For individual and additional offers and services, additional, special and supplementary privacy policies as well as legal documents such as General Terms & Conditions, Conditions of Use or Eligibility Requirements may be applicable.
Our online services shall be subject to the Swiss data protection legislation as well as to any applicable foreign data protection legislation, in particular that of the European Union (EU) including the General Data Protection Regulation (GDPR). The EU acknowledges that the Swiss data protection legislation guarantees an adequate level of data protection.
1. Contact addresses
Responsibility for Online Services:
The Company of St. George
c/o Roger Neeracher
Data Protection Representation in the EU and in the EEA
We have the following data protection representation in the European Union (EU) or in the European Economic Area (EEA) including the Principality of Liechtenstein pursuant to Art. 27 GDPR as an additional point of contact for supervisory authorities and data subjects for enquiries relating to the General Data Protection Regulation (GDPR):
The Company of St. George
c/o Floor Verhoeven
2. Processing of personal data
Personal data means all information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing encompasses every operation performed on personal data, irrespective of the tools and processes used, in particular the storage, disclosure, collection, erasure, saving, alteration, destruction or use of personal data.
2.2 Legal basis
We process – so far as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal basis:
- Art. 6 para. 1.b GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
- Art. 6 para. 1.f GDPR for the processing of personal data necessary to protect the legitimate interests of us or of third parties, except where such processing is carried out in breach of fundamental freedoms and rights which require protection of personal data. Legitimate interests are in particular our economic interest in being able to provide our offers and services in a permanent, user-friendly, secure and reliable manner as well as to advertise them – also by commissioned third parties or jointly with third parties and with the help of third parties -, information security and protection against misuse and unauthorized use, enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1.c GDPR for the processing of personal data necessary to fulfil a legal obligation to which we are subject under the laws of any member states of the European Economic Area (EEA).
- Art. 6 para. 1.e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 para. 1.a GDPR for the processing of personal data with consent of the data subject.
- Art. 6 para. 1.d GDPR for the processing of personal data necessary to protect vital interests of the data subject or another natural person.
2.3 Nature, purpose and scope
We process personal data that is necessary to provide our services in a permanent, user-friendly, safe and reliable manner. Such personal data may fall into the categories of contact data, browser and device data, content and inventory data, meta or marginal data and usage data, location data, and contract, payment and sales data.
We process personal data for the period of time required for the respective purpose or purposes or as required by law. Personal data whose processing is no longer required will be anonymized or deleted. Persons whose data we process have in principle the right to erasure.
As a matter of principle, we process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfil a contract with the data subject and for appropriate pre-contractual measures, to protect our legitimate interests, because the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily and personally transmits to us when making contact – for example, by postal mail, e-mail, contact form, social media or telephone – or when registering for a user account. We may store such information in an address book or with similar tools. If you transmit personal data about third parties to us, you are obligated to ensure data protection with regard to such third parties as well as to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when making our offers and services available, as far as such processing is permitted by law.
2.4 Processing of personal data by third parties and abroad
We may have personal data processed by commissioned third parties, transfer personal data to third parties, or process personal data together with third parties or with the help of third parties. Such third parties are in particular providers whose services we use, among other things, to check credit worthiness. We guarantee appropriate data protection for such third parties.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein. However, such third parties may also be located in other countries and territories on earth and elsewhere in the universe, provided that their data protection law guarantees adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC) or the Swiss Federal Council and – if and as far as the General Data Protection Regulation (GDPR) is applicable – in the opinion of the European Commission, or if adequate data protection is guaranteed for other reasons, such as by a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or by appropriate certification. As an exception, a third party may be located in a country without adequate data protection, provided that data protection requirements are still met, for example due to the explicit consent of the data subject.
3. Rights of data subjects
Data subjects have rights according to Swiss data protection law. These rights include the right of information as well as the rights to correct, erase or block processed personal data.
In addition, data subjects may – so far as the General Data Protection Regulation (GDPR) is applicable – obtain free of charge confirmation of whether we are processing their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data transferability and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Data subjects may – if and as far as the GDPR is applicable – revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects have the right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
4. Data security
We take appropriate and suitable technical and organizational measures to ensure data protection and in particular data security. However, despite such measures, the processing of personal data on the Internet can never be fully secure. We can therefore not guarantee absolute data security.
The access to our online offers and services is secured with transport-level encryption (SSL / TLS, with HTTPS).
Access to our online offer is subject – as is basically the case with all Internet use – to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, in the European Union (EU), in the United States of America (USA) and in other countries. We cannot directly influence the corresponding processing of personal data by secret services, police stations and other security authorities.
5. Use of our website
When you visit our website, cookies may be temporarily stored in your browser as so-called “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically erased when you close your browser. Permanent cookies in particular enable us to recognise your browser when you visit our website again, and thus allow us to measure the reach of our website, for example. However, permanent cookies can also be used for online marketing purposes.
5.2 Server log files
We may collect the following information for each request to our Website, provided that such information is transmitted to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including graphical user interface and version, browser including language and version, individual pages of our Website accessed including the amount of data transferred, last Website access in the same browser window (referrer).
We store such information, which may also represent personal data, in server log files. Such information is necessary to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus in particular the protection of personal data
5.3 Tracking pixels
We may use tracking pixels on our Website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small images that are automatically retrieved when you visit our Website. Tracking pixels can be used to record the same information as in server log files.
6. Social Media
We are present on social media platforms and other online platforms in order to communicate with interested people and to inform them about our offers and services. Personal data may be processed outside Switzerland and the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein.
For our presence on Facebook, we are responsible, so far as the GDPR is applicable, for so-called Page Insights jointly with Facebook. Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to provide our presence on Facebook in an effective and user-friendly manner. Facebook has published Information on Page Insights Data and an Addendum regarding the Responsibility for Page Insights.
7. Services of third parties
We use third-party services to provide our own offers and services in a permanent, user-friendly, secure and reliable manner. Such services are in particular used to embed content in connection with our online offers and services. Such services – for example hosting and storage providers, video platforms and payment providers – require your Internet Protocol (IP) address, otherwise such services would not be able to transmit the corresponding content. Such services may be located outside Switzerland and the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, provided that adequate data protection is guaranteed. We will ask you – if and to the extent necessary – for your consent to the use of third-party services.
For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our online offers and services and from other sources in aggregated, anonymized or pseudonymized form – including cookies, log files and counting pixels.
7.1 Digital Infrastructure
We use the services of third parties to implement the digital infrastructure necessary for our services. These include hosting and storage services from specialist suppliers. These providers process for this purpose – usually exclusively on our behalf – the data necessary to operate this infrastructure. Your Internet Protocol (IP) addresses are part of this data. We also guarantee adequate data protection with these providers.
We use Google Fonts to be able to embed fonts into our website. Google Fonts is a service provided by the US company Google LLC. The controller for users based in the European Economic Area (EEA) and Switzerland is Google Ireland Limited based in Ireland.
8. Final provisions