Contact

Privacy Policy

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

In general, it is possible to use our website without providing personal data. As far as personal data (e.g., name, address, or email addresses) is collected on our pages, this is always done, where possible, on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

We point out that data transmission on the internet (e.g., communication via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.
With this privacy policy, we inform you about which personal data (hereinafter also referred to as “data”) are processed by us in relation to our online presence (hereinafter “website”) and what rights you have. The privacy policy also serves to implement our obligations under Section 13 of the Telemedia Act (TMG) and Article 13 of Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data, the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR).

1. Data Controller

Company: ALIBERA AG

Managing Director: Dr. Renate von Grünigen

Address: Bahnhofstrasse 10

Phone: +41 44 550 54 54

Email: info@alibera.ch

2. Definitions

The Privacy Policy uses the following terms in the sense of the General Data Protection Regulation (GDPR):

  • “Personal Data”: Any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific features that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • “Processing”: Any operation or set of operations performed on personal data, whether by automated means or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.
  • “Controller”: The natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
  • “Processor”: A natural or legal person, authority, agency, or other body which processes personal data on behalf of the controller.
  • “Recipient”: A natural or legal person, authority, agency, or other body to whom personal data are disclosed, whether a third party or not. Authorities that may receive personal data in the course of a specific investigation under Union law or the law of a Member State are not considered recipients; the processing of such data by these authorities is carried out in accordance with the applicable data protection regulations for the purposes of processing.
  • “Third Party”: A natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
  • “Consent” of the data subject: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.
  • “Cross-border Processing”: Either
    • processing of personal data that takes place in the context of activities of establishments of a controller or a processor in the Union in more than one Member State, if the controller or processor is established in more than one Member State, or
    • processing of personal data that takes place in the context of the activities of a single establishment of a controller or processor in the Union, but which has substantial effects on data subjects in more than one Member State or is likely to do so.

3. Type, Scope, and Purpose of Processing, Legal Basis

3.1 The following types of data are processed by us:

  • Customer data (name, gender, date of birth, address, phone and fax, email, account details)
  • Content (texts, images, videos)
  • Usage data (websites visited, access times, location, etc.)
  • Communication data (device information, IP addresses, etc.)
  • Contract data (contract text, payments)

3.2 The following categories of data subjects are involved:

  • Visitors to our websites (hereinafter also referred to as “users”) as well as other interested parties,
  • Buyers of our goods and recipients of services (hereinafter also referred to as “customers”); other business partners

3.3 The processing of data takes place for the following purposes and using the legal bases mentioned below:

  • Presentation, maintenance, and improvement of our websites, including all functions for users, for evidentiary purposes; this is based on Article 6(1)(f) GDPR (protection of our legitimate interests). Communication and usage data are processed, and data is not generally shared with third parties unless there is a legal obligation to do so (Article 6(1)(c) GDPR).
  • Processing of usage data (websites visited, products viewed) and content for advertising purposes, especially for personalized product suggestions; this is based on Article 6(1)(f) GDPR (protection of our legitimate interests).
  • Responses to inquiries via a contact form, email correspondence with users and customers; processing is based on Article 6(1)(b) GDPR.
  • To fulfill contractual obligations towards customers and other contract partners, customer and contract data are processed. If data required in forms is marked as mandatory, it is necessary for the fulfillment of the specified purpose. Processing is based on Article 6(1)(b) and (c) GDPR.
  • Own marketing; if consent has been obtained, processing is carried out according to Article 6(1)(a) and Article 7 GDPR, otherwise, for the protection of our legitimate interests: Article 6(1)(f) GDPR.

Any further legal bases for our processing are listed in the subsequent sections.

4. Recipients of Data, Third Countries

For payment processing, we may transmit the necessary data (name, account details, email address, purchase price) to a payment service provider and/or a bank or PayPal involved in the payment. Other categories of recipients include hosting providers, participants in the inventory management and financial accounting system, external service providers for customer service, and possibly suppliers.

The transfer and disclosure of data to recipients, processors, or third parties only occur within the framework of the legal bases (see above section 2.4) or when there is an additional legal obligation. Access to data for processors is granted strictly in accordance with Article 28 of the GDPR. Processing of data in a third country (outside the European Union (EU) or the European Economic Area (EEA)) is carried out according to Articles 44 to 50 of the GDPR. Processing takes place at a level of data protection that complies with the GDPR, particularly through guarantees from the processors, such as the agreement between the EU and the US under the US Privacy Shield (also referred to as “Privacy Shield”) or through specific contractual obligations (Standard Contractual Clauses).

5. Data Deletion

Data deletion occurs based on Articles 17 and 18 of the GDPR; the same applies to the restriction of processing and the blocking of data. Data is deleted or its processing is restricted when and to the extent that it is no longer necessary for the fulfillment of the specified purpose, unless deletion is prohibited by law (e.g., retention obligations under commercial or tax law) or another agreement exists.

According to Section 257 of the German Commercial Code (HGB) and Section 147 (1) of the Fiscal Code (AO), every merchant is particularly obligated to retain commercial books and records, inventories, opening balances along with work instructions, annual financial statements, other organizational documents, and booking evidence for ten years; for commercial and business correspondence, a retention period of six years applies.

6. Cookies

This website uses “cookies.” These are small files stored on the users’ computers with various information. They are used to determine the identity of the user and their device, as well as to secure information provided by the user during their visit. In addition to temporary cookies (“session cookies,” e.g., shopping cart contents), which are deleted after leaving the website and closing the browser, there are persistent cookies (e.g., for the last login, viewed pages). These are not deleted after leaving the website. In the case of “third-party cookies,” the cookies do not come from the responsible party but from a third party. The use of cookies is based on Article 6, Paragraph 1, Letter f of the GDPR and serves both the proper and smooth provision of our services, the exercise of electronic communication procedures, or the provision of certain features desired by the user (e.g., shopping cart in online shops).

You can prevent cookies from being stored on your computer. You have the option to select in your browser settings that cookies are generally not allowed or that cookies from specific sites are blocked. You can also delete existing cookies. It is hereby advised that the functionality of our websites may be limited when cookies are disabled or removed.

7. Hosting

We collaborate with hosting partners to maintain, restore, and improve our services, particularly concerning storage space, computing capacity, databases, infrastructure, maintenance services, and similar services. This may involve the processing of data as outlined in section 2.1 of this privacy policy, particularly for the collection of server log files (server accesses).

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request

This data cannot be attributed to specific individuals.

The processing is based on a legitimate interest on our part in accordance with Article 6, Paragraph 1, Letter f of the GDPR in conjunction with Article 28 of the GDPR.

8. Rechte der betroffenen Personen

Nach der DSGVO stehen Ihnen in Bezug auf Ihre Daten verschiedene Rechte zu:

  • Sie können eine Bestätigung darüber verlangen, ob betreffende Daten verarbeitet werden; wenn dies der Fall ist, können Sie Auskunft über diese Daten sowie weitere Informationen und eine Kopie der Daten verlangen, Artikel 15 DSGVO.
  • Sie haben das Recht, unverzüglich die Berichtigung von unrichtigen personenbezogenen und die Vervollständigung unvollständiger personenbezogener Daten zu verlangen, Artikel 16 DSGVO.
  • Sie können verlangen, dass betreffende Daten unverzüglich gelöscht (Artikel 17 DSGVO) bzw. in Bezug auf die Verarbeitung eingeschränkt werden (Artikel 18 DSGVO).
  • Sie haben unter den Voraussetzungen des Artikels 20 DSGVO das Recht, die von Ihnen bereitgestellten Daten zu erhalten und diese Daten einem anderen Verantwortlichen ohne Behinderung durch uns zu übermitteln.
  • Sie können gem. Artikel 77 DSGVO eine Beschwerde bei der zuständigen Aufsichtsbehörde einreichen.
  • Erteilte Einwilligungen können Sie gem. Artikel 7 Absatz 3 DSGVO mit Wirkung für die Zukunft widerrufen und einer künftigen Verarbeitung der Sie betreffenden Daten nach Maßgabe des Artikel 21 DSGVO jederzeit widersprechen.

9. Sonstiges

Google Analytics

Wir bedienen uns auf Grundlage unserer berechtigten Interessen (Betrieb und Optimierung unserer Webseiten) im Sinne des Artikel 6 Absatz 1 Buchstabe f DSGVO des Tools Google Analytics, ein Service der Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google ist unter dem Privacy-Shield-Abkommen zertifiziert, es wird garantiert, dass das europäische Datenschutzrecht eingehalten wird (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Durch die Nutzung von Cookies erzeugt Google Informationen über die Benutzung der Webseiten, die gewöhnlich an einen Google-Server in den USA übertragen und dort gespeichert werden. Google wird diese Informationen benutzen, um Ihre Nutzung der Webseite auszuwerten, um Reports über die Webseitenaktivitäten für die Webseitenbetreiber zusammenzustellen und um weitere mit der Webseitennutzung und der Internetnutzung verbundene Dienstleistungen zu erbringen. Wir weisen darauf hin, dass Google Ihre IP-Adresse innerhalb der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum vor einer Speicherung und Übermittlung kürzt, so dass ein unmittelbarer Personenbezug ausgeschlossen ist. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt. Sie können der Verwendung von Cookies durch Einstellung im Browser entgegenwirken und die Verwendung im Übrigen dauerhaft verhindern, indem Sie ein Browser-Add-on von Google zur Deaktivierung von Google Analytics installieren. Sie können dieses Programm unter https://tools.google.com/dlpage/gaoptout?hl=de downloaden. Weiterführende Informationen sowie die Datenschutzerklärung von Google finden Sie unter: http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/

Verwendung von Google Maps

Wir verwenden auf dieser Webseite die Schnittstelle Google Maps API, um Landkarten und/oder StreetView-Rundgänge einzubinden. Dies geschieht auf Grundlage unserer berechtigten Interessen (Artikel 6 Absatz 1 Buchstabe f DSGVO). Anbieter von Google Maps ist die Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Bei der Verwendung von Google Maps werden von Google auch Daten über die Nutzung der Kartenfunktionen durch Besucher erhoben, verarbeitet und genutzt. Dies können IP-Adressen und Standortdaten der Nutzer sein. Sie können über die Einstellungen Ihrer Geräte bestimmen, ob Sie Standortdaten übertragen wollen; dies geschieht in der Regel nicht ohne Ihre Einwilligung. Informationen über die Verarbeitung der Daten durch Google können Sie in den Google-Datenschutzhinweisen unter https://www.google.com/policies/privacy/ finden.

Verwendung von Webfonts

Wir bedienen uns auf Grundlage unserer berechtigten Interessen (Betrieb und Optimierung unserer Webseiten) im Sinne des Artikel 6 Absatz 1 Buchstabe f DSGVO des Web-Schriftarten-Dienstes „Google Webfonts“, angeboten von der Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Bei jedem Besuch dieser Webseite werden Dateien von einem Google-Server geladen, um den Text in einer bestimmten Schriftart anzuzeigen. Ihre IP-Adresse kann auf einen Server des Anbieters übertragen und im gewöhnlichen Serverprotokoll gespeichert werden. Die weitere Verarbeitung dieser Informationen liegt in der Verantwortung von Google. Informationen zu Bedingungen und Einstellungen finden Sie in den unter https://www.google.com/policies/privacy/ niedergelegten Datenschutzbestimmungen von Google.

Widerspruch Werbe-Mails

Der Nutzung von im Rahmen der Impressumspflicht veröffentlichten Kontaktdaten zur Übersendung von nicht ausdrücklich angeforderter Werbung und Informationsmaterialien wird hiermit widersprochen. Die Betreiber der Seiten behalten sich ausdrücklich rechtliche Schritte im Falle der unverlangten Zusendung von Werbeinformationen, etwa durch Spam-E-Mails, vor.