Privacy Policy
Table of contents
A. Information applicable to all sales channels
1. Data controller and content of this Privacy Policy
2. Contact person for data protection
3. Your rights
4. Data security
5. Contact us
6. Use of your data for marketing purposes
6.1 Central data storage and analysis in our system
6.2 Email marketing and newsletters
7. Disclosure to and access by third parties
8. Transfer of personal data abroad
9. Retention periods
B. Special provisions applicable to use of our website
10. Log file data
11. Cookies
12. Tracking- and Webanalytics-Tools
13. Social media
13.1 Social media profiles
14. Online advertising
14.1 Google Ads
15. Registration for a customer account
16. Ordering products
17. Payment processing online
18. Submitting ratings
A. Information applicable to all sales channels
1. Data controller and content of this Privacy Policy
We, Zuercher Cosmetics GmbH , Schueepwisstrasse 1A, 8117 Faellanden, Switzerland, operate the Zuercher Cosmetics business premises ("Business Premises") and the website www.beauty-essentials.ch ("Website") and, unless otherwise indicated, are responsible for the data processing operations set out in this Privacy Policy.
Please take note of the information below to know what personal data we collect from you and for what purposes we use it. In data protection matters, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases. Furthermore, other companies are responsible under data protection law (or jointly responsible with us) for individual data processing operations listed below, and in these cases you should also take note of the information provided by these other companies is also applicable.
The following information may be amended from time to time. We therefore recommend that you consult this Privacy Policy regularly.
2. Contact person for data protection
If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an email to the following address: info@beauty-essentials.ch
You can contact our EU data protection representative at: Zuercher Cosmetics GmbH, Schueepwisstrasse 1A, 8117 Faellanden, Switzerland, info@beauty-essentials.ch
3. Your rights
Provided that the relevant legal requirements are met, as a person affected by data processing you have the following rights:
Right of access: You have the right to request access to your personal data stored and processed by us at any time and free of charge. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, we may block your data instead, provided the conditions are met.
Right to restrict processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to obtain from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You can object to the processing of your data at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails).
Right of withdrawal: In principle, where you have given consent you have the right to withdraw that consent at any time. However, processing activities that have already taken place based on your consent do not become unlawful because of your revocation of consent.
To exercise these rights, please send us an email to the following address: info@beauty-essentials.ch
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, for example against the way your personal data is processed.
4. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.
5. Contact us
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request will be documented. Data that it is mandatory you provide are marked with an asterisk (*) in the relevant contact form.
We process this data exclusively in order to implement your requests (e.g. providing information about a product, support in the processing of a contract such as the return of products, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
6. Use of your data for marketing purposes
6.1 Central data storage and analysis in our system
If it is possible to clearly identify you, we will store and link the data described in this data protection declaration, in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data, allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Art. 6 para. 1 lit. f EU-GDPR.
We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and potential future orders based on your website use. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in carrying out marketing measures.
6.2 Email marketing, newsletters and direct mailing
If you register for our e-mail newsletter (e.g. when opening or within your customer account), the following data will be collected. Mandatory data is marked with an asterisk (*) in the registration form:
- E-mail address
In order to avoid misuse and to ensure that the owner of an e-mail address has actually given their consent, we use a double opt-in procedure for registration. After sending the registration form, you will receive an e-mail from us containing a confirmation link. In order to definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.
By registering, you consent to the processing of your data in order to receive messages from us about our company, our offers and related products and services. This may also include invitations to participate in competitions or to evaluate our products and services. The collection of the salutation and name allows us to verify any link between the registration and a possibly already existing customer account and to person-alise the content of our messages to you. The link to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better tailored to your potential needs.
We will use your data to email you until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link in all our marketing emails.
Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the email, for how long and which links they have clicked on. Finally, we receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise our promotional emails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our emails to the individual interests of recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our market-ing emails, please set the parameters of your email program so that HTML is not displayed in messages if this is not already the case by default. In the help section of your email software you will find information on how to configure this setting, e.g. here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of your data within the meaning of Art. 6 para. 1 lit. a EU-GDPR.
We use Rapidmail’s email marketing software rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany, for marketing emails. Your data will be stored in a database of Rapidmail, which allows Rapidmail to access your data if this is necessary for the provision of the software and for support in the use of the software. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use of third-party services.
As a registered customer, you benefit from numerous exclusive offers. For direct mail, we use the contact/billing address you provide.
7. Disclosure to and access by third parties
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, for example to the logistics or transport companies that deliver the requested products, or to a manufacturer who is to fulfil your warranty claim. The legal basis for these disclosures is the necessity for the performance of the contract within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
Furthermore, data is passed on to selected service providers, but only to the extent necessary for the provision of their services. Various third party service providers are explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies. Our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the procurement of thirdparty services forms the legal basis for this data trans-fer.
In addition, your data may be disclosed to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in safeguarding our rights and complying with our obligations or the sale of our company.
8. Transfer of personal data abroad
We are entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this Privacy Policy (see in particular Sections 12-13). In doing so, we will of course comply with the statutory provisions on the disclosure of personal data to third parties. If the country in question does not have an adequate level of data protection, we guarantee through contractual regulations that your data is adequately protected by the recipients.
9. Retention periods
We only store personal data for as long as is necessary to carry out the processing explained in this Privacy Policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communications, concluded contracts and accounting vouchers must be stored for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data is deleted as soon as there is no longer any obligation to retain it and we no longer have any legitimate interest in retaining it.
B. Special provisions applicable to use of our website
10. Log file data
When you visit our website, the servers of our cloud provider (Microsoft (Schweiz) GmbH, The Circle 02, 8058 Zürich-Flughafen, Switzerland) temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:
- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which the access was made, if applicable with the search word used,
- the operating system of your computer and the browser you use (incl. type, version and language setting),
- device type in case of access by mobile phones,
- the city or region from where the access was made,
- the name of your internet access provider.
The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability as well as for error and performance analysis and enables us to optimise our website (see also section 13 for the last points).
In the event of an attack on the network infrastructure of the website or a suspicion of other unauthorised or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.
Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU-GDPR lies in the pur-poses described above.
When you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the subsequent sections of this data protection declaration, in particular Section 11.
11. Cookies
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
Among other things, cookies help to make your visit to our website easier, more pleasant and more mean-ingful. We use cookies for various purposes that are necessary, i.e. "technically required", for your desired use of the website. For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time when navigating the various sub-pages. The provision of the shopping basket and order function is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called load balanc-ing, i.e. the distribution of the performance load of the page to different web servers in order to relieve the servers. Cookies are also used for security purposes, for example to prevent the unauthorised posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing a user-friendly and up-to-date website.
Most Internet browsers automatically accept cookies. However, when accessing our website, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for tracking and marketing purposes. You can use the corresponding buttons in the cookie banner to make your desired settings. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy.
For the purpose of demand-oriented design and implementation of the cookie banner, we use the software of the company consentmanager GmbH, Eppendorfer Weg 183, D-20253 Hamburg with servers in data centers in Europe.
You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explana-tions of how you can configure the processing of cookies in selected browsers.
Deactivating cookies may mean that you cannot use all the functions of our website.
12. Tracking- and Webanalytics-Tools
12.1 General information about tracking
For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymized usage profiles are created and cookies are used (please also refer to section 11). The information generated by the cookie about your use of this website is usually transmitted together with the log file data listed in section 10 to a server of the service provider, where it is stored and processed. this may also involve transmission to servers abroad, e.g. the USA (see section 8 for this, in particular the guarantees taken).
By processing the data, we obtain the following information, among others:
- User IP address
- Optional User ID
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed)
- Location of the user: country, region, city, approximate latitude and longitude (Geolocation)
- Main Language of the browser being used (Accept-Language header)
- User Agent of the browser being used (User-Agent header)
- Random unique Visitor ID
- Time of the first visit for this user
- Time of the previous visit for this user
- Number of visits for this user
- Custom Dimensions
- Custom Variables
- Campaigns
- Site Search
- Goals
- Events
- Ecommerce
- Viewing and clicking on Contents
- Mouse movements, clicks, and scrolls
- Form interactions
- Video and audio interactions
On our behalf, the provider will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage for the purposes of market research and demand-oriented design of these internet pages. For these processing operations, we and the providers may, up to a certain extent, be considered jointly responsible parties under data protection law. The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 (1) lit. a EU-DSGVO. You can revoke your consent or refuse processing at any time by rejecting or switching off the relevant cookies in your web browser settings (see section 11) or by making use of the service-specific options described below. For the further processing of the data by the respective provider as the (sole) data controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national statutory provisions, please refer to the respective data protection information of the provider.
12.2 Matomo
We use the open source software tool Matomo (formerly PIWIK; www.matomo.org), a service of the provider InnoCraft Ltd. (7 Waterloo Quay PO625, 6140 Wellington, New Zealand), on our website to analyze and statistically evaluate the use of the website. Matomo uses cookies that are stored on your computer and that enable an anonymized analysis of your use of the website. It is not possible to draw conclusions about a specific person, as your IP address is anonymized immediately after processing and before storage. The data is used to evaluate the use of the website and to enable us to design our website in line with requirements. The software is set so that the IP addresses are not stored in full. In this way, an assignment of the shortened IP address to the calling computer is no longer possible.
You can object to the data collection and processing at any time with effect for the future by clicking the icon at the bottom left. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.
You can prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) by setting your browser to "Do Not Track".
13. Social media
13.1 Social media profile
On our website, we have included links to our profiles in the social networks of the following providers:
- Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
- Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;
- X Corp mit Sitz in 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
- Linkedin Unlimited Company, Wilton Place, Dublin 2, Irland;
- Pinterest Europe Limited 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland
When you click on the icon of a social network on our website, you are automatically redirected to our pro-file in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link.
If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please note the information on the relevant network's website.
The legal basis for any data processing attributed to us in this regard is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU- GDPR in the use and promotion of our social media profiles.
14. Online advertising
14.1 Google Ads
This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for online advertising. Google uses cookies for this purpose, such as the so-called Dou-bleClick cookie, which enable your browser to be recognised when visiting other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (please refer to Section 8). Further information on data protection at Google can be found here.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 11). Further options for blocking advertising can be found here.
15. Registration for a customer account
If you open a customer account on our website, we collect the following data, whereby mandatory data is marked with an asterisk (*) in the corresponding form:
Personal data:
- Salutation
- Name
- First name
- Billing and delivery address
- Company name for corporate clients
Login data:
- E-mail address
- Password
Further information:
- Language
- Telephone number
We use the personal details to establish your identity and to check the requirements for registration. The email address and password are used as login details to ensure that the correct person is using the web-site under your account. We also need your email address to verify and confirm the opening of your acount and for future communication with you as required to process the contract. In addition, this data is stored in the customer account for conclusion of future contracts.
We also use the data to provide an overview of the products ordered and services received (see Sections 15) and as a simple way to manage your personal data, to administer our website and our contractual relationships, i.e. to establish, define the content of, process and amend the contracts concluded with you via your customer account.
We process the information on language and gender in order to display offer suggestions on the website that are best tailored to your profile or your personal needs, for statistical recording and evaluation of the selected offers and thus to optimise our suggestions and offers.
The legal basis for the processing of your data for the preceding purpose is your consent pursuant to Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by removing the information from your customer account or by deleting your customer account or having it deleted by notifying us.
To avoid misuse, you must always keep your login details confidential and should close the browser win-dow when you have finished communicating with us, especially if you share the computer with others.
16. Ordering products
If you wish to order products or to book services on the website, we require various data for the processing of the contract. If you do not log in with your customer account (see Section 14), we collect the following data - depending on the product or service - whereby mandatory data is marked with an asterisk (*) in the corresponding form:
- Salutation
- Name
- First name
- Billing and delivery address
- E-mail address
- Company name for corporate clients
- Telephone number
We use the data to establish your identity before concluding a contract. We also need your e-mail address to confirm your order and for future communication with you that is necessary to process the contract. We store your data together with the marginal data of the order (e.g. time, order number, etc.), the data regarding the ordered/booked services (e.g. designation, price and features of the product; "product data"), the data on payment (e.g. selected payment method, confirmation of payment and time; see also Section 16) as well as the data on the processing and fulfilment of the contract (e.g. return of products, use of service or warranty services, etc.) in our database (see also Section 6.1) so that we can ensure correct order processing and contract fulfilment.
Insofar as this is necessary for the fulfilment of the contract, we will also pass on the required information to any thirdparty service providers (e.g. transport companies).
The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para. 1 lit. b EU-GDPR.
The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offering to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract, or for statistical collection and evaluation to optimise our offerings. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by notifying us.
17. Payment processing online
If you purchase services or products against payment via our website, depending on the product or service and the desired method of payment - in addition to the information mentioned in Section 15 - you may be required to provide data, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, is forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). In doing so, please always also note the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis for this transfer is the fulfilment of a contract according to Art. 6 para. 1 lit. b EU-GDPR.
To ensure payment, the necessary data, in particular your personal details, may also be transmitted to a credit agency for the automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimate of the future risk of non-payment, e.g. based on a percentage. The value is collected using mathematical-statistical methods and including data from the credit agency from other sources. We reserve the right, according to the information received, not to offer you the payment method "invoice". The legal basis for this data processing is our legitimate interest ac-cording to Art. 6 para. 1 lit. f. EU-GDPR in the avoidance of payment defaults.
18. Submitting ratings
In order to help other users with their purchase decision and to support our quality management (in particular the processing of negative feedback), you have the opportunity to rate ordered products on our website. The data that is processed and published on the website is the data that you have made available to us, i.e. in addition to your rating and its time of submission, possibly also any comment that you have added to your rating or the name that you have given. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit a EU-GDPR.
We reserve the right to delete unlawful ratings and to contact you in case of suspicion and ask you to comment. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing the comment and rating function and preventing abuse when using it.
Last modification: 29.10.2023