Privacy Policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name www.finestdecor.ch. We specifically explain why, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, we may publish further privacy policies or other data protection-related information.

1. Contact Addresses

Responsible for the processing of personal data:

finestdecor GmbH
Stöckenweg 5
6043 Adligenswil

welcome@finestdecor.ch

In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.

2. Terms and Legal Bases

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data concerning trade union, political, religious, or ideological views and activities, data on health, intimacy, or ethnic or racial affiliation, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the methods and procedures used, such as querying, comparing, modifying, archiving, retaining, reading, disclosing, obtaining, recording, collecting, deleting, making accessible, organizing, storing, altering, distributing, linking, destroying, and using personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

3. Type, Scope, and Purpose of Data Processing

We process the personal data that is necessary to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. The processed personal data may particularly include browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data received from third parties, obtained from publicly accessible sources, or collected in the course of our activities and operations, where such processing is legally permissible.

We process personal data as necessary with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or protect overriding interests. We may also request consent from data subjects even when it is not strictly required.

We process personal data for the duration necessary to fulfill the respective purpose. We anonymize or delete personal data particularly based on legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are especially specialized service providers whose services we use.

We may disclose personal data to banks and other financial institutions, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit rating agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.

5. Communication

We process personal data to communicate with individuals, authorities, organizations, and companies. In doing so, we primarily process data provided by the data subject when making contact, such as via postal mail or email. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other individuals to us are obliged to independently ensure data protection for those affected. In particular, they must ensure that such data is accurate and may be shared.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we may also manage and otherwise process data of the data subjects beyond direct communication.

6. Applications

We process personal data of applicants to the extent necessary to assess their suitability for employment or for the future execution of an employment contract. The required personal data is derived in particular from the requested information, such as in the context of a job posting. We may publish job advertisements with the help of appropriate third parties, for example, in electronic and printed media or on job portals and job platforms.

We also process personal data voluntarily provided or published by applicants, especially as part of cover letters, résumés, and other application documents, as well as online profiles.

We may enable applicants to store their data in our talent pool so that they may be considered for future job openings. We may also use such data to maintain contact and share updates. If we believe an applicant is suitable for a position based on their information, we may inform them accordingly.

7. Data Security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of processed personal data, though we cannot guarantee absolute data security.

Access to our website and other online presence is secured using transport encryption (SSL / TLS, in particular via HTTPS). Most browsers warn when visiting websites without transport encryption.

Our digital communication is subject to – as generally all digital communication – mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the respective processing of personal data by intelligence services, police departments, and other security authorities. We also cannot rule out targeted surveillance of a specific data subject.

8. Personal Data Abroad

As a rule, we process personal data in Switzerland. However, we may also disclose or export personal data to other countries, particularly to have it processed there or by third parties.

We may disclose personal data to any country in the world and elsewhere in the universe, provided that local law ensures adequate data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that other suitable data protection measures are in place, especially based on standard contractual clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable protection if special legal conditions are met, such as explicit consent from the data subject or a direct connection with contract execution. Upon request, we will gladly provide information about or copies of such safeguards.

9. Rights of Data Subjects

9.1 Data Protection Rights

We grant data subjects all rights under applicable data protection laws. In particular, data subjects have the following rights:

Access: Data subjects may request confirmation as to whether we are processing personal data about them and, if so, what data. They will also receive information necessary to exercise their rights and ensure transparency. This includes processed data itself as well as details on the purpose of processing, retention period, any data disclosures or exports, and the source of the data.
Correction and Restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and processing restricted.
Deletion and Objection: Data subjects may request the deletion of personal data (“right to be forgotten”) and object to future data processing.
Data Portability: Data subjects may request the handover or transfer of their data to another controller.

We may postpone, limit, or deny the exercise of data subject rights to the extent legally permitted. We may inform data subjects of any requirements for exercising their rights. For example, we may deny access due to confidentiality obligations, overriding interests, or the protection of others. We may also deny data deletion, especially with reference to legal retention obligations.

We may exceptionally charge fees for the exercise of data subject rights. We will inform data subjects of any costs in advance.

We are obliged to reasonably identify individuals who request access or assert other rights. Data subjects must cooperate accordingly.

9.2 Legal Remedies

Data subjects have the right to enforce their data protection rights in court or to lodge a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

10. Use of the Website

10.1 Cookies

We may use cookies. Cookies – both our own (first-party cookies) and those from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as “persistent cookies.” Session cookies are automatically deleted when the browser is closed. Persistent cookies have a defined expiration period. Cookies enable us, in particular, to recognize a browser upon its next visit to our website and thereby, for example, measure the reach of our website. Persistent cookies can also be used for online marketing.

Cookies can be completely or partially disabled and deleted in the browser settings at any time. Without cookies, our website may no longer be fully functional. We request – at least where and as necessary – the express consent for the use of cookies.

For cookies used in performance and reach measurement or for advertising, a general opt-out is possible via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log the following information for each access to our website and other online presence, provided such information is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including interface and version, browser including language and version, accessed individual sub-page including transferred data volume, and the last visited website in the same browser window (referrer).

We log such information, which may also include personal data, in log files. These logs are required to permanently, user-friendly, and reliably provide our online presence. They are also necessary to ensure data security – also with or through third parties.

10.3 Web Beacons

We may integrate web beacons (also known as tracking pixels). These may also be provided by third parties whose services we use. Web beacons are typically small, invisible images or JavaScript-based scripts that are automatically loaded when our online presence is accessed. Web beacons can record at least the same data as log files.

11. Notifications and Messages

11.1 Performance and Reach Measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message was opened and which links were clicked. These links and pixels can also track the use of notifications and messages personally. We require this statistical tracking to measure success and reach, allowing us to send messages effectively, user-friendly, reliably, and securely based on the recipients’ needs and reading habits.

11.2 Consent and Objection

You must generally consent to the use of your email address and other contact information, unless the use is otherwise legally permitted. For obtaining such consent, we may use a double opt-in procedure. In that case, you’ll receive a message with instructions for double confirmation. We may log consents including IP address and timestamp for verification and security purposes.

You can generally unsubscribe from messages such as newsletters at any time. By doing so, you also object to statistical tracking. Required notifications and messages related to our activities and operations remain reserved.

We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. Personal data may also be processed outside Switzerland in connection with such platforms.

The terms and conditions, privacy policies, and other policies of the respective platform operators also apply. These policies inform individuals about their rights directly with the platform, including the right to access.

13. Services from Third Parties

We use services from specialized third parties to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. With these services, we may embed functions and content in our website. These services necessarily collect at least temporary IP addresses for technical reasons.

Third parties may process data in connection with our activities for required security, statistical, or technical purposes in aggregated, anonymized, or pseudonymized form. Examples include performance or usage data.

We particularly use:

Google Services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland); see full privacy resources here.

13.1 Digital Infrastructure

Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland).
Squarespace: Website builder; Providers: Squarespace Inc. (USA) / Squarespace Ireland Limited (Ireland).

13.2 Audio and Video Conferencing

Zoom: Video conferencing; Provider: Zoom Video Communications Inc. (USA).

Instagram Platform: Embedding content; Provider: Meta Platforms Ireland Limited and other Meta companies.

13.4 Maps

Google Maps: Embedding maps; Provider: Google.

13.5 Documents

Canva: Digital documents; Provider: Canva Pty Ltd (Australia).

13.6 Fonts

Adobe Fonts: Provider: Adobe Inc. / Adobe Systems Software Ireland Limited.
Font Awesome: Icons; Provider: Fonticons Inc. (USA).
Google Fonts: Provider: Google.

14. Website Extensions

We use website extensions to add additional features. We may use selected third-party services or host extensions on our own infrastructure.

Google reCAPTCHA: Spam protection; Provider: Google.

15. Performance and Reach Measurement

We aim to measure the success and reach of our activities. This includes evaluating third-party referrals and testing different parts or versions of our online offerings (“A/B testing”). Based on results, we may fix errors, enhance popular content, or make improvements.

Performance and reach measurement often includes the collection of users’ IP addresses, which are generally shortened (“IP masking”) to follow the principle of data minimization.

Cookies may be used, and user profiles created, including visited pages, viewed content, screen or window size, and approximate location. These profiles are generally pseudonymized and not used to identify individuals. Third-party services where users are logged in may associate this data with their account.

Google Marketing Platform: Includes Google Analytics; cross-device tracking; anonymized IPs; Privacy Policy, Opt-out Tool.

16. Final Notes on this Privacy Policy

We may update this privacy policy at any time. We will inform users appropriately, especially by publishing the current version on our website.