Data Protection Declaration – Loyalty Program
1. Name and contact data of the controller responsible for the processing
This data protection information applies for data processing by:
Controller: CALIDA AG (hereinafter CALIDA)
Industrie Münigen, Bahnhofstrasse CH-6208 Oberkirch, Switzerland
Telefon: +49 8036 94394-10
Fax: +49 8036 94394-99
2. Collection and storage of personal data and also the nature and purpose of their use
a) Registration for the Loyalty Program (registration data)
We require the following information from you if you want to register with our Loyalty Program:
salutation, first name, surname
a valid email address
the correspondence language
your telephone number
These data are collected
so that we can identify you as our contractual partner and are able to contact you, should we have any queries;
for creating , determining the content of, executing and changing the contractual relationship with you under our Loyalty Program;
The data will be processed on the basis of Art. 6 (1) 1st sentence lit. b GDPR to fulfil the contract.
In addition, you can voluntarily enter your date of birth during registration. In so far as you have given your express consent, we will use your date of birth to send you personal birthday greetings every year and to statistically evaluate your purchases.
The data will be processed on the basis of the consent under Art. 6 (1) 1st sentence lit. a GDPR.
The personal data we collect for the Loyalty Program will be stored until the end of the Loyalty Program and then erased, unless we are obliged to store them longer under Article 6 (1) 1st sentence lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to longer storage under Art. 6 (1) 1st sentence lit. a GDPR.
b) Use of the loyalty card
When the loyalty card is used for purchases on the www.calida.com online shop or in a participating CALIDA-outlet we process information about your purchases and redemption of loyalty bonuses.
These data are processed
to fulfil the contractual relationship with you under the Loyalty Program;
for marketing purposes.
We evaluate your purchases in order to inform you about new items and promotion campaigns. In addition, the evaluation enables us to continuously develop and improve our offerings and to show you advertising tailored to your interests on the website or provide this by newsletter or mail.
We process your personal data for the stated purposes on the basis of Art. 6 (1) 1st sentence lit. b GDPR to fulfil the contract and also – in so far as marketing is involved – on the basis of Art. 6 (1) 1st sentence lit. f GDPR under our justified interest in carrying out direct advertising.
Pursuant to Art. 21 GDPR you have the right to object to the processing of your personal data for marketing purposes. To do this, please send us an email to firstname.lastname@example.org or contact the controller (see Point 1 above).
3. Data processing in the CALIDA-Group
With our Loyalty Program you can collect loyalty points in the online shop www.calida.com and also in all participating CALIDA outlets around the world.
So that you can be credited the loyalty points, data about your purchases are sent to CALIDA when you use the loyalty card.
If you want to redeem your loyalty points in the online shop www.calida.com or a participating outlet, CALIDA sends your registration data and your points total to the operator of the online shop or the outlet, so that you are credited the bonuses for your purchases.
The data processing and the transfer for the stated purposes are required under Art. 6 (1) 1st sentence lit. b GDPR for the fulfilment of the contract on the Loyalty Program.
4. Customer rights
You have the right:
pursuant to Art. 15 GDPR to demand information about your personal data processed by us. In particular, you can demand information about the purposes of the processing, the categories of the personal data, the categories of recipients to whom the personal data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of or objection to processing, the existence of a right to lodge a complaint, the origin of your data in so far as not collected by us, and about the existence of automated decision-making including profiling and where appropriate meaningful information about the details thereof;
pursuant to Art. 16 GDPR to demand the rectification of inaccurate or completion of incomplete personal data stored by us without undue delay;
pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, in so far as the processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
pursuant to Art. 18 GDPR to demand restriction of the processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose their erasure; we no longer need the data but you do for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to demand they be transmitted to another controller;
pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence, place of work or our registered offices.
5. Data security
All the data you personally provide will be transmitted encrypted with the common and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used, for example, for online banking. You can recognize a secure TLS connection inter alia by the appended -s to the http (i.e. https://..) in the address bar of your browser or the lock symbol in the lower pane of your browser.
We also adopt suitable technical and organisational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
6. Actuality and changes to this Data Protection Declaration
This Data Protection Declaration is currently valid and was last amended in September 2017.
The continuous development of our website and offerings on it and changes in legislation or public authority requirements may make it necessary to amend this Data Protection Declaration. You can access and print out the latest Data Protection Declaration on our website under www.calida.com/Our-World/Friends-Forever/Data-Privacy/.