Lista AG, represented by the company’s data protection officer(s), operates this online shop and is responsible for the collection, processing and use of your personal data. Lista AG is therefore also responsible for ensuring that all data processing is carried out in accordance with applicable law.

The protection of your personal data is of great concern to us. We take the matter of data protection seriously and pay attention to the security of your data. We comply with all applicable statutory provisions in particular the Swiss Data Protection Act (DSG) and the Ordinance to this Act (VDSG) and the provisions of the Telecommunications Act (FMG). Where applicable, we also comply with the provisions of the General Data Protection Regulation (GDPR) of the European Union.

It is important to us that you know what personal data we collect from you, how this is done, how the data is processed and for what purposes. By using our website, you give your consent to all such data processing within the meaning of Art. 6(1)(a) GDPR. Please read the following information carefully.

I What data do we process when you visit our website?

When you visit our website, our servers temporarily store each access in a log file. The following data is automatically recorded:

the IP address of the requesting computer

the date and time of access

the name and URL of the retrieved file

the website from which the access came

the operating system of your computer and the browser you use

the country from which you accessed the site and the language settings of your browser

the name of your Internet access provider

This data is collected for the purpose of enabling the use of our website (establishing the connection) to ensure system security and stability, for the optimisation of our Internet services and for internal statistical purposes. In particular, the IP address is used to record your country of residence and to set up the appropriate settings (e.g. language). The IP address is also stored in order to be able to respond appropriately to attacks on our network infrastructure. These purposes constitute our legitimate interest in this data collection and data processing within the meaning of Art. 6(1)(f) GDPR.

 

Finally we would like to point out that when you visit our website, we also use so-called cookies and tracking tools (for further information, please refer to sections IV to V) and collected data may be forwarded to third parties and/or abroad (for further information, please refer to sections VI and VII).

II What data do we process when you use our contact form?

You have the option to use a contact form on our website to get in contact with us. Entering certain data is mandatory, for other data it is optional:

Form of address (mandatory)

Forename and surname (mandatory)

Date of birth (mandatory)

Address (street, house number, postcode) (mandatory)

Company name (optional)

Town/city, country (mandatory)

Email address (mandatory)

We shall mark the mandatory data as such. Failure to provide this information may hinder the provision of our services. The provision of other information is voluntary and has no effect on the use our website. We only use this data to be able to answer your contact request in the best possible and personalised way. This also constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. You can object to this data processing at any time. This is explained in more detail in section X.

III What data is collected about you and processed for advertising purposes?

In the following section we would like to show you what data about you is collected and processed for advertising purposes and how this is done. These data processing operations are all based on a legitimate interest within the meaning of Art. 6(1)(f) GDPR, whereby our interest lies in particular in direct marketing and the analysis and evaluation of the use of our website. By using our website, you also give your consent to these data processing operations within the meaning of Art. 6(1)(a) GDPR.

1 Creation of pseudonymised usage profiles

In order to provide you with personalised services and information on our website (on-site targeting), we use and analyse the data we collect about you when you visit the website. During this processing, so-call cookies may also be used if necessary (for more details see section IV). The analysis of your user behaviour may lead to the creation of a so-called usage profile. Merging the usage data is only carried out with pseudonyms, never with non pseudonymised personal data.

To enable personalised marketing in social networks, we integrate so-called remarketing pixels from Facebook and LinkedIn on the website. If you have an account with one of the social networks included in this site and are logged in at the time of your visit, this pixel links your visit to your account. If you wish to prevent this link, you must log out of your account before visiting the site. You can also make further setting for advertising in the respective social networks in your user profile.

2 Retargeting

We use so-called retargeting technologies on the website. Your user behaviour on our website will be analysed in order to be able to offer advertising tailored to you. Here your user behaviour is recorded pseudonymously. Most retargeting technologies work with so-called cookies (more information on cookies can be found in section V).

You can prevent re-targeting at any time by rejecting or switching off the relevant cookies in the menu bar of your web browser (for more information on cookies, see section IV). You can also request an opt-out for the above-mentioned additional advertising and re-targeting tools from the Digital Advertising Alliance website at optout.aboutads.info

IV What are cookies and what are they used for?

Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website. Cookies help us to make your visit to our website easier, more pleasant and more meaningful. For example, we use cookies to better customise the information, offers and advertising displayed to your individual interest. Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message appears every time you receive a new cookie. Disabling cookies may, however, mean that you will not be able to use all the functions of our website.

V What are tracking tools and what are they used for?

On our website we use various additional tracking tools. We use tracking tools to observe your surfing behaviour on our website. This monitoring is carried out for the purpose of designing our website in line with needs and for the continuous optimisation of our website. In this context, pseudonymised user profiles are created and cookies are also used

VI Is the data collected passed on to third parties?

We only pass on your personal data if you have expressly consented, if there is a legal obligation or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the relationship between you and Lista AG. See also section XI "Security of your payment information". In addition, we will pass on your data to third parties as far as this is necessary as part of the use of the website for the provision of the services requested by you and for the analysis of your user behaviour, as described above. Where this is necessary for the above purposes, the data may also be transferred abroad. If our website contains links to third-party websites, Lista AG no longer has influence on the collection, processing, storage or use of personal data by the third party after you click on these links and, to the extent permitted by law, does not assume any responsibility or liability for this.

VII Is data transmitted abroad?

1 General information

LISTA may also transfer your personal data to third parties (i.e. commissioned service providers) abroad, if this is necessary for the data processing described in this Privacy Policy. These third parties are bound to protection of data privacy to the same extent as we ourselves are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we shall contractually ensure that the third party safeguards the protection of your personal data at a level corresponding to that in Switzerland or the EU at all times.

2 Data transfers to the USA

For the sake of completeness, we would like to point out that in the USA there are monitoring measures by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception on the basis of the objective pursued and without any objective criterion making it possible to limit access to and subsequent use of the data by the US authorities to very specific and strictly limited purposes that are capable of justifying the interference linked both to access to and use of the data. Furthermore, we would like to point out that there are no legal remedies in the United States that would allow them to access, rectify or erase data concerning them, or that there is no effective judicial protection against general access rights of US authorities.

It is our concern to draw your attention to this legal and factual situation so that you can make an appropriately informed decision to consent to the use of your data.

Users residing in an EU member state are advised that the US does not have an adequate level of data protection from the point of view of the European Union, partly because of the issued mentioned in this section.

Where we have explained in this privacy policy that recipients of data (such as Google, Facebook and LinkedIn) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners, either by contractual arrangements with these companies or by ensuring that these companies are certified under the EU-US Privacy Shield.

VIII Data security and confidentiality

We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are being continuously improved according to the latest state of the art.

We also take in-house data protection very seriously. Our employees and the services companies contracted by us have been bound by us to maintain confidentiality and to comply with the provisions of data protection law. 

IX Security of your payment information

Here we would like to inform you about how your personal data is processed when using the various payment methods we offer.

When you purchase on account, we check your credit rating using Creditreform. You are entitled at any time to request information about your own data record and to rectify incorrect information.   

Information on Creditreform can be found here:
Schweizerischer Verband Creditreform
Teufener Strasse 36
CH-9000 St. Gallen
Email: info@creditreform.ch
Further information on this service provider's guidelines can be found at https://www.creditreform.ch/en/selbstauskunft.html   

When paying by credit card (offered card types), the payment data you have entered is recorded and stored by the company Datatrans and only passed on to the companies involved in the payment process. Datatrans complies with current security standards, in particular the Payment Card Industry Data Security Standard (PCI DSS) and is fully compliant with the EU's General Data Protection Regulation (GDPR).

Information on Datatrans can be found here:
Datatrans AG
Kreuzbühlstr. 26
CH-8008 Zurich
Email: info@datatrans.ch

Further information on this service provider's policies can be found at https://www.datatrans.ch/en/privacy-policy/   

X Retention of data

We store personal data only as long as necessary

to use the above-mentioned tracking advertising and analysis services as part of our legitimate interest;

to carry out to the extent specified above services that you have requested or for which you have given your consent;

to meet our legal compliance obligations.

Data in connection with entering into or fulfilling a contract will be kept by us for a longer period of time, as this is prescribed by legal retention obligations, for example in accounting rules and tax law. Under these rules, business communication, contracts entered into and accounting records must be kept for up to 10 years. Where we no longer need this data to provide you with services, the data will be generally blocked. This means that the data may then only be used for accounting and tax purposes.

XI Your rights

You have the right to receive information free of charge about the personal data we store about you upon request. In addition, you have the right to have incorrect data rectified and the right to have your personal data erased, provided that this does not conflict with any legal obligation to retain data or any permission that allows us to process the data. Under Articles 18 and 21 GDPR, you also have the right to require restriction of data processing and to object to processing. You also have the right to require that we return the data that you have provided to us (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a commonly used file format.

If data processing is based on your consent, you can withdraw this consent at any time. You can contact us for the above mentioned purposes using the email address dataprotection@lista.com. You can also tell us what to do with your data after your death by giving us appropriate instructions. For processing your requests, we may, at our discretion, require proof of identity. If you contact us, we will make every effort to send you a reply as soon as possible and to take the required steps.

If you are resident in an EU country, you have the right to lodge a complaint at any time to a data protection supervisory authority.

Name and address of the data controller for the processing

Data controller within the meaning of the GDPR is:

Lista AG
Data protection officer
Fabrikstrasse1
CH-8586 Erlen
E-Mail: dataprotection@lista.com

www.lista.com