We value your privacy at ÉTAUDORÉ and are dedicated to being transparent about our privacy policies and how we handle your personal information.
Étaudoré GmbH, a company registered in Switzerland, operates the etaudore.ch / etaudore.com platform.
- the types of personal data collected and processed by ÉTAUDORÉ
- the ways the data is collected
- the purposes for which your personal data is used
- the benefits of processing your personal data and who can access it
- how long we retain and process your personal data
- your rights regarding your personal data
1. Types of personal data collected and processed by ÉTAUDORÉ
1.1 Master data
At ÉTAUDORÉ, we gather essential information about you, which is known as master data. This data includes details such as your title, name, contact information, and date of birth. Whenever you sign up for a customer account or subscribe to our newsletter, we collect your master data to enhance our services.
Master data comprises a variety of essential information, including:
- Personal information, such as salutation, first name, last name, gender, and date of birth.
- Contact details, including your address, email address, phone number, and other relevant information.
- Payment information, such as stored payment forms, bank details, and invoice address.
- Details about your interests, preferences, and language settings.
- Information about your relationship with ÉTAUDORÉ, such as whether you are a customer, visitor, supplier, etc.
- Settings related to advertising and subscribed newsletters.
- Details concerning your account status, such as if your account is inactive or blocked.
- Information about your participation in competitions and prize draws.
- Details of titles and corporate functions for contacts and representatives of our business partners.
- Date and time of registrations.
In certain situations, you may have the option to register for specific online services using a third-party provider's login credentials (such as Facebook). When you choose to do so, we may gain access to certain data that is stored by the third-party provider, such as your username and email address. Typically, you have control over the extent of this information that we receive. More details on this can be found in the Privacy Notice of the relevant third-party provider.
1.2 Contract data
Contract data refers to personal information that is generated during the initiation or fulfillment of a contract. This may include details regarding contract conclusion, any claims, and feedback regarding customer satisfaction. Our contracts are primarily established with customers and business partners. If you agree to contractual offers from us - such as purchasing products - we may also collect transactional and behavioral data.
Contract data encompasses various details, such as:
- Information about the initiation and conclusion of contracts, including the date of contract conclusion and particulars about the contract (such as type and duration).
- Details related to the processing and management of contracts, including contact information, delivery addresses, successful or unsuccessful deliveries, and information regarding payment methods.
- Records of our customer service and support interactions with you, including any technical issues that arise.
- A history of our interactions with you, along with corresponding notes (where applicable).
- Information regarding acquired receivables and benefits (such as discount codes).
- Details of defects, complaints, and contract amendments.
- Records of customer satisfaction surveys that we may conduct.
- Financial information used to assess creditworthiness (such as data that provides insights into the likelihood of payment settlements), reminders, collection procedures, and enforcement of claims.
- Information regarding your interactions with us as a business partner or representative.
- Data related to security checks (such as assessments for fraudulent activity in orders) or other evaluations relevant to establishing or continuing a business relationship.
1.3 Data related to Communication
We may process the contents of communication and information regarding the type, time, and location of the communication when you contact us or when we reach out to you.
Examples of communication data include:
- Contact details such as name, postal address, email address, and phone number
- The content of emails, written correspondence, chat messages, social media posts, comments on a website, etc.
- Feedback and responses provided in customer and satisfaction surveys
- Details of the communication such as its type, time, and, in some cases, location.
1.4 Behavioral and Transactional data
We collect usage data about when you shop with us. This includes when you use our website or purchase something from our online store. If you make purchases on behalf of a third party, we may also collect personal data related to that third party, such as your family members.
Examples of transactional and behavioral data that we collect include:
- Your behavior in online shops, such as ordered and abandoned shopping baskets, wish lists, viewed articles, search items and results, payment method
- Details about your shopping behavior, such as where, how often, what, and at what prices you shop, as well as the method of payment selected.
- Details about your participation in competitions, prize draws, and similar events.
- Details about your use of electronic messages from us, such as whether and when you opened an email or clicked on a link.
- Details about your use of our Wi-Fi networks, such as the date, time, and duration of connection, location of the Wi-Fi network, and data volume.
You can also use some of our services anonymously, such as shopping in our stores without registering. However, even if you are not logged in at the time you visit our websites or use our apps, transactional and behavioral data may still be assigned to your profile.
In addition, we also collect preference data, which includes information about your preferences and interests, such as the type of products or services you are interested in, your preferred language, or your marketing communication preferences. This information is used to personalize our offers and services to better meet your needs.
1.5 Preference Data
We aim to personalize offerings for our customers, which is why we also handle information about your interests and preferences. To achieve this, we may combine transactional and behavioral data with other data and analyze it on both personal and non-personal levels. This allows us to deduce characteristics, preferences, and probable behavior, such as your inclination towards specific products and services.
We may form segments (either permanently or situationally), which are groups of people with comparable traits. We can utilize preference data either on a personal level (e.g., to present you with targeted ads) or on a non-personal level (e.g., for market research or product development). This process is also referred to as "profiling" in technical terms.
1.6 Technical Data
While technical data can be used to collect behavior data, it is usually difficult for us to identify you from this information unless you register for our services. Technical data may include details about your device's configuration, browser, and Internet provider, as well as your location and time of use.
System recordings of accesses and other events, known as log files, are also included in technical data. If you would like more information about how we process technical data, please see our Cookie Notice.
2. How Personal Data is Collected
2.1 Data Provided by You
You often provide us with your personal data, such as your name, email address, or phone number, when you communicate with us or buy our products. You may also share your preferences with us, which we use to tailor our services and offers to your interests.
Some examples of when you may provide us with personal data include:
- Creating an account on our website or app
- Participating in a competition or prize draw
- Contacting us
- Subscribing to our newsletter
Providing personal data is generally voluntary, which means that you are not required to disclose your information to us. However, we need to collect and process certain personal data in order to fulfill our contractual obligations or to comply with legal requirements. For instance, we may need to collect your name and address to deliver a product you have ordered. Without this information, we may not be able to provide you with the services you have requested.
2.2 Collected Data
We may also gather personal data about you in an automated manner, such as when you purchase our products or participate in our offers. This may include behavioral and transactional data, as well as technical data like the time and date of your website visits.
Here are some examples of how we collect personal data:
- You buy a product from our online store
- You visit our website
- You interact with our promotional materials, such as clicking on a link in our newsletter.
We may also derive personal data from information we already have about you by analyzing transactional and behavioral data. This derived data often includes preference data.
For instance, we can examine the transactional and behavioral data gathered during your online purchases, and use that information to make assumptions about your preferences, interests, habits, and affinities. This enables us to provide personalized offers and information tailored to your individual needs and interests. For instance, we can send you a selection of offers that are relevant to your interests.
2.3 Received Data
We may receive personal data about you from various sources other than yourself.
Some examples of third parties who may provide us with your personal data are:
- Swiss Post and address brokers, who may provide us with updated address information
- Online service providers, such as internet analysis service providers
- Authorities, parties, and other third parties in relation to legal or judicial proceedings
Public registers, such as debt collection or commercial registers, or public offices like the Swiss Federal Statistical Office, media outlets, or the internet.
3. Purposes of Personal Data Processing
We value our communication with you and aim to cater to your specific needs. Hence, we process personal data to communicate with you, address your inquiries and offer customer care, especially using communication and master data. Contract data is also used when communication relates to a contract. Moreover, we may personalize the content and timing of messages based on behavioral, transactional, preference, and other data.
The communication purpose includes:
- Responding to inquiries
- Contacting you for queries
- Offering customer service and care
- Delivery of other notifications (e.g., order status information)
- Quality assurance and training
- Any other processing purpose we communicate with you (e.g., contract processing, information, and direct advertising).
3.2 Contract Fulfillment
Our aim is to provide you with excellent service, and to achieve this, we process personal data in relation to the initiation, administration, and implementation of contractual relationships. This may involve activities such as delivering goods, running loyalty programs, or hosting promotions. In order to achieve this, we use data such as master data, communication data, contract data, transactional and behavioral data, and preference data. Personalization of services may also be included in the contract processing.
The purpose of contract processing is generally to ensure that everything necessary or appropriate for concluding, executing, and, if applicable, enforcing a contract is carried out. This includes various processes such as:
- Providing services agreed upon in the contract, such as delivering products or customizing products according to your specifications;
- Providing customer service and enhancing customer satisfaction;
- Building communities and running loyalty programs, which includes redeeming coupons and benefits earned, and crediting them to customer accounts;
- Notifying competition and prize draw winners, and publishing them if necessary;
- Invoicing for services provided and carrying out general accounting;
- Asserting legal claims arising from contracts, including collection and legal proceedings;
- Storing data in compliance with record-keeping obligations;
- Terminating contracts.
3.3 Relationship Management and Marketing
We want to offer you appealing deals and promotions. For this reason, we process personal data to manage our relationship with you and to carry out marketing activities. This may include sending you written or electronic messages and offers, as well as executing marketing campaigns.
To tailor our messages and offers to your interests as much as possible, we may personalize them. To achieve this, we mainly use master data, contract data, communication data, transaction data, behavior data, preference data, as well as image and sound recordings.
Here are some examples of the messages and offers we may send:
- Electronic messages, such as newsletters and advertising emails, and other electronic messages;
- Printed materials, such as advertising brochures and magazines;
- Advertising messages and spots on screens and other advertising spaces;
- Delivery of promotional coupons and promotional codes;
- Invitations to events, prize draws, and competitions.
You can always decline to receive marketing communications from us. For newsletters and other electronic messages, you can generally opt-out of receiving them by adjusting your preferences in your customer account or by following the unsubscribe link included in the message.
By personalizing our messages and offers, we aim to provide you with tailored information that is relevant to your individual preferences and interests. For example, we may send you a customized selection of products that we think are suitable for you or show you online content that is personalized to your preferences. This personalization also enables you to find products that you're interested in more easily from our online catalog.
3.4 Improving Customer Experience: Understanding Market Trends and Developing New Offerings
Our aim is to constantly enhance and improve our offerings to make them more appealing to you. To achieve this, we process personal data for market research and product development purposes. We mainly use master, behavior, transaction, and preference data, as well as communication data and information gathered from customer surveys, other surveys and studies, and other sources such as the media, the Internet, and public sources. Whenever possible, we use pseudonymized or anonymized information for these purposes.
Market research and product development activities include:
- Conducting customer surveys
- Developing our offerings further, updating pricing, and planning campaigns
- Evaluating and improving the acceptance of our offerings and our communication related to them
- Enhancing the user-friendliness of our website
- Developing and testing new offerings
- Reviewing and improving our internal processes
- Conducting statistical evaluations, for instance, assessing information about our customers' interactions with us on an anonymous basis
- Evaluating the behavior of our competitors
- Monitoring the market to understand current trends and developments and respond to them.
3.5 Security Measures and Misuse Prevention
We prioritize the security of our customers, our business partners and our company and take measures to prevent misuse. This includes processing personal data for security purposes such as IT security, fraud prevention, theft prevention, and evidence gathering. All personal data categories listed in Section 1, especially transactional and behavioral data, may be involved. We can acquire, analyze, and store this data for these purposes.
The following are examples of our security and misuse prevention measures:
- Analyzing transactional and behavioral data to identify suspicious behavior patterns and fraudulent activities
- Evaluating system recordings (log files) to monitor system use
- Preventing, mitigating, and detecting cyber and malware attacks
- Analyzing and testing our networks, IT infrastructures, and system errors
- Controlling access to electronic systems (e.g., user account logins)
- Documenting purposes and creating backups
3.6 Compliance with Legal Requirements
In order to ensure compliance with legal obligations and prevent infringements, we process personal data for various purposes. This can include receiving and handling complaints and messages, complying with court and administrative orders. We may also retain metadata from telecommunications traffic as required by law, conduct internal investigations, and assist with external investigations conducted by authorities.
Compliance with statutory requirements involves fulfilling duties of disclosure, providing information, or reporting obligations under supervisory and tax laws. This can include obligations related to archiving, prevention, detection, and investigation of criminal offenses, combating money laundering and financing of terrorism, and more. We may be subject to Swiss law or foreign regulations, as well as self-regulations, industry and other standards, our own corporate governance, or official directives. Regardless of the situation, we strive to ensure that we comply with all legal requirements and adhere to the highest standards of data security.
3.7 Protection of Rights
We aim to safeguard our rights and defend ourselves against potential claims. To achieve this, we may process personal data to protect our legal interests, such as enforcing our claims before authorities and in court or defending ourselves against claims. Depending on the situation, we may process various personal data categories, including contact information and details of events that could lead to a dispute.
The purpose of safeguarding our rights may include:
- Establishing and enforcing our claims, including those of our business partners.
- Defending against claims made against us, our employees, and contractual and business partners.
- Clarifying legal, economic, or other issues related to potential claims.
- Participating in legal proceedings before authorities and courts in Switzerland and abroad. This may involve securing evidence, investigating case prospects, or submitting documents. We may also be required to disclose personal data-containing documents and data carriers to authorities upon request.
3.8 Improving Internal Processes
We might process personal data to ensure efficiency in our internal processes, such as the following
- Archiving and management of data in our archives
- Training and education, which may involve analyzing communication recordings
- Review or execution of corporate transactions, such as mergers and acquisitions
3.9 Hosting and Content Delivery Network (Shopify)
We use the system of Shopify International Limited located at Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland for hosting our website and displaying page content. Data is also transferred to Shopify Inc. at 150 Elgin St, Ottawa, ON K2P 1L4, Canada, as well as Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for processing.
All data collected on our website is processed on the servers of the provider, with whom we have an order processing agreement to protect our visitors' data and prevent unauthorized disclosure to third parties.
To transfer data to the USA, the provider relies on standard contractual clauses of the European Commission that ensure compliance with the European level of data protection. An adequacy decision of the European Commission guarantees an adequate level of data protection for data transfer to Canada.
4. Legal Grounds for Processing Personal Data
Our processing of personal data is based on different legal grounds, depending on the purpose of the data processing. We may process personal data if it's necessary to fulfill an agreement with the person concerned or for pre-contractual measures. Data processing can also be necessary for the exercise of legitimate interests, such as when data processing is a central component of our business activities. Another legal basis for data processing is consent, and we may also process personal data to comply with Swiss and foreign legal obligations.
We have a legitimate interest in processing data for the purposes set out in Section 3, including disclosing data in accordance with Section 5 and its associated objectives. Our legitimate interests include both our own interests and the interests of third parties. These legitimate interests cover a wide range of activities, including supplying products and services to third parties, maintaining good customer support, engaging in advertising and marketing activities, improving existing products and services, facilitating management and communication within the company, combating fraud and preventing and investigating offenses, protecting customers and other individuals, ensuring IT security, safeguarding and organizing business operations, and enforcing or defending legal rights and claims.
Overall, our processing of personal data is designed to comply with Swiss and foreign legal obligations while protecting the privacy and interests of individuals and businesses.
5. Who is your personal data disclosed to?
5.1 Within Étaudoré GmbH
We may share personal data received from you within our company. This may include supporting the personalization of marketing activities, improving products and services, conducting credit assessments, and preventing theft, fraud, and misuse.
For instance, the following data categories may be disclosed internally:
- All personal data categories listed in Section 1 for administering and processing contractual relationships
- Master data, contract data, communication data, transactional and behavioral data, preference data, and findings from surveys for market research and product development purposes, when data personalization is necessary;
- Master data, contract data, communication data, transaction data, behavior data, and preference data for delivering and personalizing offers, communication, and marketing activities;
- Master data, contract data, communication data, transaction data, behavior data, and preference data for preventing fraud and misuse, and for credit assessments;
- Master data, transaction data, and behavior data for theft protection and evidence provision;
- Security-relevant information for security and compliance purposes;
- Information to safeguard rights.
5.2 Outside of Étaudoré GmbH
When using services of companies outside of ÉTAUDORÉ, such as artisans who manufacture and ship our products to customers, we may disclose your personal data to them. However, we require our business partners to process personal data only according to our instructions and implement appropriate measures to ensure data security. We carefully select our service providers and enter into contractual agreements with them to uphold data protection during the entire processing of your personal data.
The following are examples of services in which we may disclose personal data to third-party companies:
- Shipping and logistics - for example, the artisan brand and our shipping provider receive data necessary for the delivery of ordered goods
- Advertising and marketing services, for example, for the delivery of messages and information
- Warranty and return services, for example, for repair in case of defects
- Corporate management services, for example, accounting or asset management
- Payment services
- Collection services
- Insurance service providers
- IT services, for example, in the areas of data storage (hosting), cloud services, the delivery of e-mail newsletters, and data analysis and refinement
- Advisory services, for example, the services of tax advisers, lawyers, management consultants, or advisers in the field of personnel recruitment and placement.
6. What is Our Process for Disclosing Personal Data Outside of Switzerland?
We process and store personal data mostly in Switzerland and the European Economic Area (EEA), as all our product suppliers are based in Europe.
However, there may be instances where we need to disclose your personal data to service providers and other recipients (as listed in Section 5) located outside of Switzerland or the European Economic Area (EEA). Such countries may not have the same level of legal protection for personal data as Switzerland or the EEA. In the event that we transfer your personal data to one of these countries, we ensure that your data is adequately protected.
One way we ensure adequate data protection is by entering into data transfer agreements with the recipients of your personal data in third countries that meet the required level of data protection. These agreements, such as standard contractual clauses approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, can help to compensate for weaker or missing statutory protection. You can find an example of the data transfer agreements typically used by us here. Please note that while these contractual arrangements can mitigate some risks, they cannot entirely eliminate all risks, such as government access abroad. In rare cases, personal data may need to be transferred to countries without adequate protection, for instance if consent is granted, or in connection with legal proceedings abroad.
7. Processing of Sensitive Personal Data
Under data protection law, certain types of personal data are considered sensitive, such as health and biometric information. Some of the categories of personal data listed in Section 1 may also fall under this classification. However, we only process sensitive personal data when it is necessary to provide a service, when you have voluntarily provided us with such data, or when you have given your consent to its processing. Additionally, we may process sensitive personal data when it is necessary to protect our legal rights or to comply with Swiss or foreign legal requirements. In certain situations where the data subject has made the information public or if the law permits, we may also process sensitive personal data.
8. Our Process for Conducting Profiling
The term "profiling" is used to describe the automated processing of personal data for the purpose of analyzing personal aspects or making predictions about an individual's behavior or interests. This type of data processing can be used to derive preference data and is commonly used in various contexts such as analyzing purchase behavior in online shops, website and app usage, attendance at events or participation in competitions, and communication data. Profiling enables us to continuously improve our offers and tailor them to individual needs, present contents and offers that match your needs, show you relevant advertisements and offers, and offer better customer service. We conduct profiling in various areas, such as analyzing shopping behavior in our online shop and assigning specific interests to customers, which allows us to send relevant product suggestions via newsletter. We also analyze customer usage and shopping behavior to offer personalized experiences and tailored offers. However, you have the right to object to profiling in certain cases, as explained in Section 12.
9. Automated Individual Decision-Making
The term "automated individual decision-making" refers to a decision that is made solely by automated means, without any human input, and which has legal consequences or a significant impact on the individual concerned. While we typically do not engage in this type of decision-making, we will notify you if we do decide to use it in specific cases. If you disagree with the decision, you will have the opportunity to request a review by a human decision-maker.
10. Measures Taken to Protect Personal Data
We understand the importance of protecting your personal data and have implemented appropriate technical and organizational security measures to ensure that your information is safeguarded against unauthorized or unlawful processing activities. These measures are aimed at addressing the risk of data loss, unintentional changes, inadvertent disclosure, or unauthorized access. However, it is important to note that despite our efforts, we cannot completely eliminate all security risks, as certain residual risks are unavoidable.
Our security measures include the use of encryption and pseudonymization techniques, record-keeping practices, access restrictions, and data backups. Additionally, we require our contract processors to implement appropriate technical and organizational security measures to protect the personal data they process on our behalf.
11. Duration of Storage and Processing of Personal Data
ÉTAUDORÉ processes and stores personal data for varying lengths of time, depending on the purpose and legal requirements. We keep personal data:
- for the duration of the contractual relationship;
- as long as there is a legitimate interest, such as for enforcing or defending claims, archiving, and IT security;
- as required by law, such as a ten-year retention period for certain data;
After the specified retention periods, we erase or anonymize personal data. However, we may deviate from the following retention periods in some cases:
- Customer accounts: data is retained while the account is active and deleted after a maximum of 30 days after deletion.
- Contracts: master and contract data is generally stored for ten years, and transaction data is kept for ten years as well.
- Technical data: cookies are stored for a few days to two years.
- Communication data: emails, messages, and correspondence are kept for ten years.
12. Understanding Your Rights Regarding the Processing of Your Personal Data
As an individual, you have certain rights in connection with the processing of your personal data. You have the right to object to data processing, particularly if we are processing your personal data based on a legitimate interest, and you meet the other applicable requirements. You can also object to data processing in connection with direct advertising at any time, including profiling related to direct advertising.
Additionally, you have the right to request information about your personal data stored by us, have inaccurate or incomplete personal data corrected, request the deletion or anonymization of your personal data, request that the processing of your personal data be restricted, and receive certain personal data in a structured, commonly used, and machine-readable format.
If processing is based on consent, you also have the right to revoke your consent with effect for the future. Please note that these rights may be restricted or excluded in certain cases to protect other persons, safeguard interests worthy of protection, or comply with legal obligations.
You can exercise these rights via your customer account. You can also contact us if you have questions about the processing of your personal data.
Finally, if you believe that the processing of your personal data may be in breach of applicable law, you have the right to lodge a complaint with a competent supervisory authority.
The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
13. Contact Details
The controller responsible for processing data on the etaudore.ch / etaudore.com website, as defined by the General Data Protection Regulation (GDPR), is Étaudoré GmbH a company organized and existing under the laws of Switzerland, whose registered office is located at: Claridenstrasse 9, 8800 Thalwil, entered into the Commercial Register of Canton of Zurich with UID number CHE-180.978.924, with an email address of firstname.lastname@example.org.