2. Who we are and how to contact us
Every website (including online-shops and mini sites for special offers), every presence on social media, multimedia portals, chatbots and every app of proxxon group entities (each a website) has a controller within the proxxon group with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) (or comparable provisions according to applicable data protection laws).
Should a proxxon entity or affiliate disclose personal data to another proxxon entity or affiliate for certain purposes of the receiving entity or affiliate, such entity or affiliate is the controller according to article 4 (7) GDPR.
The data protection officer can be contacted at: firstname.lastname@example.org
Furthermore, any inquiry, claim or concern regarding data protection at the proxxon group (all companies and affiliates) can be addressed to email@example.com
3. Personal data we collect about you, how and why we process it and the legal basis for our processing
Visitors to proxxon’s websites do not have to disclose any personal data such as their names, addresses, telephone numbers or e-mail addresses.
Please note that the information we collect about you may include data relating to your health or religion (for example information about a religious diet or health conditions in relation to the performance of our hotel or restaurant services). Such data processing will always be based either on your consent or on the performance of our contractual duties.
We may combine the personal data we collect about you through the different channels you use to interact with us (for example, browsing one of our websites, using our Wi-Fi login, signing up for a newsletter or loyalty programme, contacting us or applying to us). In addition, we may combine the information we hold about you with information about you from third parties, in particular from our selected retail partners, and from public sources. It is in our legitimate interests to do this so that we can form a clearer picture about our customer base and as a result improve our services and marketing activities. We do however not combine any personal data we collect through our surveillance systems such as operation of security cameras at our premises.
For the loyalty programme, in order for you to register and continue using this service, we need to collect your Titel, Company name, Physical address, Telephone number (mobile and business), Nationality, Credit Card information, Position in company and Nature of business. However, if you provide us with more personal data, you do so voluntarily.
You have the right to object to certain types of processing, including processing for direct marketing. If you have given your consent for certain processing activities, you have the right to withdraw your consent at any time.As a consequence, we may however not be able to provide you with all of our benefits (for more information, please see the section “Your rights”).
4. Marketing communications and automated decision-making (including profiling)
In order to provide you with all of the benefits of our products and services, and if you are not yet a customer of ours, we ask for your permission to send you information about the latest news, special events, offers, promotions and other benefits on our offers and services. We also ask for your permission to send you newsletters using your e-mail address.
You can choose to withdraw your permission at any time by clicking on the opt-out link in a newsletter marketing e-mail you receive from us or by sending an e-mail to us firstname.lastname@example.org.
In respect of the loyalty programmes, we also use technology that tracks your purchasing behaviour in our (online-)shops, hotels, restaurants, etc. This helps us to build a profile of your preferred services and products so that we can provide you with offers that are tailored to your specific preferences, based on your previous transaction activity.
If you do not agree with an automated decision that our technology has made in relation to you, you can contact us and we may decide to look into it for you (see the section 2“Who we are and how to contact us”).
5. Third party disclosure
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf, in particular:
business management services (e.g. accounting or asset management);
consulting services, e.g. services of tax consultants, lawyers, management consultants, consultants in the field of personnel recruitment and placement;
IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement etc.;
credit check, e.g. if you want to make a purchase on account or credit;
haulage and logistics services, e.g. for the dispatch of ordered goods;
administration services, e.g. real estate management;
business information and debt collection, e.g. if you want to make a purchase on account or if due receivables are not paid;
In some cases, the personal data we collect from you may also be accessed or processed outside of Switzerland or the EEA. Such destinations may not have laws which protect your information to the same extent as in Switzerland or the EEA. We take the necessary measures to put appropriate safeguards in place to protect your personal data. For example, the appropriate safeguards may be provided by standard data protection clauses adopted by the European Commission and accepted by the Federal Data Protection and Information Commissioner (known as “model clauses”). Please ask us if you would like to obtain a copy of or more information about the safeguards that are used to protect your personal data when it is processed outside of Switzerland and the EEA (see section 2 “Who we are and how to contact us”).
In addition, we may share your personal data in the following circumstances:
if we are required by applicable law or a public authority to share information about you;
if we need to share information about you in order to establish, exercise, defend or protect the rights, property or safety of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection; and
to successors in title or replacement operators of all or part of our respective businesses.
6. How long we retain your data
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected. Upon the completed processing of the contract or the deletion of a user account you may have registered to on one of our websites, your data are blocked for further use and are deleted upon expiry of the safekeeping periods prescribed by applicable laws such as tax and commercial law, unless you have explicitly consented to the continued use of your data or we have reserved the right to further use your data in a manner permitted by law as set out below. Your user accounts can be deleted at any time, by sending a message to email@example.com.
When determining the relevant retention periods, we will take into account factors including:
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law;
(potential) disputes; and
guidelines issued by relevant national data protection regulators.
To make visits to our websites more attractive and to allow the use of specific functions, we use what is termed cookies on various pages. Cookies are small text files that are saved on your end device. Some of the cookies used by us are erased again at the end of a browser session, i.e. when you close your browser (session cookies). Other cookies remain stored on your end device to allow us to identify your browser when you visit us again. You can change the settings on your browser to notify you when a cookie is set, which will allow you to approve or reject cookies on an ad hoc basis or to generally block all cookies. Failure to accept cookies can mean that the functionality of our websites is restricted.
Our websites may use Google Analytics or similar services. These applications are third party services which allow us to measure and analyse the use of our website. The provider of these services may be located in any country worldwide (in the case of Google Analytics which is operated by Google Inc. it is the U.S., www.google.com). The service provider uses permanent cookies for these applications. We will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the website by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the servicer may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider’s responsibility and data shall be processed according to the data protection policies of the service provider. The service provider will provide data on the use of the website to us.
8. Our policy on children’s personal data
We do not knowingly collect the personal data of children under 16 years of age, without the prior consent or authorisation of the holder of parental responsibility over the child.
9. Protection of your personal data
We have taken appropriate technical and organizational security measures to protect your personal data against unauthorized and/or unlawful processing as well as against unintentional loss, alteration, disclosure or unauthorized access. However, the electronic transmission of information via various communication channels bears security risk that cannot be completely eliminated. Therefore, we cannot assume any guarantee for information that you transmit in this way.
10. Your rights
You may at any time exercise the following rights. To find out how to submit a request, please see section 2 “Who we are and how to contact us”.
1. Right to be informed
2. Right of access
3. Right to rectification
You are entitled to have your personal data corrected if it is inaccurate or incomplete.
4. Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
6. Right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data between our IT systems and theirs safely and securely, without affecting its usability.
7. Right to object to processing
You have the right to object to certain types of processing pursuant to Article 21 GDPR, including processing for direct marketing (which we do only with your consent).
8. Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing. As noted above, if you withdraw consent then we may not be able to provide you with all of our benefits.
9. Right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The information is free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
In general, we will respond within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.