Privacy Policy

This privacy policy explains how we process personal data in connection with our activities and operations, including our website at schellenberg-textiles.ch. In particular, we describe for what purposes, how, and where we process which personal data. We also inform individuals whose data we process about their rights.

For specific or additional activities and operations, we may publish separate privacy policies or further data protection information.

We are subject to Swiss law and, where applicable, foreign law — in particular that of the European Union (EU), including the General Data Protection Regulation (GDPR).

By decision of 26 July 2000, the European Commission recognised that Swiss data protection law ensures an adequate level of data protection. By report of 15 January 2024, the European Commission confirmed this adequacy decision.

1. Contact Details

The controller for data protection purposes is:

E. Schellenberg Textildruck AG
Alte Wermatswilerstrasse 4
8320 Fehraltorf ZH
Switzerland

T: +41 44 954 88 66
info@schellenberg-textiles.ch

In individual cases, third parties may be responsible for processing personal data, or joint responsibility may exist with third parties. We are happy to provide data subjects with information about the applicable responsibility upon request.

2. Definitions and Legal Bases

2.1 Definitions

Data subject: A natural person about whom we process personal data.

Personal data: Any information relating to an identified or identifiable natural person.

Sensitive personal data: Data concerning trade union, political, religious, or ideological views and activities; data concerning health, intimate life, or ethnic or racial origin; genetic data; biometric data that uniquely identifies a natural person; data concerning criminal or administrative sanctions or proceedings; and data concerning social welfare measures.

Processing: Any operation performed on personal data, regardless of the means or methods used — for example querying, matching, adapting, archiving, retaining, reading, disclosing, obtaining, recording, collecting, deleting, making available, organising, storing, modifying, distributing, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

Where the General Data Protection Regulation (GDPR) applies, we process personal data on the basis of at least one of the following legal grounds:

• Art. 6(1)(b) GDPR — processing necessary for the performance of a contract with the data subject or to take pre-contractual steps at their request.
• Art. 6(1)(f) GDPR — processing necessary for the purposes of legitimate interests pursued by us or by third parties, unless overridden by the fundamental rights and interests of the data subject. Such interests include in particular the long-term, user-friendly, secure, and reliable conduct of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
• Art. 6(1)(c) GDPR — processing necessary to comply with a legal obligation under applicable law of EEA member states.
• Art. 6(1)(e) GDPR — processing necessary for the performance of a task carried out in the public interest.
• Art. 6(1)(a) GDPR — processing based on the consent of the data subject.
• Art. 6(1)(d) GDPR — processing necessary to protect the vital interests of the data subject or of another natural person.
• Art. 9(2) et seq. GDPR — processing of special categories of personal data, in particular with the consent of the data subjects.

The GDPR refers to the processing of personal data as ‘processing of personal data’ and the processing of sensitive personal data as ‘processing of special categories of personal data’ (Art. 9 GDPR).

3. Nature, Scope and Purpose of Processing

We process the personal data necessary to conduct our activities and operations in a long-term, user-friendly, secure, and reliable manner. The data processed may fall in particular into the following categories: browser and device data, content data, communication data, metadata, usage data, master data including account and contact details, location data, transaction data, contractual data, and payment data. Personal data may also constitute sensitive personal data.

We also process personal data received from third parties, obtained from publicly accessible sources, or collected in the course of our activities and operations, to the extent that such processing is permissible.

We process personal data with the consent of data subjects where required. In many cases, we may process personal data without consent — for example, to fulfil legal obligations or to safeguard overriding interests. We may also seek consent where it is not strictly required.

We process personal data for as long as necessary for the relevant purpose. We anonymise or delete personal data in accordance with applicable retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include specialist service providers whose services we use, and these third parties may in turn disclose personal data to further parties.

In the course of our activities and operations, we may disclose personal data in particular to: banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, accounting and fiduciary service providers, debt collection agencies, interest groups, IT service providers, cooperation partners, credit and commercial reference agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurance providers, and payment service providers.

5. Communication

We process personal data in order to communicate with individuals, authorities, organisations, and companies. In this context, we process in particular data that a data subject provides when making contact — for example by post or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data about other individuals to us are legally obliged to ensure the data protection of those individuals themselves. They must in particular ensure that they are entitled to transmit such data and that the data transmitted is accurate.

6. Data Security

We implement appropriate technical and organisational measures to ensure a level of data security commensurate with the risk involved. Our measures are designed in particular to protect the confidentiality, availability, traceability, and integrity of personal data — though we cannot guarantee absolute data security.

Access to our website and other digital presence is secured via transport encryption (SSL/TLS, in particular HTTPS — Hypertext Transfer Protocol Secure). Most browsers warn users when visiting a website without transport encryption.

Our digital communications — like all digital communications in principle — are subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America, and other countries. We have no direct influence over the corresponding processing of personal data by intelligence services, police forces, or other security authorities. We also cannot rule out that individual data subjects may be specifically monitored.

7. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries — in particular for processing there.

We may export personal data to any country in the world and elsewhere in the universe, provided that applicable law in that country ensures an adequate level of data protection according to a decision of the Swiss Federal Council and — where the GDPR applies — a decision of the European Commission.

We may transfer personal data to countries whose law does not ensure an adequate level of data protection, provided protection is guaranteed on other grounds — in particular on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection where the specific data protection requirements for doing so are met — for example, the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide data subjects with information about any applicable safeguards or to supply a copy of them upon request.

8. Rights of Data Subjects

8.1 Data Protection Rights

We grant data subjects all rights provided under applicable law. Data subjects have in particular the following rights:

• Right of access: Data subjects may request information as to whether we process personal data about them and, if so, what data is involved. They also receive the information necessary to assert their data protection rights and to ensure transparency — including the personal data itself, details of the processing purpose, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
• Rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
• Right to express a view and human review: Where decisions are based solely on automated processing of personal data and produce legal effects or significantly affect the data subject (automated individual decisions), data subjects may express their view and request review by a human.
• Erasure and objection: Data subjects may request the erasure of personal data (‘right to be forgotten’) and may object to the processing of their data with effect for the future.
• Data portability: Data subjects may request the release of their personal data or its transfer to another controller.

We may defer, restrict, or refuse the exercise of data subjects’ rights to the extent permitted by law. We may also inform data subjects of any requirements to be met before exercising their rights. For example, we may refuse access in whole or in part with reference to confidentiality obligations, overriding interests, or the protection of third parties. We may similarly refuse the erasure of personal data in whole or in part — in particular with reference to statutory retention obligations.

In exceptional cases, we may charge fees for the exercise of rights. We will inform data subjects of any applicable fees in advance.

We are required to identify data subjects who request access or assert other rights by appropriate means. Data subjects are required to cooperate in this process.

8.2 Legal Redress

Data subjects have the right to enforce their data protection rights through the courts or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some EEA member states, data protection authorities are structured on a federal basis — in particular in Germany.

9. Website Usage

9.1 Cookies

We may use cookies. Cookies — both our own (first-party cookies) and those of third parties whose services we use (third-party cookies) — are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies may be stored temporarily as ‘session cookies’ or for a defined period as ‘persistent cookies’. Session cookies are automatically deleted when the browser is closed. Persistent cookies have a defined storage period. Cookies enable us in particular to recognise a browser on subsequent visits to our website — for example to measure our website’s reach. Persistent cookies may also be used for online marketing.

Cookies can be disabled, restricted, or deleted — in whole or in part — at any time via browser settings. Browser settings often also allow for automated deletion and other cookie management. Without cookies, our website may no longer be fully available. Where required by applicable law, we actively seek explicit consent to the use of cookies.

For cookies used for performance and reach measurement or advertising, a general opt-out is available for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Server Logs

For each access to our website and other digital presence, we may log at least the following data, provided it is transmitted or determined as standard during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page accessed including volume of data transferred, and the last webpage accessed in the same browser window (referrer).

We record such data — which may also constitute personal data — in log files. This information is necessary to provide our digital presence in a long-term, user-friendly, and reliable manner, and to ensure data security — including by or with the assistance of third parties.

9.3 Tracking Pixels

We may incorporate tracking pixels into our digital presence. Tracking pixels — also known as web beacons — including those of third parties whose services we use, are typically small, invisible images or JavaScript scripts that are automatically retrieved when our digital presence is accessed. Tracking pixels can capture at minimum the same data as server logging.

10. Social Media

We maintain a presence on social media platforms and other online platforms in order to communicate with interested individuals and to share information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the EEA.

The general terms and conditions, terms of use, privacy policies, and other provisions of the respective platform operators also apply. These provisions inform users in particular about their rights directly vis-à-vis the relevant platform, including the right of access.

11. Third-Party Services

We use services provided by specialist third parties in order to conduct our activities and operations in a long-term, user-friendly, secure, and reliable manner. Such services may be used to embed functions and content in our website, among other things. When content is embedded, the services used capture at least temporarily the IP addresses of users for technically necessary reasons.

For required security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised, or pseudonymised form — for example performance or usage data — in order to provide the respective service.

Digital Infrastructure

We use services provided by specialist third parties to access the digital infrastructure required for our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use in particular:

• METANET: Hosting; provider: METANET AG (Switzerland); data protection information: Privacy Policy, ‘Legal’ including ‘Technical and Organisational Measures’.

12. Website Plugins

We use plugins on our website to enable additional features. We may use selected services from suitable providers or deploy such plugins on our own digital infrastructure.

We use in particular:

• Imagify: Image optimisation; provider: WP MEDIA (France); data protection information: Terms of Service, Frequently Asked Questions.

13. Performance and Reach Measurement

We endeavour to measure the success and reach of our activities and operations. In this context, we may also measure the impact of referrals from third parties or test how different parts or versions of our digital presence are used (‘A/B testing’). Based on the results, we may in particular fix errors, strengthen popular content, or make improvements.

Performance and reach measurement generally involves capturing the IP addresses of individual users. In such cases, IP addresses are typically truncated (‘IP masking’) in line with the principle of data minimisation through appropriate pseudonymisation.

Cookies may be used for performance and reach measurement, and user profiles may be created. Any user profiles created may include, for example, individual pages visited or content viewed, information about screen or browser window size, and the at least approximate location. In principle, user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services to which users are logged in may associate use of our online offering with the user account or profile on the respective service.

14. Final Notes

We may update this privacy policy at any time. We will communicate updates in an appropriate manner — in particular by publishing the current version on our website.