Privacy Policy
1. What Is This Privacy Policy about?
a. The protection of data is a matter of trust and your trust is important to us. Trust begins with transparency. In this Privacy Policy, we therefore inform you how and why we collect, process, and use your personal data. This Privacy Policy is based on the European General Data Protection Regulation – briefly GDPR – which has established itself internationally as a benchmark for strong, effective data protection.
2. Who Are We?
a. “Bellaland GmbH” ("we" or "us") is generally responsible for the data processing activities covered by this Privacy Policy.
b. Should you have any questions about this Privacy Policy or the processing of your personal data, please do not hesitate to contact us as follows:
i. Address
ii. Email ID
iii. Phone Number
3. For Whom Is this Privacy Policy Intended?
a. Our data processing primarily concerns our customers, but also other persons whose personal data we process. This Privacy Policy applies regardless of which channel you use to contact us, e.g. in our shops, by telephone, in an online shop, on a website, in an app, via a social network, at an event etc. This Privacy Policy applies to the processing of personal data that has already been collected as well as personal data that will be collected in future.
4. What Is “Personal Data” and What Does “Processing” Mean?
a. The rules governing the processing of personal data are laid down in data protection legislation. This also applies to this Privacy Policy. “Personal data” means any information relating to an identifiable natural person, i.e. an individual. "Processing" refers to any use of your personal data. In Switzerland, information relating to a particular legal entity (e.g. details about a contract with a company) also constitutes personal data.
5. Which Personal Data Do We Process and for What Purposes?
a. We process various personal data for different reasons and purposes. You can find further details in this section and often in the general terms and conditions, terms of participation, and additional privacy policies.
b. We generally collect your personal data directly from you, for example when you transfer data to us or communicate with us. As a rule, you are not obliged to disclose personal data to us unless such disclosure is necessary to fulfill a contractual obligation. However, we are often unable to provide an offer or service if you do not provide us with the necessary information.
c. Besides yourself, personal data may also be collected from other sources, for example from other Group companies or from third parties such as credit reference agencies, media monitoring agencies, providers of online services such as providers of web analytics services, financial service providers when payments are involved, mailing list brokers, public registers, the media, or the Internet, etc.
d. For example, we process personal data, which may include sensitive personal data, in the following situations for the following purposes:
i. Communications: We process personal data if you contact us or we contact you, for example, when you contact Customer Services, if you write to us, or if you call us. In such cases, details such as your name and contact data, the time of the notifications in question, and their content, which may also include the personal data of third parties, generally suffice. We use this data to ensure that we can provide you with information or notifications, deal with your concerns, and communicate with you, as well as for quality assurance and training purposes.
ii. Purchase of goods and use of services: We also process personal data in connection with products and services supplied by us, for example, when you buy a product from us or use a service. We process your personal data, for instance, in the context of processing orders, performing contracts, or for delivery and invoicing purposes. When you make purchases in online shops or use a bonus or loyalty card, we also collect and process personal data relating to your credit rating as well as shopping and payment patterns. For example, we collect credit reports from third-party providers for the purpose of determining whether to allow you to buy on account and we also process information with respect to the purchases you make, when and how often you make them, and the stores or online shops where you purchase items. This information helps us understand your preferences for and interest in certain products or services, enabling us to provide targeted information regarding other offers and align our offerings more precisely with demand.
iii. Visiting websites: When you visit our websites, we will process personal data based on the offer and functionality involved. This includes technical data, for example information on the time you accessed our respective website, the duration of the visit, the pages accessed, and the device used (e.g. tablet, PC, or smartphone). We use such data for the purposes of providing the website, for reasons of IT security, and to improve the user-friendliness of the website. We also use "cookies" and similar technologies. Cookies are files that are stored on the end device when you visit our website. In many cases, they are required for the functionality of the website and are deleted automatically following the visit. Other cookies remain saved for a certain period and are used to personalize the offering or allow us to display targeted advertisements to you. We also use cookies and technologies from third-party providers in the US or around the world, for example for analysis services from providers such as Google or additional functions from providers like Facebook, which may lead to the provider in question obtaining data about you. When you have a customer account, we can assign usage data to your profile that helps us to derive information about your preferences for and interest in specific products or services. You have the option to reject or deactivate cookies and thus prevent the processing of data generated from a cookie by configuring your end device accordingly or installing an appropriate browser add-on.
iv. Online offers and apps: We will also process personal data when you use online offers in order to provide, improve, and enhance these offers. This also applies even if you do not purchase any goods and services. Depending on the type of offer, this information may include details of customer accounts and the use of such accounts as well as information on the installation and use of mobile apps. Here, we also process personal data to personalize the offering and to provide you with offers in line with your interests and affinities.
v. Information and direct marketing: We process personal data, to the extent permitted by law, in order to send information and advertising messages either in writing or electronically, provided you have not objected to this processing. We process, for example, your contact data so that we can personalize the relevant messages and send them to you. [In the case of email newsletters, push notifications, and other electronic messages, we may also process information regarding your use of the messages (e.g. whether you downloaded embedded images in an email, i.e. that you opened the email). We do so in order to get to know you better, to gear our offers more precisely towards your needs, and to improve our offers in general. If you do not agree to the processing of usage data, you may generally block such processing in your email program.]
vi. Accessing our premises: We will also process personal data in relation to any customer events held by us (e.g. advertising events, sponsorship events, and cultural and sporting events). This includes the participants' or interested parties' names and mailing or email addresses as well as any further information that may be required, for example your date of birth. We will process this data not only for the purpose of holding customer events, but also to allow us to contact you directly and get to know you better. Further information in this regard can be found in the relevant terms of participation.
vii. Customer events: We will also process personal data in relation to any customer events held by us (e.g. advertising events, sponsorship events, cultural and sporting events). This includes the participants' or interested parties' names and mailing or email addresses as well as any further information that may be required, for example your date of birth. We will process this data for the purpose of holding customer events, but also to allow us to contact you directly and get to know you better. Further information in this regard can be found in the relevant terms of participation.
viii. Market research and media monitoring: We process personal data for market and opinion research purposes. To do so, we may use information about your shopping habits (further information in this regard can be found under "Purchase of goods and use of services) as well as information from customer surveys, questionnaires and studies, and other information, for example from the media, social media, the Internet, and other public sources. We may also make use of media monitoring services or conduct our own media monitoring, and in doing so process personal data.
ix. Contact with our company as a business partner: We work with various companies and business partners, for example with suppliers, commercial purchasers of goods and services, cooperation partners, and service providers (e.g. IT service providers). For purposes relating to contract initiation and performance, planning, and accounting, as well as for other purposes associated with the respective contract, we may also process personal data pertaining to contacts at the relevant companies, for example their name, role, title, and communications with us. Depending on the area of activity, we are also required to check the company in question and its employees in more detail, for example by performing a security check. In this case, we will collect and process additional information, including information from third parties, where applicable. We may also process personal data to improve our customer focus, levels of customer satisfaction, and customer retention (customer/supplier relationship management).
x. Corporate transactions: We may also process personal data for the purposes of performing preparatory work and undertaking corporate takeovers and sales, as well as purchases and sales of assets. The subject matter and scope of any data collected or transmitted will depend on the stage and object of the transaction.
xi. Compliance with legal requirements: We process personal data in order to comply with legal requirements and to prevent and identify breaches. This includes, for example, the acceptance and processing of complaints and other notifications, internal investigations, and the disclosure of documents to an authority if we have a material reason or are legally obliged to do so. In doing so, we may also process the personal data of third parties.
xii. Safeguarding of rights: We may process personal data in various forms in order to safeguard our rights, for example to enforce our rights both in or out of court and before national or foreign authorities, or to defend against any claims. In doing so, we may process your personal data and third-party personal data and disclose personal data to third parties, either in Switzerland or abroad, to the extent required and permitted.
6. How Do We Process Personal Data When You Visit Our Websites?
a. Which personal data do we process?
i. Technical data (log files): When you visit our websites, we will process personal data based on the offer and functionality involved. For technical reasons, this initially includes data automatically collected and stored in log files. This includes, for example, the IP address and device-specific details such as the MAC address and operating system of the terminal (e.g. tablet, PC, or smartphone), details of your Internet service provider; details of the accessed contents and the date and time of the website visit or detail of the logins.
ii. Cookies and similar technologies: We use cookies depending on the functionality. Cookies are small files that our website automatically creates in your browser and that are saved on your end device. Cookies contain a unique number (an ID) that we can assign to a specific Internet user (generally without knowing the user's name, however) as well as, depending on the purpose, further information, for example about accessed pages and the duration of the visit to each page.
7. What Is The Legal Basis for Processing Personal Data?
a. Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if:
i. doing so is necessary to fulfill an agreement with the data subject or for pre-contractual measures upon your request (e.g. to review your request for an agreement);
ii. doing so is necessary to safeguard legitimate interests;
iii. doing so is based on effective consent that has not been revoked; and/or
iv. doing so is required for compliance with legal obligations.
b. We generally process sensitive personal data only based on express consent unless the relevant data has clearly been disclosed publicly by the person in question or the processing is required to safeguard rights or comply with legal obligations.
8. To Whom Do We Disclose Personal Data?
a. Your personal data is disclosed to other companies exclusively to the extent described below. We never sell your personal data to third parties or use it for commercial purposes.
b. Further we may disclose your personal data to companies, should they supply services to us. In selecting contract data processors and by entering into appropriate agreements, we ensure that privacy is safeguarded throughout the processing of your personal data, including when data is processed by contract data processors. Our contract data processors are under an obligation to process personal data solely on our behalf and in accordance with our instructions, as well as to implement suitable technical and organizational measures with respect to data security. This primarily concerns services in the area of credit assessments, for example if you want to make a purchase on account, and of IT services, for example in the areas of hosting, cloud services, the delivery of email newsletters, and data analysis and enhancement, etc.
c. In individual cases, it is also possible that we disclose personal data to recipients outside the companyp for their own purposes, for example if we consider this to be legally necessary or necessary to protect our interests. In such cases, the data recipient is legally responsible as the controller of the data. This would apply in particular in the following circumstances:
i. We may disclose your personal data to third parties (e.g. to the courts and authorities within Switzerland and abroad) if this is required by law or by the authorities. We also reserve the right to process your personal data in order to satisfy a court order or for the purpose of enforcing or defending legal rights or claims or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.
ii. If we transfer claims against you to other companies, such as collection agencies.
iii. If we review or conduct transactions including company mergers or the acquisition or sale of individual parts of a company or its assets, we may, under certain circumstances, be required to transfer personal data to another company in connection with the transaction in question, or become ourselves the subject of a transaction.
9. When Do We Transfer Your Personal Data Abroad?
a. The recipients of your personal data may also be located abroad – including outside of the EU or EEA. The countries in question may not have laws in place that afford your personal data the same level of protection as provided in Switzerland or in the EU or the EEA. If we transfer your personal data to such a country, we are required to ensure the protection of your personal data in an appropriate manner. One means of doing so is to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contract clauses. Data may also be transferred to countries without adequate protection in exceptional cases, for example if consent is expressly granted or to enforce, exercise, or defend legal rights.
10. How Do We Protect Your Personal Data?
a. We take appropriate technical measures (e.g. encryption, pseudonymization, record keeping, access restrictions, data backups) and organizational measures (e.g. instructions issued to employees, confidentiality agreements, audits) in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. In general, however, security risks cannot be completely ruled out; certain residual risks are unavoidable in most cases.
11. For How Long Do We Store Your Personal Data?
a. We store your personal data in a personalized form for as long as it is required for the specific purpose for which it was collected. In the case of contracts, personal data is stored for at least the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security. We also store your personal data if it is subject to a statutory retention requirement. In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g. for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.
12. What Rights Do You Have in Connection with the Processing of Your Personal Data?
a. You have the right to object to data processing if we process your personal data on the basis of a legitimate interest. You can also object to data processing in connection with direct advertising (e.g. advertising emails) at any time. This also applies to profiling, to the extent this is related to direct advertising.
b. Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:
i. Right to information: You have the right to transparent, easy-to-understand, and comprehensive information with respect to how we process your personal data and what rights you have with regard to the processing of your personal data. We meet this obligation by providing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
ii. Right of access: You have the right to request access to any your personal data stored by us at any time free of charge. You therefore have the opportunity to check what personal data about you we process. In certain cases, the right of access may be restricted or excluded, in particular if there is any doubt concerning your identity or this is required to protect other individuals.
iii. Right to rectification: You have the right to have inaccurate or incomplete personal data rectified or completed and to be informed about such rectification.
iv. Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer required for the intended purposes, you have effectively withdrawn your consent or have objected to the processing of your data, or the personal data is being processed unlawfully. In certain cases, the right to have personal data erased may be excluded, especially if the processing activity is required to exercise the right of freedom of expression or to safeguard legal claims.
v. Right to restriction of processing: Under certain conditions, you have the right to request that the processing of your personal data is restricted. This may mean, for example, that personal data is (temporarily) no longer processed or that published personal data is (temporarily) removed from a website.
vi. Right to data portability: You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format if the specific data processing activity is based on your consent or is required for the performance of a contract, and the processing is performed with the assistance of automated processes.
vii. Right to withdraw consent: If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. Should you withdraw your consent, this will only apply to the future; data processing activities performed in the past on the basis of your consent will not become unlawful due to you withdrawing consent.
c. You are also free to lodge a complaint to a competent supervisory authority with respect to the manner in which your personal data is processed if you believe that the data processing breaches applicable law. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
13. How Can You Contact Us?
a. If you wish to exercise any of the above rights or if you have any questions or concerns relating to this Privacy Policy or the processing of your personal data, please do not hesitate to contact us as specified in section 2. We are best able to handle your concerns via this channel.
14. Changes to this Privacy Policy
a. This Privacy Policy may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. We will actively inform individuals whose contact details are registered with us of any material changes, provided that we can do this without disproportionate effort. Generally speaking, the version of the Privacy Policy in effect at the time at which the data processing activity in question commences is applicable.