Menu Account Search
Save 10% this third Advent weekend 🎄 Discount code: xmas10 on selected watch and jewelry brands!

10% off on selected products

Take advantage of the promo code santa10 on the entire* range.

*Tissot, Rado, Certina, Hamilton, Mido, Balmain, Swatch, Flik Flak, Oris, Frederique Constant, Perrelet, Meistersinger,Edox & Anonimo are excluded from the promo.

Not combinable

Close
Privacy Notice

Privacy Policy

I. General Information

1. Introduction

We, LUXOIA Webshop AG, operate an online store at https://www.helenkirchhofer.ch for the purchase of high-quality watches, jewelry, and accessories. Through this Privacy Policy, we aim to clarify how we collect and process personal data of website visitors, customers, suppliers, and other interested parties with whom we have business contact (hereafter collectively referred to as “users”). Responsible data handling and protection of your personal data is important to us.

Personal data of third parties may only be disclosed to us if you are authorized to do so and the personal data is correct. Please ensure that the individuals concerned are aware of this privacy policy.

This Privacy Policy is designed to comply with the requirements of Swiss data protection law and the EU General Data Protection Regulation (“GDPR”). The extent to which these laws apply depends on each individual case.

We may update this Privacy Policy at any time without prior notice. The current version published on our website is valid.

2. Data Protection Officer

The responsibility for the content of this Privacy Policy and for the described data processing lies with:

LUXOIA Webshop AG
Seestrasse 108
9326 Horn
Switzerland
Email: dataprotection@luxoia.com
Phone: +41 41 790 0 790

3. EU Data Protection Representative

For individuals residing in countries within the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein, as well as for the country-specific supervisory authorities under the GDPR, we appoint the following person as the EU Data Protection Representative in accordance with Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
Email: info@datenschutzpartner.eu
Website: https://datenschutzpartner.eu

4. Definitions

To enhance understanding, we clarify below the main terms used in this policy, adhering to the definitions in the Swiss Federal Data Protection Act.

  • Personal Data (GDPR: personal data): all information relating to an identified or identifiable natural person.
  • Data Subjects: natural persons whose data is processed;
  • Processing (GDPR: processing): any handling of personal data, regardless of the means and procedures used, particularly collecting, storing, maintaining, using, altering, disclosing, archiving, deleting, or destroying data.
  • Controller: a private person or federal authority who alone or jointly with others decides on the purpose and means of the processing.
  • Processor (GDPR: processor): a private person or federal authority who processes personal data on behalf of the controller.

5. Legal Basis for Data Processing

This Privacy Policy meets the requirements of the Swiss Federal Act on Data Protection ("DSG") and the associated Ordinance ("DSV") as well as the General Data Protection Regulation of the European Union ("GDPR"). The applicability of each of these legal requirements depends on the individual case. Foreign data protection laws only apply where mandatory under applicable law and only for the respective data processing operations and individuals involved.

We adhere to the applicable data protection laws when processing personal data.

Personal data processing must not unlawfully infringe on the privacy of the data subjects. Accordingly, data processing must comply with the data protection principles and/or be justified by a legal basis. In particular, we are authorized to process personal data if the processing:

  • is based on a legal basis
    Processing of personal data may be required or authorized by law.
  • is necessary for fulfilling a contract with the data subject or for pre-contractual measures
    The majority of personal data processing occurs as part of fulfilling contractual obligations (e.g., selling goods and services through our webshop).
  • is necessary to pursue legitimate interests of ours or third parties
    Our legitimate interest is particularly given when the processing of personal data is for the purposes mentioned under Section 8 below and the data disclosures under Section 10 and related goals.
  • is based on consent
    If the processing of personal data is based on your consent, we will inform you separately and transparently. You can revoke your consent at any time for the future via the options provided (e.g., unsubscribe link in newsletters) or by written notification to us (see contact points in Section 2 and 3 above). Upon receipt of your revocation, we will cease the affected data processing, unless we can base the processing on another legal basis.
  • is necessary to comply with domestic and foreign legal requirements.

6. Categories of Personal Data

Depending on the services and products you use and the relationship between you and us, we process, in particular, the following categories of personal data:

  • Master Data: e.g., title, name, first name, gender, date of birth, age, address and contact details like postal and billing addresses, phone numbers, email addresses, customer number, contact persons at suppliers and business partners, supplier numbers, username, language, nationality, profession, usernames, financial information, information about your status with us (inactivity or blocking of a user account, etc.).
  • Contract Data: e.g., information regarding the initiation, conclusion, execution, management, and termination of contracts between you and us, information related to applications (see also Section 16), interaction history, financial and payment information such as credit rating, information related to the enforcement of claims, bank data, information and data stored in your user account as a user.
  • Communication Data: e.g., master data, contract data, content exchanged via the respective communication channel, type, time, and possibly place of communication, metadata, details of linked websites and social media profiles, information about preferences and interests, and language preferences, etc.
  • Behavioral Data: e.g., information about attending events and participating in sweepstakes and competitions, information about the use of and behavior on our websites and applications (see also Section 14), information about the use of our infrastructure (platform, electronic communication channels, etc.).
  • Registration Data: e.g., date and time of registrations, certain offers and services can only be used after registration (e.g., login area on our website, newsletter dispatch, competitions, etc.). In the context of using the respective offer or service, we again collect certain behavioral data.
  • Technical Data: e.g., IP addresses, general information about the operating system and browser, information about visiting our websites and applications (date, time, duration of stay, number of visits, viewed content), visitor source (referring website), device identifiers, access data, cookies (see also Section 14.2).
  • Marketing Data: e.g., information about personal preferences and interests, newsletter subscriptions and unsubscriptions, content of marketing correspondence
  • Image and Audio Recordings: e.g., recordings of phone and video conference calls (only after prior notice and with your consent where necessary), recordings related to customer and personnel events.
  • Compliance Data: e.g., data related to inquiries, assessments, and measures in the field of compliance (including compliance incidents).

7. Source of Data

We collect personal data primarily directly from you as the data subject, such as master, contract, communication, and behavioral data. This data is collected in the course of establishing and processing business relationships as well as using our services and products. When you provide us with data about other persons (e.g., business partners), you must ensure that you are authorized to do so and that the data is accurate. Additionally, affected persons must be informed of this privacy policy beforehand.

We may also collect personal data about you ourselves or automatically, or derive it from existing data, especially behavioral, preference, and technical data.

Lastly, we may receive personal data from LUXOIA Group companies and other third parties, as permitted by law. These third parties include individuals in your environment, service providers, business partners, distributors, intermediaries, insurers, banks, online service providers, authorities, administrative offices, courts, parties, and their legal representatives in the context of legal proceedings, etc. Furthermore, we may also collect personal data from public sources (e.g., credit bureaus).

7. Source of Data

We collect personal data primarily directly from you as the data subject. This includes master data, contract data, communication data, and behavioral data. This data is gathered in the course of establishing and processing business relationships as well as when you use our services and products. If you provide us with data about other people (e.g., business partners), you must ensure that you are authorized to do so and that the data is accurate. Furthermore, the individuals involved must be informed of this privacy policy beforehand.

We may also collect personal data ourselves or automatically, or derive it from existing data, especially behavioral, preference, and technical data.

Finally, we may receive personal data from LUXOIA Group companies and other third parties, where permitted by law. These third parties include individuals in your environment, service providers, business partners, distribution partners, intermediaries, insurers, banks, providers of online services, authorities, agencies, courts, parties and their legal representation in legal proceedings, etc. Furthermore, we may also collect personal data from public sources (e.g., credit bureaus).

8. Purpose of Data Processing

We process the collected data to fulfill our legal and contractual obligations toward you and third parties. This includes especially establishing, managing, and processing contractual relationships and presenting and marketing our offerings on our platform.

In addition, we process the collected data to ensure communication with you, to provide and improve the products, services, and information you request, to manage your use of and desired access to our products, services, and information, to maintain our business relationship with you, to carry out advertising and marketing measures (if authorized by you, e.g., with your consent), to monitor and improve the performance of our offerings, to assert or defend legal claims, to detect, prevent or investigate illegal activities, to comply with laws and recommendations of domestic and foreign authorities as well as internal regulations ("compliance"), and for risk management, to ensure general operations (especially IT, website, etc.), and to ensure administrative processes (e.g., data archiving, accounting, master data maintenance, quality assurance).

9. Duration of Data Processing

We process your personal data for as long as we are legally obliged to do so (e.g., retention and archiving obligations) or as long as it is required to fulfill our legitimate business interests (e.g., asserting or defending claims, ensuring IT security) or as required by the purpose of collecting your data or technical conditions.

In certain cases, we store your personal data based on your consent (e.g., pending job applications).

In the context of contractual relationships, retention typically occurs for the duration of the contractual relationship and the subsequent statutory retention periods. This may result in your personal data being retained for several years after the end of the contractual relationship between you and us. Once your personal data is no longer necessary for the purposes stated above, they are generally deleted or anonymized wherever possible.

10. Disclosure of Personal Data to Third Parties

Where legally permissible and necessary, we may also share certain personal data with third parties as part of our business activities. Where permissible, these third parties process your personal data either on our behalf (processors), jointly with us (joint controllers), or under their own responsibility. This includes:

  • Group companies
  • Our service providers, such as banks, insurance companies, IT providers, shipping companies, debt collection companies, credit agencies, cleaning companies, advertising providers, event organizers, lawyers, external advisors, etc.
  • Business partners, such as suppliers, distribution partners, and intermediaries
  • Domestic and foreign authorities, agencies, and courts
  • Other parties involved in administrative and judicial proceedings
  • Parties involved in corporate transactions (e.g., mergers, acquisitions, or company divisions)
  • Additional third parties necessary to achieve the respective data processing purpose

Where necessary, we have contracts with these third parties. If we use processors, they are obliged to comply with data protection and data security regulations. Additionally, they may only process personal data according to our instructions. We also reserve comprehensive rights of inspection and control, as well as rights to request information, correction, and deletion.

11. Transfer of Personal Data Abroad

We primarily process and store personal data in Switzerland and the European Economic Area (EEA). In certain cases, however, we may disclose personal data to recipients outside this area or have them processed outside this area, generally in any country in the world. Specifically, you must be prepared for your personal data to be disclosed in all countries where our service providers and their subcontractors operate (particularly the USA; see also Sections 14 and 15).

We ensure compliance with legal requirements by taking appropriate measures. Specifically, an adequacy decision by the relevant authority is in place. Where such a decision is lacking, personal data transfers are based on appropriate safeguards (particularly standard contractual clauses approved by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC)) or on exceptions for specific situations (contractual processing, legal enforcement abroad, etc.), or we obtain your explicit consent.

12. Data Security

We employ technical and organizational security measures in line with current standards to protect your data.

Communication on our platform is encrypted using the SSL/TLS encryption protocol. However, please note that even encrypted data transmission over the Internet always entails security risks. It is not possible to guarantee complete protection of data from access by third parties.

13. Your Rights as a Data Subject

To the extent that the applicable data protection law provides for such rights and no legal exceptions apply, you generally have the following rights regarding the processing of your personal data:

  • To request information on whether and, if so, what personal data we process about you
  • To have incorrect or incomplete personal data corrected
  • To have your personal data deleted or anonymized
  • To receive data portability
  • To revoke any consent you have given to process your personal data with effect for the future
  • To object to the processing of your personal data (particularly regarding direct marketing).

Please note that these rights may be limited or excluded in specific cases (e.g., for the protection of third parties or trade secrets).

To exercise your data subject rights or if you have questions regarding this Privacy Policy and the data processing procedures described herein, you can contact the data protection officer listed above (Section 2) or the EU Data Protection Representative (Section 3) at any time.

If you believe that your data is being processed unlawfully, we appreciate your direct contact. Alternatively, you may lodge a complaint with the supervisory authority responsible for you. The Swiss supervisory authority for data protection is the Federal Data Protection and Information Commissioner (FDPIC). You can find a list of authorities in the EEA here.

II. Additional Information on Selected Data Processing Activities

14. Data Processing Related to Platform Use

14.1. Website Hosting Provider

We host our website with a German hosting provider based in Germany. With every visit to our website, the hosting provider automatically collects and stores information (server log files) transmitted by your browser. This includes the name and URL of the retrieved file, the date and time of access, data volume, web browser, and web browser version, operating system, the domain name of your Internet provider, the referrer URL (the page from which you accessed our offer), and IP address. These usage data are used to detect technical problems, ensure security, and statistically evaluate website usage, which also aids in improving our offerings.

The above-mentioned data are processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • Ensuring convenient use of our website,
  • Evaluating system security and stability, and
  • For other administrative purposes and in cases of illegal use of our website or services.

We have concluded a data processing agreement with the hosting provider.

Within the scope of the GDPR, data processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) as stated above or on your consent (Art. 6 para. 1 lit. a GDPR).

14.2. Cookies

Our website uses "cookies." Cookies are small text files that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently stored (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or until they are automatically deleted by your web browser.

Some cookies may also be set by third-party companies when you visit our site (third-party cookies). These allow us or you to use certain third-party services (e.g., cookies to process payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., displaying videos). Other cookies are used to analyze user behavior or display advertising.

During your first visit to our website, you can choose your preference regarding the use of cookies via the cookie banner, although the storage of technically necessary cookies cannot be prevented. If you do not agree with the storage of such cookies, we ask that you do not visit our website. You can change your preferences regarding cookie usage at any time via the "Cookie Settings" link in the footer of our website.

You can also configure your browser to not store cookies on your computer or to display a message each time a new cookie is received. Here are explanations on how to manage cookie settings for the most common browsers:

Disabling cookies may limit the functionality of this website.

We use cookies to carry out electronic communication, provide specific functionalities, or optimize our website (technically necessary cookies).

Under the GDPR, we store technically necessary cookies based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Where consent for the storage of cookies and similar recognition technologies is requested, processing is based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.

14.3. User Data

You can register on our webshop. The current Terms and Conditions, accessible at https://www.helenkirchhofer.ch/de/terms/, apply. Required information must be fully provided during registration; otherwise, registration is not possible. For essential updates, such as changes in the scope of offers or necessary technical adjustments, we use the email address provided at registration to notify you.

We process personal data of users and, where applicable, their employees, agents, or contracted third parties for all purposes related to fulfilling the contract.

Under the GDPR, data processing occurs either for contract initiation and fulfillment (Art. 6 para. 1 lit. b GDPR), based on our legitimate interest (Art. 6 para. 1 lit. f GDPR), or based on your consent (Art. 6 para. 1 lit. a GDPR).

14.4. Communication Options

14.4.1. General

Our website offers various ways to contact us, including email, phone, mail, and a contact form.

Regardless of the channel used, your inquiry, including all personal data you provide, will be saved and processed by us to handle your request. You are responsible for the content you submit.

In the context of the GDPR, processing is based on contract initiation or fulfillment (Art. 6 para. 1 lit. b GDPR), our legitimate interest in processing inquiries directed at us (Art. 6 para. 1 lit. f GDPR), or based on your consent (Art. 6 para. 1 lit. a GDPR).

14.4.2. Contact Form

On our website, users can contact us via a contact form. To use the contact form, your name and email address are required. The personal data submitted via the online form is processed to address you personally, direct your inquiry to the appropriate contact person, and respond to your query. By using the contact form, you consent to the processing of the personal data you provide.

14.5. Payment Service Providers

When making a payment, your payment details are transmitted through an interface on our online shop to the respective payment provider to facilitate the payment process.

The payment providers process data such as personal details (name and address), bank information (e.g., account or credit card numbers), passwords, TANs, verification numbers, and contract data. This data is necessary to complete transactions. The payment providers process and store data solely for their purposes. We, as operators, receive no bank account or credit card information but only information confirming or denying the payment.

Payment providers adhere to PCI-DSS standards, managed by the PCI Security Standards Council, a collaborative effort by brands like Visa, Mastercard, American Express, and Discover. PCI-DSS standards contribute to secure payment information handling.

Our payment providers include:

  • Visa: Provider is Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, United Kingdom. See privacy practices: https://www.visaeurope.ch/de_CH/legal/global-privacy-notice.html.
  • Mastercard: Provider is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. Privacy practices: https://www.mastercard.ch/de-ch/datenschutz.html.
  • PayPal: Provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy practices: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
  • Postfinance: Provider is Postfinance AG, Mingerstrasse 20, CH-3030 Bern, Switzerland. Privacy practices: https://www.postfinance.ch/de/detail/data/allgemeine-datenschutzerklaerung.html.
  • Twint: Provider is Twint AG, Stauffacherstrasse 41, CH-8004 Zurich, Switzerland. Privacy practices: https://www.twint.ch/datenschutz/
  • Amex: Provider is American Express Cards, issued by Swisscard AECS GmbH, CH-8810 Horgen, Switzerland. Privacy practices: https://www.swisscard.ch/de/rechtlichebedingungen-hinweise#datenschutz
  • MF Group: Provider is MF Group, Postfach, CH-9001 St. Gallen, Switzerland. Privacy practices: https://terms.mfgroup.ch/agbfiles/Datenschutz_de.pdf

Under the GDPR, transferring your data to these payment providers is based on contract fulfillment (Art. 6 para. 1 lit. b GDPR) and our legitimate interest (Art. 6 para. 1 lit. f GDPR) in reliable and secure payment processes.

14.6. Newsletter

We send news about our products or company to our users who have subscribed to our newsletter (so-called "double opt-in"). We process your personal data in connection with our newsletter only with your consent. You can unsubscribe from the newsletter at any time using the unsubscribe link provided in each newsletter or by contacting the data protection officer (Section 2) or the EU Data Protection Representative (Section 3) to withdraw your consent with effect for the future.

The emails are sent with graphics that allow for individual measurement of, for example, delivery, opening, and click rates. In addition, the emails contain links that enable a personalized analysis. This analysis is used to improve the quality of the newsletter and better tailor it to user interests. Data (email address, name if applicable, IP address, date, and time of registration) is stored on the servers of our email provider. The provider may not use this personal data for any purposes other than email distribution on our behalf.

We use Mailchimp for newsletter processing, a service by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

We have concluded a data processing agreement with MailChimp. More information: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.

MailChimp’s Privacy Policy: https://www.intuit.com/privacy/statement/.

Under the GDPR, processing your personal data for newsletter purposes is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in keeping our customers informed or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be withdrawn at any time with effect for the future.

14.7. Embedded Videos

Our website embeds videos and visualizations. These videos are hosted on third-party servers (see below).

Under the GDPR, processing data related to videos is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in enhancing your user experience and providing current and comprehensible information about our products and services or based on your consent (Art. 6 para. 1 lit. a GDPR).

14.7.1. YouTube

We maintain a YouTube profile and may embed videos on our website or apps from YouTube, operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube’s enhanced privacy mode, which, according to YouTube, only triggers data storage once the video starts playing. However, this mode does not prevent data transfer to YouTube partners entirely.

When you play a YouTube video on our website or app, a connection is made to YouTube servers (potentially in the USA), and YouTube learns which of our pages you visited. If you are logged in to your YouTube account, YouTube can link your browsing behavior directly to your profile. You can prevent this by logging out of your YouTube account.

YouTube may also store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to collect information about you, intended to record video statistics, improve user experience, and prevent fraudulent actions.

After starting a YouTube video, additional data processing may occur, over which we have no control.

We have a data processing agreement with Google. More information: https://www.youtube.com/t/terms_dataprocessing.

YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en.

14.7.2. Vimeo

We maintain a profile on Vimeo and may embed videos on our website from the Vimeo platform, operated by Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA (“Vimeo”).

We use Vimeo’s enhanced privacy mode, which, according to Vimeo, only triggers data storage once the video starts playing. However, data transfer to Vimeo partners may still occur.

When you play a Vimeo video, a connection is established with Vimeo’s servers (possibly also in the USA). Vimeo learns which of our pages you have visited. If you are logged into your Vimeo account, Vimeo can link your browsing directly to your profile. You can prevent this by logging out of your Vimeo account.

Vimeo may also set cookies on your device or use similar recognition technologies, allowing Vimeo to obtain information about you to record video statistics, improve user experience, and prevent abuse.

Further data processing may occur after starting a Vimeo video, beyond our control.

We have a data processing agreement with Vimeo. More information: https://www.vhx.tv/data-processing.

Vimeo’s Privacy Policy: https://vimeo.com/privacy.

Last updated: 01.10.2024

Top