1. What is this Privacy Policy about?
Data protection is a matter of trust, and your trust is important to us. In this Privacy Policy, we therefore inform you comprehensively and transparently about how and for what purposes we collect, process, and use your personal data when you visit our website, conclude contracts via our online shop, or communicate with us.
We have aligned this Privacy Policy with both the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). Whether and to what extent the GDPR is applicable depends on the individual case and the legal criteria.
2. Who is responsible for data processing?
The company legally responsible for a specific data processing activity is the one that determines whether this processing should take place, for what purposes it occurs, and how it is structured in terms of content.
The entity fundamentally responsible for the data processing activities described in this Privacy Policy is:
MILA Solutions Larocca
Maienwis 35
CH-8493 Saland
E-mail: info@milasolutions.ch
You can contact us at any time at the provided e-mail address regarding your data protection concerns and to exercise your rights (Section 11).
3. What personal data do we process?
We process various categories of personal data that you provide to us directly, that are generated during the use of our website, or that we receive from third parties. The primary categories include:
- Technical Data: When you visit our website, we collect the IP address of your terminal device, the operating system, the internet service provider, the date and time of access, the page accessed, and the type of browser used.
- Master Data: This refers to your basic data such as name, gender, contact details (e-mail address, postal address, telephone number), date of birth (if collected), customer history, and passwords (encrypted) within the scope of creating a customer account.
- Contractual Data: Data arising in connection with the conclusion or performance of a contract. This includes details about purchased products, order data, delivery status, billing data, services rendered, as well as complaints or returns.
- Payment Data: Information for processing payments, such as credit card details, bank details, or the selected payment method (e.g., PayPal, TWINT, invoice).
- Communication Data: When you contact us via the contact form, e-mail, telephone, or letter, we record the content of the communication, your contact details, and the metadata of the communication.
- Behavioral and Preference Data: In order to design our shop to be more user-friendly, we collect data about your behavior on our website (e.g., items viewed, abandoned shopping carts, click paths) as well as your preferred product categories.
4. For what purposes do we process personal data?
We process your personal data primarily for purposes related to providing our services and selling our products:
- Contract Execution: Provision of the online shop, processing of orders, delivery of goods, invoicing, payment processing, and support in the event of returns or warranty claims.
- Provision of the Website: Secure, stable, and performant operation of our web infrastructure as well as system security.
- Communication: Answering customer inquiries, support services, and maintaining customer relationships.
- Marketing and Relationship Management: Sending personalized advertising, newsletters (provided consent has been given or it is legally permissible), as well as conducting market research to optimize our product range.
- Quality Assurance and Optimization: Evaluation of customer feedback and user behavior to continuously improve our online shop and our internal processes.
- Legal Obligations: Compliance with legal duties (e.g., accounting and tax-related retention obligations) as well as the enforcement or defense of legal claims.
5. On what legal bases do we rely?
To the extent that we require a legal basis for specific processing activities (which is particularly the case under the GDPR), we rely on the following foundations:
- The performance of a contract or the implementation of pre-contractual measures.
- The safeguarding of legitimate interests of MILA Solutions Larocca (e.g., ensuring system security, optimizing the online shop, direct marketing).
- Your consent, which you can revoke at any time with effect for the future.
- Compliance with legal and regulatory obligations in Switzerland or the EEA.
6. Cookies, Analysis Tools, and Tracking Technologies
To make the online shop user-friendly and to collect statistical data, we use cookies and similar technologies (e.g., pixels). Cookies are small text files that are stored on your end device.
- Necessary Cookies: These are strictly required to ensure that core functions of the website (such as the shopping cart function or the login status) function properly.
- Performance and Analysis Tools: We use analysis service providers (e.g., Google Analytics) to understand how visitors interact with the site. IP addresses are generally shortened before transmission, meaning a direct link to your person is not possible.
- Marketing and Third-Party Cookies: These enable us to display relevant and interest-based advertising to you on our website or on third-party websites (e.g., via social media channels like Meta/Facebook).
You can restrict, block, or delete existing cookies at any time in your internet browser settings. If functional cookies are deactivated, the functionality of the shop may be restricted.
7. Who has access to your personal data (Recipients)?
We treat your data confidentially. Within MILA Solutions Larocca, only those departments that require it to fulfill the stated purposes receive access to your personal data. Disclosure to external parties takes place exclusively within the scope of contract execution or if legal regulations exist:
- Service Providers (Data Processors): We commission external companies with services in the areas of hosting, IT infrastructure, payment processing (e.g., credit card acquirers, TWINT, PayPal), and marketing. These service providers are strictly contractually bound to process data only in accordance with our instructions and in compliance with data protection laws.
- Logistics and Transport Partners: For the physical delivery of your ordered goods, we transmit the necessary delivery data (name, address, if applicable phone number for notifications) to transport companies (e.g., Swiss Post, DHL, etc.).
- Authorities and Legal Advisors: In the event of legal disputes, official orders, or to enforce our own claims, data may be disclosed to courts, authorities, or law firms.
8. Does your personal data transfer abroad?
We store and process your personal data primarily in Switzerland or in countries of the European Economic Area (EEA). In certain cases (for example, when using global IT and analysis service providers), data may also be transferred to other countries worldwide (in particular the USA).
If a recipient country does not feature an adequate statutory level of data protection, we contractually oblige the recipient to comply with data protection standards. For this purpose, we use the revised Standard Contractual Clauses of the European Commission, which are also recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC), unless a legal exception (e.g., the direct execution of an international purchase) applies.
9. How do we protect your data?
10. How long do we keep your personal data?
We process and store your personal data only for as long as required for the purpose for which it was collected (e.g., for the performance of a contract for the duration of the business relationship as well as subsequent warranty periods).
Beyond this, we retain data if we are subject to a statutory retention or documentation obligation (in Switzerland, a statutory obligation of at least 10 years applies to business ledgers, receipts, and invoices). As soon as the data is no longer required for the stated purposes and no statutory deadlines prevent it, it is routinely deleted or anonymized.
11. What rights do you have regarding your data?
Within the framework of the data protection law applicable to you, you have comprehensive rights to maintain control over your personal data. You can exercise these rights at any time informally by e-mail to us:
- Right of Access: You can request to know whether, which, and in what manner we process personal data about you.
- Right to Rectification: You have the right to have inaccurate or incomplete data corrected without undue delay.
- Right to Erasure: You can request the deletion of your data, provided that no statutory retention obligation or an overriding legitimate interest on our part compels further processing.
- Right to Restriction: Under certain conditions, you can request the restriction of data processing.
- Right to Data Portability: If applicable, you have the right to receive the data you provided to us in a structured, commonly used format or to have it transferred to another controller.
- Right to Withdraw Consent: If you have given us consent, you can withdraw it at any time with effect for the future.
- Right to Object: You can object to the processing of your data for marketing purposes or for reasons arising from your particular situation at any time.
Every data subject also has the right to enforce their claims in court or to file a complaint with the competent data protection supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC) (Feldeggweg 1, CH-3003 Bern).
