PRIVACY NOTICE
of Thomas Müller Chocolatier
Version dated 23.05.2024
MPORTANT NOTE: The German version of this document will govern our relationship – this translated version is provided for convenience only and will not be interpreted to modify the German version. For the German version, please see https://thomasmuller.ch/de/datenschutz/.
1. General information on our handling of personal data
In this Privacy Policy, we, Thomas Müller Chocolatier (Rheinstrasse 20, CH-8200 Schaffhausen), explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation conditions, and similar documents may regulate specific matters. Personal data refers to all information relating to a specific or identifiable person.
If you provide us with personal data of other persons (e.g., family members, data of colleagues), please ensure that these persons are aware of this Privacy Policy and only share their personal data with us if you are permitted to do so and if the personal data is accurate.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”), and the revised Swiss Data Protection Act (“revDPA”). Whether and to what extent these laws are applicable depends on the individual case.
2. Controller / Data Protection Officer / Representative
The controller responsible for the data processing described here is Thomas Müller Chocolatier. If you have any data protection concerns, you can contact us at the following address:
Thomas Müller Chocolatier
Rheinstrasse 20
CH-8200 Schaffhausen
Email: info@thomasmuller.ch
3. Collection and Processing of Personal Data
We primarily process the personal data that we receive from our customers and other business partners in the context of our business relationships or that we collect from users when operating our websites, apps, and other applications. To the extent permitted, we also obtain certain data from publicly accessible sources (e.g., debt registers, land registers, commercial registers, press, internet) or receive such data from other companies, authorities, and other third parties (such as credit reporting agencies). In addition to the data you provide directly to us, the categories of personal data we receive from third parties about you include, in particular, information from public registers, information that we obtain in connection with official and judicial proceedings, information related to your professional functions and activities (to conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information (to the extent we conduct transactions with you personally), information about you provided to us by persons in your environment (family, advisors, legal representatives, etc.) to conclude or process contracts with you or involving you (e.g., references, your address for deliveries, powers of attorney, information for compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, distributors, and other contractual partners to take advantage of or provide services by you (e.g., payments made, purchases made)), information from media and the internet about you (to the extent indicated in the specific case, e.g., in the context of an application, press review, marketing/sales), your addresses and possibly interests and other sociodemographic data (for marketing), data related to the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content retrieved, used functions, referring website, location information).
4. Purposes of Data Processing and Legal Basis
We primarily process personal data that we receive from our customers and other business partners in the context of our business relationships or that we collect from users when operating our websites and other applications.
If you work for such a customer or business partner, you may also be affected by your personal data in this function. In addition, we process personal data about you and other persons, to the extent permitted and as deemed appropriate, for the following purposes, which we (and sometimes also third parties) have a legitimate interest in corresponding to the purpose:
- Offering and developing our offers, services, and websites, apps, and other platforms on which we are present;
- Communication with third parties and processing their requests (e.g., applications, media inquiries);
- Review and optimization of procedures for needs analysis for direct customer contact and collection of personal data from publicly accessible sources for customer acquisition;
- Advertising and marketing (including the execution of events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object at any time, and we will put you on a blacklist against further advertising mailings);
- Market and opinion research, media monitoring;
- Assertion of legal claims and defense in connection with legal disputes and official proceedings;
- Prevention and investigation of crimes and other misconduct (e.g., conducting internal investigations, data analysis for fraud prevention);
- Ensuring our operations, particularly IT, websites, apps, and other platforms;
- Video surveillance to protect house rights and other measures for IT, building, and facility security and the protection of our employees and other persons and the values entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
- Purchase and sale of business units, companies, or parts of companies, and other corporate transactions and related transfer of personal data and measures for business management and compliance with legal and regulatory obligations and internal rules of Thomas Müller Chocolatier.
If you have given us consent to process your personal data for specific purposes (e.g., when subscribing to newsletters or conducting a background check), we will process your personal data within the framework of and based on this consent, unless we have another legal basis and we need such a basis. Consent given can be withdrawn at any time, but this does not affect data processing already carried out.
5. Cookies / Tracking and Other Technologies Related to the Use of Our Website
We typically use “cookies” and similar techniques on our websites to identify your browser or device. A cookie is a small file sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you visit this website again, we can recognize you, even if we do not know who you are. In addition to cookies used only during a session and deleted after your website visit (“session cookies”), cookies can also be used to store user settings and other information over a certain period (e.g., two years) (“permanent cookies”). You can configure your browser to reject cookies, save them only for a single session, or delete them prematurely. Most browsers are preset to accept cookies.
We use permanent cookies to save user settings (e.g., language, autologin), to better understand how you use our offers and content, and to show you tailored offers and advertising (which can also happen on websites of other companies; however, they will not know from us who you are if we know that at all because they only see that on their website is the same user who was on a specific page of ours). Some cookies are set by us, others by contractual partners we work with. If you block cookies, certain functionalities (e.g., language selection, shopping cart, order processes) may no longer work.
We incorporate visible and invisible image elements in our newsletters and other marketing emails to the extent permitted. When they are retrieved from our servers, we can determine whether and when you opened the email, so we can measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are preset to do so.
By using our websites and agreeing to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not want this, you must set your browser or email program accordingly.
We use the following services on our websites for success and reach measurement (analysis):
- Google Analytics, Google Tag Manager, and Google DoubleClick by Google Ireland Ltd., located at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC, located in the USA, as its processor. The use of our website is monitored and recorded. Google uses permanent cookies and other tracking technologies to collect anonymous information (e.g., the number of website visitors, origin of visitors, length of stay). We generally do not transmit any personal data or complete IP addresses to Google. Google provides us with aggregated information. We cannot identify individual visitors. However, Google can use the data it collects for its own purposes. Google processes your personal data on its own responsibility and according to its privacy policies. For more information on the data collected, refer to Google Ireland Limited’s privacy policy at: https://policies.google.com/privacy.
- Bing Universal Event Tracking (UET) by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We use Bing UET to record user behavior on our website. Microsoft can track usage behavior across multiple electronic devices through cross-device tracking and thus display personalized advertising on or in Microsoft websites and applications. You can disable this behavior at https://choice.microsoft.com/de-de/opt-out. For more information on Bing UET and the data collected, refer to Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
- Facebook Pixel, Facebook Signal, and Facebook Custom Audiences from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries. We use Facebook’s services to record user behavior on our website. For us as the website operator, the collected data is anonymous; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing it to be linked to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with Facebook’s data usage policies. This allows Facebook to display ads on Facebook pages as well as outside of Facebook. As the site operator, we have no influence over this data usage. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. In cases where personal data is collected on our website via the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited are jointly responsible for this data processing. The obligations that we jointly hold are outlined in a joint processing agreement: https://www.facebook.com/legal/controller_addendum. For more information on protecting your privacy, please see Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/. You can deactivate the remarketing function “Custom Audiences” in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this. If you do not have a Facebook account, you can deactivate Facebook’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Currently, we use services particularly from the following providers and advertising partners (insofar as they use your data or cookies set by you for advertising purposes):
- Microsoft Advertising by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In the European Economic Area, the United Kingdom, and Switzerland: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. We use Microsoft Advertising services to advertise our company online (especially for search engine advertising). You can find Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
- Mailchimp by Intuit Mailchimp, 405 N Angier Ave. NE, Atlanta, GA 30308, USA. We use Mailchimp to send newsletters to registered subscribers. https://mailchimp.com/de/legal/
- Google Adsense and Google DoubleClick by Google Ireland Ltd., headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC based in the USA as its processor. We use Google AdSense services to display personalized ads on our website. You can find Google Ireland Limited’s privacy policy at: https://policies.google.com/privacy.
- Google Maps including Google Maps Platform by Google Ireland Ltd., headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC based in the USA as its processor. We use Google Maps services to embed maps on our website. You can find Google Ireland Limited’s privacy policy at: https://policies.google.com/privacy. Information on the use of location data can be found at: https://policies.google.com/technologies/location-data.
- Adobe Fonts by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland. We use Adobe Fonts to embed fonts (including logos, icons, and symbols) into our website. You can find Adobe’s privacy policy at: https://www.adobe.com/ch_de/privacy/policies/adobe-fonts.html.
- Google Fonts by Google Ireland Ltd., headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC based in the USA as its processor. We use Google Fonts to embed fonts (including logos, icons, and symbols) into our website. You can find Google Ireland Limited’s privacy policy at: https://policies.google.com/privacy. Answers to frequently asked questions about data privacy can be accessed here: https://developers.google.com/fonts/faq/privacy.
- YouTube by Google Ireland Ltd., headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. relies on Google LLC based in the USA as its processor. We use YouTube to embed videos into our website. You can find YouTube’s privacy policy at: https://support.google.com/youtube/topic/2803240?hl=de.
We also use plugins from social networks such as Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), and Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) on our websites. This is typically indicated by corresponding symbols. We have configured these elements to be deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and they can use this information for their purposes. The processing of your personal data is then the responsibility of the respective operator according to their privacy policies. We do not receive any information about you from them.
6. Social Media
We may operate pages and other online presences (such as “fan pages,” “channels,” “profiles,” etc.) on social networks and other platforms operated by third parties, and collect data about you as described in section 4 and below. We receive this data from you and the platforms when you interact with us through our online presence (e.g., when you communicate with us, comment on our content, or visit our presence). At the same time, the platforms analyze your use of our online presences and link this data with other data they know about you (e.g., your behavior and preferences). They also process this data for their own purposes under their own responsibility, especially for marketing and market research purposes (e.g., to personalize advertising) and to manage their platforms (e.g., which content they show you).
We process this data for the purposes described in section 4, particularly for communication, marketing purposes (including advertising on these platforms, see section 5), and market research. Information on the relevant legal bases can be found in section 4. Content published by you (e.g., comments on an announcement) may be further distributed by us (e.g., in our advertising on the platform or elsewhere). We or the platform operators can also delete or restrict content from or about you in accordance with the usage guidelines (e.g., inappropriate comments).
For further information on the processing by platform operators, please refer to the privacy policies of the platforms. There you will also find information on which countries process your data, what rights you have (e.g., rights to access and delete your data), and how you can exercise these rights or obtain further information. Currently, we use the following platforms:
- Facebook: https://www.facebook.com/policy.php
- YouTube: https://support.google.com/youtube/topic/2803240?hl=de
- Instagram: https://privacycenter.instagram/policy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy