1. Scope of application
We undertake to handle your personal data in a responsible manner. We accordingly consider it a matter of course to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other provisions of Swiss data protection law. Regarding personal data of users from the European Union, we also comply with the provisions of the EU General Data Protection Regulation (GDPR).
While you visit our website gubelin.com or are forwarded to our website gubelin.com, your personal data will be collected and used by us to the following extent and for the following purposes:
2. Description and scope of data processing
2.1. Provision of the website and creation of log files
Each time the Gübelin website is visited, our system automatically records data and information from the computer system of the computer from which the site is visited. In particular, the following data are collected, technically anonymised in each case:
- Information about the type of browser and the version used
- Operating system of the user
- The user’s Internet service provider
- IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites retrieved by the user’s system via our website
The data are also stored in the log files of our system or third parties. No storage of these data together with other personal data of the user takes place.
If you decide to receive news / print media when or after opening your customer account (by explicitly clicking on the corresponding box), you also consent to us using your personal data for marketing purposes, such as the delivery of our newsletter and/or catalogues/magazines.
2.4. Contact form, reservation function and e-mail contact
Alternatively, you can contact us via the e-mail address provided or with the service “reservation function”. In this case, the user’s personal data transferred by e-mail or the personal data in accordance with the input screen will be stored. E-mail traffic is not encrypted. The risk remains with the user.
No data are forwarded to third parties in this connection. The data will be used exclusively for processing the conversation or for on-site consultation.
3. Cookies/tracking and other technologies relating to the use of our website
We use session cookies to recognise that you have already visited individual pages on our website or that you have already logged into your customer account. These are automatically deleted when you exit our website. Moreover, for the purpose of user friendliness, we use temporary cookies which are stored on your device for a set period of time. If you visit our website again to make use of our services, it will automatically recognise that you have already been there and what settings and inputs you have made so you do not have to re-enter them.
In our newsletters and other marketing e-mails, we include visible and invisible elements to the extent permitted. By retrieving these elements from our servers, we can determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and can tailor them to you. You can block this in your e-mail program; most are preset to do so.
By using our website and consenting to receive newsletters and other marketing e-mails, you consent to the use of these technologies. If you do not want this, you must adjust your browser or e-mail pro-gram accordingly.
3.2. Google Analytics and other statistical services
3.3 Social media
4. Purpose and legal basis of data processing
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (FADP).
4.1 For the fulfilment of contractual obligations
Data are processed for the performance of our contracts with our customers or for the performance of pre-contractual measures in response to an enquiry. The purposes of data processing are geared primarily to the specific product or service provided by us. The personal data collected in this way will be used for the entire processing of your purchase, including any subsequent warranty claims, technical administration, etc.
Further details about data processing purposes can be found in the relevant contract documents and terms and conditions of business.
4.2 For the balancing of interests
Where necessary we process your data above and beyond the actual fulfilment of the contract in order to uphold our own legitimate interests or those of third parties. Examples:
- Consultation and exchange of data with information centres and other third parties (e.g. debt enforcement registers, credit information)
- To examine and optimise requirements analysis methods for the purpose of approaching customers directly
- Advertising or market and opinion research
- To enforce legal claims and as defence in legal disputes
- To safeguard IT security and IT operations
- To prevent and investigate criminal offences
- To conduct measures for the business management and further development of products and services as well as our website
- We also collect personal data from publicly accessible sources for the purpose of customer acquisition.
4.3 On the basis of your consent
Where you have granted us your consent to the processing of personal data for specific purposes, the legality of such processing is derived on the basis of your consent, unless we have other legal bases. Consent granted can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the GDPR coming into force. The revocation of consent does not affect the legality of data processed prior to the date of revocation.
4.4 On the basis of legal requirements or in the public interest
We as a company are also subject to various legal obligations in which connection we are obliged to process and store your data.
5. Retention of your personal data
We only store your data for as long as is necessary to use the tracking services in our legitimate interest and to perform the services you have requested or consented to.
We process and store your data for as long as this is necessary for the fulfilment of our contractual and statutory obligations. Please note that according to the law certain data have to be retained for a specific period of time. We block these data in our system and only use them for the fulfilment of legal requirements.
6. Disclosing data to third parties
7. Transmitting personal data abroad
We are entitled to forward your data to third-party companies abroad if this is necessary for the execution of your orders, legally permissible or you have granted us your consent. If the data protection level in a country is considered inadequate compared with Swiss standards and/or the EU General Data Protection Regulation, we ensure by way of contract that your personal data are at all times protected in accordance with Swiss guidelines and/or the EU General Data Protection Regulation.
We deploy adequate technical and organisational security measures that we deem appropriate to protect your data stored by us against manipulation, partial or full loss and unauthorised third-party access. Our security measures are constantly adjusted in line with technological developments. Per-sonal data are transmitted in encrypted form. Absolute protection cannot be guaranteed, but the Gübelin website and other systems are protected by technical and organisational measures against loss, destruction, access, alteration or processing of personal data. We also take our own internal data protection very seriously. Our employees and the service providers commissioned by us are sworn to secrecy and compliance with the statutory data protection provisions. They are furthermore only granted access to personal data to the extent that is necessary.
9. Options and rights of data subjects
When using the Gübelin website, you have several options. You may choose not to provide any personal data at all by not filling out any such forms or data fields on our website and by not using any of the available personalised services. If you choose to provide personal data, you have a right to access, correct, restrict, delete, transfer and object with regard to your personal data to the extent applicable by law.
9.1. Right to information
You can request confirmation from the controller as to whether personal data concerning you are processed by us.
If such processing exists, you can request the following information from the controller:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipient to whom the personal data concerning you have been or are to be disclosed;
- the planned duration of the storage of the personal data concerning you or, if it is not possible to provide specific details about this, criteria for determining the storage period;
- the existence of a right to correction or deletion of the personal data concerning you, a right to the restriction of processing by the controller or a right of objection against this processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data if the personal data were not collected from the data subject;
- the existence of automated decision-making.
You have the right to request information about whether the personal data concerning you are trans-mitted to a third-party country or to an international organisation. In this connection you can request to be informed about the suitable guarantees in connection with such transmission.
9.2. Right of correction
You have a right to correction and/or completion vis-à-vis the controller to the extent that the processed personal data concerning you are incorrect or incomplete. The controller must make the correction immediately.
9.3. Right to restriction of processing
You can request the restriction of processing of the personal data concerning you under the following conditions, if
- you dispute the correctness of the personal data concerning you for a period that enables the controller to review the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead request the restriction of use of the personal data;
- the controller no longer requires the personal data for the processing purposes but you require them for the assertion, exercise or defence of legal claims, or
- you have filed an objection to processing and it is not yet clear whether the controller’s legitimate reasons outweigh your reasons.
9.4. Right to deletion
You can request from the controller that the personal data concerning you are immediately deleted and the controller will be obliged to delete such data immediately if one of the following reasons applies:
- The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
- You revoke your consent upon which processing is based and there is no other legal basis for processing.
- You file an objection to processing and there are no overriding legitimate reasons for processing.
- The personal data concerning you have been unlawfully processed.
9.5. Right to data portability
You have the right to receive personal data concerning you that you have made available to the controller in a structured, current and machine-readable format. You also have the right to transmit these data to another controller without obstruction from the controller to whom the personal data have been made available if
- processing is based on consent or a contract and
- processing takes place by way of automated processes.
9.6. Right of objection
You have the right for reasons relating to your particular situation to file an objection at any time to the processing of the personal data concerning you.
The controller will no longer process the personal data concerning you unless it is able to provide evidence of compelling legitimate grounds for such processing that outweigh your interests, rights and freedoms or such processing serves the assertion, exercise or defence of legal claims.
9.7. Right to revocation of declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
10. Contact address
If you wish to contact us regarding our use of your personal data or to object to the processing of your personal data, please send an e-mail to firstname.lastname@example.org or contact us by post at the following address: Gübelin AG, Maihofstrasse 102, 6006 Lucerne, Switzerland. Should you wish to contact us, you should specify the precise data you wish us to correct, update or delete for you. Please enclose an appropriate identification of yourself. Requests for the deletion of personal data are subject to all legal and ethical reporting, archiving or retention obligations applicable to us.
11. Information for children and parents
This website is intended for adult users. It is forbidden for minors, in particular children under the age of 13, to transmit personal data about themselves to us or to register for a service. If we discover that such data have been transmitted to us, they will be deleted from our database. The parent (or legal guardian) of the child may contact us and request deletion or unsubscription. For this purpose we require a copy of an official document that identifies you as a parent or guardian.
Last revised: January 2019