Data Security

General notice
Based on article 13 of the Swiss Federal Constitution and the data protection regulations of the federation (Data Protection Act, DSG) every person has the right to protection of his privacy as well as protection against misuse of his personal data.

We, Campesino GmbH, as operators of these pages, respect the privacy of all customers who use our Internet presence and take the protection of your personal data very seriously. This means that we give top priority to the protection of user and customer data and commit ourselves to treat the information provided by the user with the greatest care and sense of responsibility at all times. This applies in particular to cooperation with partners and third parties. However, we do not assume any liability for third parties, unless this is stated separately. We use specified data exclusively for communication with you as a customer.

In cooperation with our hosting providers, we strive to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Processing of personal data
Personal data is any information that relates to a specific or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, to the extent and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) GDPR:lit. a) Processing of personal data with the consent of the data subject.

lit. b) Processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of corresponding pre-contractual measures.

lit. c) Processing of personal data for the fulfillment of a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR is applicable in whole or in part.

lit. d) Processing of personal data in order to protect the vital interests of the data subject or another natural person.

lit. f) Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject are overridden. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Privacy policy for cookies
In addition, we use so-called “cookies” at www.mirocoffee.co, i.e. small data packages with configuration information, in order to improve our product range and the use of our website for you. The data stored in the cookies does not allow any conclusions to be drawn about your identity. They are therefore not personal. You can deactivate the storage of cookies yourself in your browser settings.

Third-party services / Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics also uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by visitors to the site is usually transmitted to a Google server in the U.S. and stored there.

This is also our legitimate interest according to Art 6 para. 1 p. 1 f) DSGVO.

Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have activated IP anonymization on this website (anonymizeIp). However, this means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the transfer of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again):

Social Plugins 
Campesino GmbH uses on its website plugins of, among others, the social networks facebook.com, of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA , and Twitter.com, of Twitter Inc, 795 Folsom St., Suite 600, San Francisco CA 94107, USA. You can recognize the plugins by the respective network logo, supplemented, for example, by the pictogram of a clenched fist with a raised, upward pointing thumb or the addition of “Recommendation”, “Like”, “Comment” or “Like”. Simply by calling up our website, no direct connection is established with the servers of the social networks by the Internet browser you are using and data is forwarded. The “Like” button only becomes active when you hover over it with your cursor and click on it after the information that appears afterwards that the “Like” button only becomes active when you click on it. Then you can make your recommendation with a second click. If you have activated the “Like” button, it will transmit various data to the social network. This may include:

  • a) Date and time of your visit to the website.
  • b) URL of the website the visitor is on.
  • c) URL of the website that the visitor had previously visited.
  • d) Browser used
  • e) Operating system used
  • f) IP address of the visitor

If you are logged into Facebook, and Twitter in parallel while visiting our site, it is not excluded that the provider assigns the visit to your network account. If you use the plugin functions (e.g. clicking the “Like” button, submitting a comment), this information is also transmitted from your browser directly to the respective social network and stored there if necessary. The purpose and scope of the data collection and the further processing and use of the data by the networks can be found in the privacy notices of Facebook [http://www.facebook.com/policy.php], Twitter [http://twitter.com/privacy] and Google [http://www.google.com/intl/de/policies/privacy/].

SSL encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Server log files
We collect information about you when you use this website. We automatically collect information about your usage patterns and interaction with us and record data about your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files). The access data includes:

  • Name and URL of the file accessed
  • date and time of the retrieval
  • amount of data transferred
  • message about successful retrieval (HTTP response code)
  • browser type and browser version
  • operating system
  • Referer URL (i.e. the previously visited page)
  • Web pages that are called up by the user’s system via our website
  • Internet service provider of the user
  • IP address and the requesting provider

We use this log data without attribution to your person or other profiling for statistical analysis for the purpose of operating, securing and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze traffic, search for and fix errors, and improve our services.

This is also our legitimate interest according to Art 6 para. 1 p. 1 f) DSGVO.

We reserve the right to review the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).

External payment service providers
The customer has the right to choose between the following payment methods under the restriction of the GTCs section 8.1:

  • Stripe (https://stripe.com/ch/privacy)
  • Snipcart
  • Credit card: Visa, MasterCard or American Express

In the context of the performance of contracts, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. b. EU-DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to the Swiss Data Protection Ordinance as well as and to the extent necessary pursuant to Art. 6 para. 1 lit. f. EU-DSGVO in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, among others, as well as the contract, totals and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.

For the payment transactions, the terms and conditions and the privacy policy of the respective payment service providers apply, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

Order processing in the online store with customer account
We process the data of our customers in accordance with the data protection provisions of the Federal (Data Protection Act, DSG) and the EU-DSGVO, as part of the ordering process in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.

The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. In this context, we use session cookies, e.g. for storing the shopping cart content, and permanent cookies, e.g. for storing the login status.

The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations. The data is only processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).

Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information will be provided to users. User accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons entspr. Art. 6 para 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.

Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed at irregular intervals. In the case of legal archiving obligations, deletion takes place after their expiry.

Newsletter data
When registering for the newsletter, the email address you provide will be used with your consent for our own advertising purposes until you unsubscribe from the email newsletter. After your registration for our newsletter, we will send you an email to confirm the registration again and thus ensure that you have ordered our email newsletter yourself. You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

Disclosure of personal data
We pass on your data to a few partner companies in connection with the processing of your order. Thus, we pass on your payment data to your house bank if necessary and transmit your address data for the delivery of your order to the shipping company contracted by us Swiss Post or DPD as far as this is necessary for the delivery of the goods. A passing on or a resale of the data to third parties by Campesino GmbH is excluded, unless you have expressly agreed to the passing on of your data.

Right of information, deletion and blocking
According to the Federal Data Protection Act you have the right to free information about your stored data and, if necessary, the right to correct, block or delete this data. In this case, please write us your request to hello@mirocoffee.co.

Revocation of consent
You can revoke your consent to the use of your data for advertising purposes at any time and without giving any reason by sending an email to the address hello@mirocoffee.co.

Epilogue
We hope that we have been able to answer all your questions about data protection. We will continue to develop our data protection conditions in the future due to changes in our business as well as changes in the law and will update them here accordingly.

Status 2021