Data protection

1. Introduction

This Privacy Statement outlines how Amelie Group AG ("we", "us", "our") collects and processes personal data when you visit our website, purchase our products or services, engage with us as a business partner or through your employer, or interact with us in other capacities.
Please note that additional privacy statements or legal documents, such as general terms and conditions, terms of use, or participation conditions, may apply. This document is not an exhaustive description of all our data processing activities. "Personal data" refers to any information relating to an identified or identifiable individual. "Processing" encompasses any handling of personal data, regardless of the methods or procedures used, including storage, disclosure, acquisition, collection, deletion, modification, destruction, and use.

If you provide us with personal data of other individuals (e.g., employees or family members), we assume that you have informed them of this Privacy Statement, ensured the accuracy of their personal data, and have the authority to share such data with us. Our business operations are primarily governed by Swiss data protection law, particularly the Swiss Data Protection Act (DSG). However, depending on specific circumstances, the EU General Data Protection Regulation (GDPR) or other data protection laws may also be applicable.


2. Data controller

Amelie Group AG is responsible for the data processing activities described herein, unless otherwise specified in individual cases.

For data protection inquiries, please contact:


Amelie Group AG

Bruegglistrasse 11b, CH-8852 Altendorf

info@amelieworld.com


3. Data Collection Methods


We primarily process personal data obtained from our customers and business partners (including winemakers, wineries, and other suppliers) during our business relationships and from users interacting with our website and other applications, including our profiles on social networks.

Additionally, we may collect data from publicly accessible sources (e.g., debt collection or commercial registers, press, internet) or receive such data from business partners, authorities, and other third parties (such as credit agencies). Data is also collected during direct customer interactions.


4. Categories of Processed Data


We process data that you provide directly in connection with the use of our offerings and services and our business relationship, for example, when registering as a customer, ordering our products, or during collaborations (e.g., contact details such as name, address, email address, telephone number), or that arise from the use of our offerings and services or in connection with the processing of the business relationship (e.g., order-related data for orders, information about your interests or your network). We also process data from you that you provide to us in connection with an application.

In addition to this data, we may receive the following categories of personal data about you from third parties:

  • Information related to your professional roles and activities (e.g., to facilitate business interactions with your employer or clients);
  • Information and data related to the use of our website or associated social media platforms (e.g., IP address, device information, cookies, date and time of visits, pages and content accessed, functions used, referring website, location data);
  • Information provided by individuals in your environment (e.g., family, employers, advisors, legal representatives) to facilitate contract execution or processing (e.g., references, delivery addresses, powers of attorney, compliance-related information such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners regarding your use or provision of services (e.g., payments made, purchases));
  • Information about you contained in correspondence and meetings with third parties;
  • Information from media and internet sources about you (if relevant in specific cases, e.g., in the context of an application, press review, marketing/sales), your addresses, and, if applicable, interests and other socio-demographic data (for marketing purposes);
  • Information from public registers and credit reports (if we conduct business with you personally);
  • Information obtained in connection with administrative and judicial proceedings.


5. Purposes and Legal Bases for Data Processing


Our primary purpose for processing personal data is to conclude and execute contracts with our customers and business partners. This includes processing related to wine purchases from us and the associated order processing, as well as wine purchases by us from our business partners. Where the GDPR is applicable, this corresponds to Art. 6 Para. 1 lit. b GDPR. In this context, we process your data to:

  • Communicate with you;
  • Process your orders and, where applicable, deliver them to you;
  • Provide you with certain data in our customer portal;
  • Offer optimal advice during wine purchases;
  • Process our wine purchases from you or your employer as our business partner;
  • Expand our network.

Your personal data may also be processed if you work for one of our customers or business partners. Where the GDPR is applicable, this corresponds to Art. 6 Para. 1 lit. f GDPR. In these cases, our legitimate interest lies in managing the business relationship as effectively and efficiently as possible. We also process certain data to comply with our legal obligations domestically and abroad. Where the GDPR is applicable, this corresponds to Art. 6 Para. 1 lit. c GDPR.

Additionally, we process personal data, as permitted and deemed appropriate, for the following purposes, aligning with our (and, in certain cases, third parties') legitimate interests:

• Offering and enhancing our services, websites, and other platforms where we maintain a presence;

• Communicating with third parties and addressing their inquiries (e.g., applications)


Purposes for Processing Personal Data

We process personal data for various purposes, including:

  • Providing and Enhancing Services: To offer and improve our products, services, websites, and other platforms where we maintain a presence.
  • Communication: To interact with third parties and address their inquiries, such as applications, media questions, and communications with authorities.
  • Needs Analysis and Direct Engagement: To assess and optimize methods for understanding customer and business partner needs, including collecting personal data from publicly accessible sources to acquire new customers and business partners.
  • Advertising and Marketing: To conduct advertising and marketing activities, including organizing events, unless you have objected to the use of your data. Existing customers or business partners may receive advertising, but you can opt out at any time, after which we will add you to a list to prevent further promotional communications.
  • Market and Opinion Research: To perform market and opinion research, as well as media monitoring.
  • Legal Claims and Defense: To assert legal claims and defend against legal disputes and regulatory proceedings.
  • Crime Prevention and Investigation: To prevent and investigate criminal offenses and other misconduct, including conducting internal investigations and data analyses to combat fraud.
  • Operational Security: To ensure the security of our operations, particularly concerning IT systems, websites, and other platforms.
  • Facility and Personnel Security: To implement measures such as video surveillance to enforce house rules, ensure IT, building, and facility security, and protect our employees, other individuals, and assets belonging to or entrusted to us, including access controls.
  • Business Transactions: To facilitate the purchase and sale of business units, companies, or parts of companies, and other corporate transactions involving the transfer of personal data, as well as to undertake measures for business management and compliance with legal and regulatory obligations and internal regulations of Amelie Group AG.


Consent for Data Processing


If you have provided consent for us to process your personal data for specific purposes (e.g., subscribing to newsletters or placing orders, either in person or digitally), we will process your data within the scope of and based on this consent, unless another legal basis applies. If the General Data Protection Regulation (GDPR) is applicable, this corresponds to Art. 6 Para. 1 lit. a GDPR. You may revoke your consent at any time; however, this does not affect data processing that has already occurred.


Legal Requirements Regarding Sales to Minors

We adhere strictly to legal requirements concerning the sale of alcoholic beverages to minors:

  • Prohibition for Under 16s: According to Art. 14 Para. 1 of the Food Act ("LMG"), the sale of alcoholic beverages to individuals under 16 years of age is prohibited.
  • Prohibition for Under 18s: Per Article 41, Paragraph 1, Letter i of the Alcohol Act ("AlkG"), the retail sale of spirits to individuals under 18 years of age is prohibited.

Based on these regulations, we are obligated to ensure compliance with legal requirements and to cooperate with authorities in the event of legal violations. This includes enforcing age restrictions for the purchase of alcohol to protect minors.


6.1 Website and cookies


We utilize cookies, server-side tracking, and similar technologies on our website to identify your browser or device.


What Are Cookies?

Cookies are small data files, often containing a unique identifier, sent to your computer, tablet, or mobile phone and automatically stored when you visit a website. Each website can send its own cookie (known as a first-party cookie) to your web browser if your settings allow it. Cookies can be categorized as:

• Session Cookies: These are temporary cookies that are deleted after your website visit.

• Persistent Cookies: These cookies remain on your device for a set period (e.g., two years) to remember user settings and other information.


How We Use Cookies

We employ persistent cookies to:

  • Save user settings (e.g., language preferences, auto-login).
  • Better understand how you interact with our offerings and content.
  • Display tailored offers and advertisements.

Some cookies are set by us, while others are set by our contractual partners.


Your Consent

By using our website, you consent to the use of these technologies and cookies. If you prefer not to accept cookies, you must adjust your browser settings accordingly. Most modern browsers support cookies but offer the option to disable them. You can configure your browser to reject all cookies or to notify you when a cookie is sent. Please note that blocking cookies may impair certain functions (such as language selection, shopping cart, ordering processes) on our website.


6.2 Newsletter and marketing e-mails


With your explicit consent, we will utilize your email address to send you our newsletter on a regular basis. Each newsletter includes a link at the end that allows you to unsubscribe at any time. Alternatively, you can opt out by writing or emailing the responsible entity specified in section 2.

Our newsletters and other marketing emails may contain visible and invisible image elements. These elements, when retrieved from our servers, enable us to determine if and when you've opened the email. This information helps us assess and enhance your engagement with our offerings. Most email programs are preset to block such tracking; you can adjust your email settings to prevent this if desired.

By placing an order or agreeing to receive newsletters and marketing emails, you consent to the use of these tracking technologies. If you prefer not to be tracked in this manner, please configure your email program accordingly.


6.3 Google Analytics

We utilize Google Analytics, a service provided by Google Ireland (based in Ireland), which relies on Google LLC (based in the USA) as a processor (collectively "Google"). This service helps us measure and analyze website usage through non-personally identifiable data. To facilitate this, permanent cookies set by Google are employed.

We've configured Google Analytics to anonymize IP addresses for visitors from Europe by shortening them before forwarding to the USA, ensuring they cannot be traced back to individual users. Additionally, we've deactivated the "Data sharing" and "Signals" settings. While we believe the information shared with Google doesn't constitute personal data, it's possible that Google may use this data for its own purposes, such as identifying visitors, creating personal profiles, or linking this data to their Google accounts. If you're registered with Google services, they may already have your information. The processing of your personal data by Google is governed by their privacy policies. Google only provides us with aggregated data about how our website is used, without sharing personal information about individual users.

You can prevent Google from collecting and processing data generated by cookies related to your website usage (including your IP address) by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.

Amelie Group AG uses Google Analytics solely to enhance your experience with our online applications and to tailor our websites to your needs. In this context, pseudonymized user profiles are created, and cookies are utilized. The information generated by these cookies about your usage behavior on our website is transmitted to servers and stored there. This information is used to analyze website content, generate reports on website activity for us, and provide other services related to website activity and internet usage. These reports help Amelie Group AG customize its online offerings to better suit your preferences.


6.4 Social networks


Our website incorporates links to social networks such as Facebook, LinkedIn, and Instagram, identifiable by their respective icons. These elements are configured to remain inactive by default. By clicking on them, they become active, enabling the operators of the respective social networks to register that you are on our website and, where you are accessing it from. This information can be utilized by the network operators for their own purposes. The processing of your personal data is then governed by the privacy policies of these network operators. We generally do not receive any information about you from these network operators.

In addition to these links on our website, we maintain profiles on these social networks to inform interested parties about our offerings and, if necessary, to communicate with them. If you interact with our profiles on these social networks, we may process certain personal data about you. However, when using these social networks, the general terms and conditions, terms of use, data protection declarations, and other provisions of the individual network operators also apply.


7. Who do we share your data with?


In the course of our business activities and for the purposes outlined in section 5, we may disclose your data to third parties, provided it is permissible and we deem it appropriate. This transfer occurs either because these recipients process the data on our behalf (as processors) or because they intend to use it for their own purposes. These recipients include, but are not limited to:

  • Our service providers (such as trustees, freight forwarders, printers, mailing services, payment service providers, banks, insurance companies, legal advisors), including contract processors (such as IT and storage providers);
  • Dealers, suppliers, subcontractors, and other business partners;
  • Customers;
  • Domestic and foreign authorities, offices, or courts;
  • The public, including visitors to websites and social media;
  • Industry organizations, associations, organizations, and other bodies;
  • Acquirers of business units, companies, or other parts of the company;
  • Other parties in potential or actual legal proceedings.

These recipients are generally located in Switzerland and the European Economic Area (EEA), but may also be located anywhere in the world. In particular, you should anticipate that your data may be transferred to all countries where the service providers we utilize are located (such as Shopware, Microsoft, Google, Meta, Mailchimp, Active Campaign, Hotjar).

If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with the applicable data protection laws (utilizing the revised standard contractual clauses of the European Commission, accessible here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless they are already subject to a legally recognized set of rules to ensure data protection, or we can rely on an exception. An exception may apply, particularly in cases of legal proceedings abroad, overriding public interests, if the execution of a contract requires such disclosure, if you have consented, or if the data is publicly accessible and you have not objected to its processing.


8. Data retention period


We retain your personal data only for as long as necessary to fulfill our contractual and legal obligations or to achieve the purposes for which the data was collected. For instance, we process your personal data throughout the entire duration of our business relationship—from initiation and execution to termination of a contract—and beyond, in accordance with statutory retention and documentation requirements. Additionally, personal data may be retained for periods during which claims can be asserted against our company, as well as for durations mandated by legal obligations or justified by legitimate business interests (e.g., for evidence and documentation purposes). Once your personal data is no longer required for these purposes, it will generally be deleted or anonymized to the extent possible. For operational data (e.g., system protocols, logs), shorter retention periods of twelve months or less typically apply.


9. Data Protection Measures


We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access and misuse. These measures include, but are not limited to:

  • Issuing internal guidelines and conducting staff training.
  • Deploying IT and network security solutions.
  • Establishing access controls and restrictions.
  • Encrypting data storage media and transmissions.
  • Applying pseudonymization techniques.
  • Performing regular audits and controls.

Despite these precautions, it's important to acknowledge that processing personal data, especially over the internet, carries inherent risks and potential security vulnerabilities. Absolute data security cannot be guaranteed.


10. Necessity of Providing Personal Data


Providing certain personal data is essential for us to initiate and process contractual relationships with you or the entity you represent, and to fulfill our contractual or legal obligations. Therefore, we rely on you to supply the necessary personal data required for entering into and executing our contractual relationship and meeting the associated obligations. Additionally, the functionality of our website depends on the disclosure of specific information (such as IP addresses) to ensure proper data transmission.


11. Do we carry out profiling or do we make automated decisions?


In certain situations, we may process your personal data partially automatically to evaluate specific personal aspects—a practice known as profiling. Profiling enables us to provide you with targeted information about our offerings and deliver optimized advice. We utilize assessment tools that allow us to communicate and advertise according to your preferences, including conducting market and opinion research.

Generally, we do not employ fully automated decision-making processes, as outlined in Article 22 of the GDPR, to establish and conduct business relationships. Should we implement such procedures in specific cases, we will inform you separately, as required by law, and explain your associated rights.


12. What rights do you have regarding your data?


Under applicable data protection laws, such as the GDPR, you have the following rights concerning your personal data:

  • Right to Be Informed: You have the right to know how your personal data is being collected and used.
  • Right of Access: You can request access to your personal data that we hold.
  • Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request its correction.
  • Right to Erasure: Also known as the 'right to be forgotten,' you can request the deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in specific situations.
  • Right to Data Portability: You can request that your personal data be transferred to another organization or provided to you in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data, including for direct marketing purposes or profiling related to direct marketing.

Please note that we reserve the right to enforce legal limitations on these rights, for example, if we are obligated to retain or process certain data, have an overriding interest in doing so, or require it to assert legal claims. If exercising your rights incurs costs, we will inform you in advance. We have previously informed you about the possibility of revoking your consent in section 5. Be aware that exercising these rights may conflict with contractual agreements, potentially leading to consequences such as early termination of the contract or associated costs. In such cases, we will inform you in advance, provided this has not already been addressed contractually.

To exercise your rights, we may need to verify your identity, for instance, by requesting a copy of your ID card, unless your identity can be clearly established by other means.

To assert your rights, please contact us at the address provided in section 1.

In addition to exercising these rights directly with us, you have the right to pursue legal action or file a complaint with the relevant data protection authority.