As operator of the Website www.hangl-uhren.ch, (also referred to as “Website” or “Online-Shop“), we are responsible, within the meaning of the applicable data protection laws, with specific reference to the General Data Protection Regulation (“GDPR”), for the personal data of the user (“You“) of this Website.
Below, we inform You in a clear manner, as part of our obligations to provide information (Art. 13 et seqq., GDPR) as to what data is being processed when You visit our Website and on what legal basis the foregoing is carried out. You will also receive information on how we protect your data, by a technical and organisational point of view, and what your rights are as to us and the relevant regulatory authority.
1. About the data controller
Hangl AG
Dorfstrasse 11
7563 Samnaun
Switzerland
E-Mail: info@hangl.ch
Fax: +41 (0)81 860 25 02
Phone: +41 (0)81 868 57 34
2. Processing of your personal data
Informational use of our Website
When You visit our Website, so-called log files are processed to allow you visiting it. Such log files are automatically recorded in our system.
Following log files are automatically processed:
- IP address of the accessing computer
- type of internet browser used
- language of the internet browser used
- version of the internet browser used
- operating system and its version
- frontend of the operating system
- visited pages
- date and time of the visit
- time zone difference to Greenwich Mean Time (GMT)
- access status/TTP status code
- amount of data transferred
- success or failure of the loading process
- referrer
- internet service provider of the user
The log files contain your IP address and possibly further personal data. Consequently, it could be possible to link it to you. However, we store your data transiently and especially not together with other personal data.
To provide our Website it is it necessary to process the aforementioned data. We also store the data for the security of our information technology. Our legitimate interest in processing your data is also based on the Art. 6 (1) lit. f DSGVO. The log files which also contain your IP address will be deleted immediately or anonymised when they are no longer necessary to achieve the aforementioned purposes but at the latest after one month.
3. Use of offers
3.1. Registration/Customer Account
It is possible to create a customer account on our website with your personal data on a voluntary basis and the data will not be passed on to third parties. If you decide to create a customer account, you must provide us with the following information:
• E-Mail-Address
• First name and surname
• Address
• Telephone number
You can provide with your company name voluntary. In this case we save the company name together with your e-mail address if you provide us with this information.
When you submit your registration, we store your IP address as well as the date and time of your registration together with the information you provide. By completing the registration process you give us consent to our processing of your data.
Your data will be used for the purpose of administering your customer account and providing the associated functions, such as processing your customer data and displaying your orders. The legal basis for the storage of your customer account data is Art. 6 (1) lit. a GDPR.
We store your data provided to us in the context of your voluntary registration, as long as you do not delete your customer account.
If you apply changes to your personal information, the prior personal information will be deleted and only the updated data will be saved.
Furthermore, we store your data only in order to comply with our contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) lit. c GDPR). In this case, we restrict the processing of your data to the extent that they are only processed for the aforementioned purposes. In addition to this data, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is necessary for the purposes of our legitimate interests (Art. 6 (1) lit. f GDPR) to ensure the security of our systems and prevent misuse. These additional data will be deleted as soon as they are no longer needed, at the most when the contract has been concluded with you.
You can delete or change your voluntary customer account with us at any time. You will find the functions for changing your details or closing your account in your profile.
3.2. Orders
If you place an order on our website, we need following data from you to fulfil the contract with you:
- First name, surname and (billing and delivery) address, for sending you the products and the bill.
- E-Mail-address, for sending you the order confirmation and make you the contract documents available immediately.
- We need your phone number.
- Your payment information, to process the payment.
For delivery of your order, we pass on your address data to our shipping or logistics service provider for the purpose of delivery.
The legal basis for the processing of your data is Art. 6 (1) lit. b GDPR. The data will be stored as long as it is necessary for the fulfilment of the contract. In addition, we store your data only in order to comply with our contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) lit. c DSGVO). In this case, we restrict the processing of your data to the extent that they are only processed for the aforementioned purposes. In addition to this data, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is necessary for the purposes of our legitimate interests (Art. 6 (1) lit. f GDPR) to ensure the security of our systems and prevent misuse. These additional data will be deleted as soon as they are no longer needed, at the most when the contract has been concluded with you.
3.3. Payment methods and credit check
You can choose between several payment methods. The chosen provider also receives your personal data, for example your name, your address and your account details. In addition, our house bank receives your bank details when they receive an electronic payment.
PayPal: If you pay on our website with PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg), PayPal receives your payment details for payment processing and PayPal may carry out a credit check. You can find more information at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE#rAnnex
Credit card: If you pay via credit card on our website, your credit card service provider will receive the information that you have placed an order with us. Your credit card provider may conduct a credit check. Please refer to your credit card provider’s website for more information.
Payment in advance: If you pay in advance on our website, our house bank receives your bank details for payment processing.
4. Contact possibilities
4.1. Contact form
You can contact us via our contact form. By contacting us, you might give us feedback or to ask us questions. If you make use of this possibility, you submit the following personal information to us:
- Mail address (in order to contact you)
- First names and surnames (for purposes of abuse prevention)
- Company data (voluntary)
In addition to the personal information that you voluntarily provide us with, we store the time (date and time) of submission of your data to us as well as your IP address. The processing of this data is in our legitimate interest (Art. 6 (1) lit. f GDPR) to ensure the security of our systems and prevent misuse. This data, which we collect additionally during your contacting us, will be deleted as soon as it is no longer needed, at the latest when the request of your contacting us has been comprehensively clarified.
By submitting the contact form, you give us consent to our processing of your data. The legal basis for the processing of your data for the purpose of transacting your contact request is Art. 6 (1) lit. a GDPR. The data will be stored until it is no longer necessary in order to achieve the purpose of our conversation and the purpose of your contact request has been fulfilled.
If the purpose of your contact request is to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) lit. b GDPR.
Your data will be stored as long as necessary for the transaction of the contract. Furthermore, we store your data only in order to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) lit. c GDPR).
4.2. Contact via e-mail, phone or fax
You have the option to contact us via e-mail. Your personal data transmitted in the e-mail, via phone or via fax will be stored by us. No transfer of the data to third parties will take place. The data is processed exclusively to process your contact. The legal basis for the processing of your personal data is Art. 6 (1) (f) GDPR. The data will be stored until it is no longer necessary to attain the aim of the conversation with You and the concerns of your contact have been fully resolved.
If your email, your cal or your fax is intended to conclude a contract with us, the additional legal basis for the processing of your personal data will be Art. 6 (1) (b) GDPR. This data will be stored for as long as necessary for the performance of the contract. Furthermore, we will only store your data to comply with contractual or legal obligations (e.g. tax obligations) (Art. 6 (1) (c) GDPR).
You may withdraw your consent to the processing of your personal data at any time by informing us accordingly via e-mail. In this case, all personal data related to the conversation will be deleted and it will not be possible to continue with the conversation.
5. Cookies
Please note the following: You can ensure yourself that no cookies are stored on your computer at all, or that storage is permitted in respect of certain cookies only. You can select this in your Internet browser settings. There You can also view and delete your stored cookies.
If You block all cookies, not all features of our Website may be available to You.
We use cookies on our Website. Cookies are text files that are sent by our web server to your browser as part of your visit to our Website and that are kept on your computer for later retrieval. A cookie will allow to identify your web browser when You visit the site again. There are session cookies, which are those that are deleted when the browser is closed, and there are persistent cookies that are stored on the hard disk until their default expiration date is reached or until they are removed by You.
5.1 Own cookies
We use our own cookies to ensure the functionality of our Website. Some elements of our Website necessarily require that your internet browser be identified again after a page change.
In the overview, you can see the purposes for which your data is collected and the duration of the relevant storage period:
Name of Cookie | Purpose of Cookie | storage period |
woocommerce_cart_hash | Contains information about contents of your virtual shopping cart | until the end of the browser session |
woocommerce_items_in_cart | Contains information about contents of your virtual shopping cart | until the end of the browser session |
wp_woocommerce_session_ | Contains a unique user identifier, to match data of a virtual shopping cart to a user | 2 days |
For the processing of personal data in cookies, which we put on our Website to guarantee the functionality of our Website and to provide our offers the relevant legal basis is Art. 6 (1) (f) GDPR.
Also, we use cookies which are not essential but useful to ensure the functionality of our website. In the overview, you can see the purposes for which your data is collected and the duration of the relevant storage period:
Name of Cookie | Purpose of Cookie | storage period |
borlabsCookie | Stores your cookie settings, in particular whether you accept Google Analytics cookies. | 1 year |
_icl_current_language | Stores your preferred language | 1 day |
Right to object and to be forgotten
As stated at the beginning of this section, you may, by changing the settings in your Internet browser, enable or restrict the transmission of cookies. Cookies that have already been stored by your Internet browser can be deleted there at any time. If cookies for our Website are restricted or deactivated, it is possible that not all the relevant functionalities can be used.
5.2 Third-party cookies
On our Website we use cookies from “third-party providers”. This means that, as part of your visit to our Website, data is transferred from within your web browser to the third party’s web server and it is stored therein.
In any case, by visiting the page of the explanations on our third-party cookies, you will see the option to click on an “opt-out” button. The “opt-out” works in such a way that the third party stores an opt-out cookie, which prevents tracking of the same.
Google Analytics
The analytics service of Google Analytics by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Analytics“) was implemented on our Website.
Google Analytics uses cookies that store the following information:
- type of internet browser used
- version of internet browser
- the operating system you are using
- referrer (previously visited website)
- your shortened IP-address
- Time of server request
Name cookie | purpose of the cookie | storage duration |
_ga | Serves to distinguish users to generate statistical data about the use of the Website | 2 years |
_gat | Restricts the request rate for Google Analytics | until the end of the browser session |
_gid | Serves to distinguish users to generate statistical data about the use of the Website. | 24 hours |
We use the feature of Google Analytics to anonymize your IP address before storing or processing. Your IP address is usually shortened within the European Union/EEA and only then transferred to Google servers in the United States. The processing of your information will take place using a pseudonym and we will not undertake any aggregation to any other personal data about you.
We will use the data collected this way for statistical purposes, to optimise our Website and for our special offers. The legal basis for this is Art. 6 (1) (f) GDPR.
In addition, you may prevent Google from collecting the data generated by the cookie and related to your use of the Website (including your IP address) as well as the processing of this data by Google, by downloading and installing the available browser plugin using the link below (http://tools.google.com/dlpage/gaoptout?hl=en).
You can disable the storage of Google cookies yourself, directly in your browser settings, or you can prevent the processing of your data by clicking on the following link and activating an “opt-out”: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable. Then an “Opt-out” cookie will be placed, which will prevent the collection of your user data on this Website.
Google’s Privacy Notice can be found at the following link: https://policies.google.com/privacy?hl=en.
6. Social Media
6.1. Icon links to social networks
On our Website we use small icons, each of which makes reference on our Website to third-party platforms (Facebook and Twitter). It concerns hyperlinks so none of your data is automatically transferred. Such transfer is implemented only if You click on the icons and a new tab with the third-party website opens in your browser.
6.2. Facebook fan page
We operate on the social media platform Facebook (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, (“Facebook“) a fan page, which we link to on our company page via the Facebook icon. If You do not click on the link, Facebook will not receive any data from You. If you click on the link to, for example, view our company presence on Facebook or “like” our site, Facebook will receive data from You (which data Facebook will receive depends also on whether you are logged in at Facebook while you click on the page or not).
While Facebook uses this data under its own responsibility to create profiles and to generate so-called Custom Audiences, on our company home page we can only see aggregated data, i.e. statistics that are not personally identifiable. These statistics are called “Page Insights”. Additional Information about Page Insights are available under the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data.
Due to the the legal obligations of the GDPR, we concluded a Joint Controllership Agreement provided by Facebook, regulating our joint controllership of our fan page. You can find this agreement under the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
As a result, Facebook is primarily responsible for the aggregated Insight data. Additionally, Facebook will fulfill all obligations under the GDPR with regard to the processing of Insight data (including Art. 12, 13 GDPR, Art. 15-22 GDPR and Art. 32-34 GDPR). If you send us a request regarding our Facebook fan page, we will inform Facebook of this immediately. According to our agreement, Facebook will respond to the request.
The linking to our social media presence on Facebook and the data processing associated thereby relate to our legitimate interests. The legal basis for this is Art. 6 (1) (f) GDPR. The Facebook data policy can be found here: https://www.facebook.com/policy.php.
6.3. Social Media Plugins (with Shariff-function)
Please note the following: Our website includes social media plug-ins from social networks (Facebook and Pinterest). However, data to the respective social media platforms are not activated directly when you call up our website, but only when you yourself become active by clicking on the respective share button (Shariff function). You will notice it, because the buttons are with grey background and when you move your mouse over it, it become coloured.
If you are already logged in to the social media platform at the time you click on the button, a window will appear with which you can confirm whether you would like to share the article on the respective platform. If you are not logged in, the log-in field will appear for the platforms.
a. Facebook Plugin (with Shariff-function)
The social network Facebook is offered (in Europe) by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (in the following: Facebook). Facebook is responsible for the use of data at the Facebook network. When the plug-in (a Facebook component) is clicked, Facebook will know that you have activated the component from one of our pages. If you are logged in to Facebook at the same time, Facebook will associate this information with your Facebook user profile. Embedding the sharing feature on Facebook on our website and the associated data processing is in line with our legitimate interests because we want to present ourselves in this way as well. The legal basis for this is Art. 6 (1) lit (f) GDPR. If you decide to click on the button to share an article, the legal basis for the use of data in this case is Art. 6 (1) lit. a GDPR. You can find the Facebook privacy notice under: https://www.facebook.com/policy.php.
b. Pinterest Plugin (with Shariff-function)
The social network Pinterest is offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (in the following: Pinterest). Pinterest is responsible for the use of data at the Pinterest network. When the plug-in (a Pinterest component) is clicked, Pinterest will know that you have activated the component from one of our pages. If you are logged in to Pinterest at the same time, Pinterest will associate this information with your Pinterest user profile. Embedding the sharing feature on Pinterest on our website and the associated data processing is in line with our legitimate interests because we want to present ourselves in this way as well. The legal basis for this is Art. 6 (1) lit (f) GDPR. If you decide to click on the button to share an article, the legal basis for the use of data in this case is Art. 6 (1) lit. a GDPR. You can find the Pinterest privacy notice under: https://policy.pinterest.com/en/privacy-policy.
7. Your rights
When we process your data, you are a “data subject” within the meaning of the GDPR. You have the following rights: right to access the stored personal data, right to rectification, right to restriction of the processing, right to erasure, right to be informed as well as right to data portability, in addition, you have a right to object and a right to withdraw consent.
Below You will find details about the individual rights:
a. Right to access the stored personal data
You have the right to demand from us confirmation whether we process your personal data.
If we process your personal data, You have the right to disclosure of the following information:
- the processing purposes;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations;
- if possible, the planned duration your personal data will be stored or, if this is not possible, the criteria for determining that duration;
- the existence of a right to rectification or erasure of personal data concerning You or to restriction of our processing or a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data has not been collected directly from You, all available information about the source of the data;
- the existence of an automated decision-making process including profiling under Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the implications and intended effects for You of such processing.
If we transfer your data to an international organisation or to a third country, You also have the right to demand information as to whether suitable guarantees exist in connection with the transfer under Art. 46 GDPR.
b. Right to rectification
You have the right to rectification and/or completion of the data we have stored about You if such data is incorrect or incomplete. We will initiate the correction or completion immediately.
c. Right to restriction of processing
Under certain conditions, You have the right to demand that we restrict the processing of your personal data. At least one of the following conditions must be met:
- You contest the accuracy of your personal data for a period enabling us to verify the accuracy of your personal data,
- The processing is unlawful, and You refuse erasure of the personal data and instead require the restriction of the use of the personal data;
- We no longer need your personal data for processing purposes, but You need it to assert, exercise or defend your legal rights, or
- You have objected to the processing pursuant to Art. 21 (1) GDPR if it is not yet certain whether our legitimate reasons override your interests.
d. Right to erasure
You have the right to demand from us to immediately erase your personal data if we are required to do so. This is the case if one of the following conditions is met:
- Your personal information is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent to the processing under Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
- In accordance with Art. 21 (1) GDPR, You object to the processing and there are no legitimate reasons for the processing, or You object to the processing under Art. 21 (2) GDPR.
- Your personal data was processed unlawfully.
- The erasure of personal data is required to fulfil a legal obligation under legislation of the European Union or national law of member states to which we are subject to.
- Your personal data has been collected in relation to offered information society services under Art. 8 (1) GDPR.
If we have made your personal information public and we are required to erase it in accordance with the above-mentioned conditions, we shall take appropriate measures, also of a technical nature, to inform, taking into account the technologies and implementation costs available to us, the other data controllers who process the personal data that You have demanded from us the erasure of any links to such personal data or of copies or duplications of such personal data.
However, your right to erasure does not exist if processing is required for the following reasons (exceptions):
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation required by the legislation of the European Union or of the member states to which we are subject to, or to perform a task taking place in the public interest or in the exercise of official authority which has been delegated to us;
- for reasons of public interest in the field of public health under Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Art. 89 (1) GDPR, to the extent that the law referred to in (1) will probably render impossible or will seriously affect achieving the objectives of that processing, or
- to assert, exercise or defend legal rights.
e. Right to be informed
If You have asserted your right towards us to rectification, erasure, or restriction, we are required to notify all recipients to whom we have disclosed your personal data, about the rectification, erasure, or restriction of the processing of your data, except when it results to be impossible or involves a disproportionate effort thereto.
f. Right to data portability
Under the following condition You have the right to receive the personal data that You have provided to us, in a structured, common and machine-readable format and the right to have this data transmitted to another data controller:
- The processing is based on consent under Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract under Art. 6 (1) (b) and
- the processing takes place using automated procedures.
You have the right to obtain, that we transfer your personal data directly to another data controller, as far as this is technically feasible and the freedoms and rights of other persons are not affected by this.
This right to data portability does not apply if the processing is necessary for the performance of a task that is in the public interest or takes place in the exercise of public authority that has been delegated to us.
g. Right to object
At any time, You have the right, for reasons that arise from your particular situation, to object against the processing of your personal data, as based on Art. 6 (1) (e) or (f) GDPR. This also applies to a profiling referred to in these provisions.
In the event of an objection, we will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal rights.
When we process your personal data to perform direct marketing, You have at any time the right to object to the processing of your personal data for the purpose of such marketing. This also applies to profiling, as far as it is related to direct marketing.
If You object to the processing of your personal data for direct marketing purposes, we will no longer process them for these purposes.
You have the option, in the context of the use of information society services – regardless of Directive 2002/58/EC (Privacy and Electronic Communications Directive) – to exercise your right of objection through automated procedures that use technical specifications.
h. Right of withdrawal
Under Art. 7 (3) GDPR You have the right to withdraw your consent at any time. The withdrawal of consent does not retroactively render the processing unlawful.
i. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, in the member state of your place of residence, employment or the place of the alleged infringement, You may exercise your right of to lodge a complaint if You believe that the processing of your personal data is violating the GDPR.
An overview of the respective national data protection officers of the states as well as their contact information can be found under the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
8. Validity and last amendment of these data protection provisions
Version: November 2018.