PRIVACY NOTICE

We, Läderach (Schweiz) AG, Bleiche 14, CH-Ennenda are the controller of the personal data which we collect and process.

Thank you for visiting and using our websites and our social media pages.

We respect your privacy and are committed to full transparency with regard to how we collect, use, and share your personal data.

This privacy notice informs you of how we process the personal data which we collect from you, which you provide to us, or which we may collect from other sources. This includes the various ways in which you interact with us, including in person, by email or telephone, through our website, or through our pages on social networks.

To comply with our legal obligations, we have appointed a Data Protection Officer (DPO), Dipl.-Ing. Lars Ebertz, L-E-C.COM GmbH, Ober den Wiesen 17, 35756 Mittenaar, Germany.

If you have any questions about your personal data, you can contact our DPO at any time by email at [email protected].

As a data controller, we are providing this privacy notice to:

  • list the personal data we collect from you at our headquarters (including House of Läderach), in our stores, and via our online shop
  • explain why we process (e.g. collect, use, store, share) these data
  • specify the legal bases on which we process these data
  • identify with whom they are shared and where they are transferred
  • lay out the security measures we take with your personal data
  • describe your rights with regard to your personal data and how you can exercise them

WHAT DATA DO WE COLLECT?

When you interact with us, for example, on our website, through our social media accounts, by email, when you visit our headquarters, museum, factory, and stores, or at events, we may collect your personal data.

When you get in touch with us, we collect your name, email address, telephone number, physical address, and communications metadata such as your IP address, time signature, and potentially geolocation details as contact information.

When you create an account on our website or log in to an already existing account, we collect identifying information such as username, account ID, as well as authenticating information such as passwords and answers to security questions set by you. If you connect with our website using your social media accounts, we may also collect identifying and authenticating information for those accounts. When you create an account on our website, you may have the option to provide profile information which we will then process. In addition to contact data, profile information may include language preferences, profile pictures, gender, age, relationship status, as well as interests and hobbies.

When you subscribe to any of our communication or marketing channels, we may collect information concerning your preferences or interests with regard to the nature of your subscription as well as the full range of goods that we offer. We may also collect further information concerning your language, age, gender, location, lifestyle, or consumption preferences.

When you place an order or purchase our goods, we collect transactional information such as payment details (e.g. credit card or bank account numbers), shipping address, billing address, location of purchase.

When you book a space or and event with us (i.e. seminar rooms, museum and factory tours, courses, tastings or other special events), we collect booking information, such as contact information, special requests, your preferences or interests, as well as transactional information. Based on the specifics of the event (e.g. organization of birthday parties), we may collect other information, such as the name of the child and their age, or information on other participants to the event.  

When you use our website, we collect various data including your IP address, location, browser type, operating system, source, duration of visit, pages viewed, abandoned carts, etc. as usage information. Please also consult our cookie notice for further information on this.

When you enter our premises or our stores, we may collect identifying information such as your car license plates, photographic images or video recordings of you, or passport, national ID, or driver’s license information.

When you send an unsolicited job enquiry or respond to an employment offer, we may collect professional information such as employment history, schools attended, references, or certifications.

We collect this information directly from you. We may also collect certain personal information about you, such as contact and identifying information, when friends or family purchase goods online or in our stores to be sent to your address or book an event for you.

We also use cookies and other tracking technologies (pixels, web beacons, and APIs) that collect certain types of information when you interact with our website or open our emails, such as IP addresses, location, browsing devices or preferences, operating system, source, length of visit, pages viewed, etc. For further information, please consult our cookie notice. 

We may also collect personal data from third-party data aggregators (e.g. Google), promotional partners, public sources and social networking platforms. This information may include personal data from your profile on a social network, which you authorize that network to share with us in accordance with their rules. Details can be found in the chapter Plugins and Tools.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data in order:

  • to provide you with goods and services that you request (i.e. purchase our goods, book museum and factory tours, courses, tastings or other special events)
  • to carry out commercial transactions with you
  • to provide our customers with relevant marketing and communications
  • to manage your participation in competitions or other events which we may organize;
  • to optimize user experience on our website
  • to guarantee the security of our staff and visitors
  • to respond to job enquiries, unsolicited or otherwise 
  • to keep records of our activities to comply with financial obligations or to aid in dispute resolutions

ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

Our processing of your personal data is lawful as long as there are legal grounds for doing so.

There are four main legal grounds on which we collect and process your data:

Processing necessary for the performance of a contract or prior to entering into a contract

When you start a client relationship with us, say by making an enquiry, getting in contact, etc. we process your contact information on a precontractual or contractual basis. Further, should you decide to open an account on our website, we then collect and process identifying and authenticating information on the same grounds. Should you book a space or an event, we will also process booking information on the same grounds. Furthermore, transactional information will be processed in the course of our business relationship. Finally, if you respond to a job offer or send us an employment application, your professional information will also be processed.

Processing on the basis of your consent

If you choose to subscribe to our communications and marketing materials, such as our newsletter or mailing list, you may have the option to specify your preferences or interests, or create a user profile. In this case, we will explicitly ask for your consent to process your personal data. Please note that you may exercise the option to unsubscribe or otherwise withdraw your consent at any time by contacting us at [email protected]. For consent matters related to cookies, please see here.

Processing necessary for the purposes of our legitimate interests or of a third party

Although as our client you might be in a contractual relationship for a specific good or service, we may want to let you know about different but related offerings that may be of benefit to you. In this case, it is in the legitimate interest of both our business and you that we process your contact information, your preference and interest information, your profile information, your usage data, as well as transactional information such as purchase history. Please note that in this case you have the right to object to the processing by contacting us at  [email protected].

We also process identifying information to guarantee the security of our premises, of our IT systems, as well as our staff and clients.

Processing necessary for compliance with a legal obligation

We as a business have legal obligations under both national and international law. In order to fulfil our obligations, we process your personal data for compliance purposes, record keeping, or fiscal, employment or security reasons.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA AND WHERE ARE THEY TRANSFERRED?

We do not sell your personal data to third parties.

We transfer your personal data to the European Union, Switzerland and the United Kingdom as well as to countries for which an adequacy decision has been made or a comparable level of data protection is ensured by additional measures.

If necessary, we share personal data within the LÄDERACH GROUP (this includes the companies listed in Appendix 1) for the purpose of optimized business processes and the division of tasks. This is done for a specific purpose and in compliance with the applicable laws and requirements.

We do not transfer your personal data other than to the European Union, Switzerland, and the United Kingdom, nor to countries which are not subject to an adequacy decision.

We may share your personal data with some of our providers (e.g. our IT hosting company, our e-shop or billing company, the call center and credit card payment service) and our marketing and communication agencies (e.g. advertising agency, development agency, CRM management services, and newsletter publishing and distribution services), or with authorities.

Most of our providers are located throughout the European Union (more specifically Denmark, Germany, Ireland, Latvia, Luxembourg, Malta, and the Netherlands), the United Kingdom, and Switzerland.

Some of our providers are also located in the United States or have entities in the United States besides their offices and/or entities in the European Union. It is therefore important to note that your personal data may be transferred to this territory. These providers have implemented various safeguards when transferring personal data to the United States.

Our hosting provider is AWS (Amazon Web Services, Inc.). For lawful transfers to the United States, AWS relies on a Data Processing Addendum - which supplements the AWS Customer Agreement -, which includes the European Commission Standard Contractual Clauses (see: here and here). AWS is also part of the Data Privacy Framework Program – see here.

Our advertising and development agency is Scandi Commerce Accelerator Europe SIA (based in Latvia) and with whom we have a Data Processing Agreement in place, which incorporates the European Commission Standard Contractual Clauses.

Our CRM provider is dotdigital EMEA Limited (based in the UK). We have a Data Processing Agreement in place with them, which also incorporated the European Commission Standard Contractual Clauses (see here).

For our payment services, we work with Adyen N.V. whose headquarters are in the Netherlands. We have a Data Processing Agreement in place with Ayden, which includes the European Commission Standard Contractual Clauses for transfers to sub-processors which are located outside of the EEA, including a Swiss Standard Contractual Clauses

Addendum to the Data Processing Agreement for transfers impacting Swiss data subjects. When they transfer data to Adyen group companies, these transfers are protected by an intragroup agreement containing the European Commission Standard Contractual Clauses - see here.

We also use Google Analytics and other tools proposed in its suite, which may lead to data transfers to the United States. For more information on GA and how to disable it, please see here.

Third-party tools used can be found in the chapter Plugins and Tools.

We may also use plugins on our website linking to social media platforms. The third-party platform's use of information collected from you (or as authorized by you) is governed by its own privacy policy and your settings on the service. If you do not wish a third-party social network site to attribute data collected via our website to your account on that social network, you must log out of the relevant social network site before visiting our website.

WHAT SECURITY MEASURES ARE IN PLACE FOR YOUR PERSONAL DATA?

We take appropriate technical and organizational measures to secure your personal data and to prevent the loss, misuse, or alteration of your personal data.

When the personal data that we process is no longer required for the purpose for which it was collected, or to meet legal obligations or other legitimate interests oppose it, they will be deleted or destroyed securely.

Our website includes links to third party websites. We have no control over and cannot be held liable for the privacy policies and practices of these third parties. You are fully responsible for finding out about the privacy policies and practices of these third parties.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

You can exercise your rights at any time by contacting us at  [email protected].

You have the following rights in relation to your personal data:

  • You have the right to be informed about how your personal data are processed and access to your personal data at any time by contacting us at  [email protected]
  • You have the right to rectify your personal data or to have your personal data erased under certain conditions
  • You have the right to restrict the processing of your personal data under certain conditions and, when based on legitimate interest, you have the right to object to the processing
  • When based on consent, you have the right to withdraw your consent at any time
  • You have the right to data portability, that is, to receive the personal data in a structured, commonly used format. and to transmit those data to another controller without hindrance from us.
  • If you are not satisfied with how we process your data, you have the right to make a complaint to a supervisory authority

You can also limit the use of tracking technologies, such as cookies, by configuring your browser to warn you before accepting them, or you can simply configure it to refuse them.

If you feel that we are not respecting your rights or our obligations, you can lodge a complaint directly with your data supervisory authority at any time.

We reserve the right to make any changes and corrections to this Notice. Please refer to this page from time to time to review these and any new additional information.

Plugins and tools

Google

We use the Google tools listed below. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link.

Order processing

We have concluded a contract with Google for order processing and fully implement the strict legal requirements when using Google services.

You can find more information on how Google handles user data in Google 's privacy policy.

Google Tag Manager

The Google Tag Manager is a tool with the help of which we can use tracking or statistics tools and other

technologies on our website. The Google Tag Manager itself does not create

User profiles, does not store cookies and does not carry out any independent analyses. It is only used for the purpose of

Administration and playout of the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on our legitimate interest. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of the consent. The consent can be revoked at any time.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:

Google Analytics

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective device of the website visitor.

Furthermore, with Google Analytics, we can, among other things: Record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent and can be revoked at any time.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available under the following link.

Google Optimize

Google Optimize allows us to optimize our website by performing tests (A/B testing) and personalization of the website. For this purpose, Google Optimize processes the IP address of website visitors. The personal data collected may then be processed by other analysis tools.

The use of Google Optimize is based on our legitimate interest.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of the consent, insofar as the consent covers the storage of cookies or access to information in the user's terminal device (e.g. for device fingerprinting). The consent can be revoked at any time.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. With Hotjar we can, among other things: Record your mouse and scroll movements and clicks. Hotjar can also determine how long you have stayed with the mouse pointer at a certain point. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of the website are preferred by the website visitor.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you have cancelled your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting).

If consent has been obtained, the use is deso. g.Service solely on the basis of this consent. The consent can be revoked at any time.

Disabling Hotjar

If you would like to deactivate data collection by Hotjar, click on the following link and follow the instructions there:

Please note that the deactivation of Hotjar must be done separately for each browser or device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link .

Auftragsverarbeitung

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the applicable data protection laws.

Trackedweb.com / Cloudflare.com

This service/call from the content network Cloudflare uses to identify trusted web traffic. For more information, Details can be found here . The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible.

PCAPREDICT.COM

PCA Predict is a leading global provider of address and telephone validation services, based in Worcester, England. We use this service within our forms to directly verify the quality of the entries. The legal basis for the processing of the data results from the legitimate interest in optimizing the business process and avoiding erroneous processes).

PCA Predict is part of GB Group Plc, Herons Way Chester Business park in Chester (England). Further information on the processing of personal data can also be found at.

Our photo booth (s)

You visited us and used our photo booth – thank you very much for that. We hope that you were able to capture interesting moments and beautiful memories. We would also be happy to inform you - in the interest of the greatest possible transparency - about the data processing of your personal data in connection with one of our photo boxes.

The processing takes place on the basis of your consent. You can revoke this at any time in writing to our Customer Support or the data protection officer. Details on this as well as the overview of your rights as a data subject can also be found in the privacy policy of this website.

Our Fotobox solution is based on the cooperation with trustworthy service providers, whom we have obliged to comply with relevant data protection laws in your interest.

The photo booth is provided by an external service provider. The personal data collected on the photo box is stored on the servers or in the photo box of the service provider. This may include, but is not limited to, image, meta and communication data, as well as other data generated via the photo box.

The service provider is used for the purpose of fulfilling the contract with our potential and existing customers or you and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.

Our service provider will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

We use the following hoster:

Artiraux GmbH

Stosswaldweg 1634

CH-9062 Lustmühle

Order processing

We have concluded a contract for order processing with the above-mentioned provider. This is a contract required by data protection law, which ensures that it processes the personal data of our visitors only in accordance with our instructions and in compliance with the applicable data protection laws.

Our social media presences

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. Detailed:

If you are logged into your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by collecting your IP address.

Based on the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This allows you to see interest-based advertising inside and outside your social media presence. If you have an account with the social network, interest-based advertising may be displayed on any device on which you are logged in or logged in.

Legal basis

Our social media presences are intended to ensure the broadest possible presence on the Internet. This is a legitimate interest. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks.

Responsibility and assertion of rights

If you visit one of our social media pages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can protect your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and the operator of the respective social media portal (e.g. Facebook).

Please note that despite the joint responsibility with the operators of the social media portals, we do not have full influence on the data processing operations of the social media portals. Our options depend on the corporate policy of the respective provider.

Data Storage

The data collected directly from us via the social media presence will be deleted from our systems as soon as you request us to delete it, you revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to lodge a complaint with the competent supervisory authority. In addition, you can request the correction, blocking, deletion and, under certain conditions, the restriction of the processing of your personal data.

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the data collected will also be transferred to the United States and other third countries.

We have signed an agreement with Meta on joint responsibility for the processing of data (Controller Addendum). This agreement sets out which data processing operations we or Meta are responsible for when you visit our Facebook fan page. This agreement can be viewed at the following link .

You can adjust your advertising settings independently in your user account. Click on the link below  and log in.

The transfer of data to the USA takes place on the basis of the standard contractual clauses (SCC) of the European Commission. Details can be found here.

Details can be found in Facebook's privacy policy.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company that is certified according to the DPF is obliged to comply with these data protection standards. For more information, please contact the provider at the following link .

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The transfer of data to the USA takes place on the basis of the standard contractual clauses (SCC) of the European Commission. Details can be found here.

Details on the handling of your personal data can be found in Instagram's privacy policy .

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company that is certified according to the DPF is obliged to comply with these data protection standards. For more information, please contact the provider at the following link .

LinkedIn

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link.

The transfer of data to the USA takes place on the basis of the standard contractual clauses (SCC) of the European Commission. Details can be found  here  and here.

Details on the handling of your personal data can be found in LinkedIn's privacy policy .

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on the handling of your personal data can be found in YouTube's privacy policy.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company that is certified according to the DPF is obliged to comply with these data protection standards. For more information, please contact the provider at the following link .

Processing of your company data and personal data in the event of credit checks

In the case of a purchase on account or any other payment method for which we make advance payments, we can carry out a credit check procedure (scoring). For this purpose, we transmit your entered data (e.g. name, address, bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In the event of an excessive risk of non-payment, we may refuse the payment method in question. The credit check is carried out on the basis of the fulfillment of the contract and the avoidance of payment defaults (legitimate interest) If consent has been obtained, the credit check is carried out on the basis of this consent, the consent can be revoked at any time.

As a scoring service provider, we use:

   Intrum AGEschenstrasse 12CH-8603 Schwerzenbach

Information on data protection at Intrum AG can be found here .

Our video and counting systems

They visited us and saw a video camera or something similar. This could have been in the House of Läderach, in the immediate vicinity of the main locations or in one of our stores.

We would like to inform you about data processing and provide you with all relevant information.

In the store

In some of our stores we use so-called counting systems. These are sensors that apparently resemble a video camera, but do not record video streams, but only count anonymous people as guests. Neither the employees on site nor we have access to image or video material, as this is neither stored nor displayed. The technology only provides us with statistical values about the number of visitors and the time course.

We point out these counting systems in the entrance area of the affected store by means of legally compliant and clear signage. If you have any detailed questions, please contact our data protection officer directly.

Surroundings of our main locations

In the immediate vicinity of our production sites, entrance and parking areas or the so-called outer shell are monitored. This is done in particular to meet our high requirements for food safety and the associated legal requirements of various target markets.

We will clearly indicate any video surveillance at the time of entry into the monitored area – by means of signage.

You can find out from the signage the respective legal basis as well as any retention period of the data.

If you have any detailed questions, please contact our data protection officer directly at [email protected] .

Läderach (Schweiz) AG, September 2023

Appendix 1:

  • Läderach Schweiz AG: Bleiche 14, 8755 Ennenda, Switzerland
  • Läderach Österreich GmbH: Mariahilfer Strasse 86, 1060 Vienna, Austria
  • Läderach France SAS: Rue Dupin 17, 75006 Paris, France