Privacy Policy
Privacy Policy
Table of contents
1. What is this privacy policy about?
Grezlak GmbH (hereinafter also referred to as “we”, “us”) obtains and processes personal data concerning you or other persons (so-called “third parties”). We use the term “data” here synonymously with “personal data” or “personal information”. In this Privacy Policy, we describe what we do with your data when you use grezlak.ch and Grezlak.cn, other websites of ours or our apps (hereinafter collectively referred to as “Website”), purchase our services or products, are otherwise in contact with us under a contract, communicate with us or otherwise deal with us. Where appropriate, we will provide you with timely written notice of additional processing activities not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, e.g. in declarations of consent, contractual terms, additional data protection declarations, forms and notices. This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Data Protection Act (“DPA”). However, whether and to what extent these laws are applicable depends on the individual case.
2. Who is responsible for processing your data?
For the data processing activities of Grezlak GmbH described in this privacy policy
Grezlak GmbH, Antoni Grzelak, Basel (the “Grezlak GmbH”), is responsible under data protection law, unless otherwise communicated in individual cases.
You can contact us as follows for your data protection concerns and to exercise your rights in accordance with section 11:
Grezlak GmbH
Antoni Grzelak
Röschenzerstrasse 7
4053 Basel
Switzerland
antoni.grzelak@grezlak.ch
3. What data do we process?
We process various categories of data about you. The main categories are as follows:
Technical data
When you use our website or other electronic services, we collect the IP address of your end device and other technical data to ensure the functionality and security of these services. This data also includes logs in which the use of our systems is recorded. We generally store technical data for 6 months. To ensure the functionality of these offers, we can also assign you or your end device an individual code. The technical data itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, it may be linked to other categories of data (and thus possibly to your person).
Registration data
Certain offers and services can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data on the use of the offer or service. We generally retain registration data for 12 months after the end of the use of the service or the termination of the user account.
Communication data
If you contact us via the contact form, by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an identity document). We generally store this data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. E-mails in personal mailboxes and written correspondence are generally stored for at least 10 years.
Registration data
Certain offers and services can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data on the use of the offer or service. We generally retain registration data for 12 months after the end of the use of the service or the termination of the user account.
Communication data
If you contact us via the contact form, by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an identity document). We generally store this data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. E-mails in personal mailboxes and written correspondence are generally stored for at least 10 years.
Master data
We define master data as the basic data that we require in addition to the contractual data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, e.g. about your role and function, your bank details, your date of birth or customer history. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising). We receive master data from you yourself (e.g. when you make a purchase or register), from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, etc.). As a rule, we store this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. In the case of pure marketing and advertising contacts, the period is normally much shorter, usually no more than 2 years from the last contact.
Contract data
This is data that arises in connection with the conclusion or processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions. We generally collect this data from you, from contractual partners and from third parties involved in the execution of the contract, but also from third-party sources (e.g. providers of credit rating data) and from publicly accessible sources. As a rule, we store this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons.
You provide us with much of the data mentioned in this section 3 yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases. If you wish to conclude contracts with us or make use of services, you must also provide us with data as part of your contractual obligation under the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable.
Insofar as this is not inadmissible, we also take data from publicly accessible sources or receive data from authorities and other third parties.
4. For what purposes do we process your data?
We process your data for the purposes explained below. These purposes and the underlying objectives represent legitimate interests of us and, where applicable, of third parties.
We process your data for purposes related to communication with you, in particular to respond to inquiries and assert your rights and to contact you in the event of queries. In particular, we use communication data and master data for this purpose and, in connection with offers and services used by you, also registration data. We retain this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up questions.
We also process data for purposes such as entering into, managing and processing contractual relationships, for marketing purposes and relationship management, for market research, to improve our services and operations, for product development, to comply with laws, directives and recommendations from authorities and internal regulations (compliance) and for other purposes, e.g. as part of our internal processes and administration.
5. On what basis do we process your data?
If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with effect for the future by sending us written notification (by post) or, unless otherwise stated or agreed, by e-mail; you will find our contact details in Section 2. For the revocation of your consent in the case of online tracking, see Section 12. If you have a user account, revocation or contact with us can also be carried out via the website or other service in question. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the body you represent) or that we or third parties have a legitimate interest in it, in particular in order to pursue the purposes and associated objectives described above under Section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, insofar as this is not already recognized as a legal basis by the applicable data protection law.
In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.
6. What applies to profiling and automated individual decisions?
We may automatically evaluate certain of your personal characteristics for the purposes stated in Section 4 using your data (Section 3) (“profiling”) if we want to determine preference data, but also to determine abuse and security risks, carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics.
In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences or significant disadvantages for you, we always provide for a manual review.
7. To whom do we disclose your data?
In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in Section 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:
Service provider
We work with service providers in Germany and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility.
Authorities
We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests.
Contractual partners including customers
This initially refers to customers (e.g. service recipients) and other contractual partners of ours, because this data transfer arises from these contracts. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. The recipients also include contractual partners with whom we cooperate.
Other persons
This refers to other cases where the involvement of third parties arises from the purposes set out in section 4.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
8. Will your personal data also be sent abroad?
As explained in section 7, we also disclose data to other bodies. These are not only located in Switzerland. Your data can therefore be processed both in Europe and in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.
Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.
9. How long do we process your data?
We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or if storage is technically necessary. Further information on the respective storage and processing periods can be found for the individual data categories in section 3 or for the cookie categories in section 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.
10. How do we protect your data?
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.
11. What rights do you have?
To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:
– The right to request information from us as to whether and which of your data we process;
– the right to have us correct data if it is incorrect;
– the right to request the deletion of data;
– the right to obtain from us the personal data concerning you in a commonly used electronic format or to transmit those data to another controller;
– the right to withdraw consent where our processing is based on your consent;
– the right to receive, on request, further information necessary for the exercise of these rights;
– the right to express your point of view on automated individual decisions (point 6) and to request that the decision be reviewed by a natural person.
If you wish to exercise the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; our contact details can be found in Section 2. In order to rule out misuse, we must identify you (e.g. with a copy of your ID, unless otherwise possible).
Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or data protection, please let us know (Section 2). In particular, if you are located in the EEA, the United Kingdom or Switzerland, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de. You can contact the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can contact the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.
12. Do we use online tracking and online advertising techniques?
We use various technologies on our website with which we and third parties engaged by us can recognize you when you use our website and, under certain circumstances, track you over several visits. We will inform you about this in this section.
In essence, we want to be able to distinguish between access by you (via your system) and access by other users so that we can ensure the functionality of the website and carry out evaluations and personalization. We do not want to draw conclusions about your identity, even if we can, insofar as we or third parties engaged by us can identify you by combining this with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognized as an individual visitor each time you visit the site, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called “cookie”).
We use such technologies on our website and allow certain third parties to do the same. You can program your browser to block or deceive certain cookies or alternative technologies or to delete existing cookies. You can also add software to your browser that blocks tracking by certain third parties. Further information on this can be found on the help pages of your browser (usually under the keyword “data protection”) or on the websites of the third parties listed below.
A distinction is made between the following cookies (technologies with comparable functions such as fingerprinting are also included here):
Necessary cookies
Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure that you can switch between pages without losing any information entered in a form. They also ensure that you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the function for automatic log-in, etc.). These cookies have an expiry date of up to 24 months.
Performance cookies
In order to optimize our website and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyze the use of our website, possibly even beyond the session. We do this by using third-party analysis services. We have listed these below. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
Marketing cookies
We and our advertising contract partners have an interest in targeting advertising precisely, i.e. only displaying it to those we want to address. We have listed our advertising contract partners below. For this purpose, we and our advertising contract partners – if you consent – also use cookies with which the content accessed or contracts concluded can be recorded. This enables us and our advertising contract partners to display advertising that we can assume is of interest to you on our website, but also on other websites that display advertising from us or our advertising contract partners. Depending on the situation, these cookies expire after a few days or up to 12 months. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.
In addition to marketing cookies, we use other techniques to control online advertising on other websites and thereby reduce wastage. For example, we may transmit the email addresses of our users, customers and other persons to whom we wish to display advertising to operators of advertising platforms (e.g. social media). If these people are registered there with the same email address (which the advertising platforms determine by means of a comparison), the operators will display the advertising we have placed to these people in a targeted manner. The operators do not receive personal email addresses of people who are not already known. In the case of known e-mail addresses, however, they learn that these people are in contact with us and what content they have accessed.
We may also integrate other third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the relevant providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online services. These social media providers process this data on their own responsibility.
We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set by you for advertising purposes):
Our website uses social plug-ins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options to protect your privacy can be found in Instagram’s data protection information: https://help.instagram.com/155833707900388/. If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plug-ins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognize these by the Facebook logo or the “Like” button on our site. You can find an overview of possible Facebook plugins at the following link: http://developers.facebook.com/docs/plugins/. These Facebook plugins (Like button) establish a direct connection between your browser and the Facebook server when you visit our website. Through your visit, Facebook receives information that you have visited our pages with your IP address. If you click on the Facebook “Like” button on our pages while you are logged into your Facebook account at the same time, the content of our pages will be linked to your Facebook profile. As a result, Facebook can assign your visit to our site to your user account. We, as the service provider, would like to point out that we, as the website provider, have no knowledge of the content of the transmitted data or its use by Facebook. We therefore refer you to the following link to obtain further information regarding Facebook’s privacy policy: http://de-de.facebook.com/policy.php. If you do not want Facebook to associate your visit to our website with your Facebook user account, we ask you to log out of your Facebook user account when you visit our website.
YouTube
Our Internet pages contain at least one plug-in from YouTube, belonging to Google Inc, located at LLC 901 Cherry Ave. San Bruno, CA 94066 USA. As soon as you visit a page on our website equipped with a YouTube plug-in, a connection to the YouTube servers is established. This tells the YouTube server which specific page of our website you have visited. If you are also logged into your YouTube account, you would enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this possibility of assignment by logging out of your account beforehand. Further information on the collection and use of your data by YouTube can be found in the privacy policy at http://www.youtube.com/t/privacy.
Google Ireland
(based in Ireland) is the provider of the “Google Analytics” service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both “Google”). Google uses performance cookies (see above) to track the behavior of visitors to our website (duration, frequency of pages accessed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before being forwarded to the USA and therefore cannot be traced. We have switched off the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. You can find information on Google Analytics data protection here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further information on processing by Google here [https://policies.google.com/technologies/partner-sites?hl=de].
Google AdSense
Our website uses Google AdSense, a service for integrating advertisements from Google Inc (“Google”). Google AdSense uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. In addition, Google AdSense also uses web beacons (invisible graphics). Based on the web beacons, information such as visitor traffic on websites can be analyzed. Cookies and web beacons are used to generate information about the use of our website, including your IP address. The delivery of advertising formats is then transmitted to a Google server in the USA and stored there, as with Google Analytics. The stored information can then be passed on by Google to its contractual partners. However, the information collected by Google about your IP address will not be merged with other data stored by you. If it is not in your interest for this information to be collected based on your visit to our website, you can prevent the storage or installation of cookies by selecting the appropriate settings in your browser software. At the same time, we would like to inform you that in this case you will not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
TikTok
Plugins from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, IRELAND are integrated on our pages. The purpose and scope of the data collection and the further processing and use of the data by TikTok as well as your rights in this regard and setting options to protect your privacy can be found in TikTok’s data protection information: https://www.tiktok.com/legal/page/eea/privacy-policy/de.
Tumblr
This website uses plugins from the Tumblr service. These buttons are provided by Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA. They are recognizable by the term “Tumblr”. With the help of the buttons it is possible to share a post or page of this offer on Tumblr or to follow the provider on Tumblr. When a user accesses a web page of this website that contains such a button, their browser establishes a direct connection to the Tumblr servers. The content of the Tumblr button is transmitted by Tumblr directly to the user’s browser. The provider therefore has no influence on the scope of the data that Tumblr collects with the help of this plugin and informs users according to its level of knowledge. According to this, only the user’s IP address and the URL of the respective website are transmitted when the button is accessed, but are not used for purposes other than displaying the button. Further information on this can be found in Tumblr’s privacy policy at http://www.tumblr.com/policy/de/privacy.
Plug-ins of the short message network Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA are integrated on our website. You can recognize the Twitter plug-ins (Tweet button) by the Twitter logo on our site. You can find an overview of the Tweet button at https://dev.twitter.com/. When you visit a page on our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the “Tweet button” while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter’s privacy policy. If you do not want Twitter to be able to assign your visit to our pages, please log out of your Twitter user account.
13. Can this privacy policy be amended?
This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.
Last update: 17.02.2025
