From 25 May 2018, the new General Data Protection Regulation (GDPR) of the European Union (EU) will apply. Even though Switzerland has not yet adapted its own data protection law to the GDPR, we at Lunetta AG have already implemented GDPR-compliant processes. The EU Commission also recognises that data protection law in Switzerland guarantees adequate data protection.
Lunetta AG is committed to protecting your privacy and takes its responsibility for the security of customer information very seriously. We are transparent about the type of information we collect and how we use it.
All personal data is collected and processed in accordance with Swiss and European data protection law.
Collection, processing and use of personal data
Lunetta AG (referred to in this statement as “we”, “us”, “our” or “Lunetta AG”) refers in this statement to Lunetta AG with the online platform lunetta.ch). This is the “data controller” for all personal information collected about lunetta.ch customers as defined by the Swiss and European Data Protection Regulations 2018. Lunetta AG is registered in Switzerland under the commercial register number: CH-102.527.566 and with its registered office in Reiden LU.
6260 Reiden LU
What personal data do we collect?
Personal data means any information about you as a user that enables us to identify you, such as your name, contact details, booking reference number, payment details and information about your access to our website.
We may collect personal information when you shop with us, create a Lunetta account, use our website or other websites accessible through our website, or when you contact us directly.
Specifically, we may collect the following types of data:
– Name, address, email address, telephone number, order number, invoice number, order detail, credit or debit card information and other payment details;
– Additional order information, including your name, date of birth, gender.
– Information about your purchases of products and services from us or our trusted partners;
– Information about your use of our website;
– The communications you exchange with us or send to us via letters, emails, chat services, calls and social media.
– Your location, including real-time geographic location of your computer or device via GPS and Bluetooth and your IP address, together with location data to public Wi-Fi hotspots and broadcast towers if you use location-based features and have enabled the location services settings on your device or computer.
Personal information about suspected perpetration of or conviction for criminal offences is referred to as “sensitive” personal data under applicable data protection laws. We will only process such data if you have given your explicit consent or the processing is necessary (for example, because of fraud or debt collection cases), or you have deliberately disclosed it.
What for, why and how long do we use your personal data?
Your data may be used for the following purposes:
– Providing requested products and services: We use the information you provide to us to provide the services you have requested in connection with your order or consultation, including requested order, or consultation changes;
– Notify you when invoices are changed or cancelled: We will send you information about the services you have requested and any changes to those services. These communications are not for marketing purposes and it is not possible to opt out;
– Verification or review of credit or other payment cards: We use your payment information for accounting, clearing and auditing purposes and to detect and/or prevent any fraudulent activity;
– Security, Crime Prevention or Detection: We may also share information with government or law enforcement agencies in order to comply with legal requirements;
– Customer service communications: We use your information to manage our communications with you as a customer and to improve our services and your experience with us;
– Providing tailored services: We use your information to provide information that we think will be of interest to you before, during and after you place an order with us and to personalise the services we provide to you; examples of this include special offers on your favourite products or similar offers;
– E-mail advertising with registration for the newsletter: If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data in a manner that goes beyond this, which is permitted by law and about which we inform you in this declaration.
We will only process your personal data if we have a legal basis to do so. The legal basis is based on the purposes for which we have collected your personal data and need to use it.
In most cases, we need your personal data to comply with a legal obligation (e.g. sales contract) or for administrative purposes.
Only minors aged 16 and over may give their consent themselves. For minors under 16 years of age, the consent of their parents or legal guardians is required. Please send this to us in writing.
We will not retain your data for longer than is necessary for the purpose for which it is processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purpose for which we process your personal data and whether we can achieve that purpose by other means.
We also need to consider the periods for which it may be necessary for us to retain your personal data in order to comply with our legal obligations (for example, in relation to claims arising from orders, cancellations or returns or to deal with complaints and enquiries as well as to protect our legal rights in the event of a claim being made). For information about how data is stored in your Lunetta account, please see the Lunetta AG section below.
When we no longer need your personal data, we will irretrievably delete or destroy it. We will also consider whether and how we can minimise the personal information we use over time and whether we can anonymise your personal information so that it can no longer be associated with you or identify you as a result. If so, we may use this information without prior notice to you.
Safety of your personal data
We follow strict security procedures in storing and sharing and in protecting your personal data against accidental loss, destruction or damage.
Disclosure of your personal data
– Government authorities, law enforcement agencies and supervisory authority to Government authorities, law enforcement agencies and supervisory authority to comply with legal regulations;
– The personal data we collect is shared with the transport company contracted to deliver the goods, to the extent necessary to deliver the goods, as part of the contract process.
– Trusted third parties who provide ancillary services that we use to run our business, such as staff, call centres that support our customers, cloud services and email marketing service providers who assist our marketing team in conducting customer surveys and delivering targeted marketing campaigns;
– Legal advisers and other professional advisers, courts and law enforcement agencies in any country where we operate to enforce our rights in relation to our contract with you;
If the use of your personal data by us is based on your consent, you have the option at any time to revoke your consent to processing and to delete your personal data by writing to email@example.com.
We will retain your personal data contained in your Lunetta account for as long as your account exists. Please note that any personal data that we collect in order to enter into a contract with you, or in order to perform that contract, or because we are required by law to process the data, will be subject to the general retention periods.
Newsletter and email advertising
If you have signed up for our newsletter, we will regularly inform you about new products, hot tips and news as well as exclusive offers. If you no longer wish to receive our newsletter, you can unsubscribe permanently at any time via the unsubscribe link in each mailing.
Cookies and website tracking
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
For more information about cookies and how you can prevent cookies from being placed, please visit: http://www.allaboutcookies.org.
Web analytics service
Your right to data privacy
You have the right under certain circumstances,
– Request information about whether we hold personal data about you and, if so, what that data is and why we hold and use it.
– Request information about your personal data (commonly known as the ‘data subject’s right of access’). This gives you the opportunity to request a copy of the personal data we hold about you and to check that we are processing it lawfully.
– Request the correction of the personal data we hold about you. This gives you the opportunity to have incomplete or incorrect data we hold about you corrected.
– Request the deletion of your personal data. This gives you the opportunity to request that we delete or remove personal data where there is no reasonable cause to continue processing it. You also have the right to ask us to erase or remove your personal data if you have exercised your right to object to processing (see below).
– Object to the processing of your personal data where we (or a third party) invoke a legitimate interest and where you wish to exercise your right to object to processing for a specific reason in your particular situation. You also have the right to object if we use your personal data for direct marketing.
– Object to automated decisions, including profiling, which are not subject to automated decision-making by us using your personal data or profiling you.
– To request the restriction of the processing of your personal data. This gives you the opportunity to request us to suspend the processing of personal data about you, for example if you want us to establish the accuracy of the data or the reason for the processing.
– Request the transfer of your personal data in electronic and structured form to you or to another party (commonly known as the right to “data portability”). This gives you the opportunity to receive your data from us in an electronically usable format and to be able to transfer your data to another party in an electronically usable format.
– To withdraw consent. In certain circumstances, where you have given us consent to collect, process and transfer your personal data for a particular purpose, you have the right to withdraw your consent for that particular purpose at any time. Once we receive notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes to which you originally consented, unless we have another legitimate and lawful basis for doing so.
If you wish to exercise any of these rights, please submit your request to us at firstname.lastname@example.org. You do not have to pay a fee to obtain access to your personal data (or to exercise any other right). However, we may charge a reasonable fee if your request for access is clearly unfounded or disproportionate. Alternatively, we may refuse to grant access in these circumstances. We may need to ask you for more specific information to confirm your identity and ensure your right to access the information (or to exercise any other of your rights). This is another appropriate security measure to ensure that personal information is not disclosed to unauthorised persons.
Reiden, 16. Dezember 2020