Data Protection
Data Privacy
Statement
Lascaux is committed to comply with data protection standards according
to applicable European directives that exceed current Swiss regulations. Until
a new Swiss data protection law takes effect, the directives of the General
Data Protection Regulation, GDPR, also apply to clients based in Switzerland.
We will inform you about our processing of your data in accordance with
item 13 of the General Data Protection Regulation (GDPR).
Responsibility
Responsibility as defined in the GDPR is assigned to
Lascaux Colours & Restauro AG
Data Privacy
Zürichstrasse 42
CH-8306 Brüttisellen
infoCqh7eEgdzLNgWfOlascaux.ch
Our data privacy representative can be
contacted under the address indicated above.
Usage Data During Visits to Our Website
When users visit our website usage data is
temporarily saved on our web server. This usage data forms the basis for
statistical, anonymous evaluations aimed at improving the quality of our web
pages. Data sets comprise the following items:
- IP address (abbreviated in such a manner as to prevent any assignment to a person)
- date and time of the interaction
- content of the interaction (name of the page/file)
- transferred data volume
- operating system and interface
- access status/http status code
- information regarding the web browser used for the interaction.
Every person has a legally guaranteed right to protection of his/her privacy as well as protection against misuse of personal data. We adhere to these regulations. Personal data is treated confidentially and neither sold nor transmitted to any third party.
Data Transfer
to Third Parties
Within the framework of commissioned data processing in accordance with
item 28 GDPR we transmit your data to service providers who support us in
operating our web pages and related processes. Our service providers act
strictly in accordance with our instructions and are contractually committed.
We assign processing tasks to the following service providers: Incodev, SIX
Payment Services, Mailworx, Shwups GmbH, Microsoft, Google, Facebook.
In some cases we transfer personal data to third countries outside the
EU. In these cases we are obliged to provide for sufficient levels of data
protection. Regarding Google, Facebook and Microsoft such sufficient levels of
data protection derive from their membership in the Privacy Shield Agreement
(item 45 section 1 GDPR).
Cookies
In order to make a visit to our websites attractive and enable the use
of certain functions, to show suitable products or carry out market research,
we apply cookies on certain pages. Following a procedure of balancing of
interests, these cookies are used to preserve our predominantly legitimate
interests in optimising the presentation of our offerings in accordance to item
6 section 1 lit. f GDPR. Cookies are small text files that are automatically
stored on your end user device. Some of the cookies we apply are deleted again
upon ending the browser session, i. e. when you close your browser (session cookies).
Other cookies remain on your device allowing us to recognise your browser at
your next visit (persistent cookies). The duration of storage is to be found
under the cookie settings of your web browser. You can choose a browser setting
that informs you about cookies when they appear and allows you to choose
individually whether you wish to accept them, or choose to exclude cookies in
certain cases or generally. Every browser is different with regard to how it
deals with cookie settings. These are described in the help feature of every
browser, where you can find an explanation on how to change your cookie
settings.
When cookies are not accepted, the functionality of our web pages may be
affected.
Google
Analytics
These web pages do not use Google Analytics or any other tools with
similar purpose.
Facebook
Our web pages integrate plug-ins owned by social network Facebook, 1601
South California Avenue, Palo Alto, CA 94304, USA. You can recognise the
Facebook plug-ins by the Facebook logo or the ‹like› button on our website. An
overview over Facebook plug-ins are to be found here: http://developers.facebook.com/docs/plug-ins/.
When you visit our pages, a direct connection is established between your
browser and the Facebook server via the plug-in. Hence Facebook receives the
information that you have visited our website with your IP address. When you click
the ‹like› button while you are logged into your Facebook account, you can link
our pages to your Facebook profile. Then Facebook can assign your visit to our
web pages to your user account. We must inform you that we as providers of the
web pages have now knowledge regarding the content of data transmitted in this
manner, nor how this is processed by Facebook. Further information on this
subject is to be found in the privacy statement of Facebook under
https://www.facebook.com/about/privacy/. If you do not want Facebook to be able
to assign your visit to our web pages to your Facebook user account, please log
out of your Facebook account when browsing our pages.
YouTube Videos
We have embedded YouTube videos in our online web pages, which are
stored under http://www.YouTube.com and can be played directly from our web
pages.
By visiting our web pages YouTube receives the information that you have
accessed the respective subpage of our website. Additionally the data referred
to under point 3 of this statement is transmitted. This will happen
independently of whether YouTube provides a user account, which you are logged
in to, or no account exists. When you are logged in to Google, your data is
directly assigned to your account. If you wish no assignment to your YouTube
account you must log out before activating the button. YouTube stores your data
as a user profile and uses them for advertising and market research purposes,
or for enhancing the design and performance of their website. Such an evaluation
is specifically carried out for providing customised advertising (even for
users not logged in) and in order to inform other users of the social network
about your activities on our web pages. You have the right to object against
the creation of such user profiles, though you need to contact YouTube in order
to enforce your objection.
You can find further information regarding usage and scope of data
collection and processing by YouTube in their data privacy statement. There you
will also find further information regarding your rights and setting options
for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
Google processes your personal data also in the USA and is committed to
the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Data
Processing in Connection With Orders
We store and use your personal data transmitted over the course of an
online order in compliance with item 6 section 1 lit. b) GDPR exclusively for
processing your orders. We use your email address exclusively for messages
regarding the status of your order. This also applies to all customer services
provided in connection with the order and possible later processing of
warrantee and guarantee claims.
If necessary personal data will be handed on to the companies involved
in executing this contract, for instance financial institutions for payment
processing, or logistics companies for the delivery of goods.
The contract data is not deleted if accounts remain unsettled and need
settling. If legally binding retention periods exist, the respective data will
be stored in an archive until the end of such a period is reached. Contingent
extraordinary contractual agreements or special delivery conditions are also
stored for the duration of the legally required retention periods.
Data
Processing for the Protection of Legitimate Interests
Otherwise data is deleted at least five years after
cessation of the contract and only retained for possible requests or in order
to assign new orders and to process them as fast as possible. Such data
processing is carried out based on item 6 section 1 lit. f) GDPR. You have the
right to object to your data being processed. Find further information under
‹Your Rights›.
Voluntary
Information
Furthermore some information is given voluntarily. Providing a telephone
number, for instance, is voluntary. No negative consequences are connected to
not providing this information. It is possible, though, that not providing such
information in individual cases can delay or impede subsequent communication.
Data
Processing With Consent
Provided information has been given voluntarily or you have given us
your consent separately to inform you about our in-house products and services
by telephone, in written form or by email, we will process your data based on
item 6 section 3 lit. a) GDPR.
Your consent can be withdrawn anytime without affecting the lawfulness
of the data processing carried out up to that point in time. When consent is
withdrawn we will suspend the respective data processing.
Data
Processing for Direct Advertising
We will process your data for the purpose of direct advertising,
specifically for mailing our advertising by post and for sending emails for
advertising own similar articles. Such data processing is carried out compliant
to item 6 section 1 lit. f) GDPR with the intention to inform you about new
products and services. Every client has a right to object against such data
processing, which, if applied, will lead to the cessation of data processing
for direct advertising purposes. A client can object against the usage of his
or her data at any time without accruing more than the transmission cost in
accordance with the base rates. Provided that data are saved with the sole
purpose of direct advertising, this data will be deleted upon objection.
Data
Recipients
We only transmit data provided by you in connection with an order to
third parties (for instance credit institutions for the purpose of payment
processing, service providers for the purpose of enforcing settlements,
transport companies) provided a legal authorisation for such data transmission
exists.
In addition your data can be forwarded to external service providers who
support us with data processing within the framework of commissioned contract
data processing strictly in accordance with our instructions.
We will neither sell nor otherwise market your personal data to third
parties.
Newsletter
You have the option to subscribe to our newsletter on our website, with
which we inform you about our products and services. Here we apply the double
opt-in method. This means that, after you have subscribed, we send an email to
the email address you have specified asking for a confirmation for your
subscription. If your subscription is not confirmed within 24 hours, your
information will be locked and eventually deleted after one month. Compulsory
information you need to provide in order to receive our newsletter is your
email address, your title, first name and surname. Your first name and surname
are used for addressing you personally. Furthermore we store the IP addresses
you use as well as the exact times of your registration and confirmation. This
information is collected in order to prove your subscription and to clarify any
possible misuse of your data if necessary.
After your confirmation we will store your personal data referred to
above in order to send you our newsletter. The legal basis for this is outlined
under item 6 section 1 a) GDPR.
You can withdraw your consent to receiving our newsletter at any time
and cancel the subscription. Your withdrawal can be effectuated by clicking on
the link contained in every newsletter email, or you can send an email to the
email address provided under paragraph 1 of this privacy statement.
Contact Form
You have the option to contact us through a web form. In order to use
our web form you will have to provide your name and email address. All other
information is voluntary.
The legal basis for processing this data is outlined in item 6 section 1
lit f) GDPR. Our legitimate interest is based on our interest in answering the
requests of our clients and visitors to our website and thus to maintain and
promote customer satisfaction. Data is not forwarded to any third party.
Registration
for Lascaux Events
In order to process your registration for Lascaux events we require
personal data from you. We collect and process this data only to the extent
necessary for finalising the registration whilst strictly adhering to the
regulations as stipulated by the applicable data protection laws and other
legal regulations regarding data privacy. The data are encrypted for
transmission.
Personal data are not forwarded to any third party, nor are they used
for any purpose beyond the processing of your registration.
Company
Facebook Page
Under the URL https://www.facebook.com/lascaux.colours we
maintain an official Facebook page based on item 6 section 1 lit. f) GDPR. We
never collect, store or process personal data from our users on this page.
Moreover no other data processing is carried out or initiated by us. Data you
provide on our Facebook page such as comments, videos and images, are never
used or processed by us for any other purpose.
Data
Processing by Facebook
Facebook applies so-called web tracking methods on this our Facebook
page. Please beware of the fact that it is impossible to exclude that Facebook
may use your profile data for evaluating your habits, personal relations,
preferences etc. We have no influence whatsoever on the data processing
Facebook applies to your data.
Find more information regarding data processing through Facebook under
https://de-de.facebook.com/policy.php.
Google Maps
On these web pages we use Google Maps. This enables us to display interactive
maps embedded directly into the website and allows you to use the map feature.
When you visit the website, Google is informed that you have accessed
the respective subpage. Furthermore the data referred to in the chapter on
‹Usage Data› in this statement. This occurs regardless of whether Google
provides a user account that you are logged in to or whether no user account
exists. When you are logged in to Google your data is directly assigned to your
account. If you do not wish your data to be assigned to your Google account you
need to log out before activating the button. Google stores your data as usage
profiles and applies it for advertising, market research and/or for the purpose
of enhancing the usability and design of its website. Such evaluations are
specifically carried out (even for users that are not logged in) in order to
provide optimised advertising and in order to inform other users of the network
about your activities on our website. You have the right to object against the
creation of such user profiles. In order to enforce your right of objection you
need to contact Google. The legal basis for such data processing is outlined in
item 6 section 1 f) GDPR.
Further information regarding the purpose and scope of the data
collection and processing by the plug-in provider is to be found in the data
security statements of the provider. For further information regarding your
privacy rights as well as setting options for the protection of your privacy
visit http://www.google.de/intl/de/policies/privacy. Google also processes your
personal data in the USA and is subject to the EU-US Privacy Shield, see
https://www.privacyshield.gov/EU-US-Framework.
Data Security
In order to protect your data against unauthorised access as extensively
as possible we apply technical and organisational measures. On our web pages we
apply encryption. Your information are transmitted through the Internet from
your computer to our server and vice versa using TLS encryption. This is
signalised by the lock symbol in the status bar of your browser as well as by
the fact that the address line starts with https://.
Your Rights
With regard to the processing of your personal data the GDPR guarantees
certain rights to website users:
1. Right of access (item 15 GDPR):
You have the right to demand a confirmation regarding whether specific
personal data belonging to you are being processed; if this is the case you
have a right to access these personal data as well as the data individually
specified in item 15 GDPR.
2. Right of rectification and deletion (item 16 and 17 GDPR):
You have the right to demand that personal data pertaining to you be
rectified respectively completed immediately.
Furthermore you have the right to demand that personal data pertaining
to you be deleted immediately when one of the conditions specified in item 17
GDPR is fulfilled, for instance when the data is no longer required for the
specified purposes.
3. Right of limitation of data processing (item 18 GDPR):
You have the right to demand that data processing be limited when one of
the conditions specified in item 18 GDPR is fulfilled, for instance when you
have objected against your personal data being processed, for the period during
which your objection is being reviewed.
4. Right of data portability (item 20 GDPR):
In certain cases specified individually under item 20 GDPR, you have the
right to demand personal data pertaining to you in a structured, standardised
and machine-readable form, respectively to demand these data be transferred to
a third party.
5. Right of objection (item 21 GDPR):
If data is collected based on item 6 section 1 lit. f) (data processing
for the preservation of legitimate interests) you have the right to object
against the processing of your data at any time for reasons arising out of your
special situation. We will then no longer process your personal data unless
provable and forcible reasons requiring protection are provided, which outweigh
the interests, rights and freedoms of the affected person, or the processing of
such personal data serves the enforcement, defence or enactment of legal
demands.
6. Right of complaint to a supervisory authority
According to item 77 GDPR you have the right to complain to a
supervisory authority when you hold the opinion that the processing of your
personal data is in breach of data protection regulations. Your right to
complain can specifically be addressed to a supervisory authority in the member
state of your domicile, your place of work or the place where the presumed
breach took place.
Last updated 30 November 2023