Privacy Policy

This privacy policy ("Privacy Policy") informs our website visitors, customers, and business partners (or persons acting on behalf of our customers and business partners) ("you") about how Optik Foto Rutz AG processes personal data ("data") in accordance with the Swiss Federal Act on Data Protection ("FADP") and the European General Data Protection Regulation (“GDPR”) when you use our website, when you use one of our services/products (“Services”), when you supply us with services/products or in any of the other situations set out in the section Processed Data, Purpose and Legal Basis. Within the scope of the GDPR, references to the GDPR in this privacy policy are to be understood as references to the corresponding provisions of the GDPR. 1. Controller and Contact Information The controller responsible for data processing is Optik Foto Rutz AG. Email: optik@rutz-stmoritz.ch 1. Controller and Contact Information The controller responsible for data processing is Optik Foto Rutz AG. Email: optik@rutz-stmoritz.ch 1. Controller and Contact Information `````````````````````````````````````````````````````````````````````````` ` ` ` ` ` ` ` `` `` `` `` `` `` `` `` `` `` `` ``` ```````````````````````` ... ```````````````````` `` `` `` `` `` `` `` ``` ``` ``` ``` ``` ``` ``` ``` ``` ``` ``` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` `` 2. Obligation to Provide Data and Your Disclosure of Data to Third Parties You are generally not obligated to provide us with data. However, if you do not provide the information mentioned in Section 3, we may not be able to process your request, contact you, or provide you with the services.

 

If you disclose data about third parties to us (e.g., about your employer/employees, relatives, family members, colleagues, beneficial owners, etc.), we assume that this data is correct. By providing us with such data, you confirm that you are authorized to do so and that you have informed the data subjects about this privacy policy and our processing of their data.

 

3. Data Processed, Purpose and Legal Basis

II. General

Processing your data is necessary for the conclusion or performance of the contract with you (GDPR 6.1.1.b; e.g., in relation to services/products provided by us);

Processing your data is necessary for compliance with legal obligations to which we are subject. (GDPR 6.1.1.c; e.g., to comply with legal requirements, guidelines, and recommendations from authorities);

Processing your data is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of data, override those interests (GDPR 6.1.1.f; e.g., for security and access control purposes, as well as for compliance with internal regulations, including purposes such as compliance, risk management, corporate governance, and business organization);

and/or

1. the legal bases specified below.

 

1.1 Use of the Website

https://policies.google.com/privacy?hl=de&gl=de.

Purpose and legal basis: The processing of data relating to the use of the website is based on our legitimate interest in operating and securing our website and our services, in particular for security reasons, to ensure the stability and integrity of our systems (GDPR 6.1.1.f). Furthermore, based on our legitimate interest (GDPR 6.1.1.f), we may conduct basic web analytics to optimize the website in terms of user-friendliness and to gain insights into the use of our website and our services. The collected data will not be combined with other data or passed on to third parties. Extended web analytics using cookies is based on your consent in accordance with the GDPR (GDPR 6.1.1.a), see section Cookies below. 1.2 Cookies Website analytics data can also be collected through the use of cookies. Cookies are small files that are managed by your browser and stored directly on your device when you visit our website. You can disable the use of cookies in your browser settings, but this may result in some features of our website or services no longer being available to you or functioning correctly.

Categories of data: Website usage data, website analytics data, and other data specified in the [Cookie Policy / Consent Management Tool].

Purpose and legal basis: We may use cookies on our website to ensure a user-friendly experience (e.g., Session cookies), based on our legitimate interest (GDPR 6.1.1.f). Extended web analytics using cookies is based on your consent within the scope of the GDPR (GDPR 6.1.1.a). Further information can be found in our [Cookie Policy / Consent Management Tool].

1.3 Communication

We contact you via various channels, e.g. For example, when you fill out contact forms or similar forms on our website, send us emails, or use other electronic (or printed) means of communication through which data can be exchanged ("communication data").

Categories of data: When you fill out our contact forms, send us an email or other form of electronic message (or a message in paper form, e.g., a letter), we collect information such as your name, your email address (or another form of communication identifier, e.g., a messenger nickname), your telephone number, the subject, the content of the message, the associated metadata, and any other information you provide in your communication with us. Disclose.

Purpose and legal basis: We use communication data to process your request and any further questions relating to the provision of our services (GDPR 6.1.1.b) and other related questions and matters based on the content of your communication with us (GDPR 6.1.1.a). We store this data to document our communication with you, for training purposes, quality assurance, for follow-up inquiries (GDPR 6.1.1.f) and for regulatory purposes (GDPR 6.1.1.c).

1.4 Services

When you use our services, you may need to register, e.g. For example, by opening an account or creating a login, and we collect other service-related data, including contract data (as described in Section 3.6), relating to the services (collectively, "Service Data," including registration data and usage data, as defined below).

Categories of Data: When you register for our services, you may need to open an account or create a login, for which we require information such as your first name, last name, username, password, email address, etc. This may also include other information that we need from you in order to provide you with the services, e.g., depending on the service, further information such as address, telephone number, date of birth, nationality, details of identification documents, occupation, role and function, financial information (such as income information, assets and tax status), customer history, etc., including information from third parties and public sources (e.g., from fraud prevention or government agencies, websites and government registers) ("registration data"). Furthermore, when you use our services, we process information about transactions (dates, currencies, branches, details of payers and payees) and record calls, emails, text messages, social media messages and other communications between you and us. We also analyze your use of our services to better understand you and tailor our services to your needs by collecting data about your behavior and preferences, including supplementing such data with information from third parties, including from public sources (collectively, "Usage Data").

Purpose and Legal Basis: In general, Service Data is used to provide you with our services (GDPR 6.1.1.b) and to comply with applicable legal requirements and our internal regulations, including for the purposes of anti-money laundering and fraud prevention (GDPR 6.1.1.c and 6.1.1.c). 6.1.1.f). We also process service data to document the provision of our services, for training purposes or quality assurance, as well as for market research to improve our services and processes, and for product development, which is based on our legitimate interest (GDPR 6.1.1.f).

1.5 Contracts

When we enter into a contract with you or conduct negotiations about such a contract, we collect data In connection with the conclusion and performance of such a contract ("Contract Data"). Generally, we collect this data from you or other contracting parties and from third parties involved in the performance of the contract, but we may also use data from third parties or from public sources (e.g., fraud prevention agencies and government registers).

Categories of data: Contract Data includes registration data, service data in general, and other information relating, for example, to the services to be provided, your preferences, or your feedback, etc. This includes your health data (e.g., refraction data, anatomical measurements, etc.).

Purpose and legal basis: We use contract data for the preparation, conclusion, execution, and management of our contractual relationships, as well as for any questions or inquiries that may arise in this context (GDPR 6.1.1.b). Such processing may be necessary to comply with legal requirements and internal regulations, including Know Your Customer (KYC) processes (GDPR 6.1.1.c and 6.1.1.f). We retain this data to document our communication with you, for training purposes, quality assurance, and for follow-up inquiries (GDPR 6.1.1.f).

1.6 Profiling

We use your data to automatically evaluate personal aspects relating to you (so-called "profiling"), but we will not use it for automated decision-making.

 

2. Disclosure and Sharing of Data

We disclose your data to third parties in certain cases (see section 4.1), which may also involve cross-border data transfers (see section Cross-border data transfer).

2.1 Categories of Recipients

We make your data available to the following recipients (in accordance with applicable legal provisions):

1. our group companies;

2. external service providers (e.g., IT service providers, etc.);

contractual partners (insofar as the disclosure arises from such contracts, e.g., if you use our services under a contract we have concluded with your employer);

2.2 Cross-Border Transfer of Data

We transfer your data to countries within the EEA or the United Kingdom, as well as to the following countries outside Switzerland or the EEA/United Kingdom, provided that (a) these countries, in the assessment of the competent authority, provide an adequate level of data protection. (a) we ensure an adequate level of data protection based on appropriate safeguards, such as the EU Standard Contractual Clauses (“EU-SCC”), adapted to Swiss law to the necessary extent (“CH-SCC”), or (c) the transfer is based on a statutory exception: [...] . To obtain a copy of the EU-SCC / CH-SCC, please contact us using the contact details provided in the Controller and Contact Information section.

 

3. Retention Periods and Deletion

We process and store data for as long as required by our processing purposes, statutory retention periods, and our legitimate interests in documentation, and within the scope of what is technically feasible. Unless there are conflicting legal or contractual obligations, we will delete or anonymize your data after the storage or processing period has expired. With regard to specific uses/data categories, we will generally store your data as follows:

• • • Website usage data: Website usage data is processed for as long as necessary to enable the desired access and to ensure the stability and integrity of the systems.

    • Website analytics data: Website analytics data is stored for as long as necessary to perform the analysis. Cookies: Cookies are stored on your device for the period necessary to achieve the relevant purpose, as well as in accordance with the further details in the [Cookie Policy / Consent Management Tool]. Cookies: Cookies are stored on your device for the period necessary to achieve the relevant purpose, as well as in accordance with the further details in the [Cookie Policy / Consent Management Tool]. Cookies: Cookies are stored on your device for the period necessary to achieve the relevant purpose, as well as in accordance with the further details in the [Cookie Policy / Consent Management Tool]. Communication data: Communication data will be deleted after your request has been answered or processed, unless (a) we are legally obligated to retain this data (e.g., for billing or document retention purposes) or (b) we have an overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes, or for assessing, asserting, or defending legal claims.
    • Usage data: We generally retain the data for as long as you access/use our services (or are entitled to access them). access/remove), and this data will be deleted after termination of your contractual relationship and/or deletion of your account, unless (a) we are legally obligated to retain this data (e.g., for billing or documentation purposes), or (b) we have an overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes, or for the assessment, assertion, or defense of legal claims.

    • Contract Data: We generally retain contract data for the duration of the limitation period for contractual claims. Claims arise from the end of the contractual relationship if and to the extent that (a) we are not legally obligated to retain this data for a longer period (e.g., for billing or document retention purposes) or (b) we do not have an overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes, or for the assessment, assertion, or defense of legal claims.

 

Objection, i.e. The right to object to the processing of your data based on our legitimate interest (GDPR 6.1.1.f) by stating your particular reasons and specific circumstances on which your objection is based.

to restrict processing, i.e., you can request that we temporarily restrict the processing of your data.

data portability, i.e., You can request that we provide you with the data you have provided to us in electronic form (to the extent that this is technically possible).

To withdraw your consent, i.e., you can withdraw your consent if and to the extent that you have previously given your consent for a specific purpose of processing your data. This does not affect the lawfulness of processing carried out before the withdrawal (or processing based on a legal basis other than your consent) and may result in us no longer being able to provide you with our services. If you wish to exercise any of these rights, please contact us using the contact details provided in the Controller and Contact Information section. Before we respond to your request, we will ask you for proof of identity. So können wir sicherstellen, dass Ihre Daten nicht an Unbefugte weitergegeben werden.

Wir weisen Sie darauf hin, dass Ihre Rechte Einschränkungen unterliegen, auf welche wir uns im Einzelfall berufen können.

 

5.Datensicherheit

Wir treffen angemessene technische und organisatorische Sicherheitsmassnahmen, um Ihre Daten vor unbefugtem Zugriff oder unbefugter Änderung, Weitergabe oder Zerstörung zu schützen. Bitte beachten Sie, dass diese Sicherheitsmassnahmen die mit der Bearbeitung von Daten verbundenen Sicherheitsrisiken nicht vollständig ausschliessen können.

 

6.Beschwerden / Aufsichtsbehörde

Wenn Sie der Ansicht sind, dass die Bearbeitung Ihrer Daten gegen geltende Datenschutzgesetze verstösst, können Sie eine Beschwerde bei der zuständigen Datenschutzbehörde einreichen.

Für die Optik Foto Rutz AG ist der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB), Feldeggweg 1, 3003 Bern, Schweiz (https://www.edoeb.admin.ch) zuständig. Je nach Ihrem Wohnsitz haben Sie zudem die Möglichkeit, eine Beschwerde bei der Datenschutzbehörde Ihres Wohnsitzes einzureichen.

 

7.Änderungen dieser Datenschutzerklärung

Diese Datenschutzerklärung ist nicht Teil eines Vertrages mit Ihnen, und wir können sie jederzeit ändern. Die auf unserer Webseite veröffentlichte Version ist die derzeit gültige Version.

Letzte Aktualisierung: 31.08.2023