Data protection

Data protection

​

The responsible body within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Jashara Cosmetics AG

Industriestrasse 11

9434 Au, SG
Switzerland

Telephone: 079 713 6411
Email: info@jashara.ch
Website: http://www.jashara.ch/

General remark

Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the federal government (Data Protection Act, DSG), every person has the right to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

By using this website, you agree to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as the pages called up or the name of the file called up, the date and time are stored on the server for statistical purposes, without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR - insofar as and insofar as the EU GDPR is applicable:

• Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) - The person concerned has given their consent to the processing of their personal data for a specific purpose or several specific purposes.

• Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO) - The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures which are required at the request of the data subject take place.

• Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) - The processing is necessary to fulfill a legal obligation to which the person responsible is subject.

• Protection of vital interests (Art. 6 Para. 1 S. 1 lit. d. GDPR) - Processing is necessary to protect vital interests of the data subject or another natural person.

• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal Data require prevail.

• Application procedure as a pre-contractual or contractual relationship (Art. 9 Para. 2 lit. b GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data, such as severe disability or ethnic origin) are requested from applicants so that the person responsible or the person concerned can exercise the rights arising from labor law and the law of social security and social protection and fulfill his or her obligations in this regard, their processing takes place in accordance with Art. 9 para 2 letter b. GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Art. 9 (2) lit. c. DSGVO or for the purposes of health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social area or for the administration of systems and services in the health or social area in accordance with Art. 9 Paragraph 2 lit. h. GDPR. In the case of a notification of special categories of data based on voluntary consent, their processing takes place on the basis of Article 9 Paragraph 2 lit. GDPR.

We process personal data for the period necessary for the respective purpose or purposes. In the case of longer-lasting storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Relevant legal bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transmission of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (ie outside the European Union (EU), the European Economic Area (EEA)) or the processing within the framework of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies takes place, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we only process the data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, if there are certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Privacy Policy for Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

Data protection declaration for newsletter data

If you would like to receive the newsletter offered on this website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . Further data is not collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.

External payment service providers

This website uses external payment service providers, via whose platforms the users and we can carry out payment transactions. For example about

• PostFinance ( https://www.postfinance.ch/de/detail/srechtes-barrierefreiheit.html)

• Visa ( https://www.visa.de/bedingungen/visa-privacy-center.html)

• Mastercard ( https://www.mastercard.ch/de-ch/datenschutz.html)

• American Express ( https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)

• Paypal ( https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

• Bexio AG ( https://www.bexio.com/de-CH/datenschutz)

• Payrexx AG ( https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

• Apple Pay ( https://support.apple.com/de-ch/ht203027)

• Stripe ( https://stripe.com/ch/privacy)

• Klarna ( https://www.klarna.com/de/datenschutz/)

• Skrill ( https://www.skrill.com/de/fusszeile/datenschutzanleitung/)

• Giropay ( https://www.giropay.de/rechts/datenschutzerklaerung) Etc.

As part of the fulfillment of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 Para. 1 lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Article 6 (1) (f) of the EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service provider includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. We as the operator do not receive any information about the (bank) account or credit card, only information to confirm (accept) or reject the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. We refer to the terms and conditions and data protection notices of the payment service providers.

The terms and conditions and data protection notices of the respective payment service provider, which can be accessed within the respective website or transaction applications, apply to the payment transactions. We also refer to this for the purpose of further information and the assertion of revocation, information and other data subject rights.

Order processing in the online shop with a customer account

We process the data of our customers in accordance with the data protection regulations of the federal government (Data Protection Act, DSG) and the EU-DSGVO, as part of the ordering process in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery , or to enable execution.

The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospects and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. We use session cookies, e.g. to save the contents of the shopping cart, and permanent cookies, e.g. to save the login status.

The processing takes place on the basis of Art. 6 Para. 1 lit. b (implementation of order processes) and c (legally required archiving) DSGVO. The information marked as required is required for the establishment and fulfillment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).

Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines such as Google. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention being necessary for commercial or tax reasons in accordance with Article 6 (1) (c) GDPR. Information in the customer account remains until it is deleted with subsequent archiving in the event of a legal obligation. It is the user's responsibility to back up their data before the end of the contract in the event of termination.

As part of the registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR.

Deletion takes place after statutory warranty and comparable obligations have expired; the necessity of storing the data is checked at irregular intervals. In the case of legal archiving obligations, the deletion takes place after their expiry.

Use of cookies and use of data

cookies

In order to continuously improve the website for customers, Jashara Cosmetics AG can use cookies. Cookies are small pieces of software information that are stored by web browsers (e.g. Google Chrome, Internet Explorer or Mozilla Firefox) on the customer's computer hard drive in order to facilitate use of the website (e.g. language selection, shopping cart, etc.).

Some of the cookies used by Jashara Cosmetics AG are deleted after the end of the browser session, i.e. after closing the web browser (so-called session cookies). Other cookies remain on the end device and enable Jashara Cosmetics AG to recognize the customer's web browser on the next visit (so-called persistent cookies). The duration of storage can be found in the overview in the cookie settings of the web browser.

Most web browsers automatically accept such cookies, but web browsers can be configured not to accept or store cookies. However, if cookies are deactivated, the functionality of the website may be restricted. Details on this can be found in the operating instructions or the help function of the web browser.

use of the data

The anonymous data, which is recorded by means of cookies when the Jashara Cosmetics AG website is called up, can be used for web analysis purposes, to optimize the website and to measure performance. Jashara Cosmetics AG can use third-party providers for this, some of which have their own data protection regulations over which Jashara Cosmetics AG has no influence.

Jashara Cosmetics AG uses functions of the following web analysis services:

Google Analytics
The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google evaluates the use of the website in order to compile reports on website activity and to provide Jashara Cosmetics AG with other services related to website activity and internet usage. The IP address transmitted by the customer's web browser as part of Google Analytics is not merged with other Google data.

The information generated by cookies about the use of the website is usually transmitted to a Google server in the USA and stored there. Google complies with the data protection provisions of the "Swiss-US Privacy Shield" agreement and has registered with the US Department of Commerce for the "Swiss-US Privacy Shield" (information on the Swiss-US Privacy Shield can be found at https://www.privacyshield .gov/Swiss-US-Privacy-Shield-FAQs ).

For more information, see Google's privacy policy at https://support.google.com/analytics/answer/6004245?hl=de .

social media content

Jashara Cosmetics AG can use social media plugins from social networks such as Facebook, Instagram or Twitter on the website.

If the customer calls up a website that contains such a plugin, the web browser establishes a direct connection to the servers of the respective social network. The content of the plugin is transmitted directly to the web browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that the customer's web browser has accessed the relevant Jashara Cosmetics AG website, even if the customer does not have a profile on the corresponding social network or is not currently logged in. This information (including the IP address) is transmitted directly from the customer's web browser to a server of the respective provider (possibly in the USA) and stored there. If the customer is logged into one of the services, the providers of the social network can directly assign the visit to the Jashara Cosmetics AG website to the profile in the respective social network. If the customer interacts with the plugins, for example by pressing the "Like" or "Share" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed there to the customer's contacts.

These social network platforms have their own data protection regulations over which Jashara Cosmetics AG has no influence.

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as a contact option and the related rights of the customers and setting options for the protection of privacy can be found in the data protection information of the providers:

https://www.facebook.com/policy.php

https://twitter.com/de/privacy

https://help.instagram.com/155833707900388

If the customer does not want any of these plugins to be loaded, it is recommended to log out of the relevant social network. Furthermore, various web browsers can be set up or supplemented with add-ons (e.g. Facebook blocker) so that the social media plugins are not loaded.

changes

We can adjust this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, in the event of an update we will inform you of the change by e-mail or by other suitable means.

Questions to the data protection officer

If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration.

Source: SwissAnwalt