Privacy policy
Galerie Mont-Blanc SA is the operator of this website and the services offered on it. It is therefore responsible for the collection, processing and use of your personal data as well as for the compliance of the data processing with the applicable data protection legislation.
Your trust is very important to us, which is why we take data protection very seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance on the Federal Data Protection Act (FDPA), the Telecommunications Act (TCA) and any other data protection provisions of Swiss or EU legislation that may be applicable, in particular the General Data Protection Regulation (GDPR).
To find out what personal data we collect about you and how we use it, please read the information below carefully.
1. Consultation of our website
When you visit our site, our servers temporarily record each access in a log file. The following technical data is then recorded, in principle as with any connection to a web server, without any intervention on your part and stored by us until it is automatically deleted after a maximum of one month:
- the IP address of the computer accessing the site,
- the IP address of the computer accessing the site,
- the date and time of access,
- the website from which you linked to our site (originating URL) and possibly the search terms used,
- the name and URL of the accessed file,
- the status code (e.g. error message),
- the operating system of your computer,
- the browser you are using (type, version and language),
- the communication protocol used (ex: HTTP/1.1) and
- possibly your username from a registration/authentication.
The purpose of collecting and processing this data is to enable the use of our website (establishment of a connection), to ensure the long-term security and stability of the system and to enable the optimization of our online offer, but also for internal statistical purposes. These processing operations are based on our legitimate interest according to Art. 6 para. 1 letter f GDPR.
2. Creation of a customer account
To place orders in our online store, you can either order as a visitor or create a customer account. When you register for a customer account, we collect the following data:
- first and last name
- mailing address
- date of birth
- email address
- password
This data is collected in order to provide the customer with direct, password-protected access to his or her master data stored in our system. Here the customer can view his completed and current orders or manage/modify his personal data. The legal basis for the processing of data for this purpose is your consent in accordance with Art. 6 para. 1 letter a GDPR.
3. Purchase on the online store
If you wish to place orders in our online store, we require the following data for the execution of the contract:
- billing address (if different from the delivery address)
- payment information (depending on the payment method chosen)
- login, i.e. email address and password (for registered customers)
Unless otherwise provided for in this privacy policy or unless you have given separate consent, we will only use the aforementioned data to perform this contract, in particular to process your orders, deliver the ordered products and ensure that payment is made correctly. The performance of a contract in accordance with Art. 6 para. 1 letter b GDPR is the legal basis for processing data for this purpose.
4. Transmission of data to third parties
We will only pass on your personal data if you have expressly consented to this, if we are under a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce our rights arising from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary for the use of the website and the execution of the contract (including outside the website), in particular for the processing of your reservations. This includes the carrier responsible for shipping the ordered goods. Our web host Infomaniak is a service provider to whom we transmit personal data collected via the website, or who has access or may have access to such data. The website is hosted on servers in Switzerland. The transmission of data is for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest according to Art. 6 para. 1 letter f GDPR. Finally, we transmit your credit card information to the issuer and acquirer of your credit card when you pay by credit card on our site. If you choose to pay by credit card, you must enter all necessary information. The legal basis for the transfer of data in this case is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR. With regard to the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer.
5. Data transmission to foreign countries
We may also transfer your personal data to third-party companies (contracted service providers) abroad for the data processing specified in this privacy policy. These companies are subject to the same level of data protection as we are. If the level of data protection in a given country does not correspond to the Swiss or EU level, we will establish a contract to ensure that the protection of your personal data always corresponds to that of Switzerland or the EU.
6. Cookies
Cookies allow us to make your visit to our site easier, more pleasant and more useful in various ways. Cookies are files containing information that your web browser automatically stores on your computer's hard drive when you visit our site.
For example, we use cookies to provide you with a shopping cart feature on multiple pages and to temporarily store information you enter when you fill out a form on our site so that you do not have to re-enter it when you visit another page. In addition, cookies may also be used to identify you as a registered user after you register on our site. This prevents you from having to log in again when you visit another page.
Most web browsers automatically accept cookies. However, you can set your browser not to store any cookies on your computer or to prompt you each time you receive a new cookie. The following pages explain how to configure cookie handling for the most commonly used browsers:
- Microsoft Windows Internet Explorer
- Mozilla Firefox
- Google Chrome for desktop
- Google Chrome for mobile
- Apple Safari for desktop
- Apple Safari for mobile
Disabling cookies may prevent you from using the full functionality of our site.
7. Monitoring tools
For the purpose of appropriate presentation and continuous optimization of our website, we use the Google Analytics service. In doing so, we create pseudonymized usage profiles and use small text files stored on your computer ("cookies"). The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, and then stored and processed for us. In addition to the data listed in section 1 below, we may receive the following information:
- navigation path taken by a visitor on the site,
- duration of the visit on the site or on the page,
- the page from which the visitor leaves the site,
- the country, region or city from which access is made,
- device (type, version, color depth, resolution, width and height of the navigation window) and
- recurring or new visitor.
The information is used to analyze the use of the website, to compile reports on the website's activities and to provide other services related to the use of the website and the Internet for market research purposes and the appropriate presentation of the website. This information may also be passed on to third parties in the event of a legal obligation or if these third parties are commissioned to process the data.
Google Analytics
The provider of Google Analytics is Google Inc. a company of the Alphabet Inc. holding company based in the USA. Before the data is transmitted to the provider, the IP address is abbreviated by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other states that are signatories of the Agreement on the European Economic Area. Google does not combine the anonymized IP address transmitted by your browser within the framework of Google Analytics with other data. In exceptional cases, the complete IP address will be transmitted to a Google server in the USA and abbreviated there. In this case, we ensure by contractual guarantees that Google Inc. observes an adequate level of data protection. According to Google Inc. the IP address will not be linked to any other user data. You can find further information about the web analysis service used on the Google Analytics website. You can find out how to prevent the processing of your data by the web analytics service at http://tools.google.com/dlpage/gaoptout?hl=fr.
8. Note on data transmissions to the United States
For the sake of completeness, we inform users whose domicile or headquarters are in Switzerland that the United States is subject to surveillance measures by the U.S. authorities. These measures generally allow the recording of all personal data of persons whose data has been transferred from Switzerland to the United States. This is done without any differentiation, limitation or exception based on purpose and without any objective criterion for limiting the access of the U.S. authorities to the data and their further use to very specific and strictly limited purposes that can justify the harm involved in accessing and using the data. Furthermore, we inform you that in the United States, there is no legal remedy for data subjects from Switzerland to gain access to your data and to have it corrected or deleted, nor is there any effective legal protection against general access rights of the U.S. authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an informed decision about consenting to the use of his or her data. We inform users domiciled in an EU member state that, according to the EU, the United States - in particular due to the issues discussed in this section - does not have an adequate level of data protection. Insofar as we have explained in this privacy policy that certain data recipients (e.g. Google) are based in the United States, we will ensure either through contractual arrangements with these companies or through their certification under the EU-US or Swiss-US Data Protection Shield that your data is afforded a reasonable level of protection by our partners.
9. Right to information, rectification, erasure and restriction of processing; right to data portability
Upon request, you have the right to obtain information about your personal data stored by us. Furthermore, you have the right to the correction of incorrect data and the deletion of your personal data, as long as there is no legal obligation to store the data or no legal basis for us to process the data. You are also entitled to demand the return of the data you have provided to us (right to data portability). On request, we will also pass on the data to a third party of your choice. You have the right to obtain the data in a standard format. You can contact us for the above purposes at the following email address: contact@galeriemontblanc.ch. We may ask you, at our discretion, for proof of identity to process your requests.
10. Data security
We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or total loss and against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments. You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you are not the only person using the computer. We also take data protection within our company very seriously. Our employees and the service providers we hire are bound to secrecy and to compliance with the legal provisions on data protection.
11. Data retention
We only store personal data for as long as is necessary for the use of the above-mentioned tracking and analysis services and for further processing based on our legitimate interest. We retain contractual data for a longer period of time as required by legal retention obligations. The retention obligations that require us to retain data arise from financial accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for a maximum of 10 years. As soon as we no longer need this data for the performance of our services, it will be blocked. The use of this data is restricted to tax and accounting purposes.
12. Right to lodge a complaint with a supervisory authority responsible for monitoring data protection
You are entitled to lodge a complaint with a supervisory authority responsible for monitoring data protection.