Privacy policy

Last updated on March 9, 2025

Transparent handling of personal data is very important to us. This privacy policy informs you about which personal data we collect, for what purpose, and to whom we share it. We regularly review and update this privacy policy to ensure maximum transparency.

Privacy Policy

1. What we do?
2. What do we inform you about?
3. Definitions
4. Contact
5. Data security
6. Data subjects' rights
7. General principles
8. Specific data processing operations
9. Does our privacy policy always remain the same?

 

What do we do?

Steiner E-Commerce (Hintergasse 20, 9620 Lichtensteig) operates the website minikauf.ch (hereinafter referred to as "we").

The protection of your personal data is a major concern for us. In this privacy policy, we provide clear and understandable information about what data we collect via our website and how we handle it.

For this reason, we use the icons of the PRIVACY ICONS association. These are meant to help you quickly get an overview of how we process your data.

What do we inform you about?

  • Who is responsible for data processing;
  • What data is collected;
  • The purpose for which this data is collected;
  • The legal basis on which we collect this data;
  • Who we share this data with;
  • How you can object to data processing;
  • What rights you have and how you can exercise them.

Definitions What are personal data?

Personal data (equivalent to the term "personal information") are all details relating to an identified or identifiable natural person. This includes, for example, name, address, date of birth, email address, or phone number, as well as the IP address. Data about personal preferences such as hobbies or memberships are also considered personal data.

What are special categories of personal data?

Special categories of personal data (equivalent to the term "particularly sensitive data") include:

  • Data about religious, philosophical, political, or trade union views or activities;
  • Data about health, intimate life, racial or ethnic origin, as well as sexual life and sexual orientation;
  • Data regarding administrative or criminal proceedings and sanctions, as well as data about social assistance measures;
  • Genetic data and biometric data that uniquely identify a person.

If necessary, and if you provide us with such data, we may process data that falls into these special categories. In this case, the processing of such data is subject to stricter confidentiality.

What does processing personal data mean?

Processing (equivalent to the term "handling") refers to any activity involving personal data, regardless of the means and procedures used. This includes collecting, storing, retaining, using, altering, disclosing, archiving, deleting, or destroying personal data.

What does disclosing personal data mean?

This refers to transmitting or making personal data accessible, for example, through publication or disclosure to a third party.

Contact
If you have any questions or concerns regarding the protection of your data by us, you can contact our data protection officer:

Steiner E-Commerce
Patrik Steiner
Hintergasse 20
9620 Lichtensteig
info@minikauf.ch

Data Security
We will store your data securely and take all reasonable measures to protect it from loss, access, misuse, or alteration.

Our contractors and employees who have access to your data are required to comply with data protection regulations. In some cases, it may be necessary to forward your inquiries to affiliated companies in the context of data processing. Even in these cases, your data will be treated confidentially.

On our website, we use the SSL (Secure Socket Layer) protocol in combination with the highest encryption level supported by your browser.

Rights of the Data Subject
Right to Information
You may request information at any time about the data we store about you. Please send your request along with a credible proof of identity to info@minikauf.ch.

The information will be provided in writing or in another form, possibly electronically. If you request it, we can also provide the information orally, provided you prove your identity in another way. If you submit the request electronically, we will provide the information in a commonly used electronic format unless you specify otherwise.

In general, the information is provided free of charge. If copies are requested, a reasonable fee may be charged.

The right to receive a copy of the processed data must not impair the rights and freedoms of other individuals.

In the case of obviously unfounded or excessive requests for information, we reserve the right to refuse the information request within the legal limits or charge a reasonable fee for it.

Processing your request is subject to a legal deadline of one month. This period may be extended by two additional months if necessary due to the complexity and the high number of requests. You will be informed about the extension within one month of submitting the request. The reasons for the extension will also be provided.

Deletion and Correction
You have the right to request the deletion or correction, or completion of your data at any time, provided there are no legal retention obligations or legal justifications for retention.

Please note that exercising your rights may conflict with contractual agreements and could have consequences for the execution of the contract (e.g., early termination of the contract or cost implications).

Restriction of Processing
You also have the right to request a restriction of processing if you dispute the accuracy of your data, if the processing is unlawful, if the data is no longer needed, or if you have objected to the processing.

If the processing of data is restricted, it may only be stored. Further processing may only occur with your consent, to assert, exercise, or defend legal claims, to protect the rights of another person, or for reasons of important public interest. If the restriction is lifted, you will be notified.

Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance by us, provided the processing is based on consent according to Article 6 (1) (a) or Article 9 (2) (a) GDPR or on a contract according to Article 6 (1) (b) GDPR, and the processing is carried out by automated means. You also have the right to request that the personal data be transmitted directly from us to another controller, where technically feasible.

Right to Object
If you have consented to the processing of your data, you may withdraw your consent at any time. Such a withdrawal does not affect the legality of the processing of your personal data before the withdrawal.

If we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case when the processing is not necessary for the performance of a contract with you, as described in the respective section of the functions. If you exercise such an objection, please state the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will review the situation and either stop or adjust the data processing or provide you with compelling legitimate reasons why we must continue processing.

You may object at any time to the processing of your personal data for advertising and data analysis purposes. You can contact us regarding your objection to advertising using the contact details provided in this privacy policy.

Right to Lodge a Complaint
You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.

General Principles
What data do we process about you and from whom do we obtain this data?
Primarily, we process personal data that you provide to us or that we collect when operating our website. In some cases, we may also receive personal data about you from third parties. These may include the following categories:

  • Personal data (e.g., name, address, date of birth, etc.);
  • Contact data (e.g., mobile number, email address, etc.);
  • Financial data (e.g., account information);
  • Online identifiers (e.g., cookie identifiers, IP addresses);

This data may come from the following sources:

  • Information from publicly accessible sources (e.g., media, internet);
  • Information from public registers (e.g., commercial register, debt collection register, land register);
  • Information related to official or judicial proceedings;
  • Information about your professional functions and activities (e.g., professional networks);
  • Information about you in correspondence and meetings with third parties;
  • Credit reports (if we do personal business with you);
  • Information about you provided to us by individuals in your environment in order for us to enter into or execute contracts with you;
  • Data related to your use of the website.

Under what circumstances do we process your data?

We process your data in accordance with applicable data protection laws, especially the GDPR (General Data Protection Regulation). The processing is carried out for the purposes specified in this privacy policy. We ensure transparency and proportionality.

The processing of your data is lawful if a legal basis under the GDPR is met. The relevant legal bases include:

  • Your consent (Art. 6 (1) (a) GDPR);
  • The performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR);
  • The fulfillment of legal obligations to which we are subject (Art. 6 (1) (c) GDPR);
  • Protection of vital interests of the data subject or another natural person (Art. 6 (1) (d) GDPR);
  • The performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 (1) (e) GDPR);
  • Our legitimate interests, provided your interests do not outweigh these (Art. 6 (1) (f) GDPR).

In some cases, it may be necessary for you to provide us with certain personal data to fulfill contractual obligations. Without such data, we are generally unable to process a contract.

Typically, the website cannot be used either if certain data required for ensuring data traffic, such as your IP address, is not disclosed.

When can we disclose your data to third parties?

a. Principle

We may need to engage third-party services or affiliated companies to process your data (so-called processors). Categories of recipients include:

  • Accounting, fiduciary, and auditing companies;
  • Consulting companies (legal advice, taxes, etc.);
  • IT service providers (web hosting, support, cloud services, website design, etc.);
  • Payment service providers;
  • Providers of tracking, conversion, and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection requirements and handle your personal data confidentially.

In some cases, we may also be required to disclose your personal data to authorities.

b. Disclosure to partners and cooperation companies

We collaborate with different companies and partners who offer their services on our website. It will be clear to you that it is a third-party offer (marked as “advertisement”).

If you make use of such an offer, we will transmit your personal data to the respective partner or cooperation company (e.g., name, function, communication, etc.) whose offer you wish to use. These partners and cooperation companies are independently responsible for the personal data they receive. After the data is transmitted, the data protection regulations of the respective partner apply.

c. Disclosure abroad

In the context of order processing, your personal data may be transmitted to companies abroad. These companies are obligated to comply with data protection laws in the same way we are. Data transmission may occur worldwide.

If the level of data protection in the destination country does not meet the standards of the European Economic Area (EEA), we will conduct a prior risk assessment and ensure, through contractual agreements, that the same level of protection as in the EEA is guaranteed (e.g., using the standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will implement additional technical measures to protect your data. You can access the standard contractual clauses of the EU Commission via the following link.

How long do we store your data?

We store personal data only for as long as necessary to fulfill the specific purposes for which the data was collected.

Contractual data is stored for longer periods as we are legally obligated to do so. Specifically, we are required to retain business communications, concluded contracts, and accounting records for up to 10 years. If we no longer need such data to provide services, it will be restricted for further processing, and we will use it only for billing and tax purposes.

Specific data processing activities

Provision of the website and creation of log files

By simply visiting minikauf.ch, meaning without registering or providing any other information, only the data that your browser automatically transmits to our server is collected. This data is technically necessary for the operation of the website.

What data do we process?

For the provision of the website and the creation of log files, the following data is processed:

  • Name of the internet service provider
  • IP address
  • Technical information such as browser, operating system, or screen resolution
  • Date and time of access
  • Referrer URL

This data cannot be assigned to a specific person, and no merging of this data with other data sources takes place.

What is the purpose of processing the data?

The processing of the log files serves to ensure the functionality of the website and to guarantee the security of our IT systems.

What is the legal basis for processing the data?

The legal basis for this data processing is our legitimate interest under Art. 6 (1) (f) GDPR. Our legitimate interests stem from the purpose of processing the data.

To whom do we pass on the data?

Data sharing by us is subject to the conditions laid out in our data sharing section.

How can you prevent data processing?

The data is only stored for as long as necessary to achieve the purpose of its collection. Consequently, the data is deleted after each session. The storage of log files is essential for the operation of the website, so you cannot object to this unless you do not visit our website.

Cookies

Our website uses cookies. Cookies are text files that are stored on your device’s operating system by your browser when you visit our website. Cookies do not harm your device and do not contain viruses. Some cookies are technically necessary for the website to function. Most of the cookies we use are "session cookies." They are automatically deleted after your visit. Other cookies remain on your device until you delete them or their expiration period ends.

What is the purpose of processing the data?

We use cookies to make our website more user-friendly, effective, and secure by using the collected data. In particular, we use cookies to store your preferences (e.g., language and location settings), to quickly deliver and present website content attractively (e.g., by using fonts and content delivery networks), and to analyze website usage for statistical evaluation and continuous improvements (usually through third-party cookies). For specific purposes of using non-essential cookies, you will find further explanations in this privacy policy.

What is the legal basis for processing the data?

The legal basis for this processing is your consent according to Art. 6 (1) (a) GDPR. For technically necessary cookies, our legitimate interest according to Art. 6 (1) (f) GDPR forms the legal basis.

To whom do we pass on the data?

Data sharing by us is subject to the conditions laid out in our data sharing section. Additionally, please note the explanations about individual data processing activities in this privacy policy.

How can you prevent data processing?

When visiting the website, a cookie banner is displayed. Cookies that require your consent under Art. 6 (1) (a) GDPR will only be activated once you provide your consent. If you refuse consent, no data collection will take place through these cookies.

Data collection through cookies based on our legitimate interest under Art. 6 (1) (f) GDPR cannot be prevented through the cookie banner. These technically necessary cookies will be stored on your device. You can delete them entirely or disable or limit the transmission by changing your browser settings. Instructions for the most common browsers can be found here:

  • For Google Chrome
  • For Apple Safari
  • For Microsoft Edge
  • For Mozilla Firefox

For cookies used for success and reach measurement or advertising purposes, you can opt out for many services through the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Counting Pixels

We may use counting pixels on our website or in our emails. Counting pixels are also known as web beacons. These are small, usually invisible images that are automatically retrieved when you visit our website or open our emails.

What data do we process?

Counting pixels can capture the same information as log files. Additionally, movement profiles of the entire session may be recorded. Counting pixels are especially used by third parties whose services we use. Further details about these third-party services are provided in this policy.

What is the purpose of processing the data?

Counting pixels are used by various tracking services to analyze website usage, for statistical evaluation, and continuous improvements. Counting pixels may also be used for email tracking.

What is the legal basis for processing the data?

The legal basis for processing is your consent according to Art. 6 (1) (a) GDPR.

To whom do we pass on the data?

Data sharing by us follows the provisions outlined in our data sharing section. Please also refer to the explanations in this privacy policy concerning individual tracking services.

How can you prevent data processing?

To prevent data processing by counting pixels, you can install suitable browser extensions such as uBlock Origin and block external graphics in your email program.

Google Analytics

We use Google Analytics on our website, a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow St, Dublin 4, Ireland, with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, collectively referred to as “Google.”

What data do we process?

Google Analytics is a web analytics service that collects information about how users engage with our website. The following information may be collected:

  • IP address
  • Technical information such as browser, operating system, or screen resolution
  • Interactions on the website
  • Duration of the visit
  • Time and date of the visit
  • Referrer URL

The IP address is anonymized by Google Analytics so that it can no longer be linked to a specific person. When a user visits our website for the first time, Google Analytics generates an identifier to recognize the visitor during subsequent visits. If you are signed in to your Google account, data processing may also take place across devices.

What is the purpose of processing the data?

The IP address is used to estimate the user’s approximate location. This data allows us to measure the relevance of our offers in different regions. The IP address is also used to determine where website visitors come from. Technical information is processed to ensure the website displays correctly on all devices. Interactions, duration, time, and date are collected so that we can evaluate and optimize our marketing campaigns and offers. This data also helps us understand how visitors interact with our website and which content is popular with specific users. The processing of the referrer URL serves to measure effectiveness and analyze different marketing channels.

What is the legal basis for processing the data?

The legal basis for processing is your consent according to Art. 6 (1) (a) GDPR.

To whom do we pass on the data?

Data sharing follows the provisions laid out in our data sharing section. Since Google is a transnational company, your data may be transferred worldwide, including to the USA, where Google’s headquarters are located. This is a country that does not guarantee an adequate level of data protection.

Google Tag Manager

We use Google Tag Manager on our website, a service of Google Ireland Ltd., Google Building Gordon House, Barrow St, Dublin 4, Ireland, with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, collectively referred to as "Google."

Google Tag Manager is a service that allows us to centrally manage various tracking tags (such as Facebook Pixel, Google Analytics, Hotjar, etc.). Google Tag Manager itself does not collect any data. The tags that collect data, which we manage through Google Tag Manager, are listed in this privacy policy.

Mastercard

Mastercard is used on a website to offer the option of electronic payment for products or services. Users can enter their credit card details to complete the purchase. Mastercard also allows recurring payments for subscriptions or automatic renewals. By using Mastercard, a convenient and secure payment method is provided, eliminating the need for customers to re-enter their credit card information each time they shop online.

Google Pay

Google Pay is a simple and secure way to pay on websites. It allows customers to make payments through their Google account without having to enter personal bank or credit card details. This facilitates fast and convenient payments and enhances customer security, protecting them from fraud and data misuse.

Google Ads Conversion Tracking

We use Google Ads Conversion Tracking on our website, a service of Google Ireland Ltd., Google Building Gordon House, Barrow St, Dublin 4, Ireland, with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, collectively referred to as “Google.”

What data do we process?

Google Ads Conversion Tracking is a web analytics service for tracking the effectiveness of Google Ads campaigns. Data processing occurs only when you arrive at our website via a Google Ads advertisement. The following information may be collected:

  • IP address
  • Time and date of the website visit
  • Technical information such as browser, operating system, or screen resolution
  • Interactions on the website
  • Referrer URL
  • Duration of the visit

The IP address is anonymized by Google Ads Conversion Tracking so that personal identification is no longer possible.

For what purpose do we process the data?

Your IP address is used to determine your approximate location. The information we gather from this helps us measure the relevance of our offerings in different regions. We also use the IP address to determine where visitors to our website are coming from. The technical information is processed to ensure that the website and advertisements are displayed correctly on any device. We collect interaction data such as duration, time, and date to evaluate and optimize our Google Ads marketing campaigns and offers. Additionally, this data allows us to analyze how visitors interact with our advertisements, identifying which ads lead to high conversion rates. The processing of the referrer URL serves to measure the effectiveness and analyze our Google Ads advertisements.

On what legal basis do we process the data?

The legal basis for processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

To whom do we disclose the data?

The disclosure of data by us is in accordance with our statements regarding data sharing. Since Google is a transnational company, your data may be transferred worldwide, including to the USA, where the legislation may not provide adequate data protection.

PayPal
PayPal is an online payment system that enables quick and secure sending, receiving, and managing of money online. It is mainly used on websites for secure purchasing of products or services. Customers can conveniently pay with their PayPal account without having to provide sensitive payment information such as credit card numbers. This makes PayPal a secure and convenient payment method for both buyers and sellers. PayPal is also commonly used for donations or subscriptions on websites and for managing online invoices and transferring money to other PayPal users.

Visa
Visa is typically used as a payment method on websites, allowing customers to pay online for goods or services using a credit or debit card. Customers enter their credit card number, expiration date, and security code to make a payment. The website then forwards this information to the card issuer, such as Visa, which either approves or declines the transaction and forwards the payment to the merchant. Visa is also used to secure online transactions, often in combination with technologies such as 3D-Secure, which helps prevent fraudulent transactions and ensures customer security. Visa can also be used as an identification method, allowing customers to log in to a website using their Visa account instead of creating a separate user account.

Apple Pay
Apple Pay on a website enables users to make online purchases using their iPhone, iPad, or Mac, without manually entering their credit or debit card details. Instead, they can select the credit or debit cards linked to their Apple Pay account and authorize the transaction using Face ID, Touch ID, or their Apple Watch. This makes the checkout process faster, safer, and more convenient. Apple Pay can be used on websites for various e-commerce transactions, such as purchasing products or services, paying for subscriptions, or donating to charitable organizations. It can also be used within apps for in-app purchases. Additionally, Apple Pay offers extra security by using payment tokens, replacing the user’s actual card data with randomly generated, one-time-use codes.

Shopify
Shopify is an eCommerce platform that helps businesses create online stores. It enables businesses to sell products and services online, manage inventory, process payments, offer shipping options, create discount codes, and more. Shopify provides an easy-to-use interface that makes it simple to build a professional, fully customizable website. It offers a range of pre-configured e-commerce features to help businesses set up and manage their online stores.

American Express
American Express (also known as Amex) is a financial services company that offers a variety of financial products such as credit cards, traveler's checks, and insurance. On a website, American Express is often offered as a payment method for online purchases. Customers can use their Amex credit card to securely and conveniently process payments. American Express is often presented as an alternative to other common credit cards like Visa or Mastercard and may be especially attractive to frequent travelers, as it offers additional benefits like travel insurance and the ability to accumulate flight miles. On a website, the American Express logo may also be used to indicate the acceptance of this credit card.

Cloudflare
Cloudflare is a content delivery network (CDN) and web security platform used to speed up websites, improve website performance, and protect against various attacks. It also provides various features and tools for protecting privacy and optimizing website performance. Common uses of Cloudflare on a website include:

  • Improved website performance: Cloudflare caches website content on servers located in various geographic locations, reducing page load times and improving overall website performance for users across regions.
  • Protection against DDoS attacks: Cloudflare employs security measures like IP whitelisting and traffic distribution across multiple servers to protect websites from Distributed Denial-of-Service (DDoS) attacks.

Printful
Printful is an on-demand printing and dropshipping service that enables businesses to create and sell customized products like T-shirts, hoodies, mugs, and more. It can be used on websites to create a fully integrated online store without having to manufacture or store products. Printful also allows customization of product designs and selections to create a unique shopping experience. Orders are directly forwarded to Printful, which handles production, shipping, and customer service.

Google Ads
Google Ads (formerly Google AdWords) is an online advertising program from Google that allows businesses and website owners to place ads in search results and on other Google platforms. These ads are used to attract visitors to the promoted website and target potential customers. Google Ads allows users to select specific keywords and target audiences to increase conversion rates. Using Google Ads can increase a website's traffic volume and help improve online visibility and sales.

Automizely
Automizely is used on a website to enable personalization, automation, and optimization of e-commerce experiences. It allows businesses to segment audiences based on behavior and interests and customize content, products, and campaigns. Automizely also helps businesses discover new target audiences to increase sales and improve the overall customer experience.

Privy
Privy is a tool for creating marketing pop-ups and notifications, used on a website to draw visitors' attention to important offers or promotions, encourage newsletter sign-ups or discounts, and ultimately increase conversion rates. It allows personalized pop-ups based on visitors’ actions or behavior, improving targeting and the effectiveness of marketing strategies. It can also be used to collect email addresses and build email lists to directly address potential customers.

Shop Pay
Shop Pay is a payment and shipping service from Shopify that enables customers to shop quickly and securely on a website. It offers various features and benefits to make the shopping process easier and more convenient, such as:

  • Faster checkout: Shop Pay stores customer data, so it doesn't need to be entered for every purchase, significantly speeding up the checkout process.
  • Multiple payment options: Customers can pay using various methods like credit cards, PayPal, Google Pay, and Apple Pay.
  • Security: Shop Pay provides secure payment processing that protects customers' personal data.
  • Automatic shipping and delivery information: Shop Pay auto-fills shipping and delivery details, saving time and reducing manual entry errors.
  • Order tracking: Customers can track their orders.

PrivacyBee
We use PrivacyBee on our website, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland. PrivacyBee is used to identify all privacy-related services and generate a personalized privacy policy for the website.

Which data do we process?
PrivacyBee is a service that generates privacy policies, which are then embedded in our website via JavaScript. To provide this service, the following data is processed:

  • IP address
  • Browser type and version
  • Operating system
  • Date and time of access to our privacy policy

For what purpose do we process the data?
The collection of this data allows us to display the privacy policy correctly on your device configuration and ensure that the contents are accurate and up to date.

To whom do we disclose the data?
The disclosure of data by us is in accordance with our statements regarding data sharing. The data collected through PrivacyBee remains with PrivacyBee.

How can you prevent the processing of your data?
To prevent the processing of your data by PrivacyBee, you can disable JavaScript in your browser. However, please note that disabling JavaScript may prevent some functions of our website from working properly. We do not offer a specific opt-out option for PrivacyBee, as this service is essential for providing our privacy policy.

Does our privacy policy always stay the same?
We can change this privacy policy at any time. Changes will be published on minikauf.ch. You will not be separately notified.