Privacy policy

AM Drip AG Data Privacy Policy

1. General Information

This privacy policy explains how AM Drip AG (hereafter referred to as "AM Drip", "we", or "us") processes your personal data in connection with our website www.amdrip.com (the "Website"). This is not an exhaustive description; other privacy statements, terms and conditions, and similar documents may address specific issues.

The term "data" is used here synonymously with "personal data."

If you provide us with data about other individuals, we assume that you are authorized to do so and that the data is accurate. By providing data about third parties, you confirm this. Please also ensure that these third parties are informed about this privacy policy.

2. Controller

Unless otherwise communicated, AM Drip AG is responsible for the data processing described in this privacy policy:

AM Drip AG Langstrasse 62 8004 Zurich Switzerland

For your data privacy concerns and to exercise your rights, you can reach us as follows:

Nathalie Molina Email: info@amdrip.com Phone: +41 44 221 93 02

3. Collection and Processing of Data

We collect data when you visit our website and use the functionalities or services available on the website. Your data is processed based on the agreed purposes or a legal basis. The specific data we process depends on the occasion and purpose. We only collect data necessary for the execution and handling of our products and services or data you voluntarily provide. As far as not prohibited, we also obtain data from publicly accessible sources (e.g., debt registers, land registers, commercial registers, media, or the internet, including social media) or receive data from authorities and other third parties (e.g., credit agencies, address dealers, associations, contract partners, internet analysis services, etc.).

Categories of data you have provided directly and categories of data we receive from third parties include, but are not limited to:

• Technical Data: IP address; information about your device's operating system; cookies; names and URLs of requested web pages; transmitted data volume; region, date, and time of access; websites accessed via our site; referring websites; browser type; ISP name; logs, etc.
• Master Data: Name; title; address; email address; phone number; gender; date of birth; nationality; employer or company details; role and function; relationship details; consent declarations (e.g., newsletter or online contact form); social media profiles; photos and videos; ID copies; payment information, etc.
• Communication Data: Data transmitted via contact form, email, phone, letter, or other communication means; name; contact details; nature, manner, place, and time of communication, usually including content (e.g., emails, letters); information about your request if using an online contact form; order number; returned items, etc.
• Contract and Service Data: Information when using our online offers and/or concerning a potential contract conclusion; information about your contracts (e.g., type and date of conclusion); information about the products and services provided or to be provided; feedback information (e.g., complaints, satisfaction feedback, etc.); information necessary for contract execution and management (e.g., billing, customer service, technical support, enforcement of contractual claims), etc.
• Registration Data: Name; address; email address; phone number; date of birth; credit card information; bank account details, etc.
• Behavioral and Preference Data: Information about your behavior on our website; information about the use of our products and services; your reaction to electronic communications; location information, e.g., when searching for a shop on our website via Google Maps; information from input fields (e.g., search function), etc.
• Other Data: We may collect data in other situations, e.g., related to administrative or legal proceedings (e.g., files, evidence). At events we offer, we may collect data about attendance and create photos, videos, and audio recordings where you may be identifiable.

In the course of our business relationship, it is necessary to provide data essential for the establishment and fulfillment of the contractual relationship. Generally, there is no legal obligation to provide this data. Without this data, however, we may not be able to enter into or continue the contract with you or the entity/person you represent. Additionally, certain information must be disclosed to enable website data traffic, e.g., an IP address.

4. Purposes of Processing

The collected data is primarily used for the conclusion and execution of contracts with you and business partners, particularly in connection with the products and services offered on our website. We also process the data to fulfill our legal obligations.

Furthermore, in accordance with applicable law and where appropriate, we may process data for the following purposes, which are in our or third parties' legitimate interests:

• Product/Service Development and Innovation: We process your data to develop our products, services, website, and other platforms.
• Communication: We process your data for communication purposes, particularly to respond to your inquiries and assert your rights, as well as to contact you for follow-ups.
• Security: We process your data to protect our operations, IT, and other infrastructure, as well as our website and other platforms.
• Marketing: We process your data for market, media, and opinion research, optimization of advertisements, to show you ads and offers tailored to your interests, and for sending newsletters if you have consented, where required by law.
• Relationship Management: We may use a Customer Relationship Management System (CRM) to store and process your data as described.
• Risk Management, Corporate Governance, and Business Development: We process your data for risk management and corporate governance to protect against criminal or abusive activities. In the context of business development, we may sell or acquire businesses or parts of businesses, which may involve data exchange and processing based on your consent.
• Legal Disputes: We process your data to enforce legal claims and defend in legal disputes and administrative proceedings.
• Compliance with Laws: We process your data to comply with legal requirements (e.g., prevention and investigation of crimes and other misconduct; conducting internal investigations, fraud prevention data analysis).

5. Legal Basis for Processing

If we ask for your consent for certain processing (e.g., receiving newsletters), we process your data based on this consent. You can withdraw your consent at any time for the future by written notification (email suffices). If you wish to withdraw consent for online tracking, please refer to section 9. The withdrawal of your consent does not affect the legality of processing carried out based on your consent before its withdrawal, nor the processing of your data on other legal grounds.

If we have not asked for your consent, we process your data based on other legally indicated or permissible reasons, such as a contractual obligation, legal obligation, a correspondingly significant interest of the data subject or another natural person, the fulfillment of a public task, or a legitimate interest that includes compliance with applicable law and marketing our products and services, understanding our markets better, and managing and developing our company securely and efficiently.

6. Profiling and Automated Decision-Making

We may evaluate certain of your personal characteristics for the above purposes using your data (profiling), such as determining preference data, detecting abuse and security risks, conducting statistical analyses, or for operational planning purposes. We may also create profiles by combining behavioral and preference data with master and contract data and associated technical data to understand you better as a person with your interests and characteristics. We may use profiling to assess your creditworthiness. We do not use profiling that is not legally permissible or significantly affects you without human review.

In certain situations, for efficiency and consistency of decision-making processes, we may automate decisions with legal effects or significant disadvantages for you (automated individual decisions), in which case you are entitled to the legal rights (see especially section 16 and the relevant legal foundations). We will inform you accordingly and take the necessary measures required by applicable law.

7. Disclosure of Data to Third Parties

To fulfill our contracts, comply with legal obligations, protect our legitimate interests, and achieve the other purposes and legal grounds mentioned above, we may disclose your data to third parties, particularly the following categories of recipients:

• Service Providers: We work with service providers in Switzerland and abroad who process data on our behalf or jointly with us or independently receive data from us (e.g., IT providers, banks, insurers, telecommunications companies, credit agencies, address verification providers, payment service providers, lawyers) or whom we engage to process data for any of the above purposes in our name and only according to our instructions.
• Contract Partners: If required by the respective contract, we disclose your data to other contract partners, dealers, subcontractors, etc.
• Authorities: We may disclose personal data to offices, courts, and other authorities in Switzerland or abroad if we are legally obliged or entitled to do so or if it seems necessary to protect our interests. Authorities process data about you received from us independently. Furthermore, we have no influence on government or other monitoring measures of third parties.

8. Newsletter

If you subscribe to one of our newsletters, you can cancel the subscription at any time by using the unsubscribe option included in the newsletter.

In connection with our newsletter and based on your consent, we use the tools listed in section 12 to collect your data when you sign up for our newsletter or other updates and ensure that you only receive newsletters and updates matching your actual or perceived interests.

9. Cookies

We use cookies on our website that enable us to identify your browser or device and allow certain third-party providers to do the same. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

Some cookies are necessary for our websites to function or for certain features. These cookies are temporary (“session cookies”) and are deleted after you visit our website. Other cookies are necessary to store user settings and other information beyond a session (“permanent cookies”). Regardless, you have the option to set your browser to reject cookies, store them for a single session only, or delete them before their usual expiration date, although this may limit certain functionalities of our website.

Most of the cookies we use are so-called session cookies. We only use permanent cookies to store user settings (e.g., language) and to understand how you use our services and content. Some cookies are sent by us to you, others by business partners with whom we collaborate. If you choose to block cookies, you may not be able to use certain features (e.g., language settings).

By using our website and consenting to other marketing emails, you agree to the use of such technologies. Depending on the purpose of these cookies, however, we may ask for your explicit consent beforehand. You can accept or reject consent via the cookie banner on our website.

10. Social Plug-ins

We use social plug-ins from Vimeo and Instagram on our websites. These are recognizable by the corresponding symbols. We have configured these elements to be deactivated by default. If you activate them (by clicking), the providers of the respective social networks can register that and where you are on our website and use this information for their purposes. The processing of your data then takes place under the responsibility of the respective provider according to their data protection provisions. We do not receive any information about you.

11. Our Social Media Presence

We have various presences on social media platforms. We operate these presences with the following providers: Instagram / Meta, TikTok, and Vimeo.

We receive data from you and the platforms when you contact us through our online presence. At the same time, the platforms evaluate your use of our online presences and link this data with other data known to the platforms about you. They also process this data for their own purposes under their responsibility, particularly for marketing and market research purposes and to manage their platforms.

We would like to point out that you use our presences on social media platforms and their functions on your own responsibility. This applies particularly to the use of interactive functions (e.g., commenting, sharing, rating). For information on the collection and storage of your data as well as the type, scope, and purpose of their use by the operator of the respective social media platform, please refer to the data protection statements of the respective operator. We disclaim any liability for data protection violations by third parties over whose data processing we have no control.

12. Tools

Shopify We use functions of the e-commerce platform Shopify on our websites, through which the AM Drip webshop operates. Shopify Inc. is based in Canada. We have entered into a data processing agreement with Shopify Inc. and fully comply with the requirements of the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR) when using Shopify. For more information on how Shopify handles personal data, please refer to Shopify's privacy policy: https://www.shopify.com/legal/privacy.

Wallee We use functions of the payment processing service Wallee, offered by Wallee Group AG based in Switzerland, on our websites. We have entered into a data processing agreement with Wallee Group AG and fully comply with the requirements of the DSG and GDPR when using Wallee. For more information on how Wallee handles personal data, please refer to Wallee's privacy notice: https://wallee.com/legal/datenschutz.

MF Group We use the functions of MF Group for invoice purchase in Switzerland on our websites. MF Group AG is based in Switzerland. We have entered into a data processing agreement with MF Group AG and fully comply with the requirements of the DSG and GDPR when using MF Group. For more information on how MF Group handles personal data, please refer to MF Group's privacy policy: https://terms.mfgroup.ch/agbfiles/Datenschutz_de.

Klaviyo We use functions of the email marketing service Klaviyo, offered by Klaviyo in the USA, on our websites. We have entered into a data processing agreement with Klaviyo and fully comply with the requirements of the DSG and GDPR when using Klaviyo. For more information on how Klaviyo handles personal data, please refer to Klaviyo's privacy policy: https://www.klaviyo.com/legal/data-processing-agreement.

Google We use functions of Google on our websites. Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its data processor (both “Google”). Google tracks the behavior of visitors on our website (duration, frequency of page views, geographic origin of access, etc.) through performance cookies and creates reports on the use of our website for us. We have entered into a data processing agreement with Google Ireland and fully comply with the requirements of the DSG and GDPR when using Google. For more information on how Google handles personal data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245.

Instagram/Meta We use Facebook Pixel on our websites to optimize advertising. Facebook is operated by Meta Inc. in the USA. We have entered into a data processing agreement with Meta Inc. and fully comply with the requirements of the DSG and GDPR when using Facebook/Meta. For more information on how Facebook/Meta handles personal data, please refer to their privacy policies, which you can view here: https://www.facebook.com/business/gdpr.

Vimeo We use the offer of Vimeo on this website. This allows us to play videos directly on the website and enables you to use the video function comfortably.

The servers of Vimeo are primarily located in the USA, as the company is headquartered there. Therefore, data collected on websites through the videos is automatically transferred to the USA and stored on servers there.

Usually, when you access a page with embedded videos, your IP address is sent to Vimeo and cookies are installed on your computer. However, we have integrated our Vimeo videos with enhanced privacy mode. This means that Vimeo does not store any information about visitors unless you watch the video. If you click the video, your IP address will be sent to Vimeo, and Vimeo will know that you have watched the video. If you are logged in to Vimeo, this information will also be associated with your user account (you can prevent this by logging out of Vimeo before accessing the video).

We have no knowledge of or influence over the collection and use of your data by Vimeo. For more information, please refer to Vimeo's privacy policy.

TikTok We probably use functions from ByteDance Ltd., the company behind the short-form video hosting service TikTok, on our websites. ByteDance Ltd. is based in the UK, Cayman Islands, and China. We have entered into a data processing agreement with ByteDance Ltd. and fully comply with the requirements of the DSG and GDPR when using ByteDance Ltd. For more information on how ByteDance Ltd. handles personal data, please refer to their official article on data processing, which you can view here: https://ads.tiktok.com/i18n/official/article?aid=893639991572679936.

13. Transfer of Data Abroad

As explained in the sections above, we also disclose data to other entities. These are not only located in Switzerland. Your data may therefore be processed in Europe, the USA, Hong Kong, Ireland, India, Canada, Lithuania, Denmark, Germany, Estonia, Israel, Great Britain, Latvia, and France; in exceptional cases, however, in any country in the world.

We only transfer data to countries without adequate legal data protection if it is necessary to fulfill a contract or to assert or defend legal claims, or if such a transfer is based on your explicit consent or is subject to guarantees that ensure the protection of your data, such as the standard contractual clauses approved by the European Commission (adapted to Switzerland, if applicable).

14. Data Retention Periods

We process your data only for as long as it is necessary to fulfill the purposes for which we collected it, including compliance with legal retention obligations and, as far as necessary, to assert or defend legal claims until the end of the respective retention period or until the relevant claims are resolved. After the respective retention period expires, we will securely destroy your data in accordance with applicable laws and regulations.

15. Data Security

We take appropriate security measures to maintain the confidentiality, integrity, and availability of your data, to protect it against unauthorized or unlawful processing, and to counter the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access. Nevertheless, we and your data can fall victim to cyber attacks, cybercrime, brute-force methods, hacking attacks, and other fraudulent and malicious activities, including, but not limited to, viruses, forgery, malfunctions, and interruptions, which are beyond our control and responsibility. We have also established procedures for handling suspected data breaches and will notify you and all relevant supervisory authorities of a breach if we are legally required to do so.

16. Your Rights

In connection with our processing of your data, we adhere to the applicable data protection laws, particularly the Swiss Data Protection Act (DSG) in its current, revised version and, if the matter falls within the scope of European data protection legislation, the General Data Protection Regulation (GDPR). These legal bases provide for the following rights for individuals affected by data processing:

RIGHT TO INFORMATION If personal data is collected, the affected individuals must be provided with a range of information about the data collection, particularly which data is collected and for what purpose. The affected person is entitled to request confirmation of whether their personal data is being processed or not.

RIGHT TO RECTIFICATION The affected person has the right to request the immediate correction of incorrect personal data concerning them from the data controller. Considering the purposes of the processing, the affected person has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

RIGHT TO DELETION ("RIGHT TO BE FORGOTTEN") The affected person has the right to request the immediate deletion of personal data concerning them, and the personal data must be deleted immediately if one of the relevant reasons applies, such as the data no longer being necessary for the purpose for which it was collected.

RIGHT TO RESTRICTION OF PROCESSING The affected person has the right, in certain cases, to request the restriction of processing of their data. If such a restriction is requested, the data may only be stored but not further processed.

RIGHT TO NOTIFICATION According to the GDPR and DSG, all recipients to whom personal data has been disclosed must be informed of any correction, deletion of the personal data, or restriction of processing, unless this proves impossible or involves disproportionate effort.

RIGHT TO DATA PORTABILITY The affected person has the right to receive the data they have provided in a structured, commonly used, and machine-readable format and has the right to transmit this data to another data controller, for example, to switch service providers. However, this right can only be exercised if the data processing is based on the consent of the affected person or on a contract.

RIGHT TO OBJECT The affected person also has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them; this also applies to profiling based on these provisions. Consequently, the data may no longer be processed unless the data controller can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the affected person, or the processing serves the assertion, exercise, or defense of legal claims. If personal data is processed for direct marketing purposes, the affected person has the right to object at any time to the processing of personal data concerning them for such advertising purposes; this also applies to profiling, as far as it is related to such direct marketing.

RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING The affected person has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

RIGHT TO NOTIFICATION OF DATA PROTECTION BREACHES If there are violations of data protection regulations, the affected person will be informed if this poses a high risk to personal rights and freedoms.

TECHNICAL MEASURES FOR DATA SECURITY We protect personal data through appropriate technical and organizational security measures and store it on secure servers. The website is secured against manipulation by usual measures according to the state of the art and against access, alteration, or distribution by unauthorized persons. This includes considering aspects of data protection in the planning phase of our services ("privacy by design"), and our new products or services are offered with privacy-friendly default settings ("privacy by default").

Furthermore, the corresponding processing actions are recorded by the responsible persons in our company.

If you wish to exercise the above-mentioned rights, please contact the contact details provided in section 2, unless otherwise specified or agreed. Please note that we must identify you to prevent misuse, e.g., by a copy of your ID card or passport unless identification is otherwise possible.

Additionally, each affected person has the opportunity to assert their rights in court or file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

17. Updating and Changing This Privacy Policy

Due to the continuous development of our website and its contents, as well as changes in legislation or regulatory requirements, it may be necessary to amend this privacy policy from time to time. The version published on this website is the current version.

Last update: 13.05.2024.