top of page

Privacy Policy

This privacy policy ("Privacy Policy") informs our website visitors, customers, and business partners (or persons acting on behalf of our customers and business partners) ("you") about how Optik Foto Rutz AG handles personal data ("Data") in accordance with the Swiss Federal Act on Data Protection ("DSG") and the European General Data Protection Regulation ("GDPR") when you use our website, when you use one of our services/products ("Services"), when you provide services/products to us or in any of the other situations set out in the section Data Processed, Purpose and Legal Basis. Within the scope of application of the GDPR, references in this privacy policy to the GDPR are to be understood as references to the corresponding provisions of the DSG.

 

1. Controller and contact information

The controller is Optik Foto Rutz AG. Email: optik@rutz-stmoritz.ch

2. Obligation to provide data and your disclosure of data to third parties

You are generally not obliged to provide us with data. However, if you do not provide the information specified in Section 3, we may not be able to process your request, contact you, or provide you with the Services.

 

If you provide us with information about third parties (e.g., your employer/employees, relatives, family members, colleagues, beneficial owners, etc.), we will assume that this information is correct. By providing such data to us, you confirm that you are authorized to do so and that you have informed the data subjects about this privacy policy and our processing of their data.

 

3. Processed data, purpose, and legal basis

II. General

Depending on the circumstances described below, we process different categories of data. Within the scope of the GDPR, we base the processing of your data on the following legal bases:

  1. The processing of your data is necessary for the conclusion or performance of the contract with you (GDPR 6.1.1.b; e.g., in relation to services/products provided by us);

  2. The processing of your data is necessary to comply with legal obligations to which we are subject (GDPR 6.1.1.c; e.g., to comply with legal requirements, guidelines, and recommendations from authorities);

  3. The processing of your data is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require data protection prevail (GDPR 6.1.1.f; e.g., for security and access control purposes and to comply with internal regulations, including purposes such as compliance, risk management, corporate governance, and business organization);

and/or

  1. the legal bases specified below.

 

1.1 Use of the Website

Data processing in connection with your use of our website is limited to data necessary for the operation, provision, and security of the website and the services offered therein ("website usage data") and for web analysis purposes ("website analysis data").

Categories of data: When you access our website (and, via our website, the services), the following information about your device may be automatically collected: IP address, operating system, device type, browser name and version, date and time of access, address of the website from which you accessed our website were forwarded (if applicable), etc. We may analyze your use of our website with web analytics tools, including Google Analytics (with activated IP anonymization). Further information about Google's data usage and configuration options can be found here:

https://www.google.com/intl/en/policies/privacy/partners, http://www.google.com/analytics
/learn/privacy.html and https://policies.google.com/privacy?hl=de&gl=de.

Purpose and legal basis: The processing related to the use of the website is based on our legitimate interest in operating and securing our website and our services, in particular for security reasons, in order to ensure the stability and integrity of our systems (GDPR 6.1.1.f). In addition, based on our legitimate interest (GDPR 6.1.1.f), we may conduct basic web analytics to optimize the website for user-friendliness and to gain insights into the use of our website and our services. The data collected will not be combined with other data or shared with third parties. The extended web analysis using cookies is based on your consent within the framework of the GDPR (GDPR 6.1.1.a), see the Cookies section below.

1.2 Cookies

Website analysis data may also be collected through the use of cookies. Cookies are small files managed by your browser and stored directly on your device when you visit our website. You can disable the use of cookies in your browser settings, but this may mean that not all functions of our website or services are available or function properly.

Categories of data: Website usage data, website analytics data, and other data specified in the [Cookie Policy / Consent Management Tool].

Purpose and legal basis: We may use cookies on our website to ensure a user-friendly experience (e.g. Session cookies) based on our legitimate interest (GDPR 6.1.1.f). The extended web analysis using cookies is based on your consent within the scope of the GDPR (GDPR 6.1.1.a). Further information can be found in our [Cookie Policy / Consent Management Tool].

1.3 Communication

We contact you via various channels, e.g. B. when you fill out contact forms or similar forms on our website, send us emails, or use other electronic (or printed) means of communication through which data can be exchanged ("Communication Data").

Categories of Data: When you fill out our contact forms, send us an email or other form of electronic message (or a paper message, e.g., a letter), we collect information such as your name, email address (or other form of communication identifier, e.g., a messenger nickname), telephone number, subject, message content, associated metadata, and any other information you provide in your communication with us disclose.

Purpose and legal basis: We use communication data to process your inquiry and any further questions regarding the provision of our services (GDPR 6.1.1.b) and other related questions and matters based on the content of your communication with us (GDPR 6.1.1.a). We store this data to document our communication with you, for training purposes, for quality assurance, for follow-up inquiries (GDPR 6.1.1.f) and for regulatory purposes (GDPR 6.1.1.c).

1.4 Services

When you use our services, you may be required to register, e.g. B. by opening an account or creating a login, and we collect further service-related data, including Contract Data (as defined in Section 3.6), relating to the Services (collectively, "Service Data," including Registration Data and Usage Data, as defined below).

Categories of Data: When you register for our Services, you may be required to open an account or create a login, for which we need information such as your first name, last name, username, password, email, etc. This may also include other information that we need from you to provide you with the Services, e.g., depending on the Service, other information such as address, telephone number, date of birth, nationality, identification document details, occupation, role and function, financial information (such as income information, asset holdings and tax status), customer history, etc., including information from third parties and public sources (e.g., fraud prevention or government agencies, websites and government registers) ("Registration Data"). In addition, when you use our services, we process transaction information (dates, currencies, branches, details of payers and payees) and record calls, emails, text messages, social media messages and other communications between you and us. We also analyze your use of our services to get to know you better and tailor our services to you by collecting data about your behavior and preferences, including supplementing such data with information from third parties, including from public sources (collectively, "Usage Data").

Purpose and legal basis: In general, the Service Data is used to provide our services to you (GDPR 6.1.1.b) and to comply with applicable legal requirements and our internal rules, including for the purposes of money laundering and fraud prevention (GDPR 6.1.1.c and 6.1.1.f). We also process service data to document the provision of our services, for training purposes or quality assurance, as well as for market research to improve our services and processes, and for product development, which is based on our legitimate interest (GDPR 6.1.1.f).

1.5 Contracts

If we enter into a contract with you or are negotiating such a contract, We collect data in connection with the conclusion and performance of such a contract ("Contractual Data"). We generally collect this data from you or other contractual partners and from third parties involved in the performance of the contract, but we may also use data from third parties or from public sources (e.g., fraud prevention agencies and government registers).

Categories of Data: Contractual Data includes registration data, service data in general, and other information relating, for example, to the services to be provided, your preferences or feedback, etc. This includes your health data (e.g., refraction data, anatomical values, etc.).

Purpose and legal basis: We use contract data for the preparation, conclusion, implementation, and administration of our contractual relationships, as well as for any questions or inquiries that may arise in this context (GDPR 6.1.1.b). Such processing may be necessary to comply with legal requirements and internal regulations, including Know Your Customer processes (GDPR 6.1.1.c and 6.1.1.f). We retain this data to document our communication with you, for training purposes, quality assurance, and follow-up inquiries (GDPR 6.1.1.f).

1.6 Profiling

We use your data to automatically evaluate personal aspects relating to you (so-called "profiling"), but will not use it for automated decision-making. use.

Categories of data: Depending on the specific circumstances, the data categories listed in this section "Data processed, purpose and legal basis" may be used for profiling.

Purpose and legal basis: Profiling may be carried out for the purposes set out in this Section 3, in particular to determine preferences, detect misuse and security risks, conduct statistical analyses, or for operational planning (GDPR 6.1.1.f). Profiling is only used to gain a better understanding of certain aspects and does not lead to automated individual decision-making.

 

2. Disclosure and Sharing of Data

We disclose your data to third parties in certain cases (see section 4.1), which may also result in cross-border data transfers (see section Cross-border transfer of data).

2.1 Categories of recipients

We make your data available to the following recipients (in accordance with applicable legal provisions):

  1. our group companies;

  2. external service providers (e.g., IT service providers, etc.);

  3. contractual partners (insofar as the transfer results from such contracts, e.g., if you use our services as part of a contract we have concluded with your employer);

  4. competent authorities, including tax authorities and courts (in Switzerland and abroad, if we are legally obliged or authorized to do so or if it appears necessary to protect our interests);

  5. Legal and professional advisors, including legal representatives, accountants, and auditors;

  6. Transaction partners and advisors (e.g., in connection with mergers, acquisitions, or other business transactions in which we or our group companies are involved).

2.2 Cross-border transfer of data

We transfer your data to countries within the EEA or the United Kingdom, as well as to the following countries outside Switzerland or the EEA/United Kingdom, provided that (a) these countries, in the opinion of the competent authority, ensure an adequate level of data protection ensure, (b) we ensure an adequate level of data protection based on appropriate safeguards, such as the EU standard contractual clauses ("EU-SCC") adapted to the extent necessary to Swiss law ("CH-SCC"), or (c) the transfer is based on a statutory exception: [...] . To receive a copy of the EU-SCC / CH-SCC, please contact us using the contact details provided in the Controller and Contact Information section.

 

3. Storage Periods and Deletion

We process and store data for as long as our processing purposes, the statutory retention periods and our legitimate interests in documentation require, and within the scope of what is technically feasible. Unless otherwise required by law or contract, we will delete or anonymize your data after the storage or processing period has expired. With regard to specific purposes/data categories, we will generally retain your data as follows:

      • Website Usage Data: Website usage data is processed for as long as necessary to enable requested access and to ensure system stability and integrity.

      • Website analytics data: Website analytics data is stored for as long as necessary to perform the analysis.

      • Cookies: Cookies are stored on your device for the period necessary to achieve the relevant purpose, as well as in accordance with the further details in the [Cookie Policy / Consent Management Tool].

      • Communication data: Communication data will be deleted after your request has been answered or processed if and to the extent that (a) we are not legally obliged to retain this data (e.g., for billing or receipt retention purposes) or (b) we have no overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes or for assessing, asserting, or defending against legal claims.

      • Usage data: We generally retain the data for as long as you access/obtain our services (or are authorized to access them). access/access), and this data will be deleted after termination of your contractual relationship and/or deletion of your account if and to the extent that (a) we are not legally obliged to retain this data (e.g., for billing or documentation purposes), or (b) we have no overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes or for assessing, asserting, or defending against legal claims.

      • Contractual data: We generally retain contractual data for the duration of the statute of limitations for contractual Claims, calculated from the end of the contractual relationship, if and to the extent that (a) we are not legally obliged to retain this data for a longer period (e.g., for billing or receipt retention purposes) or (b) we have no overriding legitimate interest in retaining this data for documentation, quality assurance, or similar business purposes or for assessing, asserting, or defending against legal claims.

 

4. Your rights as a data subject

As a data subject, you have the following rights:

      1. Information, i.e. You can request information from us as to whether we process data about you, and if so, you can request further information about this.

      2. Correction, i.e., you can request us to correct or supplement your data if it is incorrect or incomplete.

      3. Deletion, i.e., you can request the deletion of your data. We will generally comply with a request for deletion unless we are legally obliged to retain the data or have an overriding legitimate interest in retaining this data.

      4. Objection, i.e. the right to object to the processing of your data on the basis of our legitimate interest (GDPR 6.1.1.f) by explaining your particular reasons and specific circumstances on which your objection is based.

      5. to restrict processing, i.e. you can request that we temporarily restrict the processing of your data.

      6. data portability, i.e. You can request that we provide you with the data you have provided to us in electronic form (where technically possible).

      7. To withdraw your consent, i.e., you can withdraw your consent if and to the extent that you have previously given your consent for a specific purpose of processing your data. This does not affect the lawfulness of any processing carried out before the withdrawal (or processing based on a legal basis other than your consent) and may result in us no longer being able to provide you with our services.

If you wish to exercise any of these rights, please contact us using the contact details provided in the Controller and Contact Information section. Before responding to your request, we will ask you for proof of identity. So we can ensure that your data is not passed on to unauthorized persons

We would like to point out that your rights are subject to restriction, which we can be appointed in individual cases.

& nbsp;

5. data security

We take appropriate technical and organizational security measures to make your data before unauthorized access or unauthorized & auml; Please note that these security measures can not fully exclude the safety risks associated with the processing of data.

& nbsp;

6th complaints/complaints

If you believe that the processing of your data violates applicable data protection laws Submit data protection impairment

f & uuml; r Optik Photo Rutz AG is the Eidgen & ouml; 1, 3003 Bern, Switzerland ( https://www.edoeb.ch )) Condition. Depending on your place of residence, you also have the possibility of submitting a complaint to the data protection impairment of your place of residence.

& nbsp;

7. & auml; rings of this data protection or auml; rung

This data protection clay & auml; The version, which is referred to on our website

last update: 31.08.2023

bottom of page