freshface natural soap is the operator of the website and the services offered on it. We are therefore responsible for the collection, processing and use of your personal data and the compatibility of the data processing with the applicable data protection law. In general, we advise you to always keep your access data confidential and close any browser window when you have finished communicating with a website.
We offer authentic, natural products and also play with an open hand when it comes to data protection. Your trust is important to us. We comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Data Protection Act (ODPA), the Telecommunications Act (TCA), and other applicable data protection provisions of Swiss or EU law, in particular the new European General Data Protection Regulation (GDPR). We disclose which personal data we collect from you and what we use them for. Please take note of the following information.
1. When you visit our site
Whenever you visit our website, our server temporarily saves each access in a log file. Technical data is recorded every time a connection is made to a web server. These data enable the connection and thus the use of our website, they guarantee system security and stability, enable the adjustment of our internet offer and services, the improvement of your shopping experience and serve us for internal statistical purposes. The following data are collected and stored by us until automatic deletion after 3 months at the latest:
the areas where the user clicks most (heatmap)
the length of time the user stays on the website,
the length of time the user stays on the individual sub-pages,
the number of visitors to the website,
the date and time of access,
the IP address of the requesting computer,
the name of the owner of the IP address range (Internet access provider),
the website from which access is made (referrer URL)
the name and URL of the retrieved file,
the status code (e.g. an error message),
the operating system of your computer,
the browser you use,
the transmission protocol used (e.g. HTTP/1.1)
and possibly your user name from a registration/authentication
Our legitimate interest in data processing exists in the sense of Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of data for this purpose is the consent given by you in accordance with Art. 6 Para. 1 lit. a EU-GDPR.
2. Your purchase in our online shop
3. Passing on your data on to third parties
We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
Furthermore, we will only pass on your data to third parties if this is necessary within the scope of the use of the website and the processing of the contract, i.e. the processing of your bookings; this includes the respective transport service provider who is entrusted with the shipment of your ordered goods. Our legitimate interest in this is in the sense of Art. 6 para. 1 lit. f EU-GDPR.
If you pay by credit card, you will be asked to provide all mandatory information. Whenever you pay by credit card on our website, we forward your credit card information to your credit card issuer and to the credit card acquirer. The legal basis for the forwarding of data is the fulfilment of a contract according to Art. 6 para. 1 lit. b EU-GDPR.
4. Transmission of data abroad
6. Tracking tools
We use the web analysis service of Google Analytics (GA), so that we can optimise your shopping experience on our website. For this purpose, pseudonymous user profiles are created and small text files are stored on your computer; these are the above-mentioned «cookies». The information thus generated about the use of our website is transferred to the servers of the providers of these services, where it is stored and processed for us. In addition to the data listed in section 1 («When you access our site»), we may also receive the following information:
the country, region or city from which you are accessing our site,
the navigation path of a visitor to our website,
whether the visit is new or recurring,
its length of stay on the website or sub-site,
which terminal the visitor uses.
We use this information to evaluate the use of our website. Your identity will not be disclosed. The IP address is also not evaluated further. The primary purpose of the survey is to obtain usage statistics and the usage behaviour of visitors to our website. This information may be transferred to third parties if required by law or if third parties are instructed to process this data (transport, service providers).
7. Google Analytics (GA)
The provider of the Google Analytics web analysis service we use is Google Inc. a company of the holding company Alphabet Inc. with headquarters in the USA. GA as a web analytics tool is used by an estimated 50 - 80% of all German-speaking websites and is therefore the most used web analytics tool. Before the data is transmitted to Google Inc., the IP address is shortened by activating IP anonymisation («anonymizeIP») on this website within the member states of the European Union or in other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymous IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. According to Google Inc., the IP address will not under any circumstances be associated with other data concerning the user.
8. Note on data transfers to the USA
For the sake of completeness, we would like to point out the following for users with residence or registered office in Switzerland: in the United States, surveillance measures are in place by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the United States, without differentiation, restriction or exception based on the objective pursued, and without any objective criterion which would make it possible to limit the access of the US authorities to the data and their subsequent use to particular identified purposes that would in any way justify the interference associated with both access to and use of such data. For data subjects from Switzerland this means that there are no legal remedies and no effective judicial protection against general access rights by US authorities.
9. Storage of your data
We only store personal data for as long as we need it for the above-mentioned tracking and analysis services and further processing within the scope of our legitimate interest. However, statutory storage obligations stipulate that contract data for business communication, concluded contracts and booking vouchers must be stored for up to 10 years. As soon as we no longer need this data for the performance of services for you, it will be blocked. After this period, they may only be used for accounting and tax purposes.
10. Your right to complain to a data protection supervisory authority
You have the right to complain to a data protection authority at any time.
freshface natural soap, Kilchberg, January 2020.