Privacy policy
With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our ellaterrae.ch website. We specifically inform you about the purposes, methods, and locations of our data processing. We also inform you about the rights of individuals whose data we process.
Additional privacy policies and other legal documents, such as general terms and conditions, terms of use, or participation conditions, may apply to specific or additional activities and operations.
We are subject to Swiss data protection law as well as, where applicable, foreign data protection laws, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Information Responsible for processing personal data:
Ladanyi Flower Design
8 Eintracht CH-6386
Wolfenschiessen
We will indicate if there are other responsible parties for processing personal data in specific cases.
2. Terms and Legal Bases
2.1 Terms
Personal data includes all information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data. Processing includes any handling of personal data, regardless of the methods and procedures used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, organizing, structuring, storing, altering, disseminating, linking, destroying, and using personal data. The European Economic Area (EEA) includes the EU member states as well as Liechtenstein, Iceland, and Norway. The GDPR refers to the processing of personal data as the processing of personal data.
2.2 Legal Bases We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (ODP). We process personal data, to the extent and insofar as the GDPR is applicable, according to at least one of the following legal bases:
• Article 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Article 6(1)(f) GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, provided the fundamental freedoms and rights and interests of the data subject do not outweigh them. Legitimate interests include our interest in performing our activities and operations in a sustainable, user-friendly, secure, and reliable manner, ensuring information security, protecting against misuse, enforcing legal claims, and complying with Swiss law.
• Article 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under applicable law of the EEA member states.
• Article 6(1)(e) GDPR for the necessary processing of personal data to perform a task in the public interest. • Article 6(1)(a) GDPR for processing personal data with the consent of the data subject.
• Article 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Nature, Scope, and Purpose We process personal data that is necessary to perform our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may include categories of inventory and contact data, browser and device data, content data, meta/edge data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for as long as necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are particularly specialized providers whose services we use. We ensure data protection with such third parties as well.
We generally process personal data only with the consent of the data subjects. Where processing is permitted for other legal reasons, we may dispense with obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.
In this context, we particularly process information voluntarily provided by a data subject when contacting us – for example, by letter, email, instant messaging, contact form, social media, or phone – or when registering for a user account. We may store such information, for example, in an address book or similar tools. If we receive data about other people, the transmitting persons are required to ensure data protection towards those individuals and to ensure the accuracy of the personal data.
We also process personal data obtained from third parties, public sources, or collected during our activities and operations, provided such processing is legally permitted.
4. Personal Data Abroad We generally process personal data in Switzerland and the EEA. However, we may also export or transmit personal data to other countries, especially to process or have it processed there.
We may export personal data to any country or territory on Earth and elsewhere in the universe, provided the local law ensures adequate data protection according to a decision by the Swiss Federal Council or, where applicable, a decision by the European Commission. We may transfer personal data to countries whose laws do not ensure adequate data protection, provided data protection is guaranteed for other reasons, particularly based on standard data protection clauses or other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as explicit consent from the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide information about any guarantees or provide copies of any guarantees upon request.
5. Rights of Data Subjects
5.1 Data Protection Claims
We grant data subjects all rights under the applicable data protection law. Data subjects particularly have the following rights:
• Information: Data subjects can request information on whether we process personal data about them and, if so, which personal data it is. Data subjects also receive the information necessary to exercise their data protection rights and ensure transparency. This includes the processed personal data itself, but also, among other things, information on the processing purpose, retention duration, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
• Deletion and Objection: Data subjects can have personal data deleted (“right to be forgotten”) and object to the future processing of their data. • Data Portability: Data subjects can request the release of personal data or the transfer of their data to another controller. We may postpone, restrict, or deny the exercise of data subjects’ rights to the extent legally permissible. We may inform data subjects about any requirements that must be met to exercise their data protection claims. For example, we may refuse to provide information wholly or partly by referencing business secrets or the protection of other individuals. We may also refuse to delete personal data wholly or partly by referencing statutory retention obligations.
In exceptional cases, we may charge costs for exercising rights. We inform data subjects of any potential costs in advance.
We are required to take reasonable measures to identify data subjects who request information or exercise other rights. Data subjects are obligated to cooperate.
5.2 Right to Complain
Data subjects have the right to enforce their data protection claims through legal action or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Data subjects have the right to lodge a complaint with a competent European data protection supervisory authority to the extent and insofar as the GDPR is applicable.
6. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the risk. However, we cannot guarantee absolute data security.
Access to our website is provided through transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the rest of Europe, the United States, and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police forces, and other security authorities.
7. Use of the Website
7.1 Cookies
We may use cookies. Cookies, both our own (first-party cookies) and those from third parties whose services we use (third-party cookies), are data stored in the browser. Such stored data does not have to be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, in particular, the recognition of a browser on the next visit to our website and thereby, for example, measure the reach of our website. Permanent cookies can also be used for online marketing, for instance.
Cookies can be disabled or deleted in the browser settings at any time, either partially or entirely. Without cookies, our website may no longer be fully available. We request active consent for the use of cookies where required.
7.2 Server Log Files We may collect the following information for each access to our website if transmitted by your browser to our server infrastructure or determined by our web server: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific subpage of our website accessed including data volume transferred, and the last webpage accessed in the same browser window (referrer or referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website in a permanent, user-friendly, and reliable manner, as well as to ensure data security and thereby particularly protect personal data, also through third parties or with the help of third parties.
7.3 Tracking Pixels
We may use tracking pixels on our website. Tracking pixels, also known as web beacons, are small, usually invisible images that are automatically retrieved when visiting our website, even from third parties whose services we use. Tracking pixels can capture the same information as server log files.
8. Notifications and Communications
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
8.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that record whether a single communication has been opened and which web links have been clicked. Such web links and tracking pixels can also capture the use of notifications and communications on a personal basis. We need this statistical recording of usage for success and reach measurement in order to send notifications and communications effectively, user-friendly, permanently, securely, and reliably based on the needs and reading habits of recipients.
8.2 Consent and Objection
You generally must expressly consent to the use of your email address and other contact addresses unless the use is permitted for other legal reasons. You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Required notifications and communications related to our activities and operations remain reserved.
9. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA). The general terms and conditions (GTC) and usage terms, as well as privacy statements and other provisions of the respective platform operators, apply. These provisions inform in particular about the rights of affected individuals directly against the respective platform, such as the right to information.
10. Services from Third Parties
We use services from specialized third parties to perform our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. In the case of such embedding, the services used necessarily collect at least temporarily the IP addresses of users for technical reasons. For necessary security-relevant, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes performance or usage data, for example, to be able to offer the respective service.
We use in particular:
Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and Security Principles,” Privacy Policy, “Google’s Commitment to Data Protection Laws,” “Privacy Guide for Google Products,” “How We Use Data from Sites or Apps Where Our Services Are Used” (information from Google), “Types of Cookies and Other Technologies Used by Google,” “Personalized Advertising” (activation / deactivation / settings).
10.1 Digital Infrastructure
We use services from specialized third parties to utilize the necessary digital infrastructure in connection with our activities and operations. This includes hosting and storage services from selected providers.
10.2 Social Media Functions and Social Media Content
We use services and plugins from third parties to embed functions and content from social media platforms, and to enable the sharing of content on social media platforms and other ways. We use in particular:
Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Information on data protection: Instagram Privacy Policy, Facebook Privacy Policy.
10.3 Payments
We use specialized service providers to securely and reliably process payments from our customers. For payment processing, the legal texts of the respective service providers, such as general terms and conditions (GTC) or privacy statements, apply additionally.
We use in particular:
11. Success and Reach Measurement
We attempt to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We can also try and compare how different parts or versions of our online offering are used (“A/B test” method). Based on the results of success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offering. For success and reach measurement, the IP addresses of individual users are generally stored. IP addresses are generally shortened (“IP masking”) in this case to follow the principle of data minimization through the corresponding pseudonymization. In success and reach measurement, cookies may be used and user profiles may be created. Any created user profiles generally only contain pseudonymized data and are not used to identify individual users. Individual third-party services, where users are logged in, can potentially associate the use of our online offering with the user account or user profile at the respective service.
12. Final Provisions
We created this privacy policy with the privacy policy generator from Datenschutzpartner. We can adapt and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate form, in particular by publishing the current privacy policy on our website.
