In the following, we inform you about the collection of personal data when using our websites. Personal data is all data that can be related to you personally, e.g. name, address, e-mail address, user behaviour. We process personal data solely for the purposes for which the data was transmitted.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. Name and contact details of the controller, data protection officer, server location

The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DS-GVO) is the

ATTIKA FEUER AG

Brunnmatt 16

6330 Cham

Schweiz

E-Mail: info@attika.ch

Phone: +41 (0)41 784 80 80

You can reach our data protection officer at the e-mail address datenschutzbeauftragter@attika.ch or our aforementioned postal address with the addition of „the data protection officer“.

Personal data is stored by Attika on servers in Switzerland and the EU.

2. Collection and storage of personal data as well as type and purpose of their use

a) for the performance of a contract or pre-contractual arrangements

We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our internet pages (usage data) only insofar as this is necessary to enable the user to use the service.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

We only transmit personal data to third parties if this is necessary for the processing of the contract, for example to the credit institution commissioned with the processing of payments.

No further transmission of data will take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

b) when visiting the website

 When you access our website, information is automatically transmitted to us by the browser used on your terminal device. When you visit our website, the following data is collected without your intervention and temporarily stored in a so-called log file:

IP address

Date and time of the request

Time zone difference from Greenwich Mean Time (GMT)- Content of the request (specific page)

Access status/HTTP status code

Amount of data transferred in each case

Website from which the request came

Browser used

Language and version of the browser software

Operating system and its interface

The above data will be processed by us for the following purposes:

Ensuring a smooth connection of the website

Ensuring a comfortable use of our website

Evaluation of system security and stability

For further administrative purposes

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest follows from the aforementioned purposes for data collection.

In addition, we use cookies as well as analysis services and social media bookmarks / plug-ins when you visit our website. You will find more detailed explanations on cookies and analysis services under sections 4 and 5 and on social media bookmarks / plug-ins under section 6 of this data protection declaration. In sections 7 and 8, we provide information on the integration of YouTube videos and Google Maps.

c) when using a contact form or by email

When you contact us via a contact form or by e-mail, the data you provide (your e-mail address, name, telephone number, address and any information you provide in the contact form) will be stored by us in order to answer your questions. If required on the basis of your enquiry, the data may also be transmitted to companies affiliated with Attika or to independent market organisations and processed by them. We delete the data accruing in this context when the storage is no longer necessary to answer your enquiry.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO on the basis of your voluntarily given consent.

d) when using the specialist dealer area of our website

If you would like to use our customer portal as a specialist dealer of Attika Feuer AG, you must register by providing your name, e-mail address and a password of your choice. The provision of the aforementioned data is mandatory for the use of the customer portal. Deletion of this data is possible upon request. Further information on your rights to information and revocation can be found in section 10 of this data protection declaration.

e) when submitting an application

If you send us an application, we will process your applicant data to carry out the application process. We ensure that your personal application data is only passed on to the internal departments and specialist departments responsible for filling the specific position. Your personal application data will not be passed on to third parties. If you cannot be considered in the application process, your application data will be automatically deleted six months after the application process has been completed, unless a legal provision prevents deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to longer storage. In the event of recruitment, the data you provide as part of the application process will be stored and processed as employee data. The legal basis for the processing of your data is Art. 6 para. 1 lit. a DS-GVO.

3. Use of service providers, transfer of data

Attika uses selected external service providers in Switzerland, within the EU and the USA to provide support and administrative tasks for our website. These service providers may occasionally have access to your personal data. The service providers process your data exclusively on behalf of and in accordance with the instructions of Attika, in compliance with these data protection provisions and the applicable laws.

Your personal data will only be transferred to third parties if the transfer is expressly stated in this privacy policy or for one of the following purposes:

You have given your express consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO.

The disclosure is necessary according to Art. 6 para. 1 p. 1 lit. f DS-GVO for the assertion, exercise or defence of legal claims or for the provision of our website and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

In the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 p. 1 lit. c DS-GVO

The disclosure is legally permissible and necessary for the processing of a contractual relationship with you according to Art. 6 para. 1 p. 1 lit. b DS-GVO.

4. Cookies

We use cookies on our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide us with certain information. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see sections 5 and 6 of this data protection declaration). These cookies enable us to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website if you refuse cookies.

The legal basis for the use of cookies is Art. 6 para. 1 p. 1 lit. f DS-GVO.

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter „Usercentrics“).

When you enter our website, the following personal data is transferred to Usercentrics:

Your consent(s) or the revocation of your consent(s)

Your IP address

Information about your browser

Information about your terminal device

Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

5. Web analysis

a) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). By using Google Analytics, we want to ensure a needs-oriented design and ongoing optimisation of our website as well as statistically record the use of our website in order to optimise our offer for you. The legal basis for this is Art. 6 para. 1 p. 1 lit. f DS-GVO.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. This website uses Google Analytics with IP anonymisation. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator (e.g. display advertising features such as remarketing, reports on impressions in the Google Display Network, integration of DoubleClick Campaign Managers or Google Analytics reports on performance by demographic characteristics and interests).

Under certain circumstances, Google can analyse your usage behaviour across several end devices (PC, smartphone, tablet, etc.) by means of so-called cross-device functions and evaluate them for Attika. To this end, Google may link information generated via the respective end devices with each other and with data from your Google account for the purpose of personalised advertising, if you have a Google account and your settings there are such that Google can link the browser history with the Google account and that information from the Google account may be used to personalise advertisements.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin or within browsers on mobile devices, you can adjust your cookie settings at any time via the floating cookie button (bottom left of the website). This tool helps you to select and deactivate various tags / trackers / analysis tools on this website.

Information from the third-party provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Terms of use: http://www.google.com/analytics/terms/de.html , Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html l, and Privacy policy: http://www.google.de/intl/de/policies/privacy .

b) DoubleClick by Google

This website also uses the online marketing tool DoubleClick by Google from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, this setting being deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanently deactivating them in your browsers Firefox, Internetexplorer or Google Chrome at the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this website to their full extent.

The legal basis for the processing of your data is Art. 1 p. 1 lit. f DS-GVO. For more information on DoubleClick by Google, please visit https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org . Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c) Google Ad Sense

This website uses Google AdSense, a service for integrating advertisements from Google Inc ("Google"). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on these pages can be evaluated.

The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.

The storage of AdSense cookies is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

d) Google AdWords Conversion Tracking

In addition, this website uses Google AdWords Conversion Tracking, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"), to improve the website and advertising activities. The legal basis for this is Art. 6 para. 1 p. 1 lit. f DS-GVO.

The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website within these 30 days, Google in the USA and we can recognise that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for us. We learn the total number of users who clicked on our ad and were redirected to our site. However, we do not receive any information that identifies you personally.

If you do not wish to participate in the tracking, you can easily deactivate the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. You can find further setting options on the page on deactivating Google advertising at http://www.google.com/policies/technologies/ads/.

The information provided under point 5. a) regarding the third-party provider Google shall apply accordingly.

e) Google AdWords Remarketing

In addition to Adwords Conversion Tracking, we use the Google Remarketing application from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). This is a procedure with which we would like to address you again. Through this application, our advertisements can be displayed to you during your further internet use after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when you visit various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

The legal basis for the use of Google AdWords Remarketing is Art. 6 para. 1 p. 1 lit. f DS-GVO. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

The information provided under point 5 a) regarding the third-party provider Google shall apply accordingly.

f) Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

g) Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

h) Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on its website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

i) Google AJAX

On this website we use Google AJAX Search API. This is a stable, reliable, globally available high-speed content delivery network (CDN) for the most popular open source JavaScript libraries. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The data is collected in order to deliver content. Technologies used such as cookies and pixels are placed in the browser. The collected data is deleted as soon as the purpose of its collection has been fulfilled.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. a DSGVO.

This service may forward the collected data to third countries. Please read the data processor's data protection policy: https://policies.google.com/privacy?hl=en

Cookie policy of the data processor: https://policies.google.com/technologies/cookies?hl=en

j) Gstatic

This website uses Gstatic by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. to ensure the full functionality of the website. In this context, your browser may send personal data (CSS) to Gstatic. This service may transfer the collected data to third countries. The legitimate interest is to ensure the correct functioning of the website. The data is deleted as soon as the purpose for which it was collected is fulfilled.

For more information about Google Gstatic and Google's privacy policy, please click on the following link: http://www.google.com/intl/de/policies/privacy/

Click here to read the cookie policy of the data processor: https://policies.google.com/technologies/cookies?hl=en

The legal basis for the data processing is Art. 6 par. 1 p. 1 lit. f DSGVO.

k) Font Awesome

This site uses Font Awesome for the uniform display of fonts and symbols. Provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you call up a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you are using must connect to Font Awesome's servers. This enables Font Awesome to know that your IP address has been used to access this website. The use of Font Awesome is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform presentation of the typeface on our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

If your browser does not support Font Awesome, a default font from your computer will be used.

For more information on Font Awesome, please see Font Awesome's privacy policy at: https://fontawesome.com/privacy.

l) Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you call up this website, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your end device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

You can find Adobe's privacy policy at: https://www.adobe.com/de/privacy/policy.html

6. Use of social media links and plug-ins

a) Social Media Links

We use links on our website to our profiles on the social networks Facebook, Instagram, Pinterest and YouTube in order to make Attika better known.

These services are only integrated as links to the corresponding social networks. No data is transmitted to the providers of the social networks if you do not click on the respective links. After clicking on the embedded links, you will be redirected to the page of the respective provider. Only then will user information be transmitted to the respective provider.

Addresses of the respective providers and URLs with their data protection notices:

a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA, further information on data collection: https://help.instagram.com/155833707900388.

c) YouTube LLC., 901 Cherry Ave, San Bruno, CA 94066, USA; https://www.google.de/intl/de/policies/privacy. Google, parent company of YouTube, LLC, also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

d) Pinterest Inc., San Francisco, USA, further information on data collection: https://policy.pinterest.com/de/privacy-policy

7. Integration of YouTube videos

We have integrated YouTube videos from YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"), into our online offer, which are stored on http://www.youtube.com and can be played directly from our website. YouTube videos are integrated to enable you to use the website comfortably. The legal basis for this is Art. 6 para. 1 p. 1 lit. f DS-GVO.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, log data is transmitted in accordance with section 2. a) of this declaration. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before visiting our website. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

For more information on the purpose and scope of data collection and processing by YouTube, please see YouTube's privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8. Google Maps

On this website, we use the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA ("Google"). This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for this is Art. 6 para. 1 p. 1 lit. f DS-GVO.

By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under point 2. a) of this declaration will be transmitted to Google. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your Google profile, you must log out before visiting our website. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and processing by Google can be found in Google's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

9. Newsletter

Attika does not send newsletters, advertising mails or direct mailings to private individuals who are not employed as Attika dealers. Conversely, this means that we do not use e-mail or postal addresses that we have stored for processing enquiries or orders for newsletters or other advertising purposes.

10. Payment provider

a) PayPal

On our websites we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

b) Enerypted payment transactions on this website

If there is an obligation to transmit your payment data (e.g. account number in the case of direct debit authorisation) to us after the conclusion of a contract subject to a charge, this data is required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, PostFinance Card, TWINT, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

When you place an order via our Attika Shop (shop.attika.ch / shop.attika.de), an encrypted connection to the PostFinance server (PostFinance Checkout module) is established. The payment takes place on the PostFinance server. No payment information is stored in the online shop.

11. Data security

a)

We use the common SSL/TSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser when visiting the website. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. However, Attika cannot guarantee the security of data transmitted by you as a user. Any data transmission originating from the user is therefore at the user's own risk.

b)

We use the service "Cloudflare". The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website via Cloudflare's network. This enables Cloudflare to analyse the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DSGVO).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

Further information on the topic of security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

12. Your rights

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 DS-GVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

demand the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 DS-GVO.

pursuant to Art. 17 DS-GVO, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims

to request the restriction of the processing of your personal data pursuant to Art. 18 DS-GVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 DS-GVO

in accordance with Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

object to the processing of your personal data pursuant to Article 21 DS-GVO, provided that your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSGVO and provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation

revoke your consent at any time in accordance with Art. 7 (3) DS-GVO. This has the consequence that we may no longer continue the data processing based on this consent in the future.

complain to a supervisory authority in accordance with Art. 77 DS-GVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace.

To exercise the aforementioned rights, please send an e-mail to datenschutzbeauftragter@attika.ch or send us a message to the contact details given in the imprint.

13. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and has the status of 15 March 2023.

Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website at https://attika.ch/de/datenschutz.

Cham, 27.07.2023