Legal notice and Data protection

Legal notice

Person responsible for content
Ramstein Optik AG
Sattelgasse 4
4051 Basel, Switzerland
info@ramstein-optik.ch

Founded in 1899

Conceptualisation
Ramstein Optik AG
Programming and hosting
nextron internet team GmbH
Reinacherstrasse 129
4053 Basel, Switzerland
+41 (0)61 6959 220
info@nextron.ch

Photos (unless otherwise stated)
Flavia Schaub Photography

Text
Ramstein Optik AG

Proofreading
Rosmarie Anzenberger
Sevogelstrasse 85
4052 Basel, Switzerland
r.anzenberger@bluewin.ch

English translation
Apostroph Germany GmbH
An der Strusbek 12 b
22926 Ahrensburg, Germany

Authorised representatives
Andreas Bichweiler
Stephan Werthmüller 

Commercial register entry
Registered company name: Ramstein Optik AG
Commercial register number: CH-270.3.004.364-2
VAT ID: CHE-105.967.513
Trade register office: Basel-Stadt


Data protection contact

Ramstein Optik
Andreas Studer
Sattelgasse 4
4001 Basel, Switzerland
andy.studer@ramstein-optik.ch

 

Thank you for visiting the Ramstein Optik website and for your interest in our company and its ophthalmic services. On our website, you can find out more about our company and get in touch with us.

Mandatory national and international legal data protection provisions require that personal data be processed in a trustworthy and fair manner in legal matters and that the purpose for the processing is suitable and necessary.

We at Ramstein Optik take these requirements very seriously and explain below which personal data is processed and protected and how.

1. Categories of personal data and data subjects
Personal data transmitted through the use of email addresses published on this website, a web form or when ordering from a shop.
 
2. Nature and purpose of the disclosure of personal data
The personal data we collect includes your name, address, email address, IP address and other information you send via a web form (contact/shop order).

We are allowed to process information contained in or relating to the communication you send to us (correspondence data). Correspondence data may include the content of the message and the personal data associated with the communication. The correspondence data may be processed for the purposes of communicating with you and keeping minutes. This processing is based on our legitimate interests, namely the proper management of our website and business as well as communication with users.

Server log files
Our server automatically stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not combined with other data sources.

Cookies
Websites often use cookies. Cookies are small text files that are stored on your computer and stored by your browser; they do not cause any damage to your computer and do not contain any viruses, but serve to make our website more user-friendly, effective and secure.

Most of the cookies we use are session cookies, which are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit.

You can configure your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general and activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be limited.

Functional cookies – always active
These cookies are necessary for basic functions and are automatically stored when you visit our websites. These cookies store your preferences when you use our websites. They are also used to distribute the usage of our servers, to keep our website available and for security purposes. The use of functional cookies that enable the basic functions of the website does not require consent.

Analytics cookies – inactive (only active with consent)
These cookies are used to collect information about how visitors use our website. This includes information on the most visited pages and the number of error messages displayed. We use analytics cookies to compile usage statistics for our websites. These cookies help us to improve the websites. We use Google Analytics to compile aggregated statistics on how our websites are viewed. We have concluded a data processing agreement with Googl for this purpose. The data collected by Google Analytics is shared with other Google services.


Matomo Analytics
This website uses Matomo Analytics to track user behavior on the website. Matomo is an open source analysis platform, comparable to Google Analytics. In contrast, Matomo is compatible with applicable data protection regulations in Switzerland and the EU.

This is how we use Matomo Analytics on this website:
Our Matomo instance is self-hosted. The data collected is stored on a server in Switzerland and cannot be viewed by any unauthorized person. Our Matomo is configured to mask all IP addresses to 2 bytes. No reference to people or devices can be made anywhere in the analytics overview. Our Matomo does not track across visits. Since the IP addresses are masked, no connection can be made between multiple visits to the website. The data we collect with Matomo is used purely for internal evaluation of the website to improve the user experience. The data will never be used for any other purpose or passed on to third parties. Our Matomo is configured so that no cookies are stored on the device.

YouTube
Functions of the YouTube service are integrated into this website. ‘YouTube’ is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the Services in the European Economic Area and Switzerland.

Your legal agreement with YouTube consists of the terms which can be found at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de.

These terms constitute a legally binding agreement between you and YouTube regarding your use of the services. Google’s privacy policy explains how YouTube treats and protects your personal information when you use the service.

Mailchimp
The newsletter is sent via the mailing service provider Mailchimp, a newsletter mailing platform provided by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here. Rocket Science Group LLC d/b/a. ‘Mailchimp’ is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection (Privacy Shield). The shipping service provider is used on the basis of our legitimate interests pursuant to Article 6, paragraph 1, point (f), of the GDPR and a data processing agreement pursuant to Article 28, paragraph 3, sentence 1, of the GDPR.

Online shop/web shop
We process the data of our customers in accordance with the data protection regulations of the Swiss Confederation (Federal Act on Data Protection, FADP) and the EU GDPR as part of the order processes in our online shop in order to enable them to select and order the selected products and services as well as to pay for and deliver or process them.

The data processed includes master data (inventory data), communication data, contract data, payment data and the data subjects include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services as part of the operation of an online shop, billing, delivery and customer service. In this context, we use session cookies, e.g. to store the contents of your shopping basket, and permanent cookies, e.g. to store your login status.

Data is processed on the basis of Article 6, paragraph 1, point (b) (performance of orders) and (c) (legally required archiving), of the GDPR. The data marked as necessary is necessary for the establishment and fulfilment of the contract. We only disclose the data to third parties within the scope of delivery, payment or within the scope of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the request of the customer for delivery or payment).

Users have the option of creating a user account in which they can view their orders. Users are provided with the required mandatory information as part of the registration process. User accounts are not public and cannot be indexed by search engines such as Google. If users have terminated their user account, their data relating to the user account will be deleted if its retention is required for commercial or tax reasons in accordance with Article 6, paragraph 1, point (c), of the GDPR. Information in the customer account is retained until it is deleted and subsequently archived in the event of a legal obligation. Users are responsible for storing their data before the end of the contract in the event of a termination.

As part of the registration and re-registration as well as the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests and those of the users in protecting against misuse and other unauthorised use. As a rule, this data is not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6, paragraph 1, point (c), of the GDPR.

The deletion takes place after expiry of statutory warranty and similar obligations, and the necessity of retaining the data is reviewed at irregular intervals. In the event of statutory archiving obligations, the deletion will take place once these have expired.

External payment service providers
This website uses an external payment service provider whose platform enables us and users to carry out payment transactions.

https://www.six-payment-services.com/de/services/legal/privacy-statement.html

As part of the fulfilment of the contract, we use the payment service providers on the basis of the Swiss Federal Act on Data Protection and, if necessary, Article 6, paragraph 1, point (b), of the EU GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Federal Act on Data Protection and, where necessary, in accordance with Article 6, paragraph 1, point (f), of the EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes, amongst other things, inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. As the operator, we do not receive any information about your (bank) account or credit card, but only information to confirm (accept) or refuse the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. In this regard, please refer to the terms and conditions and data protection notices of the payment service providers.

Payment transactions are subject to the terms and conditions and privacy policy of the respective payment service provider, which can be accessed within the respective website or transactional applications. We refer to these for the purposes of further information and the assertion of rights of withdrawal, information and other rights of data subjects.
 
3. Disclosure abroad: name of country or int. organisation
We only disclose your personal data within Ramstein Optik.

The data for the purpose of sending the newsletter will only be forwarded to the USA with the consent of the data subject. Please read the ‘Mailchimp’ paragraph under point 2.
 
4. Retention, deletion and eradication requirements
All personal data collected by us is anonymised or deleted as soon as it is no longer required for the purpose of processing.
 
5. Recipients of personal data
Your personal data will only be received by Ramstein Optik.

The data for the purpose of sending the newsletter will only be forwarded to the USA with the consent of the data subject. Please read the ‘Mailchimp’ paragraph under point 2.
 
6. Measures to ensure data security
Ramstein Optik uses access and user controls to ensure the confidentiality of personal data.

Furthermore, the integrity of personal data is ensured by means of data storage devices, storage and transport controls. Data can also be recovered quickly in the event of a technical or physical incident.

Our systems and application programs are state of the art with regard to security and all known critical vulnerabilities – OWASP Top 10 – have been eliminated.

As far as traceability is concerned, these are documented via input and disclosure protocols, breaches of data security are detected and the resulting consequences are reduced and/or eliminated.
 
7. Obligation to notify about data breaches
We report all breaches of data security that result in a high risk to the privacy or fundamental rights of the data subject to the Federal Data Protection and Information Commissioner (FDPIC).

Have you identified a data breach? Please contact us immediately at andy.studer@ramstein-optik.ch.
 
8. Rights of data subjects
Would you like to know whether we process your personal data? Have you provided us with personal data and would like to correct, delete or eradicate it or object to its disclosure?

Contact us at andy.studer@ramstein-optik.ch.
 
9. Links to other websites
Our website contains links to various external websites that may provide our visitors with useful information. This privacy policy does not apply to these sites and we recommend that you contact the external sites directly for their privacy policies.