SWISS Shop privacy notice


Who is the controller?

Miles & More GmbH ("MMG") would like to inform you in the following about how your personal data is processed within the context of our offerings. You can gain direct access to these offerings via www.swiss-shop.com ("website"). Full details about the company can be found under "Imprint" on www.swiss-shop.com.

Who can I contact?

The Lufthansa Group Data Protection Officer is also the MMG Data Protection Officer. If you have any questions about data protection, please contact Dr. Barbara Kirchberg-Lennartz (e.g. by mail: Group Data Protection Officer, FRA CY, 60546 Frankfurt/Main, Germany, or via email: 027021059029047057025035061059071000027043035001027029).

If you contact us via email the communication will be unencrypted.

Why do we process your data (purpose of the processing) and on what legal foundation?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and the Swiss Federal Law of Data Protection (DSG).

We process personal data to fulfil our contractual obligations as per Article 6 Paragraph 1 Subparagraph 1(b) GDPR. This includes in particular:

  • Creating and managing a customer account
  • Concluding the purchase contract
  • Executing the purchase contract (sending order confirmations, delivery notifications, handling the logistics process)
  • Terminating the purchase contract
  • Processing returns
  • Handling claims
  • Processing complaints

We also process your data to protect our legitimate interests as per Article 6 Paragraph 1 Subparagraph 1(f) GDPR

  • for the purpose of preventing fraud e.g. credit card misuse, identity theft, obtaining special conditions or rates via devious means
  • for asserting legal claims including debt collection and the defence of legal disputes
  • for auditing purposes
  • for marketing, provided that you have not objected to the use of your data.

Based on your consent, we process your data in accordance with Article 6 Paragraph 1 Subparagraph 1(a) GDPR for specific purposes, in particular:

  • Sending the newsletter with regular SWISS Shop offers
  • Sending the catalogue
  • Processing your enquiry via the contact form
  • Supporting operations on the website with reminder functions
  • Performing analyses to optimise our offering for you.

You can withdraw your consent at any time. This also applies to the withdrawal of declarations of consent issued to us before the GDPR came into force (i.e. before 25 May 2018). The withdrawal of consent is only effective for the future and shall not affect the lawfulness of data processed up to the point of withdrawal. For further information, please see the "How can you withdraw your consent?" section.

What data do we process when you visit our website?

You can use our website without directly providing any personal data (such as your name, postal address or email address). In this case we also have to collect and store specific information so that you can access our website.

We use certain analytical methods on our website and these are explained below.

1.1 Logfiles

When you visit our website, our internet server automatically records the domain name or IP address of the requesting computer, as well as the date and time of access, client file request (file name and URL), HTTP response code, browser type, the website from which you are visiting and the number of bytes transferred in the course of the connection. These data are deleted as soon as you end your visit to our website. For legal purposes - particularly detecting misuse and identifying and resolving technical malfunctions - we save the logfiles from your web server and application server, including your IP address, for 90 days.

1.2 Cookies / Web Beacons

Like many well-known companies, we use so-called cookies and web beacons to design our offering in the most user friendly way possible.

"Cookies" are small text files that a web server (e.g. the web server on www.swiss-shop.com) sends to your browser when you visit a website. So-called "session cookies" expire at the end of the browser session and can record your activities during this session. In contrast, "permanent cookies" are also stored on your end device between different browser sessions and can record your settings or activities on several websites.

As well as so-called "session cookies", which are deleted when you end your browser session, we use permanent cookies for the purpose of conducting web analysis with etracker. These cookies are stored until they are deleted by the user.

Depending on your browser settings, the cookie file will either be saved or rejected. If the file is saved, our web server can recognise your end device. During subsequent visits to the website, and when switching between functions that require entering a password, the cookie reduces the amount of the information you need to input. Cookies thus simplify the use of websites that require user input. Cookies can also help us to offer you an individualised and relevant surfing experience if you grant your consent to this.

Regardless of any cookies that might have been saved, for security reasons you will have to log in again each time you access areas requiring registration. You will also need to input your password before redeeming miles.

No personal data is saved in the cookies we use. Only one identification number is assigned to these cookies and we shall not combine this with other existing data (e.g. provided during registration) without your consent. You can configure your browser in such a way that it can receive our cookies or you can use our website without the cookie functionality. However, in the latter case the text you input in form fields cannot be saved for further queries and you will have to input the data again the next time you visit our website. Furthermore, in this case we will unfortunately not be able to present you with personally tailored content.

Your browser may already be configured in such a way that a warning message is displayed each time it receives a cookie. This notification can be very disruptive, as the identification cookie must be resent every time you access each individual page on our website. We therefore recommend that you configure your browser so that cookies from www.swiss-shop.com are always accepted. You can specify this setting for individual websites.

Further information on the use of cookies and how you can deactivate them can be found under meine-cookies.org or youronlinechoices.com.

Web beacons are small graphic files (also described as "pixel tags" or "clear GIFs"), which may be contained in our websites, applications and newsletters. They are generally set in conjunction with cookies to identify users and user behaviour. The preceding statements about cookies apply accordingly to web beacons. In particular, web beacons will not be used if you have objected to the use of the corresponding cookie.

1.3 Web analysis with etracker

We use services from etracker GmbH (Hamburg, Germany) on our website to analyse usage data (www.etracker.com). Cookies make it possible to perform a statistical analysis of the use of this website by visitors and to display usage-oriented content or advertising. etracker cookies do not contain any information that could be used to identify a user.

etracker only processes and stores the data it collects on behalf of the provider of this website in Germany and it is therefore subject to strict German and European data privacy laws and standards. In this regard, etracker has been independently audited, certified and awarded the ePrivacyseal, a data privacy seal of approval.

The legal foundation for the data processing is Article 6 Paragraph 1(f) (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our legitimate interest lies in optimising our online offering and web presence. As the private sphere of our visitors is particularly important to us, the IP address is anonymised by etracker as early as possible, and log-in or device identifiers are converted to a code that is unique but cannot be assigned to a person. etracker does not use this data in any other way, combine it with other data or pass it on to third parties.

1.4 Functionalities

We provide various functionalities on our website for which we must collect personal data or other information. For example, these functionalities can be made accessible only to Miles & More members who log in using their identification details (e.g. Miles & More card number and PIN or user name and password) or to registered customers after login.

As a Miles & More member or registered customer you can access your customer profile via our website where you can, among other things, view and amend your saved personal data. For example, you can save, view and amend the following data in your customer profile: name, address, contact details, payment data, orders, language settings etc. As a Miles & More member you can also view the status of your mileage account and request specific awards.

If more personal data is needed to use the functionalities, this will be indicated on our website accordingly. Mandatory information is highlighted separately; it is not possible to use the relevant functionality without providing the mandatory information.

On our website, we can also offer you functionalities that can be used without logging in as a Miles & More member or registered customer. We must nevertheless collect personal data or other information for this, e.g. if you take part in a survey or competition on this website or if you send us questions or feedback. Without your further consent, we will only collect, process and use such data and information to the extent required for the relevant functionality (e.g. for answering your question or processing your feedback). Detailed information on how data is collected during competitions can be found in the entry terms and conditions for the relevant competition.

1.5 Links and data collection on third party websites

You may be directed via links on our website to third party websites that are not operated by us. For example, they may be websites operated by partner companies with whom you can earn miles or who have special offers for Miles & More members or where you can find information about products and services. We have no influence over the collection, processing and use of your personal data on such third party websites. This is performed by the provider of the relevant website. Please therefore read the terms of use and privacy policies for these websites for more specific information on how they collect, process and use (personal) information.

What happens when you receive our newsletter?

If you have granted your consent under the heading Newsletter on our website to receiving the newsletter - until you either revoke this consent or until MMG stops sending the newsletter - we would like to give you the following information: The legal foundation for the processing is your consent as per Article 6 Paragraph 1(a) GDPR. Your consent applies to the processing of the following personal data provided voluntarily:

  • Email address
  • Choice of newsletter language
  • Where applicable: surname, first name, title, gender/form of address
  • Where applicable: address details
  • Where applicable: country of origin
  • Where applicable: date of birth
  • Where applicable: Miles & More service card number

Your consent applies to the use of your email address for sending the newsletter to the stated address. The newsletter provides information about SWISS Shop offers and issues.

You can withdraw your consent to receiving the newsletter at any time. Further information can be found under the "How can you withdraw your consent?" section.

What personal data do you have to provide?

For statutory or contractual requirements, we have indicated in the input masks on our website the fields that you must complete so that we can execute the desired contract or service.

For example, we collect the following data when you register or place an order:

  • First name and surname, address
  • Order data
  • Invoice and delivery address
  • Email address, telephone numbers
  • Invoice and payment data
  • Where applicable: date of birth
  • Where applicable: Miles & More service card number

For how long will your data be stored?

Your personal data will be deleted as soon as it is no longer required for the stated purposes. Furthermore, previous orders will be deleted from active customer accounts after four years. Inactive customer accounts will be deleted in full after four years.

However, we might have to store your data until the expiration of retention obligations and periods issued by the legislator or regulatory authority, which might be specified in the commercial code and fiscal code and generally amount to between six and ten years. Furthermore, we can store your data until the expiration of statutory limitation periods if this is required for asserting, exerting or defending legal claims. The corresponding data is then routinely deleted.

Who receives your data?

In order to offer you our products and services on the basis of our contractual obligations or legitimate interests, we use service providers and third parties such as service centres, payment providers, logistics, postal and courier companies or IT service providers. If these service providers are processors as per Article 28 GDPR, they will have been carefully selected and work solely in accordance with our instructions. They provide sufficient guarantees for complying with data privacy obligations.

It may be the case that personal data is transferred to third countries or international organisations. To protect you and your personal data, appropriate guarantees are provided for such data transfers in accordance with and consistent with legal requirements. If these transfers do not have a legal foundation, or take place in a country for which the EU Commission has not issued an adequacy decision, we shall use the standard EU contractual clauses. Information on standard EU contractual clauses can be found on the European Union websites via the link http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF.

Furthermore, we are legally obligated in certain cases to make personal data available to German and international authorities as per Article 6 Paragraph 1(c) GDPR in conjunction with local and international regulations and conventions.

The legal foundations for the transfer of data to other third parties and processors are Article 6 Paragraph 1(b) GDPR (executing your purchase contract), Article 6 Paragraph 1(a) GDPR (consent), Article 6 Paragraph 1(f) GDPR (legitimate interest) and Article 28 GDPR.

What are your data protection rights?

As a data subject, you can exercise the following rights if the relevant legal requirement applies:

  • Right of access, Article 15 GDPR
  • Right to rectification, Article 16 GDPR
  • Right to erasure (“right to be forgotten”), Article 17 GDPR
  • Right to restriction of processing, Article 18 GDPR
  • Right to data portability, Article 20 GDPR
  • Right to object, Article 21 GDPR

You can use our "GDPR information enquiry" contact form to exercise your right. In order to handle your application and identify you, please note that we will process your personal data as per Article 6 Paragraph 1(c) GDPR.

You can update most of your master data in your customer profile on our website at any time. If there are any changes in your personal data (e.g. your postal address, email address or telephone number), please update your customer profile to reflect this.

You also have the right to lodge a complaint with a supervisory authority as per Article 77 GDPR in conjunction with Section 19 BDSG.

The supervisory authority responsible for MMG is:

The Hessian Data Protection Officer
PO Box 3163
65021 Wiesbaden
Germany

Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany

Telephone: +49 (0)611/1408-0
Fax: +49 (0)611/1408-900 or -901
email: 051049057059057059029043043029000027021059029047057025035061059071001035029057057029047001027029

How can you withdraw your consent?

If you have granted your consent to us processing your personal data, we would like to point out that you can withdraw this consent at any time.

If you have granted your consent to receiving our newsletter, you can withdraw this consent via the "Unsubscribe" link in the newsletter.

In all other cases, or if you are having problems withdrawing your consent on this website, you can contact the data protection officer.

Please note that withdrawing your consent only has effect for the future and has no influence on the lawfulness of processing performed in the past. In some cases we are entitled, despite your withdrawal, to further process your personal data on a different legal foundation e.g. for executing a contract.

Information on your right to object as per Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to your personal data being processed as per Article 6 Paragraph 1(e) or (f) GDPR.

We shall no longer process your personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is required for establishing, exerting or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to your personal data being processed for such marketing.

If you object to your personal data being processed for direct marketing, it will no longer be processed for this purpose.

In connection with the use of information society services - notwithstanding Directive 2002/58/EC - you have the opportunity to exercise your right to object by automated means using technical specifications.

You can object to the processing of your personal data at any time (e.g. via our contact form) as described in the "What are your data protection rights?" section.

Information on participation in the Miles & More programme

Information on how your data is processed within the Miles & More programme can be found on this link.

My SWISS Shop

Hello,
please log in to display your mileage balance.

If you move the mile slider to the left or right, all prices and mile details on the page will change. You can use the mile slider to define the miles to be redeemed and automatically display the payment amount in CHF. Alternatively, you can enter your required miles amount in the free text field.

When you are logged in, you can see your current miles account balance. The miles/CHF mix is adjusted with this value.

Topseller

To personalize and improve your website experience this site uses cookies. By using www.swiss-shop.com, you agree to our ➔ Cookie Policy