Privacy Policy
Last update on 28 June 2024
1. What do we do?
2. What do we inform about?
3. Definition of terms
4. Contact
5. Data security
6. Rights of data subjects
7. General principles
8. Individual data processing operations
9. Does our privacy policy always remain the same?
What do we do?
Crios by Schuler (Lindenstrasse, 6, 6218 Ettiswil) operates the website www.criosguitars.ch (hereinafter referred to as "we").
The protection of your personal data is very important to us. In this privacy policy, we provide you with transparent and comprehensible information about what data we collect via our website and how we handle it.
For this reason, we use the icons of the PRIVACY ICONS association, among others. They are intend-ed to help you get a quick overview of how we process your data.
What do we inform about?
-
Who is responsible for data processing;
-
What data is collected;
-
The purpose for which this data is collected;
-
The legal basis on which we collect this data;
-
To whom we pass on this data;
-
How you can object to data processing;
-
What rights you have and how you can assert them.
Definition of terms
What is personal data?
Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, name, address, date of birth, e-mail address or telephone number as well as the IP ad-dress. Personal data also includes data about personal preferences such as leisure activities or memberships.
What are special categories of personal data?
Special categories of personal data are:
-
Data on religious, ideological, political or trade union views or activities;
-
Data relating to health, privacy, racial or ethnic origin, sex life and sexual orientation;
-
Data on administrative or criminal prosecutions and sanctions, as well as data on social assistance measures;
-
Genetic data and biometric data that uniquely identify a person.
If necessary and if you disclose this data to us yourself, we may process data belonging to a special category of personal data. In this case, their processing is subject to stricter confidentiality.
What is the processing of personal data?
Processing is any handling of personal data, regardless of the means and procedures used, in particular the procurement, storage, retention, use, modification, disclosure, archiving, erasure or destruction of personal data.
What is the disclosure of personal data?
This is the transmission or making available of personal data, e.g. publication or disclosure to a third party.
Contact
If you have any questions or concerns about the protection of your data by us, you can contact our data protection officer:
Fabian Schuler
fabian-schuler@hotmail.com
Data security
We will keep your data secure and take all reasonable steps to protect your data from loss, access, misuse or alteration.
Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it will be necessary for us to pass on your enquiries to our affiliated companies as part of order processing. Your data will also be treated confidentially in these cases.
Within our website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser.
Rights of data subjects
Right to information
You can request information about the data we have stored about you at any time. Please send your request for information together with credible proof of identity to fabian-schuler@hotmail.com.
The information will be provided in writing or in another form, including electronically if necessary. If you so request, we can also provide you with the information verbally, provided that you can prove your identity in another form. If you submit the request for information electronically, we will provide the information in a standard electronic format, unless you specify otherwise.
As a rule, information is provided free of charge. If additional copies are requested, a reasonable fee may be charged.
The right to obtain a copy of the processed data must not adversely affect the rights and freedoms of other persons.
In the event of manifestly unfounded or excessive requests for information, we reserve the right to re-fuse to provide information within the limits of the law or to charge an appropriate fee.
The processing of your application is subject to the statutory deadline of one month. Due to the complexity and high number of requests, we may extend this period by a further two months if necessary. You will be informed of the extension within one month of submitting the request for information. You will also be informed of the reasons for the extension.
Cancellation and rectification
You have the option of requesting the deletion, correction or completion of your data at any time, provided that there are no statutory retention obligations or a legal authorisation requirement to the contrary.
Please note that the exercise of your rights may be in conflict with contractual agreements and may have corresponding effects on the execution of the contract (e.g. premature cancellation of the contract or cost consequences).
Restriction of processing
You also have the right to request a restriction of processing if you dispute the accuracy of this data, the processing is unlawful, the data is no longer required or you have objected to the processing.
If the processing of the data is restricted, it may only be stored. Further processing may only take place with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another person or for reasons of important public interest. You will be notified if the restriction is lifted.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means. You also have the right to request that the personal data be transmitted directly by us to another controller, insofar as this is technically feasible.
Right of objection
If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed your objection to us.
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the ba-sis of which we will continue the processing.
You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can contact us about your objection to advertising using the contact details provided in this privacy policy.
Right of appeal
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
General principles
What data do we process from you and from whom do we receive this data?
First and foremost, we process personal data that you transmit to us or that we collect when operating our website. We may also receive personal data about you from third parties. This may include the following categories:
-
Personal master data (name, address, date of birth, etc.);
-
Contact details (mobile phone number, e-mail address, etc.);
-
Financial data (e.g. account details);
-
Online identifiers (e.g. cookie identifiers, IP addresses);
This data can come from the following sources:
-
Information from publicly accessible sources (e.g. media, Internet);
-
Information from public registers (e.g. commercial register, debt collection register, land register);
-
Information in connection with official or legal proceedings;
-
Information regarding your professional functions and activities (e.g. professional networks);
-
Information about you in correspondence and meetings with third parties;
-
Credit information (insofar as we process personal transactions with you);
-
Information about you that people from your environment give us so that we can conclude or process contracts with you;
-
Data in connection with the use of the website.
Under what conditions do we process your data?
We process your data in accordance with the applicable data protection laws, in particular the GDPR. The processing is carried out for the purposes specified in this privacy policy. We pay attention to transparency and proportionality.
The processing of your data is lawful as long as a GDPR authorisation is fulfilled. The following are possible grounds for authorisation:
-
Your consent (Art. 6 para. 1 lit. a GDPR);
-
The fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR);
-
The fulfilment of legal obligations to which we are subject (Art. 6 para. 1 lit. c GDPR);
-
The protection of vital interests of the data subject or another natural person (Art. 6 para. 1 lit. d GDPR);
-
The performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1 lit. e GDPR);
-
Our legitimate interests, provided that your interests do not outweigh ours (Art. 6 para. 1 lit. f GDPR).
It may be necessary for you to provide us with certain personal data so that we can fulfil our contractual obligations. Without such data, we are normally unable to fulfil a contract.
Under normal circumstances, the website cannot be used if certain information to secure data traffic, such as your IP address, is not disclosed.
In which cases can we pass on your data to third parties?
a. Principle
We may need to use the services of third parties or affiliated companies and commission them to process your data (so-called processors). The categories of recipients are as follows:
-
Accounting, fiduciary and auditing company;
-
Consultancy firms (legal advice, taxes, etc.);
-
IT service provider (web hosting, support, cloud services, website design, etc.);
-
Payment service provider;
-
Provider of tracking, conversion and advertising services.
We ensure that these third parties and our affiliated companies comply with the requirements of data protection and treat your personal data confidentially.
We may also be obliged to disclose your personal data to authorities.
b. Passing on to partners and co-operation companies
We sometimes work together with different companies and partners who place their offers on our web-site. It is recognisable to you that this is a third-party offer (marked as "advertising").
If you take advantage of such an offer, we will transfer your personal data to the relevant partner or co-operation company (e.g. name, function, communication, etc.) whose offer you wish to take advantage of. These partners and co-operation companies are independently responsible for the personal data they receive. Once the data has been transmitted, the data protection provisions of the respective part-ner apply.
c. Transfer abroad
Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are obliged to protect data to the same extent as we are. The transfer may take place worldwide.
If the level of data protection does not correspond to that of the EEA area, we carry out a prior risk assessment and contractually ensure that the same level of protection is guaranteed as in the EEA area (e.g. by means of the standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link.
How long do we store your data?
We only store personal data for as long as is necessary to fulfil the individual purposes for which the da-ta was collected.
We store contract data for longer, as we are obliged to do so by law. In particular, we must store business communications, concluded contracts and accounting documents for up to 10 years. If we no longer need such data from you to provide the services, the data will be restricted for further processing and we will only use it for accounting and tax purposes.
Individual data processing operations
Provision of the website and creation of log files
If you merely visit www.criosguitars.ch, i.e. if you do not register or otherwise disclose information, only the data that your browser automatically transmits to our server will be collected. The data is technically necessary for the operation of the website.
What data do we process?
The following data in particular is processed for the provision of the website and the creation of log files:
-
Name of the internet service provider
-
IP address
-
Technical information such as browser, operating system or screen resolution
-
the date and time of access
-
Referrer URL
This data cannot be assigned to a specific person and is not merged with other data sources.
For what purpose do we process the data?
The log files are processed in order to guarantee the functionality of the website and to ensure the security of our information technology systems.
On what basis do we process the data?
The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interests are set out in the purpose of the data processing.
Who do we pass the data on to?
The forwarding of data by us is based on our statements on data forwarding.
How can you prevent data processing?
The data is only stored for as long as is necessary to fulfil the purpose for which it was collected. Accordingly, the data is deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website; you therefore have no option to object to this unless you do not visit our website.
Cookies
Our website uses cookies. Cookies are text files that are stored on the operating system of your device with the help of the browser when you visit our website. Cookies do not cause any damage to your computer and do not contain viruses. Some cookies are technically necessary for the website to function. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them or their expiry date.
For what purpose do we process the data?
We use cookies so that we can use the data collected to make our website more user-friendly, effective and secure. In particular, we use cookies to save your preferences (e.g. language and location set-tings), to ensure the fast provision and attractive presentation of website content (e.g. through the use of fonts and content delivery networks) and to analyse the use of this website for statistical evaluation and continuous improvement (usually using third-party cookies). The purposes for which we use the (technically unnecessary) cookies in detail can be found in the following explanations in this privacy pol-icy.
On what legal basis do we process the data?
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as technically necessary cookies are concerned, our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR forms the legal basis.
Who do we pass the data on to?
The forwarding of data by us is governed by our statements on data forwarding. In addition, the follow-ing information on individual data processing in this privacy policy must be observed.
How can you prevent data processing?
A cookie banner is displayed when the website is accessed. Cookies that require your consent in accordance with Art. 6 para. 1 lit. a GDPR are only activated if you give your consent. If you refuse con-sent, no data will be collected by the cookies requiring consent.
You cannot prevent the collection of data by cookies, which we use on the basis of our legitimate inter-est in accordance with Art. 6 para. 1 lit. f GDPR, by using the cookie banner. These cookies, which are technically necessary for the operation of the website, are stored on your computer. You can delete them completely or deactivate or restrict their transmission by changing the settings in your browser. If you deactivate these cookies, you may no longer be able to use all functions of the website to their full extent.
Instructions for the most common browsers can be found here:
For cookies that are used to measure success and reach or for advertising, a general objection ("opt-out") is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA)
Tracking pixel
We may use tracking pixels on our website or in our emails. Tracking pixels are also known as web beacons. Tracking pixels are small, usually invisible images that are automatically retrieved when you visit our website or open our emails.
What data do we process?
Counting pixels can be used to collect the same data as log files. In addition, movement profiles of the entire session can be collected. In particular, tracking pixels are used by third parties whose services we use. Detailed information about these third-party services is provided below in this statement.
For what purpose do we process the data? Tracking pixels are used by various tracking services to analyse the use of this website and for statistical evaluation and continuous improvement. Tracking pixels can also be used for email tracking.
On what legal basis do we process the data?
The legal basis for the dissemination is your consent in accordance with Art. 6 para. 1 lit a GDPR.
Who do we pass the data on to?
The transfer of data by us is based on our statements on data transfer. Please also note the information in this privacy policy on the individual tracking services.
How can you prevent data processing? To prevent data processing using tracking pixels, you can install suitable browser extensions such as uBlockOrigin and block external graphics in your e-mail programme or by not giving your consent for processing.
Wix eCommerce
Wix eCommerce is a platform that allows users to create an online store on their website. This allows businesses or individuals to sell products or services online, manage inventory and customer orders, and process payments. It also includes features such as product galleries, shopping carts, and customizable storefront templates to make the online shopping experience user-friendly and visually appealing. Additionally, Wix eCommerce offers tools for marketing, customer engagement, and analytics to help businesses grow their online sales.
Wix
Wix is a website building platform used to create and design webpages for businesses, professionals, and individuals. It is an easy-to-use drag-and-drop editor that allows users to create professional-looking websites with no coding or design skills required. Wix provides users with a variety of features, such as customizable templates, mobile-friendly design, and an integrated ecommerce system.
Sentry
Sentry is a software tool used for monitoring and reporting software errors and crashes on a website. It helps developers identify and fix bugs, performance issues, and user experience problems in real-time. It also provides insights and analytics on the health and stability of the website. Sentry integrates with various web development tools and platforms, making it a useful tool for maintaining the reliability and performance of a website.
Google Cloud CDN
Google Cloud CDN (Content Delivery Network) is a service provided by Google that helps websites improve their performance and deliver content faster to their users. This is achieved by storing and serving static content (such as images, videos, and documents) on Google's global network of servers, which are located closer to the website's users. When a user requests content from a website, the Google Cloud CDN will serve the content from the nearest server, reducing the distance and time it takes for the content to reach the user. This results in faster page load times, less latency, and a smoother user experience. Additionally, Google Cloud CDN also provides enhanced security and helps reduce bandwidth costs for websites. It is commonly used by websites with a global audience or high traffic to improve their performance and optimize their user experience.
PrivacyBee
PrivacyBee
We use PrivacyBee on our website, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland. PrivacyBee is used to recognize all data protection-relevant services and to generate an individual privacy policy for the website.
What data do we process?
PrivacyBee is a service for generating data protection declarations, which are then integrated into our website via JavaScript. The following data is processed for the provision of this service:
-
IP address
-
Browser type and version
-
Operating system
-
Date and time of access to our privacy policy
For what purpose do we process the data? The collection of this data enables us to display the privacy policy correctly on your end device configuration and to ensure that the content is correct and up to date.
Who do we share the data with?
The transfer of data by us is based on our statements on data transfer. The data collected through the use of PrivacyBee remains with PrivacyBee. How can you prevent the processing of your data? To prevent PrivacyBee from processing your data, you can disable JavaScript in your browser. Please note, however, that if you deactivate JavaScript, you may not be able to use all the functions of our website to their full extent. We do not offer a specific opt-out option for the PrivacyBee service itself, as the service is essential for the provision of our privacy policy.
Does our privacy policy always remain the same?
We may change this privacy policy at any time. The changes will be published on www.criosguitars.ch, you will not be informed separately.