Privacy policy

C&G Trading GmbH
Seestrasse 89
Küsnacht 8700
Schweiz
Email: info@xpwear.com

Company Name: C&G Trading GmbH / xpwear

 

1      General

1.1       Introduction & Principles

C&G Trading GmbH or xpwear, Seestrasse 89, 8700 Küsnacht, Switzerland (hereinafter referred to as "we" or "us") attaches great importance to the protection of your personal data (information and details). When storing and processing your user data, we therefore fully comply with the relevant European, federal and cantonal legal regulations.

We take all reasonable steps to ensure that personal information cannot be accessed by unauthorized third parties. In addition, we will only disclose user information if we are required to do so by law or regulation.

For certain online services, the provision and registration of your personal data is unavoidable. If you provide us with personal information online that is not related to the conclusion of a contract, this personal data will not be evaluated or used or passed on for other purposes, unless you are expressly informed of this (e.g. by pointing out and subsequently accepting this data protection provisions).

By using the official website or .dem accepting this privacy policy, you consent to the processing in accordance with the following explanations.

1.2       Scope

Our privacy policy applies in particular to the following processing processes:

• Visiting our websites (www.xpwear.com, www.xpwear.ch, www.xpwear.de and www.xpwear.at)
• Contact via contact form
• Marketing measures
• E-mail traffic
• All processing processes related to the execution of the contract

 

This privacy policy does not apply to external websites to which you can access via a link to our websites. We do not monitor external websites and take no responsibility for how external websites place their own cookies or process personal data. Find out more about the privacy policy and general conditions applicable to this website on the respective website.

2      Responsible body for data collection

The controller is understood to be the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

The person responsible for data processing on this website is:

C&G Trading GmbH, Seestrasse 89, CH-8700 Küsnacht

 

E-Mail: info@xpwear.com

 

3      Categories of data collected / purpose of use

Basically, you provide us with your personal data for specific purposes. However, this personal data may also be used for other purposes where we have the right and permission to do so (legal basis/consent). We may also use personal information from other companies or sources for certain purposes where permitted by law.

The following categories of data will be processed, provided that you have transmitted them directly or indirectly to the responsible bodies:

• Contact details
• Payment, Purchase and Transaction Information
• Body measurements / clothing size
• Information about the customer account
• Information about behaviour on our websites
• Preferences in relation to our products
• Browsing Information
• About mobile devices
• Interaction and activities on social media (comments, reviews, etc.)
• Correspondence
• Personal opinion (reviews, social media interactions, etc.)

4      Data protection when visiting our websites

4.1       Data Security and Encryption

Together with our provider, we have taken appropriate technical and organizational security measures to prevent accidental or intentional manipulation, loss or destruction of data or unauthorized access to it when using our website.

Encryption and a secure connection can be recognized by the "https://" extension in the address bar. In addition, depending on the browser type, a security lock or key symbol is displayed in the status bar at the bottom of the browser window and/or in the address bar of the browser.

When an encrypted connection is established, our server certificate together with the server address is first checked by the certification authority for validity and affiliation. This process ensures that your data is really sent to us and cannot be diverted to third parties. In addition, the certificate contains the key for encryption.

Older web browsers do not support SSL or TLS encryption technology. If you are using an older browser version, we recommend that you update to a newer version. We do not accept any liability for loss of data or diversion of data to third parties if browsers that do not support SSL or TLS encryption technology are used or necessary updates have not been made.

4.2       Cookies / Tracking and other technologies and services related to the use of our website

Our system uses targeted cookies to provide visitors with a better user experience. Cookies are small files that are exchanged between the visitor's browser and the web server and are written to the hard drive by the visitor's browser. Cookies can also be switched off (under browser settings / Except for so-called "essential cookies").

Among other things, cookies enable us to recognise visitors to our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their login details each time they visit the website, because this is done by the website and the cookie stored on the user's computer system.

The following data may be collected:

• Information about the type of browser and the version used
• the user's IP address
• Date and time of access
• Path of the accessed website
• Status of the accessed website 

If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

For websites, we use the consent technology of Digital Data Solutions B.V. (CookieFirst) to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document them in compliance with data protection regulations. The provider of this technology is Digital Data Solutions B.V. (CookieFirst). We are entitled to change providers without corresponding notice to customers or visitors to the website.

4.3       Analysis Tools

We use a wide variety of analysis tools to identify analyses of customer behaviour on our websites. The reason for this is that visitors to the website can be shown customer-specific advertising on social networks or other advertising platforms and a solution that is as tailor-made as possible can be developed.

It is possible that data that does not allow any direct conclusions to be drawn about the person may be transmitted to analytics service providers abroad (e.g. Google Analytics, Google Tag Manager, FB Pixel, etc.) in order to process the above-mentioned process.

The following analysis tools can be used on our website:

• Shopify Analytics
• Meta Pixel
• Tiktok Pixel 

The latter tools are used to store personal information, such as the time of access, the location from which the access originated and the frequency of visits to our websites by the data subject. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is passed on to companies (e.g. Meta) in the United States of America. This personal data is stored by Meta in the United States of America. Meta may pass on this personal data collected through the technical process to third parties. Meta's privacy policy applies. These must be consulted independently by the person concerned.

We have no influence on the disclosure by the analytics tool provider.

4.4       Hosting

In the following, hosting is understood to mean the provision of web storage space. We host the content of the website with the following provider:

Shopify International Limited

Victoria Buildings, 2. Etage

1-2 Haddington Road

Dublin 4, D04 XN32, Ireland

 

The personal data collected on this website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The external hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.

Our host will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

4.5       External service providers on the website / links to other websites

The following service providers can be integrated into our website:

• X (formerly Twitter)
• LinkedIn
• YouTube
• Xing
• Instagram
• Facebook
• TikTok
• External payment service providers (Visa, Mastercard, American Express, PayPal, Apple Pay, Shopify, Twint)
• Google (u.a. Google Maps, Google Invisible reCAPTCHA)
• Adobe Fonts
• Swiss Post 

When using the above-mentioned services, the privacy policies of the respective third-party providers apply. Data collected as a result of visiting the website may be passed on to the above-mentioned third parties, which may be based in third countries. A transfer of your data to a third country is therefore possible. The responsibility for becoming aware of the relevant data protection provisions lies with the data subject himself/herself. We have no influence on the processing activities of the third party.

5      Recipients of the disclosed data / processing by third parties

The recipient of the personal data provided by you is, without any indication to the contrary in this Privacy Policy or any other explicit reference, us.

Exceptions: External service providers as  well  as companies that belong to the same group as us, who process the data that is absolutely necessary for this purpose on our behalf. All of these data recipients have committed themselves in their data protection regulations or in an order processing agreement to ensure compliance with data protection and data security.

This means that we can have data processed by a processor. In any case, the legal requirements will be complied with and the processor will be contractually obliged to process the data only in accordance with the contractual agreements between us and the data subject in accordance with the present data protection regulations. Every person has the right to prohibit the disclosure of the data or the storage of the data with external service providers (e.g. cloud providers), provided that our contractual obligations can still be fulfilled as a result.

Notices in this policy regarding the processing of your data by third parties when you visit our website reflect the state of knowledge of us at the time of writing this privacy policy. We have no control over any changes in the practices of these third parties. Despite periodically updating the privacy policy, you should still check the current privacy policy of these third parties before using our online shops.

6      Comments

For the comment function on this website, in addition to your comment, information about the time the comment was created, your e-mail address and, if you do not post anonymously, the username you have chosen, will be stored.

7      Data protection for our customers

7.1       Contract Processing / Retention

In order to process the contract, it is imperative to process personal data.

Therefore, we collect personal data in order to process data in accordance with the law and store it in accordance with the relevant articles of the law for legally compliant accounting.

8      E-Mail / Newsletter

You will only receive e-mails or e-newsletters from us with your consent and can be excluded from receiving further communications at any time. If data is obtained from a third party, we may use personal data for marketing purposes after fulfilling the necessary information obligations in accordance with the relevant legal provisions. You can also prohibit this editing at any time.

By concluding a purchase contract with us, you agree that the personal data may be processed by us for marketing purposes by means of newsletters. A revocation can be asserted at any time.

Note on e-mail traffic: Please note that the e-mails from you to us or from us to you are not encrypted and are therefore not considered a secure means of communication. E-mails can be cached, evaluated and read by intermediaries, for example by e-mail providers (such as Hotmail, Gmail, Cablecom, etc.), employers (for business e-mails), etc., but also by so-called "man in the middle", especially - but not only - when using WLAN. Do not use e-mails to communicate confidential matters or to transmit confidential data, especially personal data.

We would also like to draw your attention to the fact that e-mails can be stored on external servers (so-called clouds).

The newsletter is sent via the mailing service provider 'MailChimp'. This is based in the USA. It is therefore possible that your personal data will be disclosed when the newsletter is sent to the USA.

9      Newsletter-Tracking

The newsletters as well as other marketing measures by e-mail may contain so-called tracking pixels. A web beacon is a miniature graphic that is embedded in such e-mails, which are sent in HTML format to enable log file recording and log file analysis. As a result, a statistical evaluation of the success or failure of online marketing campaigns can be carried out. The embedded tracking pixel allows us to see if and when an email has been opened by a data subject and which links in the email have been accessed by the data subject. Such personal data collected via the tracking pixels contained in the newsletters will be stored and evaluated by the controller in order to optimize the newsletter dispatch and to adapt the content of future newsletters or marketing measures even better to the interests of the data subject. Data subjects are entitled to revoke the declaration of consent given in this regard at any time. We automatically interpret unsubscribing from receiving the newsletter or other marketing measures as a revocation.

10   Online Events / Competitions

The processing of personal data in the context of online events and competitions is based on the consent of the data subjects, which is obtained in each case when registering for the competition.

By registering for an event or competition, you agree that companies closely associated with us may display, edit, analyze and use your information internally for any post-processing. We also reserve the right to review all registrations and revoke them in justified cases.

The processing in connection with competitions is carried out either by ourselves or by processors specifically commissioned for the respective processing, with whom there are written contracts that regulate in particular the confidential and secure processing of this data in accordance with our instructions.

Data subjects have the right to withdraw their consent at any time and to object to the further processing of their data.

11   Online-Meetings

To communicate with our customers, we use online conference tools, among other things. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

With regard to the processing by us, the present data protection provisions apply. The processing by the provider of a corresponding platform is carried out on the basis of its data protection provision and must be noted by the customer in advance if necessary.

12   Customer reviews on our website

Customers who leave a written review for the products purchased may be published on our website as a reference review.

A revocation of consent to publication can  be communicated to info@xpwear.com at any time.

13   Marketing as a result of data disclosure

If you deposit/give your e-mail address or postal address on our website and accept this privacy policy, this may subsequently be used by us to send a newsletter or for the delivery of advertising. In such a case, the contact details will be used by us exclusively for the delivery of the newsletter and direct advertising.

Consent to the delivery of advertising or newsletters can be revoked at any time.

If you provide contact details that allow you to contact us by phone, we may use them for marketing purposes.

14   Obtaining personal data from third parties

In addition to the collection of personal data directly from the data subjects, we also reserve the right to obtain data from third parties, in particular for credit checks and for the procurement of purchase probability values. The personal information relevant for order and payment processing may be transmitted to a specialized company in Switzerland for credit checks.

We may also obtain data from third parties for marketing purposes. In such a case, we protect the rights of the person concerned to information and access. These can  be claimed under info@xpwear.com.

Among other things, e-mail address, surname, first name and residential address can be obtained.

15   Payment Fraud Detection

In order to process the orders, to provide you with different payment options, to provide a smooth payment process, to ensure that your payment is received, as well as to comply with the requirements of our Terms and Conditions (to sell products to you), including invoice processing, delivery, personalization services, exchanges and refunds, it cannot be concluded that our solutions for detecting Consider fraud in your transaction to be suspicious and potentially fraudulent. Please note that the payment fraud detection system is based on automated decision-making. This is necessary for us to conclude the contract with you. You have the right to request a human review of this decision.

16   Rights of individuals

A deletion or correction of the personal data can be requested at any time under info@xpwear.com. The prerequisite for binding deletion is that the user no longer has an existing contractual relationship with us and that there are no statutory retention obligations that speak against deletion.

All other rights granted by the Data Protection Act can be exercised under the above-mentioned e-mail address. In particular, information about data processing within our company can be obtained.

We are entitled to request proof of identity of the person asserting information rights. This is in order to protect the interests of all persons/parties involved.

17   Legal basis according to the General Data Protection Regulation (GDPR)

Insofar as you have given us your consent for the processing of your personal data, this was the legal basis for the processing (Art. 6 (1) (a) GDPR).

Please also note Section 3 for consent to the transfer of data to recipients outside the European Economic Area (Art. 49 para. 1 sentence 1 letter a GDPR).

The legal basis for the processing of personal data for the purposes of initiating or fulfilling a contract with you is Art. 6 (1) (b) GDPR.

In addition, we process personal data for the purposes of safeguarding our legitimate interests as well as the legitimate interests of third parties in accordance with Art. 6 (1) (f) GDPR (e.g. third-party payment services). The maintenance of the functionality of our IT systems, the (direct) marketing of our own and third-party products and services (insofar as this is not done with your consent) and the legally required documentation of business contacts are such legitimate interests.

18   Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. The processing may also be carried out electronically.

If the controller does not conclude an employment contract with the applicant, the application documents will be deleted promptly after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller or the applicant has given consent to further processing.

19   Excluded Data Processing Processes

This privacy policy does not apply to the processing of personal data of our employees, for which separate regulations apply. It also does not apply to specific types of processing of personal data for which prior information of the data subjects is either prohibited by law or by the authorities, or which only affect a limited group of persons to whom the necessary information about the data processing can be made available separately. Finally, special agreements in the contracts of this privacy policy take precedence in the event of contradictions.

20   Copyright

The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the named rights holders. For the reproduction of all files, the written consent of the copyright holders must be obtained in advance.

21   Alteration

We may amend this Privacy Policy at any time without notice. The current version at the time of use, which is published on our official website, is always used.

Insofar as the Privacy Policy is an integral part of an agreement with you, you will be informed by us in good time of any changes.

22   Disclaimer

We disclaim any liability that goes beyond the mandatory legal requirements.

In particular, with regard to data protection, the accuracy of information (prices or availability of products), links to other websites or the up-to-dateness of website information.

23   Entry into Force / Disclaimer & Applicable Law / Place of Jurisdiction

This Privacy Policy is effective as of 30.10.2023.

Swiss law applies to the legal relationship between us and data subjects with regard to data protection issues. Subject to conflicting mandatory statutory provisions, the exclusive place of jurisdiction is Zurich.

This privacy policy is a translation of the German privacy policy. Please note that expressly the german version of the privacy policy is legally valid.