Privacy policy

With this Privacy Policy, we inform you about which personal data we process in connection with our activities and services, including our www.venus-beauty.ch website. We specifically inform you about the purposes, methods, and locations of our data processing. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and services, additional privacy policies and other legal documents, such as terms and conditions (AGB), terms of use, or participation conditions, may apply.

We are subject to Swiss data protection law as well as any applicable foreign data protection laws, including those of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law provides an adequate level of protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Ello Invest AG
Stadthausstrasse 22
8400 Winterthur
Switzerland

info@venus-beauty.ch

We point out that in individual cases there may be other responsible parties for the processing of personal data.

2. Terms and Legal Foundations

2.1 Terms

Personal data refers to all information relating to a specific or identifiable person. A data subject is a person whose personal data is being processed.

Processing includes any handling of personal data, regardless of the means and methods used, including storing, disclosing, collecting, gathering, deleting, saving, modifying, destroying, and using personal data.

The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Foundations

We process personal data in accordance with Swiss data protection law, such as the Federal Act on Data Protection (DPA) and the Ordinance to the Federal Act on Data Protection (DPAO).

We process – to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, provided that the fundamental freedoms and rights of the data subject do not override them. Legitimate interests include, in particular, our interest in conducting our activities and operations in a sustainable, user-friendly, secure, and reliable manner and to communicate about them, ensuring information security, protecting against misuse, enforcing our own legal claims, and complying with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under potentially applicable law from member states of the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data to perform a task that is in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to conduct our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may particularly fall into the categories of personal and contact data, browser and device data, content data, meta or auxiliary data, usage data, location data, sales data, and contract and payment data.

We process personal data for the duration that is necessary for the respective purpose(s) or legally required. Personal data that is no longer necessary for processing is anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are specialized providers whose services we use. We also ensure data protection with such third parties.

We generally process personal data only with the consent of the data subject, unless the processing is permissible for other legal reasons, such as to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances, or after prior information.

In this context, we particularly process information that a data subject voluntarily and personally provides to us when contacting us – for example, by mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book or with similar tools. If we receive data about other people, the transmitting parties are obligated to ensure data protection for such persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is legally permissible.

4. Applications

We process personal data about applicants to the extent necessary for assessing suitability for employment or for the subsequent execution of an employment contract. The required personal data primarily stems from the information requested, such as in a job advertisement. We also process personal data that applicants voluntarily provide, particularly as part of cover letters, resumes, and other application documents.

We process – to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants according to Art. 9 para. 2 lit. b GDPR.

5. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or having it processed there.

We may export personal data to all countries and territories on Earth and elsewhere in the universe, provided that the local law ensures adequate data protection according to the Federal Data Protection and Information Commissioner (FDPIC) or according to the decision of the Swiss Federal Council, or, if and to the extent that the GDPR is applicable, according to the decision of the European Commission.

We may transmit personal data to countries whose laws do not ensure adequate data protection, provided that data protection is otherwise ensured, particularly based on standard contractual clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide information about any safeguards or provide a copy of safeguards upon request.

6. Rights of Data Subjects

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to access as well as the right to correction, deletion, or blocking of processed personal data.

Data subjects whose personal data we process may – if and to the extent that the GDPR is applicable – request confirmation whether we process their personal data and, if so, request information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability, and have their personal data corrected, deleted (“right to be forgotten”), blocked, or completed.

Data subjects whose personal data we process may – if and to the extent that the GDPR is applicable – withdraw any consent given at any time with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

7. Data Security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. However, we unfortunately cannot guarantee absolute data security.

Access to our website is provided via transport encryption (SSL/TLS, especially with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Our digital communication is subject – like any digital communication – to indiscriminate and suspicion-independent mass surveillance as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police stations, and other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data do not necessarily have to be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies enable, among other things, recognizing a browser on subsequent visits to our website and, for example, measuring the reach of our website. Permanent cookies may also be used for online marketing, for example.

Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may not be fully available. We actively request – at least to the extent required – explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general opt-out is possible via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

We may collect the following information for each access to our website, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-pages of our website including the amount of data transmitted, and the last webpage visited in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary to provide our website sustainably, user-friendly, and reliably and to ensure data security, particularly the protection of personal data – also through third parties or with the help of third parties.

8.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.

9. Benachrichtigungen und Mitteilungen

Wir versenden Benachrichtigungen und Mitteilungen per E-Mail und über andere Kommunikationskanäle wie beispielsweise Instant Messaging oder SMS.

9.1 Erfolgs- und Reichweitenmessung

Benachrichtigungen und Mitteilungen können Weblinks oder Zählpixel enthalten, die erfassen, ob eine einzelne Mitteilung geöffnet wurde und welche Weblinks dabei angeklickt wurden. Solche Weblinks und Zählpixel können die Nutzung von Benachrichtigungen und Mitteilungen auch personenbezogen erfassen. Wir benötigen diese statistische Erfassung der Nutzung für die Erfolgs- und Reichweitenmessung, um Benachrichtigungen und Mitteilungen aufgrund der Bedürfnisse und Lesegewohnheiten der Empfängerinnen und Empfänger effektiv und nutzerfreundlich sowie dauerhaft, sicher und zuverlässig versenden zu können.

9.2 Einwilligung und Widerspruch

Sie müssen grundsätzlich in die Verwendung Ihrer E-Mail-Adresse und Ihrer sonstigen Kontaktadressen ausdrücklich einwilligen, es sei denn, die Verwendung ist aus anderen rechtlichen Gründen zulässig. Für eine allfällige Einwilligung verwenden wir nach Möglichkeit das «Double Opt-in»-Verfahren, das heisst, Sie erhalten eine E-Mail mit einem Weblink, den Sie zur Bestätigung anklicken müssen, damit kein Missbrauch durch unberechtigte Dritte erfolgen kann. Wir können solche Einwilligungen einschliesslich Internet Protocol (IP)-Adresse sowie Datum und Zeit aus Beweis- und Sicherheitsgründen protokollieren.

Sie können grundsätzlich dem Erhalt von Benachrichtigungen und Mitteilungen wie beispielsweise Newslettern jederzeit widersprechen. Mit einem solchen Widerspruch können Sie gleichzeitig der statistischen Erfassung der Nutzung für die Erfolgs- und Reichweitenmessung widersprechen. Vorbehalten bleiben erforderliche Benachrichtigungen und Mitteilungen im Zusammenhang mit unseren Aktivitäten und Tätigkeiten.

9.3 Dienstleister für Benachrichtigungen und Mitteilungen

Wir versenden Benachrichtigungen und Mitteilungen mit Hilfe von spezialisierten Dienstleistern.

Wir nutzen insbesondere:

• Mailchimp: Kommunikationsplattform; Anbieterin: The Rocket Science Group LLC d/b/a Mailchimp (USA) als Tochtergesellschaft der Intuit Inc. (USA); Angaben zum Datenschutz: Datenschutzerklärung (Intuit) einschliesslich «Länder- und Regionen-spezifische Bestimmungen» («Country and Region-Specific Terms»), «Häufig gestellte Fragen zum Datenschutz bei Mailchimp», «Mailchimp und europäische Datenübertragungen», «Sicherheit», Cookie-Richtlinie, «Datenschutzrechtliche Anfragen» («Privacy Rights Requests»), «Rechtliche Bestimmungen».

10. Social Media

Wir sind auf Social Media-Plattformen und anderen Online-Plattformen präsent, um mit interessierten Personen kommunizieren sowie über unsere Aktivitäten und Tätigkeiten informieren zu können. Im Zusammenhang mit solchen Plattformen können Personendaten auch ausserhalb der Schweiz und des Europäischen Wirtschaftsraumes (EWR) bearbeitet werden.

Es gelten jeweils auch die Allgemeinen Geschäftsbedingungen (AGB) und Nutzungsbedingungen sowie Datenschutzerklärungen und sonstigen Bestimmungen der einzelnen Betreiber solcher Plattformen. Diese Bestimmungen informieren insbesondere über die Rechte von betroffenen Personen direkt gegenüber der jeweiligen Plattform, wozu beispielsweise das Recht auf Auskunft zählt.

Für unsere Social Media-Präsenz bei Facebook unter Einschluss der sogenannten Seiten-Insights sind wir – sofern und soweit – die DSGVO anwendbar ist, gemeinsam mit der Meta Platforms Ireland Limited (Irland) verantwortlich. Die Meta Platforms Ireland Limited ist Teil der Meta-Unternehmen (unter anderem in den USA). Die Seiten-Insights geben Aufschluss darüber, wie Besucherinnen und Besucher mit unserer Facebook-Präsenz interagieren. Wir nutzen Seiten-Insights, um unsere Social Media-Präsenz bei Facebook effektiv und nutzerfreundlich bereitstellen zu können.

Weitere Angaben über Art, Umfang und Zweck der Datenbearbeitung, Angaben zu den Rechten von betroffenen Personen sowie die Kontaktdaten von Facebook wie auch dem Datenschutzbeauftragten von Facebook finden sich in der Datenschutzerklärung von Facebook. Wir haben mit Facebook den sogenannten «Zusatz für Verantwortliche» abgeschlossen und damit insbesondere vereinbart, dass Facebook dafür verantwortlich ist, die Rechte betroffener Personen zu gewährleisten. Für die sogenannten Seiten-Insights finden sich die entsprechenden Angaben auf der Seite «Informationen zu Seiten-Insights» einschliesslich «Informationen zu Seiten-Insights-Daten».

11. Dienste von Dritten

Wir nutzen Dienste von spezialisierten Dritten, um unsere Aktivitäten und Tätigkeiten dauerhaft, nutzerfreundlich, sicher und zuverlässig ausüben zu können. Mit solchen Diensten können wir unter anderem Funktionen und Inhalte in unsere Website einbetten. Bei einer solchen Einbettung erfassen die genutzten Dienste aus technisch zwingenden Gründen mindestens zeitweilig die Internet Protocol (IP)-Adressen der Nutzerinnen und Nutzer.

Für erforderliche sicherheitsrelevante, statistische und technische Zwecke können Dritte, deren Dienste wir verwenden, Daten im Zusammenhang mit unseren Aktivitäten und Tätigkeiten aggregiert, anonymisiert oder pseudonymisiert bearbeiten. Es handelt sich beispielsweise um Leistungs- oder Nutzungsdaten, um den jeweiligen Dienst anbieten zu können.

Wir nutzen insbesondere:

• Dienste von Google: Anbieterinnen: Google LLC (USA) / Google Ireland Limited (Irland) für Nutzerinnen und Nutzer im Europäischen Wirtschaftsraum (EWR) und in der Schweiz; Allgemeine Angaben zum Datenschutz: «Grundsätze zu Datenschutz und Sicherheit», Datenschutzerklärung, «Google ist der Einhaltung der anwendbaren Datenschutzgesetze verpflichtet», «Leitfaden zum Datenschutz in Google-Produkten», «Wie wir Daten von Websites oder Apps verwenden, auf bzw. in denen unsere Dienste genutzt werden» (Angaben von Google), «Von Google verwendete Cookie-Arten und sonstige Technologien», «Personalisierte Werbung» (Aktivierung / Deaktivierung / Einstellungen).
• Dienste von Microsoft: Anbieterinnen: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Irland) für Nutzerinnen und Nutzer im Europäischen Wirtschaftsraum (EWR), in Grossbritannien und in der Schweiz; Allgemeine Angaben zum Datenschutz: «Datenschutz bei Microsoft», «Datenschutz (Trust Center)», Datenschutzerklärung.

11.1 Digital Infrastructure

We use services from specialized third parties to obtain the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

• Hetzner: Hosting and other infrastructure; Providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both Germany); Data protection information: Privacy Policy (Hetzner Online GmbH), Privacy Policy (Hetzner Cloud GmbH), «Data Protection FAQ».

11.2 Social Media Functions and Social Media Content

We use services and plugins from third parties to embed functions and content from social media platforms and to enable sharing of content on social media platforms and other means.

We use, in particular:

• Facebook (Social Plugins): Embedding Facebook functions and content, such as «Like» or «Share»; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Privacy Policy.
• Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Privacy Policy (Instagram), Privacy Policy (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding functions and content from LinkedIn, for example with Plugins such as the «Share Plugin»; Provider: Microsoft; LinkedIn-specific information: «Privacy», Privacy Policy, Cookie Policy, Cookie Management / Opt-out of LinkedIn Email and SMS Communication, Opt-out of Interest-Based Ads.
• TikTok (Social Plugins): Embedding functions and content from TikTok, such as «Share to TikTok»; Providers: TikTok Information Technologies UK Limited (UK) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), the UK, and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; Data protection information: Privacy Policy, «Privacy Policy for Younger Users», Cookie Policy, «Privacy Policy and Cookie Policy for TikTok for Business».
• Twitter for Websites: Embedding functions and content from Twitter, such as displaying tweets; Providers: Twitter International Company (Ireland) for users in the European Economic Area (EEA) and the UK / Twitter Inc. (USA) for users in the rest of the world; Data protection information: Privacy Policy, «Twitter for Websites – Ads Info and Privacy», «How We Use Cookies and Similar Technologies», «Personalization Based on Derived Identity», «Privacy Settings for Tailored Ads».

11.3 Map Material

We use services from third parties to embed maps into our website.

We use, in particular:

• Google Maps including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: «How Google Uses Location Information».

11.4 Fonts

We use services from third parties to embed selected fonts, as well as icons, logos, and symbols into our website.

We use, in particular:

• Adobe Fonts: Fonts; Providers: Adobe Inc. (USA) for users in the USA / Adobe Systems Software Ireland Limited (Ireland) for users outside the USA; Data protection information: «Adobe Privacy Center», Privacy Policy (Adobe Fonts), «Adobe Privacy Policy», «Questions about Privacy?», «Adobe Privacy Settings».
• Font Awesome: Icons and logos; Provider: Fonticons Inc. (USA); Data protection information: Privacy Policy.
• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: «Privacy and Google Fonts», «Privacy and Data Collection».

11.5 E-Commerce

We operate e-commerce and use services from third parties to successfully offer services, content, or goods.

11.6 Payments

We use specialized service providers to securely and reliably process payments from our customers. Additional terms and conditions of the individual service providers, such as General Terms and Conditions (GTC) or Privacy Policies, apply to the processing of payments.

We use, in particular:

• Adyen: Payment processing; Provider: Adyen NV (Netherlands); Data protection information: Privacy Policy, Cookie Policy.

11.7 Advertising

We utilize the ability to specifically display advertising for our activities and operations with third parties such as social media platforms and search engines.

We aim to reach individuals who are already interested in our activities or who might be interested in them (Remarketing and Targeting). For this purpose, we may transmit relevant – potentially personal – information to third parties that enable such advertising. Additionally, we can determine whether our advertising is successful, particularly if it leads to visits to our website (Conversion Tracking).

Third parties where we advertise and where you are registered as a user may potentially associate the use of our online services with your profile there.

We use, in particular:

• Facebook Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Remarketing and targeting, especially with Facebook Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy, «Ad Preferences» (registration as a user required).
• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, with various domain names – especially doubleclick.net, googleadservices.com, and googlesyndication.com – used for Google Ads, «Ads» (Google), «Why am I seeing this ad?».
• Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Remarketing and targeting, especially with Facebook Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), «Ad Preferences» (Instagram) (registration as a user required), «Ad Preferences» (Facebook) (registration as a user required).
• LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Data protection information: Remarketing and targeting, especially with the LinkedIn Insight Tag, «Privacy», Privacy Policy, Cookie Policy, Opt-out of Personalized Advertising.
• Pinterest Ads: Social media advertising; Providers: Pinterest Inc. (USA) / Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); Data protection information: Remarketing and targeting, especially with the Pinterest Tag, «Privacy, Safety, and Legal», Privacy Policy, «Personalization and Data», «Personalized Ads on Pinterest», «Data Sharing on Pinterest», Cookie Policy.
• Snapchat Ads: Social media advertising; Provider: Snap Inc. (USA); Data protection information: Remarketing and targeting, especially with the Snap Pixel, «Our Privacy Commitment», «Privacy Information», Privacy Policy, Special Privacy Statements for Specific Regions and States, including the European Economic Area (EEA) and the UK, «Privacy by Product» (including Advertising), «Privacy Settings», Cookie Policy, Cookie Settings.
• TikTok Ads: Social media advertising; Providers: TikTok Information Technologies UK Limited (UK) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), the UK, and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; Data protection information: Remarketing and targeting, including with the TikTok Pixel, Privacy Policy, « Privacy Policy for Younger Users », Cookie Policy, « Privacy Policy and Cookie Policy for TikTok for Business ».
  • Google reCAPTCHA: Spam protection (distinguishing between desirable comments from humans and unwanted comments from bots as well as spam); Provider: Google; Google reCAPTCHA-specific details: «What is reCAPTCHA?».
• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific details: Measurement also across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally fully transmitted to Google in the USA, «Privacy», «Browser Add-on to Disable Google Analytics».
• Google Tag Manager: Integration and management of other services for success and reach measurement, as well as additional services from Google and third parties; Provider: Google; Google Tag Manager-specific details: «Data Collected by Google Tag Manager»; additional privacy details can be found with the individual integrated and managed services.