In this data protection declaration we, Hello Heidi Fabrics GmbH, explain how we collect and process personal data. By personal data we mean all information that relates to a specific or identifiable person. This is not an exhaustive description. Please also refer to our General Terms and Conditions.
This data protection declaration is based on the EU Data Protection Basic Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is of importance to us. The Swiss Data Protection Act (DSG) is strongly influenced by EU law, and companies outside the European Union or the EEA must comply with the GDPR under certain circumstances.
Responsible / Data Protection Officer
Hello Heidi Fabrics GmbH, Edikerstrasse 18a, 8635 Dürnten ZH is responsible for the data processing described here. If you have a data protection concern, you can contact us at any time under [email protected]. Please use the subject ‘Data Protection’.
Dealing with personal data
We only store the personal data that we receive within the framework of our business relationship with our customers or that we collect from users when operating our website.
Purposes of data processing and legal bases
We use the personal data collected by us only to conclude and process our contracts with our customers and business partners, in particular in the context of the sale of our products to our customers, and to fulfil our legal obligations at home and abroad.
If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive our newsletter), we will process your personal data within the scope of and based on this consent, unless we have another legal basis. A consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
Cookies / Tracking and other technologies related to the use of our website
We typically use ‘cookies’ and similar techniques on our websites to identify your browser or mobile device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you are using when you visit our website. When you return to the site, the system ‘remembers’ you even though it doesn’t know who you are. In addition to cookies, which are only used during a session and deleted after your visit to our website (‘session cookies’), cookies can also be used to store user settings and other information for a certain period of time (‘permanent cookies’). However, you can configure your browser so that it rejects cookies, saves them only for one session or deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies so that we can save your user settings. If you block cookies, certain functions (e.g. language selection, shopping cart, ordering processes) may no longer function correctly.
In some of our newsletters we also include (and as far as permitted) picture elements, which we can retrieve from our servers to determine whether and when you have opened the email. We do this in order to better understand how you use our service and to better adjust it to your needs. You can block this automated feedback in the email program you are using. (Often such a default setting already exists.)
By using our websites and consenting to receive newsletters, you automatically consent to the use of these techniques. If you do not wish to do so, you must adjust the settings on your browser or email program accordingly.
We also use so-called plug-ins from social networks such as Facebook, Instagram or Pinterest on our websites. This can be seen by you in each case (typically via corresponding symbols). We have configured these elements so that they are deactivated by default. If you activate them by clicking on them, the operators of the respective social networks can register that you have been on our website and use this information for their purposes. The processing of your personal data is then the responsibility of this operator and in accordance with its data protection regulations. We do not receive any information about you from them.
On our pages plugins of the following social networks are integrated:
Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the ‘Like’ button on our page. When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook ‘Like’ button while logged into your Facebook account, you can link the content of our pages to your profile. This allows Facebook to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Facebook.
Instagram, Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your profile by clicking the button. This allows Instagram to associate your visit to our site with your user account. We would like to point out that we are not aware of the content of the transmitted data or its use by Instagram.
Pinterest, Pinterest Inc. 808 Brannan Street, San Francisco, CA 94103-490, USA. When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin transmits protocol data to the Pinterest server in the USA. This log information may include your IP address, the address of websites visited that also include Pinterest features, browser type and settings, date and time of request, how Pinterest is used, and cookies.
We furthermore use these services:
Google Analytics. Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Google Inc., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland.
You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data.
Google Analytics cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. This states that the website operator (in this case we) has a legitimate interest in analysing user behaviour (that is you) in order to optimise both its website and its advertising.
Google reCAPTCHA. Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and Google Inc., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a person or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data processing is based on the fact that the website operator (Hello Heidi Fabrics) has a legitimate interest in protecting her web offers against abusive automated spying and against SPAM.
If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the address provided and that you agree to receive the newsletter. We use these data exclusively for the dispatch of the requested information and do not pass these on to third parties. The data entered in the newsletter registration form will be processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
You can revoke your consent to the storage of your data, your email address and their use to send the newsletter at any time, for example via the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data that you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. a user account) remain unaffected by this.
This website uses the services of MailChimp for sending newsletters. Provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that can be used, among other things, to organize and analyze the sending of newsletters. If you have entered data for the purpose of subscribing to the newsletter, it will be stored on MailChimp’s servers in the USA.
MailChimp is certified according to the ‘EU-US Privacy Shield’. The so called ‘Privacy Shield’ is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.
MailChimp allows us to analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (‘web beacon’) connects to the servers of MailChimp in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want MailChimp to analyze your newsletter, you must unsubscribe. For this purpose we provide a corresponding link in every newsletter message. Of course you can also unsubscribe from the Hello-Heidi newsletter by reaching out to us under [email protected]. Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data that you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter list and will be deleted from our servers as well as from MailChimp’s servers after unsubscribing from the newsletter. Data stored by us for other purposes remain unaffected by this.
On our website we offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you choose to pay via PayPal, the payment details you enter will be transmitted to PayPal. The transfer of your data is carried out on the basis of art. 6 para. 1 lit. a GDPR (consent) and art. 6 para. 1 lit. b GDPR (processing to fulfil a contract). You have the possibility to revoke your consent to data processing. A revocation does not affect the effectiveness of past data processing operations.
You can also pay by credit card. This payment service is provided by Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. If you select this payment option, the payment details you enter will be transmitted to Stripe. Your data will be transferred on the basis of Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfil a contract). Here, too, you have the opportunity to revoke your consent to data processing. A revocation has no effect on the effectiveness of past data processing operations.
Duration of retention of personal data
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing. This means, for example, for the duration of the entire business relationship, as well as beyond that (in accordance with the legal duties of storage and documentation). It is possible that personal data may be stored for the period in which claims can be asserted against our company or to the extent that we are otherwise legally obliged to do so or justified business interests require it (e.g. for purposes of proof and documentation). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted as a matter of principle and as far as possible.
We take appropriate technical and organizational precautions to protect your personal data from unauthorized access and misuse (for example, in the form of IT and network security solutions). We host our website ourselves and do not pass on any business-related data to third parties.
We use SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognize the encryption by the fact that the address bar of the browser displays “https://”.
This ensures that your messages and data cannot be read by third parties.
Of course, payment transactions via the usual means of payment (PayPal, Stripe) also take place exclusively via an encrypted SSL connection.
Obligation to provide personal data
As part of our business relationship, you must provide us with the personal information necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith. Without this information, we will usually not be able to enter into or complete a contract with you (or a representative). The website may also not be used if certain information is not disclosed to secure data traffic (e.g. IP address).
Rights of the data subject
You have the right to information about and correction and/or deletion of your data within the scope of the data protection law applicable to you and as far as provided therein (such as in the case of the GDPR or the DSG). Please note that we reserve the right to assert the legally stipulated restrictions on our part, for example if we are obliged to store or process certain data, if we have an overriding interest in it (to the extent that we may invoke it) or if we need it for the assertion of claims. Please note that the exercise of your rights may conflict with contractual agreements, and this may have consequences such as premature termination of the contract.
The exercise of such rights usually requires that you can prove your identity unambiguously (e.g. by a copy of your identity card, which can be used to verify your identity). In order to assert your rights, you may contact us at any time at the address indicated in paragraph 1.
In addition, every person concerned has the right to assert their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner .
We may amend this privacy statement at any time without prior notice. The current version published on our website applies in each case. If the data protection declaration is part of an agreement with you, we will inform you of the change by email in the event of an update.
Status: December 2019.