GDPR Policy

As described in our Privacy Policy, we collect personal information from your interactions with us "Basketlist.ch" and our website, including through cookies and similar technologies. We may also share this personal information with third parties, including advertising partners. We do this in order to show you ads on other websites that are more relevant to your interests and for other reasons outlined in our privacy policy.

Sharing of personal information for targeted advertising based on your interaction on different websites may be considered "sales", "sharing," or "targeted advertising" under certain U.S. state privacy laws. Depending on where you live, you may have the right to opt out of these activities. If you would like to exercise this opt-out right, please follow the instructions below.

If you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will treat this as a request to opt-out of activity that may be considered a ā€œsaleā€ or ā€œsharingā€ of personal information or other uses that may be considered targeted advertising for the device and browser you used to visit our website.

1. Data Protection Policy

1.1. Purpose:
Our Data Protection Policy outlines how we collect, process, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and Swiss data protection laws.

1.2. Scope:
This policy applies to all personal data collected, processed, or stored by our e-commerce platform, including data from customers, employees, and third parties.

1.3. Principles:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability and compliance


2. Data Collection and Processing

2.1. Lawful Basis for Processing:
We collect and process personal data only when there is a lawful basis, such as:

Consent: When individuals have given clear consent for specific processing purposes.
Contract: When processing is necessary for the performance of a contract with the data subject.
Legal obligation: When processing is necessary to comply with legal obligations.
Legitimate interests: When processing is necessary for our legitimate interests or those of third parties, except where overridden by the interests or fundamental rights and freedoms of the data subject.
2.2. Data Collection:
We collect personal data directly from data subjects through online forms, account registrations, purchases, and cookies. We may also collect data from third-party sources with appropriate consent.

2.3. Types of Data Collected:

Customer information: Name, contact details, billing and shipping addresses.
Payment information: Credit card details, bank account information.
Order history: Details of purchases, preferences, and returns.
Communication data: Emails, chat transcripts, and customer service interactions.
Website usage data: IP addresses, cookies, browser information.

2.4. Data Processing Activities:

Order processing: To fulfill orders, manage transactions, and provide customer support.
Marketing communications: To send promotional offers, newsletters, and updates with consent.
Analytics: To analyze website usage, improve user experience, and personalize content.
Legal compliance: To meet legal obligations, respond to legal requests, and protect our rights.

3. Data Security and Retention

3.1. Data Security Measures:

Encryption: Personal data is encrypted during transmission and storage.
Access controls: Access to personal data is restricted based on roles and permissions.
Regular audits: We conduct regular security audits to identify and address vulnerabilities.
Employee training: Employees receive training on data protection and security practices.
3.2. Data Retention:
Personal data is retained only for the period necessary to fulfill the purposes outlined in this policy or as required by law. We regularly review and update our retention policies to ensure compliance with legal requirements.

4. Data Subject Rights

4.1. Right to Access: Data subjects have the right to request access to their personal data and information about how it is processed.

4.2. Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.

4.3. Right to Erasure: Data subjects have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

4.4. Right to Restriction of Processing: Data subjects have the right to request the restriction of processing of their personal data in certain situations, such as when the accuracy of the data is contested.

4.5. Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

4.6. Right to Object: Data subjects have the right to object to the processing of their personal data in certain situations, such as for direct marketing purposes.

4.7. Rights in Automated Decision-Making: Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning them or similarly significantly affect them.

5. Data Transfers

5.1. International Transfers:
We may transfer personal data to countries outside the European Economic Area (EEA) or Switzerland if adequate safeguards are in place to protect the data, such as standard contractual clauses or data protection agreements.

6. Privacy Notices and Consent

6.1. Privacy Notices:
We provide clear and transparent privacy notices to data subjects, outlining the purposes and legal basis for processing their personal data, as well as their rights under the GDPR.

6.2. Consent:
We obtain explicit consent from data subjects before processing their personal data for specific purposes, such as marketing communications or cookies.

7. Data Breach Notification

7.1. Reporting Procedure:
In the event of a data breach involving personal data, we have procedures in place to assess the risk to data subjects and notify the relevant supervisory authorities and affected individuals without undue delay.

8. Compliance and Accountability

8.1. Data Protection Officer (DPO):
We have appointed a Data Protection Officer responsible for overseeing compliance with data protection laws and regulations and for acting as a point of contact for data subjects and supervisory authorities.

8.2. Record-Keeping:
We maintain records of our data processing activities, including the purposes of processing, categories of data subjects, and data transfers, to demonstrate compliance with the GDPR.

8.3. Data Protection Impact Assessments (DPIAs):
We conduct DPIAs for high-risk data processing activities to assess the impact on data subjects' privacy and to implement appropriate measures to mitigate risks.

8.4. Training and Awareness:
We provide regular training and awareness programs for employees to ensure they understand their responsibilities regarding data protection and privacy.

8.5. Cooperation with Supervisory Authorities:
We cooperate with supervisory authorities, such as data protection authorities, and provide them with necessary information and assistance as required by law.

9. Updates and Amendments

9.1. Review and Revision:
We regularly review and update our GDPR Policies to ensure compliance with changes in legislation, industry standards, and business practices.

9.2. Notification of Changes:
We notify data subjects and employees of any material changes to our GDPR Policies and provide them with updated versions of the policies as necessary.

10. Contact Information

For questions or concerns regarding our GDPR Policies or the processing of personal data, please contact:

www.Basketlist.CH
Im Struppen 15
8048 Zurich
Switzerland
Email: support@basketlist.ch
Phone:Ā +41 79 947 73 98

Date of Last Revision:Ā 18.03.2024

By accepting these GDPR Policies, you acknowledge that you have read, understood, and agree to comply with the terms outlined herein.