;
• from the Swiss post office and address dealers;
• from banks, insurance companies, sales and other contractual partners in purchases and payments;
• Providers of cyber security services;
• information services to comply with legal requirements such as anti-money laundering and export restrictions;
• from authorities, parties and other third parties in connection with official and judicial proceedings;
• from public registers such as the debt collection or commercial register, from public bodies.
4. Purposes for processing your personal data
4.1. communication
We would like to stay in touch with you and respond to your individual concerns, which is why we process personal data to communicate with you.The purpose of communication includes in particular:
• answering inquiries;
• contacting you if you have any questions;
• customer service and customer care;
• the delivery of other notifications (e.g. information on order status).
4.2. Contract execution
Our priority is to provide you with first class service. We therefore process personal data in connection with the initiation, management and processing of contractual relationships. This includes, for example, the delivery of orders. As part of the contract processing, an agreed personalization of the services can also take place. The purpose of contract processing basically includes all measures necessary to conclude, implement and, if necessary, enforce a contract.This includes edits
• to provide contractually agreed services, such as delivery of goods and provision of services;
• to provide customer services and measure customer satisfaction;
• to bill our services and generally for bookkeeping;
• to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract;
• to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
• to store data within the scope of retention obligations.
4.3. Safety and prevention
We ensure adequate protection of your data against risks and take comprehensive security measures to prevent unauthorized access to your personal data. We continually improve our security measures and adapt them to the current state of the art.In order to guarantee the security of both your and our interests and to prevent possible misuse, we process personal data for security purposes. This includes measures to ensure IT security, prevent fraud and misuse and preserve evidence. We collect, analyze and store this data for the stated purposes.
The purpose of safety and prevention includes:
• analyzing behavioral and transactional data to identify suspicious behavior patterns and fraudulent activity;
• the evaluation of system-side records of the use of our systems (log data);
• Preventing, defending against and detecting cyberattacks and malware attacks;
• Analysis and testing of our network and IT infrastructure, as well as system and error testing;
• Control of access to electronic systems (e.g. logins to user accounts).
4.4. Compliance with legal requirements
Our goal is to ensure legal requirements. We therefore process personal data to comply with legal obligations and to prevent and detect violations.Compliance with legal requirements includes in particular:
• receiving and processing complaints and other reports;
• the legally required retention of peripheral data from telecommunications traffic;
• disclosing information and documents to authorities if we have an objective reason to do so (e.g. because we are the injured party ourselves) or are legally obliged to do so;
• ensuring the legally required data security;
In all cases, this may involve Swiss law, but also foreign regulations to which we are subject. We are also bound by self-regulation, industry standards, other norms or official instructions.
4.5. Upholding the law
Our goal is to enforce our claims and defend ourselves against claims of othersto be able to defend. For this reason, we also process personal data for the purpose of protecting the law. Depending on the situation, we may process different types of personal data, e.g. contact details and information about processes that have led or could lead to a dispute.
The purpose of protecting the law includes in particular:
• the clarification and enforcement of our claims, which may also include claims of companies affiliated with us and our contractual and business partners;
• the defense of claims against us, our employees, companies affiliated with us and against our contractual and business partners;
• the clarification of litigation prospects and other legal, economic and other questions;
• Participation in proceedings before courts and authorities at home and abroad. For example, we can secure evidence, clarify the prospects of a lawsuit or submit documents to an authority. It may also be the case that authorities ask us to disclose documents and data carriers that contain personal data.
5. Relevant legal bases for the processing of personal data
The processing of personal data is based on different legal bases depending on the purpose of the data processing. In particular, we are entitled to process personal data if the processing• is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g. the examination of a contract application);
• is necessary for the protection of legitimate interests;
• is based on consent;
• Is necessary to comply with domestic or foreign legal regulations.
We have a legitimate interest in the processing, in particular for the purposes described above in Section 4 and in passing it on in accordance with Section 9. The legitimate interests include our own interests and the interests of third parties.
These legitimate interests include the interest
• Deliver products and services to third parties (e.g. to people receiving gifts);
• combating fraud in the online shop;
• in ensuring IT security in connection with the use of our website;
• in ensuring and organizing business operations, including the operation and further development of our website;
• in compliance with Swiss and foreign law as well as internal rules.
6. Accessing our website
When you visit our website, our servers temporarily save every access in a log file. As with every connection to a web server, the following technical data is collected without your intervention and stored by us until it is automatically deleted after 3 months at the latest:• the IP address of the requesting computer,
• the name of the owner of the IP address range (usually your Internet access provider),
• the date and time of access,
• the website from which access was made (referrer URL), if applicable with the search term used,
• the name and URL of the retrieved file,
• the status code (e.g. error message),
• the operating system of your computer,
• the browser you use (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1) and
• If applicable, your username from registration/authentication
This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring long-term system security and stability and enabling the optimization of our Internet offering, as well as for internal statistical purposes.
7. Opening a customer account
To place orders in the online shop, you can order as a guest or open a customer account. When registering for a customer account, we collect the following data:• First and Last Name
• Billing/shipping addresses
• Birth date
• Language
• Telephone number
• E-mail address
• Password
The data is collected for the purpose of providing the customer with password-protected direct access to the basic data stored by us. The customer can view his completed and open orders or manage or change his personal data.
8. Shopping in the online shop
If you would like to place orders in our online shop, we need the following data to process the contract:• First and Last Name
• Billing address (and if different delivery address)
• Payment information (depending on the payment method chosen)
• Birth date
• Telephone number
• Login data, i.e. email address and password (for registered customers)
Unless otherwise stated in this data protection declaration or you have not given your separate consent, we will only use the aforementioned data to process the contract, namely to process your orders, deliver the ordered products and ensure correct payment.
9. Disclosure of personal data to third parties
We will only pass on your personal data if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.In addition, we pass on your data to third parties to the extent that this is necessary as part of the use of the website and contract processing (also outside the website), namely the processing of your bookings. This includes the respective transport service provider who was entrusted with shipping the ordered goods. A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host Hostpoint AG in Rapperswil-Jona. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionality of our website.
If we make an advance payment, e.g. when purchasing on account, we may obtain credit information from a credit agency based on mathematical and statistical procedures to protect our legitimate interests. To do this, we transmit the personal data required for a credit check to the credit agency MF Group in St. Gallen and use the information received about the statistical probability of non-payment to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) that were calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal provisions.
Finally, when you pay by credit card on the website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all necessary information. Regarding the processing of your credit card information by these third parties, we ask that you also read the general terms and conditions and privacy policy of your credit card issuer.
All email traffic is handled by cyon GmbH in Basel via servers in Switzerland. For inquiries via email, the content and the sender are saved. This allows us to ensure that all inquiries are processed quickly and securely.
10. Transfer of data abroad
We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purposes of the data processing described in this data protection declaration. They are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.One way to ensure adequate data protection is, for example, to conclude data transfer contracts with the recipients of your personal data in third countries that ensure the necessary data protection. These include contracts that have been approved, issued or recognized by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. In exceptional cases, transfer to countries without adequate protection is permitted, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.
11. Cookies
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically saves to your computer's hard drive when you visit our website.For example, we use cookies to offer you the shopping cart function across multiple pages and to temporarily save your entries when you fill out a form on the website so that you do not have to repeat the entry when you access another subpage. Cookies may also be used to identify you as a registered user after registering on the website, without you having to log in again when you access another subpage.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie.
Deactivating cookies may mean that you cannot use all functions of our website.
12. Tracking tools
We use Matomo's web analysis service for the purpose of tailoring our website to meet your needs and continually optimizing it. In this context, pseudonymized usage profiles are created and small text files stored on your computer (“cookies”) are used. The information generated by the cookie about your use of this website is stored and processed by us. In addition to the data listed under section 1, we may receive the following information:• Navigation path that a visitor takes on the site,
• Duration of stay on the website or subpage,
• the subpage on which the website is left,
• the country, region or city from which access is made,
• End device (type, version, color depth, resolution, width and height of the browser window) and
• Returning or new visitor.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website use and internet use for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you.
13. Network marketing
We advertise this website via Facebook, an offering from Facebook Inc., based in the USA. For this purpose, a cookie is stored by Facebook when you visit our website in order to enable interest-based advertising based on the pages you visit.14. Vouchers and special offers
As a thank you for orders, we give you access to vouchers and special offers for shopping and other services from other providers on the Internet via Sovendus, an offer from our partner adfocus GmbH based in Zug, Switzerland. In order to give you this access, we include a corresponding note from adfocus when completing orders on our website via an encrypted connection, whereby data such as in particular your Internet Protocol (IP) address, which can represent personal data, is exchanged with adfocus . Any personal data that is exchanged in this context serves the sole purpose of being able to offer Sovendus permanently, securely and reliably. Further information on the type, scope and purpose of data processing can be found in Sovendus’ data protection declaration.15. Email advertising with registration for the newsletter
If you register for our newsletter, we will use the data required for this or provided separately by you to regularly send you our email newsletter based on your consent.You can unsubscribe from the newsletter at any time and can do so either by sending a message to the contact option described below or via a link provided in the newsletter. After you unsubscribe, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted or necessary by law and about which we inform you in this declaration.
By registering for the newsletter, you also agree that we are entitled to carry out a performance measurement. This includes an evaluation of the opening and click rates, as well as the conversion rate and general click behavior.
16. Right to information, correction, deletion and restriction of processing; Right to data portability
You have the right to request information about the personal data we store about you. In addition, you have the right to correct incorrect data and the right to delete your personal data, provided that this does not conflict with a legal retention requirement or a permit that allows us to process the data.You also have the right to request that we return the data that you have given us (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a common file format.
You can reach us for the aforementioned purposes via the email address info@beautyPALAST.ch. In order to process your requests, we may, at our own discretion, require proof of identity.
The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
The responsible supervisory authority in the Principality of Liechtenstein is the Data Protection Office
of the Principality of Liechtenstein.
17. The processing of particularly sensitive personal data
Certain types of personal data are considered “particularly worthy of protection” under data protection law, such as information about health and biometric characteristics. As a rule, however, we only process particularly sensitive personal data if it is necessary to provide a specific service, if you have provided us with this data voluntarily or if you have consented to the processing. In addition, we may process such sensitive personal data if this is necessary to protect our legal interests or to comply with national or international legal provisions, if the data in question has obviously been publicly disclosed or if the applicable law permits the processing.We process particularly sensitive personal data if, for example, you apply for an open position and provide information about your health, trade union membership or previous convictions and criminal proceedings.
18. Data Security
We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continually improved in line with technological developments.You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We also take internal company data protection very seriously. We have obliged our employees and the service companies we commission to maintain confidentiality and to comply with data protection regulations.
19. Retention of personal data
We only store personal data for as long as necessary to use the above-mentioned tracking and analysis services and further processing within the scope of our legitimate interests. We will retain contractual data for longer as this is required by legal retention requirements. Retention obligations that require us to store data arise from accounting and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents must be retained for up to 10 years. If we no longer need this data to provide you with services, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.20. Right to complain to a data protection supervisory authority
You have the right to complain to a data protection supervisory authority at any time.As of: June 25, 2024