Effective: 2 April 2019
1. General information
- https://sayja.ch, an e-commerce platform facilitating import and export of fruits, vegetables, tea, and coffee (for B2B clients) and sale of coffee (for B2C clients) (“SAYJA”);
- www.stokedabout.com, an e-commerce website featuring vegan, organic, and plant-based cosmetic products and other fashion products (“STOKED ABOUT”); and
- http://www.sayjagroup.com, a website providing information about the company (as specified below) operating the Websites (“SAYJA GROUP); (collectively, the “Websites”).
Responsible company (data controller). The entity that is responsible for operating the Websites, collecting personal data, and determining the purposes and means of the processing of personal data is SayJa GmbH, having a registered place of business at Im Glockenacker 13, 8053 Zürich, Switzerland (“we”, “us”, and “our”).
Applicable laws. We are committed to complying with the applicable data protection laws, including the Swiss Federal Data Protection Act and the EU General Data Protection Regulation (GDPR).
- “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
- “Data controller” means the entity that determines the purposes and means of processing personal data;
- “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
- “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address); and
- “Processing” means the use of personal data in all possible manners, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.
2. What personal data do we collect?
We comply with data minimization principles and collect only a minimal amount of personal data that is necessary for ensuring your use of the Websites:
- When you register a user account on STOKED ABOUT, we collect your:
- First name;
- Last name;
- Email address;
- Password; and
- Date of birth.
- When you purchase goods through STOKED ABOUT and SAYJA, you will be asked to provide your:
- Full name;
- Email address;
- Payment information (e.g., credit card numbers and payment account details);
- Billing address;
- Delivery address; and
- Phone number.
- When you access the Websites through your social media account (e.g., Facebook), we may have access to the personal data that you choose to make available through your social media account settings.
- When you browse the Websites, we collect your IP address.
- When you contact us by email or by using the contact form available on the Websites, we collect your:
- Full name;
- Email address; and
- Any other information that you decide to provide us in your message.
- When you subscribe to our newsletter, we collect your email address.
Sensitive data. We DO NOT collect, under any circumstances, any special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation.
Accuracy of personal data. By providing your personal data, you acknowledge and agree to submit the personal data that is up-to-date, true, accurate, current, and complete. In case your personal data changes, you agree to notify us as soon as such changes occur by following the instructions described in Section 11 “Your rights regarding your personal data”.
Failure to provide personal data. If you decide not to provide your personal data when requested (e.g., your email address and address), we will not be able to deliver the requested services (e.g., to ship your orders or inform you about the status of your order).
3. For what purposes do we use personal data?
|Situation||Personal data||Purpose||Legal basis|
|When you create a user account||
||Performing a contract with you
Pursuing our legitimate business interests (to grow and promote our business)
|When you contact us by email or contact form||
||Pursuing our legitimate business interests (to grow and promote our business)
Your consent (for optional personal data)
|When you purchase goods and make payments||
||Performing a contract with you
Pursuing our legitimate business interests (to administer our business)
|When you use the Websites||
||Pursuing our legitimate business interests (to analyze, grow and promote our business)|
|When you use your social media account on the Websites||
|When you sign up for a newsletter||
4. Non-personal data
When you browse the Websites, we may automatically collect certain technical non-personal data about your use of the Websites. Such non-personal data does not allow us to identify you in any manner.
Types of non-personal data. In addition to your IP address (personal data), the non-personal data collected by us includes information about: (i) the type of your device; (ii) operating systems and browsers used by you; (iii) your browsing patterns; (iv) URL addresses of websites clicked to and from the Websites; and (v) your other online behavior data.
Purposes of non-personal data. We collect non-personal data for online analytics purposes only, such as:
- To analyze what kind of users visit the Websites;
- To identify the channels through which the Websites are accessed and used;
- To examine the relevance, popularity, and engagement rate of the content available on the Websites; and
- To personalize the Websites for your specific needs.
Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data.
Obtaining your consent. In some cases (where required by the applicable law), we may seek your prior consent in situations, such as:
6. Marketing communication and informational notices
Marketing communication. Before sending you direct marketing messages, such as newsletters, brochures, promotions and advertisements, or contacting you by any other means with the purpose to offer you our services, we will seek your express (“opt-in”) consent, unless:
- You have voluntarily subscribed to a newsletter. Your voluntary subscription to a newsletter substitutes opt-in consent; or
- We would like to inform you about our new products and services that are closely related to the products and services already used by you.
Opt-out from marketing communication. If you would unsubscribe from receiving any future direct marketing communications, you can do so at any time free of charge by:
- Clicking on the “unsubscribe” link included in any such marketing communication; or
Informational notices. From time to time, we may send you informational notices, such as (i) information about your orders and (ii) important information about the Websites, your privacy and security, and other important matters. We send such notices on an “if-needed” basis and they DO NOT fall within the scope of direct marketing communication that requires your prior consent.
We put our best efforts to keep your personal data safe and secure. We implement organizational and technical information security measures to protect your personal data, such as secured networks, limited access to your personal data by our staff, SSL certification, and anonymization of personal data (when possible). In order to ensure the security of your personal data, we kindly ask you to use the Websites through a secure network only.
Handling security breaches. Although we put our best efforts to protect your personal data, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will inform our local data protection authority, namely, The Swiss Federal Data Protection and Information Commissioner, without undue delay and immediately take reasonable measures to mitigate the breach, as required by the applicable law.
8. Storage of personal data
After your personal data is no longer necessary for its intended purposes, we will immediately delete your such data from our systems or anonymize it. Please note that, in some cases, we may be required by law to store your personal data for a certain period of time (e.g., for maintaining our accountancy records). In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
9. Disclosure of personal data to third parties
In some circumstances, we may disclose your personal data to third parties that provide services to us (data processors). Such a disclosure is limited to the situations when the personal data is required for the following purposes:
- Ensuring the operation of the Websites;
- Ensuring the delivery of your orders;
- Providing you with the requested information;
- Pursuing our legitimate business interests;
- Carrying out our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
List of data processors. The data processors that we cooperate with include:
- Our hosting provider WordPress;
- Our newsletter providers MailChimp and ConvertKit;
- Our user analytics providers Google Analytics, eTracker, and WordPress;
- Our marketing and advertising partners Google and Facebook;
- Our payment service provider Concardis;
- Our social media plugin in providers Instagram, Facebook, YouTube and Twitter.
Legal requests. We will respond to lawful requests from public authorities to disclose information about the users of the Websites to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
10. Transfer of personal data outside the EU
11. Your rights to manage your personal data
What rights do you have? You have the right to manage the personal data that we collect from you. More particularly, we provide you with a possibility to request us to:
- Get a copy of your personal data that we store;
- Rectify inaccurate personal data;
- Move your personal data to another processor;
- Delete your personal data from our systems;
- Object and restrict processing of your personal data;
- Withdraw your consent; or
- Process your complaint.
How to exercise your rights? If you would like to exercise your rights listed above, please contact us by email (specified in the section “Contact”) and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
How to launch a complaint? If you would like to launch a complaint about the way in which your personal data is handled by us, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are a resident of the EU and you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
12. Third-party links
What is a cookie? A cookie is a small piece of data, typically consisting of letters and numbers. When you visit a website, the website may send a cookie to your browser. Subsequently, the browser may store the cookie on your computer or mobile device. Cookies are designed to allow the recognition of user’s device and collection of certain information about the use of a website. Thus, over time, cookies allow websites to “remember” your actions and preferences. There are two types of cookies, namely, (i) persistent cookies, which remain valid until their expiration date, unless deleted by the user before that date, and (ii) session cookies that are stored on a web browser and remain valid until the moment the browser is closed. Cookies may also be (i) first-party cookies (set by the website itself) and (ii) third-party cookies (placed by third-party websites).
What cookies do we use? The table below provides an overview of the cookies used by us on the Website, including their purposes and expiration time.
|_gat||First-party Google Analytics session cookie||1 minute||Used to throttle request rate|
|_gid||First-party Google Analytics cookie||24 hours||Distinguishing users|
|_ga||First-party Google Analytics cookie||2 years||Distinguishing users|
- To identify you as a unique user when you are browsing the Websites;
- To verify your details while you are navigating from a page to page on the Websites;
- To customize and personalize the Websites for you;
- To remember your custom preferences;
- To generate information and reports about your use of the Website; and
- To display you advertisements on the basis of your use of the Websites and other websites on the Internet.
Google Analytics. We use Google Analytics, the service provided by Google, Inc. (“Google”) to analyze your use of the Websites. Google Analytics generates statistical and other information by means of cookies and we use its services to create reports about your use of the Websites. Google Analytics cookies are anonymous first-party cookies. Such cookies include cookies entitled “__gat”, “__gid”, and “__ga”. Please note that the use of Google Analytics cookies is anonymous and does not allow us to identify you in any manner. The information generated by cookies about your use of the Websites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that your IP address will be anonymized and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ privacy practices, please visit https://support.google.com/analytics/answer/6004245.
Opting-out from Google Analytics. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en. For more information on opting-out from advertising features on your device, please visit https://www.networkadvertising.org.
Interest-based advertisements. We may place targeted interest-based advertisements on the Websites that are tailored to your use of the Websites. You can control how such advertisements are shown to you or opt-out from such targeted advertisements by consulting the guide powered by the Digital Advertising Alliance available at https://youradchoices.com.
14. Term, termination, and amendments
Company: SayJa GmbH
Address: Im Glockenacker 13, 8053 Zurich, Switzerland
email@example.com (for SAYJA)
firstname.lastname@example.org (for STOKED ABOUT)
email@example.com (for SAYJA GROUP)
Phone: +41 445861484