Luna Moon Aktiengesellschaft, Hostatt 17, 6365 Kehrsiten, Switzerland is the operator of the website www.lunamoon.ch and the services offered on it and is therefore responsible for the collection, processing and use of your personal data and the compatibility of data processing with the applicable data protection law.
Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. Of course, we observe the legal provisions of the Federal Data Protection Act (DSG), the Ordinance on the Federal Data Protection Act (VDSG), the Telecommunications Act (TCA) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR) .
Please read the information below so that you know what personal data we collect from you and for what purposes we use it.
1. Access to our website
When you visit our website, our servers temporarily store each access in a log file. As with every connection to a web server, the following technical data is recorded without your intervention and stored by us until it is automatically deleted after 12 months at the latest
- the IP address of the requesting computer,
- the name of the owner of the IP address range (usually your internet access provider),
- the date and time of access,
- the website from which access was made (referrer URL), possibly with the search term used,
- the name and URL of the retrieved file,
- the status code (e.g. error message),
- the operating system of your computer,
- the browser you are using (type, version and language),
- das verwendete Übertragungsprotokoll (z.B. HTTP/1.1) und
- the transmission protocol used (e.g. HTTP/1.1) and possibly your username from a registration/authentication
This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and enabling the optimization of our website, as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Article 6 (1) (f) GDPR.
2. Opening a customer account
To place orders in the online shop, you can order as a guest or open a customer account. When registering for a customer account, we collect the following data
- First and Last Name
- Postal address
- Date of birth
- E-Mail Address
The data is collected for the purpose of providing the customer with password-protected direct access to the basic data stored by us. The customer can view his completed and open orders or manage or change his personal data. The legal basis for processing the data for this purpose lies in the consent you have given in accordance with Article 6 (1) (a) of the EU GDPR.
3. Shopping in the online shop
If you would like to place orders in our online shop, we need the following data to process the contract
- First and Last Name
- Billing address (and if different delivery address)
- Payment details (depending on the payment method selected)
- Login data, i.e. e-mail address and password (for registered customers)
Unless otherwise stated in this data protection declaration or if you have not given your separate consent, we will only use the aforementioned data to process the contract, namely to process your orders, deliver the ordered products and ensure correct payment. The legal basis for data processing for this purpose lies in the fulfillment of a contract in accordance with Article 6 (1) (b) EU GDPR.
4. Disclosure of data to third parties
We only pass on your personal data if you have given your express consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
In addition, we pass on your data to third parties insofar as this is necessary in the context of using the website and contract processing (also outside the website), namely the processing of your bookings. This includes the respective transport service provider who was entrusted with the dispatch of ordered goods. The data is passed on for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f EU-DSGVO.
Finally, when paying by credit card on the website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for passing on the data lies in the fulfillment of a contract in accordance with Article 6 (1) (b) EU GDPR. With regard to the processing of your credit card information by these third parties, we ask that you also read the general terms and conditions and the data protection declaration of your credit card issuer.
5. Transfer of data abroad
We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purpose of the data processing described in this data protection declaration. They are committed to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically saves on your computer's hard drive when you visit our website.
Most Internet browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears when you receive a new cookie.
Deactivating cookies may mean that you cannot use all the functions of our website.
For the purpose of the needs-based design and continuous optimization of our website, we use the web analysis service from Google Analytics. In this context, pseudonymised user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 1, we may receive the following information
- navigation path followed by a visitor on the site,
- Duration of stay on the website or subpage,
- the subpage on which the website is left,
- the country, region or city from which access is made,
- End device (type, version, color depth, resolution, width and height of the browser window),
- Returning or new visitor.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.
The provider of Google Analytics is Google Inc., a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.
You can find more information about the web analysis service used on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=de
Our website uses the visitor action pixel from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") to measure conversion.
In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage guidelines. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
You will find further information on protecting your privacy in Facebook's data protection information: https://www.facebook.com/about/privacy/.
You can also use the Custom Audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can opt out of Facebook's behavioral advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
8. Notice Regarding Data Transfers to the United States
For the sake of completeness, we would like to point out to users who are resident or have their registered office in Switzerland that there are surveillance measures by US authorities in the USA, which generally require the storage of all personal data of all persons whose data was transmitted from Switzerland to the USA. allows. This is done without differentiation, limitation or exception based on the objective pursued and without an objective criterion that allows the US authorities to access the data and their subsequent use to be limited to very specific, strictly limited purposes that are consistent with both the able to justify access to this data as well as the interference associated with its use. We would also like to point out that there are no legal remedies in the USA for data subjects from Switzerland that would allow them to access the data concerning them and to obtain their correction or deletion, or no effective judicial legal protection against general access rights from US authorities. We explicitly draw the data subject's attention to this legal and factual situation in order to make an appropriately informed decision to consent to the use of his data.
We would like to point out to users residing in an EU member state that the USA does not have an adequate level of data protection from the point of view of the European Union - among other things due to the topics mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we are either contractually affiliated with these companies or by ensuring that these companies are certified under the EU or Swiss-US -Privacy shield ensure that your data is protected with an appropriate level with our partners.
9. Right to information, correction, deletion and restriction of processing; Right to data portability
You have the right to request information about the personal data that we have stored about you. In addition, you have the right to correct incorrect data and the right to delete your personal data, provided that there is no legal obligation to retain or a legal basis that allows us to process the data.
You also have the right to request that we return the data you have given us (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the e-mail address [firstname.lastname@example.org]. We may, at our discretion, request proof of identity in order to process your requests.
10. Data Security
We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others. We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been sworn to secrecy and to compliance with data protection regulations.
11. Retention of Data
We only store personal data for as long as is necessary to use the tracking and analysis services mentioned above and further processing within the scope of our legitimate interest. We keep contract data longer because this is required by statutory retention requirements. Storage obligations, which oblige us to store data, result from accounting and tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
12. Right to lodge a complaint with a data protection supervisory authority
You have the right to complain to a data protection supervisory authority at any time.
© 2022 Luna Moon AG