Privacy policy

Musa Calma takes the protection of your personal data very seriously. In this privacy policy, we, Musa Calma GmbH (hereinafter also referred to as we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other documents may regulate specific matters. Personal data refers to all information relating to an identified or identifiable person

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). However, whether and to what extent these laws are applicable depends on the individual case.

Please note that this privacy policy may be subject to change from time to time. The current version published on our website applies. In the event of any ambiguities and/or contradictions between the German and English texts, only the German text shall prevail.

The data to be processed is stored in connection with the operation of the website. We have a legitimate interest in ensuring that our website is displayed as reliably as possible.

We host our website with World4You. The provider is World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria. Details of World4You’s privacy policy can be found at: https://www.world4you.com/unternehmen/datenschutzerklaerung. We have concluded an data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the applicable data protection laws.

All personal data collected via the website is processed in accordance with the applicable data protection legislation. We collect and process personal data carefully for the purposes described in this Privacy Policy. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data. The terms “processing” and “handling” are used synonymously. We collect and use your personal data only to the extent necessary to provide a functional website and our content and services.

We process your data in particular for the following purposes (in addition to those that we communicate to you separately):

• in connection with the establishment, administration and processing of our contractual relationships with our customers and business partners;
• to ensure our operations, in particular IT and our website;
• in connection with communication with you, in particular to answer inquiries and assert your rights and to contact you in the event of queries;
• for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalized advertising about our products and services. This may also take the form of newsletters or invitations to events;
• for market research, to improve our services and operations and for product development;
• to comply with laws, directives and recommendations from authorities and internal regulations (“compliance”);
• for the assertion of legal claims and defense in connection with legal disputes and official proceedings;
• for security purposes;
• for the purposes of our risk management and as part of prudent corporate governance, including business organization and corporate development;
• for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.

When you visit this website, access data is automatically stored in a log file, which your browser transmits to us in “Server Log Files”. The log files are stored for 14 days and then automatically deleted. Storage in log files and evaluation is carried out for the purpose of ensuring the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. Temporary storage of the IP address by the system is necessary to enable delivery of the website. If there is any suspicion of unlawful use of our website, we reserve the right to check this data retrospectively.

The purposes described above constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR (where applicable).

The following access data is collected:

• Information about the browser type and version used
• Operating system of the visitor
• Internet service provider of the visitor
• IP address of the visitor
• Date and time of access
• Websites from which your system accesses our website
• Subpages and functions that you call up
• Websites that are accessed by your system via our website

Your personal data will be transmitted and stored when you contact us electronically (e.g. via e-mail and contact form). Your data is processed solely for the purpose of processing and responding to your inquiry. Once the purpose has been achieved, the data will be deleted if it is assumed that the communication will no longer be continued. In this context, the data will not be passed on to third parties.

The legal basis for this data processing within the scope of the GDPR is our legitimate interest within the meaning of Art. 6 para. 1 lit. f in responding to your request or, if your request is aimed at the conclusion or execution of a contract (see Section 9), the execution of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.

Mandatory information Contact:

• Salutation
• First name
• Last name
• E-mail address
• Subject
• Message
• Country

Optional:

• Phone number
• Address (street, house number, zip code, town, country)

If you wish to purchase products (e.g. shower gel, herbal tea) or book services (e.g. courses, workshops) on the website, personal data is required for the purchase contract, which is transmitted and stored. You have the option of opening a customer account or ordering without a customer account. When registering/ordering with or without a customer account, the following mandatory information is required:

Mandatory information customer account and ordering of products:

• E-mail address
• password
• Customer type (private, company)
• First name
• Last name
• Billing address, delivery address (street, house number, postal code, city, country)
• Payment method

Optional:

• Company name
• Canton
• Phone number

The data is required for the purpose of fulfilling the purchase contract, payment, delivery and communication or within the scope of legal permissions and obligations. The legal basis for this data processing within the scope of the GDPR is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b

We also transfer your personal data to third parties, in particular to the following categories of recipients:

• Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility (e.g. payment processors, IT providers, etc.);
• Business partners such as suppliers, customers, marketing and project partners;
• Authorities in Switzerland and, where applicable, abroad: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests;
• Other persons: This refers to other cases where the involvement of third parties results from the processing purposes.

These recipients are not only located in Switzerland. Your data can therefore be processed both in Europe and, in exceptional cases, in the USA or in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Right to information:

You have the right to receive information about your stored personal data at any time.

Right to rectification:

You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction.

Right to erasure:

You may have the right to request that we delete your personal data.

Right to restriction of processing:

You have the right to request the restriction of the processing of personal data.

Right of objection:

You can object to data processing at any time, in particular for data processing in connection with direct advertising.

Right to data portability:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and, if necessary, to transmit those data to a third party.

Right of withdrawal:

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Right of appeal:

You have the right to lodge a complaint with the competent data protection authority:

Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1
3003 Bern
www.edoeb.admin.ch

If you wish to exercise the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; our contact details can be found in Section 2.

We typically use “Cookies” and similar technologies on our website to identify your browser or device. A Cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This enables us to recognize you when you return to this website, even if we do not know who you are. In addition to Cookies that are only used during a session and are deleted after your visit to the website (“Session Cookies”), Cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (“Permanent Cookies”). Depending on the purpose of these techniques, we may ask for your consent before using them. You can access your current settings via a button at the bottom left of the website. However, you can set your browser to reject Cookies, store them for one session only or otherwise delete them prematurely. Most browsers are preset to accept Cookies.

A distinction is made between the following Cookies (technologies with comparable functions such as fingerprinting are also included here):

• Necessary Cookies: Some Cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure that you can switch between pages without losing any information entered in a form. They also ensure that you remain logged in. These Cookies are only temporary (“Session Cookies”). If you block them, the website may not work. Other Cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, function for automatic log-in, etc.). These Cookies have an expiry date of up to 24 months.
• Advertising and targeting Cookies: We also use additional Cookies to understand how you use our offers and to be able to present you with further advertising offers that may be of interest to you.

We currently use offers from the following service providers in particular:

• Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both “Google”). Google uses performance Cookies (see above) to track the behavior of visitors to our website (duration, frequency of pages accessed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before being forwarded to the USA and therefore cannot be traced. We have switched off the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. You can find information on Google Analytics data protection here [https://support.google.com/analytics/answer/6004245] and if you have a Google account, you can find further information on processing by Google here [https://policies.google.com/technologies/partner-sites?hl=de].
• Google Ads Conversion and Remarketing: We use the Google Ads Conversion service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers with the help of advertising material (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. Our aim is to show you advertising that is of interest to you, to make our websites more interesting for you and to achieve a fair calculation of advertising costs. These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server Cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our websites via a Google ad, Google Ads will store a Cookie on your end device. These Cookies generally lose their validity after 30 days and are not intended to identify you personally. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can recognize which of the advertising measures used are effective.
• We also use Google Ads remarketing. With the remarketing function, we can present users of our websites with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites). For this purpose, the interaction of users on our websites is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our websites.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

We may also integrate other third-party offers on our website, in particular plug-ins from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the relevant providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online services. These social media providers process this data on their own responsibility.