Privacy policy

This SWISS BOTANIC Sarl (“we”) privacy notice describes how and why we may collect, store, use and/or share (“process”) your information when you use our services (“Services”), for example when you:

Visit our web site at https://swissbotanic.com/, or any other web site that links to this privacy notice.

You engage with us in other ways, such as sales, marketing or events.

Do you have any questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, do not use our services.

If you still have questions or concerns, please contact us at [email protected].

SUMMARY OF KEY POINTS

This summary presents the key points of our privacy notice, but you can obtain more details on each of these topics by clicking on the link following each key point or by using our table of contents below to find the section you are looking for.

• What personal information do we process?

When you visit, use or browse our services, we may process personal information based on how you interact with us and the services, the choices you make and the products and features you use. Learn more about the personal information you provide.

• Do we process sensitive personal information?

We do not process sensitive personal information.

• Do we receive information from third parties?

We do not receive any information from third parties.

• How do we process your information?

We process your information to provide, improve and administer our services, to communicate with you, for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent. We only process your information when we have a valid legal reason to do so. Learn more about how we handle your information.

• In what situations and with what types of parties do we share personal information?

We may share information in specific situations and with specific categories of third parties. Find out more about when and with whom we share your personal information.

• How do we ensure the security of your information?

We have implemented organizational and technical processes and procedures to protect your personal information. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Find out more about how we ensure the security of your information.

• What are your rights?

Depending on your location, applicable privacy legislation may give you certain rights regarding your personal information. Learn more about your privacy rights.

• How to exercise your rights

The easiest way to exercise your rights is to submit a data access request or contact us. We will investigate and respond to all requests in accordance with applicable data protection laws.

Want to know more about what we do with the information we collect? Read the full privacy notice.

Table of contents

• WHAT INFORMATION DO WE COLLECT?
• HOW DO WE PROCESS YOUR INFORMATION?
• ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR INFORMATION?
• WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
• DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
• HOW DO WE MANAGE YOUR SOCIAL IDENTIFIERS?
• HOW LONG DO WE KEEP YOUR INFORMATION?
• HOW DO WE ENSURE THE SECURITY OF YOUR INFORMATION?
• DO WE COLLECT INFORMATION FROM MINORS?
• WHAT ARE YOUR PRIVACY RIGHTS?
• DO-NOT-TRACK” FUNCTION CONTROLS
• DO WE UPDATE THIS NOTICE?
• HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
• HOW CAN YOU CONSULT, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you give us

In short: we collect the personal information you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, when you express an interest in obtaining information about us or our products and services, when you participate in activities on the Services, or when you contact us.

Personal information you provide to us. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use.

The personal information we collect may include the following:

• Names
• Telephone numbers
• E-mail addresses
• Postal addresses
• User names
• Passwords
• Contact preferences
• Billing addresses.
• Sensitive information. We do not process sensitive information.
• Payment details. We may collect the data necessary to process your payment if you make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is stored by Postfinance, Stripe and Twint. You can find their privacy link(s) here: postfinance.ch, stripe.com and twint.ch.
• Social media login details. We may offer you the opportunity to register using the details of your existing social media account, such as your Facebook, Twitter or other social media account. If you choose to register in this way, we will collect the information described in the section entitled “HOW DO WE MANAGE YOUR SOCIAL LOGINS? “
• All personal information you provide to us must be true, complete and accurate, and you must inform us of any changes to such personal information.
• Information collected automatically

In brief: Certain information – such as your Internet Protocol (IP) address and/or the characteristics of your browser and device – is collected automatically when you visit our services.

We automatically collect certain information when you visit, use or browse the Services. This information does not reveal your specific identity (such as your name or contact details), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is mainly required to maintain the security and operation of our services, as well as for internal analysis and reporting purposes.

Like many companies, we also collect information through cookies and similar technologies.

The information we collect includes

• Connection and usage data

Connection and usage data is service, diagnostic, usage and performance information that our servers automatically collect when you access or use our services, and which we store in connection files. Depending on how you interact with us, this log data may include your IP address, information about your device, browser type and settings, as well as information about your activity in the Services (such as timestamps associated with your use, pages and files viewed, searches and other actions you perform, such as features you use), information about device events (such as system activity, error reports (sometimes called “crash dumps”) and hardware settings).

• Device data

We collect device data, such as information about your computer, phone, tablet or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile operator, operating system and system configuration information.

• Location data

We collect location data such as information about your device’s location, which may be precise or imprecise. The amount of information collected depends on the type and settings of the device you use to access the services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can choose not to allow us to collect this information, either by refusing access to this information or by disabling your device’s location settings. However, if you choose to opt-out, you may not be able to use certain aspects of the services.

2. HOW DO WE PROCESS YOUR INFORMATION?

In short: We process your information to provide, improve and administer our Services, to communicate with you, for security and fraud prevention, and to comply with the law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• Facilitate account creation and authentication, and manage user accounts. We may process your information to enable you to create and log in to your account, and to maintain your account in good working order.
• To provide and facilitate the provision of services to the user. We may process your information to provide you with the requested service.
• Respond to user requests/offer assistance to users. We may process your information to respond to your requests and resolve any potential problems you may have with the service you have requested.
• To send you administrative information. We may process your information to send you details of our products and services, changes to our terms and policies, and other similar information.
• Execute and manage your orders. We may process your information to fulfill and manage your orders, payments, returns and exchanges made through the Services.
• To enable communication between users. We may process your information if you choose to use one of our offers to communicate with another user.
• To request feedback. We may process your information where necessary to request feedback and to contact you about your use of our services.
• To send you marketing and promotional communications. We may process the personal information you send us for marketing purposes, if this corresponds to your marketing preferences. You can opt-out of receiving marketing emails at any time. For more information, see “WHAT ARE YOUR PRIVACY RIGHTS?
• To offer you targeted advertising. We may process your information in order to develop and display personalized content and advertising based on your interests, location, etc.
• To protect our services. We may process your information as part of our efforts to keep our Services safe and secure, including monitoring and preventing fraud.
• To identify usage trends. We may process information about how you use our services in order to better understand how they are used and to improve them.
• Determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
• Safeguard or protect a person’s vital interests. We may process your information where this is necessary to save or protect someone’s vital interests, for example to prevent harm.

3. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR INFORMATION?

In short: we only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. a legal basis) to do so under applicable law, for example with your consent, to comply with laws, to provide services to you, to enter into or fulfill our contractual obligations, to protect your rights or to meet our legitimate business interests.

The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the valid legal bases on which we process your personal information. For example, we may use the following legal bases to process your personal information:

• Consent

We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You may withdraw your consent at any time. Find out more about withdrawing your consent.

• Contract performance

We may process your personal information where we believe it is necessary to fulfil our contractual obligations to you, including the provision of our Services or at your request prior to entering into a contract with you.

• Legitimate interests

We may process your information where we believe that it is reasonably necessary to achieve our legitimate business interests and that these interests do not override your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:

• Send users information about special offers and discounts on our products and services
• Develop and display personalized advertising content relevant to our users
• Analyze the use of our services in order to improve them and build user loyalty.
• Supporting our marketing activities
• Diagnose problems and/or prevent fraudulent activities
• Understand how our users use our products and services in order to improve their experience.
• Legal obligations

We may process your information if we believe it is necessary to comply with our legal obligations, for example to cooperate with a law enforcement agency or regulatory body, to exercise or defend our legal rights or to disclose your information as evidence in a dispute in which we are involved.

• Vital interests

We may process your information if we believe it is necessary to protect your vital interests or the vital interests of a third party, for example in situations involving potential threats to a person’s safety.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In brief: We may share information in specific situations described in this section and/or with the following categories of third parties.

Third-party suppliers, consultants and other service providers. We may share your data with third party vendors, service providers, contractors or agents (“third parties”) who perform services for us or on our behalf and who need access to this information to perform their work. The categories of third parties with whom we may share personal information are as follows:

• Advertising networks
• Cloud computing services
• Communication and collaboration tools
• Data analysis services
• Data storage service providers
• Finance and accounting tools
• Order processing service providers
• Payment processing tools
• Performance monitoring tools
• Engineering and product design tools
• Retargeting platforms
• Sales and marketing tools
• Social networking
• Test tools
• User account registration and authentication services
• Web hosting service providers
• Affiliate marketing programs

We may also share your personal information in the following situations:

Activity transfers. We may share or transfer your information in connection with a merger, sale of company assets, financing or acquisition of all or part of our business to another company, or during negotiations relating to such transactions.

When we use the APIs of the Google Maps platform. We may share your information with certain Google Maps APIs (for example, Google Maps API, Places API).

Affiliated companies. We may share your information with our affiliates, in which case we will require those affiliates to comply with this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Business partners. We may share your information with our business partners in order to offer you certain products, services or promotions.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In brief: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store information. Specific information on how we use these technologies and how you can refuse certain cookies can be found in our Cookie Notice.

6. HOW DO WE MANAGE YOUR SOCIAL IDENTIFIERS?

In brief: If you choose to register or log in to our services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (such as your Facebook or Twitter credentials). If you choose to do so, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider involved, but will often find your name, e-mail address, friends list and profile photo, as well as other information you choose to make public on such a social media platform.

We will only use the information we receive for the purposes described in this privacy notice or as specified to you on the relevant services. Please note that we do not control and are not responsible for other uses of your personal information by your third-party social media provider. We recommend that you consult their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and applications.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In short: We will retain your information for as long as necessary to fulfill the purposes described in this Privacy Notice, unless otherwise required by law.

We will only retain your personal information for as long as is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (for example, for tax, accounting or other legal requirements). None of the purposes set forth in this notice require us to retain your personal information longer than the period during which users have an account with us.

When we no longer have a legitimate business need to process your personal information, we will delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in a backup archive), we will store it securely and isolate it from further processing until deletion is possible.

8. HOW DO WE ENSURE THE SECURITY OF YOUR INFORMATION?

In short: we aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of all personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. While we do our best to protect your personal information, the transmission of personal information to and from our services is at your own risk. You must only access the services in a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

In short: We do not knowingly collect data from children under 18, nor do we market our services to them.

We do not knowingly solicit data from children under the age of 18, nor do we market our services to them. By using the Services, you represent that you are at least 18 years of age or that you are the parent or guardian of a minor and that you consent to the use of the Services by such minor. If we learn that personal information of users under the age of 18 has been collected, we will deactivate the account and take reasonable steps to promptly delete such data from our records. If you are aware of any data we may have collected from children under the age of 18, please contact us at [email protected].

10. WHAT ARE YOUR PRIVACY RIGHTS?

At a glance: In certain regions, such as the European Economic Area (EEA), the United Kingdom (UK) and Switzerland, you have rights that give you greater access to and control over your personal information. You can consult, modify or close your account at any time.

In some regions (such as the EEA, the UK and Switzerland), you have certain rights under applicable data protection laws. These include (i) request access to and a copy of your personal information, (ii) request rectification or deletion, (iii) restrict the processing of your personal information, (vi) where applicable, to benefit from data portability, and (vii) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us at the address given in the “HOW TO CONTACT US ABOUT THIS NOTICE” section below.

We will investigate and respond to all requests in accordance with applicable data protection laws.

• If you are located in the EEA or the UK and believe that we are unlawfully processing your personal information, you also have the right to lodge a complaint with your Member State’s data protection authority or the UK’s data protection authority.
• If you are located in Switzerland, you can contact the Swiss Federal Data Protection and Information Commissioner.

Withdrawal of consent: If we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details given in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

However, please note that this will not affect the lawfulness of the processing prior to its withdrawal, nor the processing of your personal information carried out on the basis of legitimate processing grounds other than consent.

Unsubscribing from marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in emails we send, by replying “STOP” or “UNSUBSCRIBE” to SMS messages we send, or by contacting us using the contact details provided in the “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” section. You will then be removed from the marketing lists. However, we may continue to communicate with you, for example to send you service-related messages necessary for the administration and use of your account, to respond to service requests or for other non-commercial purposes.

Account information

• If at any time you wish to consult or modify the information contained in your account or terminate your account, you can: contact us using the contact details provided.
• If you request closure of your account, we will deactivate or remove your account and information from our active databases. However, we may retain certain information in our files in order to prevent fraud, resolve problems, assist with investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most web browsers are configured to accept cookies by default. If you prefer, you can usually set your browser to delete or reject cookies. If you choose to delete or reject cookies, this may affect certain features or services of our services.

If you have any questions or comments about your privacy rights, you can send us an e-mail at [email protected].

11. DO-NOT-TRACK” FUNCTION CONTROLS

Most web browsers and some mobile operating systems and applications include a Do-Not-Track (“DNT”) function or setting that you can activate to indicate your privacy preference, i.e. that data relating to your online browsing activities should not be monitored and collected. At this stage, no uniform technological standard for the recognition and implementation of DNT signals has been finalized. As a result, we do not currently respond to browser DNT signals or any other mechanism that automatically communicates your choice not to be tracked online. If an online tracking standard is adopted and we are required to comply with it in the future, we will inform you of this practice in a revised version of this Privacy Notice.

12. DO WE UPDATE THIS NOTICE?

In short: Yes, we will update this notice as necessary to remain in compliance with applicable laws.

We may update this privacy notice from time to time. The updated version will be indicated by a “Revised” update date and the updated version will come into effect as soon as it is available. If we make material changes to this Privacy Notice, we will notify you either by conspicuously posting a notice of such changes or by sending you a notice directly. We encourage you to periodically review this privacy notice to stay informed about how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have any questions or comments about this leaflet, please send us an e-mail to [email protected] or contact us by post at the following address:

SWISS BOTANIC Sarl
Thunstrasse 92
3006 Bern
Switzerland

14. HOW CAN YOU CONSULT, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on the laws applicable in your country, you may have the right to request access to, modify or delete the personal information we collect from you. To request access to, update or delete your personal information, please complete and submit a data subject access request.