Privacy policy
The responsible body within the meaning of the data protection laws, Swiss Data Protection Act (DSG), is:
Company
Star Piercing GmbH
Schellenrainstrasse 7
6210 Sursee
Schweiz
E-Mail: info@star-piercing.ch
WebSite: https://www.star-piercing.ch
Authorized representative
Marc Isenegger
+41 79 776 99 98
E-Mail: info@star-piercing.ch
General note
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to protection of their privacy and protection against misuse of their personal data. We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or falsification. We would like to point out that data transmission over the Internet or by e-mail may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. Our website can generally be visited without registration. Data such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. If personal data such as name, address or e-mail addresses are collected on our websites, this is done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.
Processing of personal data
Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, retention, modification, destruction and use of personal data.
We process personal data in accordance with the Swiss Data Protection Act. If and insofar as the EU GDPR is applicable, we also process personal data on the following legal bases in conjunction with Art. 6 (1) GDPR:
- lit. a) Processing of personal data with the consent of the data subject
- lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures
- lit. c) Processing of personal data for compliance with a legal obligation to which we are subject under applicable EU law or under applicable law of a country in which the GDPR is applicable in whole or in part
- lit. d) Processing of personal data to protect the vital interests of the data subject or another natural person
- lit. f) processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental freedoms and rights and interests of the data subject. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
Cookies
This website uses cookies. These are small text files that make it possible to store specific, related information on your end device while you are using our website. Cookies make it possible in particular to determine the frequency of use and the number of users of the pages, to analyze patterns of page use, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when you visit the site again. If you do not wish this to happen, you should set your Internet browser to refuse to accept cookies.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case you will not be able to use all the functions of our websites.
SSL encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Server log files
The provider of our websites automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
Third-party services
This website may use Google Maps to embed maps, Google Invisible reCAPTCHA to protect against bots and spam and YouTube to embed videos. These services of the American Google LLC use, among other things, cookies, whereby data is transferred to Google in the USA, whereby we assume that no personal tracking takes place in this context solely through the use of our website. Google has undertaken to guarantee appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield. Further information can be found in Google's privacy policy.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.
Where is the data stored?
The data is stored in an Azure Cloud from Microsoft. The server location is in Switzerland.
Newsletter data
If you would like to receive our newsletter, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties. After you have given your consent to the storage of the data, the e-mail address and its use for sending the newsletter, you can revoke this at any time, for example via the unsubscribe link in the newsletter.
Where is the data stored?
The data is stored in a Brevo high-security data center with multiple certifications. The server location is in Germany.
Google Maps
We use the services of Google Maps. This enables us to display interactive maps directly on the website and allows you to conveniently use the map function. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. You can find more information on the purpose and scope of data collection and processing by Google as well as further information on your rights in this regard and setting options to protect your privacy at www.google.de/intl/de/policies/privacy.
Google AdWords
We use Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example, by setting your browser to generally deactivate the automatic setting of cookies or by setting your browser to block cookies from the domain "googleleadservices.com". Please note that you may not delete the opt-out cookies as long as you do not want measurement data to be collected. If you have deleted all cookies in your browser, you must set the respective opt-out cookie again.
Google Remarketing
We use the remarketing function of Google Inc. This function is used to present interest-based advertising to website visitors within the Google advertising network. A so-called "cookie" is stored in the website visitor's browser, which makes it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these websites, the visitor can be shown advertising that relates to content that the visitor has previously accessed on websites that use Google's remarketing function. According to Google, it does not collect any personal data during this process. However, if you do not wish to use Google's remarketing function, you can generally deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.
Google Analytics
We use Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of the processing
Google Analytics uses cookies that enable your use of our website to be analyzed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices. We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behavior is recorded in the form of "events". Events can be
- Page views
- First visit to the website
- Start of the session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- clicks on external links
- internal search queries
- Interaction with videos
- file downloads
- Viewed / clicked ads
- language setting
It also records
- your approximate location (region)
- your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the processing
Google will use this information on our behalf to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage period
The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent by using this website.
You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
Google Web Fonts
We use so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy https://www.google.com/policies/privacy/
Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines https://www.google.com/intl/de/tagmanager/use-policy.html.
This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you visit our pages with Facebook plugins, a connection is established between your browser and the Facebook servers. Data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a "Like" or "Share" button, are also forwarded to Facebook. You can find out more about this at https://de-de.facebook.com/about/privacy.
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. You can find more information in Instagram's privacy policy http://instagram.com/about/legal/privacy
On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Inc, 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). When you visit a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies. For more information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy, please refer to Pinterest's privacy policy https://about.pinterest.com/de/privacy-policy
Youtube
Functions of the YouTube service are integrated on this website. YouTube is owned and operated by Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland. Your legal agreement with YouTube consists of the terms and conditions which you can find at the following link https://www.youtube.com/static?gl=de&template=terms&hl=de. These Terms constitute a legally binding agreement between you and YouTube regarding your use of the Services. Google's privacy policy explains how YouTube handles and protects your personal data when you use the service.
Online store
We process the data of our customers in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU GDPR as part of the ordering processes in our online store in order to enable you to select and order the selected products and services as well as their payment and delivery or processing.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer service. In this context, we use session cookies, e.g. to store the contents of the shopping cart, and permanent cookies, e.g. to store the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The data marked as required are necessary for the establishment and fulfillment of the contract. We only pass on the data to third parties in the context of delivery, payment or within the scope of legal permissions and obligations. The data is only processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).
Users can optionally create a user account in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. User accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data relating to the user account will be deleted, provided that their retention is required for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account is retained until it is deleted with subsequent archiving in the event of a legal obligation. It is the responsibility of users to save their data in the event of termination before the end of the contract.
In the context of registration and new registration as well as the use of our online services, we store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests and those of the users in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR. The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed at irregular intervals. In the case of statutory archiving obligations, deletion takes place after their expiry.
Where is the data stored?
The data is stored in a multi-certified high-security data center operated by EcomData. The server location is in Germany.
External payment service providers
This website uses external payment service providers through whose platforms users and we can carry out payment transactions.
For example about
- PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
- Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
- Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
- Apple Pay (https://support.apple.com/de-ch/ht203027)
- Stripe (https://stripe.com/ch/privacy)
- Twint (https://www.twint.ch/datenschutz-website/)
As part of the fulfillment of the contract, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. We as the operator do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection notices of the payment service providers.
For payment transactions, the terms and conditions and privacy policy of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other rights of data subjects.
Rights of the data subject
Right to confirmation
Jede betroffene Person hat das Recht, von uns eine Bestätigung darüber zu verlangen, ob wir betreffende personenbezogene Daten verarbeiten. Wenn du dieses Bestätigungsrecht ausüben möchten, kannst du dich jederzeit an die Vertretungsberechtigte Person wenden.
Every data subject has the right to request confirmation from us as to whether we are processing personal data concerning them. If you wish to exercise this right of confirmation, you can contact the authorized representative at any time.
Right to information
Any person affected by the processing of personal data has the right to receive information from us at any time free of charge about the personal data stored about them and a copy of this information. In addition, information may be provided about the following:
- Purposes of the processing
- Categories of personal data processed
- recipients to whom the personal data has been or will be disclosed
- if possible, the planned duration of storage of the personal data or, if this is not possible, the criteria for determining this duration
- the existence of a right to rectification or erasure of the personal data concerning them
- if the personal data are not collected from the data subject: All available information about the origin of the data
In addition, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer. If you wish to make use of this right to information, you can contact the authorized representative at any time.
Right to rectification
Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. In addition, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. If you wish to exercise this right to rectification, you can contact the authorized representative at any time.
Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right to request the immediate deletion of personal data concerning them if one of the following reasons applies and the processing is no longer necessary:
- The personal data have been collected or otherwise processed for purposes for which they are no longer necessary
- The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing
- The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and associated profiling
- The personal data has been processed unlawfully
- The erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
The personal data have been collected in relation to the offer of information society services directly addressed to a child
If one of the above reasons applies and you wish to request the deletion of personal data, you can contact the authorized representative at any time. The person authorized to represent this website will ensure that the request for deletion is complied with immediately.
Right to restriction of processing
Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, The data subject has objected to processing on grounds relating to his or her particular situation and it is not yet clear whether the legitimate interests of the controller override those of the data subject
If one of the aforementioned conditions is met, you can contact our authorized representative at any time to request the restriction of the processing of personal data by the operator of this website. The person authorized to represent this website will arrange for the restriction of processing.
Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. In addition, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others. To assert the right to data portability, you can contact the authorized representative at any time.
Disclaimer
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, so that we cannot assume any liability for the completeness, correctness and topicality of the information, including journalistic and editorial information. Liability claims regarding damage caused by the use or non-use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. We may change or delete texts at our own discretion and without prior notice and are under no obligation to update the content of this website. The use of or access to our websites is at the visitor's own risk. We, our customers or partners are not responsible for any damages, such as direct, indirect, incidental or consequential damages, allegedly caused by visiting this website and consequently assume no liability for such damages.
We also accept no responsibility or liability for the content and availability of third-party websites that can be accessed via external links from this website. The operators of the linked sites are solely responsible for their content. We therefore expressly dissociate ourselves from all third-party content that may be relevant under criminal or liability law or offend common decency.
Changes
We may amend this privacy policy at any time without prior notice. The current version published on our website applies.
If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the privacy policy directly.
Sursee, 28.08.2023