Data Protection Statement

Status: May 2018

in accordance with the Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).

We comply with the requirements of the Swiss Data Protection Act and also apply the EU General Data Protection Regulation as follows:

When you call up our website www.linsenmax.ch using the browser you are using on your terminal, information is automatically sent to the server of our website. This information is stored in a log file. However, without your intervention, the following information is collected, stored, and anonymised automatically after 30 days:

• IP address of the calling computer

• Date and time of access

• Name and URL of the file called

• Website from which the access is made (referring URL)

• Browser type and version as well as other information transmitted by the browser (such as the operating system of your browser, the name of your access provider, the geographical origin, the language configuration, etc.).

We process the data mentioned for the following purposes:

• To enable the use of the website (establishment of the connection);

• To ensure a comfortable use of our website;

• To ensure the long-term security and stability of the system;

• To enable the technical administration of the network infrastructure;

• To enable the optimisation of the Internet offer;

• For internal statistical purposes.

The legal basis for the data processing is Art. 6, para. 1, subpara. 1, letter f GDPR. Our legitimate interest stems from the above-mentioned purposes of data collection. Under no circumstances do we use the collected data to draw conclusions about your person.

In addition, we use cookies and analysis services when using our website. This is explained in more detail in sections 4 and 5 of this data protection declaration.

If you have given your consent in accordance with Art. 6 (1) (1) (a) GDPR, we use your e-mail address to send you our personalised newsletter on a regular basis. For the receipt of the personalised newsletter, the provision of an e-mail address is sufficient.

You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your request to unsubscribe at any time by e-mail to fragen@linsenmax.

If you have any questions, we offer you the possibility to contact us by means of a form on the website. In this case, an e-mail address and a communication is required so that we know who is making the enquiry and can respond. Other details may be provided voluntarily.

The processing of data for the purpose of contacting us takes place in accordance with Art. 6, para. 1, subpara. 1, letter a GDPR on the basis of your freely given consent.

The personal data we collect for the use of the contact form is automatically deleted after processing your enquiry.

You have the possibility to create a password-protected user account with us, in which we store your personal data. This ensures the greatest possible convenience for you when processing your orders, by making it easier, faster, and more personal to complete your purchase.

If you wish to create a password-protected user account with us, we need the following information:

• Greeting
• First name
• Last name
• Address
• E-mail address
• Password

The provision of additional data is optional. This information allows you to access your user account. In your user account you can view and change your data at any time.

We will only store your personal data in a user account if you have given us your voluntary consent in accordance with Article 6(1)(1)(a) GDPR.

The creation of a user account is not necessary for the use of our website or for orders that you wish to place with us. We offer you the possibility to place your order as a guest. In this case, however, you must enter all your data for each order.

After deletion of your user account, your data is automatically deleted for further use, unless we are obliged to store it for a longer period of time in accordance with Article 6 (1) (1) (c) GDPR on the basis of storage and documentation obligations under tax and commercial law (CO, CP or AO) or you have authorised us to store it for a longer period of time in accordance with Article 6 (1) (1) (a) GDPR.

An order can be placed as a guest or with a user account. If you wish to create a password-protected user account with us, you can do so voluntarily during the ordering process or on the website under Login, New Registration.

If you wish to order products through our website, we collect the following information:

• Greeting, first name, last name;

• A valid e-mail address;

• Address;

• Payment data, depending on the payment method you have chosen (e.g. in case of payment by invoice or credit card data).

This data is collected:

• To identify you as a contractual partner

• To check the plausibility of the data entered

• To process the payment of your order, and

• To process any existing warranty claims or to assert any claims against you

• The data processing is carried out at your request and is necessary in accordance with Art. 6, para. 1, p. 1, letter b GDPR for the execution of the contract and pre-contractual measures

The data processing takes place at your request and is necessary according to Art. 6, para. 1, p. 1, letter b GDPR for the performance of the contract and pre-contractual measures.

The personal data collected by us in connection with the order will be stored until the legal warranty obligation expires and then automatically deleted, unless we are required to store it for a longer period in accordance with Art. 6 para. 1, p. 1, let. c RGPD on the basis of storage and documentation obligations under tax and commercial law (CO, CP or AO) or if you have authorised us to store them for a longer period in accordance with Art. 6, para. 1, s. 1, let. a RGPD.

Your personal data will not be disclosed to third parties for purposes other than those listed below.

Insofar as this is permitted by law and necessary in accordance with Art. 6, para. 1, subpara. 1, letter b GDPR for the performance of contractual relations with you, your personal data will be passed on to third parties.

If we provide the first service in connection with a purchase you have made, for example in the case of a purchase on account, we may request credit information on the basis of a mathematical-statistical procedure in accordance with Art. 6 (1) p. 1 (a) and (b) of the German Data Protection Act (GDPR), if this is necessary for the conclusion or execution of the contract.

We also pass on your personal data required for the credit check (first and last name, street, number, postcode, town, date of birth, telephone number and, in the case of direct debit, the account number indicated) to an external service provider. We work with Worldline Suisse S.A. et MF Group AG for the purpose of checking identity and creditworthiness.

On the basis of your personal data, the service provider provides us with information about the statistical probability of a default. We use this information to make a weighted decision on the establishment, performance or termination of the contractual relationship.

The credit information may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical procedures, the calculation of which includes address data.

Further information on this subject can be found in the data protection provisions of Datatrans SA and CRIF SA.

Furthermore, we will only pass on your personal data to third parties

• If you have given your express consent to this in accordance with Art. 6, para 1, s. 1, letter a GDPR,
• If there is a legal obligation in accordance with Art. 6, para 1, s. 1, letter c GDPR, and
• If the transfer is necessary in accordance with Art. 6 para. 1 s. 1 let. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-transfer of your data.

On our site, we use cookies. These are small files that are automatically generated by your browser and stored on your terminal (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your terminal and do not contain viruses, Trojan horses or other malicious software.

Cookies contain information that is updated in relation to the specific terminal used. However, this does not mean that we know your identity immediately.

The use of cookies serves, on the one hand, to present our offer in a more pleasant way for you. We use "session cookies" to recognise that you have already visited certain pages of our website or that you have already registered in your user account, or for the presentation of the shopping basket. These are automatically deleted when you leave our site.

In addition, we use temporary cookies to optimise user-friendliness, which are stored on your terminal for a certain period of time. When you visit our website again to use our services, it is automatically recognised that you have already been with us and what entries and settings you have made, so that you do not have to re-enter them.

In addition, we use cookies to statistically record the use of our website and to evaluate it for you in order to optimise our offer (see section 5). These cookies enable us to automatically recognise when you visit our website again that you have been with us before. They are automatically deleted after a period defined in each case.

For the purposes mentioned, the data processed by cookies is necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6, para. 1, s. 1, letter f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a warning appears each time a new cookie is inserted. However, if you disable cookies completely, you may not be able to use all the functions of our website.

The tracking and targeting measures listed below, which we use, are carried out on the basis of Art. 6, para. 1, s. 1, letter f GDPR.

With the tracking measures we use, we aim to ensure that our website is designed according to requirements and continuously optimised. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for you in order to optimise our offer.

Through the targeting measures used, we want to ensure that only advertisements that are oriented towards your actual or presumed interests are placed on your terminal.

These interests are to be considered legitimate in the sense of the above-mentioned provision.

The purposes of data processing and the categories of data are determined by the respective tracking and targeting tools.

In order to organize our websites as required and to continuously optimize them, we use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as

• Browser type / version,
• operating system used,
• referring URL (previously visited site),
• host name of the computer accessing the site (IP address),
• time of the server call,

are sent to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on its activities and to provide other services related to the use of the website and the Internet in order to carry out market research and to design these websites as required. In addition, this information may be passed on to third parties if required by law or if third parties process this data on our behalf. Your IP address will not be mixed with other Google data. IP addresses are anonymised so that they cannot be allocated (IP masking).

You can prevent the installation of cookies by configuring your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website correctly.

You can also prevent the recording of the data generated by the cookie about your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help.

In order to record the use of our website statistically and to optimise our offer, we also use Google Conversion Tracking. In this context, Google Adwords places a cookie (see figure 4) on your computer when you have arrived at our website via a Google ad.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client's website and the cookie has not yet expired, Google and the client can recognise that the user has clicked on the advertisement and has been directed to that page.

Each Adwords client receives another cookie. Cookies cannot be tracked across the websites of Adwords clients. The information collected by means of the conversion cookie is used to compile conversion statistics for Adwords clients who have opted for conversion tracking. Adwords clients are informed of the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they do not receive any personally identifiable information.

If you do not wish to participate in the tracking process, you can also refuse the insertion of a cookie - for example, by configuring the browser so that it generally disables the automatic insertion of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the "www.googleadservices.com" domain are blocked. You can find Google's data protection instructions for conversion tracking here.

We use Google Remarketing Tags. These are services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google uses cookies (see section 4) which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the USA. Google then deletes the last three characters of the IP address, so that an unambiguous assignment of the IP address is no longer possible. Google complies with the data protection provisions of the US Safe Harbor Agreement and is registered with the Safe Harbor Program of the US Department of Commerce. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Third-party providers, including Google, serve ads on websites. Third-party providers, including Google, use stored cookies to serve ads based on a user's previous visits to this website. Google will not associate your IP address with any other data held by Google. You may refuse the collection and storage of data at any time, with effect for the future. You can deactivate the use of cookies by Google by calling up the page to deactivate Google advertising.

However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can find further references to Google's provisions here.

In addition, we use on our site the analytics service of Crazy Egg Inc. (16220 E. Ridgeview Lane, La Mirada, CA 9063, USA). Crazy Egg is a tool for analysing user behaviour. By means of Crazy Egg, we can measure and evaluate the behaviour of visitors to our website (e.g. mouse movements in the form of "heatmaps", clicks, scroll height, etc.).

For this purpose, Crazy Egg uses cookies (see Section 4) on the terminals of visitors to the website, which enable data to be stored on them, such as information on the browser, operating system or duration of use, IP address, etc.

You can prevent this data processing by Crazy Egg by deactivating the use of cookies and deleting already active cookies in your browser settings. Another possibility to prevent data processing by Crazy Egg is to activate the "do-not-track" function in your browser. You can find the configuration method here.

For the selection of an offer that is currently interesting for you, we communicate the hash value of your e-mail address and your IP address to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) in a pseudonymised and encrypted manner (Art. 6, para. 1, f RGPD). The pseudonymised hash value of the e-mail address is used to take into account the possibility of an objection to advertising by Sovendus (Art. 21, para. 3, Art. 6, para. 1, c GDPR). The IP address is used by Sovendus exclusively for data security purposes and is anonymised as a rule after seven days (Art. 6, para. 1, f GDPR). In addition, we provide Sovendus with the order number, the order value with currency, the session ID, the coupon code and the time stamp for billing purposes in a pseudonymised manner (Art. 6 para. 1 f GDPR). If you are interested in a voucher offer from Sovendus, if your e-mail address does not contain an objection to advertising and you click on the voucher banner shown only in this case, we will communicate your greeting, name and e-mail address to Sovendus in encrypted form for the purpose of preparing the voucher (art. 6, para. 1, b, f RGPD). For further information about Sovendus' data processing, please refer to our online data protection information at https://www.sovendus.ch/datenschutz.

You have the right:

• In accordance with Art. 7, para. 3 GDPR, to withdraw your consent at any time. As a result, we will not be able to continue processing data based on this consent in the future;
• In accordance with Article 15 GDPR, to request information about the personal data we process. In particular, you may request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be communicated, the intended storage period, the existence of a right to rectification, erasure, to limitation of processing or opposition, the existence of a right of complaint, the source of your data, unless it has been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, relevant information concerning the details thereof;
• In accordance with Art. 16 GDPR, to immediately demand that your inaccurate or incomplete data be corrected or completed;
• according to Art. 17 GDPR, to demand the deletion of your data stored with us, unless the processing is necessary for the execution of the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• In accordance with Art. 18 GDPR, to demand the restriction of the processing of your data, insofar as you question their accuracy and the processing is unlawful, but you refuse their deletion, insofar as we do not need the data but you nevertheless use them to assert, exercise or defend legal claims, or insofar as you have objected to the processing in accordance with Art. 21 GDPR;
• In accordance with Art. 20 GDPR, to receive the personal data you have given us in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller; and
• In accordance with Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.

Insofar as your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as there are reasons relating to your particular situation or if the objection relates to direct advertising. In the latter case, you have a direct right of objection, which we exercise without specifying any particular situation.

If you wish to exercise your right of objection, simply send an e-mail to: fragen@linsenmax.ch

All data that you personally communicate is transmitted in encrypted form using the commonly used and secure TLS (Transport Layer Security) standard. TLS is a proven and secure standard, which also applies to the use of online banking, for example. You can recognise a secure TLS connection by the "s" at the end of the "http" (i.e. https://..) in the address column of your browser or by the key symbol in the upper part of your browser.

In addition, we use technical and organisational security measures to protect your data from accidental or intentional manipulation, total or partial loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

This data protection declaration is currently valid as of June 2018.

As a result of the development of our website and the related offers, or due to changes in legal or administrative regulations, it may be necessary to amend this data protection declaration. The current version of this declaration can be viewed at any time at https://www.linsenmax.ch/datenschutz and printed out.