SAYJA PRIVACY & COOKIE POLICY
Effective: 2 April 2019
We respect your right to privacy and strive to adhere to the highest data protection standards. Please read this Privacy Policy carefully because it contains important information about how we handle your personal data.
If, after reading the Privacy Policy, you still have any questions, please contact us so that we could address your concerns.
1. General information
This privacy and cookie policy (the “Privacy Policy”) provides a detailed description of policies and procedures governing the collection and processing of personal data through the following websites:
- https://sayja.ch, an e-commerce platform facilitating import and export of fruits, vegetables, tea, and coffee (for B2B clients) and sale of coffee (for B2C clients) (“SAYJA”);
- www.stokedabout.com, an e-commerce website featuring vegan, organic, and plant-based cosmetic products and other fashion products (“STOKED ABOUT”); and
- http://www.sayjagroup.com, a website providing information about the company (as specified below) operating the Websites (“SAYJA GROUP); (collectively, the “Websites”).
Responsible company (data controller). The entity that is responsible for operating the Websites, collecting personal data, and determining the purposes and means of the processing of personal data is SayJa GmbH, having a registered place of business at Im Glockenacker 13, 8053 Zürich, Switzerland (“we”, “us”, and “our”).
Children. The Websites are not intended for users under the age of 18. If a person under 18 has provided us with his/her personal data without obtaining parental or guardian consent in advance, the parent or guardian may request us to destroy or de-identify the personal data. Upon such a request, we will immediately delete child’s personal data from our systems. Our contact details are specified in Section 15 “Contact” of this Privacy Policy.
Applicable laws. We are committed to complying with the applicable data protection laws, including the Swiss Federal Data Protection Act and the EU General Data Protection Regulation (GDPR).
Definitions. This Privacy Policy contains recurrent terms. We would like to explain you what such terms mean:
- “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
- “Data controller” means the entity that determines the purposes and means of processing personal data;
- “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
- “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address); and
- “Processing” means the use of personal data in all possible manners, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.
2. What personal data do we collect?
We comply with data minimization principles and collect only a minimal amount of personal data that is necessary for ensuring your use of the Websites:
- When you register a user account on STOKED ABOUT, we collect your:
- First name;
- Last name;
- Address;
- Email address;
- Username;
- Password; and
- Date of birth.
- When you purchase goods through STOKED ABOUT and SAYJA, you will be asked to provide your:
- Full name;
- Email address;
- Payment information (e.g., credit card numbers and payment account details);
- Billing address;
- Delivery address; and
- Phone number.
- When you access the Websites through your social media account (e.g., Facebook), we may have access to the personal data that you choose to make available through your social media account settings.
- When you browse the Websites, we collect your IP address.
- When you contact us by email or by using the contact form available on the Websites, we collect your:
- Full name;
- Email address; and
- Any other information that you decide to provide us in your message.
- When you subscribe to our newsletter, we collect your email address.
Making payments. When you make payments on STOKED ABOUT and SAYJA, you will be requested by our third-party payment processor Concardis GmbH (the “Third-Party Payment Processor”) to submit payment information, such as your credit/debit card details. Please note that, unless it is strictly necessary for accountancy purposes, we do not store your payment information. The Third-Party Payment Processor handles all steps of payment processing through its system and Concardis individual privacy policy applies to the payment transactions (see https://www.concardis.com/de-en/protecting-your-data for more information).
Sensitive data. We DO NOT collect, under any circumstances, any special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation.
Accuracy of personal data. By providing your personal data, you acknowledge and agree to submit the personal data that is up-to-date, true, accurate, current, and complete. In case your personal data changes, you agree to notify us as soon as such changes occur by following the instructions described in Section 11 “Your rights regarding your personal data”.
Failure to provide personal data. If you decide not to provide your personal data when requested (e.g., your email address and address), we will not be able to deliver the requested services (e.g., to ship your orders or inform you about the status of your order).
3. For what purposes do we use personal data?
We respect data protection principles. Thus, we collect and process your personal data only for specified and legitimate purposes that are explicitly mentioned in this Privacy Policy. The table below provides an overview about the intended purposes of each type of personal data and the legal basis on which we rely when processing it.
|
Situation |
Personal data |
Purpose |
Legal basis |
|
When you create a user account |
|
|
Performing a contract with you Pursuing our legitimate business interests (to grow and promote our business) |
|
When you contact us by email or contact form |
|
|
Pursuing our legitimate business interests (to grow and promote our business) Your consent (for optional personal data) |
|
When you purchase goods and make payments |
|
|
Performing a contract with you Pursuing our legitimate business interests (to administer our business) |
|
When you use the Websites |
|
|
Pursuing our legitimate business interests (to analyze, grow and promote our business) |
|
When you use your social media account on the Websites |
|
|
|
|
When you sign up for a newsletter |
|
|
|
Repurposing of personal data. If we would like to use your personal data for purposes that are not mentioned in this privacy policy (i.e., repurpose your personal data), we will make sure that there is a legal basis for such repurposing and, if necessary, seek your prior consent to those specific purposes.
4. Non-personal data
When you browse the Websites, we may automatically collect certain technical non-personal data about your use of the Websites. Such non-personal data does not allow us to identify you in any manner.
Types of non-personal data. In addition to your IP address (personal data), the non-personal data collected by us includes information about: (i) the type of your device; (ii) operating systems and browsers used by you; (iii) your browsing patterns; (iv) URL addresses of websites clicked to and from the Websites; and (v) your other online behavior data.
Purposes of non-personal data. We collect non-personal data for online analytics purposes only, such as:
- To analyze what kind of users visit the Websites;
- To identify the channels through which the Websites are accessed and used;
- To examine the relevance, popularity, and engagement rate of the content available on the Websites; and
- To personalize the Websites for your specific needs.
Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data.
5. Consent
Your use of the Websites is subject to this Privacy Policy. Thus, we strongly encourage you to review the Privacy Policy regularly. Please make sure that you fully understand it and you agree to the processing of your personal data as described in the Privacy Policy.
Obtaining your consent. In some cases (where required by the applicable law), we may seek your prior consent in situations, such as:
- If we intend to collect personal data that is not mentioned in this Privacy Policy;
- If we intend to use your personal data for the purposes that are not indicated in this Privacy Policy;
- If we would like to disclose or transfer your personal data to third parties that are not indicated in this Privacy Policy and cannot provide adequate level of protection; or
- If we significantly amend this Privacy Policy.
6. Marketing communication and informational notices
Marketing communication. Before sending you direct marketing messages, such as newsletters, brochures, promotions and advertisements, or contacting you by any other means with the purpose to offer you our services, we will seek your express (“opt-in”) consent, unless:
- You have voluntarily subscribed to a newsletter. Your voluntary subscription to a newsletter substitutes opt-in consent; or
- We would like to inform you about our new products and services that are closely related to the products and services already used by you.
Opt-out from marketing communication. If you would unsubscribe from receiving any future direct marketing communications, you can do so at any time free of charge by:
- Clicking on the “unsubscribe” link included in any such marketing communication; or
Contacting us directly by email at: hello@sayja.ch (SAYJA), hello@stokedabout.com (STOKED ABOUT), and hello@sayjagroup.com (SAYJA GROUP).
Informational notices. From time to time, we may send you informational notices, such as (i) information about your orders and (ii) important information about the Websites, your privacy and security, and other important matters. We send such notices on an “if-needed” basis and they DO NOT fall within the scope of direct marketing communication that requires your prior consent.
7. Security
We put our best efforts to keep your personal data safe and secure. We implement organizational and technical information security measures to protect your personal data, such as secured networks, limited access to your personal data by our staff, SSL certification, and anonymization of personal data (when possible). In order to ensure the security of your personal data, we kindly ask you to use the Websites through a secure network only.
Handling security breaches. Although we put our best efforts to protect your personal data, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will inform our local data protection authority, namely, The Swiss Federal Data Protection and Information Commissioner, without undue delay and immediately take reasonable measures to mitigate the breach, as required by the applicable law.
8. Storage of personal data
We will store your personal data in our systems only for as long as such personal data is required for the purposes described in Section 3 of this Privacy Policy. For example, if you have submitted your contact details when registering a user account on STOKED ABOUT, we will store your personal data until you delete your user account.
After your personal data is no longer necessary for its intended purposes, we will immediately delete your such data from our systems or anonymize it. Please note that, in some cases, we may be required by law to store your personal data for a certain period of time (e.g., for maintaining our accountancy records). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
9. Disclosure of personal data to third parties
In some circumstances, we may disclose your personal data to third parties that provide services to us (data processors). Such a disclosure is limited to the situations when the personal data is required for the following purposes:
- Ensuring the operation of the Websites;
- Ensuring the delivery of your orders;
- Providing you with the requested information;
- Pursuing our legitimate business interests;
- Carrying out our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
List of data processors. The data processors that we cooperate with include:
- Our hosting provider WordPress;
- Our newsletter providers MailChimp and ConvertKit;
- Our user analytics providers Google Analytics, eTracker, and WordPress;
- Our marketing and advertising partners Google and Facebook;
- Our payment service provider Concardis;
- Our social media plugin in providers Instagram, Facebook, YouTube and Twitter.
The data processors listed above will access your personal data as a part of their partnership with us and only if they agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws.
Legal requests. We will respond to lawful requests from public authorities to disclose information about the users of the Websites to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.
10. Transfer of personal data outside the EU
Our company and some of the third parties listed in Section 9 of this Privacy Policy are located outside the European Union (EU) and, if you reside in the EU, we may need to transfer your personal data to jurisdictions outside the EU. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).
11. Your rights to manage your personal data
What rights do you have? You have the right to manage the personal data that we collect from you. More particularly, we provide you with a possibility to request us to:
- Get a copy of your personal data that we store;
- Rectify inaccurate personal data;
- Move your personal data to another processor;
- Delete your personal data from our systems;
- Object and restrict processing of your personal data;
- Withdraw your consent; or
- Process your complaint.
How to exercise your rights? If you would like to exercise your rights listed above, please contact us by email (specified in the section “Contact”) and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
How to launch a complaint? If you would like to launch a complaint about the way in which your personal data is handled by us, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are a resident of the EU and you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
12. Third-party links
The Websites may contain links to websites owned and operated by third parties (e.g., social media providers). Please note that this Privacy Policy does not apply to any of such third-party websites and we are not responsible for the privacy and security practices of those third parties. It is your sole responsibility to familiarize with the privacy practices of such third-party websites and applications before using them.
13. Cookies
The Websites use cookies. In this section, you can find information about the types of cookies that we use and the purposes for which the cookies are used. If you do not agree with our use of cookies, please disable your cookies as described in the section “How to disable cookies?”. Please note that the full functionality of the Websites may not be available without cookies.
What is a cookie? A cookie is a small piece of data, typically consisting of letters and numbers. When you visit a website, the website may send a cookie to your browser. Subsequently, the browser may store the cookie on your computer or mobile device. Cookies are designed to allow the recognition of user’s device and collection of certain information about the use of a website. Thus, over time, cookies allow websites to “remember” your actions and preferences. There are two types of cookies, namely, (i) persistent cookies, which remain valid until their expiration date, unless deleted by the user before that date, and (ii) session cookies that are stored on a web browser and remain valid until the moment the browser is closed. Cookies may also be (i) first-party cookies (set by the website itself) and (ii) third-party cookies (placed by third-party websites).
What cookies do we use? The table below provides an overview of the cookies used by us on the Website, including their purposes and expiration time.
|
Cookie |
Type |
Expiration |
Purpose |
|
_gat |
First-party Google Analytics session cookie |
1 minute |
Used to throttle request rate |
|
_gid |
First-party Google Analytics cookie |
24 hours |
Distinguishing users |
|
_ga |
First-party Google Analytics cookie |
2 years |
Distinguishing users |
For what purposes do we use cookies? We use cookies for the following purposes:
- To identify you as a unique user when you are browsing the Websites;
- To verify your details while you are navigating from a page to page on the Websites;
- To customize and personalize the Websites for you;
- To remember your custom preferences;
- To generate information and reports about your use of the Website; and
- To display you advertisements on the basis of your use of the Websites and other websites on the Internet.
Cookie consent. When you visit the Websites for the first time, we will ask you to provide us with your consent to our use of cookies.
How to disable cookies? If you would like to refuse our use of cookies, you can do it at any time by declining cookies in your browser or device (please check your browser’s or device’s “help” functionality for more information) or visiting https://www.aboutcookies.org for further information. Please be aware that some parts of the Websites may not function properly without cookies.
Google Analytics. We use Google Analytics, the service provided by Google, Inc. (“Google”) to analyze your use of the Websites. Google Analytics generates statistical and other information by means of cookies and we use its services to create reports about your use of the Websites. Google Analytics cookies are anonymous first-party cookies. Such cookies include cookies entitled “__gat”, “__gid”, and “__ga”. Please note that the use of Google Analytics cookies is anonymous and does not allow us to identify you in any manner. The information generated by cookies about your use of the Websites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that your IP address will be anonymized and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ privacy practices, please visit https://support.google.com/analytics/answer/6004245.
Opting-out from Google Analytics. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org.
Interest-based advertisements. We may place targeted interest-based advertisements on the Websites that are tailored to your use of the Websites. You can control how such advertisements are shown to you or opt-out from such targeted advertisements by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com.
14. Term, termination, and amendments
Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.
Amendments. The Privacy Policy may be changed from time to time. The amended version of the Privacy Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. For significant changes in the Privacy Policy, or where required by the applicable law, we may seek your consent.
Last amendment. This Privacy Policy was last amended on 2nd of April 2019.
15. Contact
If you have any questions or need further clarifications regarding this Privacy Policy, please do not hesitate to contact us.
Company: SayJa GmbH
Address: Im Glockenacker 13, 8053 Zurich, Switzerland
Email addresses:
hello@sayja.ch (for SAYJA)
hello@stokedabout.com (for STOKED ABOUT)
hello@sayjagroup.com (for SAYJA GROUP)
Phone: +41 445861484
