Toggle Nav
Menu
Account
Language
Search
Advanced Search
  • Compare Products

Privacy policy

Privacy Statement

Privacy policy

 

Maurice Lacroix respects your privacy and undertakes to comply with the EU General Data Protection Regulation (GDPR) and protect your personal data. This privacy policy applies to all personal data that Maurice Lacroix collects online, such as through this website, emails, and other online tools and apps, but not to data collected offline.

 

This privacy policy sets out how we, Maurice Lacroix, collect, use, and disclose personal data concerning you on our website, how we store your personal data and deal with third parties who may have access to your personal data, and, finally, how you can contact us if you have any questions or concerns.

 

You acknowledge that Maurice Lacroix may modify, update, or remove this privacy policy from time to time at its sole discretion. In such an event, we will post updated versions of this privacy policy on this page. A revised privacy policy will only apply to data collected after it enters into force. We encourage you to visit this page regularly to stay informed about our privacy policy.

 

Withdrawal of consent to use cookies

You can withdraw your consent for us to use cookies at any time with effect for the future. This can be done by going to the cookie settings and making your changes.

  1. Contact and controller

Your contact and what is known as the “controller” responsible for processing your personal data when you visit this website within the meaning of the GDPR is

 

Maurice Lacroix

Rue des Rangiers 21

2350 Saignelégier, Switzerland

info@mauricelacroix.com

 

EU agent:

 

DKSH Luxury & Lifestyle Europe GmbH

Stuttgarter Straße 8

75179 Pforzheim

Germany

 

If you have any questions about data protection in connection with our website or the use of our website, please feel free to contact our data protection officer at any time by sending an email to dataprotection.mauricelacroix@dksh.com.

 

  1. Device and access data; creation of log files

Every time you use our website, we collect data automatically transmitted by your browser in order to enable your visit to the website. This data particularly includes:

  • Domain name or IP address of the requesting device
  • Client file request (file name and URL)
  • http response code
  • Date and duration of visit and request
  • Browser and operating system
  • Online-IDs (e.g. device identifier, Session-IDs)
  • Address of accessed website and requesting website

This data must be processed in order to enable you to visit the website and ensure the uninterrupted functionality and security of our systems. For the purposes described above, the above data is also temporarily stored in internal log files in order to find out the cause and take action in the event of repeated calls or calls made with criminal intent that endanger the stability and security of our website, and in general to maintain our website administratively.

The legal basis for this data processing is Article 6(1)(b) of the GDPR if the website is accessed in the course of initiating or performing a contract. and furthermore Art. 6 (1)(f) GDPR based on our legitimate interest in enabling the website to be accessed as well as the permanent functionality and security of our systems.

 

  1. Account and payment data

3.1 User account / Registration

If you register on our website, we will set up a password-protected area where you can access the personal data concerning you that we have saved (customer account). In your customer account, you can view data relating to your completed, pending, and recently sent orders, and correct or modify any subscriptions, your payment data, and your personal data. We have highlighted the data you are required to provide by marking them as mandatory fields. Registration is not possible without this data.

The legal basis for this data processing is Article 6(1)(b) of the GDPR.

 

3.2 Orders

In the case of an order process, we collect the mandatory information required to perform the contract:

 

  • Salutation
  • First and last name
  • Birth date
  • E-mail address
  • Password
  • Billing and shipping address
  • Telephone number

 

The legal basis for processing is Art. 6 (1) (b) GDPR.

 

3.3 Payment data

You can choose to pay for your purchases by invoice, prepayment, Paypal, and credit card. We process your payment data for the purpose of processing your payment. Depending on how you choose to pay, we will pass on your payment data to the financial institution handling the payment and, as applicable, to any payment service provider we have contracted. Payment data such as billing addresses, IBAN, BIC and preferred payment method can be transmitted to these service providers. This also includes data that is directly related to payment processing, such as data that external payment service providers use for identification (e.g. first and last name, address, gender, email address, IP address, telephone number, PayPal ID ), Device information (e.g. IP address, device type, operating system) or data that are required to create an invoice such as number of items, item number, invoice amount and taxes in percent. These payment service providers can also process data on your previous payment behavior as well as probability values for behavior in the future. For the purpose of checking payments, e.g. to approve purchased goods, we also receive corresponding information about payment from the payment service providers. We also receive master and financial information from the payment service providers as part of any legally required identity checks.

The legal basis for this data processing is Article 6(1)(b) of the GDPR, because the processing is necessary for the performance of the contract and the processing of the order.

The legal basis of the data processing carried out by the payment service provider as controllers can be found in the data protection information of the respective payment service provider:

  • PayPal (Europe) S.a r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxemburg, Luxemburg („PayPal“). You find further information in PayPal’ Privacy Policy.
  • Ingenico e-Commerce Solutions SAS Boulevard de Grenelle 28-32 75015 PARIS FR. You find further information in the Ingenico Privacy Policy.
  • iPay88 (M) Sdn Bhd, Suite 2B-20-1, 20th Floor, Block 2B, Plaza Sentral, Jalan Stesesn, Sentral 5, 50470 Kuala Lumpur, Malaysia. You find further information in iPay88 Privacy Policy.

We would like to point out that data protection queries can most efficiently be submitted to the respective payment service provider, as only these providers have access to the data and can take appropriate measures directly.

 

  1. Contact options

You can contact us by sending an email to the CEO of Maurice Lacroix at stephane.waser@mauricelacroix.com or by using our contact form. If you do so, we will process your contact data and the content of your messages and communications with us. We process this data for the sole purpose of communicating with you.

The legal basis for this data processing is Article 6(1)(b) of the GDPR insofar as your data are required to answer your request or to initiate or perform a contract. Furthermore, Art. 6 (1)(f) GDPR is legal basis, based on our legitimate interest that you can contact us and we can answer your request.

The data collected by us when you contact us will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 11 “Storage duration").

 

  1. Newsletter

You may subscribe to our newsletter, enabling us to inform you regularly about our latest products and promotions.

 

You can unsubscribe from the newsletter at any time. Each newsletter contains an unsubscribe link. Alternatively, you can of course also simply send a message using the contact details given above or in the newsletter (e.g. by email or letter). The legal basis for this processing is your consent pursuant to Article 6(1)(a) of the GDPR.

 

Our newsletters employ customary technologies used to measure interactions with newsletters (e.g. opening of the email, clicked links). We use this data in pseudonymised form for general statistical analysis, as well as to optimise and evolve our content and customer communications. This is done with the help of small graphical elements embedded in our newsletters (pixels). The data is collected on a pseudonymised basis only and is not associated with any of your other personal data. The legal basis for this is your consent pursuant to Article 6(1)(a) of the GDPR.

 

 

We want to use our newsletter to share content of maximum relevance to our customers and to better understand what readers are actually interested in. If you do not want us to analyse your usage patterns, you can unsubscribe from the newsletter or generally deactivate graphics in your email client. Data relating to interaction with our newsletters is stored in pseudonymised form for 30 days and then fully anonymised.

 

We use the remarketing functions of the Salesforce Marketing Cloud provided by salesforce.com, Inc., The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (“Salesforce”). If you have consented to receive our newsletter and visit our website via a newsletter, we will use web beacons, which allow us to measure the effectiveness of our newsletter, e.g. whether you opened an email or which part of the newsletter was of particular interest to you. The legal basis for the use of Salesforce is

  1. Use of cookies and similar technologies

 

This website uses cookies and similar technologies (together “tools”) provided either by ourselves or by third parties.

A cookie is a small text file stored by the browser on your device. Cookies are not used to run programs or transmit viruses to your computer. Most browsers are configured to accept cookies by default. You can, however, adjust your browser settings to reject cookies or only store them after you have provided your consent. Some of our services may fail to function properly if you reject cookies. Similar technologies particularly include fingerprints, web beacons, tags, and pixels.

The tools we use are listed below, sorted by category. We particularly want to inform you about the providers of the tools, the duration for which cookies are stored, and how and when we disclose your data to third parties. We also explain the cases in which we obtain your voluntary consent to use the tools and how you can withdraw this consent.

 

6.1. Legal basis and right to withdraw consent

 

6.1.1. Legal basis

 

We use tools required to operate our website and others, where explicitly set out, on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR to enable your convenient and personalised use of the website and ensure that use is as time-saving as possible. In some cases, these tools may also be required for the performance of a contract or for steps required prior to entering into a contract, in which case processing is carried out pursuant to Article 6(1)(b) of the GDPR.

All other tools, in particular those for marketing purposes, are used on the basis of your consent pursuant to Article 6(1)(a) of the GDPR, provided that user profiles have been created for the purpose of marketing or market research. We will only process your data using these tools if you have provided your consent for us to do so.

 

6.1.2. Obtaining your consent

 

To obtain and manage your consents, we use the One Trust tool provided by OneTrust LLC., Dixon House, 1 Lloyd's Avenue, London, EC3N 3DQ, UK (“OneTrust”). This tool generates a banner that informs you about and allows you to consent to all, selected, or no data processing through the use of optional tools. The banner appears the first time you visit our website and whenever you access settings to make changes or withdraw your consent. It also appears on subsequent visits to our website, provided you have disabled the storage of cookies or the OneTrust cookie was erased or has expired.

When you visit our website, OneTrust will receive your consents or withdrawals of consent, your IP address, and information about your browser, your device, and the time of your visit. OneTrust also uses a required cookie to store your consents and withdrawals of consent. If you erase your cookies, we will request your consent again the next time you visit the website.

Data processing by OneTrust is required for the purpose of providing you with the consent management required by law and to comply with our documentation obligations. The legal basis for the use of OneTrust is Article 6(1)(f) of the GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.

 

6.1.3. Withdrawing your consent or changing your selections

 

You have the right to withdraw your consent to the use of certain tools at any time. To do so, click on the following cookie settings (can add link on website code) (<li><a href="#" class="ot-sdk-show-settings"></a></li>) You can then change the selection of tools to whose use you wish to consent. Alternatively, you may exercise your right to withdraw your consent directly with the provider.

 

6.2.         Required tools

 

We use certain tools to enable the basic functions of our website (“necessary tools”). We cannot provide our service without the use of these tools. Required tools are therefore used without consent on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR, or for the performance of a contract or for steps required prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR.

 

6.2.1.     First-party cookies

 

We use first-party cookies, in particular

  • for login authentication
  • for load balancing
  • to store your language preferences
  • to record that an item of information on our website has been displayed to you – so that it is not shown again the next time you visit the website

 

6.2.2.     Google Tag Manager

 

Our website uses Google Tag Manager, a service offered to users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element stored in the source code of our website, for example to record predefined usage data. Google Tag Manager ensures that the usage data required by our partners is forwarded to them.

 

Google Tag Manager does not use cookies.

 

The legal basis is Article 6(1)(f) of the GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner.

 

For the purpose of ensuring stability and functionality when using the Google Tag Manager, Google collects information about which tags are integrated by our website, but generally no personal data, in particular no data about user behavior, IP address or the visited pages.

 

We have concluded a data processing agreement with Google. Some data is processed on a Google server in the USA. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google pursuant to Article 46(2)(c) of the GDPR. More information can be found in the section 10.

 

Further information can be found in the Google Tag Manager overview.

 

 

6.3. Analytical tools

 

In order to improve our website, we use tools for statistical collection and analysis of general usage behaviour based on access data (“analytical tools”). We also use analytics services to evaluate the use of our various marketing channels.

 

6.3.1.     New Relic

 

Our website uses a service provided by New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA (“New Relic”) for monitoring purposes and to perform error analytics so that errors can be identified and resolved in real time. This enables us to collect and analyze statistical evaluations of the performance (response time, throughput, error rate, transactions) of the website. Through the plugin, New Relic receives the information that a user has called up the corresponding page of the offer. For this purpose, New Relic collects system data on add-ons, browsers, hardware and software and usage times, so-called application data, for which cookies are set in your browser.

 

If you are logged into New Relic as a user, New Relic can assign the visit to your account there. If you are not a member of New Relic, New Relic can still find out and save your IP address.

If you are a member of New Relic and do not want New Relic to collect data about you on our pages in order to link you to your member data stored by New Relic, you must log out of New Relic before visiting our pages.

 

We have concluded a data processing agreement with New Relic. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with New Relic pursuant to Article 46(2)(c) of the GDPR. More information can be found in the section 10.

 

More information can be found in the New Relic privacy policy.

 

6.3.2. Google Analytics

 

Our website uses Google Analytics, a web analytics service which is provided for users from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users of provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The contact provided by Google for all queries relating to data protection is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics uses cookies and similar technologies to analyse and improve our website based on your usage patterns. Google will process the information obtained in order to evaluate your use of the website, to compile reports on the website activities for the website operators, and to provide further services associated with the use of the website and the internet.

We have made the following privacy settings in Google Analytics:

  • IP anonymisation (truncation of IP address prior to evaluation, preventing any conclusions to be drawn regarding your identity)
  • Automatic erasure of old logs/limitation of storage duration
  • Advertising features enabled (including GA Audiences remarketing groups)
  • Cross-website tracking disabled (Google Signals)
  • Data sharing with other Google products and services disabled

 

  • Anonymised IP address
  • Referrer URL (previously visited website)
  • Pages accessed (date, time, URL, title, length of visit)
  • Downloaded files
  • Clicked links to other websites
  • As applicable, attainment of specific targets (conversions)
  • Technical information: operating system; browser type, version, and language; device type, make, model, and resolution
  • Approximate location (country and possibly town, based on anonymised IP address)

Google Analytics sets the following cookies for the stated purpose and storage durations:

  • “_ga” for 730 days and “_gid” for 24 hours (to distinguish unique website visitors by a user ID)
  • As applicable, “IDE” for 390 days (third-party cookie to distinguish unique website visitors by a user ID, to measure interactions with advertising, and for displaying personalised advertising)

The legal basis is your consent pursuant to Article 6(1)(a) of the GDPR. To withdraw your consent, see the section 6.1.3.

We have concluded a data processing agreement with Google for the use of Google Analytics.

The data arising in this context may be transmitted by Google to a server in the USA for evaluation and storage there. In the event that personal data is transferred to the USA, we have with Google and will obtain your explicit consent to allow this data transfer via the cookie banner pursuant to Article 49(1)(a) of the GDPR. To find out more about the risks associated with this, please see the section 10.

 

Further information can be found in Google’s privacy policy.

 

6.4.         Marketing tools

 

We also use tools for marketing purposes (“marketing tools”). Some of the access data resulting from the use of our website is used for interest-based advertising. The analysis and evaluation of this access data enables us to display personalised advertising, i.e. advertising matched to your actual interests and needs, on our website and on the websites of other providers.

The legal basis for the marketing tools is your consent pursuant to Article 6(1)(a) of the GDPR. To withdraw your consent, see the section 6.1.3. In the event that personal data is transferred to the USA, we will obtain your explicit consent to allow this data transfer via the cookie banner pursuant to Article 49(1)(a) of the GDPR. To find out more about the risks associated with this, please see the section 10.

In the following section, we would like to explain these technologies and the providers we use in more detail. Data we collect includes in particular:

 

  • IP address of the device
  • Cookie ID or information in web storage
  • Mobile device ID (device ID)
  • Referrer URL (previously visited website)
  • Pages accessed (date, time, URL, title, length of visit)
  • Downloaded files
  • Clicked links to other websites
  • As applicable, attainment of specific targets (conversions)
  • Technical information: operating system; browser type, version, and language; device type, make, model, and resolution
  • Approximate location (country and possibly town)

The data we collect, however, is stored only in pseudonymised form, preventing any direct conclusions relating to your person to be drawn.

 

6.4.1.     Google Marketing Platform and Ad Manager (formerly DoubleClick)

 

Our website uses the Google Marketing Platform and the Google Ad Manager, services offered to users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

These services use cookies and similar technologies to present advertisements relevant to you. The use of these services enables Google and its partner sites to serve ads based on previous visits to our and other websites on the internet.

The data arising in this context may be transmitted by Google to a server in the USA for evaluation and storage there. In the event that personal data is transferred to the USA, we have with Google and will obtain your explicit consent to allow this data transfer via the cookie banner pursuant to Article 49(1)(a) of the GDPR. To find out more about the risks associated with this, please see the section 10.

If you do not agree to the use of the Google Marketing Platform and Ad Manager, Google will display only general advertising not selected on the basis of information collected about you on this website. In addition to withdrawing your consent, you may also disable personalised advertising by going to Google’s advertising settings.

 

Google sets the following cookies:

 

  • IDE“ for 390 days (third-party-cookie to recognize and differ between website visitors via a user-ID, to collect the interaction with advertisements and within playing out personalized advertisements

 

Further information can be found in Google’s privacy policy.

 

6.4.2. Facebook conversion and retargeting tags

 

For marketing purposes, our websites use conversion and retargeting tags (also “Facebook pixels”) provided by the social network Facebook, a service offered to users outside the USA and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and to all other users by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (together “Facebook”).

We use Facebook pixels to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion tracking”). In addition, we use the Facebook pixels to show you individualised advertising messages based on your interest in our products (“retargeting”). Custom audience remarketing is also used.

For this, Facebook processes data that the service collects via cookies, web beacons, and similar technologies on our websites.

 

Facebook Pixel sets the following cookies:

  • „_fbp“ for 3 months (usage analysis and retargeting)
  • „fr“ for 3 months (usage retargeting)

The data arising in this context may be transmitted by Facebook to a server in the USA for evaluation and storage there. In the event that personal data is transferred to the USA, we will obtain your explicit consent to allow this data transfer via the cookie banner pursuant to Article 49(1)(a) of the GDPR. Also, we have concluded standard contractual clauses with Facebook. To find out more about the risks associated with this, please see section 10.

If you are a member of Facebook and Facebook has permitted it via your account’s privacy settings, Facebook may also link the information we collect from your visit to us to your member account and use it to target Facebook ads. You can view and change the privacy settings of your Facebook profile at any time.

If you do not agree to the use of Facebook pixels, Facebook will display only general Facebook ads not selected on the basis of information collected about you on this website.

More information can be found in Facebook’s privacy policy.

 

  1. Social-Media plugins and external media

 

We also use tools from social networks, which are used to log into the website with an existing user account or to share posts and content via these networks (“social media plugins”), as well as other external media, such as integrated ones Videos or maps.

The legal basis for this is - unless stated otherwise- your consent in accordance with Art. 6 (1) (a) GDPR which you have given via the cookie banner or with the respective tool yourself by allowing its use individually via a banner (overlay) placed above it. To withdraw your consent, see the section 6.1.3.

In the event that personal data is transferred to the USA, your explicit consent also includes the data transfer via the cookie banner pursuant to Article 49(1)(a) of the GDPR. To find out more about the risks associated with this, please see the section 10.

 

 

7.1 Facebook plugins

 

Our website uses social media plugins (such as the share button) of the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin, for users outside the USA and Canada 2, Ireland and for all other users by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (collectively “Facebook”).

 

For data protection reasons, no personal data is initially passed on to the social network when you visit our website. The plug-in is only activated after you have given your consent, and until then no direct contact between your browser and the social network is possible. In this way we prevent data from being transferred to the network and stored there without your knowledge. If you have given your consent, your data will be processed as follows:

 

Facebook receives the information that you have accessed the corresponding subpage of our online offer. This happens regardless of whether you have a Facebook account and are logged in there. If you are logged into Facebook, this data will be assigned directly to your account. If you activate the activated plug-in and, for example, link the page, Facebook also saves this information, including the date and time, in your user account and shares this publicly with your contacts. If you do not wish to be assigned to your profile on Facebook, you must log out before activating the plug-in.

 

Facebook stores this data as a user profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.

 

The data arising in this context can be transferred from Facebook to a server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, we have

In addition to withdrawing your consent, as a Facebook member you also have the option of deactivating advertising based on social actions in the advertising preferences.

 

More information can be found in Facebook’s privacy policy.

 

 

 

7.2 Youtube videos

 

We have integrated videos from YouTube on this website, which are stored at YouTube and can be played from our website if you have given your consent to this. The company that operates YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

 

 

 

When you visit our website, YouTube and Google receive the information that you have viewed the relevant subpage of our website. This happens irrespective of whether you are logged in at YouTube or Google or not. YouTube and Google use this data for the purposes of advertising, market research and the tailored design of their websites. If you view YouTube on our website while you are logged in to your YouTube or Google profile, YouTube and Google can additionally link this event to the respective profiles. If you do not want this action to be assigned to your account, you have to log out from Google before visiting our website.

In addition to withdrawing your consent, you also have the option of disabling personalised advertisements in the Google settings for advertisements. In this event, Google will display only non-individualised advertising.

Please see the privacy policy that also applies to YouTube for more information.

7.3 Google maps

Our website uses the Google maps service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043, USA (together "Google").

To integrate and display the Google map material we use in your web browser, your web browser must connect to a Google server, which may also be located in the USA, when you visit our website. In the event that personal data is transferred to the USA or other third countries,

By integrating the map material, Google receives the information that a page on our website has been accessed from the IP address of your device. If you call up the Google map service on our website while you are logged into your Google profile, Google can also link this event to your Google profile. If you do not wish to be assigned to your Google profile, you must log out of Google before calling up our contact page.

Google stores your data and uses it for advertising, market research and the personalized presentation of Google maps.

You can find more information on this in the Google Privacy Policy and the Additional Terms of Use for Google maps.

  1. Our profiles on social networks

 

We maintain our own profiles on social networks, allowing us to communicate with existing and potential customers and provide information on our products and services.

User data is generally processed by social networks for market research and marketing purposes. This makes it possible to create user profiles based on users’ interests. Cookies and other identifiers are stored on users’ computers for this purpose. These user profiles are used as the basis for displaying advertising, for example, on the social networks, as well as on third-party websites.

The legal basis for the data processing is Article 6(1)(f) of the GDPR, based on our legitimate interest in providing effective communication to and communicating with users, and, pursuant to Article 6(1)(b) of the GDPR, in maintaining contact with our customers, providing them with information, and carrying out the steps required prior to entering into a contract with future and potential customers.

The legal basis of the data processing carried out by the social networks themselves can be found in their privacy policies. The links below also contain information on how data is processed and how you can object to data processing.

We would like to point out that queries relating to data protection are best resolved by contacting the social networks themselves, as only they have access to the data and are able to take direct action:

  1. Disclosure of data

 

We will generally only disclose the data we collect if

  • you have given your express consent pursuant to Article 6(1)(a) of the GDPR
  • disclosure pursuant to Article 6(1)(f) of the GDPR is necessary in order to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • we are legally obliged to disclose it pursuant to Article 6(1)(c) of the GDPR
  • this is legally permissible and, pursuant to Article 6(1)(b) of the GDPR, is necessary for the processing of contractual relationships with you or for steps prior to entering into a contract carried out at your request

Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. Should we disclose data to our service providers, they may use the data solely for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.

In addition, a transfer of your data may occur in connection with official enquiries, court orders, and legal proceedings if they are deemed necessary for legal prosecution or enforcement.

 

  1. Transfer of data to third countries

 

As explained in this privacy policy, we make use of services offered by providers that may be located in “third countries” (e.g. the USA), i.e. countries that do not have a level of data protection comparable to that in the European Union. Where this is the case and where the European Commission has not adopted an adequacy decision (Article 45 of the GDPR), we have taken precautions to ensure an adequate level of data protection for any transfers of data. These include the European Union’s standard contractual clauses and binding internal data protection regulations.

Where this is not possible, we use as the legal basis for data transfers the derogations set out in Article 49 of the GDPR, in particular your explicit consent or the necessity of the transfer for the performance of a contract.

If data is to be transferred to a third country and neither an adequacy decision nor other suitable guarantees are available, there exists the possibility and risk that authorities in the third country (e.g. secret services) may obtain access to the transferred data for the purpose of collecting and analysing it, and that your rights as a data subject may not be enforceable. You will be informed of this when your consent is obtained via the cookie banner.

 

  1. Storage duration

 

We generally only store personal data for as long as is necessary to fulfil the contractual or statutory obligations for which we have collected the data. We then immediately erase the data, unless we need it until the end of the statutory limitation period for evidence purposes for civil law claims or due to statutory retention obligations.

For evidence purposes, we must retain contract data for a further ten years beyond the end of the year in which our business relationship with you is terminated. Any claims become statute-barred at the earliest after the statutory period of limitation.

Even after this time, we still need to store some of your data for accounting purposes. We are obliged to do so on the basis of statutory documentation obligations that may arise from the Swiss Code of Obligations, the Swiss Ordinance on the keeping and storage of business books (GeBüV), the Swiss law on VAT and the Swiss Money Laundering Act. The periods they stipulate for the retention of documents is ten years.

 

  1. Your rights

 

You have a right of access to information about how we process your personal data at any time. We will explain our data processing procedures to you and provide you with a summary of the personal data concerning you that we hold.

If data we have stored is incorrect or obsolete, you have the right to have this data rectified. You may also request the erasure of your data. The erasure of your data is generally only possible if certain conditions are met and/or if the data is no longer required, if the processing is not lawful, or in the case of other reasons pursuant to Article 17 of the GDPR. If, in exceptional cases, erasure is not possible due to other legal regulations, the data will be blocked – provided the necessary conditions are met – so that it is only available for this legal purpose. You may also restrict processing of your personal data if, for example, you have doubts about the accuracy of this data.

Under certain conditions, you also have the right to data portability, i.e. on request we will send you a digital copy of the personal data concerning you that you have provided to us.

In order to assert your rights described here, you may contact us at any times using the contact details given above. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection.

Your requests regarding your assertion of data protection rights and our replies to these requests will be stored for documentation purposes for a period of three years and, in some cases in relation to the assertion, exercise, or defence of legal claims, for a longer period. The legal basis is Article 6(1)(f) of the GDPR, based on our interest in defending against possible civil law claims pursuant to Article 82 of the GDPR, the avoidance of administrative fines pursuant to Article 83 of the GDPR, and compliance with our accountability obligations pursuant to Article 5 of the GDPR.

 

 

You have the right to withdraw consent once given to us at any time. As a result, we will not continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data on grounds relating to your particular situation at any time. Should you object to data processing for direct marketing purposes, you have a general right to object, which we shall comply with even if you do not state any reasons for your objection. 

Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact details given above.

Finally, you have the right to file a complaint with the data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working, or in the place of the alleged infringement.

 

  1. Data security

 

We apply up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and to prevent it from being disclosed to third parties. These measures are updated to comply with the state of the art. In order to protect the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter. This includes the training of our employees, who may have access to your personal data.

 

  1. Changes to this privacy policy

 

We may update this privacy policy from time to time, for example when we update our website or when statutory or official requirements change.

 

Last amended:    February 2022

 

© Maurice Lacroix. All rights reserved