Compliance with data protection laws and thus the protection and confidentiality of your personal data is important to me. This data protection declaration informs you about how we collect and handle personal data in our role as data controller and, in particular, sets out the rights you are entitled to with regard to personal data.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to our company. With this data protection declaration we would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights by means of this data protection declaration.
This data protection declaration is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation was issued. Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms in this data protection declaration:
2.1. Personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
2.2. Affected person
The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
2.4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal To analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.
A third party is a natural or legal person, authority, institution or other body apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
Consent is any voluntary, informed and unmistakable declaration of will by the person concerned for the specific case in the form of a declaration or other unequivocal affirmative action with which the person concerned indicates that they consent to the processing of their personal data is.
3. Address of the person responsible and the data protection officer
The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. The person responsible within the meaning of the General Data Protection Regulation is:
Lanz Natur AG,
If you have any questions regarding individual data processing, please contact email@example.com
4. Data processing framework
4.1. Categories of processed data and origin
We collect and process personal data that we receive as part of our business relationship with our customers. As a rule, as little personal data as possible is processed. The processed data can differ depending on the group of people. Personal data can be collected or (further) processed in every phase of the business relationship, from business initiation to the end of the business relationship.
In addition to customer data, we may also process personal data from other third parties involved in the business relationship.
We understand the following categories of data as personal data:
Identification data and authentication data
Information from the fulfillment of our legal obligations
Other master data
Data from the fulfillment of contractual obligations
Information about the financial situation and professional background
Information from your electronic communication with our company
Data from publicly available sources
We process personal data from the following sources:
Personal data that we receive from you by means of submitted contracts, forms, your correspondence or other documents
Personal data that arise or are transmitted due to the use of products or services
Personal data that is permissibly transmitted to us by third parties, by public authorities (e.g. sanction lists of the UN and the EU) or by other companies (e.g. for the execution of orders or for the fulfillment of a contract)
Personal data - to the extent necessary for the provision of our service - that we have legitimately obtained from publicly accessible sources or other sources, such as databases for reviewing and monitoring business relationships (e.g. judicial, official or administrative measures, memberships and offices)
4.2. Legal basis for the processing of personal data
We process personal data in accordance with the provisions of the Swiss Data Protection Act for the following purposes:
Transmission of data within a group of companies for internal administrative purposes
Guarantee of network and information security
Prevention of possible criminal offenses
We also collect personal data from publicly available sources for the purpose of customer acquisition and money laundering prevention.
4.2.4 Based on your consent
If necessary and legally stipulated, the processing procedure is based on your consent.
4.3. Use and retention of your personal data
4.3.1 Transfer of data
Access to your data can be given both inside and outside our company. Within the company, only departments or employees are allowed to process your data if they need it to fulfill our contractual, legal and regulatory obligations and to safeguard legitimate interests.
External service providers or vicarious agents to whom personal data is transmitted are contractually obliged to protect data protection, to process your data only in the context of the provision of services and to comply with data protection instructions and legal requirements. Processors can be companies in the categories of banking services, sales agreements, IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, as well as sales and marketing.
4.3.2 Data deletion and storage
We process and store your personal data for the duration of the entire business relationship, i.e. from the initial initiation to the termination of the contract. After the termination of a contract and thus when the purpose of the storage no longer applies, the duration of storage is determined on the basis of statutory storage and documentation obligations. These retention periods are sometimes 10 years or more.
4.3.3 Automated decision-making including profiling
In principle, our decisions are not based on exclusively automated processing of personal data. In particular, we generally do not use automated decision-making to establish and implement the business relationship. We also do not use profiling measures.
5. Rights and duties
5.1. Available data protection rights
5.1.1. Right to confirmation
You have the right to request confirmation as to whether personal data relating to you is being processed. If you would like to make use of this right of confirmation, you can contact the data protection officer at any time.
5.1.2 Right to information
You have the right to receive free information about the personal data stored about you and a copy of this information at any time. This right to information includes the following information:
the purposes of processing
the categories of personal data that are processed
The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing
the right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: all available information on the origin of the data
the existence of automated decision-making including profiling and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
You also have a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transmission.
If you would like to make use of this right to information, you can contact the data protection officer at any time.
5.1.3 Right to rectification
You have the right to request the immediate correction of incorrect personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary declaration.
If you would like to exercise this right to correction, you can contact the data protection officer at any time.
5.1.4 Right to deletion
You have the right to have your personal data deleted immediately if one of the following reasons applies and if processing is not necessary:
The personal data were collected or otherwise processed for purposes for which they are no longer necessary
You have revoked your consent on which the processing was based and there is no other legal basis for the processing
You object to the processing and there are no overriding legitimate reasons for the processing
The personal data was processed unlawfully
The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject
If one of the above reasons applies and you would like to have personal data stored by our company deleted, you can contact the data protection officer at any time. The latter will arrange for the deletion request to be met immediately.
5.1.5 Right to restriction of processing
You have the right to request that processing be restricted if one of the following conditions is met:
The correctness of the personal data is disputed for a period that enables the person responsible to check the correctness of the personal data
The processing is unlawful, but you reject the deletion of the personal data and instead request that the use of the personal data be restricted
The person responsible no longer needs the personal data for the purposes of processing, but you need the personal data to assert, exercise or defend legal claims
You have lodged an objection to the processing and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned
If one of the above conditions is met and you would like to request the restriction of personal data stored by our company, you can contact the data protection officer at any time. The data protection officer will arrange for the processing to be restricted.
The rectification or deletion of the data or a restriction of processing will be communicated to the recipients to whom personal data has been disclosed. This notification obligation does not exist if this proves to be impossible or a disproportionate effort is associated with it.
5.1.6 Right of withdrawal
You have the right to withdraw your consent to the processing of personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected. If you would like to assert your right to withdraw your consent, you can contact our data protection officer at any time.
5.1.7 Right to data portability
You have the right to receive the personal data concerning you, which you have provided, in a structured, common and machine-readable format. You also have the right to have this data transmitted to another person responsible by the person responsible to whom the personal data was provided, provided that the processing is based on consent or on a contract and the processing is carried out using automated procedures, unless the processing is for it is necessary to perform a task that is in the public interest or is carried out in the exercise of public authority which has been assigned to the person responsible.
To assert the right to data portability, you can contact our data protection officer at any time.
5.1.8 Right to object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on a legitimate interest. This also applies to profiling based on these provisions.
In the event of an objection, our company will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing of the assertion, exercise or defense of legal claims serves.
If our company processes personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data for the purpose of such advertising. If you object to processing for direct marketing purposes to our company, we will no longer process the personal data for these purposes.
5.2 Exercise of rights
We accept requests for information in writing, together with a legible copy of a valid official ID (e.g. passport, identity card, driver's license). You can send your request to our company's data protection officer.
You can exercise further rights, such as the right to rectification, the right to erasure, the right to restriction of processing and - if applicable - the right to data portability by sending us a corresponding message. Please address this message to the data protection officer.
6. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority, this is the Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch ).
7. Obligation to provide personal data
We explain to you that the provision of personal data is in part required by law (e.g. tax regulations, money laundering prevention, etc.) or can also result from contractual provisions (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for you to provide us with personal data that we subsequently have to process. For example, you are obliged to provide us with personal data when our company concludes a contract with you. Failure to provide personal data would mean that the contract could not be concluded.
You are not obliged to give your consent to data processing with regard to data that is not relevant for the performance of the contract or is not required by law and / or regulatory requirements.
8. Contact form and contact via email
Our company's website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If you contact our company by e-mail or using a contact form, the personal data you have transmitted will be saved automatically. Such personal data transmitted on a voluntary basis will be stored for the purposes of processing or contacting you. This personal data is not passed on to third parties.
9.1. Why are cookies used?
9.2. What are cookies?
Cookies are text files that are stored on your electronic device in order to track your use of the electronic services and your preference settings when navigating between the individual websites and, if necessary, to save settings between your visits. Cookies help the developers of electronic services to compile statistical information about the frequency of visits to certain areas of the website and help them to make the electronic services even more useful and user-friendly. A cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is called up again.
Please note that most internet browsers automatically accept cookies. You can configure your browser so that no cookies are stored on your electronic device, cookies can only be accepted from certain websites or a message always appears before you receive a new cookie. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
10. Analysis tools
We use analysis tools. In this context, pseudonymised data is created and cookies are used to analyze how users use our electronic services. The information generated by the cookies regarding your use of the website (e.g. host name of the electronic device via which the website is accessed (IP address), browser type / version, operating system used, and date / time of the server request) can be sent to Servers are transferred from third parties and are used for analysis purposes.