from 1 July 2024

1. PURPOSE AND VALIDITY OF THE DATA PROTECTION DECLARATION

In this privacy policy, KW Premium Produkte AG (hereinafter KW Premium Produkte AG, we or us) explains the type, scope and purpose of the collection and other processing of personal data, in particular on our website https://www.reifenkissen.ch and provides information about the rights to which you are entitled. These rights are governed by the applicable data protection laws; this privacy policy is designed to meet the requirements of the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection Act («FADP»).

This privacy policy applies to all persons whose data we process, regardless of how you contact us, e.g. in an online shop, on a website, by telephone, via a social network, at an event, etc. It applies to the processing of personal data already collected as well as to that collected in the future.

Please also consult the contractual conditions for individual services (e.g. general terms and conditions, terms of use or conditions of participation). These may contain additional information on our data processing.

2. PERSON RESPONSIBLE FOR DATA PROCESSING

The person responsible for data processing, unless otherwise stated in individual cases, is: KW Premium Produkte AG, Bleicherweg 74, CH-8002, Zurich, Switzerland.

If you have any concerns regarding data protection, you can also send us an email to the following contact address:  info@reifenkissen.ch

3. COLLECTION AND PROCESSING OF PERSONAL DATA

Personal data is all information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed.

Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, collection, deletion, storage, alteration, destruction and use of personal data.

We process various categories of personal data. The most important categories are those listed below. In individual cases, however, we may also process other personal data.

• Master data: Master data is the basic data about you, such as salutation, name, contact details or date of birth.
• Contract data: Contract data is personal data that arises in connection with the conclusion or execution of a contract, e.g. information on the conclusion of the contract, acquired claims and demands or information on customer satisfaction. We conclude contracts primarily with customers, business partners and job applicants.
• Communication data: When you are in contact with us or we are in contact with you, e.g. when you contact customer service or when you write or call us, we process the exchanged communication content and information about the type, time and place of the communication.
• Behavioral and transaction data: When you shop with us, use our offers and infrastructure or use our services, we often collect data about this use. This is the case, for example, when you shop in one of our online shops, when you become active in our communities or when you use our websites.
• Preference data: We want to tailor our offers and services to our customers as best as possible. We therefore also process data about your interests and preferences. To do this, we can link behavioral and transaction data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behavior, e.g. your affinity for certain products and services.
• Technical data: When you use our websites or other electronic services, we collect certain technical data such as your IP address or a device ID. The technical data also includes the protocols in which we record the use of our systems (log data). In some cases, we can also assign a unique identification number (an ID) to your device (tablet, PC, smartphone, etc.), e.g. using cookies or similar technologies, so that we can recognize it.
• Image and sound recordings: We take photos, videos and sound recordings on certain occasions and events in which you may appear, e.g. when you attend an event, contact our customer service or receive advice via video conference. We also make video recordings in our premises for security and evidence purposes. We may receive information about your behavior in the relevant areas. The use of video surveillance systems is limited to specific locations and marked.

4. WHERE DOES THE PERSONAL DATA COME FROM?

We primarily process the personal data that we receive from our customers and other business partners as part of our business relationship with them and from other persons involved in it or that we collect from users when operating our websites, apps and other applications.  

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from authorities and other third parties (such as credit agencies).

In addition to the data that you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit reports (if we conduct business with you personally), information about you that people from your environment (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made, purchases made), information from the media and the Internet about you (if this is appropriate in the specific case, e.g. in the context of an application, press review, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).

5. FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of the manufacture, distribution and delivery of Reifenkissen^® to our customers, for the purpose of purchasing products and services from our suppliers and subcontractors and, finally, to comply with our legal obligations at home and abroad.

If you personally work for such a customer or business partner, your personal data may also be affected in this capacity.

In addition, we process personal data of you and other persons, as far as permitted and we deem it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• Offering and further developing our offers, services and websites, apps and other platforms on which we are present;
• Communication with third parties and processing their enquiries (e.g. applications, media enquiries);
• Testing and optimizing procedures for needs analysis for the purpose of directly addressing customers and collecting personal data from publicly accessible sources for the purpose of customer acquisition;
• Advertising and marketing (including holding events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time; we will then put you on a block list against further advertising mailings);
• Market and opinion research, media monitoring;
• Asserting legal claims and defending in connection with legal disputes and regulatory proceedings;
• Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);
• Ensuring our operations, in particular IT, our websites, apps and other platforms;
• Video surveillance to protect house rules and other measures for IT, building and facility security and to protect our employees and other persons and assets belonging to us or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone recordings);
• Purchase and sale of business units, companies or parts of companies and other corporate transactions and the associated transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations. If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters or carry out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and we require one. Consent given can be revoked at any time, but this will have no effect on data processing that has already taken place.

6. ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA?

Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing,

• is necessary for the performance of a contract with the data subject or for pre-contractual measures (e.g. the examination of a contract application);
• is necessary for the purposes of legitimate interests, for example if data processing is a central part of our business activities;
• is based on consent;
• is necessary to comply with domestic or foreign laws.

Legitimate interests include, among others, our own interests and the interests of third parties.  

7. WHO DO WE SHARE PERSONAL DATA WITH?

• Freight forwarding and logistics, e.g. for the dispatch of ordered goods;
• Advertising and marketing services, e.g. for sending messages and information;
• Warranty and return, e.g. for repair in case of defects;
• Business administration, e.g. accounting or asset management;
• payment services;
• Credit information, e.g. if you want to make a purchase on account;
• debt collection services;
• insurance service providers;
• Fraud prevention services that payment service providers carry out on their own responsibility, such as PayPal Fraud Protection. Such procedures only apply if you are already a customer of the respective payment service provider. More detailed information can then be found in the data protection declaration of the respective service provider;
• IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and processing, etc.

Consulting services, e.g. services provided by tax consultants, lawyers, management consultants or consultants in the field of personnel recruitment and placement. It is also possible that we pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass on the data. In these cases, the recipient of the data is its own controller under data protection law.

These include, for example, the following cases:

• information about product recalls by manufacturers, if you have purchased a product from that manufacturer from us;
• the transfer of claims to other companies such as debt collection agencies;
• the examination or implementation of corporate transactions such as acquisitions, sales and mergers;
• the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement authorities in the event of suspected criminal offenses;
• the processing of personal data in order to comply with a court order or official order or to assert or defend legal claims or if we consider it necessary for other legal reasons. In doing so, we may also disclose personal data to other parties involved in the proceedings. In principle, we are not subject to any professional confidentiality (such as banking or medical confidentiality). Please let us know in individual cases if you believe that certain personal data is subject to confidentiality so that we can investigate your concern. The recipients of the data passed on are sometimes in Germany, but can in principle be anywhere in the world. In particular, you must expect your data to be transmitted to all countries in which KW Premium Produkte AG is represented by group companies, branches or other offices, as well as to other European countries and the USA where the service providers we use are located (such as Microsoft, SAP, Amazon, etc.). If a recipient is located in a country without adequate legal data protection, we will contractually oblige the recipient to comply with the applicable data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless they are already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have consented or if the data concerned has been made generally accessible by you and you have not objected to the processing of this data.

8. NOTE ON DATA TRANSFERS TO THE USA

For the sake of completeness, we would like to point out to users residing or based in Switzerland that surveillance measures are in place in the USA by US authorities that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion that makes it possible to restrict the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that can justify the interference associated with both access to this data and its use. We would also like to point out that in the USA there are no legal remedies available to the data subjects from Switzerland that allow them to access the data concerning them and to have it corrected or deleted, and there is no effective legal protection against general access rights of US authorities. We explicitly inform the data subject of this legal and factual situation in order to make an appropriately informed decision regarding consent to the use of his or her data.

We would like to point out to users residing in an EU member state that, from the perspective of the European Union, the USA does not have an adequate level of data protection - due, among other things, to the issues mentioned in this section. To the extent that we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

9. HOW DO WE PROCESS PARTICULARLY SENSITIVE PERSONAL DATA?

Certain types of personal data are considered «particularly sensitive» under data protection law, e.g. information about health and biometric characteristics. In principle, we do not process particularly sensitive personal data. However, this can happen in exceptional cases, but usually only if it is necessary to provide a service, you have provided us with this data yourself or you have consented to the processing. We can also process particularly sensitive personal data if this is necessary to protect the law or to comply with domestic or foreign legal provisions, the relevant data has obviously been made public by the person concerned or the applicable law otherwise permits its processing.

We may process particularly sensitive personal data in the following cases, for example:

• You would like to order an age-restricted product in an online shop and add an identification document to your customer account for digital age verification;
• You apply for a vacant position and provide information about your health, union membership, previous convictions and criminal proceedings.

10. COOKIES / TRACKING AND OTHER TECHNOLOGIES RELATED TO THE USE OF OUR WEBSITE  

We typically use «cookies» and similar technologies on our websites and apps that can be used to identify your browser or device. A cookie is a small file that is sent to your computer or automatically saved on your computer or mobile device by the web browser you use when you visit our website or install the app. When you visit this website again or use our app, we can recognize you even if we don't know who you are. In addition to cookies that are only used during a session and are deleted after you visit the website («session cookies»), cookies can also be used to save user settings and other information over a certain period of time (e.g. two years) («permanent cookies»). However, you can set your browser to reject cookies, only save them for one session, or otherwise delete them early. Most browsers are preset to accept cookies. We use permanent cookies so that you can save user settings (e.g. language, auto login), so that we can better understand how you use our offers and content, and so that we can show you offers and advertising tailored to you (which can also happen on other companies' websites; however, they will not find out who you are from us, if we even know that ourselves, because they only see that the same user is on their website who was on a certain page on ours). Some of the cookies are set by us, and some by contractual partners with whom we work. If you block cookies, certain functions (such as language selection, shopping cart, ordering processes) may no longer work.

We sometimes include visible and invisible image elements in our newsletters and other marketing emails, where permitted. By retrieving these from our servers, we can determine whether and when you have opened the email, so that we can measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are pre-set to do this. 

By using our websites and apps and agreeing to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not want this, you must set your browser or email program accordingly or uninstall the app if this cannot be adjusted via the settings.

We sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, it is Google Ireland, based in Ireland). Google Ireland relies on Google LLC (based in the USA) as a processor (both «Google», www.google.com), with which we can measure and evaluate the use of the website (not personally identifiable). Permanent cookies set by the service provider are also used for this purpose. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these people. If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection regulations. The service provider only tells us how our respective website is used (no information about you personally).

We use the consent tool «Real Cookie Banner» to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how «Real Cookie Banner» works can be found at  https://devowl.io/knowledge-base/real-cookie-banner-data-processing/

The legal basis for the processing of personal data in this context is Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

11. SOCIAL MEDIA PLUG-INS  

We also use so-called plug-ins from social networks such as Facebook, Twitter, YouTube, Pinterest or Instagram on our websites. This is visible to you in each case (typically via corresponding symbols). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator in accordance with its data protection regulations. We do not receive any information about you from them.

12. PROFILING [AND AUTOMATED DECISION-MAKING]

We process your personal data partly automatically with the aim of evaluating certain personal aspects (profiling). We use evaluation tools that help us to

• to continuously improve our offerings and better tailor them to individual needs;
• to present our content and offers to you according to your needs;
• to only show you advertisements and offers that are likely to be relevant to you;
• to better support you with customer service;
• to decide which payment options are available based on a credit check.

We carry out profiling, for example, in connection with our online shops by evaluating your shopping behavior and assigning you certain interests based on this. Such interests can be formed on a permanent basis or on a case-by-case basis and can, for example, relate to the purchase motive. This profiling enables us, for example, to send you relevant product suggestions via newsletter.

Profiling also occurs, for example, in connection with the customer account, for example when we evaluate your usage and purchasing behavior in our online shops and on our websites, for example in order to offer you an individual user experience and to make you offers tailored to your interests.

In order to improve the quality of our analyses and forecasts, we can also link personal data from different sources as a basis for profiling. Self-learning algorithms can also be used for this purpose.

When using new technologies, however, we refrain from extensively processing particularly sensitive personal data and from systematically monitoring large public areas.

As a general rule, we do not use fully automated decision-making (as regulated in Art. 22 GDPR, for example) to establish and carry out the business relationship or otherwise. Should we use such procedures in individual cases, we will inform you separately if this is required by law and explain to you the associated rights.

13. NEWSLETTER REGISTRATION

We offer a newsletter that you can subscribe to. If you sign up for it, we will collect at least your email address. If you place an order with us, you will be temporarily enrolled in our newsletter. KW Premium Produkte AG reserves the right to inform you about news regarding your consent to the communication channel, etc. KW Premium Produkte AG processes the above-mentioned personal data, information from your customer profile, information about your interests and purchases, and your behavior on the reifenkissen.ch websites and other online channels to ensure that you receive relevant information. We treat your data with respect and care. You can withdraw your consent at any time by unsubscribing from the newsletter. You can unsubscribe by clicking on the link at the bottom of all emails from Reifenkissen^®. You can also send us an email to info@reifenkissen.ch.

We may use a program from an external service, such as MailChimp, to send the newsletter. By signing up for the newsletter, you confirm that your data will be transmitted to such an external service for processing. Find out more about MailChimp's data protection practices.

14. DURATION OF STORAGE OF PERSONAL DATA

We process and store your personal data,

• as long as it is necessary for the purpose of processing or for purposes compatible with it, and in the case of contracts, generally at least for the duration of the contractual relationship;
• as long as we have a legitimate interest in storing the data. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security;
• as long as they are subject to a statutory retention period. For example, a ten-year retention period applies to certain data. For other data, shorter retention periods apply.

In certain cases, we will also ask for your consent if we want to store personal data for a longer period (e.g. for job applications that we would like to keep pending).

As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less generally apply.

15. DATA SECURITY

We take appropriate security measures of a technical and organizational nature to maintain the security of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risk of loss, accidental alteration, unwanted disclosure or unauthorized access. Like all companies, however, we cannot completely rule out data security breaches; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymization of data, logging, access restrictions and the storage of backup copies. Security measures of an organizational nature include, for example, instructions to our employees, training and controls. We also require our contract processors to take appropriate technical and organizational security measures.

16. OBLIGATION TO PROVIDE PERSONAL DATA

As part of our business relationship, you must provide the personal data that is required to establish and conduct a business relationship and to fulfil the associated contractual obligations (you are generally not legally obliged to provide us with data). Without this data, we will generally not be able to conclude or process a contract with you (or the body or person you represent). The website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.  

What rights do you have in connection with the processing of your personal data?
Within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, rectification, erasure, the right to restrict data processing and otherwise to object to our data processing, in particular that for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing as well as to the release of certain personal data for the purpose of transferring it to another location (so-called data portability). 
Please note, however, that we reserve the right to assert the legally provided restrictions on our part, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on it) or need it to assert claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in section 5. Please note that the exercise of these rights may conflict with contractual agreements and may result in consequences such as early termination of the contract or costs. We will inform you in advance of this if this is not already contractually agreed.    

The exercise of such rights generally requires that you clearly prove your identity (e.g. by providing a copy of your ID card where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address provided in section 2.

Every person affected also has the right to enforce their claims in court or to lodge a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch). The responsible supervisory authority in the Principality of Liechtenstein is the Data Protection Office of the Principality of Liechtenstein.

17. CHANGES

We may amend this privacy policy at any time without prior notice. The most recent version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of the change by email or in another appropriate manner in the event of an update.

As of: 01 July 2024