The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:
OY Surf Apparel GmbH
In der alten Conditorei Buchmann
In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can be visited without registration. Data such as pages accessed or the name of the file accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis. Without your consent, the data will not be passed on to third parties.
Processing of personal data
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process personal data – to the extent and insofar as the EU GDPR is applicable – in accordance with the following legal bases in connection with Art. 6 (1) GDPR:
- lit. a) processing of personal data with the consent of the data subject.
- lit. b) processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.
- lit. c) processing of personal data to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country where the GDPR applies in whole or in part.
- lit. d) processing of personal data in order to protect vital interests of the data subject or another natural person.
- lit. f) Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject override these. Legitimate interests are in particular our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files). The access data includes:
- Name and URL of the retrieved file
- Date and time of retrieval
- Data volume transferred
- Message about successful retrieval (HTTP response code)
- Browser type and version
- Operating system
- Referer URL (i.e. the previously visited page)
- Web pages that are called up by the user’s system via our website
- Internet service provider of the user
- IP address and the requesting provider
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalized and location-based content and to analyze traffic, troubleshoot and improve our services.
This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
We reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (e.g. when registering, logging in, clicking links, etc.).
Third party services
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by visitors to the site is usually transmitted to a Google server in the USA and stored there.
This is also our legitimate interest according to Art. 6 para. 1 p. 1 f) DSGVO.
Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and has certified itself. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymization on this website (anonymizeIp). However, this means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
You can also prevent the transfer of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again):Click here to disable Google Analytics.
If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
Comment function on this website
For the comment function on this website, in addition to your comment, information on the time of the creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.
Storage of the IP address.
Our comment function stores the IP addresses of users who post comments. Since we do not check comments on our site before they are activated, we need this data to be able to take action against the author in the event of legal violations such as insults or propaganda.
Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info emails.
You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correct, block or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Services with costs
For the provision of chargeable services, we request additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired.
External payment service providers
This WebSite uses external payment service providers through whose platforms users and we can make payment transactions. For example via
- PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
- Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
- Stripe (https://stripe.com/ch/privacy)
In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance as well as and to the extent necessary pursuant to Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related information, among others. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.
Order processing in the online store with customer account
We process the data of our customers in accordance with the data protection provisions of the Federal (Data Protection Act, DSG) and the EU-DSGVO, in the context of the ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. In this context, we use session cookies, e.g. for storing the shopping cart content, and permanent cookies, e.g. for storing the login status.
The processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations. The data is processed in third countries only if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons entspr. Art. 6 para 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
Within the scope of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c DSGVO.
The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiry.
The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named copyright holders. For the reproduction of all files, the written consent of the copyright holder must be obtained in advance.
Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly to damages.
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors can not be completely excluded, so we can not guarantee the completeness, accuracy and timeliness of information, including journalistic-editorial nature. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
The publisher may change or delete texts at his own discretion and without notice and is not obliged to update any contents of this website. The use of or access to this website is at the visitor’s own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, incidental, to be determined in advance or consequential damages, which are allegedly caused by the visit of this website and therefore assume no liability.
The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked pages are exclusively responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that may offend common decency.
Questions for the data protection officer
If you have any questions about privacy, please email us at firstname.lastname@example.org or contact directly the responsible person in our organization listed for privacy at the beginning of this privacy statement.