Privacy policy

1. Introduction and Responsible Party

We appreciate your interest in our online shop. The protection of your personal data is an important concern for us. Below, we inform you about which personal data is collected when using our online shop, for what purposes it is processed, and what rights you have in this context.

The processing of your personal data is carried out in accordance with the Swiss Data Protection Act (DSG) and – where applicable – in accordance with the General Data Protection Regulation of the European Union (GDPR).

Responsible party in the sense of the DSG and the GDPR:

Montalegria AG
Freudenberg 2
6343 Rotkreuz
Switzerland
Email: support@cc-hh.ch

 

2. Data Collection When Visiting Our Website (Hosting)

2.1 Server log files (Hostpoint)

When using our website for informational purposes only, our hosting provider Hostpoint AG, Neue Jonastrasse 60, 8640 Rapperswil-Jona, Switzerland, automatically collects data that your browser transmits to the server.

Processed data includes, in particular:

  • Browser type and version

  • Operating system

  • Referrer URL

  • Hostname of the accessing device

  • IP address

  • Date and time of the server request

Purpose of processing:
Ensuring a smooth connection to the website, system security, stability, and technical administration.

Legal basis:
Art. 6 para. 1 lit. f GDPR (legitimate interest).

Storage duration:
Server log files will be deleted no later than 7 days, unless security-relevant events (e.g., abuse cases) require a longer retention period.

You have the right to object to this processing at any time for reasons relating to your particular situation.

2.2 Operation of the online shop via Shopify

Our online shop is operated through the e-commerce platform Shopify.

Provider:
Shopify International Ltd., Victoria Buildings, 1–2 Haddington Road, Dublin 4, Ireland
Shopify Inc., 151 O’Connor Street, Ottawa, Canada

Shopify processes personal data on our behalf as a processor according to Art. 28 GDPR.

Processed data types:

  • Name, billing and shipping address

  • Email address

  • Payment and order data

  • IP address

  • Device and browser information

  • Usage and access data

Purpose of processing:
Provision and operation of the online shop, contract processing, payment processing, customer management, fraud prevention, and system security.

Recipients include in particular hosting and IT service providers, payment service providers, as well as technical support service providers of Shopify.

Legal basis:
Art. 6 para. 1 lit. b GDPR (contract fulfillment) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient shop operation).

Data transfer to third countries:
The transfer of personal data to Canada and the USA is possible.
Shopify is certified under the EU-US Data Privacy Framework (DPF). Additionally, EU Standard Contractual Clauses (SCC) have been concluded with Shopify to ensure an adequate level of data protection.

Storage duration:
Data will only be stored as long as necessary for the contract processing or as required by legal retention obligations.

Further information on data processing by Shopify can be found at:
https://www.shopify.com/legal/privacy

 

3. Cookies and consent management (Consentmo)

Our website uses cookies and similar technologies.

We use the consent management tool “Consentmo GDPR” from the provider
Consentmo Ltd., 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

Processed data:

  • IP address

  • Date and time of consent

  • Consent status

  • Device and browser information

  • a pseudonymous consent ID

Purpose of processing:
Obtaining, managing, and legally secure documentation of consents for the setting of cookies requiring consent and similar technologies.

Legal basis:
Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) as well as
§ 25 para. 1 TDDDG for cookies requiring consent and
§ 25 para.2 TDDDG for technically necessary cookies.

Storage duration:
The consent data will be stored until the expiration of the legal retention obligations or until you withdraw your consent.

Withdrawal:
You can withdraw your consent at any time via the cookie banner integrated on the website with effect for the future.

Further information can be found in the privacy policy of Consentmo:
https://www.consentmo.com/privacy

4. Analysis and Marketing Tools

4.1 Google Analytics 4

Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Processed Data:

  • Shortened IP Address

  • Device and Browser Information

  • User Behavior

  • Page Views and Interactions

Purpose:
Analysis of user behavior to optimize our online offerings.

Legal Basis:
Your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.

Data Transmission:
Transmission to the USA is possible. Google is certified under the EU-US Data Privacy Framework.

Storage Duration:
14 months.

Revocation:
You can revoke your consent at any time via the cookie banner or use the following browser add-on:
https://tools.google.com/dlpage/gaoptout

4.2 Meta Pixel (Facebook Pixel)

Provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Processed Data:

  • IP Address

  • Device IDs

  • Page Views

  • Referrer URL

  • User Behavior

Purpose:
Reach measurement, conversion tracking, and the creation of custom audiences.

Legal Basis:
Your consent according to Art. 6 para. 1 lit. a GDPR.

Joint Responsibility:
We are jointly responsible with Meta according to Art. 26 GDPR.
Agreement: https://www.facebook.com/legal/controller_addendum

Data Transmission:
Meta is certified under the EU-US Data Privacy Framework.

Withdrawal:
Possible at any time via the cookie banner.

Further settings can be found at https://www.facebook.com/settings?tab=ads

4.3 ProfitMetrics

Provider:
ProfitMetrics ApS, Diplomvej 381, 2800 Lyngby, Denmark.

Processed Data:

  • IP Address

  • Browser and Device Data

  • Usage and Campaign Data

  • Pseudonymized User Identifiers

Purpose:
Server-side analysis of marketing, sales, and conversion data to calculate the actual profitability of marketing campaigns.

Legal Basis:
Your consent according to Art. 6 para. 1 lit. a GDPR.

Data Transfer:
Transfer to third countries is possible and occurs based on Standard Contractual Clauses (SCC).

Revocation:
You can revoke your consent at any time via the cookie banner.

5. Newsletter and Contact

5.1 Contacting us via email

If you contact us via email, we process the following personal data:

  • Name

  • Email address

  • Content of your message

  • possibly additional data you provide

Purpose:
Processing and responding to your inquiry as well as possibly carrying out pre-contractual measures.

Legal basis:
Art. 6 para. 1 lit. b GDPR (Contract / pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient customer communication).

Retention period:
The data will be deleted after the inquiry has been processed, unless there are legal retention obligations.

5.2 Newsletters about Shopify Email

The registration takes place using the double opt-in procedure.

Processed data:

  • Email address

  • IP address

  • Timestamp of registration

  • Open and click behavior

Purpose:
Sending our newsletter as well as statistical evaluation to optimize our content.

Legal basis:
Your consent according to Art. 6 para. 1 lit. a GDPR.

Order processing / Data transmission:
The dispatch is carried out via Shopify Email (Shopify International Ltd., Ireland). This may involve transmissions to third countries. Shopify is certified under the EU-US Data Privacy Framework and additionally uses standard contractual clauses.

Storage duration:
Your data will be stored until you withdraw your consent.

Withdrawal:
You can withdraw your consent at any time via the unsubscribe link in any newsletter email.

6. Payment service providers

To process your order, we will pass on the necessary personal data (name, billing and delivery address, payment amount, payment information) to the respective payment service providers.

Purpose: Payment processing and fulfillment of the purchase contract.

Legal basis: Art. 6 para. 1 lit. b GDPR.

Depending on the chosen payment method, the data will be passed on to:

PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A. , 22–24 Boulevard Royal, L-2449 Luxembourg
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

TWINT
TWINT AG, Stauffacherstrasse 41, 8004 Zurich, Switzerland
Privacy Policy: https://www.twint.ch/datenschutz

Shopify Payments (Credit Cards)
Shopify International Ltd., Victoria Buildings, 1–2 Haddington Road, Dublin 4, Ireland
Privacy Policy: https://www.shopify.com/legal/privacy

Bank Transfer
When paying by bank transfer, we process your name, your IBAN, the payment amount, and the purpose of payment solely for payment allocation and contract processing.

The payment service providers partially act as independent controllers within the meaning of the GDPR.

The payment service providers process the data in part under their own data protection responsibility. The respective privacy policies of the providers apply.

For certain payment methods, there may be transfers to third countries (e.g., USA). In these cases, the transfer is based on appropriate guarantees, in particular the EU-US Data Privacy Framework and the standard contractual clauses.

7. Retention Period

We process and store personal data only for the period necessary to achieve the respective processing purpose or as required by law.

Specifically, the following retention periods apply:

Order and accounting data
10 years due to commercial and tax law retention obligations (in particular Art. 958f OR, § 147 AO, § 14b UStG).

Newsletter Data
Until you withdraw your consent.

Contact Requests
Will be deleted after final processing, unless there are legal retention obligations.

Server Logfiles
Are usually deleted after a maximum of 7 days.

Analysis and Tracking Data (e.g., Google Analytics, ProfitMetrics)
14 months.

Unless specific retention periods can be stated, deletion occurs after the purpose of processing ceases.

8. Your Rights

You have the following rights regarding your personal data with us:

Access (Art. 15 GDPR / Art. 25 DSG)
You can request information about your personal data processed by us.

Correction (Art. 16 GDPR / Art. 32 DSG)
You can request the correction of inaccurate or the completion of your data.

Deletion (Art. 17 GDPR / Art. 32 DSG)
You can request the deletion of your data, provided that there are no legal retention obligations to the contrary.

Restriction of processing (Art. 18 GDPR)

Data portability (Art. 20 GDPR / Art. 28 DSG)

Objection (Art. 21 GDPR)
You can object to processing based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation.

Withdrawal of consents
You can withdraw consents given at any time with effect for the future.
The withdrawal does not affect the lawfulness of processing carried out until the withdrawal.

Right to complain
You have the right to lodge a complaint with a data protection supervisory authority, in particular with:

– Switzerland: Federal Data Protection and Information Commissioner (EDÖB)
– EU: with the supervisory authority of your usual place of residence or workplace.

The exercise of your rights is free of charge for you.

9. Data security

We implement appropriate technical and organizational security measures in accordance with Art. 32 GDPR to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties.

Our security measures are continuously improved in line with technological developments and adjusted to the respective risk.

Our website uses TLS/SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the prefix "https://" in your browser's address bar.