Privacy policy

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is

ofinto ag
Jonas Romer
Bischofszellerstrasse 53
9200 Gossau SG

E-mail: info@ofinto.ch
Website: www.ofinto.ch

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we endeavor to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages called up or the name of the file called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, are collected on a voluntary basis as far as possible. No data will be passed on to third parties without your consent.

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR, insofar as the EU GDPR is applicable:

• lit. a) Processing of personal data with the consent of the data subject.
• lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
• lit. c) Processing of personal data to fulfill a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR is fully or partially applicable.
• lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.
• lit. f) Processing of personal data in order to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our commercial interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

This website uses cookies. These are small text files that make it possible to store specific user-related information on the user's device while they are using the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyze the behavior of page use, but also to make our offer more customer-friendly. Cookies remain stored at the end of a browser session and can be called up again when you visit the site again. If you do not wish this to happen, you should set your Internet browser to refuse to accept cookies.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.

You can delete individual cookies or the entire cookie inventory. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on your browser provider, you will find the necessary information under the following links:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

Further information on the cookies used on this website can be found at https://ofinto.ch/cookies.

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam and YouTube for embedding videos.

These services of the American Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, whereby we assume that no personal tracking takes place in this context solely through the use of our website.

Google has undertaken to guarantee appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield.

Further information can be found in Google's privacy policy.

If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.

For the comment function on this website, in addition to your comment, information about the time the comment was created, your e-mail address and, if you are not posting anonymously, the user name you have chosen will be saved.

Storage of the IP address

Our comment function stores the IP addresses of users who post comments. As we do not check comments on our site before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribe to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation e-mail to check whether you are the owner of the e-mail address provided. You can unsubscribe from this function at any time via a link in the info mails.

Each data subject has the right to obtain from the website operator confirmation as to whether or not personal data concerning him or her are being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.

Any person affected by the processing of personal data has the right to receive information free of charge from the operator of this website at any time about the personal data stored about them and a copy of this information. In addition, the following information may also be provided:

• the purposes of processing
• the categories of personal data that are processed
• the recipients to whom the personal data have been or will be disclosed
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject: All available information about the origin of the data

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If you would like to exercise this right to information, you can contact our data protection officer at any time.

Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If you wish to exercise this right of rectification, you can contact our data protection officer at any time.

Any person affected by the processing of personal data has the right to demand from the person responsible for this website that the personal data concerning them be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary
• The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing
• The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and associated profiling
• The personal data was processed unlawfully
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject
• The personal data was collected in relation to information society services offered directly to a child

If one of the above reasons applies and you would like to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the request for deletion is complied with immediately.

Any person affected by the processing of personal data has the right to request the controller of this website to restrict the processing if one of the following conditions is met:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims
• The data subject has objected to the processing on grounds relating to his or her particular situation and it is not yet clear whether the legitimate grounds of the controller override those of the data subject

If one of the above conditions is met and you wish to request the restriction of personal data stored by the operator of this website, you can contact our data protection officer at any time. The data protection officer of this website will arrange for the restriction of processing.

Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. They also have the right to have this data transmitted to another controller if the legal requirements are met.

Furthermore, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert your right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.

Any person affected by the processing of personal data has the right to object to the processing of personal data concerning them at any time for reasons arising from their particular situation.

The operator of this website shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if the processing serves the establishment, exercise or defense of legal claims.

To exercise your right to object, you can contact the data protection officer of this website directly.

Any person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw your consent, you can contact our data protection officer at any time.

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

For the provision of chargeable services, we request additional data, such as payment details, in order to be able to process your order. We store this data in our systems until the statutory retention periods have expired.

This website uses Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and its processing by Google, as well as further information on your rights in this regard and setting options to protect your privacy, please visit: www.google.de/intl/de/policies/privacy.

This website uses Google Conversion Tracking. If you have reached our website via an advertisement placed by Google, Google Adwords will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example, by setting your browser to generally deactivate the automatic setting of cookies or to set your browser so that cookies from the domain "googleleadservices.com" are blocked.

Please note that you may not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

This website uses the remarketing function of Google Inc. This function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called "cookie" is stored in the website visitor's browser, which makes it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these pages, the visitor may be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to its own information, Google does not collect any personal data during this process. However, if you do not wish to use Google's remarketing function, you can generally deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

This website uses the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland "Google"). The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. Your data may also be transmitted to the USA. An adequacy decision of the European Commission, the "Privacy Shield", is in place for data transfers to the USA. Google participates in the "Privacy Shield" and has submitted to the requirements. By activating the query, you consent to the processing of your data. The processing takes place on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You can find more information about Google reCAPTCHA and the associated privacy policy at: https://policies.google.com/privacy?hl=de

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".

We can use the statistics obtained to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your use in the settings there under "My data", "Personal data".

The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" to ensure an anonymized collection of IP addresses. As a result, IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: Deactivate Google Analytics.

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. This will store an opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your end device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you want to continue to prevent this form of data collection. The opt-out cookies are set for each browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.

This website uses the online marketing tool Google Ads from Google ("Google Ads"). Google Ads uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google Ads can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google Ads ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, Google Ads cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. Through the integration of Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

You can prevent participation in this tracking process in various ways:

• by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers;
• by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://adssettings.google.com, whereby this setting is deleted when you delete your cookies;
• by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link https://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
• by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.

The legal basis for the processing of your data is a balancing of interests, according to which the processing of your personal data as described above does not conflict with any overriding interests on your part (Art. 6 para. 1 sentence 1 lit. f GDPR). Further information on Google Ads from Google can be found at https://ads.google.com/intl/de_DE/home/, as well as on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. Data is already transmitted to Facebook in the process. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be linked to your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or clicking on a "Like" or "Share" button, are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

This website uses functions of Twitter, Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with Twitter plug-ins, a connection is established between your browser and the Twitter servers. Data is already transmitted to Twitter. If you have a Twitter account, this data can be linked to it. If you do not wish this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking on a "Re-Tweet" button, are also forwarded to Twitter. You can find out more at https://twitter.com/privacy.

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

You can find more information on this in Instagram's privacy policy: http://instagram.com/about/legal/privacy/.

We use the marketing services of the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn") within our online offering.

These use cookies, i.e. text files that are stored on your computer. This enables us to analyze your use of the website. For example, we can measure the success of our advertisements and show users products in which they have previously shown an interest.

For example, information about the operating system, the browser, the website you previously visited (referrer URL), which websites the user visited, which offers the user clicked on, and the date and time of your visit to our website are recorded.

The information generated by the cookie about your use of this website is transferred to a LinkedIn server in the USA in pseudonymized form and stored there. LinkedIn therefore does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process the data without pseudonymization or has a LinkedIn account.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also object to the use of your data directly at LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We use LinkedIn Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the data traffic to the USA and Singapore necessary for the development, implementation and maintenance of the services takes place in a lawful manner. If we ask users for their consent, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. Otherwise, the legal basis for the use of LinkedIn Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.

Information from the third-party provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy.

On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). When you visit a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy

During the ordering process in our online store, you have the option of selecting a payment method. Payments are processed via the payment service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands). We have concluded an order processing agreement with Adyen in accordance with Article 28 GDPR. We transmit your IP address to Adyen for the purpose of fraud prevention and detection. All data is transmitted in encrypted form. Adyen collects and stores the data and only passes it on to the companies involved in the payment process. We do not collect or store the payment data.

We offer the following payment methods:

1. when selecting the payment method "credit card", personal data is automatically transmitted to Adyen. By selecting this payment option, you consent to the transfer of personal data to our payment service provider required for payment processing and for identity and credit checks.

2. the personal data transmitted to Adyen is usually the card type (Mastercard or VISA), name of the cardholder, card number, check digit and expiry date.

3. when paying by credit card, the "3-D Secure" procedure is used to confirm the identity of the purchaser via two-factor authentication.

4. you have the option to revoke your consent to the handling of personal data at any time with effect for the future.

5. information on data protection at Adyen can be found at https://www.adyen.help/hc/en-us/categories/360002679940-Adyen-on-my-bank-statement

1. we offer the payment method CembraPay of the service provider CembraPay AG (Bändliweg 20, 8048 Zurich, Switzerland) for the processing of payments by purchase on account.

2. your data (first name, surname, address, date of birth, gender, nationality, e-mail address, IP address, etc.) will only be transmitted to CembraPay for identity and creditworthiness checks and used by CembraPay. Your data will also be transmitted to credit agencies for this purpose. This serves to check your identity and creditworthiness.

3 CembraPay also uses your data to send you advertising and offers for CembraPay services by e-mail or post and for market research.

4. you can find further information on data processing and your rights in CembraPay's privacy policy: https://cembrapay.ch/de/privacy

1. for the processing of payments by invoice purchase directly by ofinto, your data (first name, surname, address, e-mail address) will only be used for the processing of this payment method.

2. the data is stored in our accounting system. Access to this data is restricted to employees who need it to fulfill contracts.

• PostFinance(https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
• Visas(https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
• Mastercard(https://www.mastercard.ch/de-ch/datenschutz.html)
• American Express(https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
• Paypal(https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
• Bexio AG(https://www.bexio.com/de-CH/datenschutz)
• Payrexx AG(https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
• Apple Pay(https://support.apple.com/de-ch/ht203027)
• Stripe(https://stripe.com/ch/privacy)
• Klarna(https://www.klarna.com/de/datenschutz/)
• Skrill(https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
• Giropay(https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.

As part of the fulfillment of contracts, we use payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU-DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. As the operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective website or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

For our online store, we use the Judge.me rating platform from Judge.me Ltd (C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB).

After making a purchase from us, you have the opportunity to rate our products. These ratings are then displayed on the product page in our store. Verified reviews can only be submitted by customers who have made a purchase from us - and only for the products they have actually purchased. This is ensured by the Judge.me application we use.

After completing your order, we ask you to rate and comment on your purchase. You will receive an e-mail from us for this purpose. In this context, the following information may be processed and transmitted to Judge.me: Order details (e.g. order ID, expected delivery date, SKU of the products ordered) and your e-mail address.

The legal basis for the use of Judge.me is Art. 6 para. 1 sentence 1 lit. f GDPR to protect our legitimate interests in improving our customer service. We ensure that your personal data is protected by suitable guarantees in accordance with Art. 46 GDPR when it is transferred to Judge.me. According to Judge.me, the standard data protection clauses of the European Commission for the transfer of personal data to service providers in third countries are applied. Details can be found at: https://judge.me/privacy and https://judge.me/compliance

You have the right to object to the processing of your personal data for the use of Judge.me at any time with effect for the future.

The newsletter is sent using the mailing service provider 'MailChimp', a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection(PrivacyShield). The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.

The mailing service provider may use the recipients' data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. to technically optimize the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

Functions of the "YouTube" service are integrated on this website. "YouTube" belongs to Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.

Your legal agreement with "YouTube" consists of the terms and conditions found at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These terms form a legally binding agreement between you and "YouTube" regarding the use of the services. Google's privacy policy explains how "YouTube" handles your personal data and protects your data when you use the service.

We use conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our website. Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed.

If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE to declare your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

Data is collected and stored on our website using Bing Ads technologies, from which user profiles are created using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they have reached our website via ads from Bing Ads. If you reach our website via such an ad, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal data about the use of the website. This includes, among other things, the time spent on the website, which areas of the website were accessed and which ad the user used to access the website. Information about your identity is not recorded.

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website under certain circumstances.

In addition, Microsoft may be able to track your usage behavior across several of your electronic devices through so-called cross-device tracking and is thus able to display personalized advertising on or in Microsoft websites and apps. You can deactivate this behavior at http://choice.microsoft.com/de-de/opt-out.

You can find more information about Bing's analytics services on the Bing Ads website(https://help.bingads.microsoft.com/#apex/3/de/53056/2). You can find more information on data protection at Microsoft and Bing in Microsoft's privacy policy(https://privacy.microsoft.com/de-de/privacystatement).

This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behavior within our website.

Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG; the website operator has a legitimate interest in effective user analysis. Consent can be revoked at any time. 

Further details on data protection and opt-out options from Clarity can be found here: https://docs.microsoft.com/en-us/clarity/faq

For the purchase of products via our online store, personal data is requested that is necessary for processing your order. As part of the checkout process, we store the following data required for the conclusion and fulfillment of the contract:

• First name
• Last name
• Invoice, company and delivery address
• E-mail address

In addition, voluntary information can be provided (e.g. telephone number etc.). Mandatory information provided for the purpose of registration is marked with an asterisk as a mandatory field in the input mask.

This data is passed on to our ERP and ordering systems as well as to our delivery staff and subcontractors, processed and stored in order to fulfill your order.

These include:

• Our ERP, Orderdesk: https://www.orderdesk.com/privacy-policy/
• Our store system, BigCommerce: https://www.bigcommerce.com/privacy/, https://www.bigcommerce.com/gdpr/ and https://support.bigcommerce.com/s/article/General-Data-Protection-Regulation?language=en_US
• Our fulfillment partners WKS(https://wksgruppe.de/datenschutz/) and Sieber Transport AG(https://www.sieber.ch/datenschutz/)

The storage of this data is necessary to fulfill the contract or to provide the requested services. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. Even after conclusion of the contract, personal data of our contractual partners remains stored in order to comply with contractual or legal obligations. The data will be deleted when the data is no longer required for the performance of the contract. Premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

We use the CRM system Reamaze, from the provider Lantirn, Inc, 920 Saratoga Ave, Suite 213, San Jose, CA 95129, USA, to process customer inquiries in order to be able to process your customer inquiries faster and more efficiently (legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR). There is an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR. Inquiries to our public email address info@ofinto.ch, our live chat, our customer support and inquiries via our Facebook page are processed with Reamaze.

Lantirn Inc. is Privacy Shield certified as a US provider and thus undertakes to comply with Swiss and EU data protection law. Lantirn uses the data collected exclusively for the technical processing of your inquiries and does not pass it on to third parties.

Pseudonymous use is possible when using Reamaze via our live chat; when communicating via our e-mail channels, it is necessary to provide at least a correct e-mail address. In the course of processing service requests, it may be necessary to collect further data (e.g. name, address).

Further information can be found in Reamaze's privacy policy: https://www.reamaze.com/privacy

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and may be liable for damages.

All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and topicality of information, even of a journalistic or editorial nature. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless there is evidence of willful intent or gross negligence.

The publisher may change or delete texts at its own discretion and without notice and is not obliged to update the content of this website. The use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, accidental, pre-determined or consequential damages, which are allegedly caused by visiting this website and therefore accept no liability for them.

The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are solely responsible for their content. The publisher therefore expressly distances itself from all third-party content that may be relevant under criminal or liability law or offend common decency.

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organization listed at the beginning of this privacy policy.

Gossau SG, 04.12.2023