Menu
Login

Privacy Policy

Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our https://returnthis.net-Website. We specifically inform you about the purposes, methods, and locations of our personal data processing. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, other privacy policies and legal documents, such as General Terms and Conditions (GTC), terms of use, or participation terms, may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) in accordance with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

1. Contact Addresses

Responsible for the processing of personal data:

datenschutz@returnthis.net
Länggassstrasse 7
3012 Bern

datenschutz@returnthis.net

In individual cases, other parties may also be responsible for the processing of personal data or share joint responsibility with at least one other responsible party.

2.1 Terms

Personal Data refers to all information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.

Processing encompasses any handling of personal data, whether by automated means or otherwise, such as querying, comparing, adjusting, archiving, storing, reading, disclosing, acquiring, capturing, collecting, deleting, revealing, arranging, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.

We process personal data in accordance with Swiss data protection law, such as the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

To the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data based on at least one of the following legal bases:

  • Art. 6 (1) (b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
  • Art. 6 (1) (f) GDPR for the necessary processing of personal data to protect our or third parties' legitimate interests, provided that the fundamental rights and freedoms as well as interests of the data subject do not override. Legitimate interests include our interest in the sustainable, user-friendly, secure, and reliable execution of our activities and operations and their communication, ensuring information security, preventing abuse, enforcing our legal claims, and complying with Swiss law.
  • Art. 6 (1) (c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the applicable law of the EEA member states.
  • Art. 6 (1) (e) GDPR for the necessary processing of personal data to perform a task that is in the public interest.
  • Art. 6 (1) (a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 (1) (d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Nature, Scope, and Purpose

We process the personal data that is necessary to conduct our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may include categories such as personal and contact data, browser and device data, content data, metadata or ancillary data, usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process or transmit personal data jointly with third parties. These third parties are specifically specialized providers whose services we utilize. We ensure data protection with these third parties as well.

We generally process personal data only with the consent of the data subjects. To the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or uphold overriding interests.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, provided and to the extent that such processing is legally permissible.

4. Communication

We process personal data to communicate with third parties. In this context, we specifically process data that a data subject provides when contacting us, for example, via postal mail or email. We may store such data in an address book or similar tools.

Third parties that transmit data about other individuals are obligated to ensure data protection for those affected individuals. This includes, among other things, ensuring the accuracy of the transmitted personal data.

5. Data Security

We implement appropriate technical and organizational measures to ensure data security that is commensurate with the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, though we cannot guarantee absolute data security.

Access to our website and other online presence is secured using transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a small padlock in the address bar.

Our digital communication is subject—like generally all digital communication—to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the processing of personal data by intelligence services, police forces, and other security authorities. We also cannot exclude the possibility that individual data subjects may be specifically monitored.

6. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly to process or have it processed there.

We may export personal data to all countries and territories on Earth as well as elsewhere in the universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and—where the General Data Protection Regulation (GDPR) is applicable—according to the decision of the European Commission, ensures adequate data protection.

We may transmit personal data to countries whose laws do not provide adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard contractual clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide data subjects with information about any applicable safeguards or a copy of such safeguards upon request.

7. Rights of Data Subjects

7.1 Data Protection Rights

We grant data subjects all rights under the applicable data protection law. Data subjects particularly have the following rights:

  • Information: Data subjects may request information about whether we process personal data about them, and if so, what personal data is involved. Data subjects will also receive information necessary to assert their data protection rights and ensure transparency. This includes the processed personal data itself, as well as information on the processing purpose, the duration of storage, any disclosure or export of data to other countries, and the source of the personal data.
  • Correction and Restriction: Data subjects may correct inaccurate personal data, complete incomplete data, and request the restriction of their data processing.
  • Deletion and Objection: Data subjects may request the deletion of personal data ("right to be forgotten") and object to the processing of their data with future effect.
  • Data Portability and Transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any conditions to be fulfilled for the exercise of their data protection rights. For example, we may fully or partially refuse information requests by referring to trade secrets or the protection of other individuals. We may also refuse the deletion of personal data fully or partially by citing legal retention obligations.

We may exceptionally charge fees for the exercise of rights. We will inform data subjects in advance about any potential costs.

We are obligated to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are required to cooperate.

7.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal channels or to file a report or complaint with a competent data protection supervisory authority.

The data protection supervisory authority for complaints from data subjects against private controllers and federal bodies in Switzerland is the Federal Data Protection and Transparency Commissioner (EDÖB).

European data protection supervisory authorities for complaints from data subjects—where and to the extent the General Data Protection Regulation (GDPR) applies—are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection authorities are federated, particularly in Germany.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies—whether first-party cookies (our own cookies) or third-party cookies (from services we use)—are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies may be stored temporarily in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, among other things, the recognition of a browser on subsequent visits to our website and can, for example, be used to measure the reach of our website. Permanent cookies may also be used for online marketing.

Cookies can be fully or partially disabled and deleted at any time through browser settings. Without cookies, our website may not be fully available. We request—at least as necessary—explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, many services offer a general opt-out through AdChoices (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Logging

We may log at least the following information for each access to our website and other online presence, provided this information is transmitted to our digital infrastructure during such accesses: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpages of our website accessed including transmitted data volume, and the previously accessed website in the same browser window (referrer).

We log such information, which may also include personal data, in log files. This information is necessary to provide our online presence in a consistent, user-friendly, and reliable manner. It is also necessary to ensure data security—whether through third parties or with their assistance.

8.3 Tracking Pixels

We may integrate tracking pixels into our online presence. Tracking pixels, also known as web beacons, are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as log files.

9. Notifications and Communications

We send notifications and communications via email and other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that capture whether a particular notification was opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and communications on a personal basis. We need this statistical capture of usage for success and reach measurement to send notifications and communications effectively and user-friendly, tailored to the needs and reading habits of the recipients, and in a consistent, secure, and reliable manner.

9.2 Consent and Objection

You must generally consent to the use of your email address and other contact details, unless the use is permitted for other legal reasons. For obtaining a double opt-in consent, we may use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for the double confirmation. We may also log obtained consents including IP address and timestamp for evidence and security reasons.

You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can also object to the statistical capture of usage for success and reach measurement. Required notifications and communications related to our activities and operations remain reserved.

9.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

We particularly use:

  • Mailgun: Platform for transactional emails; provider: Mailgun Technologies Inc. (USA) along with subsidiaries ("Mailgun Group"); data protection details: Privacy Policy.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The respective general terms and conditions (T&Cs), terms of use, privacy policies, and other provisions of the operators of these platforms also apply. These provisions inform, in particular, about the rights of individuals directly with respect to the respective platform, including the right to access.

For our Social Media presence on Facebook, including the so-called Page Insights, we are – to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly manage our social media presence on Facebook.

Further details on the nature, scope, and purpose of data processing, information on the rights of individuals, and contact details for Facebook, as well as Facebook's data protection officer, can be found in the Facebook Privacy Policy. We have entered into the so-called "Controller Addendum" with Facebook, specifically agreeing that Facebook is responsible for ensuring the rights of individuals. Information about Page Insights can be found on the page "Page Controller Addendum" including "Information about Page Insights Data".

Users of social media platforms have the option to log in or register with our online offering using their respective user accounts ("Social Login"). The respective conditions of the relevant social media platforms apply.

11. Services from Third Parties

We use services from specialized third parties to carry out our activities and operations in a consistent, user-friendly, secure, and reliable manner. With such services, we can embed functionalities and content into our website. During such embedding, the services used may, for technical reasons, temporarily capture the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes performance or usage data needed to provide the respective service.

We particularly use:

11.1 Digital Infrastructure

We use services from specialized third parties to access the digital infrastructure required for our activities and operations. This includes, for example, hosting and storage services from selected providers.

We particularly use:

11.2 Audio and Video Conferences

We use specialized services for audio and video conferencing to communicate online. This allows us to hold virtual meetings or conduct online classes and webinars, for example. Participation in audio and video conferences is also subject to the legal texts of the respective services, such as privacy policies and terms of use.

Depending on your situation, we recommend muting the microphone by default and blurring the background or using a virtual background during audio or video conferences.

We specifically use:

11.3 Online Collaboration

We use third-party services to facilitate online collaboration. In addition to this privacy policy, the directly visible conditions of the services used, such as terms of use or privacy policies, also apply.

We specifically use:

11.4 Social Media Features and Social Media Content

We use third-party services and plugins to embed features and content from social media platforms, as well as to enable sharing content on social media platforms and other methods.

We specifically use:

11.5 Digital Audio and Video Content

We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.

We specifically use:

11.6 Fonts

We use third-party services to embed selected fonts, as well as icons, logos, and symbols into our website.

We specifically use:

11.7 E-Commerce

We operate e-commerce and use third-party services to successfully offer services, content, or goods.

11.8 Payments

We use specialized service providers to process our customers' payments securely and reliably. The processing of payments is also subject to the legal texts of the individual service providers, such as General Terms and Conditions (GTC) or privacy policies.

We specifically use:

11.9 Advertising

We use the opportunity to display targeted advertising with third parties, such as social media platforms and search engines, for our activities and services.

We aim to reach individuals who are already interested in our activities or who might be interested (Remarketing and Targeting). For this purpose, we may transfer relevant – possibly personal – information to third parties that facilitate such advertising. Additionally, we can determine whether our advertising is successful, meaning specifically whether it leads to visits to our website (Conversion Tracking).

Third parties where we advertise and where you, as a user, are logged in, may be able to associate the use of our website with your profile on their platform.

We specifically use:

  • Facebook Advertising (Facebook Ads): Social media advertising; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); privacy information: Remarketing and Targeting, especially with Facebook Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy, “Ad Preferences” (login required).
  • Google Ads: Search engine advertising; provider: Google; Google Ads-specific information: Advertising based on search queries, with various domain names – notably doubleclick.net, googleadservices.com, and googlesyndication.com – used for Google Ads,
Back to homepage