Go to homepage
Global Farmers Market
What do you want to search for?

Data protection and use of data gebana AG

 

A. Cross-sales channel notes

1. Responsible and content of this privacy policy 

We, gebana AG (Ausstellungsstrasse 21, 8005 Zurich, Switzerland) are the operator of the gebana business premises ("Business Premises") as well as of the websites gebana.com and angry-gorilla.com (hereinafter referred to as "Website") and are, unless otherwise indicated, responsible for the data processing specified in this Privacy Policy.

We appreciate your interest in our web pages. The protection of your privacy is very important to us. That is why we take the issue of data protection seriously and pay attention to appropriate security.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Swiss Federal Data Protection Act (DSG), as well as the EU Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases.

Please note that the following information is reviewed and changed from time to time. We therefore recommend that you regularly review this privacy policy. Furthermore, for individual data processing listed below, other companies are responsible under data protection law or jointly responsible with us, so that in these cases the information of these providers is also authoritative.

This privacy policy has been machine translated. The German original is authoritative.


2. Contact person for data protection

If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an e-mail to the following address: [email protected]

You can reach our EU data protection representative at:
Gebana B.V., (Ganzenmarkt 6 unit 14, 3512 GD Utrecht, Holland), [email protected]


3. Your rights

Provided that the legal requirements are met, you have the following rights as a person affected by data processing:

Right of access: You have the right to request at any time, free of charge, access to your personal data stored by us when we process it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations. 

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort. 

Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.

Right to restrict processing: You have the right to request that the processing of your personal data be restricted. 

Right to data transfer: You have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format. 

Right to object: You can object to data processing at any time, in particular for data processing in connection with direct advertising (e.g. advertising e-mails).

Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

To exercise these rights, please send us an e-mail to the following address:
[email protected]

Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed. 


4. Data security 

We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, namely unauthorized access by third parties. Our employees and the service companies commissioned by us are obligated by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their duties.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks, and even we cannot provide an absolute guarantee for the security of information transmitted in this way.


5. Contact us 

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, e.g. your name, e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory data are marked with an asterisk (*) in contact forms. 

We process this data exclusively in order to implement your request (e.g. providing information about a product, support in the processing of contracts such as the return of products, inclusion of your feedback in the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 para. 1 lit. b EU-DSGVO.


6. Use of your data for marketing purposes 

6.1 Central data storage and analysis in the CRM system

Insofar as a clear assignment to your person is possible, we will store and link the data described in this data protection declaration, i.e. in particular your personal details, your contact details and your contract data in a central database. This serves the efficient administration of customer data and allows us to adequately respond to your requests, and enables the efficient provision of the services you have requested and processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO in the efficient management of user data.

We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO in the implementation of marketing measures.


6.2 Email marketing and newsletter

If you register for our e-mail newsletter (e.g. when opening or within your customer account), the following data is collected. Mandatory data are marked with an asterisk (*) in the registration form:

  • E-mail address
  • First and last name

In order to avoid misuse and to ensure that the owner of an e-mail address has actually given their consent themselves, we rely on the so-called double opt-in for registration. After sending the registration, you will receive an e-mail from us containing a confirmation link. To definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within one week, your data will be deleted again and our newsletter will not be sent to this address.

By registering, you consent to the processing of this data in order to receive news from us about our company, our food offerings and related products and services. This may also include invitations to participate in competitions or to evaluate one of the aforementioned products and services. The collection of the name allows us to verify the association of the registration with any existing customer account and to personalize the content of the mails. The link to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better tailored to your potential needs. 

We will use your data for emailing until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link in all our marketing emails.

Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. It also shows which addresses have opened the email, how many times, and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed, the email program used, the terminal device used (desktop, mobile) and the IP address-based location. We use this data for statistical purposes and to optimize the promotional emails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our emails to the individual interests of the recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages if this is not already the case by default. See the help sections of your email software for information on how to configure this setting, e.g. here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and customizing the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of Art. 6 para. 1 lit. a EU-DSGVO.

We use the email marketing software CleverReach from CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede, Germany) for marketing emails. Therefore, your data is stored in a database of CleverReach GmbH & Co. KG, which allows CleverReach GmbH & Co. KG to access your data if necessary for the provision of the software and for support in the use of the software.

For sending transactional emails (e.g. order confirmations), we use the Mailgun software from Sinch AB (Lindhagensgatan 74, 112 18 Stockholm, Sweden). As a result, your information is stored in a database maintained by Sinch AB, which allows Sinch AB to access your information when and as long as necessary to provide you with the software and to assist you in using the software. Information about privacy at Mailgun/Sinch AB can be found here.

The legal basis for this processing is our legitimate interest within the meaning of Article 6 (1) lit. f EU-DSGVO in the use of third-party services.


7. Disclosure to and access by third parties 

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, a transfer of your personal data is also necessary to a certain extent. Such a passing on takes place namely, as far as this is necessary for the fulfillment of the contract desired by you, i.e. for example to the logistics or transport enterprises, which deliver the desired products. The legal basis for these disclosures is the necessity for the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b EU-DSGVO. 

Furthermore, data is shared with selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies, consulting companies. Our legitimate interest within the meaning of Art. 6 (1) f EU-DSGVO in obtaining third-party services forms the legal basis for this data transfer.

In addition, your data may be disclosed, in particular to authorities, legal advisors or collection agencies, if we are required to do so by law or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to conduct due diligence or to complete the transaction. Our legitimate interest within the meaning of Art. 6 (1) f EU-DSGVO in safeguarding our rights and complying with our obligations or the sale of our company forms the legal basis for this data transfer.


8. Transfer of personal data abroad 

We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this data protection declaration (see esp. sections 12-14). In doing so, the legal requirements for the disclosure of personal data to third parties will, of course, be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected at these companies. 


9. Retention periods

We store personal data only for as long as is necessary to carry out the processing explained in this privacy policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data arise from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfill the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain it and no longer any legitimate interest in retaining it. 


B. Special notes for our website

 

10. Logfile data 

When you visit our website, the servers of our hosting providers Feinheit AG (Fabrikstrasse 54, 8005 Zurich, Switzerland), Microsoft Azure (Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA) Google Cloud Platform (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) temporarily store each access in a log file. The following data is collected without your intervention and stored until automated deletion by us:

  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the retrieved file, 
  • the website from which the access was made, if applicable with the search word used,
  • the operating system of your computer and the browser you use (incl. type, version and language setting),
  • Device type in case of access by cell phones,
  • the city or region from where the access was made,
  • the name of your Internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability on a permanent basis, as well as for error and performance analysis and enables us to optimize our website (cf. on the last points also section 12). 

In the event of an attack on the network infrastructure of the website or suspicion of other unauthorized or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defense and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users concerned.

Our legitimate interest in data processing within the meaning of Art. 6 (1) lit. f EU-DSGVO lies in the purposes described above.

Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the other subsequent sections of this data protection declaration, in particular section 11.


11. Cookies

Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read. 

Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary, i.e. "technically necessary", for your desired use of the website. For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time when navigating the various sub-pages. The provision of the shopping cart and ordering function is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called load balancing, i.e. the distribution of the site's performance load to various web servers in order to relieve the servers. Cookies are also used for security purposes, for example to prevent the unauthorized posting of content. Finally, we also use cookies as part of the design and programming of our website, for example to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO in providing a user-friendly and up-to-date website.

Most internet browsers accept cookies automatically. However, when accessing our website, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. You can use the corresponding buttons in the cookie banner to make your desired settings. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy. 

You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.

Disabling cookies may prevent you from using all the features of our website.


12. Tracking and web analytics tools 

12.1 General information on tracking

For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymized usage profiles are created and cookies are used (please also refer to section 11). The information generated by the cookie about your use of this website is generally stored together with the data collected under section 10 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (cf. on this, in particular on the guarantees taken, section 8). 

  • By processing the data, we obtain the following information, among others:
  • Navigation path followed by a visitor on the site (including content viewed and products selected or purchased),
  • Dwell time on the website or subpage,
  • the subpage on which the website is left,
  • the country, region or city from where access is made,
  • End device (type, version, color depth, resolution, width and height of the browser window) and
  • Returning or new visitor

On our behalf, the provider will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage for the purposes of market research and demand-oriented design of these internet pages. For these processing operations, we and the providers may be considered joint data controllers up to a certain extent. 

The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 (1) lit. a EU-DSGVO. You can revoke your consent or refuse the processing at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see Section 11) or by making use of the service-specific options described below.

For the further processing of the data by the respective provider as the (sole) responsible party under data protection law, in particular also any forwarding of this information to third parties such as authorities on the basis of national statutory provisions, please refer to the respective data protection information of the provider.


12.2 Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). 

In doing so, the described data about the use of the website can be used for the explained processing purposes (see section 12.1) may be transmitted to the servers of Google LLC. in the USA. The IP address is shortened by activating the IP anonymization ("anonymizeIP") on this website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. 

Users can prevent the collection of the data generated by the cookie and related to the website usage by the respective user (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin under the following link: 
https://tools.google.com/dlpage/gaoptout. Further information on data protection at Google can be found here.


12.3 Plausible Analytics

We use the web analytics service Plausible Analytics from Plausible Insights OÜ (Västriku tn 2, 50403, Tartu, Estonia) ("Plausible"). Plausible does not use cookies and only uses anonymized visitor data that is stored on servers in Germany. For more information about Plausible's privacy policy, please click here.


12.4 Hotjar

We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.) and this helps us tailor our offerings to our users' feedback. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. For more information, see the "About Hotjar" section on Hotjar's Help page.


13. Social Media 

13.1 Social media profiles

On our website we have included links to our profiles in the social networks of the following providers:

  • Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
  • Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, Privacy Notice;
  • Pinterest Inc, 651 Brannan Street, San Francisco, CA 94103, Privacy Notice;
  • Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Policy;
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.

If you click on the icons of the social networks, you will automatically be redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link. 

If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore note the information on the website of the network.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) lit. f EU-DSGVO in the use and promotion of our social media profiles. 


13.2 Social media plugins

On our website, you can use social plugins from the providers listed below:

  • Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
  • Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, Privacy Notice;
  • Pinterest Inc, 651 Brannan Street, San Francisco, CA 94103, Privacy Notice;
  • Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Policy;
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.

We use the social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content on social networks and in this respect contribute to better marketing. 

The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply call up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the networks' servers. Only when you activate the plugins and thus give your consent to data transmission and further processing by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network. 

The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered jointly responsible with the providers up to a certain extent. 

If you are logged into the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product of ours) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and tailoring the respective offer to your needs. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and setting options for protecting your privacy, can be found directly in the data protection information of the respective provider.

If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. For the data processing described above, your consent within the meaning of Art. 6 (1) lit. a EU-DSGVO forms the legal basis. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in its privacy policy.


14. Online advertising and targeting

14.1 In general

We use services of various companies to provide you with interesting offers online. In the process, your user behavior on our website and websites of other providers is analyzed in order to subsequently display online advertising tailored to your individual needs. 

Most of the technologies used to track your user behavior ("tracking") and to display targeted advertising ("targeting") work with cookies (see also Section 11), with which your browser can be recognized via various websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with multiple devices. 

In addition to the data already mentioned, which is collected when websites are called up ("log file data", see section 10) and the use of cookies (section 11) and which may be passed on to the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you: 
    Information about you that you provided when registering or using a service from advertising partners (e.g. your gender, age group);
    User behavior (e.g., search queries, interactions with advertisements, types of websites visited, products viewed and purchased, newsletters subscribed to).
We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting advertisements. For example, after you have visited our site, you may be presented with ads for the products you consulted when you visit other sites ("re-targeting"). Depending on the scope of the data, a user's profile may also be created, which is evaluated automatically, and ads are selected according to the information stored in the profile, such as membership in certain demographic segments or potential interests or behaviors. Such ads may be presented to you on various channels, which, in addition to our website or app (as part of onsite and in-app marketing), also include ads served through the online advertising networks we use, such as Google. 

The data may then be analyzed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g., visiting certain sections of our websites or sending information) is due to a certain advertising ad. We also receive aggregated reports from service providers of ad activity and information about how users interact with our website and ads.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-DSGVO. You can revoke your consent at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 11). You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.


14.2 Google Ads 

This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for online advertising. Google uses cookies for this purpose, such as the so-called DoubleClick cookie, which allow your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (please refer to section 8). Further information on data protection at Google can be found here.


14.3 Meta

This website uses the services of Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA ("Meta") for online advertising. Meta uses cookies for this purpose, which allow your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Meta on servers in the United States (please also refer to section 8). Further information on data protection at Meta can be found here.


14.4 Linkster

In order to measure and visualize insights into partnerships and advertising channels, we use the tracking technology of Linkster GmbH (Colonnaden 5, 20354 Hamburg) on this site. This is a function to measure the efficiency of the corresponding advertising measures. Furthermore, the information enables us to assign advertising successes for billing purposes with corresponding advertising partners.

The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to a Linkster server in Germany and stored there. You can find more information about Linkster here. The cookies stored by Linkster GmbH are deleted after 30 days at the latest.

The information transmitted to us and the cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO.


15. Registration for a customer account

If you open a customer account on our website, we collect the following data, where mandatory data are marked with an asterisk (*) in the corresponding form:

  • Personnel:
    • Name
    • First name
    • Billing and delivery address
    • Company, company address for corporate clients
    • Phone number
  • Login data:
    • E-mail address
    • Password

We use the personal data to establish your identity and to verify the requirements for registration. The e-mail address and password together serve as login data and thus to ensure that the correct person under your information uses the website. We also need your e-mail address for verification and confirmation of the account opening and for future communication with you necessary for the execution of the contract. In addition, this data is stored in the customer account for future contract conclusions. For this purpose, we also enable you to store further details in the account (e.g. your preferred means of payment).

We also use the data to provide an overview of the products ordered and services received (cf. esp. section 16 and 20) and an easy way to manage your personal data, for the administration of our website and the contractual relationships, i.e. for the establishment, content design, processing and amendment of the contracts concluded with you via your customer account.

The legal basis for the processing of your data for the preceding purpose lies in your consent pursuant to Art. 6 para. 1 lit. a EU-DSGVO. You can revoke your consent at any time by removing the information from the customer account again or deleting your customer account or, by notifying us, have it deleted.

To avoid misuse, you must always keep your login information confidential and should close the browser window when you have finished communicating with us, especially if you share the computer with others. 


16. Order from products

If you wish to order products or book services on the website, we require various data for the processing of the contract. If you do not log in with your customer account (see section 15), we collect - depending on the product or service - the following data, with mandatory data marked with an asterisk (*) in the corresponding form:

  • Name
  • First name
  • Billing and delivery address
  • Company, company address for corporate clients
  • Phone number
  • E-mail address

We use the data to establish your identity before concluding a contract. We also need your e-mail address to confirm your order and for future communication with you that is necessary to process the contract. We store your data together with the marginal data of the order (e.g. time, order number, etc.), the data on the ordered/booked services (e.g. designation, price and features of the product; "product data"), the data on payment (e.g. selected payment method, confirmation of payment and time; see also section 17) as well as the data on the processing and fulfillment of the contract (e.g. return of products, use of service or warranty services, etc.) in our CRM database (see also section 6.1) so that we can ensure correct order processing and fulfillment of the contract.

Insofar as this is necessary for the fulfillment of the contract, we will also pass on the required information to any third-party service providers (e.g. transport companies).

The legal basis for this data processing is the fulfillment of the contract with you according to Art. 6 para.1 lit. b EU-DSGVO.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract, or for statistical collection and evaluation in order to optimize our offers. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-DSGVO. You can revoke your consent at any time by notifying us. 


17. Payment processing Online

If you purchase services or products for a fee on our website, depending on the product or service and the desired method of payment - in addition to the conditions set out in sec. 16 the provision of further data is required, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). In this regard, please always also note the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis for this transfer is the fulfillment of a contract according to Art. 6 para.1 lit. b EU-DSGVO.


18. Use of the site angry-gorilla.com

When you send a postcard on the angry-gorilla.com site using the Swiss Post's PostCard Creator web application, we collect the following data:

  • First and last name
  • Postal address
  • E-mail address

This data is collected and processed for the purpose of sending a postcard to political decision-makers as part of the Angry Gorilla campaign. Furthermore, we use the data to periodically send you information about the campaign or information about our company via email or letter post. The subscription to our newsletter, which is published once or twice a week, is only done at your express request. You can object to the use of the data for these purposes at any time via a link in the respective newsletter, via e-mail ([email protected]) or by letter or have your contact data deleted.

The image you upload and your recipient address data will be forwarded to Swiss Post for the creation and mailing of the postcard. By uploading images and graphics to the angry-gorilla.com website, you grant us a non-exclusive, worldwide, perpetual and free right to use this content. You grant us the right to store and publish this content (texts, images) and to pass it on to third parties for publication, if this passing on serves gebana AG. In doing so, we are entitled to use or pass on the uploaded images and graphics in their entirety or in modified form, alone or in combination with our own content.


19. WhatsApp Business usage

Insofar as you have consented, we process your communicated or available personal data (e.g. name, telephone number, e-mail address, messenger ID, profile picture, messages) for communication regarding the preparation and execution of any orders as well as for sending promotional information (e.g. offers, newsletters) using the instant messaging service "WhatsApp" of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). An existing messaging account is required to use this service. We would like to point out that WhatsApp Ireland Limited may also pass on personal data (in particular metadata of the communication) to WhatsApp Inc. which is also processed on servers in states outside the EU (e.g. USA) where there is no adequate level of data protection. WhatsApp may share this data with other companies within and outside the Meta group of companies. For more information, please see the privacy policy of WhatsApp Business (https://www.whatsapp.com/legal/business-policy/) and WhatsApp (https://www.whatsapp.com/legal/#privacy-policy). We have neither precise knowledge nor influence on the data processing by WhatsApp Ireland Limited or WhatsApp Inc. which is responsible in this respect under data protection law. In addition to the recipients already specifically named above, we use the help of further service providers (order processors) to fulfill our obligations. We would like to point out that once you have given your consent, you can revoke it at any time without giving reasons for the future by informing us of your revocation via Whatsapp with a message with the note WIDERRUF or by e-mail to [email protected] of the corresponding processing of your personal data. The above-mentioned data will be deleted by us in accordance with the legal requirements as soon as their consent to processing is revoked or if the purpose of processing this data has ceased to apply or they are not required for the purpose. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.


C. Special instructions for our business premises

 

20. Video surveillance

In order to prevent misuse and to take action against illegal behavior (in particular theft and damage to property), the entrance area and the publicly accessible areas of our business premises are monitored by cameras. The image data is only viewed if there is a suspicion of illegal behavior. Otherwise, the images are automatically deleted after 14 days. 

For the provision of the video surveillance system, we rely on a service provider who may have access to the data insofar as this is necessary for the provision of the system. Should the suspicion of illegal conduct be substantiated, the data may then be passed on to consulting companies (in particular our law firm) and authorities to the extent necessary to enforce claims or file charges. 

The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. EU-DSGVO in the protection of our property and the protection and enforcement of our rights.


21. Use of our WiFi network

In our business premises you have the possibility to use the WiFi network operated by gebana AG free of charge. To prevent misuse and to take action against illegal behavior, prior registration is required. In doing so, you transmit the following data to gebana AG:

  • MAC address of the end device (automatic)

In addition to the above data, data on the visited business location with time, date and terminal device is recorded for each use of the WiFi network. The legal basis for this processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-DSGVO. The customer can revoke his registration at any time by notifying us.

Gebana must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF) and the associated ordinance. If the legal requirements are met, the operator of the WiFi must monitor the use of the Internet or data traffic on behalf of the authority responsible for this. The operator of the WiFi may also be required to disclose the customer's contact, usage and boundary data to the authorized authorities. The contact, usage and boundary data is stored for 6 months in relation to the person and then deleted. 

The legal basis for these processing operations is our legitimate interest within the meaning of Art. 6 (1) lit. f EU-DSGVO in providing a Wifi network in compliance with the applicable legal requirements.


22. Opening a customer account

When you open a customer account in our store, we collect the following data, where the mandatory data are marked with an asterisk (*) in the corresponding form:

  • Personal data:
    • Name
    • First name
    • Billing and delivery address
    • Company, company address for corporate clients
    • Phone number
  • Login data:
    • E-mail address
    • Password

We use the data to establish your identity and to verify the requirements for opening the account. We collect your e-mail address and telephone number for future communication with you that is necessary to process the contract. In addition, we store this data as well as the data for the purchase of products and the purchase of services (see section 16) under a customer number in the customer account in order to be able to provide you with an overview of your data at your request and to enable future linking with data from other channels. In this respect, your account and the stored data will also be linked to your online account (see section 15), provided that the personal details are identical.

The legal basis for the processing of your data for the preceding purpose is your consent pursuant to Art. 6 (1) lit. a EU-DSGVO. You can revoke your consent at any time by asking us to delete the data.


23. Purchase or order products in the store

In our store, you can usually purchase products without giving your name, but in this case you must follow the section on payment processing (see section 22). Upon request, you will receive a paper receipt, which you should keep and present for the use of customer services after the purchase (see section 23). However, you can also purchase products by indicating your customer account. In this case, please also refer to the section on opening the customer account (see Section 20). 

When purchasing and or ordering certain products, we require your name and various other data for the processing of the contract. Depending on the product or service, we collect the following data, where mandatory data in forms are marked with an asterisk (*):

  • Name
  • First name
  • Billing and delivery address
  • Company, company address for corporate clients
  • Phone number
  • E-mail address

We use the data to establish your identity before concluding a contract. We also need your e-mail address for future communication with you that is necessary for the execution of the contract. We store your data together with the marginal data of the order (e.g. time, order number, etc.), the data on the ordered/booked services (e.g. designation, price and features of the product; "product data"), the data on payment (e.g. selected payment method, confirmation of payment and time; see also section 17) as well as the data on the processing and fulfillment of the contract (e.g. return of products, use of service or warranty services, etc.) in our web store and our CRM database (see section 6.1) so that we can ensure correct order processing and contract fulfillment.

Insofar as this is necessary for the fulfillment of the contract, we will also pass on the required information to any third-party service providers (e.g. transport companies).

The legal basis for this data processing is the fulfillment of the contract with you according to Art. 6 para.1 lit. b EU-DSGVO.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs as best as possible, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract, or for statistical collection and evaluation to optimize our offers. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-DSGVO. You can revoke your consent at any time by notifying us. 


24. Payment processing

If you purchase products in our business premises using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our premises, the amount and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time, which we can assign to the relevant document number, or information that the transaction was not possible or was cancelled. In this regard, please always also note the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis for this transmission is the fulfillment of the contract with you according to Art. 6 para.1 lit. b EU-DSGVO.


25. Use of customer services in the business premises 

In our business premises, you can make use of numerous customer services for which the processing of personal data may be necessary. These include, for example, the collection of an ordered product, the return of products in exercise of a right of return or a warranty claim, the complaint about a service etc. In such cases, we collect - depending on the product concerned or service requested - the following data, whereby mandatory data in forms are marked with an asterisk (*):

  • Name
  • First name
  • Billing and delivery address
  • Company, company address for corporate clients
  • Phone number
  • E-mail address

We use the data to establish your identity. We also need your e-mail address for the communication with you required to provide the customer service. We store this data together with the details, time and content of the requested service in our CRM database (see section 6.1) so that we can ensure correct processing of the requested service. To the extent necessary for the fulfillment of the contract, we will also share the required information with any third-party service providers (e.g., transport companies) or other third parties involved (e.g., manufacturers in the event of a claim under the manufacturer's warranty).

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-DSGVO in the implementation of your request or, if your request concerns the execution of a contract with you, the necessity of implementing the required contractual measures within the meaning of Art. 6 para. 1 lit. b EU-DSGVO.

***

As at, 1 September 2023

© gebana 2024. All rights reserved.
All prices incl. VAT plus shipping costs and, if applicable, cash on delivery charges, unless otherwise stated.