Privacy policy

Privacy Policy

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when you use our website. Personal data includes all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

SchitliExpress GmbH
Blegistrasse 7, 6340 Baar, Switzerland

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock icon in your browser line.

2. Data Collection When Visiting Our Website
When using our website purely for informational purposes, i.e., without registering or otherwise transmitting information to us, we only collect the data your browser transmits to our server (so-called server log files). When you visit our website, we collect the following data necessary for displaying the website:

  • Our visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you reached the page

  • Browser used

  • Operating system used

  • IP address used

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not passed on or used in any other way. However, we reserve the right to check server log files retrospectively if there are concrete indications of unlawful use.

3. Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some cookies are deleted after the browser session ends (so-called session cookies), while others remain and allow us or partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). Cookies may collect and process user information such as browser and location data and IP addresses. Persistent cookies are automatically deleted after a specified period, which may vary per cookie.

Some cookies simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for later visits). Where personal data is processed by cookies, it is done based on Art. 6 para. 1 lit. b GDPR for contract execution or Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in the optimal functionality of the website.

We may work with advertising partners who help us make our website more interesting for you. In such cases, cookies from partner companies (third-party cookies) may also be stored on your device. You can configure your browser to notify you about cookie placement and decide individually about acceptance or exclude cookies for certain cases or generally. Refer to your browser's help menu to learn how to change your cookie settings.

Please note that if cookies are not accepted, the functionality of our website may be limited.

4. Contacting Us
When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected via a contact form is shown in the form. This data is used exclusively to respond to your inquiry and the associated technical administration.

The legal basis for data processing is our legitimate interest under Art. 6 para. 1 lit. f GDPR. If your inquiry aims at concluding a contract, then Art. 6 para. 1 lit. b GDPR applies. Your data will be deleted after the final processing of your inquiry unless legal retention obligations apply.

5. Data Processing When Opening a Customer Account and for Contract Processing
According to Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us to execute a contract or when opening a customer account. The data collected is evident from the respective input forms. You can delete your customer account at any time by contacting the controller. We store and use the data provided by you for contract processing. After the contract has been fully executed or your customer account deleted, your data will be blocked considering tax and commercial law retention periods and deleted thereafter unless you have expressly consented to further use or we are permitted by law to continue processing.

6. Use of Data for Direct Advertising (Newsletter)
If you subscribe to our newsletter, we will send you regular information about our offers. The only required field for subscription is your email address. Additional data is voluntary and used to address you personally. We use the double opt-in procedure to send the newsletter.

With your registration, you consent to our use of your data under Art. 6 para. 1 lit. a GDPR. We store your IP address and registration date to prevent misuse. Your data is used exclusively for newsletter delivery and will be deleted upon unsubscription, unless you have consented to further use or such use is legally permitted.

Our newsletters may contain web beacons or similar technologies (e.g. 1x1 pixel). These help track delivery and interaction (e.g., open and click rates, bounces, unsubscribes). This data is used for statistical purposes and to optimize our emails. You can block web beacons by disabling HTML display in your email program. Please note that disabling HTML may impair email readability. By subscribing, you also consent to this statistical analysis.

7. Data Processing for Order Fulfillment
To process your order, we work with service providers who support us in fulfilling contracts. Personal data is shared with the shipping company for delivery and with the payment institution for payment processing. The legal basis for sharing data is Art. 6 para. 1 lit. b GDPR.

7.1 Use of Twint
If you choose Twint as your payment method, payment is processed via Twint AG, Stauffacherstrasse 31, 8004 Zurich, Switzerland. We transmit information such as invoice amount, currency, and transaction number to Twint AG. No personal data is transmitted beyond that. For more on Twint's privacy policy, visit their website.

8. Web Analytics Services

AWStats
We use AWStats, a free web analytics software, to statistically evaluate our website. It analyzes server log files that contain IP addresses and are generally not associated with specific individuals. No cookies are used, and no data is sent to external servers. AWStats runs on our own server in Switzerland.

9. Tools and Other Services

Google Web Fonts
We use Google Web Fonts for uniform font presentation. Your browser connects to Google servers when loading fonts. Google may receive your IP address. Use of Web Fonts is in our legitimate interest (Art. 6 para. 1 lit. f GDPR). If your browser does not support Web Fonts, a standard font is used. Google LLC is certified under the Privacy Shield.
More information: [Google Fonts Info] and [Google Privacy Policy].

10. Rights of the Data Subject
You have the following rights under the GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to be informed (Art. 19)

  • Right to data portability (Art. 20)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint (Art. 77)

11. Right to Object
If we process your data based on our legitimate interest, you may object at any time for reasons arising from your situation. If you object, we will stop processing unless we demonstrate compelling legitimate grounds. If we use your data for direct marketing, you can object at any time. We will then stop processing for these purposes.

12. Duration of Storage
The duration of data storage depends on statutory retention periods (e.g., tax/commercial). After these expire, data is routinely deleted unless required for contract fulfillment or there is a legitimate interest in continued storage.

Zurich, November 20, 2024