Privacy

Privacy Policy

1.1 Purpose

This Privacy Policy provides an overview of how Embassy Jewel AG collects, processes, and protects your personal data. We place great emphasis on safeguarding your privacy and ensuring the security of your data.

1.2 Scope

This Privacy Policy applies to all personal data collected and processed in the context of our business relationships with customers, suppliers, business partners, and visitors to our website. It covers both data collected online and offline.

1.3 Principles of Data Processing

We adhere to the following principles when processing your personal data:

  • Lawfulness, Fairness, Transparency: We process your data lawfully, fairly, and in a manner that is transparent to you.
  • Purpose Limitation: We collect and process your data only for specified, explicit, and legitimate purposes.
  • Data Minimization: We collect only data that is relevant and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We ensure that your data is accurate and up to date.
  • Storage Limitation: We retain your data only as long as necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process your data securely, protecting it from unauthorized or unlawful processing, accidental loss, destruction, or damage.

1.4 Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy at any time to reflect changes in legal or technical conditions. The current version of the Privacy Policy is always available on our website. We recommend reviewing it regularly.

2. Data Controller

2.1 Definition of Data Controller

The Data Controller is the natural or legal person, authority, agency, or other body that determines the purposes and means of processing personal data. For Embassy Jewel AG, this is the company itself.

2.2 Contact Details of the Data Controller

Embassy Jewel AG is responsible for processing your personal data. You can contact us using the following details:

  • Company Name: Embassy Jewel AG
  • Address: Grendelstrasse 2, 6004 Lucerne
  • Phone Number: +41 41 418 20 80
  • Email Address: datenschutz@embassy.ch

2.3 Data Protection Coordinator

Embassy Jewel AG has appointed a Data Protection Coordinator responsible for ensuring compliance with data protection regulations. The Data Protection Coordinator is available for any questions about your personal data and the exercise of your rights.

  • Name: Henrik Engel
  • Address: Grendelstrasse 2, 6004 Lucerne
  • Phone Number: +41 41 418 20 80
  • Email Address: datenschutz@embassy.ch

2.4 Responsibilities of the Data Protection Coordinator

The Data Protection Coordinator’s responsibilities include:

  • Monitoring compliance with data protection regulations within Embassy Jewel AG.
  • Training and raising awareness among employees regarding data protection.
  • Liaising with supervisory authorities.
  • Serving as a point of contact for individuals with questions or complaints about data protection.

3. Collection and Processing of Personal Data

3.1 Types of Data Collected

We collect various types of personal data depending on your interaction with us, including:

  • Contact Information: Name, address, phone number, email address.
  • Payment Information: Bank account details, credit card information.
  • Usage Data: Information about how you use our website and services, such as IP address, browser type, access times, and visited pages.
  • Communication Data: Contents of emails, inquiries, and other communications you send to us.

3.2 Methods of Data Collection

Data is collected in the following ways:

  • Directly from You: When you voluntarily provide data, e.g., by filling out forms on our website, subscribing to newsletters, or contacting customer service.
  • Automatically: Certain data is automatically collected through the use of our website and services, e.g., via cookies and other tracking technologies.
  • From Third Parties: In some cases, we receive data from third parties, e.g., payment service providers or marketing partners.

3.3 Purposes of Data Processing

The data collected is processed for various purposes, including:

  • Contract Fulfillment: To meet our contractual obligations, such as processing orders and payments.
  • Customer Service: To respond to your inquiries and provide assistance.
  • Marketing and Advertising: To send you information about our products and services, with your consent.
  • Analysis and Improvement: To analyze and improve our services and user experience on our website.

3.4 Legal Bases for Data Processing

The processing of your data is based on various legal grounds, including:

  • Consent: When you have given us your consent to process your data.
  • Contract Fulfillment: When processing is necessary for the performance of a contract with you.
  • Legal Obligations: When we are legally required to process your data.
  • Legitimate Interests: When processing is necessary to protect our legitimate interests, e.g., improving our services.
  • Here is the remaining part of the translation, keeping the formatting intact:

4.1. Contract Fulfillment

We process your personal data to fulfill our contractual obligations to you. This includes:

  • Order Processing: Handling and delivery of your orders.
  • Payment Processing: Managing payments and refunds.
  • Customer Service: Responding to your inquiries and providing support.

4.2. Customer Service

Your data is used to provide efficient and personalized customer service. This includes:

  • Communication: Contacting you via email, phone, or mail to answer your questions or resolve issues.
  • Support: Providing technical assistance and help with using our products and services.

4.3. Marketing and Advertising

With your consent, we use your data for marketing and advertising purposes to inform you about our products, services, and offers. This may include:

  • Newsletters: Sending newsletters and promotional emails (with an opt-out option).
  • Personalized Offers: Creating tailored offers and recommendations based on your interests.
  • Market Research: Conducting surveys and analyses to improve our products and services.

4.4. Service Improvement

We analyze the use of our website and services to continuously improve them. This includes:

  • Usage Analysis: Collecting and evaluating data about how our website and services are used.
  • Google Analytics: Using Google Analytics to analyze website usage.
  • Social Plugins: Utilizing social plugins to enhance user experience.

4.5. Legal Obligations

We also process your data to comply with legal requirements, such as:

  • Accounting and Taxes: Meeting statutory obligations in accounting and taxation.
  • Legal Disputes: Processing data related to legal claims and proceedings.
  1. Data Sharing

5.1. Sharing with Service Providers

We share your personal data with selected service providers who assist us in delivering our services. These providers are contractually obligated to handle your data confidentially and use it only for the agreed-upon services. These include:

  • Payment Service Providers: For processing payments and refunds.
  • Shipping Providers: For delivering orders.
  • Marketing Providers: For conducting marketing campaigns and analyses.

5.2. Sharing with Third Parties

In certain cases, we share your data with third parties when necessary to fulfill our contractual obligations or comply with legal regulations. This includes:

  • Authorities: To meet legal obligations, such as in tax or criminal investigations.
  • Legal Advisors: For asserting, exercising, or defending legal claims.

5.3. International Data Transfers

In some cases, it may be necessary to transfer your data to recipients in countries outside Switzerland or the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place to protect your data, such as standard contractual clauses or obtaining your explicit consent.

  • Google Inc.:
    1600 Amphitheatre Parkway – Mountain View, CA 94043, USA
    Google is used for Analytics and, additionally, for document services to manage order processing. Data entered for orders is separate from Analytics and marketing data.
  • Microsoft Corporation:
    One Microsoft Way – Redmond, WA 98052-6399, USA
    Your data is processed by Microsoft Corporation for Bing Webmaster Tools as described above.
  • The Rocket Science Group, LLC (Mailchimp):
    675 Ponce de Leon Ave NE – Suite 5000 – Atlanta, GA 30308, USA
    Mailchimp is used for sending automated notifications about your order status. Your name, email address, order number, and order details are shared. Additionally, Mailchimp manages our newsletter, and the provider is informed if you subscribe to it.

5.4. No Commercial Data Sharing

We do not sell or rent your personal data to third parties for commercial purposes.

5.5. Protection Measures for Data Sharing

When sharing your data, we ensure that appropriate technical and organizational measures are in place to protect your data. These include:

  • Encryption: Using encryption technologies for data transmission.
  • Contractual Clauses: Establishing contracts with service providers to ensure data protection.
  • Access Controls: Restricting access to your data to authorized personnel only.
  1. Data Security

6.1. Technical Measures
We employ a variety of technical measures to protect your personal data from unauthorized access, loss, or misuse. These include:

  • Encryption: Using encryption technologies to secure your data during transmission and storage.
  • Firewalls: Protecting our IT systems with firewalls to prevent unauthorized access.
  • Antivirus Software: Regular scans and updates using antivirus software to detect and remove malware.
  • Security Updates: Regularly installing security updates and patches to close known vulnerabilities.

6.2. Organizational Measures
In addition to technical measures, we implement organizational practices to safeguard your data:

  • Access Controls: Limiting access to personal data to authorized employees who require it to perform their duties.
  • Training: Conducting regular employee training on data protection and security to raise awareness.
  • Policies and Procedures: Implementing data protection policies and procedures to ensure compliance with legal requirements.

6.3. Physical Security Measures
We also take physical measures to protect your data:

  • Access Controls: Securing our premises with access controls to prevent unauthorized entry.
  • Video Surveillance: Using video surveillance and other measures to protect our facilities, staff, and assets. Retention periods for recordings are available upon request.

6.4. Review and Improvement
We regularly review and enhance our security measures to ensure continuous data protection. This includes:

  • Security Audits: Conducting regular security audits and risk assessments to identify and address vulnerabilities.
  • Emergency Plans: Developing and implementing emergency plans to respond promptly and effectively to security incidents.
  1. Rights of Data Subjects

7.1. Right to Access
You have the right to request confirmation of whether we process your personal data. If so, you can request access to this data, including:

  • Processing Purposes: Why your data is processed.
  • Data Categories: The types of data being processed.
  • Recipients: Who your data is shared with.
  • Retention Period: How long your data is stored or the criteria for determining this.
  • Your Rights: Your rights regarding your data.
  • Data Sources: Where your data originates, if not collected directly from you.
  • Automated Decision-Making: Whether and how automated decision-making, including profiling, is used.

7.2. Right to Rectification
You can request the correction of inaccurate personal data or the completion of incomplete data.

7.3. Right to Erasure
You may request the deletion of your personal data if:

  • The data is no longer needed for its original purpose.
  • You withdraw your consent, and no other legal basis exists.
  • You object to processing, and there are no overriding legitimate reasons.
  • The data has been unlawfully processed.
  • Erasure is required to comply with a legal obligation.

7.4. Right to Restriction of Processing
You have the right to request restriction of processing if:

  • You dispute the accuracy of the data, pending verification.
  • Processing is unlawful, but you oppose deletion and instead request restriction.
  • We no longer need the data, but you require it for legal claims.
  • You object to processing, pending verification of overriding legitimate grounds.

7.5. Right to Data Portability
You can request your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller, provided:

  • Processing is based on consent or a contract, and
  • Processing is automated.

7.6. Right to Object
You can object to the processing of your personal data at any time for reasons related to your specific situation if processing is based on legitimate interests. We will cease processing unless overriding legitimate grounds exist or the processing serves legal claims.

7.7. Right to Withdraw Consent
You may withdraw your consent to data processing at any time. The withdrawal does not affect the lawfulness of processing prior to withdrawal.

7.8. Right to Lodge a Complaint
You have the right to file a complaint with a supervisory authority if you believe your data processing violates data protection laws. More information is available at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

  1. Contact

8.1. Getting in Touch
If you have questions about the processing of your personal data or wish to exercise your rights, you can contact our Data Protection Coordinator:

  • Name: Henrik Engel
  • Address: Grendelstrasse 2, 6004 Lucerne
  • Email: datenschutz@embassy.ch
  • Phone: +41 41 418 20 80

8.2. Support and Advice
Our Data Protection Coordinator is available to assist with any privacy-related questions or concerns. Please do not hesitate to reach out for support or if you have any issues regarding the handling of your data.

  1. Changes to the Privacy Policy
  • 1. Updates
    We reserve the right to amend this privacy policy at any time to reflect changes in legal or technical requirements. Changes will be published on our website, and the current version is always available there.
  • 2. Notification of Changes
    If significant changes are made to this privacy policy that affect your rights or obligations, we will inform you in a timely manner. This may be done through a notice on our website or via email.
  • 3. Regular Review
    We recommend that you review this privacy policy regularly to ensure that you are always informed about the current provisions and practices.

 

Effective Date: November 2024