Please note that this privacy policy has been translated into English using ChatGPT.
With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our zbaeren.ch-website. We specifically inform you about why, how, and where we process personal data. We also provide information about the rights of individuals whose data we process.
For specific or additional activities and operations, additional privacy policies, as well as other legal documents such as Terms and Conditions (AGB), Terms of Use, or Participation Terms, may apply.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, especially that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Addresses
Responsible for the processing of personal data:
Zbären Kreativküchen AG
Sagistrasse 11
3775 Lenk im Simmental
Switzerland
We will notify you if, in individual cases, there are other controllers for the processing of personal data.
Data protection representation in the European Economic Area (EEA)
We have the following data protection representation pursuant to art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for requests in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Deutschland
2. Terms and Legal Bases
2.1 Terms
Personal data refers to any information that relates to a specific or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and methods used, including querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, capturing, collecting, deleting, disclosing, organizing, storing, altering, disseminating, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).
We process – where and to the extent the General Data Protection Regulation (GDPR) is applicable – personal data based on at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and for pre-contractual measures.
- Art. 6(1)(f) GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, unless the fundamental rights and freedoms of the data subject outweigh those interests. Legitimate interests include, in particular, our interest in conducting our activities and operations permanently, user-friendly, securely, and reliably, as well as communicating about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
- Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the laws of member states in the European Economic Area (EEA).
- Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Type, Scope, and Purpose
We process the personal data that is necessary to permanently, user-friendly, securely, and reliably carry out our activities and operations. Such personal data may include categories of master and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, and contract and payment data.
We process personal data for the duration that is necessary for the respective purpose(s) or required by law. Personal data that is no longer required will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or disclose it to third parties. These third parties are primarily specialized providers whose services we use. We ensure data protection even with these third parties.
We generally process personal data only with the consent of the data subjects. If and to the extent that processing is permissible for other legal reasons, we may waive obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to protect overriding interests.
In this context, we process, in particular, information that a data subject voluntarily provides to us when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book, a Customer Relationship Management (CRM) system, or with similar tools. If we receive data about other persons transmitted by others, the transmitting parties are obliged to ensure data protection for these persons and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is legally permissible.
4. Applications
We process personal data about applicants to the extent necessary for assessing suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data is derived, in particular, from the information requested, such as in a job advertisement. We also process personal data that applicants voluntarily provide or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.
We process – where and to the extent the General Data Protection Regulation (GDPR) is applicable – personal data about applicants in accordance with Art. 9(2)(b) GDPR.
5. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, especially for processing or having it processed there.
We can export personal data to all countries and territories on Earth, as well as elsewhere in the Universe, provided that local law ensures adequate data protection according to the Swiss Federal Council’s decision and – where and to the extent the General Data Protection Regulation (GDPR) is applicable – according to the European Commission’s decision to ensure adequate data protection.
We may transfer personal data to countries where the law does not ensure adequate data protection, provided that data protection is ensured for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or execution of a contract. Upon request, we will provide data subjects with information about any guarantees or provide a copy of any guarantees.
6. Rights of Data Subjects
6.1 Data Protection Claims
We grant data subjects all claims under the applicable data protection law. Data subjects have, in particular, the following rights:
- Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data processed, among other things, as well as information about the purpose of processing, the duration of retention, any disclosure or export of data to other countries, and the source of personal data.
- Correction and Restriction: Data subjects can have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
- Deletion and Objection: Data subjects can have personal data deleted („right to be forgotten“) and object to the processing of their data with effect for the future.
- Data Disclosure and Data Transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may, within the legally permissible framework, postpone, restrict, or refuse to exercise data subject rights. We may inform data subjects of any conditions that must be met to exercise their data protection claims. For example, we may completely or partially refuse to provide information, citing trade secrets or the protection of other individuals. For example, we may also completely or partially refuse to delete personal data, citing legal retention obligations.
We may, in exceptional cases, provide for costs for the exercise of rights. We will inform data subjects in advance of any costs.
We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are required to cooperate.
6.2 Right to Complain
Data subjects have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal authorities in Switzerland is the Federal Data Protection and Information Commissioner (Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte, EDÖB).
Data subjects have – where and to the extent the General Data Protection Regulation (GDPR) is applicable – the right to file a complaint with a competent European data protection supervisory authority.
7. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion and other surveillance by law enforcement authorities in Switzerland, the rest of Europe, the United States of America (USA), and other states, as is generally the case with all digital communication. We cannot directly influence the processing of personal data by intelligence agencies, police agencies, and other law enforcement authorities.
8. Use of the Website
8.1 Cookies
We may use cookies. With cookies – both our own cookies (First-Party Cookies) and cookies from third parties whose services we use (Third-Party Cookies) – data is stored in the browser. Such stored data need not be limited to traditional text-based cookies.
Cookies can be stored in the browser temporarily as „Session Cookies“ or for a specific period as so-called permanent cookies. „Session Cookies“ are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow recognizing a browser on the next visit to our website, thereby, for example, measuring the reach of our website. Permanent cookies can also be used for online marketing, for example.
Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be fully available. We request – at least if and to the extent necessary – explicit consent for the use of cookies.
For cookies used for tracking success and reach or for advertising, a general objection („Opt-out“) is possible for many services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 Server Log Files
We may collect the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpage of our website accessed including transmitted data volume, last visited webpage in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our website permanently, user-friendly, and reliably, and to ensure data security and, in particular, the protection of personal data – also by third parties or with the help of third parties.
8.3 Pixel Tracking
We may use pixel tracking on our website. Pixel tracking is also referred to as web beacons. With pixel tracking – including those from third parties whose services we use – small, usually invisible images are automatically retrieved when visiting our website. Pixel tracking can capture the same information as in server log files.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (T&Cs) and usage terms as well as privacy policies and other provisions of the individual operators of such platforms also apply in each case. These provisions inform in particular about the rights of affected individuals directly against the respective platform, including, for example, the right to information.
For our Social Media presence on Facebook, including so-called Page Insights, we are – if and to the extent the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our Social Media presence on Facebook.
Further information about the nature, scope, and purpose of data processing, information about the rights of affected individuals, as well as contact details for Facebook and the data protection officer of Facebook can be found in the Facebook Privacy Policy. We have concluded the so-called „Addendum for Controllers“ with Facebook, and in particular, agreed that Facebook is responsible for ensuring the rights of affected individuals for Page Insights. For the so-called Page Insights, the corresponding information can be found on the „Information about Page Insights“ page, including „Information about Page Insights Data“.
10. Third-Party Services
We use services from specialized third parties to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed features and content into our website. In the case of such embedding, the used services collect the IP addresses of users for technical reasons, at least temporarily.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to provide the respective service.
We use, in particular:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General Privacy Information: „Privacy and Security Principles“, Privacy Policy, „Google Compliances and Commitments“, „Data Processing Terms“ (for individual services of Google); Services Used: Google Ads, Google Analytics, Google Search Console.
- Facebook Services: Provider: Meta Platforms Ireland Limited (Ireland); General Privacy Information: Facebook Privacy Policy; Services Used: Social Plugins.
The use of such services is carried out on the basis of our legitimate interests in the secure, efficient, and user-friendly design and provision of our website, as well as on the basis of our legitimate interests in the statistical analysis and evaluation of the use of our website.
