Data Protection


Data Privacy Statement
Lascaux is committed to comply with data protection standards according to applicable European directives that exceed current Swiss regulations. Until a new Swiss data protection law takes effect, the directives of the General Data Protection Regulation, GDPR, also apply to clients based in Switzerland.
We will inform you about our processing of your data in accordance with item 13 of the General Data Protection Regulation (GDPR).


Responsibility
Responsibility as defined in the GDPR is assigned to
Lascaux Colours & Restauro AG
Data Privacy
Zürichstrasse 42
CH-8306 Brüttisellen
infoKrvgkjWnD2S3Q4clascaux.ch
Our data privacy representative can be contacted under the address indicated above.


Usage Data During Visits to Our Website
When users visit our website usage data is temporarily saved on our web server. This usage data forms the basis for statistical, anonymous evaluations aimed at improving the quality of our web pages. Data sets comprise the following items:

  • IP address (abbreviated in such a manner as to prevent any assignment to a person)
  • date and time of the interaction
  • content of the interaction (name of the page/file)
  • transferred data volume
  • operating system and interface
  • access status/http status code
  • information regarding the web browser used for the interaction.
This saved data is saved to our server only in anonymised form. Processing is carried our in compliance with item 6 section 1 f) GDPR.
Every person has a legally guaranteed right to protection of his/her privacy as well as protection against misuse of personal data. We adhere to these regulations. Personal data is treated confidentially and neither sold nor transmitted to any third party.


Data Transfer to Third Parties
Within the framework of commissioned data processing in accordance with item 28 GDPR we transmit your data to service providers who support us in operating our web pages and related processes. Our service providers act strictly in accordance with our instructions and are contractually committed. We assign processing tasks to the following service providers: Incodev, SIX Payment Services, Mailworx, Shwups GmbH, Microsoft, Google, Facebook.
In some cases we transfer personal data to third countries outside the EU. In these cases we are obliged to provide for sufficient levels of data protection. Regarding Google, Facebook and Microsoft such sufficient levels of data protection derive from their membership in the Privacy Shield Agreement (item 45 section 1 GDPR).


Cookies
In order to make a visit to our websites attractive and enable the use of certain functions, to show suitable products or carry out market research, we apply cookies on certain pages. Following a procedure of balancing of interests, these cookies are used to preserve our predominantly legitimate interests in optimising the presentation of our offerings in accordance to item 6 section 1 lit. f GDPR. Cookies are small text files that are automatically stored on your end user device. Some of the cookies we apply are deleted again upon ending the browser session, i. e. when you close your browser (session cookies). Other cookies remain on your device allowing us to recognise your browser at your next visit (persistent cookies). The duration of storage is to be found under the cookie settings of your web browser. You can choose a browser setting that informs you about cookies when they appear and allows you to choose individually whether you wish to accept them, or choose to exclude cookies in certain cases or generally. Every browser is different with regard to how it deals with cookie settings. These are described in the help feature of every browser, where you can find an explanation on how to change your cookie settings.
When cookies are not accepted, the functionality of our web pages may be affected.


Google Analytics
These web pages use Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics applies cookies that are stored on your end user device and can be monitored by us. In this manner we can recognise recurring visitors and count them as such. The data processing is carried out based on item 6 section 1 lit. f) GDPR with the intention to discern how often our websites are used by different users.
The information supplied by the cookie regarding your usage of this website are usually transmitted to a Google server in the USA and stored there. As we have activated IP anonymisation on this website, we have first abbreviated your IP address within member states of the European Union. Only in exceptional cases is the full IP address transmitted to a Google server in the USA (an appropriate level of data privacy in accordance with item 45 section 1 GDPR is provided by Google’s membership in Privacy Shield) and abbreviated there. Furthermore we have concluded a contract with Google Inc. (USA) concerning data processing in accordance with item 28 GDPR. According to this contract Google may only use any information transmitted by us strictly for the specific purpose of evaluating the usage of our website for us and producing reports on website activity.
You can object to such data processing at any given time. Please use one of the following options for this purpose:
1.) You can prevent the storage of cookies by choosing respective settings for your browser software; we need to inform you, though, that not all functions of this website will be fully available if you choose this option.
2.) Moreover you can prevent the registration of the data supplied by the google referring to your usage of the website (including your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
3.) Additionally you can prevent registration by Google Analytics by clicking on the link below. It will install an opt-out-cookie that will durably prevent future registration of your data when you visit this website: javascript:gaOptout()


Facebook
Our web pages integrate plug-ins owned by social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognise the Facebook plug-ins by the Facebook logo or the ‹like› button on our website. An overview over Facebook plug-ins are to be found here: http://developers.facebook.com/docs/plug-ins/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plug-in. Hence Facebook receives the information that you have visited our website with your IP address. When you click the ‹like› button while you are logged into your Facebook account, you can link our pages to your Facebook profile. Then Facebook can assign your visit to our web pages to your user account. We must inform you that we as providers of the web pages have now knowledge regarding the content of data transmitted in this manner, nor how this is processed by Facebook. Further information on this subject is to be found in the privacy statement of Facebook under https://www.facebook.com/about/privacy/. If you do not want Facebook to be able to assign your visit to our web pages to your Facebook user account, please log out of your Facebook account when browsing our pages.


YouTube Videos
We have embedded YouTube videos in our online web pages, which are stored under http://www.YouTube.com and can be played directly from our web pages.
By visiting our web pages YouTube receives the information that you have accessed the respective subpage of our website. Additionally the data referred to under point 3 of this statement is transmitted. This will happen independently of whether YouTube provides a user account, which you are logged in to, or no account exists. When you are logged in to Google, your data is directly assigned to your account. If you wish no assignment to your YouTube account you must log out before activating the button. YouTube stores your data as a user profile and uses them for advertising and market research purposes, or for enhancing the design and performance of their website. Such an evaluation is specifically carried out for providing customised advertising (even for users not logged in) and in order to inform other users of the social network about your activities on our web pages. You have the right to object against the creation of such user profiles, though you need to contact YouTube in order to enforce your objection.
You can find further information regarding usage and scope of data collection and processing by YouTube in their data privacy statement. There you will also find further information regarding your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
Google processes your personal data also in the USA and is committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.


Data Processing in Connection With Orders
We store and use your personal data transmitted over the course of an online order in compliance with item 6 section 1 lit. b) GDPR exclusively for processing your orders. We use your email address exclusively for messages regarding the status of your order. This also applies to all customer services provided in connection with the order and possible later processing of warrantee and guarantee claims.
If necessary personal data will be handed on to the companies involved in executing this contract, for instance financial institutions for payment processing, or logistics companies for the delivery of goods.
The contract data is not deleted if accounts remain unsettled and need settling. If legally binding retention periods exist, the respective data will be stored in an archive until the end of such a period is reached. Contingent extraordinary contractual agreements or special delivery conditions are also stored for the duration of the legally required retention periods.


Data Processing for the Protection of Legitimate Interests
Otherwise data is deleted at least five years after cessation of the contract and only retained for possible requests or in order to assign new orders and to process them as fast as possible. Such data processing is carried out based on item 6 section 1 lit. f) GDPR. You have the right to object to your data being processed. Find further information under ‹Your Rights›.


Voluntary Information
Furthermore some information is given voluntarily. Providing a telephone number, for instance, is voluntary. No negative consequences are connected to not providing this information. It is possible, though, that not providing such information in individual cases can delay or impede subsequent communication.


Data Processing With Consent
Provided information has been given voluntarily or you have given us your consent separately to inform you about our in-house products and services by telephone, in written form or by email, we will process your data based on item 6 section 3 lit. a) GDPR.
Your consent can be withdrawn anytime without affecting the lawfulness of the data processing carried out up to that point in time. When consent is withdrawn we will suspend the respective data processing.


Data Processing for Direct Advertising
We will process your data for the purpose of direct advertising, specifically for mailing our advertising by post and for sending emails for advertising own similar articles. Such data processing is carried out compliant to item 6 section 1 lit. f) GDPR with the intention to inform you about new products and services. Every client has a right to object against such data processing, which, if applied, will lead to the cessation of data processing for direct advertising purposes. A client can object against the usage of his or her data at any time without accruing more than the transmission cost in accordance with the base rates. Provided that data are saved with the sole purpose of direct advertising, this data will be deleted upon objection.


Data Recipients
We only transmit data provided by you in connection with an order to third parties (for instance credit institutions for the purpose of payment processing, service providers for the purpose of enforcing settlements, transport companies) provided a legal authorisation for such data transmission exists.
In addition your data can be forwarded to external service providers who support us with data processing within the framework of commissioned contract data processing strictly in accordance with our instructions.
We will neither sell nor otherwise market your personal data to third parties.


Newsletter
You have the option to subscribe to our newsletter on our website, with which we inform you about our products and services. Here we apply the double opt-in method. This means that, after you have subscribed, we send an email to the email address you have specified asking for a confirmation for your subscription. If your subscription is not confirmed within 24 hours, your information will be locked and eventually deleted after one month. Compulsory information you need to provide in order to receive our newsletter is your email address, your title, first name and surname. Your first name and surname are used for addressing you personally. Furthermore we store the IP addresses you use as well as the exact times of your registration and confirmation. This information is collected in order to prove your subscription and to clarify any possible misuse of your data if necessary.
After your confirmation we will store your personal data referred to above in order to send you our newsletter. The legal basis for this is outlined under item 6 section 1 a) GDPR.
You can withdraw your consent to receiving our newsletter at any time and cancel the subscription. Your withdrawal can be effectuated by clicking on the link contained in every newsletter email, or you can send an email to the email address provided under paragraph 1 of this privacy statement.


Contact Form
You have the option to contact us through a web form. In order to use our web form you will have to provide your name and email address. All other information is voluntary.
The legal basis for processing this data is outlined in item 6 section 1 lit f) GDPR. Our legitimate interest is based on our interest in answering the requests of our clients and visitors to our website and thus to maintain and promote customer satisfaction. Data is not forwarded to any third party.


Registration for Lascaux Events
In order to process your registration for Lascaux events we require personal data from you. We collect and process this data only to the extent necessary for finalising the registration whilst strictly adhering to the regulations as stipulated by the applicable data protection laws and other legal regulations regarding data privacy. The data are encrypted for transmission.
Personal data are not forwarded to any third party, nor are they used for any purpose beyond the processing of your registration.


Company Facebook Page
Under the URL https://www.facebook.com/lascaux.colours we maintain an official Facebook page based on item 6 section 1 lit. f) GDPR. We never collect, store or process personal data from our users on this page. Moreover no other data processing is carried out or initiated by us. Data you provide on our Facebook page such as comments, videos and images, are never used or processed by us for any other purpose.


Data Processing by Facebook
Facebook applies so-called web tracking methods on this our Facebook page. Please beware of the fact that it is impossible to exclude that Facebook may use your profile data for evaluating your habits, personal relations, preferences etc. We have no influence whatsoever on the data processing Facebook applies to your data.
Find more information regarding data processing through Facebook under https://de-de.facebook.com/policy.php.


Google Maps
On these web pages we use Google Maps. This enables us to display interactive maps embedded directly into the website and allows you to use the map feature.
When you visit the website, Google is informed that you have accessed the respective subpage. Furthermore the data referred to in the chapter on ‹Usage Data› in this statement. This occurs regardless of whether Google provides a user account that you are logged in to or whether no user account exists. When you are logged in to Google your data is directly assigned to your account. If you do not wish your data to be assigned to your Google account you need to log out before activating the button. Google stores your data as usage profiles and applies it for advertising, market research and/or for the purpose of enhancing the usability and design of its website. Such evaluations are specifically carried out (even for users that are not logged in) in order to provide optimised advertising and in order to inform other users of the network about your activities on our website. You have the right to object against the creation of such user profiles. In order to enforce your right of objection you need to contact Google. The legal basis for such data processing is outlined in item 6 section 1 f) GDPR.
Further information regarding the purpose and scope of the data collection and processing by the plug-in provider is to be found in the data security statements of the provider. For further information regarding your privacy rights as well as setting options for the protection of your privacy visit http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.


Data Security
In order to protect your data against unauthorised access as extensively as possible we apply technical and organisational measures. On our web pages we apply encryption. Your information are transmitted through the Internet from your computer to our server and vice versa using TLS encryption. This is signalised by the lock symbol in the status bar of your browser as well as by the fact that the address line starts with https://.


Your Rights
With regard to the processing of your personal data the GDPR guarantees certain rights to website users:
1. Right of access (item 15 GDPR):
You have the right to demand a confirmation regarding whether specific personal data belonging to you are being processed; if this is the case you have a right to access these personal data as well as the data individually specified in item 15 GDPR.
2. Right of rectification and deletion (item 16 and 17 GDPR):
You have the right to demand that personal data pertaining to you be rectified respectively completed immediately.
Furthermore you have the right to demand that personal data pertaining to you be deleted immediately when one of the conditions specified in item 17 GDPR is fulfilled, for instance when the data is no longer required for the specified purposes.
3. Right of limitation of data processing (item 18 GDPR):
You have the right to demand that data processing be limited when one of the conditions specified in item 18 GDPR is fulfilled, for instance when you have objected against your personal data being processed, for the period during which your objection is being reviewed.
4. Right of data portability (item 20 GDPR):
In certain cases specified individually under item 20 GDPR, you have the right to demand personal data pertaining to you in a structured, standardised and machine-readable form, respectively to demand these data be transferred to a third party.
5. Right of objection (item 21 GDPR):
If data is collected based on item 6 section 1 lit. f) (data processing for the preservation of legitimate interests) you have the right to object against the processing of your data at any time for reasons arising out of your special situation. We will then no longer process your personal data unless provable and forcible reasons requiring protection are provided, which outweigh the interests, rights and freedoms of the affected person, or the processing of such personal data serves the enforcement, defence or enactment of legal demands.
6. Right of complaint to a supervisory authority
According to item 77 GDPR you have the right to complain to a supervisory authority when you hold the opinion that the processing of your personal data is in breach of data protection regulations. Your right to complain can specifically be addressed to a supervisory authority in the member state of your domicile, your place of work or the place where the presumed breach took place.


Last updated 15 November 2019