Data Protection Policy of Kirchhofer AG

Version effective as of 08-19-2020

With this Data Protection Policy Kirchhofer AG (hereinafter "we" or "us") describes how personal data are processed, as well as the rights of the data subject.

We take the protection of your personal data and their confidential treatment seriously. Your personal data will be processed in accordance with the legal provisions of the data protection laws of Switzerland, in particular the Federal Act on Data Protection (hereinafter "FADP"), and if applicable the General Data Protection Regulation of the European Union (hereinafter "GDPR"). The terms used, such as "personal data" or their "processing", correspond with the definitions in Article 3 FADP and Article 4 GDPR.

You may be affected by our data processing in your capacity as client, employee or business partner.

If you provide us with personal data of other persons (such as family members, work colleagues, friends), please make sure the respective persons are aware of this Data Protection Policy and only provide us with their data if you are allowed to do so and such personal data is correct.

1. Controller and Data Protection Officer

The controller responsible for data processing is:

Kirchhofer AG
General-Guisan-Strasse 27c
3800 Interlaken
Switzerland

You can contact our data protection officer concerning any data protection related concerns using the following contact details:

admin@kirchhofer.com, Hans Wolf, General-Guisan-Strasse 27b, 3800 Interlaken

2. Collection and Processing of Personal Data

We only process personal data concerning clients that we obtain from our clients directly, such as but not limited to name, address, purchases, information in correspondence, payment details, interests and preferences.

Further, we process various personal data obtained in the context of our business relationships from involved individuals (e.g. employees, representatives of suppliers, subcontractors or others) but also from third parties or publicly accessible sources, such as but not limited to information from public registers, in connection with administrative or court proceedings, information in connection with professional role and activities (e.g., in order to conclude and carry out contracts with employer), information in correspondence, bank details, information given to us by individuals associated with you (employer, family, legal representatives, etc.), contact and other details (e.g. delivery-address, powers of attorney) for the purpose to conclude or process contracts with you or with your involvement, information regarding legal regulations such as anti-money laundering and export restrictions, information regarding insurances, previous purchases, information in the media or internet (e.g. in connection with job applications, etc.).

Further, we collect personal data from users using our websites, in particular but not limited to IP address, information regarding device and settings, date and time of visits, sites and content retrieved, applications used, referring website, localization data).

3. Purposes of Data Processing and Legal Grounds

We primarily use collected personal data in order to conclude and process contracts with our clients and business partners, in particular in connection with trade of watches, jewelry, leather goods, accessories, cosmetic products and treatments, textiles, luggage, souvenirs and gifts as well as distribution of In-House catalogues and organization of events, as well as in order to comply with our domestic and foreign legal obligations.

Further, we use collected data concerning the interests and preferences of our clients for marketing purposes.

In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our legitimate interest, such as:

  • Selling our products and services;
  • communication and processing of requests;
  • advertisement and marketing by regular newsletters, provided that you have not objected. Of course you will find an unsubscribe link in every issue of our newsletter with which you can object to receiving future newsletters;
  • market research and surveillance;
  • asserting legal claims and defense in legal disputes and official proceedings;
  • prevention and investigation of criminal offences and other misconduct;
  • ensuring and developing our operation, including our IT and our websites;
  • video surveillance to protect our domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owned by or entrusted to us
  • acquisition and sale of business divisions, companies or parts of companies and other corporate transactions;
  • compliance with legal and regulatory obligations.

If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters, or entering into a contract with us), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

4. Cookies and iFrames

We typically use "cookies" and similar techniques on our websites, which allow for an identification of your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our website. If you revisit our website, we may recognize you. Besides cookies that are only used during a session and deleted after your visit of the website ("session cookies"), we use cookies in order to save user information for a longer time period ("permanent cookies"). We use permanent cookies for the purpose of saving user configuration (e.g., language, currency, log in) for your convenience, but also in order to understand how you use our services and content, and to show you customized offers and advertisement. Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. If you block cookies, it is possible that certain functions (such as, e.g., language settings, shopping basket, ordering processes) are no longer available to you.

In addition, we use iFrames for direct access to content of the brand owners of our products. If you are directed to the websites of a brand owner via iFrames, you will be made aware by an advance appropriate display. We have no control over this content and any collection of personal data on these websites, which lays in the sole responsibility of the respective brand owner and occurs according to its data protection regulations. We do not receive any information about you from the respective brand owner. If you do not agree, please do not view the contents via iFrames.

5. Recipients of Personal Data and Transfers Abroad

In the context of our business activities and in line with the purposes of the data processing set out in Section 3 of this Data Protection Policy, we may disclose personal data to third parties, insofar as such disclosure is permitted and we deem it appropriate, in order for them to process data for us. In particular, the following categories of recipients may be concerned:

  • our subcontracted service providers (such as e.g. banks, insurances), including IT providers and processors;
  • tour-guides, suppliers and other business partners;
  • domestic and foreign authorities or courts;
  • other parties in possible or pending legal proceedings;

together Recipients.

We store and process your personal data within Switzerland or the European Union. We use subcontractors located in Switzerland and the European Union only and ensure an appropriate level of protection by appropriate contracts or we rely on the statutory exceptions of consent, performance of contracts, or the establishment, exercise or enforcement of legal claims.

6. Retention Periods for your Personal Data

We store and process your personal data until:

  • We become aware that the stored personal data do no longer fulfil the purpose, for which they were collected, including but not limited for the performance of a contractual relationship with us (including statute of limitations, warranty periods, as well as beyond this duration in accordance with legal retention and documentation obligations);
  • we become aware that the stored data are no longer correct; or
  • you have requested deletion or object to further processing.

We assure to respect your request for deletion or objection to further processing insofar as no longer processing or storage is required:

  • For the fulfillment of a contractual relationship with us,
  • during the period in which claims can be asserted against our company; or
  • according to mandatory law provisions (e.g. within the scope of commercial and tax law retention obligations),

in which cases we will only delete your personal data after these periods have expired.

As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized to the extent possible. Shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).

7. Data Security

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as internal policies, training, IT and network security solutions, access controls and restrictions.

8. Data Subjects Rights

As a person affected by the data processing, you have numerous rights at your disposal:

  • Right of access to your personal data: You have the right to receive information about the data we have stored about you.
  • Right of correction: You can demand that we correct incorrect data and delete your data.
  • Restriction of processing: You can demand that we restrict the processing of your data.
  • Data portability: If you have provided us with data on the basis of a contract or consent, you may request that you receive the data provided by you in a structured, common and machine-readable format or that we transfer it to another responsible party.
  • Deletion / Objection to data processing with legal basis "legitimate interest": You have the right to request deletion and object to data processing by us at any time for reasons arising from your particular situation, provided that this is based on the legal basis "legitimate interest". If you exercise your right of deletion or objection, we will delete or stop processing your data, unless we can prove that there are compelling reasons for further processing worthy of protection which outweigh your rights.
  • Revocation of consent: If you have given us consent to process your data, in particular the sending of newsletters, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.
  • Right of complaint to the competent supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data is contrary to the law. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain personal data, or have an overriding interest or need the personal data for asserting claims. Should any costs incur for exercising certain rights, we will notify you thereof in advance.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents). In order to assert these rights, please contact us via the address of our data protection officer provided in Section 1 of this Data Protection Policy.

9. Amendments of this Data Protection Policy

We may amend this Data Protection Policy at any time without prior notice. The current version published on our website shall apply. If the Data Protection Policy is part of an ongoing agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.