Appleladen.ch - Data Protection / Privacy

Privacy Policy

Appleladen.ch, Kasimir-Pfyffer-Strasse 12, 6003 Lucerne, is the operator of the websiteappleladen.ch and the services offered on it and is therefore responsible for the collection, processing and use of your personal data and for ensuring that data processing complies with applicable data protection law.

Your trust is important to us, which is why we take data protection seriously and ensure appropriate security. Naturally, we comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA), and other applicable data protection regulations under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

To ensure you are aware of what personal data we collect from you and for what purposes we use it, please take note of the information below.

1. Visit our website

When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected automatically, as is standard practice with any connection to a web server, and stored by us until its automatic deletion after a maximum of 12 months:

  • the IP address of the requesting computer,
  • the name of the owner of the IP address range (usually your Internet access provider),
  • the date and time of access,
  • the website from which the access was made (referrer URL), possibly including the search term used,
  • the name and URL of the retrieved file,
  • the status code (e.g. error message),
  • your computer's operating system,
  • the browser you are using (type, version and language),
  • the transmission protocol used (e.g. HTTP/1.1)

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing a connection), ensuring the ongoing security and stability of our systems, optimizing our online services, and for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Article 6(1)(f) GDPR.

2. Opening a customer account

To place orders in the online shop, you can order as a guest or create a customer account. When registering for a customer account, we collect the following data:

  • Salutation
  • First and Last Name
  • Postal address
  • e-mail address
  • Telephone (optional)
  • password

The data is collected for the purpose of providing the customer with password-protected direct access to their basic data stored with us. The customer can view their completed and open orders, or manage and change their personal data.

The legal basis for processing the data for this purpose is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR.

3. Shopping in the online shop

If you wish to place orders in our online shop, we require the following data to process the contract:

  • First and Last Name
  • Billing address (and, if different, delivery address)
  • Payment details (depending on the chosen payment method)
  • Login details, i.e., email address and password (for registered customers)

Unless otherwise stated in this privacy policy or you have given your separate consent, we will only use the aforementioned data to process the contract, in particular to process your orders, deliver the ordered products and ensure correct payment.

If you provide us with personal data of other persons, e.g. data about the recipient of a gift, please only disclose the recipient's personal data to us if you are entitled to do so under applicable data protection laws and if the other person agrees that you may provide us with the personal data for the purposes of processing.

The legal basis for data processing for this purpose lies in the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

4. Disclosure of data to third parties

We will only disclose your personal data if you have expressly consented, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.

Furthermore, we share your data with third parties to the extent necessary for the use of the website and the processing of your order (including outside the website), specifically for processing your order or support request. This includes the respective shipping provider responsible for delivering ordered goods and the respective external service provider entrusted with processing your support request. The website is hosted on servers in Switzerland. The data is shared for the purpose of providing and maintaining the functionality of our website. This constitutes our legitimate interest within the meaning of Article 6(1)(f) GDPR.

If we provide services in advance, e.g., for purchases on account, we may, to protect our legitimate interests, obtain a credit report from a credit agency based on mathematical-statistical methods. This also applies to age-restricted items. For this purpose, we transmit the necessary personal data to the credit agency CRIF AG, Hagenholzstrasse 81, 8050 Zurich, and use the information obtained about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. Our legitimate interest in data processing for the purposes described above is based on Article 6(1)(f) GDPR.

Finally, when you pay by credit card on our website, we forward your credit card information to your credit card issuer and the credit card acquirer via the
payment service providers Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich;
Stripe Switzerland GmbH, Bahnhofstrasse 100, 8001 Zurich;
and PayPal Pte. Ltd., 5 Temasek Boulevard, #09-01 Suntec Tower Five, 038985 Singapore
. If you choose to pay by credit card, you will be asked to enter all the required information. The legal basis for this data transfer is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR. Regarding the processing of your credit card information by these third parties, please also read the terms and conditions and privacy policy of your credit card issuer.

5. Transfer of data abroad

We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of the data processing described in this privacy policy. These companies are bound by the same data protection obligations as we are. If the level of data protection in a country does not correspond to Swiss or European standards, we contractually ensure that the protection of your personal data is equivalent to that in Switzerland or the EU at all times.

6. Cookies

Cookies help in many ways to make your visit to our website easier, more enjoyable, and more meaningful. Cookies are information files that your web browser automatically saves to your computer's hard drive when you visit our website.

We use cookies, for example, to offer you the shopping cart function across multiple pages and to temporarily save your entries when filling out a form on the website, so that you don't have to re-enter the information when visiting another page. Cookies may also be used to identify you as a registered user after you register on the website, without requiring you to log in again when visiting another page.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears when you receive a new cookie. The following pages explain how to configure cookie settings in the most common browsers:

Disabling cookies may prevent you from using all the features of our website.

7. Tracking

For the purpose of tailoring our website to user needs and continuously optimizing it, as well as managing advertising measures on external platforms, we use so-called tracking links, e.g. for Google Analytics.

Tracking links are used for:

  • Web Analytics Tools
    For the purpose of tailoring our website to user needs and continuously optimizing it, we use the web analytics service Google Analytics. In this context, pseudonymized user profiles are created and small text files that are stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there, and processed for us. In addition to the data listed under point 1, we may receive the following information:
    • Navigation path that a visitor follows on the site,
    • Time spent on the website or subpage,
    • the subpage on which the website is exited,
    • the country, region or city from which access is made,
    • Device (type, version, color depth, resolution, width and height of the browser window) and
    • Returning or new visitor.
    The information is used to evaluate website usage, compile reports on website activity, and provide other services related to website and internet usage for market research and to tailor this website to user needs. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf.
  • Google Analytics
    is provided by Google Inc., a company of the holding company Alphabet Inc., headquartered in the USA. Before data is transmitted to the provider, the IP address is shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area by activating IP anonymization ("anonymizeIP") on this website. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains a sufficient level of data protection. According to Google Inc., the IP address will under no circumstances be associated with other data relating to the user.
    Further information about the web analytics service used can be found on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analytics service can be found at http://tools.google.com/dlpage/gaoptout?hl=de .
  • Google Ads:
    We use Google Ads Customer Match. This feature within Google Ads helps us reach and personalize advertising more effectively with potential and existing customers in Google Search, the Google Shopping tab, Gmail, YouTube, and across Google's advertising networks. Google Ads Customer Match is primarily used for remarketing, campaign optimization, and increasing conversion rates.
    Personalizing Google ads is based on assigning users to a target audience. This personalization is done by Google using information from your Google account and based on your activity and interests when using Google products and with Google's advertising partners. As a Google advertising partner, using Google Ads Customer Match allows us to target our advertising more effectively, ensuring, for example, that the ads displayed via Google Ads are more precisely tailored to the specific interests derived from your use of our shop. Google Ads Customer Match does not require any additional cookies for this purpose. Google requires a list of customer data from us to determine whether you are already known to Google as a user. However, no profiles are created or expanded in this process. Google does not receive your actual data (such as email address or phone number), but only so-called hashed codes generated using one-way encryption. Google compares these hashed codes with its own user database. Google cannot decrypt these codes unless the corresponding data is already present in its own user database. Therefore, Google does not receive the customer data uploaded during the upload process, but can only determine whether the data is already in Google's database. If the data is not already in Google's database, the hashed codes generated from the customer data cannot be decrypted. Otherwise, the codes already known to Google and the hashed codes match, allowing for the creation of target groups. After the target groups are created, the uploaded data is deleted.

8. Notice regarding data transfers to the USA

For the sake of completeness, we would like to inform users residing or domiciled in Switzerland that US authorities have surveillance measures in place that generally allow the storage of all personal data of individuals whose data has been transferred from Switzerland to the USA. This occurs without differentiation, limitation, or exception based on the pursued objective and without any objective criteria that would allow US authorities' access to and subsequent use of the data to be restricted to very specific, strictly limited purposes that could justify the interference associated with both accessing and using this data. Furthermore, we would like to point out that in the USA, individuals from Switzerland have no legal remedies that would allow them to access, correct, or delete their data, nor is there effective judicial protection against the general access rights of US authorities. We explicitly inform data subjects of this legal situation so that they can make a correspondingly informed decision regarding their consent to the use of their data.

Users residing in an EU member state are advised that, from the European Union's perspective, the USA does not provide an adequate level of data protection – due, among other things, to the issues mentioned in this section. Where this privacy policy indicates that recipients of data (such as Google) are located in the USA, we will ensure that your data is adequately protected by our partners, either through contractual agreements with these companies or by ensuring their certification under the EU-US or Swiss-US Privacy Shield.

9. Right to information, rectification, erasure and restriction of processing

You have the right to request information about the personal data we hold about you. You also have the right to correct inaccurate data and the right to have your personal data deleted, provided that this does not conflict with any legal obligation to retain the data or a legal basis that permits us to process it.

You can contact us for the aforementioned purposes via the email address You can reach us. We may, at our discretion, require proof of identity to process your requests.

10. Data security

We employ appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always keep your login details confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal data protection very seriously. Our employees and the service providers we commission are bound by confidentiality agreements and are obligated to comply with data protection regulations.

11. Data Retention

We store personal data only as long as necessary to use the aforementioned tracking and analysis services and for other processing activities within the scope of our legitimate interests. Contractual data is retained for a longer period due to legal retention requirements. These retention obligations arise from accounting and tax regulations. According to these regulations, business correspondence, concluded contracts, and accounting documents must be retained for up to 10 years. If we no longer require this data to provide services to you, the data will be restricted. This means that the data may then only be used for accounting and tax purposes.

12. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority at any time.

As of August 30, 2023