We, Verasano (a brand owned by WM Global Resource Solutions GmbH), are committed to protecting the personal data of users (‘you’) which we collect when you visit our website verasano.com or any of our associated websites (such as: verasano.co.uk, or verasano.ch)
Below you will find more information about what personal data we collect when you visit and use our website and services and how and for what purposes we process it. We only collect, process and use your personal data in compliance with the following principles and in observance of the applicable data protection legislation.
Questions about data protection in relation to our website and the services provided through our website as well as questions regarding the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks can be sent to us using the contact details in section 1. below.
1. Data Controller and Data Protection Officer
WM Global Resource Solutions GmbH
Address: Zugerstrasse 40,
Telephone: 41 79 932 38 79
(hereinafter “Verasano” or “we”).
2. Collection and storage of personal data and the type and purpose of their use
We will process your data in Switzerland, a third country in regard to Article 44 of the General Data Protection Regulation (GDPR). For Switzerland, the European Commission has issued an adequacy decision concerning the level of protection for personal data.
2.1 When you visit our website
When you visit our website verasano.ch, information is automatically sent by the browser used on your end device to our website servers. This information is stored temporarily in what is called a log file that is kept separate from other personal data you might provide throughout your use of our website. The following information is collected during this process without any action on your part:
- IP address of the requesting device,
- Date and time of access,
- Name and URL of the requested file,
- Website from which access is obtained (referrer URL),
- Browser used and, where applicable, your device’s operating system and the identity of your access provider.
We process the specified data for the following purposes:
- Ensuring that the website can establish a connection smoothly,
- ensuring that our website is easy to use,
- analysis of system security and stability, as well as
- for additional administrative purposes.
The legal basis for the data processing is Article 6 (1) (f) GDPR. Our legitimate interest is based on the data collection purposes listed above. We do not on any account use the data collected for the purpose of identifying you. The provision of this data is not required by law or contract or to enter into a contract. You are not obliged to provide the personal data. It is not, however, possible to access the website if the data are not provided.
The data is stored in server log files in a form that allows the identification of the individuals concerned, for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack). In the case of a security-relevant event, server log files are stored until the security-relevant event has been resolved and fully investigated.
2.2 When you contact our customer service
We offer you the possibility to contact us via a contact form provided on the website when you click “Learn more” on our starting page. You can also send us an e-mail to email@example.com by using your usual e-mail program. Your name, a valid e-mail address and a description of your inquiry is required for this so that we know who it is coming from and can respond to it. Additional information (e. g. topic and order number) can be provided on a voluntary basis.
If your request concerns a contract to which you are party of or the performance of pre-contractual measures, Article 6 (1) (b) GDPR is the basis for the processing as it is necessary for the performance of a contract or for taking steps at your request prior to entering into a contract. For all other inquiries, data processing for the purpose of contacting us is based on our legitimate interest, according to Article 6 (1) (f). In this case our legitimate interest is the processing of your request.
The personal data collected by us when you contact us are deleted in accordance with statutory requirements once your inquiry has been dealt with.
2.3 When you register a customer account
You have the possibility to create a customer account on our website so that you can use additional features. The creation of a customer account simplifies the ordering process for you and gives you the opportunity to save the data you have entered for future orders, to specify your preferred method of payment and to review your previous orders. We may require customers to create an account in order to access industry-specific product and volume pricing.
To register, it is necessary to enter your first name, last name and e-mail address. You will also be asked to choose a password. Your customer account is not publicly accessible.
The processing of the data that you are required to provide during registration is necessary in order to fulfill the contract you concluded with us by registering for a customer account on our website, according to Article 6 (1) (b) GDPR.
If you have set up an account with us and would at any time like to review or change the information in your account or terminate your account, you can contact us at firstname.lastname@example.org. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. If you do not use your customer account for more than 5 years, we will deactivate your customer account. If your data are necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible, unless contractual or legal obligations prevent a deletion.
2.4 When you order products through our website
You can order products through our website using our online store by means of a customer account or as a guest or by contacting us at email@example.com. For our online store we use the platform of Shopify Inc. ("Shopify"). When you place an order in our online store, Shopify stores all data collected in the online store (including your name, billing address, shipping address, e-mail address, tax status, phone number, payment information) as well as your IP address, information about your order in our online store and information about your device and browser used. For this purpose, your personal data is transferred to the Shopify data centre in the United States and processed there. For the USA, the European Commission has issued an adequacy decision (EU/US Privacy Shield) under which Shopify is certified (see here). This data is stored and processed for the purposes of supporting and processing your orders, authentication, payment processing and improving Shopify services (for more information please see www.shopify.com/legal/privacy).
When you order products through our online store your address will also be forwarded to the extent necessary to the company commissioned with delivery (e.g. FedEx, see https://www.fedex.com/en-us/trust-center/global-privacy-policy.html) or the service provider commissioned with payment (e.g. Stripe Inc., see https://stripe.com/privacy).
The data processing is performed in accordance with your order and is required under Article 6 (1) (b) GDPR for the appropriate processing of your order and for the mutual fulfillment of obligations arising from the contract.
After completion of the contract, we delete your data after the expiration of the respectively applicable retention periods, especially from tax and commercial law. Depending on the type of documents, commercial and tax retention obligations of six or ten years may apply.
3. Disclosure of data
- You have given your express consent to this in accordance with Article 6 (1) (a) GDPR,
- disclosure in accordance with Article 6 (1) (f) GDPR is necessary for the purposes of pursuing our legitimate interests or the legitimate interests of the third party and there is no reason to assume that you have any overriding interest in your data not being disclosed which is worthy of protection,
- disclosure in accordance with Article 6 (1) (c) GDPR as required by law, and
- this is permitted by law and required by Article 6 (1) (b) GDPR for the performance of contractual relationships with you.
When you visit our website, we ask for your consent to store information on your computer in the form of cookies. Cookies are small files sent from an internet server to your browser and stored on your hard disk. Information is stored in the cookie which is generated in each case in connection with the end device specifically used. This does not, however, mean that we as a result receive any direct knowledge of your identity. We use the term “cookies” in this policy to refer to all files that collect information in this way. We use first-party cookies that are placed and accessed by us or by a processor engaged by us and third-party cookies by others.
Cookies on the one hand serve to make our offer easier for you to use. We use session cookies for example to detect that you have already visited individual pages of our website. These are automatically deleted when you leave our website. We also use temporary cookies to optimize user-friendliness which are stored on your end device for a specifically determined period of time. If you visit our website again in order to use our services, it is automatically detected that you have already visited us and which entries you have made and settings you have chosen so that you do not have to enter these again.
When you visit our website, we ask for your consent for the use of all cookies that are not strictly necessary for the operation of our website. You can withdraw your consent at any time with effect for the future. Of course you can also visit our platform without accepting cookies. In our cookie settings you can find more detailed information on the cookies we use, manage your cookie settings and choose which cookies you would like to consent to.
The data that we collect and process via cookies are processed for the analysis of the website, for marketing measures and the functionality of our website (see the explanations in sections 5 and 6) on the basis of your freely given consent.
5. Analytics tools
The tracking measures listed below are used by us on the basis of the consent given by you on a voluntary basis according to Article 6 (1) (a) GDPR. By using these tracking measures we want to ensure that our website is designed in line with your user preferences, can be optimized continuously and that we can provide you with personalized recommendations based on your usage patterns. We also use the tracking measures to statistically record the use of our website and for the purpose of optimizing our offer for you. The provision of these data is not required by law or contract or to enter into a contract. You are not obliged to provide these personal data.
The individual data processing purposes and data categories are specified under the relevant tracking tools.
5.1 Use of Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) for the purpose of designing our websites in line with your user preferences and continuously optimizing these. Pseudonymized usage profiles are created and cookies are used in this context. The information generated by the cookies about your use of this website such as
- type/version of browser,
- operating system used,
- referrer URL (last website visited),
- host name of the accessing computer (IP address),
- time of server request,
- IP address,
are transferred to a Google server in the USA and stored there. The information is used to analyze the use of the website, to compile reports on website activities and to provide additional services associated with website and internet use for market research and design of these websites in line with user preferences. This information may also be disclosed to third parties if this is required by law or if these third parties process these data for us. Your IP address will on no account be combined with other Google data.
You can also prevent the installation of these cookies by configuring your browser software settings accordingly; we would, however, advise you that in this case you may not be able to use all website functions fully. You can also prevent the data generated by the cookie and data relating to your use of the website being collected (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on.
Additional information on privacy in connection with Google Analytics can for example be found here: Google Analytics Help.
5.2 Use of Shopify Analytics
We also use Shopify's analytics to review our store's recent activity, receive insights into our visitors, and analyze our store's transactions.
If we receive your e-mail address in connection with the sale of a Service and you have not objected to this, we also reserve the right to send you information on our own similar Services by e-mail on a regular basis. The legal basis for this is Article 6 (1) (f) GDPR. You may object to this use of your e-mail address at any time by sending a message to firstname.lastname@example.org or via an ‘unsubscribe’ link provided for this purpose in the advertising mail, without incurring any costs other than the transmission costs according to the basic tariffs.
If you do not want us to collect information regarding your visit to our platform and the use of our services, applications and tools, you may opt out at any time with future effect by disabling cookies in your browser or device settings. Alternatively, you can opt out by visiting the Network Advertising Initiative opt-out page.
6.2 Facebook Pixel
We carry out retargeting using the Facebook pixel.
We use the Facebook pixel of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, "Facebook") for retargeting. For the USA, the European Commission has issued an adequacy decision (EU/US Privacy Shield) under which Facebook is certified (see here).
The Facebook pixel serves to present visitors to this website with interest-based adverts based on the information regarding their use of this website in the social network Facebook or when they visit websites that participate in the Facebook advertising network ("Facebook Ads").
The Facebook pixel is a program code implemented on this website. The program code can prompt the storage of certain information on your end device in the form of cookies and trigger the transfer of certain data to Facebook. This includes information which is generated for technical reasons via the Hypertext Transfer Protocol (HTTP) when you access the website, for example your IP address, as well as information already stored in cookies on your end device, for example your Facebook ID. When you access the website, Facebook can therefore detect that you have visited this website and what content you have accessed. If you have a user account on Facebook, Facebook can relate this information to your user account.
During your website visit we use the widespread SSL process (Secure Socket Layer) in connection with a modern encryption level. This is normally 256-bit encryption. Whether an individual page of our website is transmitted in encrypted form can be seen with the closed key or lock icon in your browser’s status bar. In particular, all supplied sensitive/credit information is transmitted via SSL technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential.
We have also taken technical and organizational security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and any service providers who work for us are obliged to comply with all applicable data protection legislation. Our security measures are subject to a continuous improvement process and our privacy policies are constantly revised. Please ensure that you have the most up-to-date version.
8. Rights of data subjects
You have the right:
- in accordance with Article 15 GDPR to obtain information about the personal data processed by us;
- in accordance with Article 16 GDPR DSGVO to obtain without undue delay the rectification or completion of your personal data stored by us;
- in accordance with Article 17 GDPR to obtain the erasure of the personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression or information, for compliance with a legal obligation, for reasons of public interest or for the establishment exercise or defense of legal claims. If we have made your personal data public, we are obliged, taking account of available technology and the technical possibilities, to inform controllers which are processing the personal data that the you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data;
- in accordance with Article 18 GDPR to obtain the restriction of the processing of your personal data if you contest the accuracy of the personal data, the processing is unlawful, but you oppose their erasure and we no longer require the data, but you require these for the establishment, exercise or defense of legal claims or you have objected to their processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR to receive your personal data in a structure, commonly used and machine-readable format or have such transmitted to another controller;
- in accordance with Article 7 (3) GDPR to withdraw your consent given to us at any time. This means that we may no longer continue the data processing based on this consent in future, and
- in accordance with Article 77 GDPR to complain to a supervisory authority. You can usually contact the supervisory authority at your usual place of residence or your workplace or where we are headquartered for this.
9. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right in accordance with Article 21 GDPR to object to the processing of your personal data if grounds for this relating to your particular situation exist or the objection is to direct marketing. In the latter case you have a general right to object, which is implemented by us without any particular situation being specified. Sending an appropriate e-mail to email@example.com is sufficient if you wish to exercise your right to withdraw consent or your right to object.
Last modified: 28th May 2020