Privacy Policy
7PEAKS SA
Version 2022-10-12 R4
Issuer 7PEAKS SA
Morgartenstrasse 9
6003 Lucerne, Switzerland
1. What is this Privacy Policy about?
The protection of data is a matter of trust and your trust is important to us. Trust begins with transparency. In this Privacy Policy, we therefore inform you how and why we collect, process, and use your personal data. This Privacy Policy is based on the European General Data Protection Regulation (“GDPR”), which has established itself internationally as a benchmark for strong, effective data protection.
2. Who are we?
7PEAKS AG, Morgartenstr. 9, 6003 Lucerne (“we” or “us”) is generally responsible for the data processing activities covered by this Privacy Policy.
Should you have any questions about this Privacy Policy or the processing of your personal data, please do not hesitate to contact us as follows:
7PEAKS AG, Data Protection, Morgartenstrasse 9, 6003 Lucerne
For digital means of contact, please refer to https://7peaks.com/.
3. For whom is this Privacy Policy intended?
Our data processing primarily concerns our customers, but also other persons whose personal data we process. This Privacy Policy applies regardless of which channel you use to contact u, e.g. in our shops, by telephone, in an online shop, on a website, in an app, via a social network, at an event etc. This Privacy Policy applies to the processing of personal data that has already been collected as well as personal data that will be collected in future. For certain offers and services (e.g. competitions) additional data protection provisions may also apply, which apply in addition to this Privacy Policy.
This Privacy Policy shall not apply if another company is responsible for a specific data processing. Another company may, for example, be responsible for specific data processing, alone or together with us, when you visit our social media sites or interact with social plug-ins integrated into our websites, when you visit a third-party website linked by us, or when we disclose personal data to third parties, such as government agencies. In these instances, please consult the Privacy Policy of the relevant company which can usually be found on its website.
4. What is “Personal Data” and what does “Processing” mean?
The rules governing the processing of personal data are laid down in data protection legislation. This also applies to this Privacy Policy. “Personal data” means any information relating to an identifiable natural person, i.e. an individual. “Processing” refers to any use of your personal data. In Switzerland, information relating to a particular legal entity (e.g. details about a contract with a company) also constitutes personal data.
5. Which Personal Data do we process and for what purposes?
We process various personal data for different reasons and purposes. You can find further details in this section and often in the general terms and conditions, terms of participation, and additional privacy policies.
We generally collect your personal data directly from you, for example when you transfer data to us or communicate with us. As a rule, you are not obliged to disclose personal data to us unless such disclosure is necessary to fulfill a contractual obligation. However, we are often unable to provide an offer or service if you do not provide us with the necessary information.
Besides yourself, personal data may also be collected from other sources, for example from other associated companies or from third parties such as credit reference agencies, media monitoring agencies, providers of online services such as providers of web analytics services, financial service providers when payments are involved, mailing list brokers, public registers, the media, or the Internet, etc.
For example, we process personal data, which may include sensitive personal data, in the following situations for the following purposes:
Communications
We process personal data if you contact us or we contact you, for example, when you contact Customer Services, if you write to us, or if you call us. In such cases, details such as your name and contact data, the time of the notifications in question, and their content, which may also include the personal data of third parties, generally suffice. We use this data to ensure that we can provide you with information or notifications, deal with your concerns, and communicate with you, as well as for quality assurance and training purposes. We also forward information to the relevant company officers, for example if your concern relates to another company.
Purchase of goods and use of services
We also process personal data in connection with products and services supplied by us, for example, when you buy a product from us or use a service. We process your personal data, for instance, in the context of processing orders, performing contracts, or for delivery and invoicing purposes. When you make purchases in online shops or use a bonus or loyalty card, we also collect and process personal data relating to your credit rating as well as shopping and payment patterns. For example, we collect credit reports from third-party providers for the purpose of determining whether to allow you to buy on account and we also process information with respect to the purchases you make, when and how often you make them, and the stores or online shops where you purchase items. This information helps us understand your preferences for and interest in certain products or services, enabling us to provide targeted information regarding other offers and align our offerings more precisely with demand.
Loyalty and bonus schemes
We process personal data as part of our loyalty and bonus schemes. In addition to contact details, we also process personal data pertaining to the usage of the scheme by you and, if applicable, members of the same household and other information, for example details of your shopping habits, preferences, and interest in certain products and services. This enables us to provide you with targeted information on offers and align our offerings more precisely with demand. Further information is set out in “Purchase of goods and use of services” in this Privacy Policy as well as in the relevant general terms and conditions and terms of participation.
Visiting websites
When you visit our websites, we will process personal data based on the offer and functionality involved. This includes technical data, for example information on the time you accessed our respective website, the duration of the visit, the pages accessed, and the device used (e.g. tablet, PC, or smartphone). We use such data for the purposes of providing the website, for reasons of IT security, and to improve the user-friendliness of the website. We also use “cookies” and similar technologies. Cookies are files that are stored on the end device when you visit our website. In many cases, they are required for the functionality of the website and are deleted automatically following the visit. Other cookies remain saved for a certain period and are used to personalize the offering or allow us to display targeted advertisements to you. We also use cookies and technologies from third-party providers in the US or around the world, for example for analysis services from providers or additional functions from providers, which may lead to the provider in question obtaining data about you. When you have a customer account, we can assign usage data to your profile that helps us to derive information about your preferences for and interest in specific products or services. You have the option to reject or deactivate cookies and thus prevent the processing of data generated from a cookie by configuring your end device accordingly or installing an appropriate browser add-on.
Online offers and apps
We will also process personal data when you use online offers in order to provide, improve, and enhance these offers. This also applies even if you do not purchase any goods and services. Depending on the type of offer, this information may include details of customer accounts and the use of such accounts as well as information on the installation and use of mobile apps. Here, we also process personal data to personalize the offering and to provide you with offers in line with your interests and affinities.
Information and direct marketing: We process personal data, to the extent permitted by law, in order to send information and advertising messages either in writing or electronically, provided you have not objected to this processing. We process, for example, your contact data so that we can personalize the relevant messages and send them to you. [In the case of email newsletters, push notifications, and other electronic messages, we may also process information regarding your use of the messages (e.g. whether you downloaded embedded images in an email, i.e. that you opened the email). We do so in order to get to know you better, to gear our offers more precisely towards your needs, and to improve our offers in general. If you do not agree to the processing of usage data, you may generally block such processing in your email program].
Competitions, prize draws, and similar events
We now and again organize competitions, prize draws, and similar events. In such cases, we will process your contact information and details about your participation for the purposes of conducting the competitions and prize draws. Where applicable, we will also process this data to enable us to communicate with you and for advertising purposes. Further information in this regard can be found in the relevant terms of participation.
Accessing our premises
We will also process personal data in relation to any customer events held by us (e.g. advertising events, sponsorship events, and cultural and sporting events). This includes the participants’ or interested parties’ names and mailing or email addresses as well as any further information that may be required, for example your date of birth. We will process this data not only for the purpose of holding customer events, but also to allow us to contact you directly and get to know you better. Further information in this regard can be found in the relevant terms of participation.
Customer events
We will also process personal data in relation to any customer events held by us (e.g. advertising events, sponsorship events, cultural and sporting events). This includes the participants’ or interested parties’ names and mailing or email addresses as well as any further information that may be required, for example your date of birth. We will process this data for the purpose of holding customer events, but also to allow us to contact you directly and get to know you better. Further information in this regard can be found in the relevant terms of participation.
Market research and media monitoring
We process personal data for market and opinion research purposes. To do so, we may use information about your shopping habits (further information in this regard can be found under “Purchase of goods and use of services) as well as information from customer surveys, questionnaires and studies, and other information, for example from the media, social media, the Internet, and other public sources. We may also make use of media monitoring services or conduct our own media monitoring, and in doing so process personal data.
Contact with our company as a business partner
We work with various companies and business partners, for example with suppliers, commercial purchasers of goods and services, cooperation partners, and service providers (e.g. IT service providers). For purposes relating to contract initiation and performance, planning, and accounting, as well as for other purposes associated with the respective contract, we may also process personal data pertaining to contacts at the relevant companies, for example their name, role, title, and communications with us. Depending on the area of activity, we are also required to check the company in question and its employees in more detail, for example by performing a security check. In this case, we will collect and process additional information, including information from third parties, where applicable. We may also process personal data to improve our customer focus, levels of customer satisfaction, and customer retention (customer/supplier relationship management).
Administration
We process personal data for our own and intra-Group administration. For example, we may process personal data in connection with the members’ register or for IT administration or real estate management purposes. We also process personal data for accounting and archiving purposes and, in general, with a view to reviewing and improving internal processes.
Corporate transactions
We may also process personal data for the purposes of performing preparatory work and undertaking corporate takeovers and sales, as well as purchases and sales of assets. The subject matter and scope of any data collected or transmitted will depend on the stage and object of the transaction.
Job applications: We will also process personal data if you apply for a position with us. Here, we generally use the usual information and documents specified in a job advertisement, which may also contain the personal data of third parties, and information from the application process.
Compliance with legal requirements
We process personal data in order to comply with legal requirements and to prevent and identify breaches. This includes, for example, the acceptance and processing of complaints and other notifications, internal investigations, and the disclosure of documents to an authority if we have a material reason or are legally obliged to do so. In doing so, we may also process the personal data of third parties.
Safeguarding of rights
We may process personal data in various forms in order to safeguard our rights, for example to enforce our rights both in or out of court and before national or foreign authorities, or to defend against any claims. In doing so, we may process your personal data and third-party personal data and disclose personal data to third parties, either in Switzerland or abroad, to the extent required and permitted.
6. How do we process Personal Data when you visit our Websites?
Which personal data do we process?
Technical data (log files)
When you visit our websites, we will process personal data based on the offer and functionality involved. For technical reasons, this initially includes data automatically collected and stored in log files. This includes, for example, the IP address and device-specific details such as the MAC address and operating system of the terminal (e.g. tablet, PC, or smartphone), details of your Internet service provider; details of the accessed contents and the date and time of the website visit or detail of the logins.
Cookies and similar technologies
We use cookies depending on the functionality. Cookies are small files that our website automatically creates in your browser and that are saved on your end device. Cookies contain a unique number (an ID) that we can assign to a specific Internet user (generally without knowing the user’s name, however) as well as, depending on the purpose, further information, for example about accessed pages and the duration of the visit to each page.
Firstly, we use session cookies in which, among other information, details about the origin and storage period of the cookie are stored. These cookies are deleted following any visit to our website. We use such cookies, for example, to enable shopping baskets to be saved over several visits to the site by the user.
Secondly, we use permanent cookies that also remain stored for a certain period once the browser session has been completed. Such cookies allow a visitor to be recognized again upon a subsequent visit, for example in order to save language settings over several browser sessions or display contents on the website tailored to the visitor’s interests. We thus collect, for example, information about your visits as well as the pages you accessed, the articles you viewed, and your shopping basket. Following the expiry of the programmed duration (generally between one month and two years), these cookies are automatically deactivated.
We also use similar technologies such as pixel tags (small image files that are loaded from a server and provide the server operator with certain information) or fingerprints (information about the configuration of a device or a browser). Some cookies or similar technologies also originate from other related companies and third-party companies. This is the case, for example, if we use functions on our website that are provided by third parties. It also involves analysis services, which also work with cookies; detailed information on this point can be found below. Such cookies also enable our partners to display tailored advertisements to you on our websites or the websites of third parties as well as on social networks and to measure their effectiveness.
Data on user behaviors
We use services of other providers with locations around the world. These providers can record the usage of the relevant website by the user, for example through the use of cookies and similar technologies. These records may be combined with similar information from other websites. The behavior of a particular user can thus be recorded across several websites and several end devices. The provider concerned may also use this data for its own purposes, for instance for personalized promotions on its own website and other websites that it provides with advertisements. If a user is registered with the provider, the provider may be able to attribute usage data to the individual concerned. It will generally obtain the consent of the data subject for such purpose and allow him or her to withdraw such consent in accordance with its requirements. Such personal data is processed by the provider under its own responsibility and in accordance with its own data protection provisions.
Social plug-ins
Our webpages may use social plug-ins. Buttons for the relevant providers are therefore shown, or contents of the provider in question are integrated into the website. If you access a website that uses a social plug-in of this kind, your browser will establish a connection to the relevant provider. The content of the social plug-in is transmitted to your browser by the provider in question and added by the provider to the relevant website. Due to this process, the relevant provider will receive, in particular, the following information:
- the information that your browser has accessed the website in question;
- the IP address of the device used, even if you do not have an account with the provider.
If you are logged in with the relevant provider simultaneously, it may assign the visit to your personal profile. If you interact using a social plug-in, for example by clicking on a “Like” button or leaving a comment, the corresponding information will be transferred from your browser to the relevant provider and saved by it. This information may be published by the provider in question in your profile and displayed to your contacts. Also, if you visit our social media pages or interact with social plug-ins integrated in our websites, personal data may be transmitted directly to or collected and saved by the relevant provider. Primary responsibility for the processing of this data lies with the provider of the relevant social network. In cases in which 7PEAKS SA is jointly responsible with the relevant provider, we conclude a corresponding agreement with the provider. Information on the key content of such agreements can be obtained from the provider in question. Further information on data processing by the providers of social networks can be found in the privacy policies of the relevant social networks.
For what Purposes do we process Personal Data?
Provision of the website
The recording of certain log files and the use of certain cookies and technologies is essential for the provision of the website and its functions for technical reasons. Other cookies and technologies help us to provide and safeguard the various functions and offers available on our website as well as to make our website more attractive.
Website management
The saving and use of log files and cookies and other technologies helps us with maintenance and troubleshooting, in safeguarding the security of our websites, and in combating fraud.
Personalization of website
We adjust certain areas and content of our websites in line with your needs and interests, for example by saving your chosen language or personalized content display.
Analysis of user behavior
We use web analysis services in order to better understand the use of our websites and to improve their content, functionality, and retrievability.
Advertising
We can display interest-based advertising on our websites or third-party websites or show our advertisements on other sites after you leave our website as you continue to browse the web.
Cookies and similar technologies allow the companies in question to provide services to us or to display advertisements to you that may be of particular interest to you.
When you have a customer account, we may also evaluate your personal data and combine this with other personal data, for example with non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services. Even if you are not logged into our website at the time of visit, this data may be assigned, where applicable, to your profile.
How can you prevent these processes?
You can configure your end device to display a message before a new cookie is created. This means you can also reject cookies. Furthermore, you can delete cookies from your end device. You also have the option to prevent the recording of data (such as your IP address) by downloading and installing an appropriate browser add-on. The rejection or deactivation of cookies and other technologies may, however, mean that you are unable to use all of the website’s functions.
If you do not want that a provider of a social network collect data about you via our website, you must log out from the site of the relevant provider prior to visiting our website. Even when you are logged out, providers may collect data on an anonymized basis via social plug-ins. If you log in with the provider in question at a later time, this data may be assigned to your profile. In such cases, the relevant provider processes the personal data under its own responsibility and in accordance with its own data protection provisions. If you wish to prevent the provider from assigning data to your profile, you will need to erase the corresponding cookies. You can also completely prevent the loading of social plug-ins using add-ons for your browser, for example NoScript.
7. What is the Legal Basis for Processing Personal Data?
Depending on the purpose of the data processing, our processing of personal data is based on different legal grounds. In particular, we may process personal data if:
- doing so is necessary to fulfill an agreement with the data subject or for pre-contractual measures upon your request (e.g. to review your request for an agreement);
- doing so is necessary to safeguard legitimate interests;
- doing so is based on effective consent that has not been revoked; and/or
- doing so is required for compliance with legal obligations.
We generally process sensitive personal data only based on express consent unless the relevant data has clearly been disclosed publicly by the person in question or the processing is required to safeguard rights or comply with legal obligations.
Data is only transmitted abroad under the conditions of this Privacy Policy.
8. To whom do we disclose Personal Data?
Your personal data is disclosed to other companies exclusively to the extent described below. We never sell your personal data to third parties or use it for commercial purposes.
We may disclose your personal data to other related companies. In certain cases, individual companies may also process your personal data in their own interest for the processing purposes specified in this Privacy Policy. Your personal data may therefore also be combined and processed with personal data originating from related companies for the relevant purposes.
Further we may disclose your personal data to companies, should they supply services to us. These may also involve companies outside related companies. In selecting contract data processors and by entering into appropriate agreements, we ensure that privacy is safeguarded throughout the processing of your personal data, including when data is processed by contract data processors. Our contract data processors are under an obligation to process personal data solely on our behalf and in accordance with our instructions, as well as to implement suitable technical and organizational measures with respect to data security. This primarily concerns services in the area of credit assessments, for example if you want to make a purchase on account, and of IT services, for example in the areas of hosting, cloud services, the delivery of email newsletters, and data analysis and enhancement, etc.
In individual cases, it is also possible that we disclose personal data to recipients outside related companies for their own purposes, for example if we consider this to be legally necessary or necessary to protect our interests. In such cases, the data recipient is legally responsible as the controller of the data. This would apply in particular in the following circumstances:
We may disclose your personal data to third parties (e.g. to the courts and authorities within Switzerland and abroad) if this is required by law or by the authorities. We also reserve the right to process your personal data in order to satisfy a court order or for the purpose of enforcing or defending legal rights or claims or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.
If we transfer claims against you to other companies, such as collection agencies.
If we review or conduct transactions including company mergers or the acquisition or sale of individual parts of a company or its assets, we may, under certain circumstances, be required to transfer personal data to another company in connection with the transaction in question, or become ourselves the subject of a transaction.
9. When do we transfer Your Data abroad?
The recipients of your personal data may also be located abroad – including outside of the EU or EEA. The countries in question may not have laws in place that afford your personal data the same level of protection as provided in Switzerland or in the EU or the EEA. If we transfer your personal data to such a country, we are required to ensure the protection of your personal data in an appropriate manner. One means of doing so is to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contract clauses. Data may also lawfully be transferred to recipients that are subject to the US Privacy Shield Program. Please contact us if you would like further information on the data transfer agreements concluded by us or on other suitable safeguards applied by us for the transfer of data abroad. Data may also be transferred to countries without adequate protection in exceptional cases, for example if consent is expressly granted or to enforce, exercise, or defend legal rights.
10. Do we conduct Profiling?
“Profiling” refers to a procedure during which personal data is processed on an automated basis in order to analyze or predict personal aspects. We perform profiling on a regular basis. For example, we analyze shopping behavior, the use of our websites and apps, as well as other transaction and behavior data, and make assumptions about your personal interests, preferences, affinities, and habits on this basis. This profiling helps us to gear our offer more precisely to your needs and, to the greatest extent possible, in only showing you advertisements and offers that are actually relevant to you. In order to improve the quality of our analyses, we may also combine personal data that originates from different sources, for example, data collected offline and online as well as data that has been collected via our different services or that we have received from other related companies. Provided the profiling is related to direct advertising, you have the right to object as described in this Privacy Policy.
11. Do we use automated Decision-Making?
In general, we do not use automated individual decision-making. We will inform you separately should we opt to utilize automated individual decision-making in individual cases. “Automated individual decision-making” refers to any decision that is made on a fully automated basis, i.e. with no relevant human influences, and may have negative legal implications or other similar adverse consequences for you.
12. How do we protect Your Personal Data?
We take appropriate technical measures (e.g. encryption, pseudonymization, record keeping, access restrictions, data backups) and organizational measures (e.g. instructions issued to employees, confidentiality agreements, audits) in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintended changes, inadvertent disclosure, or unauthorized access. In general, however, security risks cannot be completely ruled out; certain residual risks are unavoidable in most cases.
13. For how long do we store Your Personal Data?
We store your personal data in a personalized form for as long as it is required for the specific purpose for which it was collected. In the case of contracts, personal data is stored for at least the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security. We also store your personal data if it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data. Shorter retention periods apply for other data, for example for recordings from CCTV or for recordings of certain online processes (log data). In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g. for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.
14. How do we process the Personal Data of Children?
In general, the processing of personal data belonging to children is not part of our business activity. However, should we process the personal data of children, we will ensure that children are afforded special protection and, in cases in which we process the personal data of children on the basis of consent, we will obtain the consent of the children’s parents or legal representatives. If consent for a child is provided by his or her parents or legal representatives, the adult is free to withdraw this consent at a later time.
15. What Rights do you have in Connection with the Processing of Your Personal Data?
You have the right to object to data processing if we process your personal data on the basis of a legitimate interest. You can also object to data processing in connection with direct advertising (e.g. advertising emails) at any time. This also applies to profiling, to the extent this is related to direct advertising.
Provided the applicable conditions are met and there are no applicable statutory exceptions, you also have the following rights:
Right to information
You have the right to transparent, easy-to-understand, and comprehensive information with respect to how we process your personal data and what rights you have with regard to the processing of your personal data. We meet this obligation by providing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
Right of access
You have the right to request access to any personal data stored by us at any time free of charge. You therefore have the opportunity to check what personal data about you we process. In certain cases, the right of access may be restricted or excluded, in particular if there is any doubt concerning your identity or this is required to protect other individuals.
Right to rectification
You have the right to have inaccurate or incomplete personal data rectified or completed and to be informed about such rectification.
Right to erasure
You have the right to request the erasure of your personal data if the personal data is no longer required for the intended purposes, you have effectively withdrawn your consent or have objected to the processing of your data, or the personal data is being processed unlawfully. In certain cases, the right to have personal data erased may be excluded, especially if the processing activity is required to exercise the right of freedom of expression or to safeguard legal claims.
Right to restriction of processing
Under certain conditions, you have the right to request that the processing of your personal data is restricted. This may mean, for example, that personal data is (temporarily) no longer processed or that published personal data is (temporarily) removed from a website.
Right to data portability
You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format if the specific data processing activity is based on your consent or is required for the performance of a contract, and the processing is performed with the assistance of automated processes.
Right to withdraw consent
If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. Should you withdraw your consent, this will only apply to the future; data processing activities performed in the past on the basis of your consent will not become unlawful due to you withdrawing consent.
You are also free to lodge a complaint to a competent supervisory authority with respect to the manner in which your personal data is processed if you believe that the data processing breaches applicable law. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
16. How Can You Contact Us?
If you wish to exercise any of the above rights or if you have any questions or concerns relating to this Privacy Policy or the processing of your personal data, please do not hesitate to contact us as specified. We are best able to handle your concerns via this channel.
Queries should be addressed to the company. Contact details can be found on https://7peaks.com/.
17. Changes to this Privacy Policy
This Privacy Policy may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. We will actively inform individuals whose contact details are registered with us of any material changes, provided that we can do this without disproportionate effort. Generally speaking, the version of the Privacy Policy in effect at the time at which the data processing activity in question commences is applicable.
(End of Document.)