data protection

Data protection

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

CosaLinda.ch
Maria Paula Calderon
Mühlebachstrasse 16c
8810 Horgen

Telephone: +41788308959
Email: mariapaula.calderon@cosalinda.ch
Website: http://cosalinda.ch/

General remark

Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act, DSG ) every person has the right to protection of their privacy and protection against misuse of their personal data. The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In collaboration with our hosting providers, we strive to protect the databases as best as possible against unauthorized access, loss, misuse or forgery.

We would like to point out that data transmission over the Internet (e.g. when communicating via email) can have security gaps. Complete protection of data from access by third parties is not possible.

By using this website, you agree to the collection, processing and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to you personally. Personal data, in particular name, address or email address, is collected on a voluntary basis wherever possible. Your data will not be passed on to third parties without your consent.

Processing of personal data

Personal data is all information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and to the extent that the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 Para. 1 GDPR :

• Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Fulfillment of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject take place.
• Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
• Protection of vital interests (Art. 6 para. 1 sentence 1 lit. GDPR) - Processing is necessary to protect the vital interests of the data subject or another natural person.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject are infringing on the protection of personal data Data requirements predominate.
• Application process as a pre-contractual or contractual relationship (Art. 9 Para. 2 lit. b GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are included in the application process (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the person responsible or the data subject can exercise his or her rights under labor law and social security and social protection law and fulfill his or her obligations in this regard, the processing takes place in accordance with Article 9 para 2 lit. b. GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Art. 9 Para. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 Paragraph 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing takes place on the basis of Art. 9 Para. 2 lit. a. GDPR.

We process personal data for the period necessary for the respective purpose or purposes. If retention obligations last longer due to legal and other obligations to which we are subject, we will restrict processing accordingly.

Relevant legal bases

In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 Paragraph 1 Letter a and Article 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures as well Answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art 6 Paragraph 1 Letter f GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transfer of personal data

As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or disclosing or transmitting data to other people, bodies or companies takes place, this only takes place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process the data in third countries with a recognized level of data protection, contractual obligations through so-called standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations exist (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Privacy Policy for Cookies

This site uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online offering. The information stored can include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was watched. The term “cookies” also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following cookie types and functions are distinguished:

• Temporary cookies (also: session or session cookies) : Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.
• Permanent cookies : Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users, which are used to measure reach or for marketing purposes, can also be stored in such a cookie.
• First-party cookies : First-party cookies are set by us.
• Third-party cookies (also: third-party cookies) : Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: essential or absolutely necessary) cookies : On the one hand, cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
• Statistics, marketing and personalization cookies : Cookies are also generally used as part of reach measurement and when the interests of a user or their behavior (e.g. viewing certain content, using functions, etc.) on individual websites are reflected in a user profile get saved. Such profiles are used, for example, to show users content that corresponds to their potential interests. This process is also known as “tracking”, that is, tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our data protection declaration or when obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you agree to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in operating our online offering and improving it) or if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information about the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies ( collectively referred to as “opt-out”). You can first declare your objection using your browser settings, for example by deactivating the use of cookies (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ become. You can also receive further objection information as part of the information about the service providers and cookies used.

Processing of cookie data on the basis of consent: We use a cookie consent management process, in which users consent to the use of cookies or the processing mentioned within the cookie consent management process and providers can be obtained and managed and revoked by users. The declaration of consent is saved so that it does not have to be asked again and to be able to prove consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.

• Types of data processed: usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g. website visitors, users of online services).
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Third Party Services

This website only uses Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services from the American Google LLC use, among other things, cookies and as a result data is transferred to Google in the USA, although we assume that no personal tracking takes place solely through the use of our website.

Google is committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shield.

Further information can be found in Google's privacy policy .

Data protection declaration for contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

Data protection declaration for newsletter data

If you would like to receive the newsletter offered on this website, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter . Further data is not collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

Paid services

In order to provide paid services, we request additional data, such as payment details, in order to process your order or to be able to carry out your order. We store this data in our systems until the statutory retention periods have expired.

Google Ads

This website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.

If you do not want to take part in tracking, you can refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies or setting your browser so that cookies from the domain "googleleadservices.com" are blocked.

Please note that you are not allowed to delete the opt-out cookies as long as you do not want measurement data to be recorded. If you have deleted all of your cookies in your browser, you must set the respective opt-out cookie again.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called “cookie” is stored in the website visitor’s browser, which makes it possible to recognize the visitor when they visit websites that are part of the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to Google, it does not collect any personal data during this process. If you still do not want Google's remarketing function, you can deactivate it by making the appropriate settings at http://www.google.com/settings/ads . Alternatively, you can opt out of the use of cookies for interest-based advertising through the Advertising Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp .

Privacy Policy for Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the person responsible for data processing on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.

We can use the statistics obtained to improve our offering and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under “My data”, “Personal data”.

The legal basis for the use of Google Analytics is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. We would like to point out that on this website Google Analytics is supplemented by the code “_anonymizeIp();” has been expanded to ensure anonymized collection of IP addresses. This means that IP addresses are further processed in abbreviated form, which means that any personal connection can be ruled out. If the data collected about you is personally related, this will be excluded immediately and the personal data will be deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Deactivate Google Analytics .

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics . This means that a so-called opt-out cookie is stored on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your device, these opt-out cookies will also be deleted, meaning that you will have to set the opt-out cookies again if you still want to prevent this form of data collection. The opt-out cookies are set per browser and computer/device and must therefore be activated separately for each browser, computer or other device.

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and, for example, integrate Google Analytics and other Google marketing services into our online offering. The tag manager itself, which implements the tags, does not process any of the users’ personal data. With regard to the processing of users' personal data, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html .

Data protection declaration for Facebook

This website uses functions from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already being transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be assigned to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking a “Like” or “Share” button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy .

Privacy policy for Instagram

Functions of the Instagram service are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign your visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

Privacy Policy for Pinterest

On this website we use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to Pinterest’s server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies.

Further information on the purpose, scope and further processing and use of data by Pinterest as well as your related rights and options for protecting your privacy can be found in Pinterest's data protection information: https://about.pinterest.com/de/privacy-policy

External payment service providers

This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example about

• PostFinance (https://www.postfinance.ch/de/detail/legal-barrier-freedom.html)
• Visa (https://www.visa.de/USE Conditions/visa-privacy-center.html)
• Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
• American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
• Bexio AG (https://www.bexio.com/de-CH/datenschutz)
• Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
• Apple Pay (https://support.apple.com/de-ch/ht203027)
• Stripe (https://stripe.com/ch/privacy)
• Klarna (https://www.klarna.com/de/datenschutz/)
• Skrill (https://www.skrill.com/de/fusszeile/datenpolitik/)
• Giropay (https://www.giropay.de/rechts/datenschutzerklaerung) etc.

As part of the fulfillment of contracts, we use payment service providers on the basis of the Swiss Data Protection Regulation and, if necessary, Article 6 Paragraph 1 Letter b. EU GDPR. Furthermore, we use external payment service providers based on our legitimate interests in accordance with the Swiss Data Protection Regulation and, where necessary, in accordance with Article 6 Paragraph 1 Letter f of the EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract details, amounts and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. As operators, we do not receive any information about (bank) accounts or credit cards, but only information about confirmation (acceptance) or rejection of the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the general terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective website or transaction applications. We also refer to these for further information and to assert cancellation, information and other rights of those affected.

Order processing in the online shop with customer account

We process our customers' data in accordance with the federal data protection regulations (Data Protection Act, DSG) and the EU GDPR, as part of the ordering processes in our online shop, to enable them to select and order the selected products and services, as well as their payment and delivery , or to enable execution.

The data processed includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services as part of the operation of an online shop, billing, delivery and customer services. We use session cookies, for example to store the contents of the shopping cart, and permanent cookies, for example to store the login status.

Processing is carried out on the basis of Article 6 Paragraph 1 Letter b (Execution of ordering processes) and c (Lawfully required archiving) GDPR. The information marked as necessary is required to establish and fulfill the contract. We only disclose the data to third parties as part of delivery, payment or within the scope of legal permissions and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).

Users can optionally create a user account, in particular by being able to view their orders. As part of registration, the required mandatory information is provided to users. The user accounts are not public and cannot be indexed by search engines, such as Google. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax law reasons in accordance with Article 6 (1) (c) GDPR. Information in the customer account remains until it is deleted and then archived in the event of a legal obligation. It is the users' responsibility to back up their data before the end of the contract if the contract is terminated.

As part of the registration and re-registration process as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR.

Deletion takes place after statutory warranty and comparable obligations have expired; the necessity of storing the data is checked at irregular intervals. In the case of legal archiving obligations, deletion takes place after they have expired.

Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly be liable for damages.

General disclaimer

All information on this website has been carefully checked. We strive to keep our information up to date, accurate and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, accuracy and timeliness of information, including of a journalistic-editorial nature. Liability claims for material or immaterial damage caused by the use of the information provided are excluded unless there is evidence of intentional or grossly negligent fault.

The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the content of this website. Use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, accidental, predetermined or consequential damages, which are allegedly caused by visiting this website and therefore assume no liability for them.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be reached via external links on this website. The operators are solely responsible for the content of the linked pages. The publisher thereby expressly distances itself from all third-party content that may be relevant to criminal or liability law or that violate common decency.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. To the extent that the Privacy Policy is part of an agreement with you, in the event of an update, we will inform you of the change by email or other appropriate means.

Questions for the data protection officer

If you have any questions about data protection, please write us an email or contact the person responsible for data protection in our organization listed at the beginning of the data protection declaration directly.

Source: SwissLawyer