Privacy Policy

I. General information

In this Privacy Policy, Maissen Klosters AG, Bahnhofstrasse 15, CH-7250 Klosters (hereinafter also “we“, “us“) explains how we process your personal data in connection with the provision of our websites https://maissen.com/ and https://maissen-brillen.com/ (the “Websites“) and in connection with our business activities.

If you provide us with data about other persons, we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.

We use the term “data” here synonymously with “personal data” or “personal information“.

We use third-party content on our websites (e.g. information, images and videos relating to the products offered). This content is made available to us for use on our websites after consultation with the third parties. These third parties are independently responsible for the content and associated data processing. If you are interested, please contact these third parties directly to find out about the processing of your personal data in this context.

II. Data Controller

Responsible for processing your data according to this privacy policy, unless otherwise communicated in individual cases:

Maissen Klosters AG
Bahnhofstrasse 15
CH-7250 Klosters

If you have any questions regarding data protection, you can contact us at datenschutz@maissen.com at any time.

III. Collection and Processing of Data

We collect data when you visit our websites, utilize the functionalities available on the websites, purchase our products or services, and/or wish to enter into a business relationship with us, such as when you seek advice in our business premises, submit your application to us, or otherwise contact us. The specific data we process about you depends on the occasion and purpose of the processing. The categories of data that you have directly provided to us and the categories of data that we have received from third parties about you include, among others:

  • Technical Data: e.g., IP address; information about the operating system of your device; identification numbers (e.g., when setting cookies); name and URL of the requested website; amount of data transferred; region, date, and time of access; websites accessed via our websites; websites from which access is made; browser type; name of the internet service provider; protocols, etc.;
  • Master Data: e.g., name; title/salutation; address; email address; phone number; gender; information about the employer or company on whose behalf you are contacting us; role and function; details of your relationship with us; details of interactions with you; consent declarations (e.g., in online contact forms), etc.;
  • Communication Data: e.g., data transmitted via a contact form, email, phone, letter, or other means of communication; type, manner, location, and time of communication, and usually its content (i.e., the content of emails, letters, etc.); information about your request when using an online contact form; details when scheduling an appointment with us, etc.;
  • Contract and Service Data: e.g., information provided by you when using our online services (e.g., ordering contact lenses and/or care products) and/or in relation to a possible conclusion of a contract and within the subsequent contract performance (e.g., when purchasing our products or within a job application process); information about the execution and management of contracts; information about defects, complaints, and contract changes; particularly sensitive data (information about visual acuity, diopters, etc.); financial data; information about downloads made of offers, information, brochures, etc.;
  • Behavioral and Preference Data: e.g., information about user behavior on our websites; details of downloads made on the websites (product information, brochures, etc.); information about the use of our online products and services; information about your response to electronic communications; details about your click behavior; information about the websites you have visited; information about your location, e.g., when selecting a branch within the contact form, etc.;
  • Applicant Data: e.g., contact details and personal information (e.g., name, address, email address, phone number, date of birth, nationality/citizenship); information from your application form (e.g., motivation, position applied for, workload, etc.); application documents (e.g., CV, details of previous employers, references and job references, data on professional experience, information about education and further qualifications), etc.

You are generally not obligated to provide us with your data. However, within the scope of our business relationship, it is necessary for you to provide certain data so that we can process our business relationship with you (e.g., details of your product order and shipping data, consultation and sale of our products, etc.). Furthermore, certain information must be disclosed to enable data traffic on the websites, such as an IP address.

If you contact us because you are applying for a position with us, we will process the information you provide exclusively for the purpose of conducting any potential recruitment process. If we are unable to consider you for a position, we typically delete your application documents unless we wish to retain them for future positions and you agree to this approach.

IV. Purpose of Data Processing

The collected data are primarily used for the conclusion and execution of contracts with you and business partners, particularly in connection with the products and services offered on our websites. We also process the data to fulfill our legal obligations, both domestically and internationally.

Furthermore, we may process personal data in accordance with applicable law and to the extent necessary, for the following purposes, which are in our legitimate interests or the legitimate interests of third parties:

  • Consultation and Sales of Our Products: We process your data when advising you on our products and services, selling our products and services to you, and providing ongoing support in this regard.
  • Communication: We process your data for the purpose of communication with you, especially to respond to your inquiries, assert your rights, and contact you for follow-up questions.
  • Marketing: We process your data for market research purposes unless you have objected to the use of your data for this purpose.
  • Product/Service Development and Innovation: We process your data to further develop our products, services, websites, and other platforms on which we operate, and to expand our products and services.
  • Security: We process your data to protect our operations, IT, and other infrastructure, as well as our websites and other platforms.
  • Risk Management, Corporate Governance, and Business Development: We process your data as part of our risk management and corporate governance efforts to protect ourselves from criminal or abusive activities. In the course of our business development, we may sell businesses, parts of businesses, or companies to others or acquire them from others or enter into partnerships, which may involve the exchange and processing of data.
  • Applications: We process your data as part of the application process to respond to your contact, review your profile, and prepare for and process future employment, and possibly also if you agree, as mentioned above, to keep your personal data for possible future vacancies for a longer period.
  • Disputes: We process your data to enforce legal claims and defend against legal disputes and regulatory proceedings.
  • Compliance with laws: We process your data to comply with legal requirements (e.g., preventing and investigating crimes and other misconduct, conducting internal investigations, data analysis for fraud prevention).

V. Legal Basis for Data Processing

Where we have requested your consent, we process your data based on this consent. You can revoke your consent at any time with effect for the future by notifying us in writing (via email to: datenschutz@unternehmen.ch). The revocation of your consent does not affect the lawfulness of the processing carried out before your revocation, nor does it affect the processing of your data based on other legal grounds.

If we do not require your consent, we do not seek it, and we process your data for other reasons, such as for the purpose of initiating, executing, or fulfilling a contract or business relationship with you, fulfilling a contractual or legal obligation, or performing a public task. We may also process your personal data if we have a legitimate interest in doing so, which may include compliance with applicable law and the marketing of our products and services, as well as the interest in better understanding our markets and managing and developing our business, including its activities, in a secure and efficient manner.

VI. Cookies 

We use cookies on our websites, which allow us to identify your browser or device, and which may allow certain third parties to do the same. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our websites.

Some cookies are necessary for the functioning of our websites or for certain features. These cookies are only temporary (“session cookies”) and are deleted after you have visited our websites. Other cookies are necessary to store user configurations and other information beyond a session (“persistent cookies”). However, you have the option to set your browser to reject cookies, store them only for a single session, or delete them before their usual expiry date.

Depending on the purpose of these cookies, we may ask for your explicit consent at our discretion.

You can access your current settings, adjust them, and possibly revoke your previously given consent at any time under “Privacy Settings”.

VII. Used Tools

For the purpose of tailored design and continuous optimization of our websites, products, and services, we utilize the following technologies and tools:

Google

We utilize the following services from Google, with whom we enter into a service agreement with Google Ireland. Data is transmitted to Google Ireland, where it may further be transferred to Google’s subsidiaries in the USA. Personal data may also be stored in the USA. Google LLC, headquartered in Mountain View, CA, along with its fully controlled group companies, is certified under the Data Privacy Framework for both employee and non-employee data. Therefore, it is assumed that the transfer and further processing of data will comply with the data protection level required under the GDPR.

Google Maps

On our websites, we utilize the offering of Google Maps, which allows us to display interactive maps directly on the websites and enables you to conveniently use the map function. The legal basis for using the maps is your consent, meaning that integration only occurs after your consent.

By clicking on Google Maps, Google receives information that you have accessed the respective subpage of our websites. Additionally, the basic data mentioned above, such as IP address and timestamp, are transmitted. Google stores your data as usage profiles and uses them for advertising, market research, and/or to customize its website. Such evaluation is carried out especially to provide tailored advertising and to inform other users of the social network about your activities on our websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Further information can be found in Google’s privacy policy: https://www.google.com/intl/de_CH/help/terms_maps/.

Google Analytics

On our websites, we utilize Google Analytics. Google tracks visitor behavior on our websites through performance cookies (e.g., duration, frequency of visited pages, geographical origin of access, click behavior, etc.) and creates reports for us based on this information. Further information on the handling of personal data by Google can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

Global Site Tag (gtag.js) 

The Global Site Tag (gtag.js) is a tag management system developed by Google, which can be used to set and manage tags on the website. It is used to implement tracking tags for various purposes, allowing data such as traffic, revenue, conversions, website analytics, remarketing activities, and more to be tracked and managed across the entire website for various Google services (e.g., Google Ads, Google Analytics, and more).

Google Tag Manager 

Additionally, we use Google Tag Manager on our websites. This service manages the various marketing tags of Google and third-party services that we have integrated into our websites. It directs the data collected through these tags about user behavior to our analytics tools, which can incorporate the information into their analytics activities, such as evaluating them for personalized advertising. With Google Tag Manager, not only are Google services managed and coordinated, but also services from other providers that we integrate using tag tracking for analytical purposes (e.g., Adobe Analytics). For further information, we refer you to the descriptions of the respective tracking services and to the usage policies of Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Web Fonts 

On our websites, we use Google Web Fonts provided by Google for the consistent display of fonts. When you visit one of our websites, your browser downloads the required fonts into your browser cache to display text and fonts correctly. Google Web Fonts collects usage information on our websites. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Further services

Matomo Analytics 

We use the web analytics service software Matomo Analytics, a service provided by InnoCraft Ltd. (based in New Zealand), on our websites. Matomo Analytics is used for statistical analysis of user behavior for optimization and marketing purposes. Pseudonymized usage profiles are created and evaluated for this purpose. Cookies may be used for this. The cookies enable, among other things, recognition of the internet browser. The data collected using Matomo technology (including your pseudonymized IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the user of our websites and is not merged with personal data about the bearer of the pseudonym. Further information can be found at: https://matomo.org/privacy-policy/.

Adobe Analytics 

We use the web analytics service Adobe Analytics on our websites, a service provided by Adobe Systems Software Ireland Companies (based in Ireland). Adobe Analytics analyzes user behavior on our websites, for which data (anonymized IP addresses) is collected and processed. Further information can be found at: https://www.adobe.com/ch_de/privacy.html.

Adobe Fonts (Typekit):

We use Adobe Fonts on our websites to ensure consistent font display, provided by Adobe (based in the USA). When you visit one of our websites, your browser loads the necessary fonts into its cache to display text and fonts correctly. Adobe Fonts collects usage information on our websites without collecting personal data. For further information, please refer to Adobe’s Privacy Policy: https://www.adobe.com/ch_de/privacy/policies/adobe-fonts.html.

WPML:

We use the WPML plugin from OnTheGoSystems Ltd. (based in Hong Kong) on our websites. WPML enables the creation of multilingual websites and the provision of multilingual content. In this context, personal data such as user language settings and any technical data such as IP addresses are collected and stored. For more information, please visit: https://wpml.org/de/documentation-3/datenschutzrichtlinie-und-gdpr-konformitaet/.

VIII. Social Plugins

We use social plugins from LinkedIn on our websites. These are identifiable to you (typically through corresponding symbols). We have configured these elements to be deactivated by default. If you activate them (by clicking), the providers of the respective social networks may register that you are visiting our websites and use this information for their purposes. The processing of your data is then under the responsibility of the respective provider according to their privacy policies. We do not receive any information about you.

IX. Disclosure of Data to Third Parties

To fulfill our contracts, comply with our legal obligations, safeguard our legitimate interests, and fulfill the other purposes mentioned above, we may disclose your data to third parties, especially to the following categories of recipients:

  • Service provider: We collaborate with service providers both domestically and internationally, who process data about you on our behalf or jointly with us, or who receive data about you from us under their own responsibility (e.g., IT providers, accounting firms, trustees, auditing companies, banks, telecommunications companies, credit agencies, address verification providers, lawyers) or whom we engage to process data on our behalf and only in accordance with our instructions.
  • Contractual partner: When required by the respective contract, we may disclose your data to other contractual partners, dealers, subcontractors, etc.
  • Acquirers of business divisions: We may disclose your data to acquirers or parties interested in acquiring business areas, companies, or other parts of Maissen Klosters AG.
  • Authorities: We may disclose personal data to authorities, courts, and other governmental agencies in Switzerland or abroad if we are legally obligated or entitled to do so, or if it appears necessary to safeguard our interests. The authorities process data about you received from us under their own responsibility.

X. Transfer of Data Abroad

As explained in the sections above, we disclose data to other entities when conducting our business operations, providing our websites, and maintaining and managing our customer relationships. The recipients of the data are not limited to Switzerland. Therefore, your data may be processed both in Europe and (potentially indirectly) in countries outside of Europe.

We transfer data to countries without adequate legal data protection only if necessary to fulfill a contract or to assert or defend legal claims, or if such transfer is based on your explicit consent or is subject to safeguards ensuring the protection of your data, such as the standard contractual clauses approved by the European Commission (adapted to Switzerland, if and to the extent applicable).

XI. Data Security

We implement appropriate organizational and technical security measures to prevent your data from being accidentally lost, used, accessed, altered, or disclosed without authorization. However, we and your data may still become victims of cyber-attacks, cybercrime, brute force measures, hacker attacks, and other fraudulent and malicious activities, including but not limited to viruses, forgeries, malfunctions, and interruptions that are beyond our control and responsibility. Additionally, we have procedures in place for handling suspected breaches of your data protection and will notify you and all relevant supervisory authorities of any breach if we are legally obligated to do so.

XII. Profiling and Automated Decision-Making

We may use profiling techniques and automated decision-making processes to analyze and evaluate certain aspects of your data. These processes may involve the use of algorithms and other automated tools to make predictions or decisions based on your data. However, please note that such profiling and automated decision-making will not have legal or similarly significant effects on you without your explicit consent or where required or permitted by law. If such processes are used in a manner that significantly affects you, we will provide you with appropriate information and, where necessary, obtain your consent. You also have the right to challenge any decisions made solely through automated processing, including profiling, and request human intervention.

We do not make automated individual decisions. However, in certain situations, for the sake of efficiency and consistency in decision-making processes, it may be necessary to automate discretionary decisions concerning you that may have legal effects or significant adverse consequences (“automated individual decisions”). If we make automated individual decisions, we will inform you accordingly and provide the necessary measures required by applicable law.

XIII Retention and storage of data

We will only process your data for as long as necessary to fulfill the purposes for which we collected it, including compliance with statutory retention obligations and, to the extent necessary to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. After expiry of the respective retention period, we will securely destroy your data in accordance with the applicable laws and regulations.

XIV Your rights as a data subject

In connection with the processing of your data by us, you have various rights depending on the applicable data protection law: the right to information about how we process which personal data about you, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability. We have already referred to the possibility of withdrawing consent or the right to withdraw previously granted consent in Section V above. You also have the right to lodge a complaint with the competent data protection authority if you are of the opinion that we are not processing your personal data in compliance with data protection regulations and the right to object to certain processing. However, we ask you to contact us first if you believe that we are not processing your personal data in accordance with your wishes, so that we can take up your request and implement it accordingly.

Please note, however, that we reserve the right to assert legal restrictions if necessary, e.g. if we are obliged to store or process certain data, have an overriding interest (insofar as we can invoke such interests) or need the data to assert claims; we will inform you accordingly. For example, we may also refuse to provide you with information in certain cases. If the exercise of certain rights is associated with costs for you, we will inform you in advance. It is important to note that exercising these rights may conflict with your contractual obligations and could result in consequences such as early termination of the contract or associated costs. Should this occur, we will inform you in advance, unless this has already been contractually agreed.

If you wish to exercise the above rights or have any further questions, please contact us at datenschutz@maissen.com or using the contact details provided in Section II, unless otherwise stated or agreed. Please note that we will need to identify you in order to prevent misuse, e.g. by means of a copy of your identity card or passport, unless identification is otherwise possible.

XV Amendment of this privacy policy

Due to the continuous development of our websites, changes in legislation, or regulatory requirements, we may amend this privacy policy from time to time. The version published on our websites is always the current edition.

Last updated: March 19, 2024.