Responsible body in terms of data protection laws, in particular the EU General Data Protection Regulation (DSGVO), is:
Toshi by Anja Lienhard
Phone: +4179 423 78 90
In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address are collected as far as possible on a voluntary basis. Without your consent, the data will not be passed on to third parties.
Processing of personal data
Personal data is any information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) GDPR:
- Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request.
- Legal obligation (Art. 6 (1) p. 1 lit. c. DSGVO) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Protection of vital interests (Art. 6 (1) p. 1 lit. d. DSGVO) - Processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
- Application procedure as a pre-contractual or contractual relationship (Art. 9(2)(b) DSGVO) - Insofar as special categories of personal data within the meaning of Art. 9(1) DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application procedure, so that the controller or the data subject can fulfil the obligations incumbent on him/her under rights under employment law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9(2)(b). DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-lasting retention obligations due to legal and other obligations to which we are subject, we restrict the processing accordingly.
Relevant legal bases
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Transmission of personal data
In the course of our processing of personal data, the data may be transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we process the data only in third countries with a recognized level of data protection, contractual obligation by so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection rules (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
The following cookie types and functions are distinguished:
- Temporary cookies (also: session cookies): temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.
- First-party cookies: First-party cookies are set by ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
Storage period: Unless we provide you with explicit information on the storage period of permanent cookies (e.g. in the context of a so-called cookie opt-in), please assume that the storage period can be up to two years.
- Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g., website visitors, users of online services).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Third party services
This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.
These services of the American Google LLC use, among other things, cookies and, as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.
Google has undertaken to ensure adequate data protection in accordance with the US-European and the US-Swiss Privacy Shield.
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe link" in the newsletter.
Services with costs
For the provision of chargeable services, we ask for additional data, such as payment details, in order to be able to execute your order or your order. We store this data in our systems until the legal retention periods have expired.
Use of Google Maps
This website uses the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit: www.google.de/intl/de/policies/privacy.
This website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain "googleleadservices.com" are blocked.
Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, then Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as "Google".
The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your usage in the settings there under "My data", "Personal data".
The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" to ensure anonymized collection of IP addresses. This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
In addition, you can also prevent the use of Google Analytics by clicking on this link: Disable Google Analytics. This will save a so-called opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your terminal device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be activated separately for each browser, computer or other end device.
This website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When calling up our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a "Like" or "Share" button are also passed on to Facebook. You can learn more at https://de-de.facebook.com/about/privacy.
Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
On this website, we use social plugins of the social network Pinterest, which is operated by Pinterest Inc, 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the visited websites that also contain Pinterest functions, type and settings of the browser, date and time of the request, your usage of Pinterest as well as cookies.
For more information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, please refer to the Pinterest data protection information: https://about.pinterest.com/de/privacy-policy
External payment service providers
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example, via
- Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
- Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
- American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
- Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
- Apple Pay (https://support.apple.com/de-ch/ht203027)
- Stripe (https://stripe.com/ch/privacy)
In the context of fulfilling contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance as well as and to the extent necessary pursuant to Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
Newsletter - Klaviyo
The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
On this website, functions of the service "YouTube" are integrated. "YouTube" is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
Order processing in the online store with customer account
We process the data of our customers in accordance with the data protection provisions of the Federal (Data Protection Act, DSG) and the EU-DSGVO, in the context of ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. In this context, we use session cookies, e.g. for storing the shopping cart content, and permanent cookies, e.g. for storing the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information will be provided to users. User accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons entspr. Art. 6 para 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiry.
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships and related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.
We process this data in order to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Customer account: Contractual partners can create an account within our online offer (e.g. customer or user account, "customer account" for short). If registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent logins and use of the customer account, we store the IP addresses of the customers along with the access times in order to be able to prove registration and prevent any misuse of the customer account.
If customers have terminated their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the responsibility of the customer to back up their data upon termination of the customer account.
Analyses and market research: For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarized data).
Store and e-commerce: We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery, or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is identified as such in the context of the order or comparable purchase process and includes the information needed for delivery, or provision and billing, as well as contact information, so that any consultation can be held.
Agency services: We process customer data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services.
Provision of our services in accordance with the Articles of Association
We process the data of our members, supporters, interested parties, customers or other persons in accordance with the data protection provisions of the German Federal Data Protection Act (Datenschutzgesetz, DSG) and the EU-DSGVO pursuant to Art. 6 para. 1 lit. b. DSGVO, insofar as we offer contractual services to them or act within the scope of existing business relationships, e.g. vis-à-vis members, or are ourselves recipients of services and benefits. Otherwise, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks or public relations are involved.
The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer payable services or products, payment data (e.g., bank details, payment history, etc.).
We delete data that is no longer required for the provision of the statutory purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant to the business transaction, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations apply.
The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of any files, the written consent of the copyright holder must be obtained in advance.
Anyone who commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and possibly to damages.
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that we cannot guarantee the completeness, correctness and up-to-dateness of information, including journalistic and editorial information. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
The publisher may change or delete texts at his own discretion and without notice and is not obliged to update the contents of this website. The use of or access to this website is at the visitor's own risk. The publisher, its clients or partners are not responsible for damages, such as direct, indirect, incidental, consequential or punitive damages, allegedly caused by the visit of this website and consequently assume no liability for such damages.
The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked sites are solely responsible for their content. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that may offend common decency.
We can adapt this data protection declaration at any time without prior notice. The current version published on our website shall apply. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.
Questions for the data protection officer