Privacy Statement

Data Protection

Legal notice: data protection

1. Limitation of liability
The content of this website has been created with the utmost care. However, the provider assumes no liability for the correctness, completeness and timeliness of the content provided. The user uses the content of the website at his own risk. Contributions identified by name reflect the opinion of the respective author and not always the opinion of the provider. The use of the provider's website does not constitute a contractual relationship between the user and the provider. This website may contain links to third-party websites ("external links"). These websites are subject to the liability of the respective operators. Arsam Supplies is not liable for damages arising directly or indirectly from the use of this website, unless they are intentional or the result of gross negligence on the part of Arsam Supplies.

2. Intellectual property
The intellectual property contained on this website, such as copyright, design rights, trademarks, etc., is protected. This website does not constitute a right of use of the intellectual property of Arsam Supplies or third parties.

3. Copyright
The content published on this website is subject to Spanish copyright laws. Any use not permitted by Spanish copyright law requires prior written permission from the provider or the respective copyright holder. This applies in particular to duplication, editing, translation, storage, processing or reproduction of content in databases or other electronic media and systems. Content and rights of third parties are marked as such. Unauthorized duplication or transfer of individual content elements or entire pages is not permitted and is punishable. Creating copies and downloads for personal, private and non-commercial use is only permitted.

Displaying this website in third-party frames is only permitted with written consent.

4. Privacy Statement
Arsam Supplies in Spain is the operator of the website shop.arsam.es and the services offered through the website, and is therefore responsible for collecting, processing and using your personal data and for ensuring that data processing complies with applicable data protection legislation. We value your trust, therefore we take the issue of data protection seriously and ensure that appropriate security is in place. Naturally, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other legal data protection provisions of Swiss or EU legislation that may apply, in particular the EU General Data Protection Regulation (GDPR). Please note the following information so that you are aware of what personal information we collect from you and what we use it for.

4.1 Visiting our website
When you visit our website, our server makes a temporary record of each web page you access in a log file. As part of this process, the following technical data is collected without any action on your part, as is generally the case with every connection to a web server, and is retained by us until it is automatically deleted after six months at the latest:

• the IP address of the computer accessing the website
• the name of the owner of the IP address range (usually your internet access provider)
• the date and time of access
• the website from which our website was accessed (referrer URL), together with the search term, where applicable
• the name and URL of the data retrieved
• the status code (error message, for example)
• your computer's operating system
• the browser you are using (type, version and language)
• the transfer protocol used (such as HTTP/1.1)
• where applicable, your user name from registration/authentication

This data is collected and processed to enable the use of our website (connection settings), to ensure that the system is permanently secure and robust, to optimize our online services and to internal statistical purposes. This is where our legitimate interest lies in processing data within the meaning of Art. 6 (1) (f) EU GDPR.

4.2 Opening a customer account
To place orders in our online shop, you can either place the order as a guest or create a customer account. When you register for a customer account, we collect the following data:

• company
• first and last name
• postal address
• telephone number
• email address
• password
• VAT number

The data is collected in order to provide the customer with direct, password-protected access to the basic data we store about them. The customer can use his customer account to view his completed and open orders or to manage or change his personal data. The legal basis for data processing for this purpose lies in the consent you have provided in accordance with Art. 6 (1) (a) of the EU GDPR.

4.3 Purchases via the online shop
If you would like to place orders in our online shop, we require the following data in order to be able to execute the contract:

• company
• first and last name
• billing address (and delivery address if different)
• payment details (depending on the chosen payment method)
• email address
• login data, i.e. username and password (for registered customers)

Unless otherwise stated in this privacy statement or unless you have given us your separate consent to do otherwise, we will only use the aforementioned data to execute the contract, i.e. to process your orders, to deliver the products that have been ordered and to ensure that payment is correct. The legal basis for data processing for this purpose lies in the execution of a contract in accordance with Art. 6 (1) (b) EU GDPR.

4.4 Transfer of data to third parties
We will only pass on your personal data if you have given us your express consent, if there is a legal obligation to do so, or if it is necessary to assert our rights, in particular to assert claims arising from the contractual relationship. In addition, we will pass on your data to third parties insofar as this is necessary in connection with the use of the website and the fulfilment of the contract (also outside the website), namely to process your transactions. This includes the respective transport service providers who have been commissioned to deliver the goods that have been ordered. Two service providers to whom personal data is transmitted via the website, or who have or may have access to personal data, are our web development partners, Arcmedia AG, Winkelriedstrasse 37, 6003 Lucerne, Switzerland, and Opacc Software AG, Industriestrasse 13, 6010 Kriens, Switzerland. The data is transmitted in order to deliver and maintain the functionalities of our website. This is where our legitimate interest lies within the meaning of Art. 6 (1) (f) of the EU GDPR. Finally, if you pay by credit card on the website, we will pass on your credit card data to your credit card provider and to the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all necessary information. The legal basis for transmitting the data lies in performing a contract in accordance with Art. 6 (1) (b) of the EU GDPR. We ask you to read the terms and conditions and privacy statement of your credit card provider as it concerns your credit card data processed by these third parties.

4.5 Transfer of data abroad
We are also entitled to transfer your personal data to external companies (contracted service providers) abroad for the data processing purposes described in this privacy statement. They are subject to data protection to the same extent as we are. If the level of data protection in a country does not correspond to the level of data protection in Switzerland or the European Union, we will contractually ensure that your personal data will be protected to the same level as in Switzerland or the EU at all times.

4.6 Cookies
Cookies help us in many ways to make your visit to our website an easier, more enjoyable and more meaningful experience. Cookies are information files that are automatically stored on your computer's hard drive by your web browser when you visit our website. For example, we use cookies to provide you with the shopping cart feature on various pages and to temporarily store your information as you fill out a form on the website so that you do not have to re-enter the data when you access another sub-page. Cookies can also be used to identify you as a registered user once you have registered on the website, without having to log in again when you access another sub-page. Most web browsers automatically accept cookies. However, you can set your browser so that cookies are not stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations on how to set up cookie handling for the most popular internet browsers:

• Microsoft Windows Internet Explorer
• Microsoft Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile

Disabling cookies may mean that you will not be able to use all the features of our website.

4.7 Tracking Tools

a. General information

We use the web analysis service provided by Google Analytics to continuously optimize our website and design it according to needs. In this context, pseudonymized usage profiles are created and small text files ("cookies") are used, which are stored on your computer. The information generated by the cookies about how you use this website is transferred to the servers of the service providers, where it will be stored and prepared for us. In addition to the data listed in point 1, we may receive the following information:

• navigation path taken by a visitor to the website
• time spent on the website or subpage
• the subpage from which the visitor leaves the website
• the country, region or city from which the website is accessed
• end device (type, version, colour depth, resolution, width and height of the browser window)
• returning or new visitors

The information will be used to evaluate how the website is used, to compile reports on website activity and to provide other website and internet services for market research and to design this website according to needs. This information may also be passed on to third parties where required to do so by law, or where third parties process this information on our behalf.

b. Google Analytics

The provider of Google Analytics is Google Inc., a subsidiary of the holding company Alphabet Inc., based in the United States. Before the data is transmitted to the provider, the IP address is abbreviated by activating IP anonymization ("anonymizeIP") on this website within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymized IP address transmitted from your browser as part of the Google Analytics process is not merged with any other data from Google. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. In such cases, we use contractual guarantees to ensure that Google Inc. observes an adequate level of data protection. In accordance with Google Inc., the IP address will never be associated with other data relating to the user. Further information about the web analysis service used can be found on the Google Analytics website. Instructions on how you can prevent your data from being processed by the web analysis service can be found at tools.google.com/dlpage/gaoptout.

4.8 Note on data transfer to the USA
For completeness, we point out to users residing in or with a registered office in Spain that in the USA the US authorities undertake supervisory activities that generally allow the storage of all personal data of all persons whose data has been transmitted from Spain to the USA. This takes place without any distinction, restriction or exception based on the objective pursued and without an objective criterion, which allows the US authorities to access the data, and to restrict the further use of the data to very specific, strictly limited purposes, which justify intervention in terms of both access to this data and the use of this data. We also point out that there are no legal remedies available in the USA to affected persons from Spain, which do not allow them to access data belonging to them or to have their personal data corrected or deleted, nor is there effective legal protection against general access rights by the US authorities. We explicitly point out these circumstances and legal position to those affected so that they can make an informed decision whether or not to send their data.

4.9 Right to access, rectification, erasure and restriction of processing; right to data portability.

You have the right to request to receive information about the personal data we have stored about you. You also have the right to correct inaccurate data and to delete your personal data, provided that this does not contravene any legal retention requirements or any permission authorizing us to process the data. You also have the right to demand that we hand over the data you have provided to us (right to data portability). Upon your request, we will pass your data to a third party of your choice. You have the right to receive the data in a standard file format. You can contact us for the above-mentioned purposes via the email address rgpd@arsam.es. We may, at our own discretion, request proof of identity in order to process your requests.

4.10 Data security
We use appropriate technical and organisational security measures to protect the data we store about you from being manipulated, from being lost in part or in full, and from unauthorised access by third parties. Our security measures are continually improved in line with technological developments. You should always treat your login details as confidential and close your browser window when you have finished communicating with us, especially if you share your computer with other people. We also take internal data protection very seriously. Our employees and appointed service providers are required to maintain confidentiality and to comply with the provisions of data protection law.

4.11 Data storage
We only store personal data for as long as is necessary to use the above-mentioned tracking and analysis services and to continue processing the data in the context of our legitimate interest. Contract details will be retained for longer as there is a legal obligation to retain the data. Accounting provisions and tax regulations provide for retention obligations that oblige us to retain data. In accordance with these requirements, business communications, signed contracts and accounting records must be kept for up to 10 years. This information will be blocked if we no longer need it to be able to carry out the services for you. This means that the data can only be used for accounting and tax purposes.

4.12 Right to lodge a complaint with a data protection supervisory authority
You have the right to lodge a complaint at any time with a data protection supervisory authority.

Arsam Supplies may modify this legal information at any time through an update. In addition, Arsam Supplies reserves the right to modify, reduce or eliminate the availability of the website at its own discretion at any time and without prior notice.