Privacy Policy

With this privacy policy we explain which personal data we process, for what purpose, how and where, in particular in the context of our website and our other offerings. This privacy policy also informs about the rights of individuals whose data we process.

For certain offerings and services, or as a supplement, special, additional privacy policies or other legal documents such as general terms and conditions (GTC), terms of use or terms of participation may apply.

Our offering is subject to Swiss data protection law as well as, where applicable, any other foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides an adequate level of data protection.

1. Contact addresses

Responsibility for processing personal data:

LINDEGGER ET FILS SA SA

Cours de Rive 15

1204 Geneva

Tel. +41 (0)22 735 29 11

E-mail: info@lindegger-optic.ch

We indicate where, on a case-by-case basis, there are other controllers for the processing of personal data.

2. Processing of personal data

2.1 Terms

Personal data are all information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular storage, disclosure, acquisition, collection, deletion, retention, alteration, destruction and use of personal data.

The European Economic Area (EEA) includes the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

To the extent and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data on at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.

  • Art. 6(1)(f) GDPR for the processing of personal data necessary to safeguard our legitimate interests or those of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not override them. Legitimate interests include in particular our interest in providing our offering in a sustainable, user-friendly, secure and reliable manner and, where necessary, being able to promote it, information security as well as protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.

  • Art. 6(1)(c) GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under the law of any EEA member state that may be applicable.

  • Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.

  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.

  • Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.

2.3 Nature, scope and purpose

We process the personal data that are necessary in order to provide our offering in a sustainable, user-friendly, secure and reliable manner. Such personal data may in particular include master and contact data, browser and device data, content data, meta or peripheral data and usage data, location data, sales data, contract data and payment data.

We process personal data for as long as the duration required for the relevant purpose or purposes or as required by law. Personal data whose processing is no longer necessary are anonymized or deleted. The persons whose data we process in principle have a right to erasure. We in principle process personal data only with the consent of the data subject unless processing is permitted for other legal reasons, for example for the performance of a contract with the data subject and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests, where processing is evident from the circumstances or after prior information.

In this context, we process in particular the information that a data subject voluntarily and freely provides to us when making contact – for example by post, e-mail, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM system) or using comparable tools. If you transmit data about other persons to us, you are obliged to ensure the data protection of those persons as well as the accuracy of that personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our offering, to the extent and insofar as such processing is legally permitted.

Personal data arising from applications are processed only to the extent that they are necessary for assessing suitability for an employment relationship or for the subsequent performance of an employment contract. The personal data necessary for conducting an application procedure result from the information requested or provided, for example as part of a job advertisement. Applicants have the opportunity to voluntarily provide additional information for their respective applications.

2.4 Processing of personal data by third parties, including abroad

We may have personal data processed by commissioned third parties or process it jointly with third parties as well as with the help of third parties or disclose it to third parties. These include in particular providers whose services we use. We also ensure adequate data protection with such third parties. These third parties are in principle located in Switzerland and in the European Economic Area (EEA). These third parties may also be located in other states and territories worldwide, provided that their data protection law ensures an adequate level of data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – to the extent and insofar as the General Data Protection Regulation (GDPR) is applicable – according to the assessment of the European Commission, or where adequate data protection is ensured for other reasons, for example by means of a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or by corresponding certification. Exceptionally, such a third party may be located in a country that does not guarantee adequate data protection, provided that the data protection requirements, such as the explicit consent of the data subject, are met.

3. Rights of data subjects

Data subjects whose personal data we process have the rights provided for under Swiss data protection law. This includes the right of access as well as the right to rectification, erasure or blocking of the processed personal data. Data subjects whose personal data we process may – to the extent and insofar as the GDPR is applicable – request free confirmation of whether we process their personal data and, if so, information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability and have their personal data rectified, erased ("right to be forgotten"), blocked or completed.

Data subjects whose personal data we process may – to the extent and insofar as the GDPR is applicable – revoke any consent given at any time with effect for the future and object at any time to the processing of their personal data. Data subjects whose personal data we process have a right to lodge a complaint with a competent supervisory authority. The data protection supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, processing personal data over the Internet may, despite such measures, always involve security vulnerabilities. We cannot therefore guarantee absolute data security.

Access to our online offering is carried out using transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Access to our online offering is subject – like in principle any use of the Internet – to mass surveillance without cause or suspicion as well as other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other states. We cannot directly influence the corresponding processing of personal data by intelligence services, police services and other security authorities.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – whether our own cookies (first-party cookies) or cookies of third parties whose services we use (third-party cookies) – are data stored in your browser. Such stored data are not necessarily limited to conventional text cookies. Cookies cannot execute any programs or transmit malware such as Trojans or viruses.

When you visit our website, cookies may be stored temporarily in your browser as "session cookies" or for a certain period as permanent cookies. "Session cookies" are automatically deleted when you close your browser. Permanent cookies have a set storage period. They allow, in particular, your browser to be recognized on your next visit to our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used, for example, for online marketing purposes.

You can disable all or part of the cookies in your browser settings at any time and delete them. Without cookies, our website may not be fully available. Where and to the extent necessary, we ask for your explicit consent.

For cookies used for success and reach measurement or advertising purposes, a general objection ("opt-out") is possible for many services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Tracking pixels

We may use tracking pixels on our website. Tracking pixels – including those of third parties whose services we use – are small, usually invisible images that are automatically loaded when our website is visited. The following information may be collected by means of tracking pixels: date and time, including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individually accessed subpage of our website, including amount of data transferred, last web page accessed in the same browser window (referrer).

6. Notifications and communications

We may send notifications and communications such as newsletters by e-mail and via other communication channels, for example instant messaging.

6.1 Success and reach measurement

Notifications and communications may contain web links or tracking pixels that record whether a particular message was opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We need this statistical recording of use for success and reach measurement in order to be able to provide notifications and communications in an effective, user-friendly, sustainable, secure and reliable manner in line with the needs and reading habits of the recipients.

6.2 Consent and objection

You must in principle expressly consent to the use of your e-mail address and other contact details unless use is permitted for other legal reasons. For any consent to receive e-mails, we use the double opt-in procedure where possible, meaning that you receive an e-mail containing a web link which you must click to confirm so that no abuse by unauthorized third parties can occur. We may log such consents, including the Internet Protocol (IP) address and the date and time, for evidentiary and security purposes.

You can in principle unsubscribe from notifications and communications such as newsletters at any time. By unsubscribing, you can in particular object to the statistical recording of usage for the purpose of success and reach measurement. Notifications and communications that are absolutely necessary for our offering remain reserved.

6.3 Service providers for notifications and communications

We send notifications and communications via third-party services or with the help of service providers. Cookies may also be used for this purpose. We also ensure adequate data protection with such services.

7. Social media

We are present on social media platforms and other online platforms so that we can communicate with interested persons and inform them about our offering. In doing so, personal data may also be processed outside Switzerland and the European Economic Area (EEA). In each case, the general terms and conditions (GTC) and terms of use as well as the privacy policies and other provisions of the respective operators of such online platforms also apply. These provisions inform in particular about the rights of data subjects, including in particular the right of access.

8. Success and reach measurement

We use services and programs to determine how our online offering is used. In doing so, we can, for example, measure the success and reach of our online offering as well as the effect of links from third parties to our website. We can also, for example, test and compare how different versions of our online offering or parts of our online offering are used ("A/B testing method"). Based on the results of success and reach measurement, we can in particular correct errors, strengthen particularly requested content or make improvements to our online offering.

The use of services and programs for success and reach measurement requires the recording of Internet Protocol (IP) addresses of certain users. IP addresses are in principle shortened in order to follow the principle of data minimization through corresponding pseudonymization and to improve the data protection of visitors to our website ("IP masking").

When using services and programs for success  and reach measurement, cookies may be used and user profiles may be created. User profiles include, for example, pages visited or content viewed on our website, information about the size of the screen or browser window and the location – at least approximate. In principle, user profiles are created only in pseudonymized form. We do not use user profiles to identify individual visitors to our website. Certain services to which you are logged in as a user may possibly assign the use of our online offering to your profile on the respective service, provided that you normally had to give your prior consent to such assignment.

We use in particular:

9. Third-party services

We use third-party services in order to be able to provide our offering in a sustainable, user-friendly, secure and reliable manner. These services also serve to integrate content into our website. These services – for example hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, because otherwise they cannot transmit the corresponding content. These services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed. 

For their own security, statistical and technical purposes, third parties whose services we use may also process data related to our offering as well as data from other sources in aggregated, anonymized or pseudonymized form – in particular with the help of cookies, log files and tracking pixels.

9.1 Digital infrastructure

We use third-party services in order to be able to use the digital infrastructure required for our offering. This includes, for example, hosting and storage services provided by specialized providers.

For hosting the frontend and API of our website, we use Vercel. The service provider is Vercel Inc., based in San Francisco, USA. The server location is Frankfurt, Germany. You can find further information in Vercel’s terms and conditions and privacy policy.

Our complete database, including media and the authentication system, is hosted by Supabase. The service provider is Supabase Inc., also based in San Francisco, USA. The server location is also Frankfurt, Germany. You can find further information in Supabase’s terms and conditions and privacy policy.

9.2 Contact options

We may use third-party services to communicate better with you and others, for example our customers. We also ensure adequate data protection with such third parties.

9.3 Audio and video conferencing

We use audio and video conferencing services so that we can communicate online. This allows us, for example, to hold virtual meetings, online classes or webinars. In addition to this privacy policy, the terms of use or privacy policies and other visible terms of the services used apply, where available.

We use in particular:

9.4 Map material

We use third-party services in order to be able to integrate maps into our website.

We use in particular:

9.5 Audiovisual media

We use third-party services to enable direct playback of audiovisual media such as music or videos on our website.

We use in particular:

9.6 Fonts

We use third-party services in order to integrate fonts as well as selected icons, logos and symbols into our website.

10. Final provisions

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and supplements in an appropriate manner, in particular by publishing the then-current privacy policy on our website.