Privacy Policy
DATA PRIVACY STATEMENT WEBSITE
1. General
As we attach great importance to data privacy and data protection, we have implemented specific technical and organisational measures in line with the provisions on data privacy in order to protect your personal data. We make offers available to you via a number of different access channels (e.g. website or smartphone applications) (hereinafter referred together as the "platform"). With this data privacy statement, we inform you about the processing of your personal data and the use of cookies or similar technologies on our platform. Your personal data are collected and processed in compliance with the applicable data protection provisions, in particular Federal Act on Data Protection (FADP) and the EU's General Data Protection Regulation (GDPR) where this applies to data processing in a specific case.
2. Responsible provider
Lifetree Sarl, Geissmatthohe 13, 6004 Luzern, LU Switzerland, registration ID CHE-183-610-716 is the responsible provider of the platform and the personal data collected and processed in connection with your use of the platform.
Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence. You may not copy or use all or part of the design or content of this site without my written permission.
3. Collection, processing and use of your personal data
We collect such Non-personal and Personal Information for the following purposes:
• To provide and operate the Services;
• To provide our Users with ongoing customer assistance and technical support;
• To be able to contact our Visitors and Users with general or personalized service-related
notices and promotional messages;
• To create aggregated statistical data and other aggregated and/or inferred Non-personal
Information, which we or our business partners may use to provide and improve our
respective services;
• To comply with any applicable laws and regulations.
The scope and type of collection, processing and use of your personal data differ according to whether you just visit our platform to gather information or whether you also correspond with us via our platform and actively use the platform to purchase services via the web or app (hereinafter referred to as “our website"), or a smart device.
a) Used for information purposes only
It is generally not necessary to provide any personal data if you just use our platform to gather information. In this case, we only collect and process the data that are automatically sent to us by your Internet browser (in particular your IP address). This information is stored in nonanonymised form for the duration of your visit to our platform, and are subsequently analysed in anonymised form for statistical purposes only. No personal data about you are collected.
b) Active use of the platform
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile. When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only. We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through
surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
4. Your rights
You have various rights pertaining to your personal data under the applicable laws. If you wish to assert these rights, please address your enquiry by e-mail or post to the address provided in section 11, making sure that you clearly identify yourself. The following is an overview of your rights.
4.1. Right to confirmation and information You have the right to receive well-structured
information regarding the processing of your personal data. This means that you have the right at any time to request confirmation from us on whether any of your personal data are being processed. If this is the case, you have the right to request information from us free of charge regarding your stored personal data as well as a copy of these data. You also have a right to the following information: • Purposes of processing • Categories of personal data that are processed • recipients or categories of recipients to whom the personal data were or will be disclosed, in particular regarding recipients in foreign countries or with international organisations; • if possible, the planned duration of storage of the personal data or, if this is impossible, the criteria for determining this duration; • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the Controller or a right to object to such
processing; • the existence of a right of appeal to a supervisory authority; • if the personal data are not collected from you, all available information concerning the origin of the data; • the existence of automated decision-making, including profiling in accordance with Art. 22 paras. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for you; • if personal data are transmitted to a foreign country or an international organisation, you have the right to be instructed about the appropriate safeguards to protect the transmission pursuant to Art. 46 GDPR.
4.2. Right to rectification
You have the right to require us to rectify and possibly complete your personal data. This means that you have the right to require us to immediately rectify any incorrect personal data about you. Taking into account the purposes of processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. You can also directly process your personal data stored in your user account.
4.3. Right to erasure ("right to be forgotten")
In many cases we are obliged to erase your personal data. You therefore have the right, in particular where Art. 17 para. 1 GDPR applies, to require us to erase your personal data without undue delay and we will be obliged to erase your personal data without undue delay where one of the following grounds applies: • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; • you withdraw your consent on which the processing is based and there are no other legal grounds for the processing; • you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR; • the personal data have been unlawfully processed; • the
personal data have to be erased for compliance with a legal obligation to which we are subject; • the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR. You can erase the personal data stored in your user account as well as the account itself at any time.
4.4. Right to restriction of processing
In many cases you are entitled to ask us to restrict the processing of your personal data. You therefore have the right to require us to restrict the processing where one of the following applies: • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; • the processing is unlawful and you opposed the erasure of the personal data and requested the restriction of their use instead; • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; • you objected to processing pursuant to Art. 21 para. 1 GDPR pending verification whether our legitimate grounds override yours.
4.5. Right to data portability
Every data subject affected by the processing of personal data has the right to receive their personal data in a structured, commonly used and machine-readable format. In addition, the data subject has the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible and insofar as the rights and freedoms of others are not adversely affected by this. In order to assert your right to data portability, you can send your request by e-mail or post, clearly identifying yourself, to the
address indicated in Section 11.
4.6. Right to object
Every data subject affected by the processing of personal data has the right to object to the processing of their personal data at any time on grounds relating to their particular situation. In the event of such an objection, Lifetree Sarl shall no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. To exercise your right to object, you can send your request by e-mail or post, clearly identifying yourself, to the address indicated in Section 11.
4.7. Right to withdraw the declaration of consent for data processing
You have the right at any time to withdraw any consent to the processing of your personal data provided by you.
4.8. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful. In Switzerland, complaints can be lodged with the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch), and outside of Switzerland with the supervisory authority at your habitual residence or place of domicile.
5. External service providers / data transfers abroad
We generally only use your personal data within our own company Lifetree Sarl only. When and to the extent that we involve third parties in the performance of contracts (e.g. providers of logistics services), these third parties are only sent the personal data they need to perform the respective service. Where we outsource specific components of data processing (to a processor), we contractually oblige the processor to only use personal data in compliance with the provisions of data protection legislation and to warrant the protection of the rights of the affected parties. Except for the cases mentioned in this statement, data are not transmitted to organisations or persons outside Switzerland or the EU.
5.1. Hosting
Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. We use hosting services in order to provide the following services: infrastructure and platform services, computing capacity, storage capacity and database services, security services and technical maintenance services that we use for the operation of the website. We and our hosting provider process portfolio data, contact data, content data, contractual data, usage data, meta data and communication data of customers, interested parties and visitors to this website based on our legitimate interest in providing an efficient and secure website (the applicable provisions in the area of application of the GDPR are point 1 (f) of Art. 6 para. 1 GDPR in conjunction with Art. 28 GDPR).
5.2. Providers of payment services
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
6. Cookies and Local Storage
A cookie is a small text file containing all sorts of information which is filed on your computer by the web browser. Local storage (HTML5 Local Storage) is a small database containing all sorts of information which is integrated in the web browser on your computer.
a) Used for information purposes only. We use neither cookies nor local storage.
b) Active use of platform
We may use cookies and local storage when you log on to our web applications. Cookies are used to link the different requests by your browser to the shared authenticated visit in order to protect your account against unauthorised access. These cookies are stored on your hard disk and are automatically deleted again after the specified period. Their lifetime is either one day («Stay signed in» is inactive) or 90 days («Stay signed in» is active). The following data and information are stored in the cookies: Session identification (pseudonymised IDs You can change the settings on your browser to notify you when a cookie should be set, which will allow you to approve or reject cookies on an ad hoc basis or to generally block all cookies. This can restrict the functionality of the web application. Local storage is used to make
the application more user-friendly. The information kept in local storage is never deleted automatically. The following data and information are saved in local storage: • Language code • Last selected options (pseudonymised IDs) • Last selected postcode. You can change your browser settings to completely prevent the local storage of information. This can restrict the functionality of the web application. Our legitimate interest in the use of cookies and local storage pursuant to point (f) of Art. 6 para. 1 GDPR lies in our ambition to make our web applications more user-friendly, more effective and more secure.
7. Storage period
Unless specifically indicated otherwise, we store personal data only for as long as required to meet the purposes pursued by us. In some cases the legislator requires us to store personal data, e.g. under tax or commercial law. In these cases we store the data for longer to meet these legal requirements without any further processing, and we delete the data after expiry of the statutory safekeeping period.
8. Data security
We do our utmost to ensure the security of your data in compliance with the applicable data protection laws and the technical possibilities. We transmit your personal data in encrypted form using the SSL (Secure Socket Layer) system. This applies to your master data, your transactions and also to customer log ins. Please note, however, that the transmission of data via the Internet can never be completely secure. It is impossible to completely protect data from access by third parties. We implement and constantly update technical and organisational security measures pursuant to Art. 32 GDPR to secure your data. We also cannot guarantee that our services will be available at certain times, as malfunctions, interruptions or breakdowns cannot be excluded. The servers used by us are regularly and carefully secured.
10. Disclaimer
All information on our platform has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, accurate and complete. Nevertheless, errors cannot be completely ruled out, and therefore we hereby disclaim liability for whether the information is complete, correct and up-to-date. As a matter of principle, we hereby disclaim all liability for any pecuniary or non-pecuniary damage caused by using or failing to use the information provided or by using incorrect or incomplete information. The publisher may change or delete texts at its own discretion and without prior notice and is under no obligation to update the contents of this platform. The use of or access to this platform is at the visitor’s own risk. The publisher, its customers and partners are not responsible for any damages (e.g. direct, indirect, incidental or consequential damages) allegedly caused by visiting this platform and therefore bear no liability for such damages. The publisher also bears no responsibility or liability for the content or availability of third-party websites that may be accessed via external links from this platform. Responsibility for the contents of linked sites lies solely with the operators of those sites. The publisher therefore expressly dissociates itself from any third-party content which might have criminal-law or liability-law implications or which violates common decency
11. Contact person
If you have any questions on the collection, processing or use of your personal data, information, amendments, blocking or erasure of personal data and the withdrawal of consent for processing or the lodging of a complaint, please contact:
Postal address: Lifetree Sarl, Geissmatthohe 13, 6004 Luzern, LU Switzerland
E-mail address: tamsin.lifetree@outlook.com
12. Changes Lifetree Sarl may amend this Data Privacy Statement at any time without prior
notice.
The current version as published on our platform shall apply. If this Data Privacy Statement is part of an agreement with you, in the event of an update we will notify you of the changes via e- mail or other suitable method.