Zürcher Cosmetics GmbH, Schüepwisstrasse 1A, 8117 Fällanden, is the operator of the website www.beauty-essentials.ch and the services offered on it, and is therefore responsible for the collection, processing and use of your personal data, and the compatibility of the data processing with the applicable data protection law.
Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (FADP), the Telecommunications Act (TCA) and any other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
To help you understand what personal data we collect from you, and for what purposes we use it, please read the information below.
When you visit our website, our servers temporarily save each access in a log file. The following technical data is collected without your intervention, as is the case with every connection to a web server, and stored by us until automatic deletion after 4 months at the latest:
the IP address of the requesting computer
the name of the owner of the IP address range (usually your Internet access provider)
the date and time of access
the website from which the access was made (referrer URL), if applicable with the search word used
the name and URL of the retrieved file
the status code (e.g. error message)
the operating system of your computer
the browser you are using (type, version and language)
the transmission protocol used (e.g. HTTP/1.1)
if applicable, your user name/user ID from a registration/authentication
The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability on a permanent basis and to enable the optimisation of our internet offer, as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit. f DSGVO.
To place orders in the online shop, you can order as a guest or open a customer account. When registering for a customer account, we collect the following data:
First and last name
Company name (optional)
Street + house number
Address suffix (optional)
Postcode and town
Country (Switzerland or Liechtenstein)
Optional registration for mail advertising (can be cancelled at any time)
The data is collected for the purpose of providing the customer with password-protected direct access to his/her basic data stored with us. The customer can manage or change their billing address and contact details so that they do not have to be entered each time they place an order.
The legal basis for the processing of the data for this purpose lies in the consent given by you in accordance with Art. 6 Para. 1 lit. a EU-DSGVO.
If you wish to place orders in our online shop, we require the following data for the processing of the contract:
First and last name
Billing address (and if different, delivery address)
Payment details (depending on the payment method chosen)
Login data, i.e. e-mail address and password (for registered customers)
The legal basis of data processing for this purpose is the fulfilment of a contract according to Art. 6 para. 1 lit. b EU-DSGVO.
We only pass on your personal data if you have expressly consented, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
In addition, we pass on your data to third parties, insofar as this is necessary within the framework of the use of the website and the processing of contracts (also outside the website), namely the processing of your order. This includes Die Schweizerische Post AG, Wankdorfallee 4, 3030 Bern as a transport service provider for the dispatch of ordered goods. A service provider to whom the personal data collected via the website is transferred, or who has or may have access to it, is our cloud provider Microsoft Ireland Operations Limited, c/o Microsoft Schweiz GMBH, Richtistrasse 3, CH-8304 Wallisellen. The website is hosted on servers in Ireland and Switzerland. The data is transferred for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO.
If we make advance payments, e.g. in the case of a purchase on account, we may obtain creditworthiness information from a credit agency on the basis of mathematical-statistical procedures in order to protect our legitimate interests. For this purpose, we transmit the personal data required for a credit check to the credit agency Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, and we use the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. The creditworthiness information may contain probability values (score values) which have been calculated on the basis of scientifically recognised mathematical-statistical procedures, and which include address data in their calculation. Your interests worthy of protection are taken into account in accordance with the legal provisions. Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU-DSGVO lies in the purposes described above.
We are also entitled to transfer your personal data to third party companies (commissioned service providers) abroad for the purpose of the data processing described in this data protection declaration. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
With the registration for the newsletter and the confirmation to receive the newsletter (double opt-in), the newsletter is activated. We use Rapidmail to send the newsletter. The provider of Rapidmail is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.
Rapidmail is a service with which, among other things, the dispatch of newsletters can be organised and analysed. The data you enter for the purpose of receiving newsletters is stored on Rapidmail's servers in Germany.
If you do not want Rapidmail to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
Data analysis by Rapidmail:
For the purpose of analysis, the emails sent with Rapidmail contain a so-called "tracking pixel", which connects to Rapidmail's servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of Rapidmail we can determine whether, and which, links in the newsletter message are clicked on. All links in the e-mail are so-called tracking links, with which your clicks can be counted. You can find out more about Rapidmail's analysis functions by clicking on the following link: https://de.rapidmail.wiki/kategorien/statistiken/.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, and will be deleted from our servers as well as from the servers of Rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. if you have an account for online orders with us) remain unaffected by this. For more details, please refer to Rapidmail's data security information at: https://www.rapidmail.de/datensicherheit.
Conclusion of a contract for commissioned data processing:
We have entered into a contract with Rapidmail in which we oblige Rapidmail to protect our customers' data and not to pass it on to third parties. This contract can be viewed at the following link: https://de.rapidmail.wiki/files/adv/muster-auftragsdatenverarbeitung.pdf.
Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or arrange for a message that always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
Microsofts Windows Internet Explorer
Microsofts Windows Internet Explorer Mobile
Google Chrome für Desktop
Google Chrome für Mobile
Apple Safari für Desktop
Apple Safari für Mobile
Disabling cookies may prevent you from using all the features of our website.
For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 1, we may receive the following information as a result:
Navigation path taken by a visitor to the site
the time spent on the website or sub-page
the sub-page on which the website is left
the country, region or city from which access is made
end-user device (type, version, colour depth, resolution, width and height of browser window)
returning or new visitor
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and to tailor this website to your needs. This information may also be transferred to third parties where required by law, or where such third parties process the information on our behalf.
b. Google Analytics
The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, with headquarters in the USA. Before the data is transmitted to the provider, the IP address is truncated by activating IP anonymisation ("anonymizeIP") on this website within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains a sufficient level of data protection. According to Google Inc., in no case will the IP address be associated with other data relating to the user.
For more information about the web analytics service used, please visit the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=en.
For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation, or exception based on the objective pursued, and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of these data. Furthermore, we would like to point out that in the USA, there are no legal remedies available to data subjects from Switzerland that allow them to gain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data.
We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the point of view of the European Union - among other things due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield that your data is protected with our partners with an appropriate level.
We use the social networks listed below on our website to raise awareness of our company. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. Data processing in connection with these social networks is carried out with your consent when you use them. If you use the services of these social networks independently of or in connection with our website, the social networks evaluate your use. In this case, information is forwarded to the social networks.
Instagram: Our website uses links from the social network Instagram, which is offered by Facebook Inc. The Instagram link is marked with an Instagram logo. If you call up a page of our website that contains such a link, your browser establishes a direct connection to the servers of Facebook Inc. when you click. Even if you are not a member of the Instagram social network or are not logged in there, data will be transmitted and stored there.
On the website below, you will find information on your rights and setting options for protecting your privacy on Instagram:
You have the right to request information about the personal data we have stored about you. In addition, you have the right to have incorrect data corrected, and the right to have your personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or an authorisation that allows us to process the data.
You also have the right to demand that we return the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the e-mail address email@example.com. For the processing of your applications, we may, at our discretion, request proof of identity.
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We take the internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with the provisions of data protection law.
We only store personal data for as long as is necessary to use the tracking and analysis services mentioned above, as well as for the further processing within the scope of our legitimate interest. We retain contractual data for longer, as this is required by legal retention obligations. Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
You have the right to complain to a data protection supervisory authority at any time.
Status: 27 September 2020