This privacy statement applies to all business units of Digitec Galaxus AG.
Should there be any inconsistency between this data protection statement and any other applicable contract or the general terms and conditions of Digitec Galaxus AG, the provisions of this data protection statement will prevail.
Data protection is a matter of trust, and your trust is important to us. We respect your personality and privacy. We also want to make sure that your personal data are protected and processed in accordance with the law.
It is important to us that you agree to your personal data being processed. In this privacy statement we will provide you with comprehensive information about the data processing methods we use. And you then decide whether you wish your personal data to be processed.
This privacy statement covers both historical and future personal data. If you agree to your data being processed, we will process not only personal data collected by you in the future in accordance with this privacy statement, but also your personal data that we already have on file. This also applies in particular to personal data which we have collected and processed as part of the Migros Group’s bonus programmes (e.g. Cumulus).
When we refer in this privacy statement to the processing of your personal data, we mean any form of handling of your personal data. This includes, for example:
- the collection,
- disclosure or
- deletion of your personal data.
We collect personal data so that we can offer our customers better services. We firmly believe that if our activities are geared to the wishes and needs of our customers that should make the tasks of daily life easier for you. Better services may include
- Optimisation of our store locations, so that these are always close to where you are
- Gearing the product assortment to customer requirements
- Personalisation of customer communication, so that you will find offers which match your wishes and receive less advertising overall
- Simplification of procedures such as purchases or bookings, so that you reach your goal more quickly
1. How do we protect your personal data?
We have technical and organisational security procedures to maintain the security of your personal data and to protect your session data and personal data against unauthorised or illegal processing and/or against unintentional loss, modification, disclosure or access. Nevertheless, you should always be aware that the transmission of data over the Internet and other electronic means entails certain security risks, and that we cannot give any guarantee for the security of data that are transmitted in this way.
2. How long do we keep data for?
We keep your personal data for as long as we consider necessary or reasonable to comply with the applicable laws, or for as long as this is necessary for the purposes for which they were collected. We delete your personal data as soon as they are no longer required, and in any case after the end of the maximum retention period prescribed by law.
3. What rights do you have in respect to your personal data?
You have the right to assert your data protection rights at any time, and to obtain information about your stored personal data, to rectify, add to, object to the processing of your personal data, or demand the deletion of your personal data. You will find details of how to contact us in section 4 below. We reserve the right to correspond with you electronically in this connection (especially by e-mail).
4. How can you contact us?
If you would like to assert your rights in respect of your personal data, or if you have any questions or concerns relating to the processing of your personal data, you can contact us as follows: /information/contactinformation. We will make every effort to respond to your questions or concerns immediately after receipt.
5. Who is the owner of the data collected?
We are obliged by law to notify you of the name of the owner of the data collection which includes your personal data. The owner of the data collection is Digitec Galaxus AG, Pfingstweidstrasse 60, 8005 Zürich.
6. When do we collect your personal information?
We collect your personal data whenever we are in contact with you. There are many kinds of situations in which we are in contact with you. For example, we collect your personal data under the following circumstances:
- When you visit our businesses or other premises;
- When you purchase our goods or services in our businesses or via our websites;
- When you take part in our courses, seminars or training programmes;
- When you claim a service from our Customer Services;
- When you register a product or service purchased from us;
- When you order and use one of our customer cards or loyalty cards;
- When you receive a newsletter or other advertisement about our products and services;
- When you take part in a competition or prize draw;
- When you become a member of one of our customer loyalty schemes;
- When you take part in one of our market research promotions or surveys;
- When you use, or communicate with us or third parties via our websites, apps for mobile devices or offers on internet platforms, multimedia portals and/or social networks;
- When you communicate with us by telephone, fax, e-mail, voicemail, text messaging (SMS), picture messaging (MMS), video messaging or Instant Messaging;
- When your mobile phone is connected to the WLAN that is available in our business premises;
- When you make contact with us at special occasions such as events, publicity events, sponsorship events or cultural and sports events.
7. Which personal information do we collect?
The personal data collected are similarly varied. Firstly, we collect personal data which you make available to us. Secondly, we collect personal data which are automatically or manually recorded when you contact us, for example:
Data about you:
- Name and first name;
- Date of birth and age;
- Home address;
- Size of household;
- Shopping habits;
- Information about spending power;
- Customer and shopping preferences;
- Delivery address;
- Invoice address;
- Credit card and account information;
- Language preferences;
- Telephone number(s);
- E-mail address(es);
- Identification numbers of your technical devices;
- Customer and loyalty card numbers;
- Details of newsletters subscribed to or other publicity;
- Consent to receive advertising material;
- Online customer account information (including date of opening, user names, profiles);
- Memberships within our business unit;
- Photographic and video recordings of visits to our businesses or other premises.
Data relating to customer activities
- Contract dates (including contract date, type of contract, contract provisions; parties to the contract; term of contract; contract value; claims lodged under contract);
- Purchasing information (including date of purchase; place of purchase; time of purchase; type, quantity and value of the products and services purchased; shopping basket; cancelled shopping basket; payment method used; paying agent; purchasing history);
- Customer service information (including product returns, complaints, guarantee claims, delivery information);
- Session dates with reference to visits to our websites, apps for mobile devices or offers on Internet platforms, multimedia portals and/or social networks (including duration and frequency of visits, language and regional defaults, information about browser and computer operating system, Internet Protocol addresses, search terms and search results; ratings submitted);
- Location data when using mobile devices;
- Information about accumulated loyalty points on customer and loyalty cards;
- Communications by telephone, fax, e-mail, voicemail, text messaging (SMS), picture messaging (MMS), video messaging or Instant Messaging;
8. Why do we process personal data?
We process your personal data for a variety of purposes. These purposes can be summarised in different groups. In particular, we may process all or some of your personal data for one or more of the following purposes:
8.1 Purposes of processing in connection with our products and services
- Supply and sale of our products and services;
- Handling of orders and contracts, including sending of order and dispatch confirmations, delivery confirmations, delivery and invoicing;
- Organisation and provision of courses, seminars or training programmes;
- Organisation and provision of customer service services;
- Organisation and carrying out of customer card or loyalty card schemes;
- Organisation and conduct of market research and surveys;
- Verification of customer creditworthiness.
8.2 Purposes of processing in connection with customer communication
- Provision, administration and realisation of customer communication by post and via electronic communications media;
- Business communication by post and by telephone, fax, e-mail, voicemail, text messaging (SMS), picture messaging (MMS), video messaging or Instant Messaging;
- Assessing the use of our products by telephone, fax, e-mail, voicemail, text messaging (SMS), picture messaging (MMS) or Instant Messaging such as: type of use, frequency and duration of use, exact location of use.
8.3 Purposes of processing in connection with special activities and events
- Organisation and realisation of competitions or prize draws, including notification and publication of winners via our websites, apps for mobile devices or our products on Internet platforms, multimedia portals or social networks;
- Organisation and realisation of special occasions such as events, publicity events, sponsorship events, cultural and sporting events.
8.4 Purposes of processing in connection with the customer behavior analysis
- Optimisation of the locations and product range in our stores. This is done by means of individualised and personal, but also anonymous and group-based recording and evaluation of historical and current customer and purchasing behaviour in our businesses or other premises – including the creation and analysis of location data, motion profiles and shopping basket analysis;
- Individualised and personal or anonymous and group-based recording and evaluation of historical and current purchasing behaviour in the use of products on our websites, apps for mobile devices or on Internet platforms, multimedia portals and/or social networks;
- Individualised and personal and/or anonymous and group-based identification, classification and analysis of current and potential customer needs and customer interests;
- Individualised and personal and/or anonymous and group-based categorisation and analysis of customer behaviour and customer potential:
- Statistical evaluation of customer behaviour based on anonymised customer data;
- Linking of new personal data collected about you with the personal data previously collected by us or other Migros Group companies;
- Linking of the personal data collected by us about you with the personal data about you collected by other Migros Group companies (including as part of bonus schemes) or with data that is publically available and also data gathered by third parties outside the Migros Group to improve our data base and to analyse customer behaviour. The enrichment of profiles with third-party data includes, e.g.: data from the Federal Statistical Office, calendar data or geodata
8.5 Purposes of processing in connection with direct marketing
- Simplification of procedures – such as purchases or bookings - and use of findings from the analysis of customer behaviour for continual improvement of all product and service ranges;
- Avoidance of unnecessary advertising through findings from the analysis of customer behaviour for individualised and personalised direct marketing
- Sending of individualised and personalised advertising by post or by telephone, fax, e-mail, voicemail, text messaging (SMS), picture messaging (MMS), video messaging or Instant Messaging;
- Individualised and personalised matching of offers and advertising on our websites, apps for mobile devices or with our channels on Internet platforms, multimedia portals and/or social networks.
9. Whom do we pass your personal data on to?
We may pass your personal data to other Migros Group companies for the purposes specified in this privacy statement (see “the scope of consolidation” in the relative annual report). The other Migros Group companies may use your personal data in their own interests for the same purposes as we do. Migros Group companies may process your personal data in particular for individualised and personalised analyses of customer behaviour and for direct marketing activities in their own interests. Within the Migros Group, employees are only allowed access to your personal data where this is necessary to carry out their duties.
We may also pass your personal data on to other members of the Migros Group or to third parties outside the Migros Group, in order to make use of technical or organisational services which we need to meet the purposes specified or for our other business activities. Our service providers are contractually bound to process personal data exclusively on our behalf and in accordance with our instructions. We also oblige our service providers to comply with technical and organisational measures which guarantee the protection of personal data. If the service providers are located in countries where the applicable laws do not provide any protection of personal data that is comparable with that provided by Swiss law, we will ensure by contract that the service providers concerned maintain the Swiss level of data protection.
We may also pass your personal data on if we regard this as necessary to comply with the applicable laws and regulations, for court proceedings, if required to do so by the competent courts and authorities, or under other legal obligations, in order to protect and defend our rights and/or our property.
10.2 Which cookies do we use?
Most of the cookies we use are automatically deleted from your computer or mobile device after your browser session has ended (so-called session cookies). For example, we use session cookies to store your regional and language defaults and your shopping basket over different sites in a web session.
In addition, we use temporary and permanent cookies. These remain stored on your computer or mobile device after the end of the browser session. Then, when you revisit one of our websites your preferred entries and settings are automatically identified. Depending on which type they are, these temporary and permanent cookies remain stored on your computer or mobile device for between one month and ten years, and are automatically deactivated after the end of the programmed period. They are used to make our websites more user friendly, more effective and more secure. Thanks to these cookies you will have, for example, information displayed on the site that is tailored especially to your interests.
It is also possible that the cookies stored on your computer or mobile device may come from partner companies. These may be other Migros Group companies or companies outside the Migros Group. These cookies enable our partner companies to target you with advertising that might actually be of interest to you. Cookies of partner companies remain stored on your computer or mobile device for between one month and ten years, and are automatically deactivated after the end of the programmed period.
10.3 Which data are stored in cookies?
No personal data are stored in the cookies we use. The cookies used by us cannot be assigned to a specific person. When a cookie is activated the person will be allocated an identification number.
10.4 How can you can prevent the storage of cookies?
Most web browsers automatically accept cookies. They can, however, instruct your browser not to accept any cookies, or to ask you each time before a cookie from a website you have visited is accepted. You can also delete cookies from your computer or mobile device by using the appropriate function on your browser. If you decide not to accept our cookies or the cookies of our partner companies, you will not be able to see certain information on our websites or use a number of functions which should improve your visit.
11. How do we use log files?
Every time you access our websites, certain usage data are transmitted to us by your Internet browser for technical reasons, and stored in protocol files, known as log files. The usage data in question are the following: the date and time our website is called up; the name of the website called up; the IP address of your computer or mobile device; the address of the website from which you accessed our website; the volume of data transferred and the name and version of your browser.
Analysis of the log files helps us to further improve our Internet products and make them more user friendly, to find and remove errors more quickly, and to control server capacities. Using log files, we can, for instance, determine the time when the use of our Internet products is particularly popular and make appropriate data volumes available to guarantee you optimum usage.
12. How do we use web analysis tools?
In order to constantly improve and optimise our Internet offering, we use what are known as tracking technologies. Web analysis tools provide us with statistics and graphics which provide us with information about the use of our websites. This involves data about the use of a website being transferred to the server used. Depending on the provider of a web analysis tool, these servers may be located abroad. For the most frequently used web analysis tool, Google Analytics, these data are transferred including shortened IP addresses, which prevents the identification of individual devices. Google complies with the data protection rules of the "Swiss-U.S. Privacy ShieldFramework" and is registered with the “Swiss-U.S. Privacy Shield” program of the US Department of Commerce (Information about the “Swiss-U.S. Privacy Shield” can be found under https://www.privacyshield.gov/Swiss-US-Privacy-Shield-FAQs). The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data. Transfer of these data by Google to third parties can only take place on the basis of legal regulations or as part of the order data processing.
Should other web analysis tools be used within the Migros Group, the data collection process is essentially the same.
You may prevent the recording of the data generated by cookies and relating to your use of the website (incl. your IP address) at Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de) You will find more detailed information about Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html.
13. How do we use social plugins?
Our websites use social plugins, e.g. from Facebook, Twitter or Google+. The plugins are labelled with the logo of the provider, and may be, for example ‘Like’ buttons or a Google+ button or Twitter button.
When you call up our websites which contain such a plugin, your browser sets up a direct connection with the provider’s computers. The content of the plugin is transmitted by the provider site directly to your browser, which integrates it into the website. By integrating plugins the provider receives the information that you have called up our website. If you are simultaneously logged in to the provider, the provider can assign the visit to your profile. If you interact with the plugins – for example by activating the “Like” button or making a comment – the relevant information is transmitted by your browser directly to the provider and stored there.
If you do not want the provider to collect data about you via our website, you must log out of the provider before you visit our website. Even if you are logged out, providers collect anonymised data via social plugins set up a cookie for you. If you log into the provider at a later time, these data may be assigned to your profile.
If a login is provided via a social login service − e.g. Facebook Connect – data are exchanged between the provider and our website. In the case of Facebook Connect that may be, for example, data from your public Facebook profile. By using such login services you agree to the transfer of data.
Please refer to the data protection notices of the provider for the purpose and scope of data collection and the further processing of your data by the provider, as well as your respective rights and setup options to protect your privacy.
- Facebook Ireland Ltd. or Facebook Inc.: https://www.facebook.com/about/privacy/
- Google Inc.: http://www.google.com/intl/de/privacy/plusone/
- Twitter Inc.: http://twitter.com/privacy
If you do not want the provider to collect data about you via these cookies, you can select the “block cookies from third-party providers function in your browser settings. Then if there is embedded content from other providers, the browser does not send any cookies to the server. It is possible that with this setting other functions on our website will no longer function.
14. How do we use embedded videos
14. How do we use other tools
- Zappa as data controller https://www.zappar.com/privacy/