What is this Data Protection Declaration about?
Trust begins with transparency. In this data protection declaration, we inform you how and why we collect, process and use your personal data. This data protection declaration is based on the European General Data Protection Regulation, GDPR for short, which has established itself as a benchmark for sound and effective data protection.
Who we are:
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profile (hereinafter referred to collectively as “online offer”). With regard to the terms used, such as “processing” or “responsible party”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
Responsible person
Spanischalacarte.com
Schappeweg 5
6010 Kriens
Email: carleana@spanischalacarte.com
Owner: Carleana Rosales de Gall
Tel: + 41 78 400 47 57
For whom is this Data Protection Declaration intended?
Our data processing primarily concerns our customers, but also other persons whose personal data we process, e.g. visitors to our websites, users of our online offers, persons who use our services or who come into contact with our services, etc.
This data protection declaration applies regardless of the channel you use to contact us, by telephone, electronic messaging, on a website, in an app, via a social network, at an event or in any other way. This data protection declaration applies to the processing of both already collected and future personal data. Additional data protection provisions may also apply to certain offers and services (e.g. competitions), which apply in addition to this data protection declaration. We refer you to the additional provisions.
What is “Personal Data” and what does “Processing mean?
The data protection law regulates the processing of personal data. “Personal data” (or “personal data”) provides all information that can be associated with a specific person in relation, i.e. with a man. ” Processing ” (or “processing”) means any handling of your personal data. In Switzerland, information relating to a specific legal person (e.g. information about a contract with a company) is also considered personal data.
The types of data processed:
- Stock data (for example, names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
- Information on what purchases you make, when, how often and by what means of payment, e.g., number of items purchased, item number, invoice amount, etc.
- Information about your behavior in our online store (ordered and abandoned shopping cart, wish lists, items viewed, etc.).
We process this data for the following purposes:
- Provision of the online offer, its functions and contents.
- Answering of contact requests and communication with users.
- Security measures.
- Reach measurement/Marketing
Cookies:
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
How long we retain your data:
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
What rights you have over your data:
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Relevant legal basis
In accordance with Art. 13 DSGVO we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 lit. d DSGVO serves as the legal basis.
Security measures
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and segregation thereof. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted and that we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
Cooperation with contract processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorisation (e.g. if the data must be transferred to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 letter b DSGVO for the fulfilment of the contract), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).
If we commission third parties to process data on the basis of a so-called “contract processing agreement”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer data to a third country if the special requirements of Art. 44 ff. DSGVO. In other words, processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Changes to this data protection declaration
This data protection declaration may be adjusted over time. We actively inform persons whose contact data is registered with us about such changes in the event of significant changes, if this is possible without disproportionate effort. In general, the data protection declaration in the version current at the start of the respective processing applies to data processing.
01/11/2021
