Data Protection Regulation

Important Legal Information

Please read the following privacy policy carefully before proceeding. Persons accessing the website regalin-stmoritz.shop agree to the terms and conditions set forth below.

LATESTA AG, Postfach 52, CH-7500 St. Moritz (hereinafter also referred to as "we") operates the website regalin-stmoritz.shop (hereinafter referred to as "website") and is therefore responsible for the collection, processing, and use of your personal data.

Your trust is important to us, which is why we take data protection seriously and ensure appropriate security through organizational and technical measures. We also train our employees.

If we commission third parties to process personal data, the third party will be carefully selected and must take appropriate security measures to guarantee the confidentiality and security of your personal data.

This privacy policy applies to the REGALIN St. Moritz (regalin-stmoritz.shop) online shop operated by LATESTA AG, but not to third-party websites to which the online shop may link and which are subject to their own privacy policies.

LATESTA AG (Via Somplaz 1, 7500 St. Moritz, Switzerland, E-Mail: contact@regalin-stmoritz.shop) is the data controller within the meaning of applicable data protection laws.

The contact details of our data protection officer are as follows: datenschutz@regalin-stmoritz.shop

 Copyright and Trademark Rights

The entire content of the website regalin-stmoritz.shop is protected by copyright. All rights belong to LATESTA AG or third parties. The elements on the website regalin-stmoritz.shop are freely accessible for browsing purposes only. Reproduction of the material or parts thereof in any written or electronic form is only permitted with express mention of regalin-stmoritz.shop. Reproduction, transmission, modification, linking, or use of the website regalin-stmoritz.shop for public or commercial purposes is prohibited without our prior written consent. Please contact welcome@latesta.ch. The various names and logos on the website regalin-stmoritz.shop are generally registered, protected trademarks. No part of the website regalin-stmoritz.shop is designed in such a way as to grant a license or right to use an image, a registered trademark, or a logo. Downloading or copying the website regalin-stmoritz.shop or parts thereof does not transfer any rights regarding software or elements on the website regalin-stmoritz.shop. We reserve all rights to all elements on the website regalin-stmoritz.shop, with the exception of rights belonging to third parties.

No Guarantee

Although we have taken all due care to ensure the reliability of the information contained on the website regalin-stmoritz.shop at the time of its publication, neither we nor our contractual partners can make any explicit or implicit representation or guarantee (also towards third parties) regarding the accuracy, reliability, or completeness of the information on regalin-stmoritz.shop. Opinions and other information on the website regalin-stmoritz.shop may be changed at any time without notice. We assume no responsibility and give no guarantee that the functions on the website regalin-stmoritz.shop will not be interrupted or that the website or the respective server is free of viruses or other harmful components.

Limitation of Liability

If there is a contractual relationship between us and the user of the website regalin-stmoritz.shop or another of our services, we are only liable for damages caused by gross negligence or intent. We exclude any liability for damages caused by an auxiliary person. We are not liable for lost profits, data loss, or other direct, indirect, or consequential damages resulting from access to elements of the website regalin-stmoritz.shop or their use or the inability to access or use them or from linking with other websites or from technical malfunctions.

General

All personal data collected during registration or arising during use and protected by the FADP will be used exclusively for the purpose of fulfilling the contract, unless, in particular, as set out in this privacy policy, your express consent for further use exists or applicable law permits it.

Our employees are obliged to treat personal data confidentially.

Scope and Purpose of the Collection, Processing, and Use of Personal Data

Which personal data we collect

We may collect master data from you (if applicable, company name, name, address, email, etc.), personal data about the services you have used, your payment transaction data, your online preferences, and your customer feedback. We use this personal data to communicate with you, to conclude and process transactions with you, to operate the technology, for billing, for market research, and for marketing, for example, to analyze our customer base or to contact you by post, email, or text messages.

We may collect personal data about your creditworthiness to protect ourselves against payment defaults.

Your browsing and usage data will also be collected. This includes, for example, the IP address, information on which device, browser, and browser version you used to visit the technology, what operating system you use, from which website or app you accessed our technology via a link, and how you use which elements of the technology. This personal data is stored together with the IP address of your access device. It serves to correctly display and optimize our technology, to protect it against attacks or other legal violations, and to personalize the technology for you.

When visiting regalin-stmoritz.shop

When you visit our website, our servers temporarily store each access in a log file. The following user and device data as well as personal data are recorded automatically and stored by our host (ISP - Internet Service Provider):

  • the IP address of the requesting computer
  • the date and time of access
  • the name and URL of the retrieved file
  • the website from which access was made
  • the operating system of your computer and the browser you use
  • the country from which you accessed and your browser's language settings

The collection and processing of this data serve the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability on a permanent basis, optimizing our internet offering, and for internal statistical purposes. This constitutes our legitimate interest in data processing. The IP address is used in particular to determine the country of residence of the website visitor. Furthermore, the IP address is evaluated for statistical purposes in the event of attacks on the network infrastructure of regalin-stmoritz.shop. In addition, when you visit our technology, we use so-called pixels and cookies to display personalized advertising and to use web analytics services.

When using our contact forms

You have the option of using a contact form to get in touch with us. The following personal data is mandatory:

  • Salutation
  • First and last name
  • Address (street, house number, city, postcode)
  • Telephone number
  • Email address

We will mark the mandatory fields with an asterisk (*). If this information is not provided, it may hinder the provision of our services. The provision of personal data in other fields is voluntary. You can inform us at any time that you no longer wish to process this voluntarily provided personal data (see heading "Your Rights"). The provision of other information is optional and has no influence on the use of our technology.

We only use this data to answer your contact request as best and as personally as possible. You can inform us at any time that you no longer wish to process this voluntarily provided personal data (see heading "Your Rights").

Use of your data for advertising purposes

Creation of pseudonymised usage profiles

To enable personalized marketing in social networks, we use so-called remarketing pixels on the technology. If you have an account with an included social network and are logged in at the time of the page visit, this pixel links the page visit to your account. Further advertising settings can be made in your user profile in the respective social networks. We use re-targeting technologies. Your user behavior on our technology is analyzed in order to then offer you individually tailored advertising on partner websites. Your user behavior is recorded pseudonymously. Most re-targeting technologies work with cookies. You can prevent re-targeting at any time by rejecting or deactivating the relevant cookies in your web browser's menu bar. In addition, you can apply for an opt-out for the aforementioned other advertising and re-targeting tools via the Digital Advertising Alliance website at Optout.aboutads.info. The following remarketing pixels are used on our technology:

Google Tag Manager

We also use Google Tag Manager to manage services for usage-based advertising. The Tag Manager tool itself is a cookieless domain and does not collect any personal data. Rather, the tool triggers other tags that may themselves collect data (see above). If you have deactivated at the domain or cookie level, this remains valid for all tracking tags implemented with Google Tag Manager.

Disclosure of data to third parties

We pass on your personal data if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and LATESTA AG (e.g. collection agencies, authorities or lawyers). We pass on your data to third parties insofar as this is necessary within the scope of using the technology for the provision of the services you require (e.g. outsourcing partners; hosts; companies with whom we offer the services on our technology (e.g. for bookings, rentals, purchases, etc.); companies that advertise on our behalf) and for the analysis of your user behaviour.

When passing on data to third parties, we ensure sufficient contractual guarantees that such a third party uses the personal data in accordance with legal requirements and exclusively in our interest.

If the technology contains links to third-party websites, LATESTA AG no longer has any influence over the collection, processing, storage or use of personal data by the third party after clicking on these links and assumes no responsibility for this.

Transfer of personal data abroad

LATESTA AG is entitled to transfer your personal data to third-party companies (commissioned service providers) abroad, if this is necessary for the data processing described in this privacy policy. These are obliged to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data at all times corresponds to that in Switzerland or the EU.

For the sake of completeness, we would like to point out that in the USA, US authorities have surveillance measures that generally allow the storage of all personal data of all persons whose data have been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion that allows the access of US authorities to the data and their subsequent use to be restricted to very specific, strictly limited purposes that can justify the interference associated with both access to and use of this data. Furthermore, we would like to point out that in the USA, there are no legal remedies available to affected persons from Switzerland that would allow them to obtain access to the data concerning them and to have it corrected or deleted, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly inform the data subject of this legal and factual situation in order to enable an appropriately informed decision regarding consent to the use of their data. We also point out to users that the USA, from the perspective of both Switzerland and the European Union – due to, among other things, the issues mentioned in this section – does not have an adequate level of data protection. Insofar as we have explained in this privacy policy that recipients of data (such as Google, Facebook or Twitter) are based in the USA, we will ensure, either through contractual agreements with these companies or by ensuring the certification of these companies under the EU-US or Switzerland-US Privacy Shield, that your data is protected at an adequate level with our partners.

Data security

We employ appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. You should always treat your information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others. We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.

Cookies

We use cookies in our technology. Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

Session cookies are used to uniquely assign information stored on the server side during a specific access to our website (e.g. in the online shop) to you or your internet browser each time you access it (e.g. so that the shopping cart content is not lost). Session cookies are deleted after closing your internet browser. Permanent cookies are used to store your preferences (e.g. preferred language) across several independent accesses to our website, i.e. even after closing your internet browser, or to enable automatic login. Permanent cookies are deleted according to your internet browser settings (e.g. one month after the last visit). By using our website, but also the corresponding functions (e.g. language selection or autologin), you consent to the use of permanent cookies.

Cookies do not damage your computer's hard drive, nor do these cookies transmit personal data of users to us. For example, we use cookies to better tailor the information, offers and advertising displayed to you to your individual interests. The use does not result in us receiving new personal data about you as an online visitor. Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. Deactivating cookies may mean that you cannot use all the functions of our website. 

Tracking tools

We use so-called tracking tools on our website. These tracking tools monitor your surfing behavior on our website. This monitoring is carried out for the purpose of tailoring and continuously optimizing our website. In this context, pseudonymized usage profiles are created and small text files, which are stored on your computer ("cookies"), are used.

For this purpose, third-party companies may also use permanent cookies, pixel tags or similar technologies. The third-party company does not receive any personal data from us, but can track your use of our website, combine this information with data from other websites that you have visited and which are also tracked by the third-party company, and use these findings for its own purposes (e.g. controlling advertising). The processing of your personal data by the third-party company is then the responsibility of the service provider according to its data protection regulations.

The following tracking tools are used:

Google Analytics

Google Analytics is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Google Analytics on our website to create anonymized evaluations of website usage. For this purpose, a cookie is set and the session log data is sent to Google.

Automated decision-making / profiling

We (or the third parties commissioned by us) generally do not make automated decisions that concern your personal data or have legal effects on you or significantly affect you in a similar way.

Legal basis for processing

The legal bases for our processing of personal data are generally Article 13 paragraph 2 letter a of the FADP and Article 13 paragraph 1 of the FADP. In cases where, due to abuse, payment default or similar legitimate reasons, we wish to refuse to conclude contracts with data subjects in the future, we reserve the right, based on Article 13 paragraph 1 of the FADP, to store the first name, last name, address and email address of a data subject as well as the personal data regarding the circumstances of the respective case in our own interest. The processing of your personal data by other group companies is also based on Article 13 paragraph 1 of the FADP.

Your rights

Upon request, we will inform any data subject whether and, if so, which personal data concerning them is being processed (right to confirmation, right of access). At your request:

  • we will partially or fully refrain from processing personal data (right to withdraw your consent to the processing of non-mandatory personal data; right to be forgotten). We will also inform third parties to whom we have previously forwarded your personal data of your request to be forgotten.
  • we will correct the corresponding personal data (right to rectification)
  • we will restrict the processing of the corresponding personal data (right to restriction of processing; in this case, we will only store your personal data or use it to protect our legal claims or to protect the rights of another person.)
  • you will receive the personal data concerned in a structured, common and machine-readable format (right to data portability).

To make such a request to exercise a right described in this section, for example, if you no longer wish to receive email newsletters from us or wish to delete your account, use the corresponding function on our website or contact our data protection officer or an employee as specified at the beginning of this privacy policy. If we do not comply with a request, we will inform you of the reasons for this. For example, we may lawfully refuse deletion if your personal data is still required for the original purposes (e.g. if you still receive a service from us), if the processing is based on a compelling legal basis (e.g. statutory accounting regulations), or if we have an overriding legitimate interest (e.g. in the event of a legal dispute against the data subject). If we claim an overriding legitimate interest in the processing of personal data, you have the right to object to the processing, provided that a different balance of interests arises from your particular situation compared to other data subjects (right to object). This could be the case, for example, if you are a person of public interest or if the processing creates a risk that you will be harmed by third parties. If you are not satisfied with our response to your request, you have the right to lodge a complaint with a competent supervisory authority, for example in your country of residence or at the registered office of LATESTA AG (right to complain).

Data retention

We process personal data only for as long as this is necessary for the respective purpose or required by law. If you have set up an account with us, we will store the master data provided there indefinitely. However, you can request the deletion of the account at any time (see heading "Your Rights"). We will delete the master data unless we are legally obliged to retain it. In the case of an order without an account, your master data will be deleted after the expiry of the warranty period or the end of the service, insofar as we are not legally obliged to retain it. This deletion can take place immediately or as part of periodically performed deletion runs.

Contract data, which may also include personal data, will be stored by us until the expiry of the statutory retention period of 10 years. Data retention obligations arise, among other things, from accounting regulations and tax law regulations as well as the retention obligation for electronic communication. Insofar as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

If we wish to refuse further business contacts with a data subject due to abuse, payment defaults or other legitimate reasons, we will store the corresponding personal data for five years, or for ten years in the event of a repeat.

Opt-out/Opt-in option

If you do not agree to us evaluating your usage data, you can deactivate this. Tracking is deactivated by placing a so-called "opt-out cookie" on your system. If you delete all your cookies, you should note that the opt-out cookie will also be lost and may have to be renewed.

Please note that the list below is a list of opt-out options, which sometimes also includes trackers used by our partners that are not necessarily used on the website:

  • Browser add-on to deactivate Google Analytics.
  • Deactivating the DoubleClick cookie
  • Deactivating Quandcast targeting
  • Deactivating AddThis targeting
  • Opt-Out for IntelliAd Targeting

A good way to configure a large number of cookies can be found at youronlinechoices.com or at optout.aboutads.info, or install the Ghostery browser extension available for all common browsers.

Final provisions

Should individual parts of this privacy policy be ineffective, this shall not affect the effectiveness of the privacy policy as a whole. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy is published on our website.

This page was last modified on June 10, 2019. If you have any questions or comments about our legal notices or data protection, please contact us at datenschutz@regalin-stmoritz.shop.

 PayPal Privacy Policy

The data controller has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as the payment option during the ordering process in our online shop, data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal usually includes first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data related to the respective order are also necessary for the processing of the purchase contract.

The purpose of transmitting the data is payment processing and fraud prevention. The data controller will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the data controller may be transmitted by PayPal to credit bureaus. This transmission is for the purpose of identity and creditworthiness checks.

PayPal may disclose personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfil contractual obligations or the data is to be processed on behalf of PayPal.

The data subject has the option to revoke consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The applicable PayPal data protection provisions can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 Shopify Privacy Policy

What information does Shopify collect?

Shopify collects names, email address, billing and shipping address, payment methods, company name, phone number, IP address, information about orders, information about the Shopify stores customers visit, and information about devices and browsers used.

  • Shopify uses this information to provide merchants with services, including supporting and processing orders, risk and fraud review, authentication, and payments. Shopify also uses this information to improve services.

Shopify uses some of the personal information REGALIN provides to make automated decisions. For example, Shopify uses certain personal information (e.g., IP addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time.

When does Shopify collect this information?

Shopify collects this information when you use or access a store that uses Shopify services, for example, when you visit a merchant's website, place an order, or create an account on a merchant's website. 

In addition, Shopify works with third parties who provide Shopify with information about merchants' customers, for example, to identify fraudulent cases.

When and why does Shopify share this information with third parties?

Shopify works with a variety of third-party providers and service providers to provide merchants with services. Shopify may share personal information to support these efforts.

Shopify may also share your data in the following circumstances:

  • to prevent illegal activities, suspected fraud, and situations that pose potential threats to the physical safety of an individual. Furthermore, violations of our terms of service or other agreements related to the services are to be investigated and, if necessary, (legally) responded to.
  • If the merchant whose business you visit or access instructs us to transfer this information (e.g., if they enable a third-party app that accesses personal customer data).
  • To comply with legal requirements or respond to court orders, subpoenas, warrants, or other government requests (including compliance with national security or law enforcement requirements).

Personal data may also be disclosed to a company that acquires Shopify's business or the business of a merchant whose store you visit or access, whether through merger, acquisition, bankruptcy, dissolution, restructuring, or a similar transaction or proceeding.

Shopify is responsible for the transfer of all personal data to third parties, the latter in accordance with the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield and PIPEDA (Canada's Personal Information Protection and Electronic Documents Act).

(Source: https://www.shopify.com/legal/privacy)