TIME TO GLOW TWOGETHER
Privacy Policy
Privacy Policy
June 20 2024
1. General
AnW Glow GmbH, Marktgasse 15, 8640 Rapperswil, Switzerland (hereinafter "we/our"), thanks you for your interest in our online shop. This privacy policy informs you about the personal data we process in connection with our activities and operations, including our online shop. Additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, may apply to individual activities and operations.
Protecting your privacy is very important to us. Our privacy policy is aligned with the requirements of the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act (DPA), and the revised Swiss Data Protection Act (revDPA). The European Commission has recognized that Swiss data protection law ensures adequate data protection. This policy explains our data protection practices – what personal data we collect about our users, what we do with it, how we share it, and your rights regarding your data. By accessing or using our services, you confirm that you have read this privacy policy.
2. Who is responsible for data processing?
For data protection concerns, please contact:
AnW Glow GmbH, Marktgasse 15, 8640 Rapperswil, info@anwglow.com
3. General information about the categories of personal data we process and for what purpose
AnW wants you to feel secure about your personal data and to inform you when, for what purposes, and what personal data is processed about you.
3.1 What are personal data and what categories of personal data do we process?
Personal data are all information relating to an identified or identifiable natural person (e.g., name, address, phone number, birth date, or email address). We primarily process the following categories of personal data:
**Master Data:** Basic data needed to manage our business relationships or for marketing and advertising purposes, which directly relate to your person.
- Salutation, name, first name, birth date
- Address, email address, phone number, mobile phone number
- Payment information (e.g., stored payment methods, bank account details, billing address)
- Information regarding the use of our online shop (e.g., if you are registered with us)
- Information about associated websites, social media profiles, etc.
- Information about affinities and interests, language preferences, etc.
- Information about your relationship with us (customer, visitor, supplier, etc.)
- Information about related third parties (e.g., contact persons, recipients of services or representatives)
- Preferences regarding the receipt of advertising, subscribed newsletters, etc.
- Information about your status with us (e.g., inactivity or blocking of a customer account)
- Information about participation in competitions and sweepstakes
- Information about titles and positions within a company for contact persons and representatives of business partners
- Date and time of registrations
We usually receive this master data directly from you, but we may also receive it from other people working for your company, or from third parties such as agencies or our business partners, associations, address dealers, and from publicly accessible sources like public registers or the internet (websites, social media, etc.). In some cases, you may register on our website using a third-party login (e.g., Apple, Google, or Facebook). In such cases, we gain access to certain data stored with the respective provider, such as your name and email address, the scope of which you can usually determine. For more information, please refer to the privacy policy of the respective provider.
**Contract Data:** Information that arises in connection with the conclusion or execution of a contract, such as information about contracts and collaborations, the services to be provided or that have been provided, and data from the pre-contractual phase. We process, for example, the following contract data:
- Date, type and duration, as well as terms of the respective contract, data on the termination of the contract
- Contact details
- Information on the use of services
- Payment and payment method information, invoices, mutual claims, customer service contacts, objections, complaints, feedback, etc.
- For online services also access data and logins
- Delivery addresses
- Information about claims and benefits (e.g., vouchers)
- Information about defects and complaints, as well as contract adjustments
- Interactions with you as a contact person or representative of a business partner
We receive this data from you, but also from partners we collaborate with. This data can also relate to your company, so it is not necessarily "personal data," but it can relate to you if you work for a company or receive services from us.
**Communication Data:** Data related to our communication with you, such as:
- Name and contact details like postal address, email address, and phone number
- Content of correspondence (e.g., emails, written correspondence, phone calls, chat messages, etc.)
- Responses to satisfaction surveys
- Information about the type, time, and possibly location of communication, as well as other communication metadata
In certain situations, we may ask for an identity verification.
**Technical Data:** Data that arises in connection with the use of our services, such as:
- The IP address of the device and the device ID
- Information about your device, its operating system, or language settings
- Information about your internet service provider
- Accessed content or logs recording the use of our systems
- Date and time of access to the website and your approximate location
- Details about the content and files you access in your personal login or portal
- Other information required for the use of a login portal, such as sending an access code via push notification for logging into your login or portal via our website
Based on technical data, behavioral data can also be collected, i.e., information about your use of websites. We can also assign an individual code to you or your device (e.g., using a cookie). This code is stored for a certain period, often only during your visit. Generally, we cannot identify you personally from technical data unless you register, for example, for the newsletter on our website. In such cases, we can link technical data with master data – and thus with your person.
**Behavioral Data:** Data collected to better understand and tailor our services to you and your company, particularly information about your use of our website. This can include information about your use of electronic communications, such as whether and when you opened an email or clicked on a link, especially for newsletters. We can also use your other interactions with us as behavioral data, linking this with other data (e.g., anonymous information from statistical agencies) and evaluating it on a personal and non-personal basis.
**Preference Data:** Information about your likely needs and the services that might interest you, based on behavioral data. This can include linking behavioral data with other data and evaluating it on a personal and non-personal basis to draw conclusions about characteristics, preferences, and expected behavior.
Most of the above data is provided by you. If necessary for providing our services or the contract between you and us, we also process personal data received from third parties. We also process personal data from publicly accessible sources (e.g., debt registers, press, (social) media, internet), which we are legally permitted to receive and process.
3.2 For what purpose do we process personal data?
**To ensure IT security and prevention:** We process personal data to monitor our company's performance, particularly IT, our website, applications, and other platforms for security purposes, to ensure IT security, prevent theft, fraud, and abuse, and for evidentiary purposes. This includes evaluating technical logs of our systems' usage, preventing, defending, and investigating cyberattacks and malware, analyzing and testing our networks and IT infrastructures, and system and error checks. For this purpose, we primarily process technical data and behavioral data.
**To maintain internal rules and other measures for IT, building, and facility security:** This includes access controls, visitor lists, network and mail scanners to protect our employees and others entrusted to us or our assets. For this purpose, we primarily process technical data and behavioral data.
**To safeguard our rights:** We may process personal data to assert claims judicially or extrajudicially and before authorities at home and abroad or defend against claims. For this purpose, we may process master data and communication data.
**To comply with legal requirements:** This includes processing complaints and other notifications, complying with court or authority orders, measures for detecting and clarifying misuse, and general measures required by applicable law, self-regulation, or industry standards. For this purpose, we may process your master data and communication data.
**For administration and support:** To efficiently manage our internal processes, we process data as necessary for IT administration, accounting, or data archiving. This may include using contract data, communication data, behavioral data, and technical data.
**For other purposes:** This includes corporate management, including business organization and development, other internal processes and administrative purposes (e.g., managing master data, accounting, and archiving), training and educational purposes, preparing and processing purchases and sales of company parts, companies, or parts of companies, and other corporate transactions and associated personal data transfers, and measures for business management and safeguarding other legitimate interests.
**Communication process:** Personal data is processed within internal and external communication. This includes responding to inquiries and contacting you in case of queries, for example, via email (e.g., order status information, authentication) and for all other processing purposes where we communicate with you (e.g., contract processing, information, and direct marketing). For this purpose, we primarily process your communication data and master data.
**Contract processing:** Personal data is processed in connection with the handling, fulfillment, initiation, and management of contractual relationships. This includes, for example, delivering an order, producing an order, recommending a product. Contract processing may also involve personalized services. We primarily use master data, contract
data, communication data, behavioral and transactional data, and preference data. The purpose of contract processing generally includes everything necessary or appropriate to conclude, perform, and enforce a contract. This includes processing to:
- Decide how (payment options) we enter into a contract with you
- Provide the contractually agreed service(s), produce the goods, and also, for example, deliver goods and provide services and functions
- Services related to your customer status or measuring customer satisfaction
- Determine and inform the winners of competitions and sweepstakes and possibly publish them
- Account for services and generally for accounting purposes
- Prepare the planning and provision of services, e.g., scheduling our employees and partners (e.g., delivery services)
- Assess whether we want to and can cooperate with a company and monitor and evaluate company services
- Terminate and end contracts
**Advertising:** We advertise our activities and operations to third parties such as social media platforms and search engines. We want to reach people who are already interested in our products and offers or might be interested (remarketing and targeting). To this end, we may share corresponding – possibly also personal – information with third parties that enable such advertising. We can also determine whether our advertising is successful, i.e., whether it leads to visits to our website (conversion tracking). Third parties where we advertise and where you are registered as a user may associate the use of our online offer with your profile there (e.g., social media platforms, Google Account). We use, in particular:
- **Facebook Ads, Instagram Ads:** Social media advertising; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); data protection information: remarketing and targeting especially with the Facebook pixel and Custom Audiences including Lookalike Audiences, privacy policy, "Ad Preferences" (user registration required).
- **Google Ads:** Search engine advertising; provider: Google; Google Ads-specific information: advertising based on search queries using various domain names – particularly doubleclick.net, googleadservices.com, and googlesyndication.com – for Google Ads, "Advertising" (Google), "Why am I seeing a specific ad?".
- **Pinterest Ads:** Social media advertising; providers: Pinterest Inc. (USA) / Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); data protection information: remarketing and targeting especially with the Pinterest tag, "Privacy, Security and Legal," privacy policy, "Personalization and Data," "Personalized Ads on Pinterest," "Data Sharing on Pinterest," cookie policy.
- **TikTok Ads:** Social media advertising; providers: TikTok Information Technologies UK Limited (UK) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), UK, and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; data protection information: remarketing and targeting especially with the TikTok pixel, privacy policy, "Privacy Policy for Younger Users," cookie policy, "TikTok for Business - Privacy and Cookie Policy."
We process personal data for customer relationship management and marketing purposes to send offers via written and electronic communications and to conduct marketing campaigns. These communications can be personalized to provide you with information that matches your interests. To this end, we primarily use master data, contract data, communication data, behavioral and transactional data, and preference data (e.g., newsletters, promotional emails, in-app messages, and other electronic messages – all with prior consent, advertisements and spots on screens and other advertising spaces, etc.). You can change and reject your marketing preferences at any time. For newsletters and other electronic messages, you can unsubscribe from the respective service via an unsubscribe link included in the message.
3.3 On what legal grounds do we process data?
Data processing is only permissible if applicable law expressly permits it. This applies not only under the DPA but also under the GDPR, where applicable. In such cases, we base the processing of your personal data on the following legal grounds:
- Your consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)
- Processing is necessary for contract performance or pre-contractual measures (e.g., evaluating a contract proposal; Art. 6(1)(b) GDPR)
- Processing is necessary for the assertion or defense of legal claims or civil proceedings (Art. 6(1)(f) and Art. 9(2)(f) GDPR)
- Processing is necessary to comply with domestic or foreign legal requirements (Art. 6(1)(c) and (f); Art. 9(2)(g) GDPR)
- Processing is necessary to protect a legitimate interest in data processing, particularly the interests mentioned in Section 4 (Art. 6(1)(f) GDPR).
4. Disclosure of personal data
4.1 Are personal data disclosed to third parties?
As part of our processing activities, we may disclose your personal data to other recipients. This may extend beyond our activities for group-internal administration (e.g., central use of IT services) or the management of the respective AnW locations and their own processing purposes, such as personalizing marketing activities, providing cross-border settlements, developing, and improving services. We may disclose your personal data to companies outside of AnW if we use their services (e.g. shipping). Generally, these service providers process personal data on our behalf as "data processors." Our data processors are required to process personal data solely in accordance with our instructions and to take appropriate measures for data security. We only disclose the personal data necessary for order processing. Some service providers are also jointly or independently responsible (e.g., collection agencies). We ensure through the selection of service providers and appropriate contractual arrangements that data protection is ensured throughout the processing of your personal data.
This includes services in the areas of:
- Shipping and logistics (e.g., for shipping ordered goods)
- Payment services
- Advertising and marketing services
- Warranty and return (e.g., repair in case of defects or exchange)
- Company administration, such as accounting or asset management
- Collection services
- Insurance services
- Payment service providers (such procedures are only applied if you are already a customer of the respective payment service provider) and their fraud prevention services conducted on their own responsibility, e.g., PayPal Fraud Protection. Please refer to the respective service provider's privacy policy for detailed information.
- IT services, e.g., services in the areas of data storage (hosting), cloud services, email newsletter delivery, data analysis and enhancement, etc.
4.2 Do we use third-party providers?
We also disclose personal data to service providers as required for their services. This particularly concerns IT service providers but also consulting firms, analysis service providers, collection service providers, credit agencies, marketing service providers, etc. If service providers process personal data as data processors, they are obligated to process personal data exclusively according to our instructions and implement data security measures.
Data may also be disclosed to other recipients, e.g., courts and authorities in legal proceedings and legal information and cooperation obligations, to buyers of companies and assets, to financing companies in the case of securitizations, and to collection agencies. In individual cases, we may also disclose personal data to other third parties for their own purposes, e.g., if you have consented to such disclosure or we are legally required or authorized to disclose these data.
4.3 Do we transfer personal data to third countries?
We usually process and store personal data in Switzerland and the European Economic Area (EEA). However, we also disclose personal data to third parties or processors/service providers who are not located in the EU/EEA or Switzerland, in any country in the world. These countries may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we ensure the protection of your personal data in an adequate manner.
For example, we use Wix for web hosting. The personal data of website users are controlled by Wix.com Ltd. in Israel, a country considered by the European Commission to provide an adequate level of protection for personal data of residents of EU member states (see here). For these purposes, Wix acts as a "data processor." The processing of website users' personal data occurs within the territory of the European Union, Israel, or a third country within or specified sectors of that third country, for which the European Commission has decided that it ensures an adequate level of protection. Any transfer to and processing in a third country outside the European Union that does not ensure an adequate level of protection must occur within an approved transfer mechanism as further described in the data processing addendum ("DPA").
Use of Google reCAPTCHA: Our website uses "Google reCAPTCHA" (hereinafter "reCAPTCHA"). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google." reCAPTCHA checks whether data entry (e.g., in a contact form) is done by a human. This analysis begins automatically as soon as the website visitor enters the website. Various information is evaluated for the analysis (e.g., IP address, time spent on the website, or user mouse movements). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. This data processing is based on Art. 6(1)(f) GDPR. As the website operator, AnW has a legitimate interest in protecting its web offerings from abusive automated spying and spam. For more information about Google reCAPTCHA and Google's privacy policy, see the following links: https://www.google.com/intl/en/policies/privacy/ and https://policies.google.com/terms?hl=en.
We may also transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all of these countries currently provide an adequate level of data protection according to Swiss law standards. We therefore make contractual arrangements to compensate for the lower level of legal protection, particularly with the standard contractual clauses issued by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Further information and a copy of these clauses can be found at www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html.
In certain cases, we may also transfer data within the scope of data protection regulations without such contracts, e.g., if you have consented to the respective transfer or the transfer is necessary for contract performance, the assertion, exercise, or defense of legal claims, or an overriding public interest. To ensure an adequate level of data protection, we will be happy to provide you with an overview of the third country recipients and a copy of the specific conditions agreed upon. Please use the contact details below info (at)anwglow.com.
5. Duration of storage and retention period
We process and store your personal data as long as necessary to provide our (contractual) services (usually for the duration of the contractual relationship), as long as we have a legitimate interest in storage (e.g., to enforce legal claims, for archiving and/or ensuring IT security), and as long as the data is subject to a legal retention obligation (e.g., certain data is subject to a ten-year retention period). Unless legal or contractual obligations prevent this, we delete or anonymize your data after the end of the storage or processing period as part of our usual processes.
6. Contact options and your rights
Under applicable data protection law, you have certain rights to further information about our data processing and to influence it. Please note that these rights are subject to legal requirements and limitations and therefore may not be fully applicable in every case. In particular, it may be necessary for us to continue processing and storing your personal data to fulfill a contract with you, to protect our own legitimate interests such as the assertion, exercise, or defense of legal claims, or to comply with legal obligations. To the extent legally permissible, especially to protect the rights and freedoms of other affected persons and to protect legitimate interests, we may therefore completely or partially refuse a data subject's request (e.g., by redacting certain third-party content or our trade secrets).
You may be entitled to the following rights:
6.1 Right of access
You can request further information about our data processing. We are happy to provide you with this information. You can also make a so-called access request if you want more information and a copy of your data.
6.2 Right to rectification
You have the right to request the rectification of inaccurate personal data concerning you or to have your personal data completed by notifying us of your objection.
6.3 Right to erasure
You have the right to request the deletion of your personal data if the data is no longer necessary for the purposes for which it was collected or processed. The same applies if you withdraw consent or object to the processing and no overriding legitimate grounds for processing exist, or if the personal data was unlawfully processed.
6.4 Right to restriction of processing
You have the right to request the restriction of the processing of personal data.
6.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to whom the personal data was provided, where the processing is based on your consent or is necessary for the performance of a contract.
6.6 Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. Despite the withdrawal, the lawfulness of the processing based on your consent until the withdrawal remains unaffected.
6.7 Right to object
You have the right to object at any time to the processing of your personal data, if the processing is based on the legitimate interest of the controller/third party or is necessary for the performance of a task carried out in the public interest. If personal data is processed for direct marketing purposes, you can object at any time.
6.8 How can you exercise your rights?
To exercise your rights, please contact info@anwglow.com. Further details can be found under section 10.
Each person has the right to lodge a complaint with a supervisory authority. For Switzerland: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, Phone: +41 (0)58 462 43 95
7. Am I required to provide personal data?
For the execution of the pre-contractual relationship or the contract and the offering of our services, we rely on the provision of personal data or are legally required to collect them. If personal data is not provided, we are unable to enter into a contract with you or continue to offer or fulfill the contract or our services.
8. To what extent is there automated decision-making including profiling?
We do not make exclusively automated decisions in the context of the contractual relationship or our services. We inform about the possible use of automated decisions as part of our legal obligations.
9. Does profiling take place?
In certain situations, we process personal data to evaluate certain personal aspects of a person, particularly to evaluate aspects related to our online trading, to assess their interests and reliability. We use profiling, for example, in the following cases:
- In the context of the contractual relationship or our services (e.g., service tracking, personal interest management) to evaluate performance and development in our company.
- In the context of marketing (e.g., personal product suggestions).
10. Contact details for data protection matters
For information and suggestions on data protection, please contact info(at)anwglow.com or the contact details in the imprint.
11. Can we change this privacy policy?
AnW reserves the right to change this privacy policy from time to time. Therefore, you should read this privacy policy regularly. The date of the current version (valid from) is shown at the beginning.