up to 70% cheaper than at the optician Free shipping from CHF 180,-

Privacy Policy

  1. 1 We are pleased that you are visiting our website and thank you for your interest. We would like to inform you here about the handling of your personal data when using this website. 

  2. 1. Data protection at a glance

  3. General notes

  4. 2 The following information provides an overview of what happens to your personal data when you visit this website and/or transmit your personal data to us in any other way. Personal data in the sense of the GDPR (Art. 4 No. 1 GDPR) and the Swiss Federal Data Protection Act as amended ("DPA") is any data relating to an identified or identifiable natural person. This includes, for example, your name or e-mail address, but also the IP address with which you use our services. Insofar as you provide information about your visual acuity or other medical information required for the provision of corrective visual aids such as contact lenses in the context of using our services, this is health data in the sense of Art. 4 No. 15 GDPR and the corresponding DPA provisions, which are particularly protected as personal data. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

  5. Data collection on this website

  1. 1 Who is responsible for the data collection on this website?

  1. 3 The website operator carries out the data processing on this website. You can find the contact details of the website operator in the section "Information about the responsible party" in this data protection declaration.

  1. 2 How do we collect your data?

  1. 4 On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a form.

  2. 5 Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you call up this website.

  1. 3 What do we use your data for?

  1. 6 Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your usage behavior.

  1. 4 What rights do you have regarding your data?

  1. 7 You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

  2. 8 You can contact us at any time with regard to this and other questions on the subject of data protection.

  3. Third-party analytics and tools

  4. 9 When visiting this website, your surfing behavior can be statistically evaluated. This is done mainly with so-called analysis programs.

  5. 10 Detailed information about these analysis programs can be found in the following privacy policy.

  6. 2. Hosting & Content Delivery Network (CDN)

  7. Hosting

  8. 11 This website is hosted externally. We use the system of OVH SAS, 2 rue Kellermann BP 80157 59100 Roubaix, France ("OVHcloud"), for the purpose of hosting and displaying page content on the basis of processing on our behalf. All data collected on our website is processed on OVHcloud's servers. As part of the aforementioned services, data may also be transmitted to OVHcloud servers in France as part of further processing on our behalf. We have concluded an order processing agreement with OVHcloud ("Data Processing Agreement", available at https://us.ovhcloud.com/legal/data-processing-agreement), in which we oblige the provider to protect the data of our users and not to pass it on to third parties.

  9. CDN

  10. 12 We use the service "Cloudflare" via our hoster. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

  11. 13 Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website through Cloudflare's network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

  12. 14 The use of Cloudflare is based on the legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions).

  13. 15 You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

  14. 3. General notes and mandatory information

  15. Privacy

  16. 16 We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

  17. 17 When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

  18. 18 We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

  19. Responsible entity, data protection officer

  20. 19 The responsible party for data processing on this website is:

  21. McLinsen.ch
    Vision Group AG

  22. Riedwiesenstrasse 23

  23. 8305 Dietlikon

  24. SWITZERLAND

  25. Phone: +41 43 55 00 555

  26. E-mail: [email protected]

  27. 20 The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.). 

  28. 21 If you have any concerns regarding data protection, you can address them to our data protection officer at the following contact address: Data Protection Officer, Vision Group AG, Riedwiesenstrasse 23, 8305 Dietlikon, SWITZERLAND, or by e-mail to [email protected] with the subject "Data Protection".

  29. 22 The representation within the European Union pursuant to Art. 27 GDPR is: Vision Group AG, Chausseestrasse 86, 10115 Berlin

  1. 5 Storage duration

  1. 23 Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

  2. Note on data transfer abroad

  3. 24 We also transfer personal data to third parties or processors based outside Switzerland. These are in particular the following countries: Germany, France, USA. See also the list of third parties or processors abroad under Consent Management Platform (CMP): www.mclinsen.ch/cmp and https://usercentrics.com/de/ and in this Privacy Policy. 

  4. 25 In this case, we ensure that the recipient either has an adequate level of data protection (e.g. based on an adequacy decision of the EU Commission for the respective country in accordance with Art. 45 GDPR and the corresponding DPA provisions or the agreement of so-called EU standard contractual clauses of the European Commission with the recipient in accordance with Art. 46 GDPR and the corresponding DPA provisions) before transferring the data.

  5. 26 You can obtain an overview of the recipients abroad and a copy of the specifically agreed regulations to ensure an appropriate level of data protection from us. Please use the information in the section "Responsible body, data protection officer".

  6. Revocation of your consent to data processing

  7. 27 Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

  8. Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR and the corresponding DPA provisions)

  9. 28 If the data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR and the corresponding DPA provisions, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21 para. 1 GDPR and the corresponding DPA provisions).

  10. 29 If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR and the corresponding DPA provisions).

  11. Right of complaint to the competent supervisory authority

  12. 30 In the event of violations of the GDPR and the DPA, the data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.

  13. Right to data portability

  14. 31 You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request that the data be transferred directly to another responsible party, this will only be done insofar as it is technically feasible.

  15. Information, deletion and correction

  16. 32 Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

  17. Right to restriction of processing

  18. 33 You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • ● If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

  • ● If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.

  • ● If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

  • ● If you have lodged an objection pursuant to Art. 21 para. 1 GDPR and the corresponding DPA provisions, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

  1. 34 If you have restricted the processing of your personal data, this data may - apart from being stored - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State or Switzerland.

  2. 4. Data collection on this website

  3. Cookies

  4. 35 Our Internet pages use so-called ‘cookies’. Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

  5. 36 In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

  6. 37 Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

  7. 38 Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions); consent can be revoked at any time.

  8. 39 You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

  9. 40 If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

  10. 41 We use the following cookies and tracking tools:

  • − Microsoft Enhanced Conversions: This tool makes conversions more accurate by matching personal information (such as email address or phone number) with the user.

  • − Customer Match Lists in Google Ads: With Customer Match Lists, we can reach and retarget you based on online and offline data via Google Search, the "Shopping" tab, Gmail, YouTube and the Display Network. Ads are targeted to you and similar customers based on the information you have shared with us. You can find more information here.

  • Cookie consent with Usercentrics

  1. 42 Our website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics"). When you visit our website, a connection is established to the servers of Usercentrics in order to obtain your consent and other declarations regarding the use of cookies. Usercentrics then stores a cookie in your browser in order to be able to assign the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

  2. 43 Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR and the corresponding DPA provisions.

  1. 6 Job processing

  1. 44 We have concluded a data processing contract with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR and the DPA.

  2. Server log files

  3. 45 The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • − Browser type and browser version

  • − Operating system used

  • − Referrer URL

  • − Host name of the accessing computer

  • − Time of the server request

  • IP address

  1. 46 This data is not merged with other data sources.

  2. 47 This data is collected on the basis of Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

  3. Request by e-mail or phone

  4. 48 If you contact us by e-mail or telephone your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The same applies to customer calls, which are recorded to ensure a high quality of service and to train our employees. The recordings are stored for a period of 6 months and then deleted, unless longer storage is required by law or is necessary for the assertion, exercise or defense of legal claims.

  5. 49 The processing of this data is based on Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions) or on your consent (Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions), if this was requested.

  6. 50 The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

  7. Registration on this website

  8. 51 You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

  9. 52 For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

  10. 53 The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions).

  11. 54 We will store the data collected during registration as long as you are registered on this website and will be deleted afterwards. Legal retention periods remain unaffected.

  12. Registration on this website

  13. 55 Instead of logging in to our website with your e-mail address, you can also use the social login function of our partners

  • − Google

  • − Meta (Facebook) or

  • − Apple.

  1. 56 If you already have an account with one of these providers, you can use it to register on our website. The providers will pass on data linked to your account to us. If you opt for the single sign-on option, your provider will inform you which data will be shared with us.

  2. 57 The data transmitted to us during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions).

  3. 5. Analysis tools and marketing

  4. Data transfer to analysis and marketing partners

  5. 58 This website uses functions from various analysis and marketing partners with your consent. You can find an overview of all partners in our Consent Management Platform (CMP): www.mclinsen.ch/cmp. You can consent to or reject the transfer of data to these partners for different purposes in the CMP. You can change this selection at any time. You can find more information about our partners in the CMP, such as a description of the services, the data processed, the technologies used, the legal basis, the location of the processing, the storage period and further information on the data protection declarations of our partners.

  6. Matching of customer data for marketing purposes

  7. 59 With your separate consent, we share "hashed" contact data with selected marketing partners. "Hashing" is a process in which data is converted into a seemingly random but unique string of characters of fixed length using a special algorithm. This string is called a “hash value” or “hash” and works similarly to a check digit. The hash value cannot be recalculated. However, the recipient can check whether they already have data in their own database that has the same hash value. If this is the case, the partner can establish a link. This is how our advertising partners find out whether a person is already among their own contacts. However, they do not receive any new contact information from us that the advertising partners do not already have from you. This comparison helps us and our advertising partners to provide you with targeted advertising.

  8. 60 The following data will be shared with our advertising partners with your consent:

  • − Hash value of your email address

  • − Hash value of your telephone number

  • − Hash value of your first name

  • − Hash value of your surname

  • − Hash value of the country

  • − Hash value of zip code

  1. 61 We currently share this data with the following partners with your consent:

  • − Google (https://support.google.com/analytics/answer/6004245?hl=de)

  • − Microsoft (https://privacy.microsoft.com/de-de/privacystatement?tid=331723716362)

  • − Meta (https://de-de.facebook.com/privacy/policy/)

  • Coupon Marketing

  1. 62 In order to select a voucher offer that is currently of interest to you, we transmit the hash value of your e-mail address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) in pseudonymized and encrypted form (Art. 6 para.1 f GDPR and the corresponding DPA provisions). The pseudonymized hash value of the e-mail address is used by Sovendus to take into account any objection to advertising (Art. 21 para.3, Art. 6 para.1 c GDPR and the corresponding DPA provisions). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days (Art. 6 para.1 f GDPR and the corresponding DPA provisions). In addition, for billing purposes, we transmit pseudonymized order number, order value with currency, session ID, coupon code and time stamp to Sovendus (Art. 6 para.1 f GDPR and the corresponding DPA provisions). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your email address and you click on the voucher banner that is only displayed in this case, we transmit your title, name, zip code, country and email address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 para.1 b, f GDPR and the corresponding DPA provisions).

  2. 63 For further information on the processing of your data by Sovendus, please refer to the online privacy notices at https://www.sovendus.de/datenschutz.

  3. Trusted Shops Trustbadge

  4. 64 To display our Trusted Shops seal of approval and to offer Trusted Shops membership to buyers after an order, the Trusted Shops trust badge is integrated on this website.

  5. 65 This serves to protect our legitimate interests in an optimal marketing of our offer, which prevail in the context of a balancing of interests, Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

  6. 66 When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.

  7. 67 Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.

  8. 6. Newsletter

  9. Newsletter data

  10. 68 If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

  11. 69 The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

  12. 70 The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest according to Art. 6 Para. 1 lit. f GDPR and the corresponding DPA provisions.

  13. 7. Other plugins and tools

  14. Google Web Fonts (local)

  15. 71 This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

  16. 72 For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.

  17. Google Maps

  18. 73 This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

  19. 74 To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

  20. 75 The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions; the consent can be revoked at any time.

  21. 76 Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

  22. 77 You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.

  23. Dixa

  24. 78 We use the CRM system Dixa to process user requests. The provider is Dixa ApS, Vimmelskaftet 41A, 1st Sal., 1161 Copenhagen, Denmark.

  25. 79 We use Dixa to be able to process your requests quickly and efficiently. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions.

  26. 80 You can send requests only with the e-mail address and without giving your name.

  27. 81 The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

  28. 82 If you are not comfortable with us processing your request through Dixa, you may alternatively communicate with us by email or phone.

  29. 83 For more information, please see Dixa's privacy policy: https://www.dixa.com/legal/privacy/.

  1. 7 Job processing

  1. 84 We have concluded an order processing contract with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR and the DPA.

  2. Storyblok

  3. 85 We use Storyblok as our content management system (CMS). The service provider is Storyblok GmbH, Peter-Behrens-Platz 2, Linz, AT 4020, Austria. Using Storyblok enables us to create and operate the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR and the corresponding DPA provisions.

  4. 86 For more information, please visit the website at https://www.storyblok.com/ or read the Storyblok privacy policy at https://www.storyblok.com/legal/privacy-policy.

  5. 8. Affiliate programs

  6. 87 We participate in affiliate partner programs. In affiliate partner programs, advertisements of a company (advertiser) are placed on websites of other companies of the affiliate partner network (publisher). If you click on one of these affiliate advertisements, you will be redirected to the advertised offer. If you subsequently carry out a specific transaction (conversion), the publisher receives a commission for this. To calculate this remuneration, it is necessary for the affiliate network operator to be able to trace which advertisement you used to access the respective offer and to have carried out the predefined transaction. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.

  7. 88 The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions. The website operator has a legitimate interest in the correct calculation of his affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions. Consent may be revoked at any time.

  8. 89 We participate in the following affiliate programmes:

  • − Adtraction partner programme, service provider: Adtraction AG, Dufourstrasse 49, 8008 Zurich, Switzerland.

  • − Website: https://adtraction.com/ch/

  • − Privacy Policy: https://adtraction.com/privacy-policy/

  • 9. Re-ordering service

  1. 90 If you have successfully placed an order for contact lenses via our online shop, we will process your name, email address, order date and information about the products you have ordered in order to offer you a reordering service. Depending on the quantity of products ordered, we will calculate a reasonable time for you to reorder. You will receive a reminder email at this time with the option to purchase the products you have ordered again. Only if you choose this option will you be redirected to our website to start the ordering process again. The legal basis for sending the reminder email is our legitimate interest (Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions) in conducting direct advertising. Our interest outweighs your legitimate interests, as we can generally assume that a repeat order of the consumable product contact lenses is also in your interest. Your interests are also sufficiently protected by the fact that you can object to the further receipt of reminder e-mails at any time by clicking an ‘unsubscribe’ button, which is located in each reminder e-mail. In this case, we will no longer process your data for the purposes of the reordering service. Further processing of the data for other purposes remains unaffected insofar as we have a legal basis for this.

  2. 10. ECommerce and payment providers

  3. Processing of data (customer and contract data)

  4. 91 We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. Insofar as health data is required for this purpose, the legal basis is Art. 9 para. 2 h GDPR (in connection with Art. 22 para. 1 nr. 1 lit. b DPA and the corresponding DPA provisions. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user. The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

  5. Data transmission at the conclusion of a contract for online stores, merchants and shipment of goods

  6. 92 We transmit personal data to third parties only if this is necessary within the scope of the contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

  7. 93 The basis for the data processing is Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions, which allows the processing of data for the fulfillment of a contract or pre-contractual measures.

  8. 94 In order to process your order, we work together with the following service providers, who support us in whole or in part in the execution of concluded contracts. Personal data is transmitted to these service providers in accordance with the following information.

  1. 8 Use of special service providers for order processing and handling

  2. 9 Paqato

  1. 95 In order to enable the customer to track his shipment after placing the order, we use the service of PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster ("Paqato").

  2. 96 On our behalf, Paqato sends shipping notifications and status updates on the delivery. For this purpose, in accordance with Art. 6 para. 1 f GDPR and the corresponding DPA provisions, we pass on certain customer data (email address, first and last name and address) together with the shipment number to Paqato on the basis of our legitimate interest in effective and informative customer communication as well as transparent and reliable shipment processing, which is also in the customer's interest, after the package has been posted.

  3. 97 The data will not be passed on to third parties by Paqato and will be processed exclusively for the purpose named above. After completed shipping, the data will be deleted by Paqato.

  4. 98 We have entered into an order processing agreement with Paqato, by which we oblige Paqato to protect the data of our customers in accordance with the legal requirements. Paqato's privacy policy can be viewed here: https://www.paqato.com/datenschutzerklaerung/

  1. 10 pixi

  1. 99 The order is processed by the service provider "pixi" (Descartes Systems (Germany) GmbH, Walter-Gropius-Str. 15, D-80807 Munich). Name, address and, if applicable, other personal data will be passed on to pixi in accordance with Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order. Details on pixi's data protection and the privacy policy of Descartes Systems (Germany) GmbH can be viewed at the following link: https://www.pixi.eu/datenschutz

  2. Disclosure of personal data to shipping providers

  3. Swiss Post

  4. 100 If the goods are delivered by the transport service provider Swiss Post (Die Schweizerische Post, Wankdorfallee 4, 3030 Bern), we will pass on your e-mail address to Swiss Post in accordance with Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Swiss Post for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions. The transfer only takes place to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Swiss Post or the delivery notification is not possible.

  5. 101 The consent can be withdrawn at any time with effect for the future, either with the controller or with the transport service provider Swiss Post.

  6. Planzer

  7. 102 If the goods are delivered by the transport service provider Planzer (Planzer Transport AG, Lerzenstrasse 14, 8953 Dietikon), we will pass on your e-mail address to Planzer in accordance with Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions before the goods are delivered for the purpose of coordinating a delivery date or for a delivery notification to Planzer, provided that you have given your express consent during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Planzer for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The data will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with Planzer or transmission of status information for shipment delivery is not possible.

  8. 103 The consent can be withdrawn at any time with effect for the future, either with the controller or with the transport service provider Planzer.

  9. Credit checks

  10. 104 In the case of a purchase on account or any other payment method for which we make advance payments, we may perform a credit check (scoring). For this purpose, we transmit your entered data (e.g. name, address, age or bank data) to a credit agency. Based on this data, the probability of a payment default is determined. If the risk of non-payment is excessive, we may refuse the payment method in question.

  11. 105 The credit assessment is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions) and to avoid payment defaults (legitimate interest according to Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions). If consent has been obtained, the credit assessment is based on this consent (Art. 6 para. 1 lit. GDPR and the corresponding DPA provisions); consent can be revoked at any time.

  12. Payment services

  13. 106 We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. For these transactions, the respective contract and data protection provisions of the respective providers apply. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and the corresponding DPA provisions, as well as in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR and the corresponding DPA provisions are the legal basis for data processing; consents can be revoked at any time for the future.

  14. We use the following payment services/providers on this website:

  15. PayPal

  16. 107 The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

  17. 108 Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

  18. 109 For details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

  19. Datatrans

  20. 110 This payment service is provided by Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. Further information on the payment service provider's data protection policy can be found at https://www.datatrans.ch/de/datenschutzbestimmungen/.

  21. Collection service provider

  22. 111 If you do not pay outstanding invoices despite repeated reminders, we reserve the right to transmit the data required for the execution of a debt collection to a collection service provider.

  23. 112 In addition, we may sell outstanding receivables to a collection service provider and, for this purpose, assign these receivables to a collection service provider, which in turn may enforce them against you in its own name under its own responsibility within the scope of statutory provisions.

  24. 113 The legal basis for the transmission of data within the scope of the trust collection is Art. 6 para. 1 lit. b GDPR and the corresponding DPA provisions; the transmission of data within the scope of the sale of receivables is based on Art. 6 para. 1 lit. f GDPR and the corresponding DPA provisions.

  25. 114 In Switzerland, we work with the following collection service providers:

  26. Intrum AG

  27. Eschenstrasse 12

  28. 8603 Schwerzenbach

  29. 11. Encryption

  30. SSL or TLS encryption

  31. 115 This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

  32. 116 If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

  33. Encrypted payment transactions on this website

  34. 117 If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization), this data is required for payment processing.

  35. 118 Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

  36. 119 With encrypted communication, your payment data that you transmit to us cannot be read by third parties.