PRIVACY NOTICE

We, Läderach (Schweiz) AG, Bleiche 14, CH-Ennenda are the controller of the personal data which we collect and process.

Thank you for visiting and using our websites, our social media pages, and our mobile application.

We respect your privacy and are committed to full transparency with regard to how we collect, use, and share your personal data.

This privacy notice informs you of how we process the personal data which we collect from you, which you provide to us, or which we may collect from other sources. This includes the various ways in which you interact with us, including in person, by email or telephone, through our website, or through our pages on social networks.

To comply with our legal obligations, we have appointed a Data Protection Officer (DPO), Dipl.-Ing. Lars Ebertz, EBERTZ DATENSCHUTZ GmbH, Ober den Wiesen 17, 35756 Mittenaar, Germany.

If you have any questions about your personal data, you can contact our DPO at any time by email at [email protected] or by phone at +49 2778 6969 10.

As a data controller, we are providing this privacy notice to:

  • List the personal data we collect from you at our headquarters (including our museum and factory), in our stores, and via our online shop
  • Explain why we process (e.g. collect, use, store, share) these data
  • Specify the legal bases on which we process these data
  • Identify with whom they are shared and where they are transferred
  • Lay out the security measures we take with your personal data
  • Describe your rights with regard to your personal data and how you can exercise them

WHAT DATA DO WE COLLECT?

When you interact with us, for example, on our website, through our social media accounts, by email, when you visit our headquarters, museum, factory, and stores, or at events, we may collect your personal data.

When you get in touch with us, we collect your name, email address, telephone number, physical address, and communications metadata such as your IP address, time signature, and potentially geolocation details as contact information.

When you create an account on our website or log in to an already existing account, we collect identifying information such as username, account ID, as well as authenticating information such as passwords and answers to security questions set by you. If you connect with our website using your social media accounts, we may also collect identifying and authenticating information for those accounts. When you create an account on our website, you may have the option to provide profile information which we will then process. In addition to contact data, profile information may include language preferences, profile pictures, gender, age, relationship status, as well as interests and hobbies.

When you subscribe to any of our communication or marketing channels, we may collect information concerning your preferences or interests with regard to the nature of your subscription as well as the full range of goods that we offer. We may also collect further information concerning your language, age, gender, location, lifestyle, or consumption preferences.

When you add products to the shopping cart, place an order or purchase our goods, we collect transactional information such as the selection of products, payment details (e.g. credit card or bank account numbers), shipping address, billing address, location of purchase and other contact details, such as your email address.

When you book a space or and event with us (i.e. seminar rooms, museum and factory tours, courses, tastings or other special events), we collect booking information, such as contact information, special requests, your preferences or interests, as well as transactional information. Based on the specifics of the event (e.g. organization of birthday parties), we may collect other information, such as the name of the child and their age, or information on other participants to the event.

When you use our website, we collect various data including your IP address, location, browser type, operating system, source, duration of visit, pages viewed, abandoned carts, etc. as usage information. Please also consult our cookie notice for further information on this.

When you enter our premises or our stores, we may collect identifying information such as your car license plates, photographic images or video recordings of you, or passport, national ID, or driver’s license information.

When you send an unsolicited job enquiry or respond to an employment offer, we may collect professional information such as employment history, schools attended, references, or certifications.

We collect this information directly from you. We may also collect certain personal information about you, such as contact and identifying information, when friends or family purchase goods online or in our stores to be sent to your address or book an event for you.

We also use cookies and other tracking technologies (pixels, web beacons, and APIs) that collect certain types of information when you interact with our website or open our emails, such as IP addresses, location, browsing devices or preferences, operating system, source, length of visit, pages viewed, etc. For further information, please consult our cookie notice.

We may also collect personal data from third-party data aggregators (e.g. Google), promotional partners, public sources and social networking platforms. This information may include personal data from your profile on a social network, which you authorize that network to share with us in accordance with their rules.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data in order:

  • To provide you with goods and services that you request (i.e. purchase our goods, book museum and factory tours, courses, tastings, or other special events)
  • To carry out commercial transactions with you
  • For the initiation of a potential commercial transaction, including for example communication around abandoned shopping carts
  • To provide our customers with relevant marketing and communications
  • To manage your participation in competitions or other events which we may organize
  • To optimize user experience on our website
  • To guarantee the security of our staff and visitors
  • To respond to job enquiries, unsolicited or otherwise
  • To keep records of our activities to comply with financial obligations or to aid in dispute resolutions

ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

Our processing of your personal data is lawful as long as there are legal grounds for doing so.

There are four main legal grounds on which we collect and process your data:

Processing necessary for the performance of a contract or prior to entering into a contract

When you start a client relationship with us, say by making an enquiry, getting in contact, etc. we process your contact information on a precontractual or contractual basis. Further, should you decide to open an account on our website, we then collect and process identifying and authenticating information on the same grounds. Should you book a space or an event, we will also process booking information on the same grounds. Furthermore, transactional information will be processed in the course of our business relationship. Finally, if you respond to a job offer or send us an employment application, your professional information will also be processed.

Processing on the basis of your consent

If you choose to subscribe to our communications and marketing materials, such as our newsletter or mailing list, you may have the option to specify your preferences or interests, or create a user profile. In this case, we will explicitly ask for your consent to process your personal data. Please note that you may exercise the option to unsubscribe or otherwise withdraw your consent at any time by contacting us at [email protected] or by phone at +49 2778 6969 10. For consent matters related to cookies, please see here.

Processing necessary for the purposes of our legitimate interests or of a third party

Although as our client you might be in a contractual relationship for a specific good or service, we may want to let you know about different but related offerings that may be of benefit to you. In this case, it is in the legitimate interest of both our business and you that we process your contact information, your preference and interest information, your profile information, your usage data, as well as transactional information such as purchase history. Please note that in this case you have the right to object to the processing by contacting us at [email protected].

We also process identifying information to guarantee the security of our premises, of our IT systems, as well as our staff and clients.

Processing necessary for compliance with a legal obligation

We as a business have legal obligations under both national and international law. In order to fulfil our obligations, we process your personal data for compliance purposes, record keeping, or fiscal, employment or security reasons.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA AND WHERE ARE THEY TRANSFERRED?

We do not sell your personal data to third parties.

We do not transfer your personal data other than to the European Union, Switzerland, and the United Kingdom, nor to countries which are not subject to an adequacy decision.

We may share your personal data with some of our providers (e.g. our IT hosting company, our e-shop or billing company, the call center and credit card payment service) and our marketing and communication agencies (e.g. advertising agency, development agency, CRM management services, and newsletter publishing and distribution services), or with authorities.

Most of our providers are located throughout the European Union (more specifically Denmark, Germany, Ireland, Latvia, Luxembourg, Malta, and the Netherlands), the United Kingdom, and Switzerland.

Some of our providers are also located in the United States or have entities in the United States besides their offices and/or entities in the European Union. It is therefore important to note that your personal data may be transferred to this territory. These providers have implemented various safeguards when transferring personal data to the United States.

Our hosting provider is AWS (Amazon Web Services, Inc.). For lawful transfers to the United States, AWS relies on a Data Processing Addendum - which supplements the AWS Customer Agreement -, which includes the European Commission Standard Contractual Clauses (see: here and here).

Our CRM tool provider is Klaviyo, Inc., which also relies on a Data Protection Addendum which incorporates the European Commission Standard Contractual Clauses (see here).

AWS and Klaviyo are both also part of the Data Privacy Framework Program – see here.

Our advertising and development agency is Scandi Commerce Accelerator Europe SIA (based in Latvia) and with whom we have a Data Processing Agreement in place, which incorporates the European Commission Standard Contractual Clauses.

For our payment services, we work with Adyen N.V. whose headquarters are in the Netherlands. We have a Data Processing Agreement in place with Ayden, which includes the European Commission Standard Contractual Clauses for transfers to sub-processors which are located outside of the EEA, including a Swiss Standard Contractual Clauses Addendum to the Data Processing Agreement for transfers impacting Swiss data subjects. When they transfer data to Adyen group companies, these transfers are protected by an intragroup agreement containing the European Commission Standard Contractual Clauses - see here.

We also use Google Analytics and other tools proposed in its suite, which may lead to data transfers to the United States. For more information on GA and how to disable it, please see.

WHAT SECURITY MEASURES ARE IN PLACE FOR YOUR PERSONAL DATA?

We take appropriate technical and organizational measures to secure your personal data and to prevent the loss, misuse, or alteration of your personal data.

When the personal data that we process is no longer required for the purpose for which it was collected, or to meet legal obligations, they will be deleted or destroyed securely.

Our website includes links to third party websites. We have no control over and cannot be held liable for the privacy policies and practices of these third parties. You are fully responsible for finding out about the privacy policies and practices of these third parties.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM? You can exercise your rights at any time by contacting us at [email protected].

You have the following rights in relation to your personal data:

  • You have the right to be informed about how your personal data are processed and access to your personal data at any time by contacting us at [email protected]
  • You have the right to rectify your personal data or to have your personal data erased under certain conditions
  • You have the right to restrict the processing of your personal data under certain conditions and, when based on legitimate interest, you have the right to object to the processing
  • When based on consent, you have the right to withdraw your consent at any time
  • You have the right to data portability, that is, to receive the personal data in a structured, commonly used format. and to transmit those data to another controller without hindrance from us.
  • If you are not satisfied with how we process your data, you have the right to make a complaint to a supervisory authority

You can also limit the use of tracking technologies, such as cookies, by configuring your browser to warn you before accepting them, or you can simply configure it to refuse them.

If you feel that we are not respecting your rights or our obligations, you can lodge a complaint directly with your data supervisory authority at any time.

We reserve the right to make any changes and corrections to this Notice. Please refer to this page from time to time to review these and any new additional information.

Läderach (Schweiz) AG, updated September 2024