With this Privacy Policy we wish to inform you what personal data we process as well as for what purposes and where, especially in connection with our naturapet.swiss website and our other offers. Moreover, with this Privacy Policy we wish to inform you about the rights of the persons whose data we process. 
Individual or additional offers and services may be subject to special, supplementary or further privacy policies and the contents of other legal documents such as General Terms and Conditions (GTC), Terms of Use or Conditions of Participation.
Our offer is subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with its General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures adequate data protection.

1.  Contact addresses

Controller for processing personal data is

NaturaPET AG
Juchstrasse 29
CH-8500 Frauenfeld
info@naturapet.swiss

We will point it out if, in individual cases, there are other controllers for processing personal data.


2.  Processing of personal data

2.1 Definitions

Personal data means any information relating to an identified or identifiable natural person. A data subject is a person whose personal data is processed. Processing means any operation or set of operations which is performed on personal data, regardless of the means and procedures used, especially the storage, disclosure, retrieval, collection, erasure, saving, alteration, destruction or use of personal data. 
The European Economic Area (EEA) consists of the European Union (EU) and the principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) describes the processing of personal data as handling personal data.

2.2  Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Bundesgesetz über den Datenschutz) (DSG) and the regulation relating to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz (VDSG).

We process – if and insofar as the General Data Protection Regulation (GDPR) is applicable – personal data pursuant to at least one of the following legal bases:

 

2.3 Type, extent and purpose

We process those personal data that are necessary in order to provide our offer in a permanent, user-friendly, secure and reliable manner. Such personal data may belong to the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales, contract and payment data.

We process personal data for the duration which is necessary for the respective purpose(s) or is required by law. Personal data whose processing is no longer necessary is anonymised or deleted. Persons whose data we process have a fundamental right to have their data deleted.
We generally only process personal data with the data subject’s consent, except where the processing is permitted for other legal reasons, for example in order to fulfil a contract with the data subject and to take appropriate steps prior to entering into the contract, in order to safeguard our overriding legitimate interests, because the processing is obvious from the circumstances, or after prior information.

Within this framework, we process in particular information provided voluntarily by data subjects themselves when contacting us – for example by letter, e-mail, contact form, social media or telephone – or when registering for a user account. We may, for example, store such information in an address book or by similar means. If you transmit personal data about third parties to us, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our services, if and to the extent that such processing is permitted by law.

Personal data from applications is only processed insofar as such data if required to assess the applicant’s suitability for an employment relationship or for the subsequent execution of an employment contract. The personal data required to carry out an application procedure is derived from the information requested or communicated, for example, in the context of a job description. Applicants have the opportunity to provide additional information for their respective applications voluntarily.

 

2.4 Processing of personal data by third parties, also in foreign countries

We may have personal data processed by commissioned third parties or may process personal data together with third parties or with the help of third parties or transmit personal data to third parties. Such third parties are in particular providers whose services we use. We safeguard an adequate level of data protection with regard to such third parties as well.
Such third parties are generally located in Switzerland and in the European Economic Area (EEA). Such third parties can however also be located in other states and territories on earth or elsewhere in the universe, if their data protection law safeguards an adequate level of data protection according to the estimate of the Federal Data Protection and Information Commissioner(FDPIC) and – if and to the extent that the General Data Protection Regulation (GDPR) applies –  of the European Commission, or if an adequate level of data protection is otherwise safeguarded, for example by means of a contractual agreement to that effect, in particular on the basis of standard clauses, or by means of a corresponding certification. In the case of third parties in the United States of America (USA), certification pursuant to the Privacy Shield can safeguard an adequate level of data protection. By way of exception, such a third party may be located in a country without an adequate level of data protection, insofar as the conditions of data protection law, for example, the express consent of the data subject, are fulfilled.

 

3. Rights of data subjects

Data subjects whose personal data we process have the rights granted in accordance with Swiss data protection law. These include the right of access and the right to rectify, erase or block the personal data processed.

Data subjects whose personal data we process can – if and to the extent that the General Data Protection Regulation (GDPR) applies – be sent confirmation, free of charge, as to whether we are processing their personal data and, if so, demand access to the personal data we are processing, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, erased (“right to forget”), blocked or completed.
Data subjects whose personal data we process can – if and to the extent that the GDPR applies – revoke their consent at any time with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data we process have the right to complain to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet may always involve security risks. We cannot therefore guarantee absolute data security.

Our online offer is accessed by means of transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, HTTPS for short). Most browsers indicate transport encryption with a padlock in the address bar.

Access to our online offer is – the same as generally every use of the Internet –
subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the relevant processing of personal data by secret services, police authorities and other security agencies.

5. Use of the website

5.1  Cookies

We may use cookies for our website. Cookies – both our own cookies (first-party cookies) and cookies of third parties whose services we use (third-party cookies) – are data in text form which are stored in your browser. Cookies cannot run programs or transmit malware like Trojans and viruses.

When you visit our website, cookies can be stored temporarily in your browser as “session cookies” or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies in particular make it possible to recognise your browser the next time you visit our website and thus to measure the reach of our website, for example.
Permanent cookies can, however, also be used for online marketing, for example.
You can completely or partially deactivate or delete cookies in your browser settings at any time. Without cookies, our website may no longer be fully available. We actively ask you – insofar and to the extent necessary – for your express consent to our use of cookies.

In the case of cookies used for success and reach measurement or for advertising purposes, with regard to many services a general objection (“opt-out”) is possible via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log-files

For every access to our website we may collect the following information if your browser transmits it to our server infrastructure or if it can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transmitted, last website accessed in the same browser window (referrer).

We store such information, which may also include personal data, in server log-files. We require such information in order to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus, in particular, the protection of personal data – also by means of third parties or with the help of third parties.

5.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also those of third parties whose services we use – are small, usually invisible images which are automatically generated when you visit our website. With tracking pixels, the same data can be recorded as in server log-files.

6. Third-party services

We use services provided by third parties, in order to provide our offer in a permanent, user-friendly, secure and reliable manner. We also use such services in order to be able to embed content into our website. Such services – for example host and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise they cannot transmit the corresponding content. Such services can be located outside of Switzerland and the European Economic Area (EEA), as long as an adequate level of data protection is guaranteed.

For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources – including cookies, log-files and tracking pixels – in an aggregated, anonymised or pseudonymised form.

6.1 Fonts

We use Google Fonts to embed selected fonts into our website. This does not involve the use of cookies . The service is provided by the American Google LLC and is offered independently of other Google services. The Irish Google Ireland Limited is responsible for users within the European Economic Area (EEA) and in Switzerland. More information about the type, extent and purpose of the data processing can be found in Google’s Privacy and Security Principles and in Google’s Privacy Policy.

6.2 Success and reach measurement

6.2.1  Google Analytics

We use Google Analytics in order to analyse how our website is used. In so doing, we can also measure the reach of our website and the success of links from third parties to our website, for example. The service is provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users within the European Economic Area (EEA) and in Switzerland.

Google attempts to track individual visitors to our website even if they use various browsers or devices (cross-device tracking). This involves the use of cookies. Your Internet Protocol (IP) address is required for Google Analytics, but it is not matched with other data from Google.

In any case, we have your Internet Protocol (IP) address anonymised by Google before the analysis. As a result, your complete IP address is generally not forwarded to Google in the USA.

More information about the type, extent and purpose of the data processing can be found in Google’s Privacy and Security Principles and in Google’s Privacy Policy,in the Google Product Privacy Guide(including Google Analytics), in the information about how Google uses data from websites where Google services are used and in the information about how Google uses cookies. Furthermore, it is possible to use the “browser add-on to disable Google Analytics” and to file an objection against personalised advertising.

6.2.2  Google Tag Manager

We use Google Tag Manager to be able to integrate and manage services for analytics or advertising for Google and third parties on our website. The service is provided by the American Google LLC. The Irish Google Ireland Limited is responsible for users within the European Economic Area (EEA) and in Switzerland. This does not involve the use of cookies, but cookies may be used within the scope of the services integrated and managed with its help. We provide information about the processing of personal data by such services in this Privacy Policy.

7.  Erweiterungen für die Website

7.1 We use the WordPress plug-in Antispam Bee in order to distinguish wanted comments made by human beings from unwanted comments made by bots and other spam. We use Antispam Bee on our own server infrastructure, and this does not involve the use of cookies. Antispam Bee, which is developed in Germany and Switzerland, enables us to fight spam in a way that protects data privacy and yet is efficient and reliable. Further information can be found in the documentation of Antispam Bee.
7.2 We use jQuery, a free-of-charge JavaScript library provided by the JS Foundation. We integrate the library with the help of com so that we can improve the speed of our website. For that purpose, jQuery is delivered via the content delivery network (CDN) StackPath, a service provided by the American StackPath LLC. This may involve the use of cookies. More information about the type, extent and purpose of the data processing can be found in StackPath’s Privacy Statement.

8. Final provisions

We compiled this Privacy Policy with the help of the Data Protection Generator created by Datenschutzpartner.

We can adapt and amend this Privacy Policy any time. We will supply information about such adaptations and amendments in a suitable form, in particular, by publishing each updated Privacy Policy on our website.