Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the Swiss Confederation (Data Protection Act, DPA) as well as the EU General Data Protection Regulation (GDPR), every person is entitled to the protection of their privacy as well as the protection against misuse of personal data. The protection of your personal data is important to DataStore. We will handle your data sensitively and carefully to ensure a high level of data security.
2. Name and address of the responsible person
The responsible party within the meaning of the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR) is:
DataStore AG has not appointed a data protection advisor or data protection officer within the meaning of Art. 10 DPA or Art. 37 GDPR. Any inquiries, claims or information relating to data protection law are to be directed to the aforementioned contact details of the person responsible.
3. Categories of personal data processed
We may process the following categories of personal data in connection with our services:
Master Data: As master data, we refer to the basic data that we require, in addition to the contractual data (see below), for the processing of our contractual and other business relationships or marketing and advertising purposes. This includes in particular, but is not limited to, the first name, last name, gender, place of residence (private and/or business), date of birth, details of function, and professional or other interests;
Communication Data: If you stay in contact with us via the contact form, e-mail, telephone, letter, or other means of communication, we record the data exchanged between you and us, including the contact data and the marginal data of the communication. These are, for example, telephone number, e-mail address (private and/or business), fax number, if applicable, communication content (e.g., e-mails, letters, faxes), preferred communication channel and correspondence language;
Contract Data: This includes in particular, but is not limited to, information on business transactions to date, information on business transactions, inquiries, offers, terms and conditions and contracts regarding products and services supplied and sold as well as ordered and purchased, information in connection with queries, complaints and differences regarding products and services or the contracts concluded in this regard, such as warranty and guarantee cases, withdrawals, etc.;
Financial data, such as payment details, credit card details and other payment details, billing and shipping addresses, etc.;
Data in connection with the marketing of products and services: This includes, but is not limited to, information about marketing activities such as receipt of newsletters, newsletter opt-ins and opt-outs, documents received, invitations and participation in events and special activities, , etc. On occasion, we also purchase addresses from third parties for our advertising and acquisition activities;
Data related to the use of the website: This includes in particular, but is not limited to, IP address and other identifiers (e.g. username on social media, MAC address of the smartphone or computer, cookies, web beacons, pixel tags, log files, local shared objects (Flash cookies) or other technologies that automatically collect personal data), date and time of the visit or use of the websites, pages and content accessed, referring websites, etc.. For further details, please refer to section 8 "Automated data collection and processing on our website";
Behavior and preference data: Depending on our relationship to you, we will try to get to know you and target our products, services and offers to you better. To this end, we collect and use data on your behavior and preferences. We do this by evaluating information about your behavior in our area, and we can also supplement this information with information from third parties, including from publicly accessible sources. On this basis for this, for instance, we can calculate the likelihood that you will take up particular services or behave in a particular way. The data we process to this end may already be known to us (e.g. when you use our services) or we can obtain this data by recording your behavior (e.g. how you navigate on our website). We describe how tracking works on our website in section 8.
Voluntary information: This includes data that you provide to DataStore on a voluntary basis without DataStore specifically asking for it, such as special marketing preferences, etc.
Third-party data: If you provide DataStore with personal data of third parties (e.g. subcontractors, employees, etc.) in the course of a business transaction, we also process this data.
We collect and process data from the following persons (hereinafter "Business Partners"):
Registered and non-registered visitors to our website;
Contacts and employees of manufacturers, suppliers, distributors, vendors and providers of the products and services we request;
Customers, purchasers and recipients/beneficiaries or interested parties of our products and services (including warranty, repair and service services) or their contacts and employees;
Contacts and employees of business partners and affiliates, employment agencies and staffing companies (as well as referred workers) and other trade and business partners;
Recipients of our newsletters; participants of market research and opinion surveys conducted by DataStore; participants of courses, seminars and events offered by DataStore;
Users of the WIFIs offered in our business premises and other locations;
The aforementioned personal data is generally collected directly from the data subjects in the course of using the website, when requesting or using products or services, participating in market or other surveys, at our events or in direct communication with us via e-mail, telephone or other means.
However, the data may also be collected indirectly, namely when transactions are made for the benefit of or for delivery to a business partner by another business partner, on the recommendation of third parties (e.g. recommendation by acquaintances of the business partner) or by obtaining or purchasing supplementary information from third party data sources (e.g. social media, address dealers).
4. Purpose of processing and legal basis
We process the data of business partners - to the extent permitted by applicable law - in particular, but not exclusively, for the following purposes:
For the conclusion and processing of your contractual relationship as well as for the processing of your inquiries or your orders (Art. 30 and Art. 31 para. 1 and para. 2 let. a DPA / Art. 6 para. 1 let. b GDPR): In this context, the purposes of the data processing depend on the intended transaction. We collect this data in order to provide you with our services or to be able to obtain such services from you;
For the operation of our website (Art. 30 as well as Art. 31 para. 1 and para. 2 let. b DPA / Art. 6 para. 1 let. b and f GDPR): This includes, in particular, the administration of the users of the website and the activities carried out on it, the operation and further development of the website, ensuring a problem-free connection setup, the evaluation of system security and stability and other administrative purposes. Your data collected in this context will not be used to draw conclusions about your person. Information of this kind is only evaluated statistically by DataStore in order to optimize our website and the technology behind it, to combat abuse, for the purposes of legal investigations, proceedings and to respond to inquiries from authorities.
For process and offer optimization (Art. 30 as well as Art. 31 para. 1 and para. 2 let. e DPA / Art. 6 para. 1 let. a and f GDPR): This includes quality control, the preparation of statistics, budgets, management information as well as their evaluation, market research, the further development of products, services as well as the company and its processes;
For marketing and advertising purposes (Art. 30 as well as Art. 31 para. 1 DPA / Art. 6 para. 1 let. a and f GDPR): This includes customer loyalty, the implementation of customer loyalty programs, the optimization of customer offers, market or opinion research as well as the implementation of customer events. You may object to any processing or use of your data for direct marketing purposes at any time. The objection must be addressed to the person responsible;
To comply with legal and regulatory requirements (Art. 30 as well as Art. 31 para. 1 DPA / Art. 6 para. 1 let. c GDPR): We process your data to fulfill the legal obligations to which we are subject. This includes the processing of data in the context of obligations to provide information to authorities as well as compliance with tax and / or commercial regulations (e.g. retention obligations of business and accounting records);
For the sale or purchase of business units, companies or parts of companies and other transactions under company law (Art. 30 as well as Art. 31 para. 1 DPA / Art. 6 para. 1 let. a and f GDPR).
In the aforementioned purposes also lies our legitimate interest in the processing of personal data pursuant to Art. 31 para. 1 DPA or Art. 6 para. 1 let. f GDPR.
Processing of personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with all relevant information.
5. Categories of recipients of data
In principle, your personal data will only be passed on to the recipients named below without your express prior consent:
DataStore uses the following processors:
Subcontractors and cooperation partners engaged by DataStore to provide the services owed to you.
Companies for the purpose of centralized order processing and financial accounting.
Logistics service provider to ship the products, marketing materials or other items you order from DataStore.
Payment service providers to process payments from you to DataStore or vice versa;
Service provider for collection services, advertising and marketing, sending newsletters or conducting customer surveys.
IT service provider for the provision of cloud services, software and hardware, and for carrying out maintenance work.
Software provider for the use of communication offers with customers, in particular also for the implementation of event offers.
The transfer of data to processors takes place based on Art. 9 DPA or Art. 28 (1) GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialized processors and the fact that your rights and interests in the protection of your personal data do not prevail, Art. 31 (1) DPA or Art. 6 (1) f GDPR.
Suppliers: We permit suppliers to view the data we process as part of checks and audits on compliance with manufacturer requirements (e.g. on billing or compliance with credit limits, Article 31 (1) and Article 2 (a) DPA/Article 6 (1) (b) GDPR).
6. Data transmission abroad
Your personal data is generally processed in Switzerland. However, we may transfer your data to trusted recipients in third countries (both in Europe and worldwide).
This is done on the basis of a so-called adequacy decision of the Federal Council or the European Commission. If a recipient is in a country without appropriate legal data protection, we oblige them to comply with applicable data protection on the basis of appropriate safeguards pursuant to Article 16 (2) DPA or Article 46 (2) GDPR, in particular so-called standard contractual clauses, which have also been issued by the European Commission or recognized, issued or approved by the Federal Data Protection and Information Commissioner (FDPIC). We may not impose an obligation of this nature if an exception applies. An exception can apply in the event of legal proceedings abroad, as well as in cases of overriding public interest, if processing a contract requires disclosure abroad, if you have consented to this, or if this is generally accessible data and you have not objected to its processing.
In the present case, it cannot be ruled out that we transmit personal data to recipients in the USA. Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore end up abroad even if the sender and recipient are in the same country.
7. Duration of storage
We store your personal data until the purpose on which the processing is based (see section 4 above) no longer applies. If we are legally obligated to store personal data, the data will be stored for the duration of the legal obligation. For commercial documents, which include financial accounting and the supporting documents (including invoices), this is up to 10 years. If necessary, your data will be blocked for ongoing operations during this time, provided that there is no other purpose for the processing.
8. Automated data collection and processing on our website
Our website uses the technologies and tools described below to enable us and third parties engaged by us to recognize you when you use our website and, under certain circumstances, to track you across multiple visits. If you do not wish to use them, we will provide you with various options and settings for the respective tool to prevent their use. Unless otherwise noted, your personal data is processed in this respect on the legal basis of your consent under Article 31 (1) DPA or Article 6 (1) (a) GDPR. In this case, you can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent until revocation.
Our website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to DataStore as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to DataStore cannot be read by third parties.
c. Contact form
If you send DataStore inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by DataStore for the purpose of processing the inquiry and in case of follow-up questions.
By pressing the query, you consent to the corresponding processing of your data. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. We do not pass on the data from the contact form to third parties without your consent.
d. Newsletter data
For actively registered customers (resellers and managed service providers) we offer the possibility to register for the free newsletter offered on this website. For this purpose, we obtain from you an e-mail address and information that allows DataStore to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time. You will find a link to unsubscribe from the newsletter in every newsletter. Alternatively, you can also send your revocation to the following e-mail address email@example.com.
e. Google Maps
Our website uses the offer of Google Maps. This allows DataStore to display interactive maps directly on the website and enables you to comfortably use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit: https://policies.google.com/privacy?hl=en-US
f. Google Ads
Our website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Ads will set a "cookie" (see section 8. a. above) on your computer. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies or set your browser so that cookies from the domain "googleleadservices.com" are blocked.
Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
The legal basis for the processing of personal data using Google Ads is Art. 30 and Art. 31 para. 1 DPA and Art. 6 para. 1 let. f GDPR.
g. Google Remarketing
Our website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A "cookie" is stored in the browser of the website visitor (see section 8. a. above), which makes it possible to recognize the visitor when they visit websites that belong to the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.
The legal basis for the processing of personal data using Google Remarketing is Art. 30 and Art. 31 para. 1 DPA and Art. 6 para. 1 let. f GDPR.
h. Google reCAPTCHA
Our website uses the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland "Google"). The query serves the purpose of distinguishing whether the input is made by a human or by automated, machine processing. The query includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and further used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In the event of a corresponding order from our side, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other data from Google. Your data may also be transmitted to the USA in the process.
By pressing the query, you consent to the corresponding processing of your data. The processing is thus based on Art. 31 (1) DPA or Art. 6 (1) a GDPR with your consent.
i. Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on our website is located outside the European Economic Area or Switzerland, then the Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".
The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Our website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".
We have configured the service so that Google truncates the IP addresses within Europe before forwarding them to the USA, meaning it is not possible for them to be traced back. We have deactivated the settings for “data disclosure” and “signals”.
While we can therefore assume that the information we share with Google is not personal data for Google, it is possible for Google to use this data for its own purposes to draw conclusions about visitors’ identities, to create personal profiles and to link this data to a person’s Google accounts. If you consent to the use of Google Analytics, you are explicitly consenting to processing of this nature, which also includes the transmission of personal data (in particular, usage data for the website and app, device information and individual IDs) to the USA and other countries. As a result, the legal basis for the use of Google Analytics is your consent under Article 31 (1) DPA and Article 6 (1) (a) GDPR.
Furthermore, you can prevent the use of Google Analytics by clicking on this link: https://tools.google.com/dlpage/gaoptout?hl=en. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other device.
j. LinkedIn und XING
We use the marketing services of the social networks LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn") and XING, Grosse Bleichen 27, Kaisergalerie, 20354 Hamburg, Germany ("XING") within our online offer.
The information generated by the cookie about your use of this website is transmitted pseudonymously to a server of LinkedIn and XING also in the European Union and the USA and stored there. LinkedIn and XING therefore do not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the person for whom the cookie was generated. This does not apply if the user has allowed LinkedIn or XING to process without pseudonymization or has a LinkedIn and/or XING account.
We use LinkedIn Analytics to analyze and regularly improve the use of our website. The statistics obtained enable DataStore to improve our offer and make it more interesting for you as a user.
If we ask for consent for the use of "LinkedIn" and "XING", the legal basis for the processing of the corresponding data is Art. 31 para. 1 DPA and Art. 6 para. 1 let. a GDPR. Third-party provider information: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; https://www.linkedin.com/help/linkedin/answer/3537/aktualisierte-nutzervereinbarung-und-datenschutzrichtlinie?lang=en
k. Newsletter - Mailchimp
The newsletter is sent using the dispatch service provider 'MailChimp', a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
Provided we request your consent for the use of “MailChimp”, the use of this service is based on your consent under Article 31 (1) DPA or Article 6 (1) (a) GDPR and a data processing agreement under Article 9 DPA or Article 28 (3) GDPR.
Functions of the "YouTube" services are integrated on our website. "YouTube" is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
We have integrated features from Instagram into our website. Instagram is a social media platform operated by the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Meta Platform Inc., which also operates “Facebook”.
If you have consented to your data being processed and stored by integrated social media elements, this consent is taken as the basis for data processing (Article 31 (1) (a) DPA or Article 6 (1) (a) GDPR). In principle, your data is also processed on the basis of our legitimate interest (Articles 30 and 31 DPA and Article 6 (1) (f) GDPR) in good, swift communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have consented to this.
The copyright and all other rights to content, images, photos or other data on our website, belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of any files, the written consent of the copyright holder must be obtained in advance.
Anyone who commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and possibly to damages.
10. General disclaimer for our internet offer
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely excluded, so we cannot guarantee the completeness, accuracy and timeliness of information, including journalistic-editorial nature. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
We may modify or delete text at our own discretion and without notice and are not obliged to update the contents of this website. The use of or access to our website is at the visitor's own risk. We, our clients or partners are not responsible for any damages, such as direct, indirect, incidental, consequential or punitive damages, alleged to have been caused by the use of our website and consequently assume no liability for such damages.
We also assume no responsibility or liability for the content and availability of third-party websites that can be accessed via external links from our website. The operators of the linked sites are solely responsible for their content. We thus expressly distance ourselves from all third-party content that may be relevant under criminal or liability law or that may offend common decency.
11. Your rights
Right to information (Art. 25 DPA or Art. 15 GDPR): You have the right to request information from DataStore at reasonable intervals about your personal data processed by DataStore. Upon request, we will provide you with a copy of the data that is the subject of processing.
Right to rectification (Art. 32 DPA or Art. 16 GDPR): You have the right to demand that we correct incorrectly processed data.
Right to restrict processing (Art. 30 para. 2 let. b DPA or Art. 18 GDPR): Under certain circumstances, you have the right to restrict the processing of your personal data (e.g. with regard to the duration of use, the subject matter or the purpose of the processing, etc.). In such a case, we may only continue to process the data in the previous manner if there is a legally provided justification.
Right to erasure (Art. 30 para. 3 DPA or Art. 17 GDPR): You also have the right to demand that we erase your personal data. We are obliged to delete, among other things, if you expressly prohibit DataStore from processing and there is no justifiable reason for further processing, if your personal data is no longer required for the purposes for which it was collected or otherwise processed, if you have revoked consent once given, or if the data was processed unlawfully.
Right to withdraw consent (Art. 6 para. 6 and Art. 31 para. 1 DPA or Art. 7 para. 3 GDPR), insofar as our processing is based on your consent.
Right to data surrender and transfer (Art. 28 DPA or Art. 20 GDPR): Where we process your data automatically for the conclusion or execution of a contract or with your consent, we must surrender this data to you in a machine-readable format or - at your choice - transfer it to a third party at your request.
Right to object (Art. 21 GDPR): If the processing of your data by DataStore is based on the performance of a task carried out in the public interest or is carried out in the exercise of official authority (Art. 6 (1) sentence 1 (e) GDPR) or if the data processing is based on our legitimate interests, you have the right, on the basis of the GDPR, to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then terminate the processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests in terminating the processing.
The objection to the processing of your personal data for direct marketing purposes is possible at any time without restrictions.
If the data processing by DataStore is based on your consent, you have the right to revoke any consent given to DataStore at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected by the revocation.
Right of notification or complaint (Art. 49 DPA or Art. 77 GDPR): To the extent applicable to you, there is a right of notification or complaint to a competent data protection authority. The competent supervisory authority for Switzerland can be reached at the following address: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH 3003 Bern.
13. Questions about data protection
If you have any questions about data protection, please write to DataStore by e-mail or directly contact the data protection officer in our organization listed at the beginning of this privacy statement.