1. What is it about?

Digitec Galaxus AG (“we” or “us”) offers not only an online shop, but also the following subscription products:

• “Galaxus Mobile”: Mobile plan offer
• “Galaxus Internet”: Broadband internet plan offer
• “Galaxus TV”: TV offer

We collectively refer to these offers as “Galaxus Plans”. In the provision and management of the Galaxus Plans, personal data is partially processed.

The following information gives you an overview of the data processing activities connected with Galaxus Plan offers. In this Privacy Notice, you will learn, among other things:

• what personal data we collect and process;
• the purposes for which we use your personal data;
• who has access to your personal data; 
• what benefits our data processing has for you;
• for how long we process your personal data;
• what rights you have with respect to your personal data; and 
• how you can contact us.

2. Who is responsible for data processing?

According to data protection law, responsibility for data processing lies with the company that determines whether such processing is to take place, for what purposes it is to take place and how it is to be configured. Digitec Galaxus AG (Digitec Galaxus AG, Pfingstweidstrasse 60b, CH-8005 Zurich) is responsible for the processing of personal data in connection with Galaxus plans. For any questions about this Privacy Notice or the processing of your personal data, you can contact us at the following address:

Digitec Galaxus AG
Data Protection
Pfingstweidstrasse 60b
CH-8005 Zurich

E-mail: datenschutz@digitecgalaxus.ch

https://helpcenter.abos.galaxus.ch

We and other companies of the Migros Group may also be jointly responsible for data processing if we are involved in decisions concerning the configuration or purpose of such data processing. Further information about the companies belonging to the Migros Group can be found in the most recent Annual Report of the Federation of Migros Cooperatives.

3. For whom is this Privacy Notice intended?

This Privacy Notice applies to all persons whose data we process (hereinafter referred to as “you”), regardless of which channel you use to contact us (e.g. on a website, in an app, in a branch, by telephone, via a social network, at an event, etc.). It applies to the processing of personal data that has already been collected and personal data that will be collected in the future.

Our data processing activities may, in particular, affect the following categories of persons if we process their personal data:

• Visitors to our websites;
• Holders of a customer account;
• Other people who use our services or come into contact with offers from us;
• Users of our online offers and apps;
• Individuals who write to us or contact us in any other way;
• Recipients of information and marketing communications;
• Participants in competitions and prize draws;
• Participants in customer and public events;
• Participants in market research and opinion and customer surveys;
• Contacts at our suppliers, outlets, and other business partners, as well as at organizations and authorities.

Please also consult the contractual terms for individual services (e.g. General Terms and Conditions of Business). These may contain additional information about our data processing activities. For information about the collection and processing of personal data when using our websites, apps, and social media pages, particularly in connection with cookies and similar technologies, please also see our Cookie Notice.

4. Which personal data do we process?

“Personal data” constitute information that can be associated with a specific person. We process various categories of such personal data.

• Master data, such as form of address, first name, last name, gender and date of birth. It also includes photocopies of an identification document, information in connection with family and friends, and any user-defined name for a SIM card or other technical infrastructure in the customer portal.
• Contract data, such as data about the initiation and conclusion of contracts (e.g. date of contract conclusion), details from the application process, and details of the contract in question (e.g. type and duration). This category also includes data about financial matters, such as data used to establish creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood that receivables will be settled), about reminders, about collection proceedings, and about the enforcement of claims.
• Communication data, when you contact us (e.g. as part of an inquiry with our customer service department). As part of this, we may process and store data such as your and contact details (e.g. postal address, e-mail address, and telephone number) as well as any resulting correspondence (e.g. e-mails or chat messages). Comments on a website or responses to customer and satisfaction surveys also belong in this category, however.
• Transactional and behavioral data such as data about your behavior on our websites or in our apps. For example, uncompleted orders, viewed offers, search items and results, payment method, viewed shipments, etc.
• Preference data, which involves combining transactional and behavioral data with other data, e.g. master data, and analyzing it on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences, and likely behavior, such as your affinity for specific products, services or programs, provided you use our TV offer, for example. In doing so, we can provide you with tailored offers and continuously improve your user experience on our websites and apps. The processing described can also be called “profiling” in technical language. You can find further information about profiling in Section 11.

Technical data, in connection with Galaxus Mobile, relates in particular to metadata from telecommunications traffic (including phone numbers, value-added service numbers, date, time and duration of the connection, connection type, IP address, device identification numbers such as IMEI, IMSI, MAC address, device type).
In connection with Galaxus Internet, this concerns the number of your OTO socket (connection for fiber optic cable) and the MAC address of the router. If you need our support in the event of technical problems, we can request further data from your router, e.g. the name of the WLAN network or connected devices.
Galaxus TV collects your IP address.

5. Where does the personal data come from?

• Data provided: You often disclose personal data to us by yourself, for instance when sending us data or communicating with us. You also do it, however, when you create a Galaxus Plan customer account or use an existing Galaxus customer account. Master, contract, and communication data in particular are generally something you disclose to us yourself. You are in many cases also responsible for disclosing preference data to us.
  The provision of personal data is largely voluntary, which means that you are not generally obliged to disclose your personal data to us. However, we do have to collect and process the personal data that are required for processing contractual relationships and fulfilling associated obligations or that are prescribed by law, such as mandatory master and contract data, as we would otherwise be unable to conclude or continue the contract in question.
  If you send us data about other persons (e.g. family members, other users of our goods and services or other employees of your company), you must ensure that these other persons have been informed about the contents of this Privacy Policy and that you refrain from providing us with their personal data unless you are authorized to do so and that this personal data is correct.
• Data gathered: We may also collect personal data about you ourselves or automatically, such as when you shop with us, make use of our offers, or procure our services. This is often behavioral and transactional data, as well as technical data (e.g., metadata from telecommunications traffic).
  We may also derive personal data from personal data already available to us, for example by analyzing transactional and behavioral data. Such derived personal data frequently comprise preference data.
• Data received: We may also receive personal data from other companies of the Migros Group. Further information about this can be found in Section 8. Moreover, we may also receive information about you from other third parties, such as from companies with which we cooperate, persons who communicate with us, or public sources.

6. For what purposes do we process personal data?

“Purposes” means the reasons for which we process your personal data.

• Communication: We wish to remain in contact with you and address your individual requirements. We therefore process personal data for communication with you, in order to answer inquiries and for customer care, for instance. In particular, we make use of communication and master data for this, as well as contract data if the communication concerns a contract. We may also personalize the content and time of dispatch of messages on the basis of behavior, transaction, preference, and other data.
• Contract execution: The purpose of contract processing generally comprises everything that is necessary or appropriate for concluding, executing, and, where applicable, enforcing a contract. We process personal data in connection with the initiation, administration, and processing of contractual relationships, for instance to provide a service, deliver goods or services, run a loyalty program, or host a prize draw. We will also decide, as part of this contract processing, whether and how (e.g. with which payment options) we intend to enter into contractual relations with you (including assessing your creditworthiness). Contract processing also includes any agreed personalization of services. For this purpose, we make use of master data, contract data, communication data, transactional and behavioral data, and preference data in particular.
• Information and marketing: We wish to present you with attractive offers. We therefore process personal data for relationship management and marketing purposes, for example in order to send you written and electronic messages and offers and carry out marketing campaigns. These may comprise our own offers, those of other companies of the Migros Group, or those of advertising partners. We can also work for other companies, taking on the role of an agency, for example, to carry out promotions for their products. Messages and offers may also be personalized in order to – as far as possible – only send you information that is likely to be of interest to you. For this purpose, we in particular make use of master data, contract data, communication data, transactional data, behavioral data and preference data. You can find more information about this profiling in Section 11.
• Market research and product development: We aim to improve our offers continuously and make them more attractive for you. We therefore process personal data for market research and product development purposes. To do so, we particularly process master, behavioral, transactional, and preference data, as well as communication data and information from customer surveys, other surveys and studies, and further information, for example from the media, the Internet, and other public sources. As far as possible, we make use of pseudonymized or anonymized information for these purposes.
• Security and prevention: We wish to guarantee your and our security and prevent misuse. We therefore also process personal data for security purposes, to guarantee IT security, to prevent theft, fraud, and misuse, and for evidentiary purposes.
• Compliance with statutory requirements: We wish to lay the foundations for compliance with statutory requirements. We therefore also process personal data in order to comply with legal obligations and to prevent and detect infringements. Examples of this include receiving and processing complaints and other messages, complying with court and administrative orders, measures for detecting and investigating misuse as well as the legally required retention of metadata. This can apply to all the personal data categories listed in Section 3.
• Preservation of rights: We wish to be able to enforce our claims and to defend ourselves against the claims of others. We therefore also process personal data for the protection of rights, for instance in order to enforce claims judicially, before or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims. Depending on the situation, we process different categories of personal data, such as contact data and details of events that have led to or could lead to a dispute.
• Administration and support within the Group: We wish to shape our internal processes efficiently. We therefore also process personal data for the internal administration of the Migros Group (see Section 2 on the Migros Group). We particularly process master data, contract data, and technical data, as well as transactional data, behavioral data, and communication data. Like every group of companies, the Migros Group has an overall interest in the successful business activities of its Group companies, and our Group companies themselves have an interest in their own activities and processing purposes. We may therefore also disclose personal data to other companies of the Migros Group in order to support their own processing purposes under the Migros Group Privacy Notice in the overall interests of the Migros Group. Further information about this can be found in Section 8.

7. What is the legal basis for processing personal data?

Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if

• doing so is necessary to fulfill an agreement with the person concerned or for pre-contractual measures (e.g. to review a request for an agreement);
• it is necessary for the exercise of legitimate interests, for example when data processing is a central component of our business activities;
• doing so is based on consent;
• doing so is required for compliance with Swiss and foreign legal obligations.

In particular, we have a legitimate interest in processing for the purposes set out in Section 6 above and the disclosure of data in accordance with Section 8 and the associated objectives. The legitimate interests in each case include our own interests and the interests of third parties.

Examples of these legitimate interests include interests in connection with:

• the supply of products and services to third parties (e.g. Gift recipients);
• good customer support, maintaining contact and other communications with customers, including outside the framework of a contract;
• advertising and marketing activities;
• getting to know our customers and other individuals better;
• improving existing products and services and developing new ones;
• facilitating management and communication within the Group, which is necessary with a group that requires cooperation between parties;
• mutually supporting the Group companies in their activities and objectives;
• combating fraud and preventing and investigating offenses;
• protecting customers and other individuals, as well as data, secrets, and assets of the Migros Group;
• ensuring IT security, especially in connection with the use of websites, apps, and other IT infrastructure;
• safeguarding and organizing business operations, including the running and further development of websites and other systems;
• ensuring corporate management and development;
• selling or purchasing companies, parts of companies, or other assets;
• the enforcement or defense of legal rights and claims;
• complying with Swiss and foreign law, as well as internal rules and regulations.

8. To whom do we disclose personal data?

8.1 Within the Migros Group

We may disclose personal data that we receive from you or third-party sources to other Migros Group companies. Disclosure may serve to facilitate intra-Group administration or support of the group companies concerned and their own processing purposes (Section 6), such as when we support the personalization of marketing activities, the development and improvement of products and services, the conducting of credit assessments, or endeavors to prevent theft, fraud, and misuse. The personal data received may also be matched and linked to existing personal data by the relevant group companies. 

For example, this may include the following disclosures of data:

• All personal data categories listed in Section 4 for the administration and processing of contractual relationships, especially in connection with products and services involving multiple Group companies;
• Master data, contract data, communication data, transactional and behavioral data, and preference data, as well as findings from customer and other surveys, studies, and image and sound recordings for market research and product development purposes, if the personalization of that data is necessary;
• Master data, contract data, communication data, transactional data, behavioral data, preference data, and image and sound recordings for the delivery and personalization of offers, communication, and marketing activities;
• Master data, contract data, communication data, transactional data, behavioral data, and preference data for the prevention of fraud and misuse and for credit assessments (e.g. in connection with a purchase on account);
• Master data, transactional data, behavioral data, and image and sound recordings for purposes relating to theft protection and the provision of evidence;
• Security-relevant information for security purposes and compliance with statutory requirements;
• Information to support the safeguarding of rights.

Section 2 contains more information on the companies belonging to the Migros Group.

8.2 Outside the Migros Group

We may disclose your personal data to companies outside the Migros Group if we make use of their services. These service providers generally process personal data on our behalf as so-called “contract processors”. Our contract processors are obliged to only process personal data in accordance with our instructions and to take suitable measures to ensure data security. Certain service providers are also responsible jointly with us or independently (e.g. collection agencies). We ensure through the selection of service providers and suitable contractual agreements that data protection is upheld during the entire processing of your personal data.

Examples include services in the following areas:

• Services from mobile phone, Internet, or TV providers;
• Shipping and logistics, for example for the delivery of ordered goods;
• Advertising and marketing services, for example for the delivery of messages and information;
• Warranty and return, e.g. for repair in case of defects;
• Corporate management services, for example accounting or asset management;
• Payment services;
• Credit assessments, for example if you want to make a purchase on account;
• Collection services;
• Insurance service providers;
• Fraud prevention services that payment service providers perform under their own responsibility. Such procedures are applied only if you are already a customer of the respective payment service provider. You can then find more detailed information in the privacy policy of the respective service provider;
• IT services, for example in the areas of data storage (hosting), cloud services, the delivery of e-mail newsletters, and data analysis and refinement;
• Advisory services, for example the services of tax advisers, lawyers, management consultants, or advisers in the field of personnel recruitment and placement.

It is also possible that we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorized to share such information. In such cases, the data recipient is legally responsible as the controller of the data.

Examples of such cases include the following:

• Information about product recalls by manufacturers, if you have purchased a product of the manufacturer from us;
• The transfer of claims to other companies, such as collection agencies;
• The review or execution of corporate transactions such as corporate acquisitions, sales, and mergers;
• The disclosure of personal data to courts and authorities within Switzerland and abroad, such as criminal prosecution authorities in case of suspected criminal activities;
• The processing of personal data in order to comply with a court or administrative order, or to enforce or defend legal rights or claims, or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.

Please also note our Cookie Information on independent data collection by, or the transfer of data to, third-party providers whose tools we have integrated on our websites and apps.

As a matter of principle, we are not subject to any professional duty of confidentiality (such as banking or medical secrecy). Please inform us in individual cases if you believe that specific personal data is subject to a duty of confidentiality so that we can review your concerns.

9. How do we disclose personal data abroad?

We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see Section 8) who are located outside this area or who process personal data outside this area (in principle in any country in the world). The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contractual clauses. An example of the data transfer agreements generally used by us can be found here. Please note that such contractual arrangements can partially compensate for weaker or missing statutory protection but cannot rule out all risks completely (e.g. government access abroad). Data may also be transferred to countries without adequate protection in exceptional cases, for example if consent is granted, in connection with legal proceedings abroad, or if transfer is necessary for the processing of an agreement.

10. How do we process sensitive personal data?

Certain types of personal data are considered under data protection law to be sensitive, such as details about health and biometric features. Depending on the circumstances, the categories of personal data listed in Section 4 may also comprise such sensitive personal data. However, we generally only process sensitive personal data if this is necessary for the provision of a service, if you have voluntarily disclosed this data to us, or have consented to such processing. We may also process sensitive personal data if this is necessary for the protection of rights or compliance with Swiss or foreign legal provisions, if the data concerned have clearly been publicly disclosed by the person in question, or if the applicable law otherwise permits its processing.

11. How do we conduct profiling?

“Profiling” refers to a procedure during which personal data is processed on an automated basis in order to analyze personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities, and habits or the prediction of likely behavior. Profiling can be used in particular to derive preference data (further details about this can be found in Section 4.5).

Profiling is a common procedure, e.g. it occurs in the context of the automated processing

• of master data, contract, transactional and behavioral data when taking out or using Galaxus Plans;
• of transactional and behavioral data, as well as technical data, in connection with our websites and apps;
• of information in connection with the attendance of events or the participation in competitions, prize draws, and similar events;
• of communication data, such as your response to advertising and other messages;
• of other transactional and behavioral data.

Profiling helps us to

• improve our offers on a continuous basis and tailor them to individual needs;
• present our contents and offers to you in accordance with your needs;
• to the extent possible only show you advertisements and offers that are likely to be relevant for you;
• support you better with our customer service;
• decide on the basis of a credit assessment which payment options are available.

We conduct profiling in connection with our TV offering, for example, by analyzing your usage behavior and making suggestions to you based on this as to which programs might also be of interest to you.

In order to improve the quality of our analyses and predictions, we may also combine personal data that originates from different sources as the basis of our profiling, for example data that has been collected via our various departments or that we have received from other Migros Group companies. Self-learning algorithms (specific routines in computer programs) can also be used.

In certain cases, you also have the right to object to profiling, as described in Section 15.

12. Do we use automated individual decision-making?

“Automated individual decision-making” refers to any decision that is made on a fully automated basis, meaning with no relevant human influences, and has legal consequences for the person concerned or that significantly affects him or her in some other way. We generally do not do this but will inform you separately, should we opt to utilize automated individual decision-making in individual cases. You will then have the option of having the decision reviewed by a human being if you do not agree with it.

13. How do we protect personal data?

We take appropriate technical and organizational security measures in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. However, like all companies, we cannot completely rule out data security infringements; certain residual risks are unavoidable.

Security risks of a technical nature include the encryption and pseudonymization of data, record keeping, access restrictions, and the storage of data backups. Security measures of an organizational nature include instructions issued to our employees, training programs, and audits. We also require our contract processors to take appropriate technical and organizational security measures.

14. For how long do we process personal data?

We process and store your personal data

• for as long as it is required for the purpose of processing and compatible purposes, in the case of contracts normally for at least the duration of the contractual relationship;
• for as long as we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes, and to ensure IT security;
• for as long as it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data. Shorter retention periods apply for other data, for example for recordings from video surveillance or for recordings of certain online processes (log data).

In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g. for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.

15. What rights do you have in connection with the processing of your personal data?

You have the right to object to data processing particularly if we process your personal data on the basis of a legitimate interest and the other applicable requirements are met. You can also object to data processing in connection with direct advertising (e.g. advertising e-mails) at any time. This also applies to profiling, to the extent that it relates to direct advertising.

Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:

• The right to request information about your personal data stored by us;
• The right to have inaccurate or incomplete personal data corrected;
• The right to request the deletion or anonymization of your personal data;
• The right to request that the processing of your personal data be restricted;
• The right to receive certain personal data in a structured, commonly used and machine-readable format;
• The right to revoke consent with effect for the future, insofar as processing is based on consent. 

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via our Helpcenter. If you have a customer account, you can correct your master data stored there (e.g. your address) at any time. You may also contact us under Section 16 if you wish to exercise any of your rights or have questions about the processing of your personal data.

In addition, you are free to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data may be in breach of applicable law.

• The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

16. How can you contact us?

If you have any questions or concerns relating to this Privacy Notice or the processing of your personal data, please contact the company responsible using the contact details stated on its website.

You are also welcome to contact us as follows:

Digitec Galaxus AG
Pfingstweidstrasse 60b
CH-8005 Zurich

https://abos.galaxus.ch/

You can contact our Data Protection Officer for specific questions regarding data protection:

Digitec Galaxus AG
Data Protection
Pfingstweidstrasse 60b
CH-8005 Zurich

E-mail: datenschutz@digitecgalaxus.ch

You may also contact our Data Protection Officer or our representative in the EU and/or the European Economic Area using the following contact details:

• Data Protection Officer: Federation of Migros Cooperatives, Data Protection Officer, c/o Legal & Compliance, Limmatstrasse 152, 8005 Zurich, privacy@mgb.ch

17. Changes to this Privacy Notice

This Privacy Notice may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. We will actively inform individuals whose contact details are registered with us of any material changes, provided that we can do this without disproportionate effort. In general, the version of the Privacy Notice in effect at the time at which the data processing activity in question commences is applicable.

INFORMATION ABOUT COOKIES AND SIMILAR TECHNOLOGIES

1. What is it about?

This Cookie Notice describes how and why we collect, process, and utilize personal and other data when you make use of our websites and mobile apps – particularly in connection with cookies and similar technologies. For the sake of simplicity, in the following we will generically refer to websites, but in doing so also include mobile apps.

Further information about our handling of personal data can be found in our Privacy Notice.

2. What are log files?

Each time our websites are used, certain data is automatically accumulated for technical reasons and temporarily stored in so-called log files. Examples include the following technical data:

• IP address of the requesting end device;
• Information about your Internet service provider;
• Information about the operating system of your end device (tablet, PC, smartphone, etc.);
• Information about the referring URL;
• Information about the browser used;
• Date and time of access; and
• Contents accessed when visiting the website.

This data is processed for the purpose of facilitating the use of our websites (connection establishment) and ensuring their smooth operation, guaranteeing system security and stability, facilitating the enhancement of our websites and for statistical purposes.

The IP address is also analyzed together with other log files and further data available to us, if applicable, in the event of attacks on IT infrastructure or other potential unlawful or improper use of the websites for solution and aversion purposes, and may be used during criminal proceedings for the identification of persons concerned and for action taken under civil and criminal law against these persons.

3. What are cookies and similar technologies?

Cookies are files that your browser automatically stores on your end device when you visit our websites. Cookies contain a unique code number (ID) enabling us to distinguish individual visitors from others, but normally without identifying them. Depending on their intended use, cookies may contain further information, for example about visited sites and the duration of a visit to a site. We use both session cookies that are deleted again when the browser is closed, and permanent cookies that remain stored for a given period after the browser is closed (normally between a few days and two years) and serve to identify visitors again on subsequent visits.

We may also use similar technologies such as pixel tags, fingerprints and other technologies for storing data in the browser. Pixel tags are small, normally invisible images or a program code loaded by a server that provide the server operator with specific information such as whether and when a website was visited. Fingerprints comprise information collected during your website visit about the configuration of your end device or your browser that enables your end device to be distinguished from other devices. Most browsers also support further technologies for the storage of data in the browser that are similar to cookies and that we may also make use of (e.g. web storage).

In certain cases, we may pass on data stored in your customer account, such as your e-mail address, to third-party providers as a so-called hash value. A hash value corresponds to a kind of “encryption” of corresponding data and cannot usually be deciphered by third parties. However, if different providers use the same hash method, the values can be checked for similarity, as the same entry always results in the same hash value if the same method is used. The hash value is used by third-party providers exclusively to improve their measurements on the success of advertising campaigns or to recognize website visitors in the context of displayed advertisements.

4. How can cookies and similar technologies be deactivated?

You can configure the settings in your browser in such a way as to block certain cookies or similar technologies or delete existing cookies and other data stored in the browser. You can also expand your browser with software (so-called “plug-ins”) to block tracking by specific third parties. You can find further information in the help pages of your browser (normally under the key word “data protection”). Please note that our websites may no longer function to their full extent if you block cookies and similar technologies.

5. What types of cookies and similar technologies do we use?

We use the following types of cookies and similar technologies:

• Necessary cookies: Necessary cookies are required in order for a website and its functions to be used. For example, these cookies ensure that you are able to navigate between pages without details entered in a form or products placed in a shopping basket being lost.
• Performance cookies: Performance cookies collect information about how a website is used and enable us to conduct analyses, for example to find out which pages are most popular and how visitors move around a website. These cookies serve to simplify and speed up website visits and generally to improve user-friendliness.
• Experience cookies: Experience cookies enable us to offer extended functions and display personalized contents. For example, these cookies allow us to display products to you based on those previously viewed that may also be of interest to you.
• Marketing cookies: Marketing cookies help us and our advertising partners to approach you on our own and third-party websites with advertisements for products or services that may be of interest to you or to display our advertisements to you during further Internet usage after visiting our websites.

6. How do we make use of cookies and similar technologies of third parties?

The cookies and/or similar technologies used by us may originate from us or from third-party companies, for instance if we make use of functions provided by third parties. Such third-party providers may be located outside Switzerland and the European Economic Area (EEA) as long as the protection of your personal data is adequately safeguarded.

For example, we make use of analysis services to analyze how you use our websites in order to optimize and personalize them. Cookies and similar technologies of third-party providers furthermore enable them to approach you on our websites or on other websites and in social networks that also collaborate with these third parties with individualized advertising and to measure how effective advertisements are (e.g. whether you arrive at our website via an advertisement and what actions you then carry out on our website). One example is Google Analytics, whose tracking tools we use under an order processing agreement.

Certain third-party providers may thereby partially view and store the usage of the website in question. These recordings may be combined by these providers with similar information from other websites. The behavior of certain users can thus be recorded across multiple websites and end devices. In some circumstances, the applicable provider may also make use of this data for its own purposes, such as for personalized advertising on its own websites and on other websites that it supplies with advertising. If users are registered with the provider, the provider may assign the usage data to the person in question. The processing of such personal data is carried out here by the provider in its own responsibility and in accordance with its own data protection provisions.

In the following overview you will find the companies whose cookies and similar technologies we use.

7. How do we make use of social media presences?

We may have our own presences on social networks and similar third-party platforms (e.g. Facebook Fan Pages). If you communicate with us via such presences or comment on or disseminate the contents we post, we will collect the corresponding details and process them in accordance with our Privacy Notice. We are entitled but not obliged to review contents prior to or after their publication and to delete contents without notification where this is technically possible, or to report them to the provider of the platform in question. Where rules of decency and codes of conduct are violated, we may also notify the provider of the platform of the user account in question for blocking or deletion.

When visiting our social media presences, data (for example about your user behavior) may also be transmitted to or collected by the provider in question directly and processed together with other data already known to said provider (such as for marketing and market research purposes and the personalization of platform contents). Where we are jointly responsible with the provider for certain types of processing, we will conclude a corresponding agreement with such provider. You may obtain information about the material content of this agreement from the provider. Further information about data processing by the providers of social networks can be found in the data protection provisions of the corresponding social networks.

8. Changes to this Cookie Notice

This Cookie Notice may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. In general, the version of the Cookie Notice in effect at the time at which the data processing activity in question commences is applicable.

Last modification: 15.09.2025