As of August 30, 2023

1. What is this Privacy Policy about?

Royal Döner AG («we») outlines in this Privacy Policy how we handle personal data, primarily in the course of our business activities and in connection with our website. This Privacy Policy is for informational purposes and is not part of a contract with you, even if a contract refers to this Privacy Policy.

Should you seek more information about our data processing, please feel free to contact us (see section 2).

2. Who is responsible for your data processing?

The following company is the “responsible party” for data processing under this data protection declaration, i.e. the body primarily responsible for data protection:

Royal Döner AG
Holzwingertstrasse 42-44
8409 Winterthur

If you have any questions about data protection, please feel free to contact the following address:

info@royaldoener.ch

3. How do we process data related to our products and services?

When you engage with our products and services (collectively, ‘Services’), we process data for preparing and executing the corresponding contract. Our Services are tailored for individuals residing and habitually living in Switzerland:

• When we enter into a contract with you, such as a delivery agreement or any other type of contract, we process data from the pre-contractual stage and details about the contract conclusion itself (e.g., date of conclusion and subject matter; this does not apply to contracts where no personal data are exchanged). During and after the term of the contract, we process information related to the contract or the procurement of services, payments, customer service contacts, claims, complaints, termination of the contract, and—if disputes arise in connection with the contract—also regarding these disputes and related proceedings.
• When you order products online from us (for example, at https://royaldoener.ch/en/shop/ or https://shop.royaldoener.ch/), we process your contact details, the products you’ve ordered, and any comments you may have.
• When you submit data to us in other ways, such as participating in a contest or sweepstake, we process the data provided for purposes such as notifying or publishing the winners.
• We also process the aforementioned data for statistical analyses that support the improvement and development of products and business strategies. We may also use them on an individual basis for marketing purposes; further details can be found in section 4.

 

For contractual partners that are companies, we process fewer personal data, as data protection laws only cover data related to natural persons (i.e., individuals). However, we do process data of contact persons with whom we are in communication, such as names, contact details, professional information, and details from communications, as well as information about executives, etc., as part of the general information about the companies we collaborate with.

You may transmit data to us concerning other individuals. In such cases, we assume that this data is accurate and that you are authorized to provide it to us. We request that you inform these individuals about our data processing on your part (e.g., by referring to this Privacy Policy).

4. How do we process data related to advertising?

We also process personal data to advertise our services [and those of third parties]:

• Newsletter: We distribute electronic information and newsletters that also contain advertisements for our offers, as well as offers from other companies we collaborate with. We seek your consent beforehand, except when promoting specific offers to existing customers. In this context, we process, in addition to your name and email address, details about the services you have already used, whether you open our newsletters, and which links you click on. For this purpose, our email service provider offers a feature that primarily works with invisible image data, loaded via an encoded link from a server, thereby transmitting the relevant information. This is a common method that helps us assess the impact of our newsletters and optimize them. You can avoid this tracking by adjusting your email program settings accordingly (e.g., by disabling the automatic loading of image files).
• Online Advertising: Explanations about online advertising can be found in section 6.
• Events: We may host events. If you participate, we process the registration data for organizing and conducting the event and, if applicable, to contact you afterwards. We might also make recordings at the event, which we could share on social media, for example. In this case, we will specifically notify you.
• Advertising calls: We may call our customers and, in individual cases, potential customers, processing the respective data about our conversation partners and possibly associated individuals at the called company.
• Market research: We also process data to improve services and develop new products, for example, information about your purchases, your response to newsletters, data from customer surveys and polls, or from social media, media monitoring services, and public sources.

5. How do we disclose data?

We may disclose personal data in the course of our activities to various recipients. These particularly include the following entities:

• We are part of the Royal Döner Group under the umbrella of Royal Döner Holding AG. Therefore, we obtain certain services from within the group, such as accounting and IT services. The group companies also support each other in various matters and can exchange personal data for these purposes. For instance, we may transfer personal data to other group companies to facilitate administrative processes. Group companies can use data received from other group entities for their further purposes. We assume that such disclosures do not conflict with any confidentiality interests unless you inform us otherwise. We often operate under joint data protection responsibility with group companies. You are welcome to contact us regarding your rights as a data subject (in which case we will coordinate with other group companies), or you can directly contact them.
• Individuals associated with you and, in the case of company contacts, employees and the company itself;
• Credit reporting agencies and providers of sanctions and other databases, to whom we may disclose the necessary information about you during an information inquiry;
• Authorities, agencies, and courts within our legal obligations and in connection with proceedings in which we are a party or third-party affected;
• Third parties, for example, in connection with the acquisition or sale of assets by us;
• Service providers, especially providers of IT services (examples include providers of hosting or data analysis services), administration and consultancy services, shipping and logistics services; as well as services from banks, postal services, etc. Details about service providers for our website can be found in section 6. These service providers may also process personal data to the extent necessary.

The recipients of data are not only located in Switzerland. This particularly applies to group companies and certain service providers (especially IT service providers). These and their subcontractors are based both within the EU/EEA and in other countries worldwide, for example, the USA. We may also transmit data to authorities and other entities abroad if we are legally obligated to do so, for instance, in the context of a company sale or a legal proceeding (see section 7). Not all of these countries offer an adequate level of data protection. We compensate for the lower level of protection through appropriate contracts, especially by using the Standard Contractual Clauses of the European Commission, which are available here. In certain cases, we can also transfer data in compliance with data protection regulations without such contracts, for example, if you have consented to the specific disclosure or if the disclosure is necessary for the execution of a contract, for the establishment, exercise, or defense of legal claims, or for overriding public interests.

6. How do we process data in connection with our website?

6.1. What data is generated when you use our website?

Each time our website is used, certain data are generated for technical reasons and temporarily stored in log files. This includes primarily the IP address of the device, details about the internet service provider and the operating system of your device, information about the referring URL, details about the browser used, the date and time of access, and the contents accessed during the visit to the website.

Our website also uses cookies, i.e., files that your browser automatically stores on your device. This allows us to distinguish individual visitors, usually without identifying them. Cookies can also contain information about visited pages and the duration of the visit. Certain cookies (‘session cookies’) are deleted when the browser is closed. Others (‘persistent cookies’) remain stored for a specific duration, enabling us to recognize visitors on subsequent visits. We may also use other technologies, for example, for data storage in the browser or recognition purposes, such as pixel tags or fingerprints. Pixel tags are invisible images or pieces of code loaded from a server that allows for specific evaluations. Fingerprints are details about the configuration of your device that make it distinguishable from other devices.

Log data and data collected via cookies and similar technologies are used to enable the use of our website, as well as to ensure system security and stability, optimize our website, and for statistical purposes. Cookies and other technologies may also originate from third-party companies that provide us with specific functionalities. Further details on this are provided below.

You can configure your browser settings to block certain cookies or similar technologies or to delete cookies and other stored data. More information on this can be found in the help pages of your browser (usually under the heading ‘Privacy’).

6.2. How do our service providers process data for our website?

Cookies and similar technologies from third-party providers enable them to conduct analyses and evaluations for us, so we can understand the usage of our website and optimize our online offering. Additionally, these third-party providers can target you with personalized advertising on websites and social networks operated by these third parties or their partners and measure the effectiveness of advertisements (e.g., whether you arrived at our website via an ad and the actions you then took on our website). These third-party providers can record the use of the website and combine their recordings with additional information from other websites. This way, they can track user behavior across multiple websites and devices to provide us with statistical evaluations based on this data. These providers may also use the information for their own purposes, such as personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can associate the usage data with that specific person.

Two examples of our service providers are Google and Vimeo. Further details about them are provided below. We may also employ other third-party providers who generally process personal and other data in a similar manner.

We utilize Google Analytics on our website, an analytics service provided by Google LLC (Mountain View, USA) and Google Ireland Ltd. (Dublin, Ireland). Google collects specific information about user behavior on the website and the device used. IP addresses of visitors are shortened in Europe before being forwarded to the USA. Based on the recorded data, Google provides us with evaluations, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here, and if you have a Google account, further details are available here.

Additionally, we use the embedded video player from Vimeo LLC (New York, USA) to incorporate videos into our website. Each time a subpage containing an embedded video clip is accessed, a connection is established with the Vimeo servers. During this process, Vimeo collects information about which of our web pages you have visited. More information about Vimeo’s privacy practices can be found here. If you have a Vimeo account, Vimeo may link your account data with information about your visit to our website. If you prefer not to have such a link made, you can log out of your Vimeo account before visiting our website.

We maintain our presence on social networks and other platforms (YouTube, Instagram, TikTok, X, Facebook, Snapchat, Pinterest, LinkedIn, and others). When you communicate with us there, comment on content, or share it, we collect information primarily for communication with you, marketing purposes, and statistical evaluations (refer to sections 4 and 7 for more). Please be aware that the platform providers also collect and use data (e.g., regarding user behavior), possibly in combination with other data they have (e.g., for marketing purposes or to personalize platform content). This information can be found in the privacy policies of the respective providers. Where we share responsibility with the provider, we enter into an appropriate agreement, about which you can obtain information from the provider.

7. Are there any further edits?

Yes, because many processes are not possible without the processing of personal data, including usual and even unavoidable internal operations. It’s not always possible to precisely determine in advance, nor the extent of the data processed, but you will find information below on typical (not necessarily frequent) cases:

• Communication: When we are in contact with you (for example, during a customer service call or when you communicate with us on a social media platform), we process information about the content, type, timing, and location of the communication. For your identification, we may also process information related to proof of identity.
• Compliance with legal requirements: In n accordance with legal obligations or powers and to comply with internal regulations, we may disclose data to authorities.
• Job applications: When you apply for a position with us, we process the data we receive from you as part of the application process, as well as any additional data from public sources such as professional social media. We use this data for your application and may also use it for non-personal statistical purposes. We delete data from unsuccessful applications after six months, unless you agree to allow us to retain your information for future job opportunities with us, subject to your name and the date of the application.
• Prevention: We process data to prevent criminal activities and other violations, such as in the context of fraud prevention or internal investigations.
• Legal procedures: When engaged in legal proceedings, be it in courts or administrative matters, we meticulously handle data concerning all involved parties, including witnesses and informants. Furthermore, we ensure the lawful dissemination of this information to pertinent parties, judicial bodies, and relevant authorities, which may extend beyond national borders when necessary.
• Corporate security: For operational security reasons, we collect and process data of visitors to our facilities. This encompasses ensuring product and workplace safety, adhering to hygiene standards, preventing theft, managing production processes, and safeguarding against unauthorized access. In specific areas, we utilize video surveillance to monitor and record activities. Visitors are duly notified of these surveillance measures through prominently displayed signs.
• IT security: We also process data for monitoring, controlling, analyzing, securing, and auditing our IT infrastructure, including backups and data archiving.
• Competition: We also handle data regarding our competitors and the overall market environment (such as political landscape, industry associations, etc.). This may include processing data about key individuals, including their names, contact information, roles or positions, and public statements.
• Transactions: When engaging in the sale or acquisition of receivables, assets, business units, or companies, we meticulously handle data essential for the preparation and execution of these transactions. This involves processing information concerning customers or their representatives, as well as employees, which we diligently disclose to both buyers and sellers as necessary.
• Other purposes: We meticulously handle data to fulfill various purposes, including but not limited to training and education, administration tasks such as contract management and accounting, as well as enforcing and defending against claims. Furthermore, we utilize data for internal process evaluation and enhancement, generating anonymous statistics and analyses, as well as facilitating the acquisition or disposal of receivables, businesses, business units, or companies. All these efforts are aimed at safeguarding further legitimate interests.

 

8. How long do we process personal data?

We retain your personal data for as long as necessary for the purposes of processing, typically for the duration of the contractual relationship. Furthermore, we maintain your data for as long as we have a legitimate interest in storage, such as enforcing legal claims, ensuring IT security, or for archival purposes. Additionally, certain data may be subject to legal retention requirements, with some data requiring preservation for up to ten years. Upon expiration of these periods, we proceed to delete or anonymize your personal data.

9. How do we protect your data?

We employ suitable technical and organizational measures to uphold the security of your personal data, tailored to the specific risks at hand. Nevertheless, while we strive to ensure data security to the fullest extent possible, it’s important to acknowledge that absolute security cannot be guaranteed, and residual risks may persist despite our efforts.

10. What are your rights?

Under applicable data protection laws, you have specific rights that allow you to request information about your personal data and influence how we handle it:

• Access: You can request details about whether we process your personal data, what information we hold, and additional insights into our data processing practices.
• Rectification: If you believe any of your personal data is inaccurate or incomplete, you have the right to request corrections.
• Erasure and Objection: You can request the deletion of your personal data and object to how we process it in the future.
• Portability: Upon request, you can receive your personal data in a structured, commonly used, and machine-readable format if the processing is based on your consent or necessary for contractual purposes.
• Withdrawal: If we process your data based on your consent, you have the right to withdraw it at any time. However, please note that this doesn’t affect the legality of our data processing before withdrawal.

To exercise any of these rights, please don’t hesitate to reach out to us (Section 2). Please be aware that we may need to verify your identity before fulfilling your request.