data protection
Data protection
Last updated on: March 8, 2024
We attach great importance to ensuring that the handling of personal data is transparent. This privacy policy provides information about what personal data we collect, for what purpose and to whom we share it. In order to ensure a high level of transparency, this data protection declaration is regularly checked and updated.
1. Which services we use
- Shopify
2. Contact information
If you have any questions or concerns about how we protect your data, you can contact us at any time by email at . Responsible for the data processing carried out via this website is:
Mengeta Ltd.
Wasserturmplatz 2
4410 Liestal
Switzerland
Person responsible for data protection:
3. General principles
3.1 What data do we collect from you and from whom do we receive this data
We primarily process personal data that you provide to us or that we collect when operating our website. We may also receive personal information about you from third parties. These can be the following categories:
- Personal master data (name, address, dates of birth, etc.);
- Contact details (mobile phone number, email address, etc.);
- Financial data (e.g. account details);
- Online identifiers (e.g. cookie identifiers, IP addresses);
- location and traffic data;
- sound and image recordings;
- particularly sensitive data (e.g. biometric data or information about your health).
3.2 Under what conditions do we process your data?
We treat your data confidentially and in accordance with the purposes set out in this data protection declaration. We ensure that processing is transparent and proportionate.
If, in exceptional cases, we are unable to follow these principles, the data processing may still be lawful because there is a justification. The following can be considered as justification:
- your consent;
- the implementation of a contract or pre-contractual measures;
- our legitimate interests, unless your interests outweigh them.
3.3 How can you revoke your consent?
If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have other justification.
You have the option to revoke your consent at any time by sending an email to the address given in the legal notice. Data processing that has already taken place is not affected by this.
3.4 In what cases can we pass on your data to third parties?
a. principle
We may be dependent on using the services of third parties or affiliated companies and commissioning them to process your data (so-called processors). Categories of recipients are:
- accounting, fiduciary and auditing companies;
- Consulting companies (legal advice, taxes, etc.);
- IT service providers (web hosting, support, cloud services, website design, etc.);
- payment service providers;
- Provider of tracking, conversion and advertising services.
We ensure that these third parties and our affiliates comply with data protection requirements and treat your personal data confidentially.
Under certain circumstances we are also obliged to disclose your personal data to authorities.
b. Visit our social media channels
We may have embedded links to our social media channels on our website. This is clear to you in each case (typically via corresponding symbols). If you click on the symbols, you will be redirected to our social media channels.
In this case, the social media providers learn that you are accessing their platform from our website. The social media providers can use the data collected in this way for their own purposes. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the operators.
c. Transfer abroad
Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are committed to data protection to the same extent as we are. The transfer can take place worldwide.
If the level of data protection does not correspond to that of Switzerland, we carry out a prior risk assessment and contractually ensure that the same protection as in Switzerland is guaranteed (e.g. by means of the EU Commission's new standard contractual clauses or other legally required measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link. https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_de
3.5 How long do we keep your data?
We only retain personal information for as long as necessary to fulfill the individual purposes for which the information was collected.
Data that we store when you visit our website will be retained for twelve months. An exception applies to analysis and tracking data, which can be retained for longer periods.
We store contract data for longer because we are obliged to do so by legal regulations. In particular, we must store business communications, concluded contracts and booking documents for up to 10 years. If we no longer need such data from you to carry out the services, the data will be blocked and we will only use it for accounting and tax purposes.
3.6 How do we protect your data?
We will keep your information secure and take all reasonable measures to protect your information from loss, access, misuse or alteration.
Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases it will be necessary for us to pass on your requests to companies affiliated with us. Even in these cases, your data will be treated confidentially.
Within our website we use the SSL process (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser.
3.7 What rights do you have?
a. right of providing information
You can request information about the data we have stored about you at any time. We ask you to send your request for information together with proof of identity to smokeparadise@mengeta.ch.
You also have the right to receive your data in a common file format if we process your data automatically and if:
- you have given your consent for the processing of this data; or
- You have disclosed data in connection with the conclusion or processing of a contract.
We may restrict or refuse to provide information or data release if this conflicts with our legal obligations, legitimate own or public interests or the interests of a third party.
The processing of your application is subject to the statutory processing period of 30 days. However, we may extend this deadline due to a high volume of inquiries, for legal or technical reasons or because we need further information from you. You will be informed about the extension of the deadline in a timely manner, at least in text form.
b. Deletion and correction
You have the option to request the deletion or correction of your data at any time. We can reject the request if legal regulations require us to store it for a longer period of time or without changes or if there is a permit that conflicts with your request.
Please note that exercising your rights may, under certain circumstances, conflict with contractual agreements and have corresponding effects on the execution of the contract (e.g. early termination of the contract or cost consequences).
c. Legal recourse
If you are affected by the processing of personal data, you have the right to enforce your rights in court or to submit a report to the responsible supervisory authority. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch
3.8 Changes to the privacy policy
We may change this privacy policy at any time. The changes will be published on , you will not be informed about them separately.
4. Individual data processing operations
4.1 Providing the website and creating log files
What information do we receive and how do we use it?
By visiting, certain data will be automatically stored on our servers or on servers of services and products that we purchase and/or have installed for system administration purposes, for statistical or backup purposes or for tracking purposes. It is about:
- the name of your internet service provider;
- your IP address (under certain circumstances);
- the version of your browser software;
- the operating system of the computer used to access the URL;
- the date and time of access;
- the website from which you are visiting URL;
- the search words you used to find the URL.
Why are we allowed to process this data?
This data cannot be assigned to a specific person and this data is not merged with other data sources. The log files are stored to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.
How can you prevent data collection?
The data will only be stored for as long as is necessary to achieve the purpose of your collection. Accordingly, the data will be deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website, so you have no opportunity to object to this.
4.2 Shopify
Our website uses services from Shopify, an e-commerce platform offered by Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8, Canada. We use Shopify to provide you with a streamlined online shopping experience and to sell our products online.
When you make a purchase from our online store, your order information, including personal information such as name, address and payment information, will be forwarded to Shopify to complete the purchase process. Shopify also uses cookies and other technologies to improve the shopping experience and ensure the security of the shopping process.