Last modified, August 1, 2019
To provide customer-focused and relevant services, Bolso GmbH has to be able to collect and process user personal data. This Privacy Notice (the “Privacy Notice”) describes the principles based on which Bolso GmbH (hereinafter “Bolso”, “us” or “we”) processes personal data collected through this Website www.zoccolillo.swiss (the “Website”). It informs you in particular about what personal data we collect, for which purposes it is processed, with whom it may be shared, for how long we retain it and which rights and options relating to the use of your personal data you may have. “Personal data" means any and all information relating to an identified or identifiable natural person, for example name, address, e-mail address, an online identifier or the phone number.
This Privacy Notice applies as far as the processing activities are not subject to other privacy policies or are provided for by applicable law. Please read this Privacy Notice carefully. By using the services of our Website or by registering on our Website you consent to the collection and processing of your personal information as set forth in this Privacy Notice.
1. WHO CONTROLS THE PERSONAL DATA
The Controller of personal data collected through the Website is:
8700 Küsnacht, Switzerland
+41 44 991 17 17
Bolso determines the purposes and means of the processing of your personal data and is therefore responsible for the processing and use of your personal data as described in this Privacy Notice. If you have any questions or concerns regarding this Privacy Notice or how we process your personal data, kindly contact us at any time by sending an email to firstname.lastname@example.org.
2. HOW DO WE PROCESS PERSONAL DATA
Any personal data collected through the Website is processed in accordance with the provisions of applicable data protection and privacy laws. We collect and process personal data carefully and for the purposes described in this Privacy Notice. In accordance with applicable law, we may also use your personal data in other ways as described in this Privacy Notice. In such event, we will provide specific privacy policies or notices at the time of collection and obtain your consent where necessary. We always seek, to the extent reasonably possible, to collect information on an anonymized or pseudonymized basis so we cannot recognize your identity.
3. WHAT PERSONAL DATA DO WE COLLECT
Bolso collects and processes personal data of the following individuals:
- users of our Website;
- users registered with our Website (e.g. if he or she creates a user account);
- individuals purchasing and receiving/benefitting from products and services of us;
- potential or actual parties interested in products and services of Bolso;
- recipients of our newsletters;
- participants in opinion surveys conducted by us.
The personal data is generally collected directly by us during the use of our Website, through direct communication with you or in another way. Personal data can also be used indirectly through third party processors (e.g. our IT service providers, delivery services, customer service as described further below). Moreover, we may also collect personal data of a recipient of a gift card benefitting from the purchase of a family member, friend or other person.
In general, we collect the following personal data:
i. Information automatically collected:
- Bolso collects and stores information that your browser automatically transmits to us in "server log files" when visiting our Website. These may include the following data:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources. It is stored by us until it is automatically deleted within a period of [three - six months: Please check if this is correct].
ii. Information provided by you or generated in view of a possible contract or during the course of contract performance and fulfillment:
We collect information which you actively and voluntarily provide us with through the Website via registration, by creating a login, by purchasing a product, by sending a message to our contact email address email@example.com or by phone call, and/or information generated in view of a possible contract or during the course of contract performance and fulfillment. This may include the following personal data:
- Last name, first name, company name, address, email address, phone number, coupon code, additional information about orders, payment information, credit card details and other payment details (in accordance with other laws and regulations), billing and shipping address, products and services ordered and purchased, information and queries and complaints relating to products and services, or respective contracts entered into such as warranty claims, after sales services, repairs, customer care and services, rescissions and disputes;
- If you buy a gift card for a family member, a friend or another person, you may provide the following personal data: recipients email and name. If you provide us with personal data of other persons, please provide their personal data only if you are allowed to do so in line with applicable data protection laws and only if the other person would agree to you providing its personal data to us for the purposes the data are collected and the processing of its personal data according to our Privacy Notice.
4. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA ABOUT YOU
Purposes of processing
i. Information automatically collected
The data automatically collected as described above is processed for the purposes of proper functioning and managing of our Website, e.g. for establishing a connection, ensuring stability and uninterrupted system security, to improve our services, to protect our systems and for statistical purposes in the event of attacks on the network infrastructure on which the Website is made available.
ii. Information provided by or generated in view of a possible contract or during the course of contract performance and fulfillment
We will use the information provided by you for the lawful purposes which were evident from the circumstance or indicated at the time of collection which may include the following purposes:
- Communicating with you and provide you with the best possible and personalized information you may require from us (e.g. about our products and services;
- In connection with products and services offered, conclusions of contracts (for example purchases), executions of contracts (for example purchase contracts), maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials, announcements of events, competitions, participation in opinion surveys);
- protection of customers, employees and other individuals and protection of data, secrets and assets of and entrusted to us, and the protection of the safety of systems and premises of us;
- For complying with legal or other regulatory requirements and internal rules; and
- For establishing, exercise and/or defend actual or potential legal claims, investigations or similar proceedings;
- For other lawful purposes where such processing was evident from the circumstances or indicated at the time of the collection.
Legal basis for processing
The legal basis for processing your personal data for the purposes described above may be based on the following legal grounds:
- Your consent, only if it may be withdrawn at any time (e.g. when you sign up for our newsletter and other marketing communication);
- For the performance of a contract with you or for the intention to enter into a contract with you (e.g. when you purchase a product);
- To comply with a legal obligation (e.g. for tax reasons or for purposes of legal investigations or proceedings); or
- For the purposes of our legitimate interests, for example for maintaining and improving our internal business administration, organization, operations, risk management, protection of systems and premises, prevention of fraud and other offences, for advertising and marketing activities, to guarantee an effective, efficient, secure and harmonized service, to comply with legal or other regulatory requirements and internal rules, and for establishing, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.
Should the processing be based on your consent or our legitimate interests, you may withdraw consent or object to that processing at any time by contacting us directly at firstname.lastname@example.org. Please note, however, that the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
5. WITH WHOM DO WE SHARE YOUR PERSONAL DATA
We take necessary measures to ensure only our authorized personnel on a need to know basis will have access to your personal data to fulfill the purposes for which your personal data was collected.
We may share your personal data with the following categories of recipients in accordance with purposes and legal basis of processing as described herein:
- our trusted third-party service providers, including processors (e.g. providers of IT services);
- payment service providers, financial institutions and other partners
- website designers and developers;
- the public, media, including social media sites of Bolso;
- professional advisors and auditors;
- governmental administrations, courts and other competent authorities;
- other parties in potential or actual legal proceedings.
We choose our partners and data processors carefully and only upon sufficient guarantees they have appropriate technical and organizational measures in place. Our third-party partners are subject to confidentiality requirements and may use your personal data solely to the extent necessary to fulfill the purpose for which your personal data was collected, except as otherwise required by law.
6. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EEA
The personal data collected through our Website is stored in [Switzerland]. Moreover, we may transfer, store and process your personal data in data locations around the world, for example where our third-party providers or business partners are located. Therefore, we may transfer your personal data outside the European Economic Area (EEA) if it is required for the data processing described in this Privacy Notice in accordance with applicable law.
If data is disclosed to countries that do not guarantee an adequate level of protection, Bolso will ensure adequate protection of data disclosed by putting appropriate safeguards in place, such as contractual guarantees (e.g., on the basis of EU standard clauses), binding corporate rules, on the basis of the EU-U.S. and the Swiss-U.S. Privacy Shield Framework for transfers to third parties based in the U.S., or transferring data pursuant to your explicit consent, conclusion or performance of a contract, or in connection with the determination, exercise or enforcement of legal claims. You may obtain more information about our appropriate safeguards by contacting us via email to email@example.com.
7. FOR HOW LONG DO WE KEEP INFORMATION ABOUT YOU
We retain your personal data for as long as necessary to fulfill the purposes for which your personal data was collected. For this reason, we will delete or anonymize personal data (or equivalent) once they are no longer necessary to achieve the purposes, subject however (i) to any applicable legal or regulatory requirements to store personal data for a longer period (e.g. for tax or accounting reasons), or (ii) if we have an overriding interest (e.g. an interest for reasons of proof to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings, including legal holds, which we may enforce to preserve relevant information, or if we have an interest in non-personalized analysis).
On that basis, we normally process personal data subject to the following rules and obligations:
- For contract related personal data (including business records and communication), we retain personal data as long as the contractual relation is ongoing and for ten years after the termination of the contractual relationship unless (i) a shorter or longer statutory storage obligation is applicable on a case-by-case basis, (ii) the retention is required for reasons of proof or another valid reason based on applicable law, or (iii) the deletion of the data is required earlier (because e.g. the data is no longer required or we are required to delete the respective data);
- For operational data containing data (e.g. protocols, logs), we retain personal data for a period of 3 - 12 months.
8. Cookies, Google Analytics and Social Media Plug-ins
When you access or use the Website, we may place so called cookies – small text files – or similar tools on your computer. We use these cookies to recognize you as a user of the Website, to customize content, to improve the Website's performance and to enhance your user experience.
Categories of Cookies we use
Depending on their function and intended purpose, cookies we may use can be divided into the following categories: functional cookies, performance cookies, and advertising cookies.
- Functional cookies: These cookies serve a variety of purposes to the presentation, functionality and performance of a website and in particular to enhance visitors’ experience and enjoyment of the website. They enable a website to save details that have already been provided (e.g. user name, your location or language choices) and offer the visitors improved, more personal functions. Functional cookies are used, for example, to remember things like your log-in information. These cookies cannot track your movement on other websites.
- Performance cookies: These cookies are used to collect information how a website is used – for example how visitors came to our website, which pages a visitor opens most frequently, how they navigated around our website during their visit and whether they receive error messages from a page. We also may use these cookies to provide us with certain statistical and analytics information, such as how many visitors came to our website. These cookies are used to monitor the level of activities of the Website and to improve the performance of the Website.
These cookies may be placed by us or a third party on our behalf. To learn more about cookies and how they are used, please visit: http://www.allaboutcookies.org/.
On your computer, we store the cookies of Google Analytics. Google Analytics is a web analytics service that is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The cookies of Google Analytics allow an analysis of the use of the website by you and other website users that Google provides to us. The information generated by the cookie about your use of our Website is usually transmitted to a Google server in the USA and stored there. This information may include number of times a user visits the website, dates of the first and last visit, duration of the visits, the page from where the user accessed the website, the search engine the user used to access the website or the link they clicked on, the place in the world from where the user accesses, etc. Google will use this information on our behalf to evaluate your use of the website, to compile reports on your website activity, and to provide other services regarding website activity and internet usage for us.
We have activated the IP anonymization feature on our Website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there.
In addition, Google may monitor the use of the Website by the user and combine this data with data from other websites monitored by Google which the user has visited and Google may use these findings for its own benefits (e.g. to control advertisement), under their responsibility and based on their own privacy policies that can be found here (https://policies.google.com/).You can learn more about Google Analytics and how they process Personal Data here (https://policies.google.com/technologies/partner-sites).
Google AdWords conversion tracking
This Website uses the online advertising service ‘Google AdWords’ and, as part of that, conversion tracking. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google"). A conversion-tracking cookie is stored whenever a user clicks on an ad delivered by Google. These cookies deactivate after 90 days and are not for the purpose of personal identification. If you visit certain pages of this Website while the cookie is still active, Google and we may know that you clicked on the ad and were directed to this page. Every Google AdWords client receives a different cookie. Thus, cookies cannot be tracked across AdWords customers’ websites. The information collected via conversion cookies helps Bolso compile conversion statistics. We find out how many users have clicked on our ad and been directed to a conversion tracking tag page. However, we do not receive any information that would enable us to identify the individual user. If you want to disable tracking, you can deactivate the Google conversion tracking cookie in your internet browser settings. You will therefore not be included in conversion tracking statistics.
Retargeting [What cookies are used, e.g. DoubleClick cookie is very popular]
Our Website uses retargeting technology. We use such technology to make our internet offering more relevant to you. It enables internet users who have previously shown an interest in our shop and our products to be addressed by advertisements on our partners’ websites. We believe that displaying personalised, interest-based advertisements is generally more useful to the internet user than advertising that has no personal relevance. These advertisements are displayed on our partners’ sites based on cookie technology and analysis of previous user behavior. This form of advertising is completely pseudonymised. No personal data is stored and no user profile is associated with your personal data. You consent to the installation of cookies and therefore to the collection, storage and use of your user data. Furthermore, you agree that your cookie data will continue to be stored after your browser session has ended and that it may, for example, be retrieved when you next visit the website. This consent may be withdrawn at any time with future effect by disabling cookies in your browser settings.
Social Media Plugins
Our Website provide you with social media plug-ins from various social networks, for example Facebook (with Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, as the operator of the service); Twitter (with Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA, as the operator of the service); YouTube (with YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, as the operator of the service); Instagram (a service offered from Facebook); and Meetup (a service offered by Meetup Inc, 632 Broadway FI 10, New York City, NY 10012, as the operator of the service) and Pinterest (with Pinterest Inc., 505 Brannan Street San Francisco, CA 94107, USA as the operator of the service).
Data will only be sent to the social media provider, once the user activates the social media plug-ins by clicking on the chosen plugin. The user can thus choose when to activate them. Should the user do so, the social media providers are able to establish a direct connection to the user during his or her visit on the Website, which allows the provider to be aware of the user's visit and may analyse the respective information. The subsequent processing of the personal data will be conducted in the responsibility of the social media provider according to data protection and privacy laws and according to its data protection policies published on its website (such as www.facebook.com, www.twitter.com., www.instagram or https://medium.com). Please read carefully the privacy policies of your social networks for detailed information about their collection and transfer of personal data, your rights, and how you can achieve satisfactory privacy settings.
Management of Cookies
If you do not want to accept these cookies you can change your browser settings to delete or prevent certain cookies from being stored on your computer or device without your consent. Each browser is different in the type, how it manages the cookie-settings. This is normally described in the «Help» menu of each browser. You will find this information for the most popular browsers under the following links:
- Internet Explorer: support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: support.mozilla.com/en-US/kb/Cookies
- GoogleChrome: google.com/support/chrome/bin/answer.py?hl=en&answer=95647
- Safari: support.apple.com/kb/PH5042.
Please note, however, that by disabling the cookies function in your browser settings, you may no longer be able to use all the functions of the Website.
The legal basis for the processing of personal data by using cookies or social network plug-ins are our legitimate interests in operating, protecting, analyzing, optimizing, and improving our Website.
9. EMAIL MAILING FOR ADVERTISING PURPOSES
If you sign up for our newsletter, we will use your email address for sending you information about our products and services and other commercial communications (e.g. announcements of events, competitions and surveys) that may be of interest for you, as long as you will be subscribed to the email mailing list. You can unsubscribe from such emails at any time, by clicking the highlighted link “unsubscribe from this list” at the end of each email or by contacting us directly via email at firstname.lastname@example.org.
We have implemented various technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure or access, in particular where processing involves the transmission of data over a network, and against all other unlawful forms of processing and misuse.
Bolso may use third party data processors to collect and process your personal data. Any data processors commissioned by us will only process your personal data in accordance with our instructions and are legally obliged to adhere to strict security procedures when handling personal data.
Unfortunately, transmission of information via the internet is not wholly secure. Although we do our utmost to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is done so at your own risk. For this reason, you are always free to transfer your personal data to us via alternative means, e.g. by telephone. Once we have received your information, we employ strict procedures and rigid security measures to try to prevent unauthorised access.
11. THIRD-PARTY PRIVACY POLICIES
Our Website is not intended for children and we do not knowingly collect personal data from children under the age of 16, except with the explicit parental consent. If we are notified or otherwise learn that personal data of a child under the age of 16 has been improperly collected, we will take all reasonable steps to delete that personal data.
13. WHAT ARE YOUR RIGHTS
You may request information from Bolso as to whether data concerning you is being processed. In addition, you have the right to request the correction, destruction or restriction of personal data regarding yourself as well as to object to the processing of personal data. Should the processing of personal data be based on our consent, you may withdraw consent at any time. However, please note that a withdrawal does not affect the legitimacy of the processing activities that took place before you withdrew your consent. In countries of the EEA you may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer.
Requests in this respect shall be submitted to Bolso via the following email address: email@example.com. Bolso reserves the right to restrict the rights of the affected user in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.
If we refuse your request or if you are not satisfied with our processing, you are also entitled to lodge a complaint with the competent supervisory authority and seek a judicial remedy. For users located in Switzerland, the competent authority is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch). For the users located in the EU Countries, a list of the supervisory authorities can be found here.
14. CHANGES TO OUR PRIVACY NOTICE
This Privacy Notice may be changed from time to time and without prior notice or announcement. All changes to this Privacy Notice are effective when they are posted on the Website unless indicated otherwise. When we change the policy in a material manner, we will let you know via email and/or a prominent notice on our Website or in another appropriate manner prior to the change becoming effective and update the ‘effective date’ at the top of this page.