ColibriD SA, Grand-Rue 64 1196 Gland, is the operator of the harbl.com website and the services offered on it. ColibriD SA is therefore responsible for the collection, processing and use of your personal data and for the compliance of the data processing with the applicable data protection legislation. Your trust is very important to us, which is why we take data protection very seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance on the Federal Data Protection Act (FDPA), the Telecommunications Act (TCA) and any other data protection provisions of Swiss or EU law that may be applicable, in particular the General Data Protection Regulation (GDPR). To find out what personal data we collect about you and how we use it, please read the information below carefully.
1. Consultation of our website
When you visit our site, our servers record each access in a log file. The following technical data is recorded, in principle as with any connection to a web server, without any intervention on your part and stored by us:
- the IP address of the computer accessing the site,
- the name of the owner of the IP space (usually your Internet Service Provider),
- the date and time of access,
- the website from which you linked to our site (original URL) and any search
- terms used,
- the name and URL of the file accessed,
- the status code (e.g. error message),
- the operating system of your computer,
- the browser you are using (type, version and language),
- the communication protocol used (e.g. HTTP/1.1) and
- possibly your username from a registration/authentication.
The purpose of collecting and processing this data is to enable the use of our website (establishment of a connection), to ensure the long-term security and stability of the system and to enable the optimisation of our online offering, but also for internal statistical purposes. These processing operations are based on our legitimate interests in accordance with Art. 6 para. 1 letter f RGPD.
2. Creating a customer account
To place orders in our online shop, you can either order as a visitor or create a customer account. When you register for a customer account, we collect the following data:
- first and last name
- postal address
- date of birth
- email address
- phone number
This data is collected in order to provide the customer with direct, password-protected access to his or her master data stored in our system. Here the customer can view completed and open orders or manage/modify personal data.
Your consent in accordance with Art. 6 para. 1 letter a GDPR is the legal basis for the processing of data for this purpose.
3. Purchase from the online shop
If you wish to place orders in our online shop, we require the following data for the execution of the contract:
- first and last name
- phone number
- billing address (if different from delivery address)
- payment information (depending on the payment method chosen)
- login details, i.e. email address and password (for registered customers)
The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR.
4. Transmission of data to third parties
We will only pass on your personal data if you have given your express consent, if we are under a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce our rights arising from the contractual relationship.
In addition, we pass on your data to third parties insofar as this is necessary for the use of the website and the execution of the contract (including outside the website), in particular for the processing of your reservations. This includes the carrier responsible for shipping the ordered goods. Our web host OVH is a service provider to whom we transfer personal data collected via the website, or who has access or may have access to such data. The website is hosted on servers in ROUBAIX – France. The transmission of data is for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest according to Art. 6 para. 1 letter f GDPR.
If we advance benefits, e.g. in the case of payment on account, we may request creditworthiness data from a credit bureau on the basis of mathematical and statistical procedures in order to safeguard our legitimate interests. For this purpose, we transmit the personal data required for a credit analysis to the Crif AG information office and use the information received regarding the statistical probability of an inability to pay to make a well-considered decision regarding the justification, performance or termination of the contract. The creditworthiness data may include probability values (scores) calculated on the basis of scientifically recognised mathematical and statistical procedures and may include contact details in their calculation. Your interests that are deemed worthy of protection are taken into account in accordance with the legal provisions. Our legitimate interest in processing data in accordance with Art. 6 para. 1 letter f GDPR lies in the aforementioned purposes.
5. Data transmission abroad
Cookies make your visit to our site easier, more pleasant and more useful in various ways. Cookies are files containing information that your web browser automatically saves on your computer’s hard drive when you visit our site.
Most web browsers automatically accept cookies. However, you can configure your browser so that it does not store any cookies on your computer or so that a message appears each time you receive a new cookie. The following pages explain how to configure the handling of cookies for the most commonly used browsers:
- Microsoft Bing Explorer
- Microsofts Windows Internet Explorer
- Mozilla Firefox
- Google Chrome for desktop
- Google Chrome for mobile
- Apple Safari for desktop
- Apple Safari for mobile
Disabling cookies may prevent you from using the full functionality of our site.
7. Monitoring tools
For the purpose of the appropriate presentation and continuous optimisation of our website, we use the Google Analytics service. In doing so, we create pseudonymised user profiles and use small text files stored on your computer (“cookies”). The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services and stored and processed for us. In addition to the data listed in section 1 below, we may receive the following information:
- the navigation path taken by a visitor on the site,
- duration of the visit to the site or page,
- the page from which the visitor leaves the site,
- the country, region or city from which an access is made,
- device (type, version, colour depth, resolution, width and height of the browser window) and
- recurring or new visitor.
The information is used to analyse the use of the website, to compile reports on the website’s activities and to provide other services related to the use of the website and the Internet for market research purposes and the appropriate presentation of the website. This information may also be passed on to third parties in the event of a legal obligation or if these third parties are commissioned to process the data.
b. Google Analytics
The provider of Google Analytics is Google Inc. a company of the Alphabet Inc. holding company based in the USA. Before the data is transmitted to the provider, the IP address is abbreviated by activating IP anonymization (“anonymizeIP”) on this website within the Member States of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. Google does not combine the anonymised IP address transmitted by your browser within the framework of Google Analytics with other data. In exceptional cases, the complete IP address will be transmitted to a Google server in the USA and then abbreviated. In this case, we ensure by contractual guarantees that Google Inc. observes an adequate level of data protection. According to Google Inc. the IP address will not be linked to any other data about the user.
Further information about the web analytics service used can be found on the Google Analytics website. You can find out how to prevent your data being processed by the web analytics service at http://tools.google.com/dlpage/gaoptout?hl=fr.
8. Note on data transmissions to the US
For the sake of completeness, we would like to inform users whose domicile or registered office is in Switzerland that the United States is subject to surveillance measures by the US authorities. These measures generally allow the recording of all personal data of persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on purpose and without any objective criterion for limiting the access of the US authorities to the data and their further use to very specific and strictly limited purposes that can justify the harm involved in accessing and using the data. Furthermore, we would like to inform you that in the United States, there is no legal remedy for data subjects from Switzerland to gain access to your data and to have it corrected or deleted, nor is there any effective legal protection against general access rights of the US authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an informed decision about consenting to the use of his or her data.
9. Right to information, rectification, erasure and restriction of processing; right to data portability
On request, you have the right to obtain information about your personal data stored by us. Furthermore, you have the right to the correction of incorrect data and the deletion of your personal data, provided that there is no legal obligation to store the data or no legal basis for processing the data.
You also have the right to demand the return of the data you have provided to us (right to data portability). On request, we will also pass on the data to a third party of your choice. You have the right to obtain the data in a standard format.
You can contact us for the above purposes at the following email address: firstname.lastname@example.org. We may ask you, at our discretion, for proof of identity to process your requests.
11. Data retention
We use appropriate technical and organisational security measures to protect your personal data stored by us against manipulation, partial or total loss and against unauthorised access by third parties. Our security measures are constantly being improved in line with technological developments.
You should always keep your login details confidential and close the browser window when you have finished communicating with us, especially if you are not the only person using the computer.
We also take data protection in our company very seriously. Our employees and the service companies we commission are bound by secrecy and the legal provisions on data protection.
11. Data retention
We only store personal data for as long as is necessary for the use of the above-mentioned monitoring and analysis services and for further processing based on our legitimate interest. We retain contractual data for a longer period as required by legal retention obligations. The retention obligations that require us to retain data arise from financial accounting and tax law. According to these provisions, business communication, concluded contracts and accounting documents must be kept for a maximum of 10 years. As soon as we no longer need these data for the performance of the services, they will be blocked. The use of this data will be reserved for tax and accounting purposes.
12. Right to lodge a complaint with a data protection supervisory authority
You are entitled to lodge a complaint with a supervisory authority responsible for monitoring data protection.