Privacy policy

Introduction and general information
Thank you for your interest in our website. The safety of your personal data is very important to us. Below, you will find information on how we handle the data collected through your use of the website. Your data is processed in accordance with statutory data protection regulations.

Data controller within the meaning of the GDPR

labaxetta AG
Gotthelfstraße 22a
5000 Aarau, Switzerland
E-mail: dataprivacy@labaxetta.com

Contact details of the EU representative:
Proliance GmbH / www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich, Germany

datenschutzbeauftragter@datenschutzexperte.de

Definitions
Our privacy policy should be accessible and easy to understand for everyone. In general, this privacy policy uses the official terms of the General Data protection Regulation (GDPR). The official definitions are explained in Article 4 GDPR.

Web hosting
This website is hosted by an external service provider (maxcluster GmbH). It is hosted in Frankfurt am Main, Germany. Personal data collected on this website are saved on the servers of the host. This predominantly relates to IP addresses, contact requests, meta data and communication data, website visits and other data generated via the website.

We have concluded a data processing agreement with this provider in accordance with the guidelines in Article 28 GDPR, obligating the provider to protect the data of our customers and not transfer it to third parties.

Web server log files
For technical reasons, it is necessary for your internet browser to transfer data to our web server when you visit our website. When connected, the following data is recorded for the communication between your internet browser and our web server:

  • Date and time of the request
  • Full IP address of the computer making the request
  • Request log
  • User agent
  • Status code
  • URL path
  • Referrer
  • Transferred data quantity (in bytes)

We collect the data listed here in order to ensure a smooth connection with the website and make it comfortable for users to use our website. Furthermore, the log file is used for the evaluation of system security and stability and for administrative purposes. The legal basis for the temporary storage of data and log files is provided by Article 6(1)(f) GDPR.

This data is saved by us temporarily for reasons of technical security, in particular for protection against cyber attacks on our web server. This data does not allow us to identity individual persons. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, meaning it is no longer possible to correlate the data to an individual user.

In anonymised form, the data may also be processed for statistical purposes. At no point is this data saved together with other personal data of the user, compared with other databases or transferred to third parties.

Cookies
Our website uses what are known as “cookies”. Cookies are small text files that are saved on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies stay on your end device until you delete them manually or they are deleted automatically by your web browser. 

Cookies have various functions. Many cookies are necessary for technical reasons, because certain website functions would not work without them (e.g. shopping basket functions or language settings). Other cookies serve to evaluate user behaviour or display advertisements. 

Technically necessary cookies are saved on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in saving cookies for the technically sound, optimised provision of our services. Other cookies are only saved with your consent on the basis of Article 6(1)(a) GDPR. You can revoke your consent with effect for the future at any time. The legal basis may also be derived from Article 6(1)(b) GDPR if the processing of the data is required for the fulfilment of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 

Insofar as cookies are used for analytical purposes, we will inform you of this separately in the scope of this privacy policy and ask for your consent. 

 You can set your browser so that you  

  • are informed about the setting of cookies,  
  • only allow cookies in individual cases,  
  • reject cookies for certain scenarios or in general, 
  • activate the automatic deletion of cookies when closing your browser.  

    You can manage your cookie settings under the following links for the respective browser types: 

      You can also manage cookies from many companies and functions that are used for advertising individually. To do so, use the corresponding user tools, which can be found at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.  

      Most browsers also offer a “Do Not Track” setting. When this setting is activated, the respective browser notifies advertising networks, websites and applications that you do not wish to be “tracked” for behaviour-based advertising or similar. 

      You can find information and instructions on managing this setting under the following links, depending on your browser provider:  

      Furthermore, you can prevent the loading of “scripts” as default. “NoScript” only allows JavaScripts, Java and other plug-ins from trusted domains of your choice. You can find information and instructions on managing this setting under the following links from your browser provider (e.g. for Mozilla Firefox under: https://addons.mozilla.org/de/firefox/addon/noscript/). 

      Please note that deactivating cookies might limit the functionality of our website.

      Changing your cookie settings
      You can revoke or change your cookie settings at any time. To do so, go to your cookie settings via this link

      Contact form and contact via e-mail
      If you contact us via the contact form or via e-mail, will will save the information from the contact form or e-mail, including the personal data provided by you for the purpose of processing your enquiry and for the event that there are follow-up questions. An e-mail address is required for contact purposes, while the specification of your first name, surname and phone number is voluntary. In no case will this data be forwarded to third parties without your consent. The legal basis for the processing of this data is our legitimate interest in answering your enquiry in accordance with Article 6(1)(f) GDPR, or Article 6(1)(b) GDPR insofar as your enquiry is aimed at moving towards the conclusion of a contract. Your data is deleted once your enquiry has been fully processed insofar as no legal retention obligations prevent this. In the case of Article 6(1)(f) GDPR, you can object to the processing of your personal data at any time.

      Registration
      You have the option of registering for certain services provided on our website and in this scope creating a user profile. In the scope of the registration and setup, we collect and use the following personal data:

      • Title
      • First name and surname
      • Password

      Compulsory information required for registration are labelled as compulsory fields with an asterisk in the entry form. With your user account, you have the option of using additional parts of our website and logging in to benefit from offers you receive. The legal basis of this data processing is Article 6(1)(a) GDPR if you give your consent or Article 6(1)(b) GDPR insofar as the processing is necessary for the provision of the requested services. Your data is deleted as soon as the user account is deleted on our website and as far as no statutory retention obligations prevent this. You can generally change and/or delete your user account, as well as the data you provided, directly in your user account after logging in. You can also request for this to be carried out by sending a message to this effect to the data controller named in the introduction above.

      Shop
      For access to our online shop, we provide the option of registering and creating a customer account by providing your personal data. The data is entered in an entry form, transferred to us and saved. The data is not forwarded to third parties. In the scope of registering for a customer account, we save your data necessary for concluding and fulfilling a contract:

      • Title
      • First name and surname
      • Password

      A registration of the user is required for the fulfilment of the contract, the performance of pre-contractual measures or the provision of the services requested. The legal basis for the processing of the data is provided by Article 6(1)(b) GDPR. The data is deleted if the data is no longer required for the fulfilment of the contract. Even after conclusion of the contract, it can be necessary to save the personal data of our contractual partners in order to fulfil contractual or legal obligations. As users, you have the option of unregistering at any time. The premature deletion of data is only possible insofar as no contractual or legal obligations prevent this.

      Newsletter
      If you would like to receive the newsletter offered on our website with regular information on our offers and products, we require your e-mail address.

      Additional data may be requested in order to be able to address you by name in the newsletter and/or identify you in case you wish to make use of your rights as a data subject.

      When distributing the newsletter, we use a process called the double-opt-in process. This means that we will only send you our newsletter via e-mail if you have expressly confirmed that you consent to the newsletters being sent. The first step involves you receiving an e-mail with a link which you can then click to confirm that you are the owner of the e-mail address in question and that you wish to receive the newsletter in future. With this confirmation, you give us your consent in accordance with Article 6(1)(a) GDPR that we can use your personal data for the purpose of sending you the newsletter, as requested.

      When you subscribe to the newsletter, we save the e-mail address required for sending the newsletter along with the IP address you used for subscribing to the newsletter as well as the date and time of your subscription and confirmation in order to be able to trace possible misuse in the future.

      You can unsubscribe from the newsletter at any time by clicking the link included in every newsletter or sending an e-mail to the aforementioned data controller. After successfully unsubscribing, your e-mail address will be immediately deleting from our newsletter distribution list, insofar as you did not expressly consent to the continued use of the data collected or the continued processing is otherwise legally permitted.

      Our e-mail newsletter is sent via a technical service provider to which we forward the data you provide in your newsletter subscription. We have concluded a data processing agreement with our e-mail service provider, obligating the provider to protect the data of our customers and not transfer it to third parties.

      Service provider: Emarsys Interactive Services GmbH
      Address: Willi-Schwabe-Straße 1, 12489 Berlin, Germany
      Privacy policy:  https://emarsys.com/de/datenschutzrichtlinie/ Emarsys

      The service provider uses the information from the newsletter subscription to send and statistically evaluate the newsletters on our behalf. For the evaluation, the e-mails contain what are known as web beacons or tracking pixels which are single-pixel picture files saved on our website. In this way it can be seen whether a newsletter message was opened and which links were clicked on. Using a function known as “conversion tracking”, it can also be analysed whether a pre-defined action was performed after clicking the link in the newsletter (e.g. the purchase of a product on our website). Technical information is also collected (e.g. time of visit, IP addresses, browser type and operating system). This data is only ever collected in pseudonymised form and is not linked to your other personal data, so its direct correlation to your person is impossible. This data is only used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

      If you wish to object to this data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

      Google Analytics
      Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”.

      Google will use this information on behalf of the website owner to evaluate your use of the website and create reports on website activities. Google will also use this information to provide the website owner with other services relating to the use of the website and the internet. The IP address sent by your browser in the scope of Google Analytics will not be combined with other data from Google. The data is processed in accordance with Article 6(1)(a) GDPR on the basis of the consent you provide.

      We only use Google Analytics with IP anonymisation activated. This means that your IP address is only processed by Google in a shortened form.

      We have concluded a data processing agreement with the service provider, obligating the provider to protect the data of our customers and not transfer it to third parties.

      As a transfer of personal data to the USA takes place, additional protection mechanisms are required to ensure the level of data protection of the GDPR is maintained. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46(2)(c) GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection required in Europe. In cases where this cannot be ensured, even with this contractual extension in place, we will endeavour to implement further regulations and agreements with the recipients in the USA.

      The terms of use of Google Analytics and information regarding data protection can be found via the following links:

      http://www.google.com/analytics/terms/de.html
      https://www.google.de/intl/de/policies/

      The data is deleted as soon as it is no longer required for the purpose for which they were collected. Data linked with cookies, user identifiers (e.g. user IDs) and advertising IDs (e.g. DoubleClick cookies, Android Advertising ID, IDFA [Apple Identifier for Advertisers]) is deleted at user and event level at the latest 14 months after its collection.

      You can prevent cookies being saved by changing the settings in your browser software. However, please note that if you do so you might not be able to use all website functions without restriction. You can also prevent Google from collecting the data generated by the cookie, analysing your use of the website (including your IP address) and processing this data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.

      Google Signals
      This website also uses Google Signals. This is an extended function of Google Analytics which enables cross-device tracking. As long as your web-enabled devices are connected to your Google account, this means that Google can create reports about your usage behaviour (in particular the cross-device user numbers), even when you use a different end device. Google uses data for this purpose as long as you have activated the “personalised advertising” setting in your Google account.

      The data is processed in accordance with Article 6(1)(a) GDPR on the basis of the consent you provide.

      We only use Google Analytics with IP anonymisation activated. This means that your IP address is only processed by Google in a shortened form.

      The data is deleted as soon as it is no longer required for the purpose for which they were collected.

      You can deactivate the “personalised advertising” setting in your Google account at any time and thus object to the collection of data through Google Signals.

      https://support.google.com/ads/answer/2662922?hl=de

      Google Ads Remarketing
      Our website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

      Provided you have given your consent, this function enables advertising target groups created with Google Ads Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. The legal basis is your consent in accordance with Article 6(1)(1)(a) GDPR. In this way, interest-based, personalised advertisements tailored to your earlier usage and surfing behaviour on one end device (e.g. smartphone) can be displayed on another of your end devices (e.g. tablet or computer).

      If you have given your consent, Google links your internet and app browser history with your Google account for this purpose. In this way, the same personalised advertising can be displayed on any end device on which you are logged in to your Google account.

      To support this function, Google Analytics collects Google-authenticated user IDs which are temporarily linked with our Google Analytics data in order to define and create target groups for cross-device advertising.

      You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; to do so, follow this link: https://adssettings.google.com/    

      As a transfer of personal data to the USA takes place, additional protection mechanisms are required to ensure the level of data protection of the GDPR is maintained. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46(2)(c) GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection required in Europe. In cases where this cannot be ensured, even with this contractual extension in place, we will endeavour to implement further regulations and agreements with the recipients in the USA.

      You can find further information and privacy terms in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/

      Social media channels
      Below, you can find information on the handling of your data collected through your use of our social media channels. Your data is processed in accordance with statutory regulations.

      If your personal data is processed by one of the providers listed below, that provider is the data controller within the meaning of the GDPR. To exercise your rights as a data subject, please note that you can do so most effectively by contacting the respective providers directly. Only they have access to the data collected from you. If you still require help, you can also contact us at any time.

      We have social media channels on the platforms of the following providers:

      • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA

      You can find information on contacting the data protection officers of the remaining social media providers here:

      When visiting and using the above platforms, personal data may be transferred to the USA or other third countries outside the EU. As such, further protection mechanisms are required in these cases to ensure the level of data protection of the GDPR. You can find further information on whether the providers can demonstrate suitable measures in this regard, and what these measures are, below.

      We have no influence on the processing of your personal data by the provider and how this data is handled. Nor do we have any information regarding this. For further information, please check the privacy policy of the respective provider and if necessary make use of the opt-out/personalisation options regarding the processing of your data by that provider:

      Facebook Pixel
      Our website uses “Facebook Pixel”, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: “Facebook”).

      Insofar as you have given us your consent to do so in accordance with Article 6(1)(1)(a) GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to show you relevant and interesting ads on Facebook and in that way improve our online offering, make it more interesting for you as a user and avoid annoying, irrelevant ads.

      Facebook Pixel enables Facebook to only show our Facebook ads to Facebook users who have visited our website, in particular those who have shown an interest in our online shop. In such cases, Facebook Pixel also lets us see whether a user was redirected to our website by clicking on our Facebook ads. Among other things, Facebook Pixel uses cookies, which are small text files which are saved locally in the cache of your internet browser on your end device. If you are signed into your Facebook account, it will be noted in your user account that you visited our website. The data collected about you is anonymous to us and as such does not allow us to identify individual users. However, this data can be linked to your Facebook account by Facebook. If you have a Facebook account and are signed in, Facebook can assign the visit to your user account.

      As a transfer of personal data to the USA takes place, additional protection mechanisms are required to ensure the level of data protection of the GDPR is maintained. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46(2)(c) GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection required in Europe. In cases where this cannot be ensured, even with this contractual extension in place, we will endeavour to implement further regulations and agreements with the recipients in the USA.

      You can find further information on data protection from the third-party provider on the following Facebook website: https://www.facebook.com/about/privacy.
      You can find information about Facebook Pixel on the following Facebook website: https://www.facebook.com/business/help/651294705016616

      The settings regarding which type of ads are shown to you within Facebook can be found on the following Facebook website: https://www.facebook.com/settings?tab=ads.

      Please note that these settings will be deleted if you delete your cookies. Furthermore, you can deactivate cookies intended for reach measurement and advertising purposes via the following links:
      http://optout.networkadvertising.org/
      http://www.aboutads.info/choices
      http://www.youronlinechoices.com/uk/your-ad-choices/
      Please note that these settings will be deleted if you delete your cookies.

      Google reCAPTCHA
      We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

      reCAPTCHA is used to check whether data entered on our website (for instance in a contact form) is entered by a human or an automated program. For this purpose, reCAPTCHA analyses various aspects of the website visitor’s behaviour. This analysis starts automatically as soon as the website visitor enters the website. reCAPTCHA analyses various information such as

      • IP address
      • Duration spent on the website
      • Mouse movements made by the user
      • The data collected in the analysis are forwarded to Google.

      The reCAPTCHA analyses are performed completely in the background. Website visitors will not be notified that an analysis is taking place. The data is processed on the basis of Article 6(1)(f) GDPR.

      We have a legitimate interest in protecting our website from improper automated spying and from undesired automated spam.

      As a transfer of personal data to the USA takes place, additional protection mechanisms are required to ensure the level of data protection of the GDPR is maintained. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46(2)(c) GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection required in Europe. In cases where this cannot be ensured, even with this contractual extension in place, we will endeavour to implement further regulations and agreements with the recipients in the USA.

      We do not save any personal data resulting from the use of reCAPTCHA. In general, the personal data of the data subject will be deleted or blocked as soon as the purpose for its storage ceases to apply.

      You can find further information on Google reCAPTCHA as well as Google’s privacy policy at: https://www.google.com/intl/de/policies/privacy/  and https://www.google.com/recaptcha/intro/v3beta.html

      Google Tag Manager
      This website uses Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service enables the management of website tags on a website. Google Tag Manager only implements tags. This means: it does not involve the use of cookies and only the user’s IP address is transferred to Google to establish a connection. Google Tag Manager fires other tags which may record data. However, Google Tag Manager does not access this data. In case of deactivation on domain or cookie level, this applies to all tracking tags provided they were implemented using Google Tag Manager.

      We use Google Tag Manager on the basis of our legitimate interest derived from Article 6(1)(f) GDPR. Our legitimate interest in this respect is enabling the technical integration of other website tools.

      As a transfer of the IP address to Google in the USA takes place, additional protection mechanisms are required to ensure the level of data protection of the GDPR is maintained. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Article 46(2)(c) GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection required in Europe. In cases where this cannot be ensured, even with this contractual extension in place, we will endeavour to implement further regulations and agreements with the recipients in the USA.

      External links
      On our website, social media platforms (Facebook, Instagram and Twitter) are only integrated as links to the respective services. By clicking on the integrated text/image links, you will be redirected to the website of the respective provider. Only once you are redirected will your user information be transferred to the respective provider. For information regarding the processing of your personal data when using these websites, please see the respective privacy terms of the providers you use.

      Data transfer and recipients
      Your personal data is not transferred to third parties, unless
      - we have made explicit mention of this in the description of the respective data processing activity,
      - you have given your express consent in accordance with Article 6(1)(1)(a) GDPR,
      - the transfer is required to assert, exercise or defend legal claims in accordance with Article 6(1)(1)(f) GDPR and there is no reason to suspect that you have an overriding interest in your data not being transferred,
      - the transfer is a legal obligation in accordance with Article 6(1)(1)(c) GDPR or
      - it is required for the settlement of the terms of your contract in accordance with Article 6(1)(1)(b) GDPR.
      Furthermore, for the execution of our services we use external service providers who we have carefully selected and commissioned in writing. They are bound to follow our instructions and are regularly checked by us. If necessary, we have concluded data processing agreements with them in accordance with Article 28 GDPR. These are service providers for web hosting, sending emails, the maintenance and care of our IT systems as well as payment providers, etc. The service providers do not transfer this data to third parties.

      Data security
      We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for purposes of security and preventing the transmission of confidential information.

      Storage duration of personal data
      The storage duration of personal data is based on the applicable legal retention periods (e.g. arising from commercial law and tax law). The relevant data is routinely deleted after expiry of the respective retention period. If data is required to fulfil or initiate a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.

      Your rights
      Below, you will find information on which data subject rights you are granted by applicable data protection law vis-à-vis the data controller regarding the processing of your personal data:

      The right to request information in accordance with Article 15 GDPR regarding your personal data being processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

      The right to request the rectification of inaccurate or incomplete personal data stored by us without undue delay in accordance with Article 16 GDPR.

      The right to request the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression of opinion and information, for compliance with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

      The right to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you or the processing is unlawful but you object to its deletion and we no longer require the data but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 GDPR.

      The right, pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another data controller.

      The right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

      The right to revoke consent given in accordance with Article 7(3) GDPR: You have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

      Right of objection
      If your personal data is processed by us on the basis of legitimate interests pursuant to Article 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, insofar as this is done for reasons arising from your particular situation Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
      If you would like to exercise your right of revocation or objection, it is sufficient to send an e-mail to dataprivacy@labaxetta.com

      Legal obligations
      The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

      Automated decision making
      Automated decision making or profiling in accordance with Article 22 GDPR does not take place.

      Right of modification
      We reserve the right to amend or update this privacy policy as necessary with consideration to the applicable data protection guidelines. In this way, we can adapt them to the current legal requirements and take into account changes to our services, e.g. the introduction of new services. For your visit, the version valid at the time of your visit applies.

      This privacy policy is valid as at: 10.03.2021