Chocolat Bernrain AG, Buendtstrasse 12, CH-8280 Kreuzlingen and Chocolat Stella SA, Via alle Gerre 28, CH-6512 Giubiasco, are the operators of the website www.chocolatstella.ch and are therefore responsible for the collection, processing and use of your personal data and the compliance of the data processing with the regulations in force.
Your trust is important to us. We take data protection seriously and ensure appropriate security measures are in place. As a matter of course, we comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Swiss Federal Act on Data Protection (OFADP), the Swiss Telecommunications Act (TCA) and, where applicable, other provisions of data protection law, in particular the General Data Protection Regulation of the European Union (GDPR).
To help you understand what personal data we collect from you and for what purposes we use it, please read the information below.
1) Principles of data processing on www.chocolatstella.ch
The personal data collected on the website www.chocolatstella.ch
a) shall be processed lawfully, fairly and in a way that is comprehensible to the data subject.
b) shall be used solely for the implementation and processing of the services and offers provided on the website. It will not be further processed for other purposes under any circumstances.
c) which is inaccurate with regard to the purposes of its processing shall be deleted or corrected without delay.
d) shall only be stored for as long as necessary for the purposes for which it is processed.
e) shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
2) Legality of the data processing
By viewing the website www.chocolatstella.ch the user gives their consent to the processing of personal data concerning them, especially since this means that an overriding interest of the user can also be assumed.
The user has the right to revoke their consent at any time (by sending an e-mail to
email@example.com). The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
3) Scope and purpose of the collection, processing and use of personal data
a) when visiting www.chocolatstella.ch
When you visit www.chocolatstella.ch our servers temporarily save any access in a log file. The following data is collected without your intervention and stored by us until it is automatically deleted after twelve months at the latest:
- the IP address of the requesting computer,
- the date and time of the access,
- the name and URL of the file retrieved,
- the website from which the access was made,
- the operating system of your computer and the browser you are using,
- the country you accessed the website from and the language settings on your browser, and
- the name of your internet access provider.
The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing connection), ensuring system security and stability and enabling the optimisation of our online offering, as well as for internal statistical purposes. In particular, the IP address is used to record the country of residence of the visitor to the website and to preset the language of the website accordingly. Furthermore, the IP address is evaluated in the event of attacks on the network infrastructure of www.chocolatstella.ch and for statistical purposes.
In addition, when you visit our website, we use pixels and cookies to display personalised advertising and to use web analysis services.
b) when using our contact form
You have the option to use a contact form to get in touch with us. The following personal data must be entered:
- first name and surname,
- address (street, house number, postcode, city),
- phone number and
- e-mail address.
Failure to provide this information may obstruct the provision of our services.
We only use this data to be able to respond to your contact request as effectively and personally as possible. You can object to this data processing at any time and request that we delete your data (by sending an e-mail to firstname.lastname@example.org).
c) when subscribing to our newsletter
You have the option to subscribe to our newsletter via our website. Registration is required for this. The following data must be provided for this registration:
- first name and surname,
- address (street, house number, postcode, city),
- phone number and
- e-mail address.
The above data is required for data processing. We process this data exclusively in order to personalise the information and offers sent to you and to better tailor them to your interests.
By registering, you give us your consent to process the data provided for the regular sending of the newsletter to the address you have provided and for the statistical analysis of user behaviour and the optimisation of the newsletter. This consent constitutes our legal basis for the processing of your e-mail address within the meaning of Art. 6(1)(a) GDPR. We are entitled to commission third parties to perform the technical processing of advertising measures and are entitled to pass on your data for this purpose.
At the end of each newsletter you will find a link that allows you to unsubscribe at any time. When unsubscribing, you can voluntarily inform us of the reason you want to unsubscribe. After unsubscribing, your personal data will be deleted. Further processing only takes place in anonymised form to optimise our newsletter.
The sending service provider may use the recipients’ data in pseudonymous form, i.e. without associating it with a user, to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for statistical purposes. However, the sending service provider does not use the data of our newsletter recipients to contact them itself or to pass the data on to third parties.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of the corresponding newsletter service provider after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the members’ area) remains unaffected by this.
We use e-mail marketing services from third parties to send our newsletter. Our newsletter may therefore contain a web beacon (tracking pixel) or similar technical means. A web beacon is an invisible 1x1 pixel graphic associated with the user ID of the respective newsletter subscriber.
The recourse to corresponding services makes it possible to evaluate whether the e-mails containing our newsletter have been opened. In addition, the click behaviour of newsletter recipients can be recorded and analysed. We use this data for statistical purposes and to optimise the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of each recipient. The tracking pixel is deleted when you delete the newsletter.
To prevent tracking pixels in our newsletter, please set your e-mail program so that no HTML is displayed in messages.
4) Use of your data for marketing purposes
a) In general
Chocolat Bernrain AG and Chocolat Stella SA may use the personal data of users of www.chocolatstella.ch to promote their services (online and/or print advertising, etc.). Chocolat Bernrain AG and Chocolat Stella SA are permitted to disclose personal data to third parties for this purpose. The user expressly agrees to this use of their data.
We use retargeting technologies on the website. This involves analysing your user behaviour on our website in order to be able to subsequently offer you individually tailored advertising on partner websites as well. Your user behaviour is recorded pseudonymously. Most retargeting technologies work with cookies.
c) Google Ads Remarketing and/or DoubleClick by Google
This website uses Google Ads Remarketing and/or DoubleClick by Google services from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to display advertisements based on the use of previously visited websites. For this purpose, Google uses the DoubleClick cookie, which allows your browser to be recognised when visiting other websites. The information generated by the cookie about your visit to these websites (including your IP address) will be transmitted to a Google server in the USA and stored there (for more information about transfers of personal data to the USA, see section 12 below).
Google will use this information for the purpose of analysing your use of the website with regard to the advertisements to be placed, compiling reports on website activity and advertisements for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. However, Google will not associate your IP address with any other data held by Google.
We also use Google Tag Manager to manage the services for usage-based advertising. The Tag Manager tool itself is a domain without cookies and does not collect any personal data. Rather, the tool triggers other tags, which in turn may collect data. If you have performed a deactivation at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
You can prevent retargeting at any time by rejecting or switching off the cookies in question in the menu bar of your web browser. You can also request an opt-out for the aforementioned further advertising and retargeting tools via the Digital Advertising Alliance’s website at optout.aboutads.info.
5) Integration of third-party services and content
It may be that content or services from third-party providers, such as maps or fonts from other websites, are integrated within our online offering. The integration of content from third-party providers always requires the third-party providers to detect the user’s IP address. Without the IP address, the content cannot be sent to the user’s browser. The IP address is therefore required to be able to display this content. Furthermore, the providers of the third-party content may set their own cookies and process the user’s data for their own purposes. In the process, user profiles can be created from the processed data. We will use this content in a data-saving and data-avoiding manner as far as possible and select reliable third-party providers with regard to data security.
The following information provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and, in part already mentioned here, options for objection (opting out):
This website uses the Google Tag Manager. This is a solution we use to manage website tags via an interface and be able to integrate Google Analytics, for example, as well as other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any of the user’s personal data. With regard to the processing of the user’s personal data, reference is made to the following information on Google services.
Use policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
In the context of the performance of contracts, we use one or more payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6(1)(b) GDPR (EU). We also use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, in accordance with Art. 6(1)(f) GDPR (EU) in order to offer our users effective and secure payment options. The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related details, among others. These details are required to be able to perform the transactions. However, the data entered is only processed by the payment service providers and stored with them. As the operator, we do not receive any (bank) account or credit card details, only information regarding confirmation (acceptance) or rejection of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to perform identity and credit checks. In this regard, we refer to the GTCs and data protection information of the payment service providers. The terms and conditions and the data protection information of the respective payment service provider, which can be called up within the respective website or transaction applications, apply to the payment transactions. We also refer to these for further information and assertion of revocation, information and other data subject rights.
6) Transfer of data to third parties
We only transfer your personal data if you have provided express consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and us.
In addition, we transfer your data to third parties to the extent necessary to provide the services you request when using the website and to analyse your user behaviour. Insofar as this is necessary for the purposes stated in sentence 1, transfer may also be made abroad. If the website contains links to third-party websites, we no longer have any influence on the collection, processing, storage or use of personal data by the third party once these links have been clicked on and we accept no responsibility for this.
7) Transfer of personal data abroad
8) Data security
We use appropriate technical and organisational security measures to protect the personal data that is stored with us from manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continuously being improved in line with technological developments.
You should always keep your payment information confidential and close the browser window when you have finished communicating with us, especially if you share a computer with others.
We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with the provisions of data protection law.
Cookies help in many aspects to make your visit to our website easier, more enjoyable and more useful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website. Cookies do not damage your computer’s hard drive or transmit users’ personal data to us.
Deactivating cookies may mean that you cannot use all the functions on our website.
10) Data transmission security with SSL
For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and when you see the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
11) Tracking tools
We use tracking tools on our website. Your browsing behaviour on our website is monitored using these tracking tools. This monitoring is carried out for the purpose of demand-oriented design and the continuous optimisation of our website. In this context, pseudonymised usage profiles are created and small text files stored on your computer (cookies) are used.
a) Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We have also added the code “anonymizeIP” to Google Analytics on this website. This guarantees that your IP address will be masked, so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by
We also use Google Analytics to analyse data from double-click cookies and ads for statistical purposes. If you do not want this to happen, you can deactivate it via the Ad Settings manager (http://www.google.com/settings/ads/onweb/).
We use Google Analytics, including the functions of Universal Analytics or Google Analytics 4 (GA4). This allows us to analyse the activities on our pages across devices (e.g. access via a laptop and later via a tablet). This is made possible by the pseudonymous assignment of a user ID to a user. Such assignment takes place, for example, when you register for a customer account or log into your customer account. However, no personal data will be transferred to Google. Even if additional functions are added to Google Analytics with Universal Analytics or Google Analytics 4, this does not mean that a restriction of data protection measures such as IP masking or the browser add-on is associated with this.
b) Google Ads
We use the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking. Google Conversion Tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad placed by Google, a cookie is placed on your computer for conversion tracking. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain web pages on our website and the cookie has not yet expired, we and Google can detect that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. This means that there is no possibility that cookies can be tracked through Ads customers’ websites.
The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. This tells customers the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that allows them to personally identify the user.
12) Social media plug-ins
The social media plug-ins described below are used on this website. The plug-ins are deactivated by default on our website and therefore do not send any data. You can activate the plug-ins by clicking on the corresponding social media button.
If these plug-ins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you call up one of our websites. The content of the plug-in is transmitted directly to your browser by the social network and integrated into the website. The plug-ins can be deactivated again with a click.
For more information, please refer to the respective privacy policies of Facebook, Twitter and Google.
a) Facebook plug-ins
Social plug-ins from Facebook are used on this website to make our website more personal. As such, we use the “LIKE” and “SHARE” buttons. This is a service offered by the US company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
By integrating plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can associate your visit to our website directly with your Facebook account. If you interact with the plug-ins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and the demand-oriented design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website.
b) LinkedIn plug-ins
Our website uses plug-ins of the social network LinkedIn or the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”). You can recognise the LinkedIn plug-ins by the corresponding logo or the “Recommend” button. Please note that the plug-in establishes a connection between your internet browser and the LinkedIn server when you visit our website. LinkedIn is therefore informed that our website has been visited using your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account at the same time, you have the option of linking content from our website to your LinkedIn profile page. In doing so, you allow LinkedIn to associate your visit to our website with you or your user account. You should know that we do not gain any knowledge of the content of the transmitted data and its use by LinkedIn. For more details on the collection of data and your legal and settings options, please visit LinkedIn. These options are available at https://www.linkedin.com/legal/privacy-policy.
c) YouTube plug-ins
Our website uses plug-ins from YouTube, which belongs to Google Inc. and is based in San Bruno, California, USA. As soon as you visit pages of our website equipped with a YouTube plug-in, a connection to the YouTube servers is established. This informs the YouTube server of the specific page of our website you have visited. If you are also logged into your YouTube account, this would allow YouTube to associate your browsing behaviour directly with your personal profile. You can avoid this association by logging out of your account before visiting the website. For further information on the collection and use of your data by YouTube, please refer to the information on data protection at www.youtube.com.
d) Instagram plug-ins
Functions provided by Instagram are integrated within our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and its use by Instagram.
13) Information about transfer of data to the USA
For the sake of completeness, we would like to point out for users resident or with their registered office in Switzerland that there are surveillance measures in place in the USA by US authorities that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and its subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated both with the access to this data and with its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland to obtain access to the data concerning them or to obtain its correction or deletion, and that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.
We would like to point out for users resident in an EU Member State that the USA does not have a sufficient level of data protection from the point of view of the European Union.
14) Right to information, rectification, erasure and restriction of processing; right to data portability
You have the right to obtain information about the personal data we store about you upon request and free of charge. In addition, you have the right to correct incorrect data and the right to delete your personal data, insofar as this does not conflict with a legal obligation to retain the data or an authorisation that allows us to process the data. In accordance with Articles 18 and 21 GDPR, you also have the right to request a restriction of data processing and to object to data processing.
You also have the right to ask us to return the data you have provided us with. On request, we will also share the data with a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the purposes mentioned above using the e-mail address email@example.com. We may, at our discretion, require proof of identity to process your request.
You can also tell us what you want to happen to your data after your death by giving us corresponding instructions.
15) General exclusion of liability
All information on our website has been carefully checked. We make every effort to ensure that
the information we provide is up to date, accurate and complete. Nevertheless, the occurrence of errors cannot be completely excluded, which means that we cannot guarantee the completeness, correctness or validity of information, including of a journalistic and editorial nature. Liability claims regarding damage of a material or non-material nature caused by the use of any information provided are excluded unless there is evidence of wilful misconduct or gross negligence.
The publisher may change or delete texts at its own discretion and without notice
and is not obliged to update any content of this website. Use of or access to this website is at the visitor’s own risk. The publisher, its clients or partners are not responsible for any damages, including direct, indirect, incidental, consequential or specific damage, alleged to have been caused by the use of this website and consequently assume no liability for such damage.
The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked websites are solely responsible for their content. The publisher therefore expressly dissociates itself from all third-party content that may be relevant under criminal or
liability law or that may offend common decency.
16) Data retention
We only store personal data for as long as it is required
to use the above tracking, advertising and analytics services in our legitimate interest, to perform services to the extent you have requested or consented to, and to comply with our legal obligations.
Contract data is kept by us for a longer period of time, as this is required by statutory retention obligations. Retention obligations that require us to retain data result from accounting regulations and tax regulations. According to these regulations, business communications, concluded contracts and accounting records must be kept for up to 10 years or, in the case of users resident in France, for up to 5 years. Insofar as we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
17) Right to complain to a data protection supervisory authority
If you are a resident of an EU country, you have the right to complain to a
data protection supervisory authority at any time.
Kreuzlingen, 1 November 2021
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
Data processing agreement
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or the withdrawal of consent
- Your anonymised IP address
- Information about your Browser
- Information about your Device
- The date and time you have visited our website
- The webpage url where you saved or updated your consent preferences
- The approximate location of the user that saved their consent preference
- A universally unique identifier (UUID) of the website visitor that clicked the cookie banner