Data protection declaration
This data protection declaration provides information about which personal data is collected when you visit the website www.gcz.ch and how and for what purposes it is processed.
The responsible body in the sense of the data protection legislation, in particular the EU General Data Protection Regulation (GDPR), is:
Grasshopper Fussball AG
Telephone: +41 44 447 4646
2. General information
On the basis of Article 13 of the Swiss Federal Constitution and the applicable data protection provisions of Switzerland (Federal Act on Data Protection, FADP) and the EU (GDPR), every person is entitled to the protection of his privacy and against the misuse of his personal data. We take the protection of your personal data very seriously and treat it confidentially and in accordance with both the statutory data protection regulations and this data protection declaration.
In cooperation with our hosting providers, we strive to protect the databases against unauthorised access, loss, misuse or falsification as far as possible. However, we would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. It is not possible to provide seamless protection of data against access by third parties.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. In general, this website can be visited without registration. As part of this, data such as the pages accessed or the names of files accessed, the date and time are stored on the server for statistical purposes without this data being associated directly with you. Personal data, in particular your name, address or e-mail address, is collected on a voluntary basis where possible. The data is not passed on to third parties without your consent.
3. Processing personal data
Personal data is all information that refers to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, procurement, deletion, storage, alteration, destruction and use of personal data.
We process personal data in accordance with Swiss data protection legislation. In all other respects, if and to the extent that the GDPR is applicable, we process personal data in accordance with the following legal principles in connection with Art. 6(1) GDPR:
- (a) The processing of personal data with the consent of the data subject.
- (b) The processing of personal data for the fulfilment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.
- (c) The processing of personal data to fulfil a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the GDPR is applicable in whole or in part.
- (d) The processing of personal data in order to protect the vital interests of the data subject or of another natural person.
- (f) The processing of personal data in order to protect our legitimate interests or those of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Legitimate interests include in particular our business interest of being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for as long as is necessary for the purpose or purposes in question. In the event of longer retention obligations due to legal or other obligations to which we are subject, we restrict processing accordingly.
4. Data protection declaration for cookies
What are known as “session” cookies are deleted after you close your browser. They enable you to, amongst other things, use the shopping cart function across several pages.
What are known as “persistent” cookies remain stored at the end of a browser session and can be called up again when a page is visited again. In this way, offers can be presented to you in a more customer-friendly, effective and secure manner. For example, information that is specifically tailored to your interests can be displayed.
If you do not wish this, you can set your web browser so that it restricts or completely refuses the acceptance of cookies. This may limit the functionality of our website.
5. Data protection declaration for SSL encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content such as queries you send us as the site’s operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol shown in your browser’s address line.
If SSL encryption is activated, data that you transmit to us cannot be read by third parties. However, we accept no liability for damage resulting from loss of data or unauthorised access to and processing of personal data.
6. Data protection declaration for server log files
The provider of this website automatically collects and stores information in what are known as server log files, which your browser automatically transmits to us. These contain the following data in particular:
- The date and time of the server query
- The browser type and version
- Your operating system
- The referrer URL
- The host name of the accessing computer
This data cannot be associated with individual people. This data is not merged with data from other sources. We use this data for statistical evaluations for the purpose of the operation, security and optimisation of our website as well as for anonymous recording of the number of visitors to our website (traffic) and the scope and type of use of our website and services, as well as for billing purposes in order to measure the number of clicks received from cooperation partners. This information enables us to analyse traffic, find and correct errors and improve our services. This is also our legitimate interest in this use of data.
We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
7. Data protection declaration for the contact form
If you send us enquiries via the contact form, the information you supply on the enquiry form, including the contact data you provide therein, is stored by us for the purpose of processing the enquiry and in the event of follow-up questions.
8. Data protection declaration for newsletter data
If you wish to receive the newsletter offered on this website, we require an e-mail address from you as well as information that enables us to verify that you are the owner of the e-mail address provided and consent to receive the newsletter. No further data is collected. We use this data exclusively to send the requested information and do not pass it on to third parties.
You may at any time revoke your consent to the storage of the data, your e-mail address and its use to send the newsletter, for example via the “Unsubscribe” link in the newsletter.
9. Data protection declaration for the right to information, deletion and blocking
You have the right at any time to receive information free of charge about your stored personal data, its origin and recipients and the purpose of data processing as well as the right to correction, completion, blocking and deletion and to the restriction of the processing of this data. Furthermore, you have the right to receive your data in a structured, standard and machine-readable format or to request the transmission thereof to another controller. You also have the right to revoke your consent to data processing at any time.
If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of the data if there are reasons for this based on your particular situation or if you object to direct advertising.
Finally, you are entitled to lodge a complaint with the responsible supervisory authority regarding our data processing.
To this end, you can contact the person responsible for data protection in our organisation, who is listed at the beginning of this data protection declaration, at any time or pose other questions relating to personal data.
10. Data protection declaration regarding Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU-US Privacy Shield, which provides a guarantee that Google complies with European data protection legislation.
We use Google Analytics only with IP anonymisation activated. This means that the IP address of the user is shortened by Google within European Union Member States or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there.
Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity for us in this regard and provide us with other related services. The IP address transferred by your browser as part of Google Analytics is not combined with other data held by Google.
If you do not wish this, you can set your web browser so that it restricts or completely refuses the acceptance of cookies. This may limit the functionality of our website. Google also provides a browser plug-in here, which can be used to disable Google Analytics. Find out more here.
11. Data protection declaration regarding the use of Google web fonts
This website uses what are known as web fonts provided by Google to ensure that fonts are displayed uniformly. When you call up a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.
12. Data protection declaration for social plug-ins
This website uses social media features of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access our website with Google plug-ins, a connection is established between your browser and Google’s servers and data is transferred to Google. If you have a Google account, this data may be linked to it. Interactions, in particular the use of a comment function or clicking a “g+” or “Share” button, are also passed on to Google.
If you do not want this data to be associated with your Google account, please log out of Google before visiting our website. Find out more here.
This website uses features of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our website with Facebook plug-ins, a connection is established between your browser and Facebook’s servers and data is transferred to Facebook. If you have a Facebook account, this data may be linked to it. Interactions, in particular the use of a comment function or clicking a “Like” or “Share” button, are also passed on to Facebook.
If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our website. Find out more here.
This website uses features of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our website with Twitter plug-ins, a connection is established between your browser and Twitter’s servers and data is transferred to Twitter. If you have a Twitter account, this data may be linked to it. Interactions, in particular clicking a “Retweet” button, are also passed on to Twitter.
If you do not want this data to be associated with your Twitter account, please log out of Twitter before visiting our website. Find out more here.
Our website includes features of the Instagram service. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the contents of our website to your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to our website with your user account. We would like to point out that, as the provider of this website, we do not have any knowledge of the content of the transmitted data or about its use by Instagram.
If you do not want this data to be associated with your Instagram account, please log out of Instagram before visiting our website. Find out more here.
This website uses plug-ins from Google’s YouTube page. This is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile.
If you do not want this data to be associated with your YouTube account, please log out of YouTube before visiting our website. Find out more here.
13. The transfer of data to third parties and abroad
In principle, your personal data is used only within our company.
Insofar as we disclose data to other persons or companies (commissioned data processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this takes place only on the basis of statutory authorisation (e.g. if data has to be transferred to third parties or payment service providers for the fulfilment of the contract), if you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of what is known as a commissioned data processing agreement, we contractually oblige the commissioned data processor(s) to use personal data only in accordance with the requirements of the applicable data protection legislation and to guarantee the protection of the rights of the data subject.
It is possible that personal data may also be processed abroad for the purposes specified in these data protection regulations. However, personal data is disclosed abroad only if the country in question has data protection that is equivalent to that in Switzerland.
14. Order processing with customer accounts at the online shop
Within the context of the ordering processes at our online shop, we process the data of our customers in accordance with Swiss federal data protection regulations (FADP) and the GDPR to enable customers to choose and order products and services, as well as to process payments and for delivery or provision.
The processed data includes master data (inventory data), communication data, contract data and payment data. The data subjects affected by the processing include our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, for billing, delivery and customer service. To this end, we use session cookies, e.g. for storing the contents of shopping carts, and permanent cookies, e.g. for storing your login status.
Processing takes place on the basis of Arts. 6(1)(b) (processing of orders) and 6(1)(c) (legally obligatory archiving) of the GDPR. As part of this, the information marked as necessary to establish and fulfil the contract is required. We disclose the data to third parties only within the scope of delivery, for payment or within the scope of the statutory authorisation and obligations. Data is processed in third countries only if this is necessary for the fulfilment of the contract (e.g. at the customer’s request for delivery or payment).
Users can optionally create a user account in which they can view their orders in particular. Users are provided with the necessary mandatory information during registration. User accounts are not public and cannot be indexed by search engines such as Google. If users terminate their user account, their account data is deleted subject to the retention obligations on commercial or fiscal grounds in accordance with Art. 6(1)(c) GDPR. Customer account data is kept until its deletion and subsequent archiving in the event of retention obligations. In the event of termination, users are personally responsible for backing up their data before the contract ends.
Within the scope of registration and renewed login as well as when using our online services, we store the user’s IP address and the time at which the respective action took place. The storage is based on our legitimate interests as well as the user’s right to protection against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims or if there is a legal obligation to do so in accordance with Art. 6(1)(c) GDPR.
The deletion takes place after the expiration of the legal warranty and comparable obligations. The necessity to store the data is reviewed at irregular intervals. In the event of statutory archiving obligations, deletion takes place after the expiration thereof.
15. Contractual services
We process the data of our contractual partners and interested parties as well as other customers and clients (hereinafter referred to collectively as “contractual partners”) in accordance with Swiss federal data protection regulations (FADP) and the GDPR as per Art. 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed to this end, the type, scope and purpose of the processing and the grounds for the processing thereof are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contractual data (e.g. the services used, contract contents, contractual communication and the names of contact persons) and payment data (e.g. bank details and payment history).
In general, we do not process any special categories of personal data except as part of commissioned or contractual data processing.
We process data necessary for the establishment and fulfilment of the contractual services and we explain the need to specify this data if this is not obvious to the contractual partners. Data is only disclosed to external persons or companies if required within the framework of a contract. When processing data provided to us within the framework of an order, we act in accordance with the customers’ instructions and the statutory requirements.
Within the scope of the use of our online services, we may store the user’s IP address and the time at which the respective action took place. The storage takes place on the basis of our legitimate interests, as well as the interests of users in protecting against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims pursuant to Art. 6(1)(f) GDPR or there is a legal obligation to do so in accordance with Art. 6(1)(c) GDPR.
The data is deleted when it is no longer required for the fulfilment of contractual or statutory welfare obligations or for the handling of any warranty or comparable obligations. The necessity to store the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations apply.
16. The provision of our services in accordance with the articles of association
We process the data of our members, supporters, interested parties, customers and other persons in accordance with the Swiss federal data protection regulations (FADP) and the GDPR in accordance with Art. 6(1)(b) GDPR, insofar as we offer them contractual services or act within the framework of an existing business relationship, e.g. towards members, or we are the recipients of services and benefits. We also process the data of data subjects in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interests, e.g. with regard to administrative tasks or public relations work.
The data processed to this end, the type, scope and purpose of the processing and the grounds for the processing thereof are determined by the underlying contractual relationship. This basically includes the inventory and master data of the people (e.g. name, address, etc.), as well as their contact data (e.g. e-mail address, telephone number, etc.), contract data (e.g. the services used, communicated contents and information, and the names of contact persons) and, if we offer premium services or products, payment data (e.g. bank details, payment history, etc.).
We delete data that is no longer required for statutory purposes. This is determined in accordance with the respective tasks and contractual relationships. In the event of business processing, we retain data for as long as it is relevant to a business transaction and also with regard to any warranty or liability obligations. The necessity to store the data is reviewed at irregular intervals. In all other respects, the statutory retention obligations apply.
Copyright and all other rights to the content, pictures, photos or other files on the website belong exclusively to the operator of this website or the specially named copyright holders. Reproduction of all and any files is forbidden without prior written consent from the copyright holder. Anyone who acts in breach of copyright without the consent of the respective copyright holder may be liable for prosecution and even the payment of damages.
18. General disclaimer of liability
All the information on our website has been checked carefully. We make every effort to ensure that the information we provide is up to date, accurate and complete. Nevertheless, the occurrence of errors cannot be excluded completely. As a consequence, we cannot guarantee the completeness, accuracy and timeliness of information, including that of a journalistic or editorial nature. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded unless there is evidence of wilful intent or gross negligence.
The publisher may change or delete texts at his own discretion and without prior notice and is not obliged to update the content of this website. The use of or access to this website is at the visitor’s own risk. The publisher, its clients and partners are not responsible for any damage, whether direct, indirect, incidental, consequential or special damage, allegedly caused by visiting this website. They therefore assume no liability for them.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of linked pages bear sole responsibility for the content thereof. The publisher hereby expressly distances itself from all third-party content which may be relevant under criminal or liability law or violate good morals.
We reserve the right to modify this data protection declaration at any time without prior notice. The current version published on our website shall apply.
20. Questions to the data protection officer
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organisation, who is named at the beginning of this data protection declaration.
Niederhasli, 8 November 2018
Source: SwissAnwalt data protection generator