UE Privacy Policy

UE Privacy Policy

PRIVACY POLICY

 

GREZLAK.CH

 

Privacy Policy version 1.0 effective as of 01.12.2025 r

 

  • 1 GENERAL INFORMATION

 

  1. The Privacy Policy of the Online Store is not a source of obligations for the Visitors and Customers of the Online Store. It is for informational purposes and is not a contract or terms and conditions.

 

  1. All expressions and words written with a capital letter (e.g., Online Store, Customer, etc.) shall be understood in accordance with the Terms and Conditions of the Online Store.

 

  1. In the event of any discrepancy between this Privacy Policy and the consents given by an individual for the processing of personal data, the legal basis for determining the scope of the Data Controller’s activities shall be the voluntarily given consents or the provisions of law that apply to the factual situation.
  • 2 PERSONAL DATA CONTROLLER

 

  1. The Data Controller of your personal data is : Grezlak GmbH with its registered office in Basel at Grezlak Gmbh, Postfach, 4002, Basel-Stadt, Switzerland, registered in the Handelsregister maintained by the Canton of Basel-Stadt under UID no: CHE-175.523.239, CH-ID: CH-270-4007540-2 and FRC-ID 1488123 (hereinafter: Data Controller).

 

  1. For all data protection issues, we encourage you to contact us at the above address or via email address: info@grezlak.ch.

 

  1. You can also send a request to the indicated address for access to information about what personal data we have about you and for what purposes we process it. 

 

  1. The Data Controller informs that it stores correspondence for statistical purposes and for the purpose of improving the support system in the scope of GDPR, as well as for the resolution of complaints and possible decisions on administrative interventions made on the basis of notifications in the indicated Customer Account. Addresses and data thus collected will not be used for communication for any purpose other than the execution of the request, in particular, they will not be used for marketing purposes and transferred to third parties.

 

  1. When contacting the Data Controller to perform a specific action (e.g., filing a complaint, making a return), the Data Controller may again ask the person to provide data, including personal data, e.g., in the form of name, surname, home address, e-mail address, in order to confirm his/her identity and enable the person to be contacted back on the matter and perform the requested action. Provision of such data is not mandatory, but may be necessary to perform an action or obtain information of interest to the person.

 

  1. If you have given additional consent for us to use cookies, our trusted partners may also be the controllers of the data obtained from your online activity. 
  • 3 DATA ACQUISITION AND PURPOSE OF DATA PROCESSING

 

  1. We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, (hereinafter: GDPR) and other data protection laws currently in force at the time of processing certain data.

 

  1. According to the wording of the legislation indicated, personal data is considered information about an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an Internet identifier or one or more specific factors that determine the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

 

  1. We ensure that the data we obtain from you is confidential, secure and processed only when necessary. We process data in accordance with the law, in a fair and transparent manner for the data subject. We process only such data and only with such content that is necessary due to the legitimate purpose, i.e. the reason for processing. Personal data is collected with due diligence and adequately protected against access by unauthorized persons. We use appropriate and adequate security measures and state of the art technology to protect personal data from accidental loss and unauthorized access, use, alteration, or disclosure. We store personal data in a manner that allows identification of the data subject for no longer than is necessary for the purposes for which the data are processed.

 

  1. The Data Controller obtains information about personal data in the following ways:
  1. By making a purchase in the Store (online store) by the Customer;
  2. By registering a Customer Account;
  3. By voluntary subscription to the Newsletter service;
  4. by voluntarily entering information in an email or contact form;
  5. by sending a complaint, application, inquiry or letter of any other nature;
  6. by voluntarily entering information in an e-mail sent in connection with the desire to establish cooperation;
  7. through cookies, pixels or similar Internet technologies.

 

  1. Please be advised that the purpose and scope of the data processed by the Data Controller derives from the consent of the Website Visitor or Customer or the law, and in selected cases is further specified as a result of actions taken by such persons on the Online Store or through other communication channels.

 

  1. Provision of personal data by a Visitor or Customer of the Online Store is voluntary, but necessary in order to use certain functionalities of the Online Store (e.g., placing an Order by a Customer and its settlement, registering a Customer Account or using contact forms). 

 

  1. In each case, the scope of data required to conclude the relevant contract is indicated in advance in the Online Store (we mark the data required to conclude a contract/use a specific functionality), within other channels of communication with the Visitor or Customer, or in the Terms and Conditions. The consequence of not providing personal data may be the inability to effectively use the functionality of the Website, such as the inability to place an order. 

 

  1. Your personal data is obtained by the Data Controller for the following purpose:

 

Purpose of processing

Legal basis

Legally legitimate purpose, if any

Keeping statistics.

Article 6(1)(f) GDPR.

To have information about the statistics of our operations, which allows us to improve our business operations.

Conducting marketing of its own products and services without the use of electronic communications.

Article 6(1)(f) GDPR.

Conducting marketing activities to promote the business.

Conducting marketing of its own products and services using electronic communications, including profiling. 

Article 6(1)(f) of the GDPR, with these activities conducted only on the basis of consents held (Article 6(1)(a) of the GDPR). 

Conduct marketing activities to promote the business using e-mail addresses. Presenting advertisements, customizing discounts and promotions.

Handling requests directed using the contact form, emails, complaints, other requests.

Article 6(1)(a) of the GDPR;

Article 6(1)(c) GDPR.

Responding to requests and inquiries made using the contact form or in any other form, including storing sensitive requests and answers provided to maintain accountability. Handling requests, responding to consumer complaints. Investigation of claims, including from third parties, defense by them.

Customer Account Maintenance.

Article 6(1)(b) GDPR.

Conclusion and execution of the Service Agreement (Account) or taking action at the request of a future Customer prior to its conclusion.

Conclusion and execution of the Sales Agreement.

Article 6(1)(b) GDPR.

To conclude and execute the Sales Agreement or to take action at the request of the prospective Customer prior to its conclusion.

Archiving of sales documents.

Article 6(1)(c) GDPR.

Fulfillment of legal obligations under regulations, such as tax and accounting, especially in the case of paid contracts.

 

  1. In the case of an adult Customer or an adult Website Visitor, with his/her additional consent, Personal Data may also be processed for the purpose of presenting, creating, granting, and executing advertisements, offers, or promotions (discounts) dedicated to a given Customer regarding the products or services of the Data Controller and its partners, to the extent possible, tailored to the Customer’s preferences (profiling), as a result of automated decision-making, capable of producing legal effects towards him/her or significantly affecting him/her in a similar manner, e.g. by dedicating exclusively to such a person a short-term discount on a specific product he/she has recently browsed in our Online Store (option not available to persons who are not of age or who are of age but have not given their consent to such action).

 

  1. Newsletter. If you wish to subscribe to our newsletter, it is mandatory that you provide us with your email address via the newsletter subscription form. Providing data is voluntary, but necessary to use the newsletter service. Subscribing to the newsletter is also possible at the stage of creating a Customer Account.

The data provided to us when signing up for the newsletter is used for the purpose of sending the newsletter, in which we inform you about the company’s activities, current collection, promotions and discounts. The legal basis for processing in this situation is your voluntary consent given when signing up for the newsletter.

Your data is processed in this case for the purpose of sending the newsletter periodically, and the basis for processing is Article 6(1)(a) of the DPA, i.e. your consent resulting from your desire to receive the service. 

The data will be processed for the duration of the newsletter, unless you opt out earlier, which will permanently delete your data from the database. In addition, you can correct your data stored in the newsletter database at any time, as well as request its deletion by opting out of receiving the newsletter. You also have the right to data portability, contained in Article 20 of the GDPR.

The newsletter database is properly secured by the Data Controller. The newsletter as a database is handled through an external entity. The e-mails sent include links to hidden images (the so-called tracking pixel). In addition to its primary function of counting email opens, it is also optionally used to identify the Client and conduct marketing activities.

 

  1. Email contact, contact form. When you contact us via e-mail or contact form, you provide us with your e-mail address as the address of the sender of the message. In addition, you may also include other personal information in the body of the message. Providing data is voluntary, but necessary to contact us.

Your data is processed in this case for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from your desire to contact us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) GDPR).

The content of the correspondence may be subject to archiving and we are not able to clearly determine when it will be deleted however, it will be a period of no more than 5 years. You have the right to request the history of the correspondence you have had with us (if it was subject to archiving), as well as to request its deletion, unless its archiving is justified due to our overriding interests.

 

  1. Customer Account. When you create a Customer Account on our Website, you provide us with your email address, first name and last name. This is voluntary, but necessary in order to successfully register a Customer Account. Then, in the Customer Panel, you can also provide your address data. Your data in this case is processed for the purpose of maintaining a Customer Account, and the basis for processing is Article 6(1)(b) of the GDPR.Your data will be processed for the duration of your Customer Account, unless you request its deletion beforehand, which will remove your data from the database. You can correct your data assigned to your Customer Account at any time, as well as request its deletion. You also have the right to data portability, contained in Article 20 of the GDPR. As part of setting up a Customer Account, you may – but are not required to – agree to subscribe to the newsletter service.
  • 4 CATEGORIES OF PERSONAL DATA

 

  1. The controller may process the following categories of personal data:
  1. personal data provided in the form when registering a Customer Account, placing Orders in the Online Store, in particular: e-mail address, name and surname, telephone number;
  2. Personal data completed by the user when using the Customer Account, in particular: first and last name; e-mail address; address of residence [street, house number, apartment number, postal code, city, country], and in the case of non-consumer Customers, additionally company name and tax identification number;
  3. Personal data necessary to place an order, in particular: name and surname; e-mail address; contact telephone number; address of residence [street, house number, apartment number, postal code, city, country], and in the case of Customers who are not consumers, additionally company name and tax identification number;
  4. personal data provided for the use of the newsletter, provided when using the contact form and sent via e-mail; or provided when filing complaints, complaints or requests, in particular: name and surname; e-mail address; contact telephone number; address [street, house number, apartment number, postal code, city, country], bank account number;
  5. Personal data provided for the purpose of participating in contests/promotional events: name and surname; e-mail address; contact telephone number; address of residence [street, house number, apartment number, postal code, city, country];
  6. other data, in particular, obtained based on the Customer’s activity on the Internet, including those obtained through the Online Store or other channels of communication with the Customer, using cookies and similar technologies. 
  • 5 RECIPIENTS OF PERSONAL DATA

 

  1. Your personal data may be processed by our partners and subcontractors, i.e. entities we use to process your data and provide services to you. To the best of our knowledge, all entities to whom we entrust the processing of personal data guarantee the application of appropriate protection and security measures personal data required by law.

 

  1. Your personal data may be transferred by the Data Controller:
  1. to state authorities or other entities authorized under the law, in order to perform the obligations incumbent on us;
  2. The Data Controller’s partners may be involved in the processing of personal data to a limited extent, in particular, those who technically help to run the Online Store efficiently (e.g., support us in sending e-mails and, in the case of advertising activities, also in marketing campaigns), providers of hosting or ICT services, carriers or intermediaries who deliver shipments of Orders, entities that process electronic payments or payment card payments in the Online Store, companies that service software, support the Data Controller in marketing campaigns, as well as providers of legal and consulting services and external accounting;
  3. In addition, we may share fully anonymized data (data that cannot identify you) with entities with whom we work. 

 

  1. As part of its marketing (advertising) activities, the Data Controller uses the services of third parties that use cookies, pixels or marketing functions similar to cookies on the Online Store. The catalog of these entities is indicated in detail in § 8 of this Policy.
  • 6 ARCHIVING OF PERSONAL DATA

 

  1. The Data Controller will retain your personal information only for as long as necessary for the purposes set forth in this Privacy Policy and/or to comply with legal and regulatory requirements. After this period, the Data Controller will securely delete your personal information. 

 

  1. We retain the data for the periods indicated below:

 

Data related to the sales procedure.

10 years

Data for marketing purposes.

In the case of data processing based on consent – until it is withdrawn.

In the case of data processing on the basis of a legitimate purpose – until you object.

Data submitted using the contact form 

For a period of 3 years to maintain accountability.

Personal data related to cookies and similar functions.

Until the deletion of these files using the settings of the website / browser / device (while deletion of files is not always the same as deletion of Personal Data obtained through these files – in which case Personal Data will be deleted until you object). 

Data provided in the course of complaint and other procedures related to customer claims.

5 years or for a shorter period if the statute of limitations for claims under the law applicable to the Sales Contract is shorter 

The remaining category of data (with the exception of data from cookies, about which more in our Cookies Policy).

5 years.
  1. In any case, personal data will also be stored if the law (e.g., accounting or tax law) obliges the Data Controller to process them; we will keep personal data longer in case the Customer has any claims against the Data Controller, for the Data Controller to assert claims, or for the Data Controller to assert or defend against third-party claims, for the period of limitation prescribed by law, in particular the Civil Code.

 

  1. Thus, depending on the scope of personal data and the purposes for which they are processed, they may be kept for different periods. In each case, the longer term of storage of personal data is decisive.
  • 7 ENTITLEMENTS, ACCESSING AND UPDATING PERSONAL DATA, COMPLAINTS

 

Pursuant to Article 15 of the GDPR, you have the right to obtain information from the Data Controller as to whether your personal data is being processed.

 

If the Data Controller processes  your personal data, then you have the right to:

  1. access to personal data;
  2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the GDPR and your right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
  3. obtain a copy of your personal data.

 

In addition, you can request that your personal data be corrected (Article 16 of the GDPR), have your personal data deleted (Article 17 of the GDPR), object to the processing of your personal data (Article 21 of the GDPR), and, where technically feasible, request that the personal data provided be transferred to another organization (Article 20 of the GDPR).

 

In connection with the right to be forgotten, the Data Controller will update or delete your data, unless it has a legal obligation to retain it for business purposes or to comply with the law. In some cases, you have the right to request a restriction on the processing of your personal data (Article 18 of the DPA). You may also contact the Data Controller if you have concerns about the collection, storage or use of your personal data. 

 

The Data Controller shall endeavor to promptly consider all requests regarding the aforementioned operations on your personal data, but no later than within 30 days of receiving the request. Due to the complex nature of the request, the Data Controller has the right to consider your requests in excess of 30 days, of which it will inform you in advance.

 

The controller aims to handle complaints conclusively, but if you are still dissatisfied with the response you receive, you can file a complaint with the data protection supervisory authority of your local data protection authority. In Poland, the supervisory authority under the GDPR is the President of the Office for Personal Data Protection.

  • 8 PROCESSING OF PERSONAL DATA BY AUTOMATED MEANS,
    COOKIES POLICY

 

  1. Our Web Site, like almost all other Web sites, uses cookies, or “cookies”. The cookie policy applies to both Customers of the Online Store and Visitors to the Online Store, i.e. users who browse the contents of the Store but do not make purchases. 
  2. The Cookie Policy is a document that is an integral part of this Privacy Policy. The contents of the Cookie Policy can be found here https://grezlak.ch/privacy-policy/.
  3. The Website also uses functionality similar to cookies. Accordingly, the individual provisions of the Cookie Policy should also be referred to these technologies accordingly. 
  4. Selected cookies process your personal data. The processing of personal data from cookies or similar technologies on our Website is carried out for the purposes of ensuring the functioning of the Website, customizing the Website to the Visitor’s and Customer’s preferences, or analytical purposes. The processing is carried out on the basis of our legitimate interest. The legal basis for the processing of personal data for advertising purposes will be your additional consent, expressed by making a selection and checking the checkbox during the cookie consent process. 
  5. When a Visitor uses the Online Store, cookies are used to identify his/her browser or device – cookies collect various types of information, which, as a rule, do not constitute personal data. However, some information, depending on its content and use, may be associated with a specific person – attributing certain behaviors to a specific Visitor or Customer, e.g. by linking them to the data provided when registering an Account on the Online Store, or a specific e-mail address – and thus be considered personal data. 
  6. In relation to information collected by cookies that can be linked to a specific person, the provisions of the Privacy Policy of the Online Store relating to personal data, in particular those relating to the rights of the data subject, shall apply.
  7. The Website uses profiling. Thanks to the cookies used on the Web Shop, it is possible for the Data Controller to learn about the preferences of the Visitor/Customer – for example, by analyzing how often they visit the Web Shop and whether and what products they buy. Analyzing online behavior helps to better understand the habits and expectations of Customers and Visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests and to prepare better promotions and surprises for adult Visitors who have agreed to do so.
  • 9 PRIVACY POLICY CHANGES
  1. This Privacy Policy 1.0. is effective as of 01.12.2025 r. 
  2. The Data Controller declares that he has the right to make changes to this document for important reasons, among others:
  1. changes in applicable laws, in particular in the field of GDPR, electronic communications law, electronically provided services and regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;
  2. developments in functionality or electronic services caused by advances in Internet technology, including the implementation of new IT, technological or technical solutions on the Website, affecting the scope of this Privacy Policy.

 

  1. The Data Controller undertakes to inform Users of any changes in good time, allowing them to familiarize themselves with the content of the amended document, e.g. by posting the consolidated text of the Privacy Policy on the homepage of the Website. 

 

  1. In the case of users using the newsletter function, if the Data Controller makes substantial changes to the content of the Privacy Policy, then the Data Controller will inform the Users of such changes via e-mail. In case of any objections to the change of the Policy, the user has the right to stop using the newsletter by sending a request to unsubscribe from the newsletter or by requesting the deletion of his/her personal data.  






SEASONAL SELECTION

MEN'S WEAR

[fme_lwp_display_login_form]

or login with

Register

SEASONAL SELECTION

MEN'S WEAR

E-mail Us

E-mail Us

SEASONAL SELECTION

MEN'S WEAR

[fme_lwp_display_login_form]
FIRST NAME*
LAST NAME*
EMAIL*
Password*
Password 2*