Privacy policy of the company Sideshore AG

A. Cross-sales channel information
1. Controller and content of this privacy policy

Sideshore AG is the operator of the website (hereinafter “Website”) and the services offered on it and is therefore responsible for the collection, processing and use of your personal data and the compliance of data processing with the applicable data protection law.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DSG”) and the revised Swiss Data Protection Act (“revDSG”). So that you know what personal data we collect from you and for what purposes we use it, please take note of the following information.

Please note that the following information will be reviewed and amended from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, other companies are responsible or jointly responsible with us under data protection law for individual data processing activities listed below, so that in these cases the information provided by these providers is also authoritative.

2. Contact person for data protection

If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact person by sending an e-mail to the following address:

The data protection officer of Sideshore AG is the company itself, acting through the management:

Sideshore AG
Philipp Knecht
Zinkereistr. 35
CH – 8633 Wolfhausen

3. Your rights

If the legal requirements are met, you have the following rights as a person affected by data processing:

  • Right to information: You have the right to request access to your personal data stored by us at any time free of charge if we are processing it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with the applicable data protection regulations. 
  • Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort. 
  • Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of erased if the conditions are met.
  • Right to restriction of processing: You have the right to request that the processing of your personal data be restricted. 
  • Right to data portability: You have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.   
  • Right to object: You can object to data processing at any time, in particular for data processing in connection with direct advertising (e.g. advertising e-mails). 
  • Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

To exercise these rights, please send us an e-mail to the following address:

  • Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed.
4. Data security

We use suitable technical and organisational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to observe data protection. Furthermore, these persons are only granted access to personal data to the extent necessary to fulfil their tasks.   Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always harbours certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.

5. Contacting us

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have made available to us will be processed, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request. In addition, the time of receipt of the enquiry is documented. Mandatory information is marked with an asterisk (*) in contact forms. 

We process this data exclusively in order to fulfil your request (e.g. providing information about a product, assisting with contract processing such as returning products, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the implementation of your request or, if your request is aimed at the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b EU GDPR.

6. Use of your data for marketing purposes
6.1 Central data storage and analysis in the CRM system

If a clear assignment to your person is possible, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contacts, your contract data and your surfing behaviour on our websites, in a central database. This serves the efficient management of customer data and allows us to respond to your requests appropriately, and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.   We analyse this data in order to further develop our offers in line with your needs and to display and suggest the most relevant information and offers to you. We also use methods that predict potential, interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of marketing measures.

6.2 Email marketing and newsletter

If you register for our e-mail newsletter (e.g. when opening or within your customer account), the following data will be collected. Mandatory information is marked with an asterisk (*) in the registration form:

  • Email adress 
  • Salutation
  • First name and surname 

By registering, you consent to the processing of this data in order to receive news from us about our company, our offers and related products and services. This may also include requests to take part in competitions or to evaluate one of the aforementioned products and services. The collection of the salutation and name allows us to verify the assignment of the registration to any existing customer account and to personalise the content of the emails. The link to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better customise it to your potential needs. 

We will continue to use your data to send you emails until you withdraw your consent. Cancellation is possible at any time, in particular via the unsubscribe link in all our marketing emails.

By subscribing to the newsletter, you also consent to the statistical analysis of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of data within the meaning of Art. 6 para. 1 lit. a EU GDPR.  We use the email marketing software Brevo from Sendinblue GmbH Köpenicker Straße 126, 10179 Berlin, Germany for marketing emails. Therefore, your data is stored in a database of Hetzner Online GmbH, whereby Hetzner Online GmbH can access your data if this is necessary for the provision of the software and for support in the use of the software. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the use of third-party services.

7. Disclosure to third parties and access by third parties

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place in particular if this is necessary to fulfil the contract you have requested, i.e. for example to the logistics or transport companies that deliver the requested products or to a manufacturer who is to fulfil your warranty claim. The legal basis for these transfers is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b EU GDPR.

Data is also passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also already explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consulting firms. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in obtaining third-party services.   In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection companies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out a due diligence review or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the protection of our rights and fulfilment of our obligations or the sale of our company.

8. Transfer of personal data abroad

We are authorised to transfer your personal data to third parties abroad if this is necessary to carry out the data processing specified in this privacy policy (see sections 12-13 in particular). It goes without saying that the statutory provisions on the disclosure of personal data to third parties will be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected by these companies. 

9. Retention periods

We only store personal data for as long as is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest. In the case of contractual data, storage is prescribed by statutory retention obligations. Requirements that oblige us to retain data result from accounting and tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary for the fulfilment of retention obligations or for the defence and enforcement of our legal interests. The data will be deleted as soon as there is no longer an obligation to retain it and there is no longer a legitimate interest in retaining it.

B. Special notes for our website
10. Our website
10.1 Accessing our website

When you visit our website, our servers temporarily store every access in a log file. As with every connection to a web server, the following technical data is recorded without any action on your part and stored by us until it is automatically deleted after 12 months at the latest:

  • the IP address of the requesting computer
  • the name of the owner of the IP address range (usually your Internet access provider)
  • the date and time of access
  • the website from which the access was made (referrer URL), if applicable with the search term used
  • the name and URL of the retrieved file
  • the status code (e.g. error message)
  • the operating system of your computer
  • the browser you are using (type, version and language)
  • the transmission protocol used (e.g. HTTP/1.1)
  • if applicable, your user name from a registration/authentication

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term, analysing errors and performance and enabling us to optimise our website (see also section 13 for the last points).

In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorised or abusive website use, the IP address and other data will be evaluated for clarification and defence purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.

The purposes described above constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU GDPR.  Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. The data described here may also be processed in this context. You will find more detailed information on this in the following sections of this privacy policy, in particular section 11.

10.2 Registration for a customer account

If you open a customer account on our website, we collect the following data:

  • Personal details:
    • Salutation
    • Surname/first name
    • Billing/delivery address
    • Date of birth
    • Company/company address/UID no. for corporate customers
  • Login data:
    • Email address
    • Password
  • Futher details:
    • Languages
    • Gender

We use the personal details to establish your identity and to check the requirements for registration. The e-mail address and password together serve as login data and thus ensure that the correct person is using the website under your details. We also need your e-mail address to verify and confirm the opening of your account and for future communication with you required for contract fulfilment. In addition, this data is stored in the customer account for future contract conclusions.

We also use the data to provide an overview of the products and services ordered and an easy way to manage your personal data, to administer our website and the contractual relationships, i.e. to establish, organise the content of, process and amend the contracts concluded with you via your customer account. 

We process the information on language and gender in order to display offer suggestions on the website that are best tailored to your profile or your personal needs, to statistically record and evaluate the selected offers and thus to optimise our suggestions and offers. 

The legal basis for processing your data for the aforementioned purpose is your consent in accordance with Art. 6 para. 1 lit. a EU GDPR. You can withdraw your consent at any time by removing the information from your customer account or deleting your customer account or having it deleted by notifying us.

To prevent misuse, you must always treat your login data confidentially and should close the browser window when you have finished communicating with us, especially if you share the computer with others.

11. Cookies

Cookies are information files that your web browser stores on your computer’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read. 

Cookies help in many ways to make your visit to our website easier, more pleasant and more useful. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.

We use cookies, for example, to offer you the shopping basket function across several pages and to temporarily save your entries when you fill in a form on the website so that you do not have to repeat the entry when you call up another subpage. Cookies may also be used to identify you as a registered user after you have registered on the website without you having to log in again when you access another subpage.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in providing a user-friendly and up-to-date website.  Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the websites of the browser providers, you will find explanations of how you can configure the processing of cookies in the most common browsers. However, deactivating cookies may mean that you cannot use all the functions of our website.

12. Tracking tools
12.1 General information

We use the web analysis service of Google Analytics for the purpose of designing and continuously optimising our website in line with requirements. In this context, pseudonymised user profiles are created and small text files stored on your computer (“cookies”) are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 10, we may receive the following information as a result:

  • Navigation path that a visitor takes on the site
  • the time spent on the website or subpage
  • the subpage on which the website is left
  • the country, region or city from which access is made
  • end device (type, version, colour depth, resolution, width and height of the browser window) and
  • returning or new visitor

The provider will use this information on our behalf to analyse the use of the website, to compile reports on website activity for us and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of these web pages. For these processing operations, we and the providers can be regarded as joint controllers under data protection law up to a certain extent. 

The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a EU GDPR. You can revoke your consent or refuse processing at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 11) or by making use of the service-specific options described below.

For further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.

12.2 Google analytics

We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). 

The “described data about the use of the website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained (see section 13). The IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this website before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Users can prevent Google from collecting the data generated by the cookie and relating to the use of the website by the user concerned (including the IP address) and from processing this data by Google by downloading and installing the browser plug-in under the following link: Further information on data protection at Google can be found here

13. Social media

We have included links to our profiles on various social networks on our website.  If you click on the social network icons, you will be automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the network receives the information that you have visited our website with your IP address and clicked on the link.  

If you click on a link to a network while you are logged into your user account with the network in question, the content of our website can be linked to your profile so that the network can assign your visit to our website directly to your account. If you wish to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore note the information on the network’s website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the use and advertising of our social media profiles. 

14. Changes to the privacy policy

This privacy policy is not part of a contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

Last update: 01.09.2023