Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the Swiss Data Protection Act (DSG) is Carmen Müller, Stegacker 8, 6280 Hochdorf, Switzerland, Tel.: 0768314918, E-Mail: info@aureluxe.com. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you accessed the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data, as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies serve to simplify the ordering process by saving settings (e.g., remembering the content of a virtual shopping cart for a later visit to the website).

We may work with advertising partners who help us make our internet offering more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in the following paragraphs.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/temporäres-zulassen-von-cookies-und-website-daten-in-microsoft-edge-597f04f2-c0ce-f08c-7c2b-541086362bd2
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g., via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Your data will be deleted after your request has been fully processed. This is the case if it can be inferred from the circumstances that the matter in question has been definitively clarified and provided that no statutory retention obligations prevent this.

6) Data Processing When Opening a Customer Account and for Contract Fulfillment

Personal data is collected and processed when you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Your customer account can be deleted at any time by sending a message to our address. We store and use the data you provide for contract fulfillment. After deleting your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless we can demonstrate an overriding interest in further processing within the meaning of Art. 31 para. 2 DSG or a legal justification.

7) Use of Single Sign-On Procedures

Facebook Connect

On our website, you can create a customer account or register using the "Facebook Connect" social plugin of the social network Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Quay, Square, Dublin 2, Ireland ("Facebook"), as part of the so-called Single Sign-On technology, if you have a Facebook profile. You can recognize the "Facebook Connect" social plugins on our website by the blue button with the Facebook logo and the inscription "Log in with Facebook" or "Connect with Facebook" or "Sign in with Facebook."

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook.

This information (including your IP address) is transmitted directly from your browser to a Facebook server and stored there; this may also involve a transfer to the servers of Meta Platforms Inc. in the USA.

By using this "Facebook Connect" button on our website, you also have the option to log in or register on our website using your Facebook user data. Only if you give your express consent to the exchange of data with Facebook based on a corresponding notice before the login process, we receive from Facebook, when using the "Facebook Connect" button, depending on your personally made privacy settings on Facebook, the general and publicly accessible information stored in your profile. This information includes the user ID, name, profile picture, age, and gender.

We point out that after changes to Facebook's privacy policy and terms of use, with your consent, your profile pictures, the user IDs of your friends, and your friends list may also be transferred if these have been marked as "public" in your Facebook privacy settings. The data transmitted by Facebook is stored and processed by us to create a user account with the necessary data, if you have released it to Facebook (title, first name, last name, address data, country, e-mail address, date of birth). Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) can be transferred from us to your Facebook profile.

The given consent can be revoked at any time by sending a message to the controller mentioned at the beginning of this declaration.

For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for protecting your privacy, please refer to Facebook's privacy policy: http://www.facebook.com/policy.php

If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g., with "Adblock Plus" (https://adblockplus.org/de/).

8) Use of Your Data for Direct Marketing

8.1 Newsletter Subscription

By providing your personal data, you agree that we may use this data to send you newsletters.

We store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when subscribing to the newsletter is used exclusively for the purpose of promotional communication via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending us a corresponding message. After unsubscribing, your e-mail address will be immediately deleted from our newsletter distribution list, unless we can demonstrate an overriding interest in further processing within the meaning of Art. 31 para. 2 DSG or a legal justification.

8.2 Sending E-mail Newsletters to Existing Customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our product range by e-mail, similar to those you have already purchased. For this, we do not need to obtain separate consent from you. Data processing in this respect is based solely on our legitimate interest in personalized direct marketing. If you initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

9) Data Processing for Order Fulfillment

9.1 The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract fulfillment, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If special service providers are used for order processing, we will inform you about this explicitly below.

9.2 To fulfill our contractual obligations to our customers, we cooperate with external shipping partners. We pass on your name and delivery address exclusively for the purpose of goods delivery to a shipping partner selected by us.

9.3 Use of Special Service Providers for Order Processing and Fulfillment

- DSers

For order processing, we use the following provider: Bowers Enterprises, LLC, 109 Cloister Drive, Peachtree City, GA 30269, USA

Name, address, and, if applicable, other personal data are passed on to the provider for the purpose of processing the online order. The transfer of your data only takes place insofar as it is actually necessary for the processing of the order. The provider is also used for accounting. The provider processes incoming and outgoing invoices as well as, if applicable, the bank movements of our company to automatically record invoices, match them to transactions, and create financial accounting from this in a semi-automated process.

If personal data is also processed in this context, the processing takes place on the basis of our legitimate interest in an efficient organization and documentation of our business processes.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the Federal Data Protection and Information Commissioner (FDPIC), which are intended to ensure compliance with the Swiss data protection level.

9.4 Use of Payment Service Providers

- Paypal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal, we transmit your payment data within the scope of payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transmission takes place only insofar as it is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "Pay Later" via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

If the PayPal payment method "invoice purchase" is available and selected, your payment data will first be transmitted to PayPal for payment preparation, whereupon PayPal will forward it to Ratepay GmbH, Franklinstrasse 28-29, 10587 Berlin ("Ratepay") for payment processing. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency according to the principle already mentioned above and passes on your payment data to credit agencies due to the legitimate interest in determining solvency. A list of credit agencies that Ratepay can use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using a local third-party payment method, your payment data is first passed on to PayPal for payment preparation. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the corresponding provider for payment processing:

- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- TWINT
If you choose a payment method from the payment service provider "TWINT", the payment processing is handled by the payment service provider TWINT AG (Stauffacherstrasse 31, CH-8004 Zurich, hereinafter "TWINT"), to whom we transmit the information you provided during the order process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number). Your data is transmitted exclusively for the purpose of payment processing with the payment service provider TWINT and only to the extent necessary for this purpose.

10) Use of Social Media: Social Plugins

Facebook Plugins

Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quay, Square, Dublin 2, Ireland ("Facebook"). The plugins are marked with a Facebook logo or the addition "Social Plugin from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins

When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a server of Meta Platforms Inc. in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or leaving a comment, this information is also transmitted directly to a Facebook server and stored there. The information will also be published on your Facebook profile and shown to your Facebook friends.

If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also prevent the loading of Facebook plugins and thus the data processing described above in the future with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).

For the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and setting options for protecting your privacy, please refer to Facebook's data protection notices:
http://www.facebook.com/policy.php

11) Retargeting/ Remarketing/ Recommendation Advertising

Meta Pixel

This website uses the "Meta Pixel" from Meta Platforms Ireland Limited, 4 Grand Canal Quay, Dublin 2, Ireland ("Meta"). This allows the behavior of users to be tracked after they have seen or clicked on a Facebook and/or Instagram ad. This process serves to evaluate the effectiveness of the advertisements for statistical and market research purposes and can help to optimize future advertising measures.

The collected data is anonymous to us, meaning it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with Meta's Data Usage Policy (https://www.facebook.com/about/privacy/). You can enable Meta and its partners to place advertisements on and outside of Facebook and/or Instagram. A cookie may also be stored on your computer for these purposes.

In this context, personal data may also be transmitted to the servers of Meta Platforms Inc. in the USA.

To deactivate the use of cookies on your computer, you can set your internet browser so that no cookies can be stored on your computer in the future or already stored cookies are deleted. However, disabling all cookies may lead to some functions on our websites no longer being executable. You can also deactivate the use of cookies by third-party providers such as Meta on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/

We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

12) Rights of the Data Subject

The applicable data protection law grants you, as the data subject, the following rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise conditions:

• Right to information according to Art. 25 DSG
• Right to data release or transfer according to Art. 28 DSG
• Right to rectification according to Art. 32 para. 1 DSG

13) Duration of Personal Data Storage

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. retention periods under contract law).

When processing personal data based on explicit consent, the data concerned will be stored until you revoke your consent.

If statutory retention periods exist for data, these data will be stored for the legally prescribed duration.

Otherwise, personal data will be processed as long as you do not expressly prohibit the processing, unless we can demonstrate an overriding interest in further processing within the meaning of Art. 31 para. 2 DSG or a legal justification.