of Cannasesh Switzerland Association
1 Who is responsible for data processing?
Im Unterrengg 39
8135 Langnau am Albis, Zürich
Phone: +41 78 849 06 76
2 On what legal basis do we process personal data?
We process personal data in accordance with the requirements of the European General Data Protection Regulation (GDPR) / (DSGVO)
The data can be processed in accordance with Art. 6 GDPR
- based on consent,
- to fulfill contractual obligations or pre-contractual measures,
- in the public interest or
- as far as the processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests and fundamental freedoms of the data subject, which require the protection of personal data, outweigh this. A legitimate interest exists in particular in the establishment of a contract with economic obligations, such as the conclusion of a sales contract.
4 Which data do we collect and process when you visit our website?
If you visit our website for information purposes, i.e. if you neither register nor otherwise provide us with information, we only collect the personal data that your browser transmits to our server (the so-called "server log files"). The following data is technically necessary for us to display our website to you:
– the IP adress
– the date and time of the request
– the time zone difference to Greenwich Mean Time (GMT)
– the exact content of the request (the specific page)
– the access status / HTTP status code
– the amount of data transferred in each case
– the source / website from which the request comes
– the browser you are using
– the operating system used and its interface
– the language and version of your browser software.
Processing takes place in accordance with Art. 6 Para. 1 f) GDPR to ensure a smooth connection to our website, to ensure comfortable use of our website, to evaluate system security and stability and for other administrative purposes.
In no case do we use the collected data for the purpose of drawing conclusions about you personally.
4 Which data do we collect and process when using our online shop?
If you send us an inquiry or would like to order goods in our online shop, we need and process certain data, in particular the information about the order you have selected or made, your address and e-mail address and the chosen method of payment. You have the option of voluntarily providing us with additional information such as a telephone number in order to enable us to contact you more quickly.
You can voluntarily create a customer account through which we can save your data for future purchases. When creating a customer account under "My Account", the data you provide will be stored and revocable for the period of the customer account. The legal basis for this can be found in Art. 6 Para. 1 a) GDPR.
We process the data provided to us for the execution of the contract, depending on the desired method of payment for a pre-contractual review and for any processing of warranty claims. The legal basis for this can be found in Art. 6 Paragraph 1 c) and f) GDPR.
In addition, the service providers we use (such as logistics companies, payment intermediaries) receive the necessary data about you or your order. Depending on the chosen method of payment, we also carry out credit checks. Without correct personal data, we can either not accept orders at all or only with a limited selection of payment methods.
As part of the operation of our company, we process your data using our IT systems. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
We can also process the data you provide in order to inform you about other interesting products from our portfolio or to contact you on certain occasions.
5 How do we collect and process data in the case of inquiries or communications by post, fax, e-mail or a contact form?
If you send us inquiries or notifications by post, fax, e-mail or via a contact form that relate to orders, we will save your inquiry or notification as well as our response as part of our commercial and tax retention obligations as correspondence on the respective order or to your customer account.
For other inquiries or communications by post, fax, e-mail or via a contact form, we use your personal data provided in the request only to answer your request, but we do not subsequently save your request and the personal data provided in the request.
6 Who do we share personal data with?
In the context of orders, we pass on your personal data to the shipping company commissioned with the delivery in order to fulfill the contract, insofar as this is necessary for the delivery of the goods ordered. To process payments, we pass on the payment data required for this to the credit institute commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service you selected in the order process.
As far as necessary, we transmit data from customers, interested parties, suppliers and our own personnel to authorities, such as to financial administrations and to external consultants (tax consultants, lawyers, auditors), insofar as this is necessary to make our company economical and consistent with applicable law.
7 How long will personal data be stored by us?
The duration of the storage of personal data is based on the respective statutory retention period. In particular, there are obligations under commercial and tax law to archive data from the concluded transactions for the duration of the statutory retention periods. The legal basis for the corresponding data usage is Art. 6 Para. 1 c) GDPR.
After the respective statutory retention period has expired, the relevant data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract and / or we have no legitimate interest in continuing to store it.
8 What are the rights of data subjects affected by data processing?
The applicable data protection law grants our customers and visitors to our website the following rights towards us with regard to personal data relating to them:
a) A right to information in accordance with Art. 15 GDPR
You have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to information about this personal data and information about
- the processing purposes,
- the categories of personal data that are processed,
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations,
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
- the existence of a right to correction or deletion of your personal data or to restriction of processing by the person responsible or a right to object to this processing,
- the existence of a right of appeal to a supervisory authority,
- if the personal data are not collected from you, all available information about the origin of the data or
- the existence of automated decision-making including profiling
b) A right to correction in accordance with Art. 16 GDPR
You have the right to demand that we correct any incorrect personal data concerning you without delay.
c) A right to deletion in accordance with Art. 17 GDPR
You have the right to request that we delete your personal data under the conditions of Art. 17 Para. 1 GDPR. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
d) A right to restriction of processing in accordance with Art. 18 GDPR
You have the right to demand that we restrict the processing of your personal data, provided that
- the correctness of your data, which you disputed, is checked by us,
- You refuse to delete your data due to inadmissible data processing and instead request that the processing of your data be restricted,
- we no longer need the personal data for the purposes of processing, but you need this data to assert, exercise or defend legal claims, or
- if you have lodged an objection for reasons that arise from your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail.
e) A right to data portability in accordance with Art. 20 GDPR:
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible, provided that the processing is based on consent or a contract and the processing takes place with the help of automated procedures.
f) A right to revoke consent given in accordance with Art. 7 Para. 3 GDPR
You have the right to revoke your consent to the processing of your personal data at any time. You will not incur any special costs (except for transmission costs based on the basic tariffs of your provider).
Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.
g) A right to lodge a complaint in accordance with Art. 77 GDPR
You have the right to lodge a complaint with a competent supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation.
9 Which provision of personal data is required?
In our online shop, we can either not accept orders at all or only offer a limited selection of payment methods without providing the correct information about certain personal data.
10 What consents have you given us?
You may have given us your consent to contact us for the purpose of advertising or certain data uses (for example, to send a newsletter or to display offers after logging in as a customer). If you have given us your consent, the consent texts are stored with us and can be called up. To access these texts, simply send us an e-mail to the e-mail address given in section 1 of this data protection declaration. We will then send you the requested information by email.
In order to make our website appealing and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies are used to make our website more user-friendly and effective overall. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware.
Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called transient or session cookies).
Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values in the individually specified scope. Persistent cookies are automatically deleted after a specified period, whereby the time until deletion can differ depending on the cookie.
If personal data is also processed by individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 f) GDPR to safeguard our legitimate interests in the best possible functionality of our website and a customer-friendly and effective design of the page visit.
We may work with third-party providers who help us to make our website more interesting for you. For this purpose, cookies from third-party providers are also stored on your device when you visit our website. If we work with the aforementioned third-party providers, you will be informed separately about the use of such cookies and the scope of the information collected in the further course of our data protection declaration.
Please note that you can set your browser so that you are informed about each setting of cookies. You can set your browser so that you can decide whether to accept cookies or exclude the acceptance of cookies in certain cases or in general. The cookie settings are determined in different ways in different browsers. The change of the settings regarding the acceptance or rejection of cookies is described in the help menu of each browser, which shows you how you can change your cookie settings. You can also delete the stored cookies at any time with regard to the browser you are using.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
12 Order our newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used in order to be able to address you personally.
After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 Para. 1 a) GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by e-mail to the e-mail address given in section 1 of this data protection declaration.
13 Use of Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and saved there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de
14 Use of Facebook social plugins
Our website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Facebook Social Plugin”. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that you have accessed the corresponding page on our website. If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example press the “Like” button or leave a comment, the relevant information is sent directly from your browser to Facebook and saved there. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook's data protection information. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Facebook. If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website.
15 Data security
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to us). You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the lower status bar of the browser you are using.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
16 No use of automated decision-making
We hereby guarantee that we will not make any automatic decision-making including profiling.
17 Information on the right to object to processing in accordance with Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is carried out by us on the basis of Art. 6 Paragraph 8 e) or f); this also applies to profiling based on these provisions.
We will then no longer process the personal data unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Please send your objection in a form-free manner to our contact details mentioned in section 1 at the beginning of our data protection declaration.