DATA PROTECTION POLICY MAESTRANI 

Maestrani Swiss Chocolate Ltd represented by Irène Dumas, Head of Marketing and Business Development, runs the website www.chocolarium.ch, www.maestrani.ch, www.minor.ch, www.munz.ch as well as www.maestrani-schokolade.ch and is responsible for the collection, processing and use of your personal data. Maestrani Swiss Chocolate Ltd is therefore also responsible that all data processing complies with applicable law. 

We care about the protection of your personal data. We take the issue of data protection seriously and we care about the security of your data. We comply with all applicable legal requirements, in particular of the Swiss Federal Data Protection act (DSG) and the respective Federal Ordinance (VDSG) as well as the Swiss Federal Telecommunication Act (FMG). Where applicable, we also respect the provisions of the General Data Protection Regulation (GDPR) of the European Union. 

It is important to us that you know which of your personal data we collect, how this is done, how the data is processed and for which purposes this is done. With your use of our website you declare your consent with all these acts of data processing, pursuant to art. 6 para. 1 lit. a GDPR. Please read the following information very carefully.

**********************************************************************************

Which data do we process when you visit our website? 

When you visit our website, our servers temporarily save every access in a protocol file. The following data is automatically collected: 

- The IP address of the computer accessing the website
- Date and time of access
- Name and URL of the accessed file
- Website, from which access is made
- Operating System of your computer and your browser
- Country from which you access our website and the language settings of your browser
- Name of your internet access provider

We collect and process this data to enable you to access our website (to establish a connection), to ensure safety and stability of our systems, to optimize our website for you and for statistical purposes. In particular, we use your IP address to localize your country of domicile and to optimize settings of the website (e.g. to adapt the language). The IP address is also used to be able to react to attacks against our network infrastructure. All these data processing activities are based on these legitimate interests (art. 6 para. 1 lit. f GDPR).

**********************************************************************************

We would also like to point out that we use so-called cookies, tracking tools and social media plug-ins (see below sections V to VIII). We may also transfer data to third parties and/or abroad (see below sections IX and X).

**********************************************************************************

II Which data do we process if you use our contact form? 

You have the possibility to use a contact form on our website to enter into contact with us. Some data is mandatory, other is optional: 

Address (street, number, place, postal code) (optional)

- Sir/Madam (mandatory)
- Name/First Name (mandatory)
- Address (street, number, place, postal code) (optional)
- Telephone number (optional)
- Email address (mandatory)

We will indicate mandatory data as such. If this information is not provided, this can prevent us from rendering our services. Other information is optional and has no impact on your use of our website. We only use this data to respond to your contact request and to do so in an ideal way and as personalized as possible. This constitutes our legitimate interest pursuant to art. 6 para. 1 lit. f GDPR. You have the right to object to this data processing at all times, as explained further in section XIII.

**********************************************************************************

III Which data do we process if you subscribe to our Newsletter?

You have the possibility on our website to subscribe to our Newsletter. For this, a registration is required. In this context, the following data must be provided: 

- Sir/Madam (mandatory)
- Name/First Name (mandatory)
- Address (street, number, place, postal code) (optional)
- Telephone number (optional)
- Email address (mandatory)

This information is necessary to process your data. In addition, you can provide further data on an optional basis (date of birth and country). We exclusively process this data to personalize the information and offers we send to you and to adapt them better to your needs. 

In order to send our Newsletters, we use the E-Marketing software of Wilken Software Group. Please read carefully also the privacy policy of Wilken Software Group, which you can find at www.wilken.de/datenschutz/. Our Newsletter may contain a so-called Web Beacon or similar technical tools. These are small, invisible graphics of the size of 1x1 pixel, which are linked to the user ID of the addressee of the Newsletter. 

Our use of such services and technologies allows us to analyze whether you opened the Newsletter and how you read it. This helps us to assess whether or how the contents of our Newsletters could be improved or further customized and to compile statistics about our Newsletters. If you delete the Newsletter, also these small graphics will be deleted. If you would like to prevent Tracking Pixels from being active, please adjust your email program so that Newsletters are not shown in HTML format.

If you subscribe for Newsletters, you express your consent to receiving the respective information and that we may use these technologies and process data for statistical assessment of your use and our optimization of the Newsletter. Our legal permission to do this accordingly consists of your consent (art. 6 para. 1 lit. a GDPR). Furthermore, the described analytical purposes constitute our legitimate interests in these data processing activities (art. 6 para. 1 lit. f GDPR).

At the end of each Newsletter, you will find a link, through which you can de-register from Newsletters at all times. You can de-register for the entire Newsletter or for certain channels. If you de-register from the entire Newsletter, we will delete all your respective data from our system. 

**********************************************************************************

IV What happens to your data if you make a booking, order or reservation with third parties through our website? 

Our website gives you several possibilities to make bookings or reservations, to request informational material or other services. The respective services are, as a general rule, provided by third parties. Insofar as necessary, the data which is collected in this process is forwarded to these third parties, for example the following data: 

- Sir/Madam or Company
- Name/First Name 
- Address (street, number, postal code, place, country)
- Additional contact information (Email address, telephone number)
- Credit card or other payment information

Information that is mandatory will be indicated as such. This is information, which is required to be able to render the booking services. Other information is optional and has no impact on your use of our website or the booking services. We would also like to indicate that the data you insert is, in general, also collected directly by the party offering the booking services and saved by, and/or transferred to, this third party. If the party offering the booking services further processes the data, the respective privacy policies of this party will be applicable, and we kindly ask you to consult these as well. Our legal permission for these acts of data processing is the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR. 

**********************************************************************************

 V Which of your data is collected and processed for promotional purposes? 

In the following section, we would like to explain to you which of your data is collected and processed for promotional purposes and how this is done. All these data processing activities are based on our legitimate interest, pursuant to art. 6 para. 1 lit. f GDPR. Our interest lies in particular in direct marketing purposes and in the analysis and assessment of the use of our website. By using our website, you are moreover consenting to these data processing activities, pursuant to art. 6 para. 1 lit. a GDPR. 

Creation of pseudonymised user profiles

In order to present personalized services and information on our website (on-site-targeting), we use and analyse the data which we collect about you when you visit our website. In this context, so-called cookies can be used (see section VI). The analysis of your behaviour as a user can lead to the creation of a so-called user profile. However, your user data is only used together with pseudonyms, but never with non-pseudonymized, personal data. 

In order to enable personalized marketing in social networks, we implement so-called remarketing pixel of Facebook and Twitter on our website. If you have an account with one of these social networks and if you are logged in while visiting our website, this pixel links your use of our website with your account. If you would like to prevent this link, you need to log out from your social media account before visiting our website. You can change further settings concerning advertisement in your user profile of the respective social network. 

2 Retargeting

We use so-called retargeting technologies on our website. These technologies analyze your behavior on our website, so that it will be possible to offer you customized advertisements also on partner websites. Your behavior as a user is saved on an anonymous basis. Most retargeting technologies work with so-called cookies (see section VI).

You can always prevent retargeting technologies if you de-activate the respective Cookies in your browser settings (see section VI). You can also apply for an opt-out for these advertising and retargeting tools via the website of the Digital Advertising Alliance (optout.aboutads.info). 

**********************************************************************************

VI What are Cookies and what are they used for? 

Cookies are small information files, which your browser automatically saves on your hard drive when you visit our website. Cookies help us to make your visit to our website simpler, more comfortable and purposeful. For example, we use Cookies to customize the information, offers and advertisements better to your individual interests. Most internet browsers accept cookies automatically. However, you can configure your browser in a way that no cookies are saved on your computer or that there is always an alert if you receive a new cookie. Deactivating cookies, however, may make some functions of our website impossible to use. 

**********************************************************************************

VII What are tracking tools and for which purpose are they used?

We use various tracking tools on our website. These tools analyze your behavior on our website. We use this information to optimize and customize our website. In the context of these tracking tools, user profiles based on pseudonyms may be created, and it is also possible that cookies are set (see above).  

**********************************************************************************

VIII What are Social Media Plugins and what are they used for?

On our website, we use so-called social media plugins and we would like to explain to you how they work. As a default, these plugins are de-activated and they therefore do not send any data. If, however, you click on a social media button, you activate the respective plugin. If the plugins are activated, your browser will establish a direct connection with the servers of the respective social network. The content of the plugin will be sent from the social network to your browser and implemented into the website. You can deactivate the plugins again by one click. However, we ask you to have a careful look also at the respective data protection information and privacy policies of the social networks further described below, as they also contain important information.

1 Facebook

On our website, we use social media plugins of Facebook to make our website more personal. This plugin is offered and operated by the US company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. 

We use the "LIKE" or "SHARE" button. By implementing these plugins, Facebook receives the information that your browser is currently using our respective website, even if you do not have a Facebook account or if you are currently not logged in to Facebook. This information (including your IP address) will be sent from your browser directly to a server of Facebook in the United States and it will be saved there.

If you are logged in to Facebook, Facebook can attribute your use of our website directly to your Facebook account. If you interact with the plugins, e.g. by using the "LIKE" or "SHARE" button, this information will equally be directly sent to a server of Facebook and saved there. The information will furthermore be published on Facebook and shown to your Facebook friends.

Facebook can use this information for marketing, advertising, advertising research, targeted advertising or for the targeted design of Facebook pages. For this purposed, Facebook establishes user and interest profiles, e.g. to assess your use of our website and to define advertising shown to you on Facebook and/or to inform other Facebook users about your activities on our website and/or for other services linked to your use of Facebook.

If you prefer that Facebook cannot attribute the information about your use of our website to your Facebook account, you need to log out of Facebook prior to using our website. We furthermore ask you to have a careful look at the data protection information of Facebook, in particular concerning the purposes and extent of data processing by Facebook and concerning Facebook's further processing of your data, your respective rights and possible privacy settings. 

2 Trip Advisor

Our website uses plugins from the Tripadvisor site operated by Tripadvisor Inc. The operator of the site is Tripadvisor Inc., 141 Needham Street, Newton, MA 02464, USA. When you visit one of our pages that contains a Tripadvisor plugin, a connection is established to Tripadvisor’s servers. This tells the Tripadvisor server which of our pages you have visited.

For more information on how Tripadvisor handles user information, please see Tripadvisor's Privacy Policy at: https://tripadvisor.mediaroom.com/DE-privacy-policy

**********************************************************************************

IX Is data shared with third Parties?

We only share your personal data based on your consent, a legal permission or if this is needed to execute our rights, for example to enforce rights and obligations out of the legal relationship between you and Maestrani Swiss Chocolate Ltd. In addition, we share your data with third parties if this is necessary in the context of your use of our website to provide the requested services or to analyse your use of our website, as described further above. Insofar as necessary for these purposes, data may also be transferred abroad. In case our website contains links to websites of third parties, Maestrani Swiss Chocolate Ltd has no influence on the collection, processing, storing or use of personal data by these third parties and it rejects, insofar as permitted by the law, no responsibility or liability in this respect.

**********************************************************************************

X Is data transferred abroad?  

General Remarks

Maestrani Swiss Chocolate Ltd has the right to transfer your data to third parties (so-called third party processors) domiciled abroad, if this is required for the purposes described in this Privacy Policy. These third parties will be obliged to protect your data in the same way as we are. If these third parties are domiciled in a country with a lower level of data protection than Switzerland or the European Union, we use contractual agreements or other legal arrangements to make sure that your data is adequately protected in the same way as in Switzerland or, respectively, in the European Union at all times.

Data transfers to the United States

For the sake of completeness, we would also like to inform you specifically that in the United States, surveillance mechanisms may exist which can broadly save and/or monitor all the data transferred to the United States. This may happen without a detailed differentiation, limitation or exception and/or not based on objective criteria, which would restrict access of US authorities to your data to specific and clearly defined purposes, which could justify access to such data or the impact caused by its use. We would also like to inform you that in the United States, you may not have similar legal remedies to protect your data as they may exist in Switzerland and/or the European Union to gain access to your data, request a deletion or correction thereof or legal remedies against access to your data by authorities. 

It is important to us to underline these factual and legal circumstances so that you are adequately informed and so that you can take an informed decision about the use of your data and whether you consent to the data processing activities described in this Privacy Policy.

We would also like to inform users domiciled in a Member State of the European Union that the United States does not have – among others for the reasons mentioned in this section – a data protection level which would be considered adequate from the perspective of the European Union. 

Insofar as we have explained in this document that recipients of personal data (as for example Google, Facebook or Twitter) have their legal seat in the US, we will make sure that your personal data is adequately protected by contractual agreements or by making sure that these companies are certified under the EU-US Privacy Shield.

**********************************************************************************

XI Security and Confidentiality

We use adequate technical and organisational security measures to protect the personal data saved with us against manipulation, partial or total loss or unauthorized access by third parties. Our security measures are regularly updated to meet the current state of the art.

It is important that you treat payment information (in particular credit card information) as confidential at all times. We recommend you to close the browser window after you have completed communication with us, in particular if you use a computer together with other persons.

We also take internal data protection very seriously. Our employees and the third party services providers we use are obliged to respect secrecy and the data protection provisions we establish.

**********************************************************************************

XII  Storing of Data 

We store personal data only as long as it is necessary 

- To use the mentioned tracking, advertising and analysing services in the context of our legitimate interest; 
- To provide services of the mentioned type and extent, which you requested or for which you have given us your consent;
- To meet our legal obligations.

Data in the context of the conclusion or execution of a contract is stored for a longer period of time because we are obliged to do this by statutory documentation obligations, for example in the context of accounting or tax law. These rules oblige us to store communication, contracts and accounting documents for up to 10 years. When we no longer use such data to provide services to you, it will in principle be blocked. This means that this data will as from then exclusively be used for purposes of accounting and tax law.

**********************************************************************************

XIII Your rights

You have the right to receive free of charge information about the personal data that we store about you upon request. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as far as there is no statutory requirement or another legal permission to store and/or record data. In addition, you have the right, in accordance with Articles 18 and 21 GDPR, to demand a restriction of data processing and to oppose to data processing. You also have the right to reclaim from us the data you have given us (right to data portability). On request, we also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.

If a data processing is based on your consent, you can revoke this consent at any time. You can reach us for the aforementioned purposes via the e-mail address info@maestrani.ch. You can also tell us what to do with your information after you pass away by giving us instructions. We may, at our sole discretion, require proof of identity to process your requests. When you contact us, we will do our best to provide you with a response as soon as possible and to take the appropriate steps.

If you live in an EU country, you have the right to complain to a data protection supervisory authority at any time. 

**********************************************************************************