Privacy Policy

GIRL FROM THE MOUNTAIN products & events
Schwäbismattweg 4
3613 Steffisburg
Switzerland
Email: hello@girlfromthemountain.ch

Authorized Representative
Sonja Lauener

Company Name
GIRL FROM THE MOUNTAIN products & events

Data Protection Officer
Sonja Lauener
0792854828
hello@girlfromthemountain.ch

General / Introduction

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Data Protection Act (DSG), every person has the right to privacy protection as well as protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to legal data protection regulations as well as this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse, or falsification.

We would like to point out that data transmission over the Internet (e.g., communication by email) can have security vulnerabilities. A complete protection of data against access by third parties is not possible.

By using this website, you agree to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as accessed pages or names of accessed files, date, and time are stored on the server for statistical purposes, without being directly related to your person. As far as personal data (such as name, address, or email addresses) are collected on our pages, this is always done, if possible, on a voluntary basis. These data will not be passed on to third parties without your explicit consent.

Processing of Personal Data

Personal data refers to all information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular, the storage, disclosure, procurement, deletion, retention, modification, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. Insofar as the EU GDPR is applicable, we process personal data additionally based on the following legal grounds in connection with Art. 6(1) GDPR:

  • lit. a) Processing personal data with the consent of the data subject.
  • lit. b) Processing personal data to fulfill a contract with the data subject as well as to carry out corresponding pre-contractual measures.
  • lit. c) Processing personal data to fulfill a legal obligation to which we are subject under applicable EU law or under applicable law of a country in which the GDPR is wholly or partially applicable.
  • lit. d) Processing personal data to protect the vital interests of the data subject or another natural person.
  • lit. f) Processing personal data to safeguard our legitimate interests or those of third parties, provided the fundamental rights and freedoms and interests of the data subject do not outweigh these interests. Legitimate interests include our business interest in providing our website, information security, enforcement of our own legal claims, and compliance with Swiss law.

We process personal data for the duration necessary for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Cookies

This website uses cookies. These are small text files that allow specific information related to the user to be stored on the user’s device while they are using the website. Cookies make it possible to determine the frequency of use and the number of users of the pages, to analyze behaviors of site usage, and to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be recalled during a subsequent visit to the site. If you do not want this, you should set your Internet browser to refuse cookies.

A general objection to the use of cookies for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all functions of this online offer may be available in this case.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Third-Party Services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA to protect against bots and spam, and YouTube to embed videos.

These services of the American Google LLC use cookies, among other things, which means that data is transmitted to Google in the USA, whereby we assume that in this context only anonymized tracking is taking place through the use of our website.

Google has committed to ensuring adequate data protection in accordance with the US-European and US-Swiss Privacy Shield.

Further information can be found in Google’s privacy policy.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on these data without your consent.

Newsletter

If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the given email address and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe link” in the newsletter.

Comment Function

For the comment function on this website, in addition to your comment, information on the time the comment was created, your email address, and, if you do not post anonymously, the username you have chosen will be stored.

Storage of IP Address

Our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data to be able to take action against the author in case of legal infringements such as insults or propaganda.

Subscribing to Comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the provided email address. You can unsubscribe from this feature at any time via a link in the notification emails.

Rights of the Data Subject

Right to Confirmation

Every data subject has the right to request confirmation from the operator of the website as to whether personal data concerning them are being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

Right to Information

Every person affected by the processing of personal data has the right to receive free information about the personal data stored about them and a copy of this information from the operator of this website at any time. Furthermore, the following information may be provided:

  • Purposes of the processing
  • Categories of personal data processed
  • Recipients to whom the personal data have been or will be disclosed
  • If possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining that duration
  • The existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by the controller, or a right to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • If the personal data are not collected from the data subject: all available information about the origin of the data
  • Additionally, the data subject has the right to be informed about whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed about the appropriate safeguards related to the transfer.

If you wish to exercise this right to information, you can contact our data protection officer at any time.

Right to Rectification

Any person affected by the processing of personal data has the right to request the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, considering the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

If you wish to exercise this right to rectification, you can contact our data protection officer at any time.

Right to Erasure (Right to be Forgotten)

Any person affected by the processing of personal data has the right to request the immediate deletion of personal data concerning them from the controller of this website, provided that one of the following reasons applies and the processing is no longer necessary:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
  • The data subject withdraws their consent on which the processing was based and there is no other legal basis for the processing.
  • The data subject objects to the processing for reasons arising from their particular situation, and there are no overriding legitimate grounds for the processing, or the data subject objects to processing in the case of direct marketing and associated profiling.
  • The personal data have been processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
  • The personal data were collected concerning offered information society services directed at a child.

If one of the above reasons applies and you wish to arrange for the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the deletion request is fulfilled immediately.

Right to Restriction of Processing

Any person affected by the processing of personal data has the right to request the restriction of processing from the controller of this website if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period that enables the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject opposes the erasure of the personal data, and requests instead the restriction of their use.
  • The controller no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing for reasons arising from their particular situation, and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the above conditions is met and you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure the restriction of processing.

Right to Data Portability

Every person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transfer these data to another controller without hindrance from the controller to whom the personal data were provided, provided that the processing is based on consent or a contract and the processing is carried out by automated means.

Furthermore, the data subject has the right to have the personal data transferred directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Right to Object

Every person affected by the processing of personal data has the right to object at any time to the processing of personal data concerning them, which is carried out on grounds relating to their particular situation, based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, the operator of this website will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If the operator of this website processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the operator of this website to the processing for direct marketing purposes, the operator of this website will no longer process the personal data for these purposes.

Additionally, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them, which is carried out by the operator of this website for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can directly contact the data protection officer of this website. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, using automated procedures that use technical specifications.

Automated Decisions in Individual Cases, Including Profiling

Any person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, provided the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, the operator of this website shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, they can contact our data protection officer at any time.

Right to Withdraw Data Protection Consent

Every person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact our data protection officer at any time.

Legal Basis of Processing

Art. 6(1)(a) GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example, in the case of inquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Legitimate Interests in Processing Pursued by the Controller or a Third Party

Where the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is to conduct our business for the well-being of all our employees and shareholders.

Duration for Which Personal Data Will Be Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data are routinely deleted, provided they are no longer necessary for the fulfillment or initiation of the contract.

Statutory or Contractual Requirements to Provide Personal Data; Necessity for Entering into a Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Such Data

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information on the contractual partner). Sometimes it may be necessary for the conclusion of a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with them. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before the provision of personal data by the data subject, the data subject must contact our data protection officer. Our data protection officer will clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of non-provision of the personal data.

Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You can prevent the installation of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout.

More information on terms of use and data protection can be found at http://www.google.com/analytics/terms/us.html or at http://www.google.com/intl/en_uk/analytics/privacyoverview.html. We point out that on this website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (so-called IP masking).

Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject and for the entire duration of their stay on our website, which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, for example, the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then they may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside of the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this website, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding LinkedIn component from LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated into our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in on LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then they may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages, and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The placement of such cookies can be denied under https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

Pinterest

The controller has integrated components of Pinterest Inc. on this website. Pinterest is a social network. A social network is a social meeting place on the Internet, an online community that usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Pinterest allows social network users to publish image collections and individual images as well as descriptions on virtual pinboards (so-called pins), which can then be shared by other users (so-called re-pins) or commented on.

The operating company of Pinterest is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Pinterest component (Pinterest plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Pinterest component from Pinterest. More information about Pinterest is available under https://pinterest.com/. During the course of this technical procedure, Pinterest gains knowledge of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Pinterest, Pinterest detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Pinterest component and associated with the respective Pinterest account of the data subject. If the data subject clicks on one of the Pinterest buttons integrated into our website, then Pinterest assigns this information to the personal Pinterest user account of the data subject and stores the personal data.

Pinterest receives information via the Pinterest component that the data subject has visited our website, provided that the data subject is logged in on Pinterest at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Pinterest component or not. If such a transmission of information to Pinterest is not desirable for the data subject, then they may prevent this by logging off from their Pinterest account before a call-up to our website is made.

The privacy policy published by Pinterest, which is available under https://about.pinterest.com/privacy-policy, provides information about the collection, processing, and use of personal data by Pinterest.

Privacy Policy on the Use and Application of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that allows video publishers to set video clips and other users free of charge, which also provides free viewing, reviewing, and commenting on them. YouTube allows the publication of all types of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating company of YouTube is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. More information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-site that contains a YouTube video, which specific sub-site of our Internet page was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.

Payment Method: Privacy Policy on PayPal as a Payment Processor

The controller has integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing. The personal data transmitted to PayPal is usually the first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which is in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transmit personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the data subject for payment processing will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.

The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data that must be processed, used, or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Payment Method: Privacy Policy on Stripe as a Payment Processor

The controller has integrated components of Stripe on this website. Stripe is an online payment service provider. Payments are processed via Stripe accounts, which represent virtual private or business accounts. Stripe is also able to process virtual payments through credit cards when a user does not have a Stripe account. A Stripe account is managed via an e-mail address, which is why there are no classic account numbers. Stripe makes it possible to trigger online payments to third parties or to receive payments.

The operating company of Stripe is Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA.

If the data subject chooses “Stripe” as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to Stripe. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing. The personal data transmitted to Stripe is usually the first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which is in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transmit personal data to Stripe, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between Stripe and the data subject for payment processing will be transmitted by Stripe to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

Stripe will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.

The data subject has the possibility to revoke consent for the handling of personal data at any time from Stripe. A revocation shall not have any effect on personal data that must be processed, used, or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of Stripe may be retrieved under https://stripe.com/privacy.

 

External Payment Service Providers

This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example via

– [PostFinance](https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)

– [Visa](https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)

– [Mastercard](https://www.mastercard.ch/de-ch/datenschutz.html)

– [American Express](https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)

– [Paypal](https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

– [Bexio AG](https://www.bexio.com/de-CH/datenschutz)

– [Payrexx AG](https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)

– [Apple Pay](https://support.apple.com/de-ch/ht203027)

– [Stripe](https://stripe.com/ch/privacy)

– [Klarna](https://www.klarna.com/de/datenschutz/)

– [Skrill](https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)

– [Giropay](https://www.giropay.de/rechtliches/datenschutzerklaerung)

As part of contract fulfillment, we use the payment service providers based on the Swiss Data Protection Regulation and, where necessary, Art. 6 para. 1 lit. b EU-GDPR. In addition, we use external payment service providers based on our legitimate interests under the Swiss Data Protection Regulation and, where necessary, under Art. 6 para. 1 lit. f EU-GDPR to offer our users effective and secure payment options.

 

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. As the operator, we do not receive any information about (bank) accounts or credit cards, but only information confirming (acceptance) or rejecting the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection notices of the payment service providers.

 

For payment transactions, the terms and conditions and the privacy policy of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for further information and for asserting revocation, information, and other data subject rights.

 

Sending Newsletters – Mailchimp

 

The newsletter is sent via the dispatch service provider ‘MailChimp’, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the dispatch service provider [here](https://mailchimp.com/legal/privacy/). The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection levels (Privacy Shield). The use of the dispatch service provider is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR and an order processing agreement according to Art. 28 para. 3 sentence 1 GDPR.

 

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e., without assignment to a user, to optimize or improve their own services, e.g., for technical optimization of the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to contact them or to pass it on to third parties.

 

Disclaimer

 

The author assumes no liability for the correctness, accuracy, timeliness, reliability, and completeness of the information.

Liability claims against the author for material or immaterial damages arising from access to, use, or non-use of the published information, misuse of the connection, or technical faults are excluded.

 

All offers are non-binding. The author expressly reserves the right to change, supplement, delete parts of the pages or the entire offer without separate announcement or to cease publication temporarily or permanently.

 

Source: BrainBox Solutions

 

IMAGE SOURCES

 

Girl from the Mountain or Andrea Rufener Photography is – unless otherwise noted – the author of all images used on this website.

 

IMAGES FROM OTHER AUTHORS

 

“Romance on the ice” photo with figure skating pair by Highend Scan Veraguth, Gerstenweg 8, 3400 Burgdorf

 

“Walter”, from the photo archive of Max Amstutz

 

Barefoot Sisters Mountain Retreats – Anna Deininger Photography and Lucia Heberlein