- FROM MAY 1, 2021
- BY PURCHASING ANY OF OUR ITEMS, YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY (HEREINAFTER, "PP"). DO NOT PURCHASE ANY OF OUR ITEMS IF YOU DO NOT AGREE TO THIS PP, WHICH IS A LEGALLY BINDING AGREEMENT BETWEEN YOU (ABOVE, "CUSTOMER" or "YOU") AND US, PETER SAXER & CIE SA (ABOVE, "DRAKE STORE" or "WE").
- 1. PREAMBLE
-
Data protection is an important concern to us. That is why Drake Store aims to handle data and information in a legally compliant, transparent, responsible and user-friendly manner. This includes all information relating to an identified or identifiable natural or legal person.
By this privacy statement, Drake Store informs you:
- data that Drake Store processes as a manager (including collection, use and storage) when you visit the public areas of our Website or the protected areas requiring registration and all sub-pages (hereinafter referred to as the "Website") and inquire about or use our items or services;
- the purpose of the processing of your data and the legal basis for it; and
- of your rights regarding this data processing.This PP is not an exhaustive description. Other privacy policies, terms and conditions, specific terms and conditions, contracts, or similar documents govern specific issues as appropriate.
This PP can be updated at any time. We therefore advise you to regularly read the latest version of this page. The first sentence of the PP indicates the date of the most recent update. The current and valid version of the PP is available on our Website.
When you provide us with personal data of other persons (e.g. family members or work colleagues), please make sure that these persons are aware of this PP and only provide us with their personal data if you are authorized to do so and only if the personal data is correct.
-
- 2. DEFINITIONS
- 2.1Personal data: All information that relates to an identified or identifiable individual
- 2.2Data subject: The natural or legal person (individual, company, association) about whom data are processed
- 2.3Sensitive data: Personal data on religious, philosophical, political or trade union opinions or activities, health, intimate sphere or belonging to a race, social assistance measures, criminal or administrative proceedings or sanctions
- 2.4Personality profile: A collection of data that makes it possible to assess the essential characteristics of a physical person's personality
- 2.5Processing: Any operation relating to personal data - whatever the means and processes used - in particular the collection, storage, use, modification, communication, archiving or destruction of data
- 2.6Disclosure: The act of making personal data accessible, for example by allowing access, transmitting or disseminating it
- 2.7Traitement : Toute opération relative à des données personnelles – quels que soient les moyens et procédés utilisés – notamment la collecte, la conservation, l‘exploitation, la modification, la communication, l‘archivage ou la destruction de données
- 2.8File: Any set of personal data which structure makes possible to search for data by an individual
- 2.9File owner: The private person who decides on the purpose and content of the file
- 2.10Website : drakestore.ch
- 3. SCOPE AND LINKS
- 3.1This PP applies only to your use of the Website; it does not apply to other websites to which you may be directed via a link.
- 3.2The Website may include links to other websites that are not maintained or controlled by Drake Store. These websites are not subject to the terms of this PP and we are not responsible for their content or the principles under which they handle personal data. We recommend that you read the privacy policies of the various websites and check how they protect your personal data, as well as their reliability.
- 4. RESPONSIBILITY AND DATA PROTECTION OFFICER
- 4.1We are responsible for the Website and master of the file. We act as the provider and operator of the Website and the offers it contains. We decide on the purpose and means of processing personal data in full compliance with the laws in force.
- 4.2If you have any questions about the processing of your personal data or the exercise of your rights under this data protection declaration, you can contact the data protection officer :
Peter Saxer & Cie SA
Tobias Saxer
Rue Pécolat 5
1201 Genève - 4.3The address mentioned under point 4.2 is also valid according to Art. 27 of the Regulation No. 2016/679, the so-called General Data Protection Regulation (hereinafter, "GDPR").
- 5. DATA AND INFORMATION ENTERED
- 5.1In principle, you can use the public areas of our Website without having to register or explicitly provide us with data about your identity. During your visit, however, our server or the cookies used automatically record details about your visit.
- 5.2You consent to the collection, storage and processing of this data. It is encrypted when sent and stored on our systems so that unauthorized third parties cannot access it.
- 5.3In particular, the following technical information of your access device is automatically transmitted and stored in the server log files of our system:
- 5.3.1date and time of access to the Website ;
- 5.3.2Internet page from which the access was made (reference URL) ;
- 5.3.3search term when accessed through a search engine;
- 5.3.4country from which the access took place ;
- 5.3.5IP address (Internet Protocol address) of the computer making the request and name of the Internet provider;
- 5.3.6details of interaction with the Website (e.g. clicks on certain elements, length of time spent on a page, files viewed, etc.);
- 5.3.7device attributes: information such as operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, application and file names and types;
- 5.3.8device operations: information about activities and operations performed on the device, such as opening a window in the foreground or background, or mouse movements (this can help distinguish a robot from a human);
- 5.3.9identifiers: unique identifiers, device ID and other identifiers;
- 5.3.10device signals: Bluetooth signals and information about nearby WLAN access points, beacons and cell phone towers; and
- 5.3.11Device Settings Data: Information that you allow us to access based on the settings activated on your device, such as access to your GPS location, camera or photos.
- 5.4To the extent permitted by law, we also obtain certain data from publicly available sources (e.g., debt enforcement register, land register, commercial register, press or Internet), from authorities or third parties (e.g., credit institutions). We also collect data on compliance with legal requirements such as the fight against money laundering, data from banks, insurance companies, distribution partners and other contractual partners who work with us for the purpose of using or providing services.
- 6. LEGAL BASIS AND PURPOSE OF DATA PROCESSING
- 6.1We collect, process and use this personal data lawfully and in good faith. Depending on the respective purpose of the data processing, Drake Store processes your personal data on the following legal bases and, if necessary, for the following purposes:
- 6.1.1LEGAL BASES
- a)In addition to compliance with our PP, we comply with the Federal Data Protection Act of 19 June 1992 (DPA; SR 235.1), the Ordinance of 14 June 1993 on the Federal Data Protection Act (DPA; SR 235.11) and the GDPR.
- b)By accessing our Website or using our online services, you consent to the processing of your data in accordance with this PP.
- 6.1.2SAFEGUARDING LEGITIMATE INTERESTS
- a)Pursuant to Art. 13 DPA, our legitimate interest is based on the intention to ensure the functionality of our Website with respect to our services, to manage it in a user-friendly manner, to keep the information constantly updated and to meet the needs of both our Customers and visitors to the Website.
- b)We never use the data collected to draw conclusions about you personally.
- 6.1.3SECURITY AND STORAGE OF DATA (Art. 7 DPA; Art. 8 to 12 DPA)
- a)We treat your data confidentially and protect it with appropriate technical and organizational measures against loss, manipulation and unauthorized or unlawful access by third parties. We can only assume this responsibility within our sphere of influence.
- b)Your data is hosted in Switzerland in Infomaniak's ISO 14001 and ISO 50001 certified datacenter. This is a leading service provider. It is subject to the General Data Protection Regulation and is also contractually obliged to process personal data exclusively on our behalf and according to our strict security standards.
- c)Insofar as our Website contains links to third-party websites, the information and services accessible via these links are subject to the data protection provisions of the respective operators. These regulations may differ from this Privacy Policy and are beyond our sphere of influence, for which reason we cannot assume any responsibility.
- d)We only provide access to personal data and information to those employees, service providers and third parties who require it for the execution of the mandate or activity (need-to-know principle). For example, access is necessary when we provide our customers with items or in connection with items that they use from us or that they contract with us. To protect personal data, we implement physical, electronic and process-related safeguards.
- e)These measures include the use of firewalls, personal passwords, and encryption and authentication technologies. We use personal data belonging to our customers or former customers exclusively for the purposes mentioned in this PP and only pass on data to third parties with the customer's consent or when this is permitted or required to comply with a legal obligation.
- f)The length of time that personal data and information is stored is determined primarily by legal retention requirements. Depending on the applicable legal basis, the period may exceed ten years (e.g., when claims are asserted against Drake Store). In the case of personal data and information that is not subject to a retention requirement, the retention period is determined on a case-by-case basis and in accordance with our contractual obligations. In this case, the storage period depends on the type of data, the purpose of the processing or the operational requirements for storage.
- g)As soon as the data are no longer required for the above-mentioned purposes, they are, in principle and as far as possible, deleted or made anonymous.
- 6.1.4PROVISION AND MAINTENANCE OF THE WEBSITE AND ITS SECURITY AND STABILITY LEVEL
- a)The collection and processing of data and information by Drake Store is also intended to enable the establishment of a connection to use our Website, to optimize content and offerings, to maintain the functionality and stability of the Website, and to ensure the security of our information technology systems.
- 6.1.5OPERATIONAL AND STRATEGIC PROCEDURES
- a)The data is also used for operational and strategic procedures that are necessary for internal service provision, for example. This information is generally evaluated without a direct link to a person, for statistical purposes and to maintain and improve security. It is also not merged with other personal data.
- 6.1.6COMPLIANCE WITH LEGAL OBLIGATIONS
- a)Personal data may be collected from you in the context of contact, contractual, legal or regulatory obligations and irrespective of the channel (telephone, e-mail, contact form, customer consultation, etc.), and in particular in the context of preventing and combating illegal acts such as fraud and money laundering. If you do not wish to provide us with the data we require, we may not be able to offer you our products depending on the circumstances.
- b)In addition, Drake Store may be required by law or official order to provide information, and to disclose or surrender your personal data.
- 6.1.7TARGETED AND PERSONALIZED CONTENT AND OFFERS
- a)We also collect other data and information that comes from the media you use (e.g., computers, smartphones, and other internet-connected devices) that are connected to our items. We then combine the information collected from the various devices and channels you use. For example, we use the information we collect about your order of our items from your smartphone to better customize the content (including advertisements) or features you see when you order our items on another device, such as a laptop or tablet, or to evaluate whether you took an action on another device in response to an advertisement we displayed on your smartphone. In addition, we use your data from our customer relationship management (CRM) systems. We combine this data with the results of our web analytics system and create user profiles. By combining this data, it is in principle possible to derive personally identifiable information. This information is used exclusively for internal purposes, so that we can offer you a better user experience tailored to your needs.
- 6.1.8AUTOMATED INDIVIDUAL DECISION
- a)We process your personal data partly in an automated way in order to evaluate certain personal aspects (profiling) in order to provide you with targeted information and advice on our articles. We use evaluation tools that allow us to communicate and advertise if necessary.
- b)In principle, we do not use automated decision-making techniques within the meaning of Art. 22 RGDP to establish and execute a business relationship. Should we use such techniques in individual cases, we will inform you specifically if this is required by law and explain the rights that result from this.
- 6.1.1LEGAL BASES
- 6.1We collect, process and use this personal data lawfully and in good faith. Depending on the respective purpose of the data processing, Drake Store processes your personal data on the following legal bases and, if necessary, for the following purposes:
- 7. COOKIES
- 7.1GENERAL
- 7.1.1Cookies are small text files that are created by your browser when you visit our Website and stored on your computer. They contain strings of characters that allow a browser to be uniquely identified when it returns to our Website. They do not cause damage to your computer and do not contain viruses.
- 7.1.2Cookie technology stores pseudonymous usage information, such as which advertisement you received from us or clicked on, and which advertising content you viewed. In no case is the pseudonymized data associated with your personal data. Rather, it is used exclusively to enable advertising that reflects your interests.
- 7.2USEFULNESS OF COOKIES
- 7.2.1Cookies enable us to offer a user-friendly website (e.g. through language settings or comprehensibly structured information) and to implement electronic communication processes. We base this on our legitimate interest in providing correct and optimized services. Cookies also allow us to analyze the user's browsing habits. For example, they enable us to see how our website is used or whether your computer has accessed it before. In principle, we do not obtain any directly personal information. In some cases, it is necessary to assign them to a specific person.
- 7.2.2Most browsers automatically accept cookies by default. You can see which cookies are being executed in your browser. You have the ability to configure your browser according to your preferences and, for example, set it so that no cookies are accepted, or only accept certain cookies. You are also free to choose to be notified before a cookie is set or to accept cookies in principle, but to actively delete them if you wish.
- 7.2.3Most of the cookies we use are "session cookies". They are automatically deleted at the end of your visit. Some other cookies will be stored on your device until you delete them. These cookies allow us to identify your browser during your next visit.
- 7.2.4We occasionally use third-party plug-ins and components to enhance the user experience and our online advertising. These components may also use cookies for similar purposes. Neither the third parties nor Drake Store have access to the data collected by others through these cookies.
- 7.2.5We use cookies to display Drake Store banner ads when you visit third party websites with which we have marketing agreements. In some circumstances, these third parties may collect anonymous information about your use of our Website and other websites and may make this anonymous data available including, but not limited to, geographic data, information about your use of a website, or the names of websites on which banner ads have been displayed to you.
- 7.3DELETING COOKIES
- 7.3.1By using our Website, by consenting to receive newsletters and other marketing emails, you agree to the use of cookies. If you do not wish to do so, you must configure your browser or email program accordingly.
- 7.3.2You may choose at any time not to use cookies (on this Website) by deleting the cookies placed on your device by this Website. You can do this by changing your browser settings and deleting all cookies.
- 7.3.3To do this, you can access your Internet browser settings, delete the cache, browser history and cookies.
- 7.3.4Please note that disabling cookies may interfere with the proper functioning of some of the features of our Website and prevent the use of certain services or items.
- 7.4WEB TRAFFIC ANALYSIS TOOLS
- 7.4.1We use Google Analytics and Google Search Console, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, USA - CA 94043. Google Analytics uses cookies.
- 7.4.2The information generated by the cookie about your use of our website is transmitted to a Google server in the USA and stored there. Cookies, IP addresses and other data and information can be transmitted to Google for further processing.
- 7.4.3When transferring personal data, Google undertakes to ensure appropriate data protection comparable to that of the European Union or Switzerland, in particular by means of standard contractual clauses. Further information on this subject can be found in the Google data protection declaration and in the Google Analytics Terms and Conditions. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activities and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics is not associated with any other data held by Google. For more information, visit the Google website.
- 7.4.4You can prevent the transmission of the data created by the cookie related to your use of this website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
- 7.4.5We use retargeting and remarketing features from third-party vendors on our Website. These technologies allow us to serve personalized advertisements to users who have visited our Website in the past when they visit websites operated by our partners. Retargeting is when a remarketing vendor stores a cookie on your hard drive for this purpose.
- 7.4.6You can object to the use of retargeting providers, i.e. remarketing by clicking on the following link: https://adssettings.google.com/authenticated?hl=en.
- 7.1GENERAL
- 8. NEWSLETTER DATA
- 8.1For our newsletter, we use Mailchimp which is a registered trademark of The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.
- 8.2If you wish to order the newsletter offered on the Website, we require your e-mail address, as well as information that allows us to verify that you are the owner of the e-mail address and that you have agreed to receive the newsletter.
- 8.3We record your IP address and the date of registration when you sign up for our newsletter. This data is used solely for verification purposes in the event that a third party misuses the email address and signs up to receive the newsletter without the knowledge of the person authorized to use the account.
- 8.4No other data will be collected. We use this data for the sole purpose of sending the requested information and do not pass it on to third parties.
- 8.5You can withdraw your consent for the storage of your data at any time, your use of this address to send the newsletter, for example by using the unsubscribe link in the newsletter.
- 8.6We would also like to point out that we send email newsletters through a third-party provider based in an EU member state, which processes personal data in accordance with the GDPR. The third-party provider has a corresponding contractual obligation.
- 9. USE OF THE CONTACT FORM, FEEDBACK AND COMMUNICATION BY E-MAIL
- 9.1When using the feedback and contact form on our Website, please be aware that you should not enter any sensitive or confidential information (e.g., credit card information, money deposits, or address changes).
- 9.2If you contact us by e-mail, using a published e-mail address or a contact form, you expressly authorize us to reply to you via the same channel to the sender's address or to the address indicated. E-mails are transmitted unencrypted in the public domain of the Internet and may be picked up, read and manipulated by third parties. E-mail communication is therefore not suitable for the transmission of confidential data.
- 10. RECIPIENTS OF PERSONAL DATA
- 10.1We use third parties in Switzerland and abroad to operate our website and supply our products (commissioned data processors). We carefully select, train and supervise our data processors. Your data will be passed on to them insofar as this is necessary for the execution of the order. The persons entrusted with the processing of data on behalf of us are only authorized to process the data on our behalf and in compliance with the legal and regulatory provisions. We ensure that the applicable laws and regulations are complied with and take the necessary measures to ensure adequate and reliable protection of personal data. Your data will only be passed on for purposes other than the processing of data for the order if you have given your express consent.
- 10.2You acknowledge that it may be necessary to disclose data to domestic or foreign governmental or supervisory authorities. In doing so, we comply with and verify applicable legal and regulatory requirements, or proceed on the basis of court orders or official requests.
- 10.3Third parties engaged by us who implement technical and organizational measures on our behalf, who act on our instructions and whom we commission to carry out the purposes set out in this PP or for our other business activities (e.g. customer and technical support, hosting of our systems) may have access to personal data belonging to users. Our suppliers are required to process personal data exclusively on our behalf and according to our instructions. We also require our service providers to maintain technical and organizational measures for the protection of personal data.
- 10.4Your personal data may be transmitted abroad insofar as this is necessary to provide you with our products (e.g. for payment orders), is required by law (e.g. in the context of the automatic exchange of information) or is based on your consent. It is certain that in all cases (e.g. by concluding appropriate contracts) we require a level of data protection equivalent to the standards applied in Switzerland.
- 11. RISKS OF DATA TRANSFER
- 11.1Please note that the Internet should generally not be considered a secure environment. In particular, third parties may gain access to data and information that is transmitted via the Internet. Even if the sender and recipient are in the same country, it cannot be ruled out that information and data sent via the Internet may leave the country concerned.
- 11.2Data transmitted over public networks such as the Internet or e-mail services may be accessible to anyone. Information transferred via the Internet and content received online may be transmitted over networks operated by third parties. We cannot guarantee the confidentiality of information or documents that are transmitted through these networks or public networks operated by third parties.
- 11.3If you disclose personal data via a public network or networks operated by third-party providers, you should be aware that your data may be lost. Third parties could have access to it and therefore collect and use the data without your consent. While many individual data packets are transmitted in encrypted form, the names of the sender and recipient are not. A third party can therefore draw conclusions about accounts and business relationships that exist or are being established. Even if the sender and the recipient are residents of the same country, the transmission of data on these networks frequently - and without control - takes place via third countries, thus also via countries that do not offer the same degree of protection as the country in which you are domiciled. We do not assume responsibility for the security of your data during its transfer via the Internet and reject any liability for direct or indirect damage. The use of other means of communication is permitted if you consider it necessary or reasonable for security reasons.
- 12. RIGHT OF ACCESS AND DELETION, SUPPRESSION AND RECTIFICATION OF PERSONAL DATA
- 12.1Insofar as provided for by the data protection law, you have the right to obtain information, to correct, to delete, to limit data processing, to object to our data processing as well as the right to publish certain data for transfer to a third party (data portability).
- 12.2At your request, Drake Store will provide you with information about any data we have stored about you, its source, the recipients and categories of recipients to whom we have disclosed personal data about you, and the purpose for which the data was stored or processed. You also have the right to request the rectification, blocking or deletion of such data. Any consent given may be withdrawn at any time by notifying Drake Store.
- 12.3Please note, however, that we reserve the right to enforce restrictions provided by law, for example if we are required to retain or modify certain data, if there is an overriding interest or if it is necessary to enforce rights.
- 12.4We would like to draw your attention to the fact that the exercise of these rights may conflict with contractual agreements and have consequences such as premature termination of the contract or financial implications. We will inform you in advance if this is not already regulated in the contract.
- 12.5The requested information will be provided within 30 days. If we restrict your right of access, you will also be informed of this within 30 days in the form of a reasoned written decision. Restrictions can only be made if they are provided for by law in the formal sense or if they are justified by the overriding interests of the data controller or a third party and the data is not disclosed to third parties (Art. 9 and 10 DPA).
- 12.6In principle, requests for information are free of charge. In the absence of a legitimate interest, a fee may be charged if the request involves a large amount of work (e.g. because the data has already been anonymized) or if it is necessary to carry out lengthy searches (in manual files), in the case of an excessive or notorious request for information. A fee may also be charged where the information you are seeking has already been provided to you within the twelve months prior to the request, unless you have a legitimate interest (e.g., the data has changed in the interim). If there is a charge for this, we will inform you in advance.
- 12.7To exercise these rights, you can make your request by mail and must be able to clearly prove your identity, for example by means of a copy of your identity card. As a general rule, information is not provided over the telephone, as in most cases it is not possible to identify you with certainty. It is often not possible to obtain immediate satisfaction if you come to our offices in person. You can, however, consult your data on the spot, in agreement with us.
- 12.8You can revoke your previously given explicit consent to the processing of your data at any time; however, this revocation has no impact on the data processing already carried out.
- 12.9There is no right of objection to data that is absolutely necessary (e.g. for the provision of the Website, the recording of data in log files, the maintenance of security, etc.).
- 12.10You can assert your rights in court or by filing a complaint with the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
- 13. OTHER DATA PRIVACY ISSUES
- 13.1If you have general questions about this privacy statement or data protection, please write to us at the address given in Section 4 of this PP.
- 14. EFFECTIVE DATE, DURATION, AMENDMENT AND TERMINATION
- 14.1This PP is effective immediately and is valid for an indefinite period.
- 14.214.2. Drake Store reserves the right to change the terms and conditions at any time. Any changes will be announced by e-mail to the Customer and will be considered approved without objection by the Customer within 30 days if, within that time, no statement of objection is issued by the Customer.
- 15. GENERAL CLAUSES
- 15.1In the event that any provision or part of a provision is held to be void, illegal or ineffective under applicable law, the remaining provisions shall remain valid and effective.
- 15.2The failure of a Party to require compliance with or performance of any provision shall not in any way imply that such Party has waived the benefit of such provision, nor shall it affect the validity in whole or in part of any other provision or the right of the Parties to require performance of any such provision.
- 16. APPLICABLE LAW AND JURISDICTION
- 16.1This PP is governed by Swiss law.
- 16.2Any dispute arising out of or in connection with this PP shall be submitted to the courts of the Canton of Geneva, Switzerland.