Privacy policy

Privacy policy

The responsible body within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:

 

Olo Marzipan O. Lohner AG
Bernstrasse 37a
3421 Lyssach
Telefon: +41 34 447 47 47
E-Mail: info@olomarzipan.ch
Website: https://olomarzipan.ch

 

General note

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DPA), every person has the right to protection of their privacy as well as protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorised access, loss, misuse or falsification.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. The data will not be passed on to third parties without your consent.

 

Processing of personal data

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) of the GDPR - insofar as and to the extent that the EU GDPR is applicable:

  • lit. a) Processing of personal data with the consent of the data subject.
    lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
    lit. c) Processing of personal data for the fulfilment of a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR applies in whole or in part.
    lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.
    lit. f) Processing of personal data in order to protect the legitimate interests of us or of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the period of time required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

 

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Third party services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services of the American Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.

Google has undertaken to ensure adequate data protection in accordance with the US-European and the US-Swiss Privacy Shield.

Further information can be found in Google's privacy policy.

 

Privacy policy for contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

 

Services with costs

For the provision of chargeable services, we request additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired.

 

Use of Google reCAPTCHA

This website uses the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland "Google"). The purpose of the query is to distinguish whether the input is made by a human or by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and further used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. Your data may also be transmitted to the USA. An adequacy decision of the European Commission, the "Privacy Shield", is in place for data transfers to the USA. Google participates in the "Privacy Shield" and has submitted to the requirements. By pressing the query, you consent to the processing of your data. The processing is based on Art. 6 (1) lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

You can find more information about Google reCAPTCHA and the associated privacy policy at: https://policies.google.com/privacy?hl=de

 

Privacy policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, the Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" in order to ensure anonymised collection of IP addresses. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Analytics uses cookies. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: Deactivate Google Analytics.

Furthermore, you can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.

 

Privacy policy for the use of Google Web Fonts

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

 

 

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate e.g. Google Analytics and other Google marketing services into our online offer. The tag manager itself, which implements the tags, does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

Privacy policy for Hubspot

Our website uses Hubspot, a marketing automation software from HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software company from the USA with a European branch in Ireland. Hubspot helps us to analyse the use of our portal. Hubspot uses cookies for this purpose.

Certain usage data is linked to your person (e.g. after entry in a registration form) and stored in our CRM. This enables us to send you information and offers tailored to your interests.

In the process, your personal data may also be forwarded to Hubspot servers in the United States (USA). The appropriate level of protection is established by the fact that HubSpot, Inc. participates in the EU-US Privacy Shield Agreement and is certified for compliance with it.

We use Hubspot to provide you with information and offers tailored to your needs. Accordingly, we have a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR in this processing. The legal basis for the processing of your personal data by us in connection with the use of Hubspot is Art. 6 (1) f) of the General Data Protection Regulation.

In connection with the use of Hubspot, we store your personal data for as long as is necessary to provide you with information and offers tailored to your needs.

The provision of personal data collected via Hubspot is not required by law or contract or necessary for the conclusion of a contract. If you do not provide us with this data, we will not be able to provide you with information and offers tailored to your needs.

You can find more information on data use by Hubspot in Hubspot's privacy policy at: https://legal.hubspot.com/de/privacy-policy.

You can object to the use of your data at any time, e.g. by sending an email to our email address in this privacy policy.

HubSpot is certified under the terms of the "EU-U.S. Privacy Shield Framework" and is subject to TRUSTe's Privacy Seal as well as the "U.S.-Swiss Safe Harbor" Framework.

 

Privacy policy for Facebook

This website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA . When you call up our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a "Like" or "Share" button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

 

Privacy policy for Instagram

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please see the Instagram privacy policy: http://instagram.com/about/legal/privacy/

 

 

Privacy policy for LinkedIn

We use the marketing services of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn") within our online offer.

These use cookies, i.e. text files that are stored on your computer. This enables us to analyse your use of the website. For example, we can measure the success of our advertisements and show users products in which they were previously interested.

For example, information on the operating system, the browser, the website you previously visited (referrer URL), which websites the user visited, which offers the user clicked on, and the date and time of your visit to our website are recorded.

The information generated by the cookie about your use of this website is transferred pseudonymously to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process the data without pseudonymisation or has a LinkedIn account.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also object to the use of your data directly at LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary for the development, implementation and maintenance of the services takes place in a lawful manner. Where we ask users for consent, the legal basis for processing is Art. 6 (1) lit. a DSGVO. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.

Information of the third-party provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy.

 

External payment service providers

This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via

PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Stripe (https://stripe.com/ch/privacy)
Klarna (https://www.klarna.com/de/datenschutz/)
Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.
In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, in accordance with Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective website or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.

 

Order processing in the online shop with customer account

We process the data of our customers in accordance with the data protection provisions of the German Federal Data Protection Act (Datenschutzgesetz, DSG) and the EU Data Protection Regulation (EU-DSGVO) as part of the ordering process in our online shop in order to enable them to select and order the selected products and services, as well as their payment and delivery or execution.

The data processed includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the scope of operating an online shop, billing, delivery and customer services. In this context, we use session cookies, e.g. for storing the contents of the shopping cart, and permanent cookies, e.g. for storing the login status.

The processing is based on Art. 6 Para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfilment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer's request for delivery or payment).

Users can optionally create a user account, in which they can view their orders in particular. Within the scope of registration, the required mandatory information is provided to the users. The user accounts are not public and cannot be indexed by search engines, e.g. Google. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention being necessary for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c DSGVO. Information in the customer account shall remain until it is deleted and subsequently archived in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.

Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed at irregular intervals. In the case of statutory archiving obligations, deletion takes place after their expiry.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website will apply. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

Questions to the Data Protection Officer

If you have any questions about data protection, please write to us by e-mail or contact the person in our organisation responsible for data protection listed at the beginning of this privacy policy directly.