Privacy Policy
Personal data (hereinafter referred to as "data") is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly online presence, including its contents and the services offered there.
According to Article 4, No. 1 of Regulation (EU) 2016/679, i.e., the General Data Protection Regulation (hereinafter referred to as "GDPR"), "processing" refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
With this privacy policy, we particularly inform you about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we determine the purposes and means of processing either alone or jointly with others. Furthermore, we inform you about the third-party components we use for optimization purposes and to enhance the quality of use, provided third parties process data under their own responsibility.
Our privacy policy is structured as follows:
I. Information about us as the data controller
II. Rights of users and data subjects
III. Information on data processing
I. Information about us as the data controller
The responsible provider of this website in terms of data protection law is:
VENDEX AG
Berglistrasse 4
8616 Riedikon
Switzerland
Email: shop@vape.ch
The data protection officer at the provider is:
Mario Puppo
II. Rights of users and data subjects
Regarding the data processing described below, users and data subjects have the right
- to confirmation whether data concerning them is being processed, to access the processed data, to additional information on data processing, and to copies of the data (cf. Art. 15 GDPR);
- to correction or completion of inaccurate or incomplete data (cf. Art. 16 GDPR);
- to the immediate deletion of data concerning them (cf. Art. 17 GDPR) or, alternatively, if further processing is necessary under Art. 17(3) GDPR, to restrict processing according to Art. 18 GDPR;
- to receive the data concerning them that they have provided and to transfer this data to other providers/controllers (cf. Art. 20 GDPR);
- to lodge a complaint with the supervisory authority if they believe the data processing violates data protection regulations (cf. Art. 77 GDPR).
Additionally, the provider must notify all recipients of any corrections, deletions, or processing restrictions under Articles 16, 17(1), 18 GDPR. This obligation does not apply where notification is impossible or involves disproportionate effort.
Furthermore, users and data subjects have the right to object to future processing of their data under Art. 21 GDPR, particularly for direct advertising purposes.
III. Information on data processing
Data processed during the use of our website will be deleted or restricted as soon as the purpose for storage ceases to apply, provided no legal obligations prevent deletion. Specific processing information is provided below.
Server Data
For technical reasons, particularly to ensure a secure and stable online presence, data is transmitted by your internet browser to us or our webspace provider. These so-called server log files include, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our online presence (referrer URL), the website(s) of our online presence you visit, the date and time of each access, as well as the IP address of the internet connection from which our online presence is used.
These collected data are temporarily stored but not combined with other data about you.
This storage is based on Article 6(1)(f) GDPR. Our legitimate interest lies in improving, stability, functionality, and security of our online presence.
The data will be deleted no later than seven days unless further retention is necessary for evidence purposes. In this case, the data is wholly or partially exempt from deletion until the final clarification of an incident.
Cookies
a) Session Cookies
We use so-called cookies on our website. Cookies are small text files or other storage technologies that your internet browser saves on your device. These cookies process certain information from you, such as your browser or location data or your IP address.
This processing makes our online presence more user-friendly, effective, and secure, enabling, for instance, the display of our website in different languages or the provision of a shopping cart function.
The legal basis for this processing is Article 6(1)(b) GDPR if these cookies process data for initiating or fulfilling a contract.
If the processing does not serve contract initiation or fulfillment, our legitimate interest lies in improving the functionality of our online presence. The legal basis is then Article 6(1)(f) GDPR.
These session cookies are deleted when you close your internet browser.
b) Third-Party Cookies
Our website may also use cookies from partner companies with whom we collaborate for advertising, analysis, or the functionalities of our online presence.
Details, especially regarding the purposes and legal bases for processing such third-party cookies, are provided below.
c) Disabling Cookies
You can prevent or restrict the installation of cookies via your internet browser settings. Already stored cookies can also be deleted at any time. The steps and measures required depend on your specific internet browser. Please refer to your browser's help function or documentation or contact its manufacturer for assistance. However, processing Flash cookies cannot be prevented through the browser settings. You must change your Flash Player settings instead. Please consult the help function or documentation of your Flash Player or contact the manufacturer.
Preventing or restricting the installation of cookies may result in limited functionality of our website.
Contract Processing
The data you provide to make use of our goods and/or services are processed by us for the purpose of contract processing and are necessary for this purpose. It is not possible to conclude or process the contract without providing your data.
The legal basis for processing is Article 6(1)(b) GDPR.
We delete the data after the contract has been fully executed but must comply with tax and commercial retention periods.
As part of the contract processing, we pass on your data to the transport company responsible for the delivery of the goods or to the financial service provider, insofar as this is necessary for the delivery of the goods or payment purposes.
The legal basis for the transfer of data is then Article 6(1)(b) GDPR.
Customer Account / Registration Function
If you create a customer account on our website, the data you provide during registration (e.g., your name, address, or email address) will be collected and stored exclusively for pre-contractual services, contract performance, or customer care purposes (e.g., providing you with an overview of your previous orders or enabling you to use the wishlist feature). We also store the IP address, date, and time of your registration. This data is not shared with third parties.
During the registration process, your consent for this processing is obtained, and this privacy policy is referenced. The data collected is used exclusively for providing the customer account.
If you consent to this processing, Article 6(1)(a) GDPR serves as the legal basis for processing.
If the creation of the customer account also serves pre-contractual measures or contract performance, Article 6(1)(b) GDPR additionally serves as the legal basis for processing.
You can revoke your consent to the creation and maintenance of the customer account at any time with future effect in accordance with Article 7(3) GDPR. Simply notify us of your revocation.
The data collected will be deleted once processing is no longer necessary. However, tax and commercial retention periods must be observed.
Newsletter
If you sign up for our free newsletter, the data requested during the registration process—your email address and, optionally, your name and address—will be transmitted to us. At the same time, we store the IP address of the internet connection used to access our website, along with the date and time of your registration. During the registration process, we will obtain your consent to receive the newsletter, describe its contents, and refer to this privacy policy. The data collected in this context is used exclusively for sending the newsletter and is not shared with third parties.
The legal basis for this is Article 6(1)(a) GDPR.
You may revoke your consent to receive the newsletter at any time with future effect, pursuant to Article 7(3) GDPR. To do so, simply notify us of your withdrawal or use the unsubscribe link included in each newsletter.
Contact Requests / Contact Options
If you contact us via contact form or email, the data you provide will be used to process your inquiry. Providing this data is necessary to process and respond to your inquiry; without it, we may not be able to respond, or only respond in a limited manner.
The legal basis for this processing is Article 6(1)(b) GDPR.
Your data will be deleted once your inquiry has been fully addressed, unless statutory retention obligations prevent deletion, such as in cases where a subsequent contract execution may apply.
User Contributions, Comments, and Reviews
We offer you the opportunity to post questions, answers, opinions, or reviews—hereinafter referred to as “contributions”—on our website. If you take advantage of this offer, we will process and publish your contribution, the date and time of submission, and, if applicable, the pseudonym you used.
The legal basis for this is Article 6(1)(a) GDPR. You can revoke your consent at any time with future effect, pursuant to Article 7(3) GDPR, by notifying us of your withdrawal.
Additionally, we process your IP and email address. The IP address is processed because we have a legitimate interest in taking or supporting further steps if your contribution infringes on the rights of third parties and/or is otherwise unlawful.
The legal basis in this case is Article 6(1)(f) GDPR. Our legitimate interest lies in the necessary legal defense, if applicable.
Subscription to Contributions
If you post contributions on our website, we also offer you the option to subscribe to follow-up contributions by third parties. To inform you of these follow-up contributions via email, we process your email address.
The legal basis for this is Article 6(1)(a) GDPR. You can revoke your consent to this subscription at any time with future effect, pursuant to Article 7(3) GDPR. To do so, simply notify us of your withdrawal or use the unsubscribe link included in the respective email.
Competitions
Through our website, we offer you the opportunity to participate in competitions. If you participate in one of our competitions, the data you provide for participation will be processed exclusively for the purpose of conducting and handling the respective competition.
In the course of the competition, we may pass your data on to the logistics company responsible for delivering the prize or to a financial service provider if the transfer is necessary for delivery or payment. If your data is published in the event of a win, you will be informed of this in the consent declaration.
The legal basis for data transfer is Article 6(1)(b) GDPR.
You can revoke your consent to the processing of your data for participation in our competitions at any time with future effect, pursuant to Article 7(3) GDPR. To do so, simply notify us of your withdrawal.
YouTube
We maintain an online presence on YouTube to present our company and services and to communicate with customers/interested parties. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
Please note that there is a possibility that user data may be processed outside the European Union, particularly in the USA. This may pose increased risks to users, for example, making subsequent access to user data more difficult. Additionally, we have no access to this user data; access is exclusively under YouTube’s control. Google LLC is certified under the Privacy Shield and committed to adhering to European data protection standards.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
You can find YouTube’s privacy policy at https://policies.google.com/privacy.
Facebook
To promote our products and services and to communicate with interested parties or customers, we maintain a corporate presence on the Facebook platform.
On this social media platform, we share joint responsibility with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook's data protection officer can be reached via the following contact form:
https://www.facebook.com/help/contact/540977946302970
Our joint responsibility has been regulated in an agreement regarding respective obligations under the GDPR. This agreement, detailing mutual responsibilities, can be accessed here:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the subsequent processing of personal data is Article 6(1)(f) GDPR. Our legitimate interest lies in analyzing, communicating, marketing, and promoting our products and services.
The legal basis may also be the user's consent according to Article 6(1)(a) GDPR towards the platform operator. The user can withdraw consent at any time for the future per Article 7(3) GDPR by notifying the platform operator.
When accessing our online presence on Facebook, Facebook Ireland Ltd. processes user data (e.g., personal information, IP address, etc.).
This data is used to generate statistical information about the use of our corporate presence. Facebook Ireland Ltd. uses this data for market research, advertising, and creating user profiles. These profiles allow targeted advertising within and outside Facebook. If the user is logged into their Facebook account during the visit, Facebook Ireland Ltd. may associate this data with the user account.
If a user contacts us via Facebook, the personal data entered will be processed to handle the inquiry. The data will be deleted once the inquiry is fully resolved unless statutory retention requirements, such as those related to subsequent contract execution, apply.
Facebook Ireland Ltd. may also set cookies for data processing.
If the user does not agree with this processing, they can prevent the installation of cookies by adjusting their browser settings. Previously stored cookies can also be deleted. Flash cookies must be managed via the Flash Player settings. Preventing or restricting cookies may limit the functionality of Facebook.
More details on processing, prevention, and deletion of data processed by Facebook are available in Facebook’s data policy:
https://www.facebook.com/privacy/explanation
Data processing may also occur in the USA through Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Facebook Inc. complies with the EU-US Privacy Shield, ensuring EU data protection standards for US-based data processing:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Instagram
To promote our products and services and to communicate with interested parties or customers, we maintain a corporate presence on Instagram.
On this social media platform, we share joint responsibility with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Instagram's data protection officer can be reached via the following contact form:
https://www.facebook.com/help/contact/540977946302970
The remaining text follows the same structure as Facebook, with appropriate references to Instagram where necessary. This agreement, outlining the mutual obligations, can be accessed at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the resulting and subsequently described processing of personal data is Art. 6(1)(f) GDPR. Our legitimate interest lies in analyzing, communicating, marketing, and promoting our products and services.
The legal basis can also be the user’s consent according to Art. 6(1)(a) GDPR, provided to the platform operator. This consent can be withdrawn at any time with future effect in accordance with Art. 7(3) GDPR by notifying the platform operator.
When accessing our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g., personal information, IP address, etc.).
This user data is used to provide statistical insights into the use of our corporate presence on Instagram. Facebook Ireland Ltd. utilizes this data for market research and advertising purposes, as well as for creating user profiles. These profiles enable Facebook Ireland Ltd., for example, to deliver interest-based advertising to users both within and outside Instagram. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.
If the user contacts us via Instagram, the personal data entered by the user during this interaction is used to process the inquiry. The user’s data is deleted once their inquiry has been fully addressed, provided there are no statutory retention obligations, such as those arising from subsequent contract execution.
For data processing, Facebook Ireland Ltd. may also set cookies.
If the user disagrees with this processing, they can prevent the installation of cookies by adjusting their browser settings. Already stored cookies can also be deleted at any time. The specific settings depend on the respective browser. For Flash cookies, processing cannot be prevented via browser settings but must be managed via the Flash Player settings. Preventing or restricting the installation of cookies may result in some Facebook functionalities being unavailable.
Details on processing activities, how to prevent them, and how to delete data processed by Instagram can be found in Instagram’s data policy:
https://help.instagram.com/519522125107875
It cannot be excluded that processing by Facebook Ireland Ltd. is also conducted via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Facebook Inc. has submitted to the "EU-US Privacy Shield," thereby declaring compliance with EU data protection requirements when processing data in the USA.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Social Media Linking via Graphics or Text Links
We promote our presences on the following social networks on our website. The integration is carried out using a linked graphic of the respective network. Using these linked graphics prevents an automatic connection to the respective social network’s server to display its graphic when accessing a website containing social media advertisements. The user is only redirected to the respective network service by clicking on the corresponding graphic.
After redirection, the respective network may collect information about the user. It cannot be excluded that such data processing occurs in the USA.
The initial data collected may include the IP address, date, time, and the page visited. If the user is logged into their user account on the respective network, the network operator may link the collected information from the specific visit to the user’s personal account. If the user interacts using a “Share” button, these details may be saved to the user’s personal account and, where applicable, published. To prevent the immediate linking of this information to their user account, the user must log out before clicking the graphic. Additionally, the user can configure their respective account settings.
The following social networks are integrated into our site via links:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://www.facebook.com/policy.php
EU-US Privacy Shield Certification: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.
Privacy Policy: https://policy.pinterest.com/en/privacy-policy
EU-US Privacy Shield Certification: https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active
YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
Privacy Policy: https://policies.google.com/privacy
EU-US Privacy Shield Certification: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
“Facebook” Social Plug-In
We use the plug-in of the social network Facebook on our website. Facebook is an internet service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Within the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter collectively referred to as “Facebook.”
By being certified under the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Facebook guarantees compliance with EU data protection regulations, even when processing data in the USA.
The legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the quality improvement of our website.
Further information about the available plug-ins and their respective functions can be found on Facebook at
https://developers.facebook.com/docs/plugins/.
If the plug-in is embedded on one of the pages of our website that you visit, your internet browser downloads a display of the plug-in from Facebook's servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address during this process. Additionally, the date and time of your visit to our website are recorded.
If you are logged into Facebook while visiting one of our website pages equipped with the plug-in, the information collected by the plug-in about your specific visit will be recognized by Facebook. The information collected in this manner may be assigned by Facebook to your personal user account. For instance, if you use Facebook’s “Like” button, this information will be saved in your Facebook user account and possibly published on Facebook’s platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use a browser add-on to block the loading of the Facebook plug-in.
Further information about the collection and use of data, as well as your rights and protection options in this regard, can be found in Facebook’s privacy policy available at
https://www.facebook.com/policy.php.
Google Analytics
We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."
By being certified under the EU-US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees compliance with EU data protection regulations even when processing data in the United States.
Google Analytics is used to analyze user behavior on our website. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.
Usage and user-related information, such as IP address, location, time, or frequency of website visits, are transmitted to a Google server in the US and stored there. However, we use Google Analytics with the so-called anonymization function. This ensures that Google truncates the IP address within the EU or EEA before transmission.
Google uses the collected data to provide us with an evaluation of website visits and user activities on our site. This data may also be used to provide additional services related to the use of our website and the internet.
Google states that it will not associate your IP address with any other data it holds. Additionally, Google provides further information on its privacy practices at:
https://www.google.com/intl/de/policies/privacy/partners
Google also offers a browser add-on to deactivate Google Analytics, available at:
https://tools.google.com/dlpage/gaoptout?hl=en
This add-on can be installed on popular internet browsers and provides further control over the data collected by Google when visiting our website. The add-on notifies Google Analytics’ JavaScript (ga.js) that no information about website visits should be transmitted. However, this does not prevent information from being sent to us or other web analytics services. Details of any other analytics services used will be disclosed in this privacy policy.
Google Maps
We use Google Maps to display our location and provide directions. This service is also provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."
By being certified under the EU-US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google ensures compliance with EU data protection regulations even when processing data in the United States.
To display specific fonts on our website, a connection to Google's servers in the US is established when our site is accessed.
When accessing the Google Maps component integrated into our website, Google stores a cookie on your device via your browser. This cookie is used to process user settings and data to display our location and provide directions. It cannot be excluded that Google servers in the US are used for this purpose.
The legal basis for this is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
Through the established connection to Google, Google can determine from which website your request was sent and to which IP address the directions should be transmitted.
If you disagree with this processing, you can prevent the installation of cookies through your browser settings. Details on this can be found under the section “Cookies” in this privacy policy.
The use of Google Maps and the information obtained via Google Maps is governed by Google's Terms of Service:
https://policies.google.com/terms?gl=DE&hl=en
and the additional terms and conditions for Google Maps:
https://www.google.com/intl/en/help/terms_maps.html.
Further information is available at:
https://adssettings.google.com/authenticated
https://policies.google.com/privacy.
Google reCAPTCHA
On our website, we use Google reCAPTCHA to verify and prevent interactions on our site by automated access, such as by bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."
Through certification under the EU-U.S. Privacy Shield ("EU-U.S. Privacy Shield")
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also adhered to when processing data in the U.S.
Through this service, Google can determine from which website a request is sent and from which IP address you are using the reCAPTCHA input box. In addition to your IP address, Google may collect additional information that is necessary for offering and ensuring this service.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the security of our website and in preventing unwanted, automated access, such as spam or similar.
Google provides further information on the general handling of your user data at
https://policies.google.com/privacy.
Google Fonts
On our website, we use Google Fonts to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."
Through certification under the EU-U.S. Privacy Shield ("EU-U.S. Privacy Shield")
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also adhered to when processing data in the U.S.
In order to display certain fonts on our website, a connection is established to Google’s server in the U.S. when accessing our website.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in optimizing and economically operating our website.
Through the connection to Google established when accessing our website, Google can determine from which website your request was sent and to which IP address the font should be transmitted.
Google provides further information, especially regarding the options to prevent data usage, at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy.
YouTube
On our website, we use YouTube. This is a video portal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube."
YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."
Through certification under the EU-U.S. Privacy Shield ("EU-U.S. Privacy Shield")
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google, and thus also its subsidiary YouTube, guarantees that the data protection requirements of the EU are adhered to when processing data in the U.S.
We use YouTube in conjunction with the "Enhanced Privacy Mode" feature to display videos to you. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the "Enhanced Privacy Mode" ensures that only the data specified below is transmitted to YouTube’s server when you actually start a video.
Without this "Enhanced Privacy," a connection is established to YouTube’s server in the U.S. as soon as you visit a page on our website with an embedded YouTube video.
This connection is necessary in order to display the respective video on our website via your web browser. In doing so, YouTube will collect and process at least your IP address, the date and time, and the webpage you visited. Additionally, a connection to Google’s advertising network, "DoubleClick," will be made.
If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or adjust the settings in your YouTube account.
For functionality and usage behavior analysis purposes, YouTube stores permanent cookies via your web browser on your device. If you do not agree to this processing, you have the option to prevent the storage of cookies by adjusting your browser settings. More information on this is provided under "Cookies" above.
Google provides further information about the collection and use of data, as well as your rights and protective options, in its privacy policy available at
https://policies.google.com/privacy.
