This website was created and published by Essento Food AG, which is headquartered in Switzerland, Aargauerstrasse 3, CH-8048 Zurich, registered in the commercial register in the Canton of Zurich under the UID number 200.783.952 (hereinafter also referred to “we” or “Essento”).
Therefore, we are responsible for the collection, processing and use of your personal data. We are committed to a responsible handling of your personal data. As such, we consider it a matter of course to comply with the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO) and other provisions of Swiss data protection law. We also comply with the provisions of the new European General Data Protection Regulation (GDPR) insofar as they apply to us.
1. When visiting our website
When you visit our website, our servers temporarily store each access in a protocol file. The following data will be stored by us:
- IP address from the requesting computer
- Date and time of access
- Name and URL of the retrieved data
- Website from which the domain was accessed
- Operating system of your computer and the browser you are using
- Country from which our website was accessed
- Name of your internet access provider
These data are generally collected and processed anonymously, with no personal references, for the purposes of allowing the use of our website (connection setup), ensuring the long-term security and stability of the system and optimising our internet offering, as well as for internal statistical purposes. The above-mentioned information is not linked to or stored with personal data. Only in the event of an attack on the network infrastructure of our website or in the event of suspicion of other unauthorised or abusive use of the website will the IP address be analysed for the purposes of clarification and defence and, if necessary, used in criminal proceedings for identification and in criminal and civil proceedings against the user concerned. This is our legitimate interest (legal basis for the application of the GDPR: Art. 6 para. 1 lit. F GDPR). See below for the application of analysing software and cookies.
2. When opening a customer account
To place an order in our online shop, you can voluntarily open a customer account. For the purpose of processing your order in the online shop or for the delivery of the ordered services, we collect in the registration process the following data (* required; legal basis for the application of the GDPR: Art. 6 para. 1 lit. a and b of the GDPR):
- First and last name*
- Invoice address (if different than delivery address)
- Email address*
The data in the customer account can be reviewed and changed any time. You can also request for the complete deletion of your customer account by sending us your deletion request (see section “Contact”)
3. When shopping in the online shop
When you want to buy a product in our online shop, we require different data for the completion of the contract. The following data is required:
- First and last name
- Invoice address (if different than delivery address)
- Payment details (depending on the selected payment method)
- Login data (for registered customers)
Sharing of more data is voluntary. The collection of the telephone number serves the purpose of getting in touch with you in case there are questions about your order. The telephone number is not used for advertising calls and it is not shared with any third parties engaged in marketing. If you have a customer account, we store your data for your next order. In relation to your order in the online shop, the processing of your order in the online shop or the delivery of the ordered services, we collect, store and process the following data additionally:
- Information about the ordered products
- Data about your order
As far as this privacy statement does not state differently or you have not separately permitted, we only use the aforementioned data to complete the contract, namely to process your order, to deliver the ordered products and to secure the correct payment (legal basis for the application of the GDPR: Art. 6 para. 1 lit. b of the GDPR)
You can subscribe to our newsletter on our website. The following data will be requested for the subscription (* required):
- First and last name
- Email address*
- Preferred language
You can activate the registration for our newsletter after entering the above information. We use the double-opt-in mechanism here. After sending off the registration, you will receive an email from us containing a confirmation link. You must confirm this link in order to definitively sign up for the newsletter. You can withdraw your consent at any time (see section “Contact”). You will also find a link to unsubscribe in all newsletter emails.
Our newsletter may contain a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1×1 pixel, invisible graphics associated with the user ID of the respective newsletter subscriber. For each newsletter sent, there is information on the address file used, the subject and the number of newsletters sent. Furthermore, it is possible to see which addresses have not yet received the newsletter, to which address it has been sent and for which addresses the delivery has failed. It is also possible to view which addresses have opened the newsletter. Finally, we collect information also on which addresses have unsubscribed. We use this data for internal statistical purposes and to optimise the newsletter in terms of content and structure. This allows us to better adjust the information and offers in our newsletter to the individual interests of the recipient. The tracking pixel is deleted when you delete the newsletter. In order to disallow the use of the web beacon in our newsletter, please set your email program such that no HTML is displayed in messages.
With the registration, you grant us your consent to process the provided data for this purpose (legal basis for the application of the GDPR: Art. 6 para. 1 lit. a of the GDPR). You can withdraw your consent at any time through unsubscribing from our newsletter. The legality of the already executed data processing is not touched by a withdrawal.
5. Transmission of data to third parties
We only transmit your personal data if you have expressly consented to this, if we are required to do so by law, or where we must do so in order to exercise our rights, in particular where necessary to enforce claims from the contract. Furthermore, we transmit your personal data to third parties to the extent necessary for the use of the website and the contract processing, namely to process the order, to transact your purchases, to deliver your ordered products and their payment, to provide you with the ordered services as well as to analyse the customer behaviour. Third-party use of data transmitted to this end is strictly limited to the purposes mentioned above.
6. Transmission of personal data abroad
7. Processing of personal data for credit assessment
If we deliver in advance of payment, for example if you make a purchase on account, we may obtain a credit report based on statistical mathematical calculations from a credit agency in order to safeguard our legitimate interests. For this purpose, we may send the personal data required for a credit check to a credit agency; we then use the information we receive on the statistical probability of a shortfall in payment to make a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may include probability values (score values) that are calculated based on scientifically recognised mathematical and statistical methods; address data may be factored into these calculations. Your legitimate interests are always considered in accordance with legal regulations.
In the preceding described purposes, there is a legitimate interest from us (legal basis for the application of the GDPR: Art. 6 para. 1 lit. f of the GDPR).
8. Your right to information, deletion, correction and limitation
You can request information about the personal data concerning you and stored by us at any time. Requests for information must be submitted in writing and must be accompanied by proof of identity. Similarly, you have the right to demand the deletion or correction of the personal data concerning you and stored by us at any time. You can exercise this right by sending us a request on this topic (see section “Contact”). We point out to you that we reserve the right for a proof of identity and that if your data is deleted, our services cannot be used or can no longer be used in full.
You can withdraw your consents to certain data processing at any time with respect to the future. Please note that by law, certain data must be retained for a specific period. We are therefore required to store such data until that period has ended. We set these data apart in our system and only use them to comply with the relevant legal provisions.
You have the right to demand the restriction of the processing of your personal data, for example if the correctness of the data is contested by you.
You have the right to receive your personal data that you provided us, in a structured, common and machine-readable form depending on the governing law or to request that it be transferred to another person responsible, depending on applicable data protection laws.
Depending on the applicable data protection law, you have a legal right of complaint to the responsiblet data protection authorities, if you do not agree with the handling of your personal data.
9. Data security
We use appropriate technical and organisational security measures to protect data concerning you and stored by us from manipulation, partial or total loss, and unauthorised access by third parties. Our security measures are adapted constantly to keep pace with technological developments. If you are a registered customer, your access to your customer account is only possible after entering your personal password. You should treat your payment information confidential and close your browser window, if you finished your communication with us, particularly in the case you use your computer together with others. We also take our own in-house data protection very seriously. Our employees and the service providers acting on our behalf are required to maintain confidentiality and comply with the legal provisions on data protection. Moreover, access to personal data is only granted to the extent that it is necessary.
11. Tracking tools
We use the web analytics service Google Analytics from Google for the purposes of needs-based design and continuous optimisation of our pages. Pseudonymised usage profiles are created and cookies used. The information generated by the cookie about your use of our websites, such as:
- browser type/version
- operating system used
- referrer URL (the page visited previously)
- host name of the accessing computer (IP address)
- time of the server request
are transferred to a server of Google Inc., part of the holding company Alphabet Inc., in the USA and stored there. In the process, the IP address is shortened through the activation of the IP anonymisation (‘anonymizeIP’) on our web pages prior to transmission within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area or, respectively, Switzerland. The anonymised IP address transmitted as part of Google Analytics from your browser will not be merged with other data from Google. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google respects the data privacy provisions of the “Swiss-USA Privacy Shield” agreement and therefore has an adequate level of data privacy. The information is used to evaluate the usage of our websites, to compile reports on website activities and to provide additional services associated with website and internet usage for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. According to Google, the IP address will not be linked to other data concerning the user under any circumstances. More information is available here: https://marketingplatform.google.com/intl/en_uk/about/
Users can prevent the collection by Google of data generated by the cookie and related to the use of the website by the user concerned (including the IP address), as well as the processing of this data by Google through the users downloading and installing the browser plugin available on Google on the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also click on the link to prevent future recording by Google Analytics on the website as an alternative to the browser plugin. Thereby, an opt-out-cookie is stored on your device. If you delete cookies (see section “Cookies”), you have to click on the link again.
The usage of Google Analytics is in our legitimate interest for the operation of our website and in the improvement of our services (legal basis for the application of the GDPR: Art. 6 para. 1 lit. f of the GDPR).
12. Facebook Custom Audience
We use communication tools from the provider Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, or, if you are a resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Generally, through the usage of Custom Audience an irreversible and non-personal checksum (hash-value) form your user data is generated, which can be transferred to Facebook for the purposes of analysing and marketing. Thereby, the Facebook cookie is addressed. Facebook respects the data privacy provisions of the “Swiss-USA Privacy Shield” agreement and therefore has an adequate level of data privacy.
If you want to contradict the usage of Facebook Custom Audience, you can do this here: https://www.facebook.com/ads/website_custom_audiences/.
The usage of Facebook Custom Audience is in our legitimate interest for the operation of our website and in the improvement of our services (legal basis for the application of the GDPR: Art. 6 para. 1 lit. f of the GDPR).
13. Facebook Pixel
On our website, we use the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, or, if you are a resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook can designate visitors to our website as a target group for displaying advertisements using Facebook Pixel. Accordingly, we use Facebook Pixel to display Facebook ads that are placed by us only to such Facebook users, who also have shown interest in our website. With the help of Facebook Pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. Using Facebook Pixel, we can also understand the effectiveness of Facebook Ads for statistical and market research purposes, in which we see as to whether users were forwarded to our website after clicking on a Facebook ad. Facebook Pixel is directly integrated by Facebook when accessing our website and can save a cookie on your device. If you subsequently log in to Facebook or visit Facebook while being logged in, the visit to our website shall be noted in your profile. The data collected about you is anonymous for us, so it does not provide us with any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible. The data can therefore be used by Facebook according to their data usage policy. More information about the operating principles of Facebook pixel and about the presentation of Facebook Ads in general, you can access Facebook’s data usage policy here: https://www.facebook.com/policy.php.
You can object to the collection by Facebook-Pixel and use of your data to display Facebook ads. In order to set which types of advertisements are displayed to you within Facebook, you can view them by visiting Facebook’s set-up page and follow the information on the settings for use-based advertising: https://www.facebook.com/settings?tab=ads or explain your contradiction through a US-American website http://www.aboutads.info/choices/or the EU-website http://www.youronlinechoices.com/. The settings are assumed platform-independently, which means for all devices, like a desktop computer or a mobile device.
The usage of Facebook Pixel is in our legitimate interest for the operation of our website and in the improvement of our services (legal basis for the application of the GDPR: Art. 6 para. 1 lit. f of the GDPR).
14. Links to our social media presence
Our website features links to our social media profiles on the following social networks:
- Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA
- Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA
- Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA
If you click on one of the social network icons, you will be redirected to our profile on the relevant social network. However, you will need to sign into your user account or already be signed in. When you link to one of our social media profiles, a direct connection will be established between your browser and the server of the relevant social network. The network will then be informed that you visited our website with your IP address and accessed the link. If you access a link to a social network while you are logged into your account on that network, the content of our site may be linked directly to your profile on the network, meaning that the network will be able to directly attribute your visit to our website to your user account. If you wish to prevent this, you should sign out before clicking on any such links. In any case, the network will still be able to attribute your visit to your account, if you sign in after clicking on the link.
15. Storage duration
Your personal data are stored as long as necessary to fulfil the purpose of its collection or as long as we have a legitimate interest. Reserved is a legal retention obligation.
If you have any questions about data protection on our website, want to request information or want to have your data deleted, please contact us:
Essento Food AG
State: Zurich, 22. Januar 2019