Data Protection

Our privacy policy covers the type of data collected, its use, how it is shared with third parties, and other relevant information. We tailor our privacy policy to the specific features of our website to ensure your data is protected at all times. Furthermore, the link to the privacy policy is accessible from every page of our website.

Our Privacy Policy includes:

Data collection, use and sharing

We provide transparent information about how we collect, use, and potentially share data with third parties. Your privacy is important to us, so we attach great importance to ensuring that you are fully informed about what data we collect and how we use it.

Control over your data

You have full control over your personal information. You can view, change, and update your data as needed. If you have any concerns about how your data is being used, we are always available to address your concerns.

Data security

The security of your data is our top priority. We use comprehensive security measures, including data encryption and secure servers, to ensure your data is protected at all times. Your security is important to us. Learn more about our privacy policy here.

With this privacy policy, we inform you about how we process personal data in connection with our activities and operations, including our website https://www.prima-gartenbau.ch/. In particular, we explain what personal data we process, for what purposes, how, and where. We also inform individuals whose data we process about their rights.

For specific or additional activities and operations, further privacy policies or other legal documents such as General Terms and Conditions (GTC), terms of use, or participation conditions may apply.

We are subject to Swiss data protection law as well as any applicable foreign data protection law, in particular that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law provides an adequate level of data protection.

1. Contact details

Responsibility for the processing of personal data:

PRIMA Gartenbau GmbH
Moritz Saling
Aron Wohlgemuth
Ettingerstrasse 52A
4153 Reinach BL
Switzerland

Contact: info@prima-gartenbau.ch

In individual cases, other parties may be responsible for the processing of personal data, or there may be joint responsibility with one or more other controllers.

2. Definitions and legal bases

2.1 Definitions

Personal data means all information relating to an identified or identifiable natural person.
A data subject is a person whose personal data we process.

Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, recording, collecting, deleting, revealing, organising, structuring, saving, modifying, distributing, linking, destroying, and using personal data.

The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
The General Data Protection Regulation (GDPR) refers to the processing of personal data as the “processing of personal data”.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

Where and insofar as the GDPR applies, we process personal data on the basis of at least one of the following legal grounds:

Art. 6(1)(b) GDPR – processing necessary for the performance of a contract with the data subject or for pre-contractual measures
Art. 6(1)(f) GDPR – processing necessary to protect our legitimate interests or those of third parties, unless overridden by the interests or fundamental rights and freedoms of the data subject
Art. 6(1)(c) GDPR – processing necessary to comply with a legal obligation
Art. 6(1)(e) GDPR – processing necessary for the performance of a task carried out in the public interest
Art. 6(1)(a) GDPR – processing based on the consent of the data subject
Art. 6(1)(d) GDPR – processing necessary to protect vital interests of the data subject or another natural person

3. Nature, scope, and purpose of processing

We process personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may include, in particular, inventory and contact data, browser and device data, content data, metadata, usage data, location data, sales data, and contract and payment data.

We process personal data for as long as required for the respective purpose or as required by law. Personal data that is no longer required is anonymised or deleted.

We may have personal data processed by third parties, process it jointly with third parties, or transfer it to third parties. Such third parties are, in particular, specialised service providers whose services we use. We also ensure data protection compliance with such third parties.

As a rule, we only process personal data with the consent of the data subject. Where and insofar as processing is permitted for other legal reasons, we may refrain from obtaining consent, for example to fulfil a contract, comply with legal obligations, or safeguard overriding interests.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided such processing is legally permissible.

4. Communication

We process personal data in order to communicate with third parties. In this context, we process in particular the data that a data subject provides when contacting us, for example by post or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other persons are obliged to ensure data protection with regard to those data subjects, including ensuring the accuracy of the transmitted personal data.

We use selected services from suitable providers to communicate more effectively with third parties, in particular:

bexio – Customer Relationship Management (CRM); provider: bexio AG (Switzerland); data protection information: Privacy Policy, “Cloud and Data Security”, “Data Security – Definition and Measures for Companies”.

5. Data security

We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. Our measures ensure, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, without being able to guarantee absolute data security.

Access to our website and other online presence is secured by transport encryption (SSL/TLS, in particular HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Digital communication is subject to mass surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries, without cause or suspicion. We have no direct influence on such processing by intelligence services, police authorities, or other security agencies, nor can we rule out targeted surveillance of individual data subjects.

6. Personal data abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for processing there.

We may transfer personal data to all countries and territories worldwide, provided that the law of the respective country ensures adequate data protection as recognised by the Swiss Federal Council and, where applicable, by the European Commission under the GDPR.

Where data protection is not deemed adequate, transfers take place on the basis of standard data protection clauses or other appropriate safeguards. In exceptional cases, data may be transferred without adequate protection if specific legal requirements are met, such as the explicit consent of the data subject or a direct connection with the conclusion or performance of a contract. Upon request, we provide information about safeguards or copies thereof.

7. Rights of data subjects

7.1 Data protection rights

Data subjects have all rights granted under applicable data protection law, including:

Right of access
Right to rectification and restriction
Right to erasure (“right to be forgotten”) and objection
Right to data portability

We may restrict, delay, or refuse the exercise of these rights within the limits of the law, for example due to statutory retention obligations or the protection of third parties.

We may charge costs for the exercise of rights in exceptional cases and will inform data subjects in advance. We are obliged to verify the identity of data subjects, who are required to cooperate.

7.2 Legal remedies

Data subjects have the right to enforce their claims through legal proceedings or to lodge a complaint with a competent data protection supervisory authority.

The supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Within the EEA, supervisory authorities are organised in the European Data Protection Board (EDPB).

8. Use of the website

8.1 Cookies

We may use cookies, including first-party and third-party cookies. Cookies are data stored in the browser and may include session cookies or persistent cookies.

Cookies enable recognition of browsers, measurement of reach, and online marketing. Cookies can be disabled or deleted at any time in browser settings; however, the website may then not function fully. Where required, we actively request consent for the use of cookies.

Opt-out options for advertising cookies are available via platforms such as AdChoices, NAI, YourAdChoices, or Your Online Choices (EDAA).

8.2 Logging

We may log data such as date and time, IP address, access status, operating system, browser details, accessed sub-pages, and referrer URLs. These logs are necessary for reliable operation and security.

8.3 Tracking pixels

We may integrate tracking pixels (web beacons) that collect similar data to log files.

9. Notifications and communications

We send notifications and messages via email and other communication channels such as instant messaging or SMS.

9.1 Performance and reach measurement

Communications may include tracking links or pixels to analyse opening and click behaviour for statistical evaluation and optimisation.

9.2 Consent and objection

Consent is generally required for the use of email addresses unless legally permitted. We may use a double opt-in procedure. Data subjects may unsubscribe at any time.

9.3 Service providers

We use specialised service providers to send notifications and messages.

10. Social media

We are present on social media platforms to communicate and provide information. Personal data may be processed outside Switzerland and the EEA.

For our Facebook presence, we are jointly responsible with Meta Platforms Ireland Limited, where applicable under the GDPR. Further details are available in Facebook’s privacy policy.

11. Third-party services

We use specialised third-party services for secure and reliable operation, including:

digital infrastructure (hosting, storage)
automation and app integration
online scheduling
audio and video conferencing
online collaboration
social media plugins
audio and video content
document embedding
fonts and icons
payment processing
advertising and remarketing

12. Website extensions

We use extensions to provide additional website functionality, either via third-party services or our own infrastructure.

13. Performance and reach measurement

We analyse usage of our online offering to improve content and functionality. This may include A/B testing. IP addresses are masked where possible. User profiles are created only in pseudonymised form.

14. Final provisions

This privacy policy was created using the Privacy Policy Generator by Datenschutzpartner.
We may update this privacy policy at any time and will inform users of changes by publishing the current version on our website.