Data Protection Statement

Cheel SA, Avenue de la Gare, 1920 Martigny, Switzerland (hereinafter referred to as the "Provider"), is the author of this Privacy Policy. This Privacy Policy applies to all users of the Provider's services, to the extent that personal data is processed in the provision of these services. This includes Customers who have entered into a contract with the Provider for its services, their employees, and visitors to the website. Additionally, the Provider may declare the Privacy Policy applicable to other contractual partners on a contractual basis. For simplicity, all individuals affected by data processing are hereinafter referred to as "Customers."

The Provider strives to handle the personal information of its Customers carefully and conscientiously. The Provider is responsible for the collection, processing, transmission, storage, and protection of the personal information of its Customers and ensures compliance with the Swiss Federal Data Protection Act ("LPD") regarding the protected data of Swiss Customers; it also complies with the General Data Protection Regulation of the EU ("GDPR") to the extent that it concerns the protected data of Customers in the European Economic Area. 

The consent given by the Customer to this Privacy Policy can be revoked at any time with immediate effect (see point 11, last paragraph).

Contact Information

The data controller is:

Cheel SA
Avenue de la Gare 66
1920 Martigny
Switzerland
+41 27 564 0417

The Data Protection Officer (DPO) can be contacted via email at:

[email protected]

Applicable Law
The processing of data of Swiss Customers is exclusively governed by Swiss law, particularly the Swiss Federal Data Protection Act (LPD, RS 235.1), and the ordinance related to the Swiss Federal Data Protection Act (RS 235.11). The General Data Protection Regulation of the EU (GDPR) does not apply. The GDPR remains applicable (i) if expressly provided for in certain areas of this Privacy Policy and (ii) if its application is mandatory for the data of Swiss Customers due to specific circumstances. In addition to Swiss law, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) applies to the processing of data of Customers established in the EU. See also point 13 (Additional provisions for Customers established in the European Economic Area).

Collection of Personal Data
When Customers browse the Provider's website without accessing the secure domain through identification, the web server automatically records their browsing data. This includes, among other things, the IP address of the device used, which is anonymized by Google before being recorded, so that it can no longer be associated with a specific Customer. Google uses the method _anonymizeIp() for this purpose. This collection also includes information about the type of browser, internet service provider, and operating system used.

When using the paid cheel software, all data entered by the Customer in the secure domain through identification in the registration process and use of the software is recorded. This is particularly the case when the Customer registers, places orders, fills out online forms, participates in surveys or contests, communicates with the Provider online or offline, or contacts the Provider via social networks, blogs, or other interactive media.

Generally, personal data (name, address, email address) and the information required to use the respective service are collected. By entering their information, the Customer expressly consents to the processing, use, and transmission of their personal information within the scope of the purposes described in this Privacy Policy.

Sharing Data with Third Parties / Trustees
Customers have the option to share their data with third parties, including their personal trustee, either directly or as part of the partnership program with trustees developed by the Provider. By granting access rights, the Customer agrees that the Provider makes all their data available to a third party (e.g., the trustee) or allows access to it. The Customer retains full control over the access rights of third parties to their data and can restrict or deny this access at any time.

Additionally, the Provider allows certain third parties (trustees, in particular) to open a cheel account as Customers. In this case, the third party (trustee or otherwise) manages access rights as a Customer and can grant, restrict, or deny them to third parties. However, the Provider reserves the right to disclose specific data to authorized third parties in justified individual cases.

Data Security
The Provider takes technical and organizational security measures in accordance with recognized industry standards to protect the personal data it collects against any unintentional, unlawful, or unauthorized manipulation, deletion, alteration, access, transmission, or use and to prevent any partial or complete loss of this data. The Provider's servers are located in Switzerland. Some services may be processed through servers located in other countries with an appropriate level of data protection. If applicable, the requirements of the LPD and the GDPR are fully complied with at all times. The connection to the Provider's servers is secured by SSL encryption. The Provider regularly backs up Customer data. To prevent data loss, including in extreme cases (e.g., destruction of the data center due to an earthquake), encrypted backups are stored in parallel in several other data centers in Switzerland and abroad. The requirements of the LPD and the GDPR are fully complied with at all times. The Provider's security measures are continuously updated and strengthened based on technological developments. The Provider disclaims any responsibility for data loss or for third parties accessing and using the data. The Provider cannot guarantee the security of data transmissions over the Internet. The transmission of data via email, in particular, carries a risk of third-party intrusion. However, access is protected using the HTTPS protocol. If the Customer wishes, they have the option to opt for two-factor authentication at any time.

Purpose of Processing Personal Data / Data Recipient
The Provider processes the collected data to ensure technical support, manage security during the use of applications, and improve performance. If the processing or storage of personal information is carried out in a country that does not guarantee an appropriate level of data protection equivalent to the level of protection offered in Switzerland, the Provider requires the service provider to fully comply, as part of a contractual obligation, with the relevant provisions of the LPD (or the GDPR if the data concerned is that of Customers in the European Economic Area).

The Provider subcontracts some of the processes and services mentioned above to service providers contractually obliged to comply with data protection regulations. These companies are based in Switzerland, particularly in the field of IT services, payment, billing, debt collection, consulting, as well as providers of printing, distribution, and marketing services that the Provider may engage in the processing of orders.

Cookies
Cookies make visiting the Provider's website easier, more enjoyable, and more relevant. Cookies are files containing information that the web browser automatically saves to the computer's hard drive when the Customer visits the website and uses the Provider's product.

The Customer has the option to change the security settings of their browser to block or disable cookies. However, some services of the Provider may then no longer be fully usable.

Tracking and Analysis Tools / Social Networks
The Google Analytics analysis tool is a service provided by Google Inc. Therefore, the data collected can in principle be transmitted to a Google server in the United States (or in another country determined by Google).

The Provider's website uses Google Analytics, a web analytics service provided by Google Inc., whose headquarters are located at 

1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). Google Analytics uses "cookies": text files installed on the Customer's computer to analyze how they use the website. The information generated by the cookies regarding the use of the website (including the IP address, which is anonymized by Google before being recorded so that it cannot be attributed to the Customer) is transmitted to a Google server in the United States (or in another country determined by Google) and stored there. Google uses this information to analyze the use of the website, prepare reports on site activities for the Provider, and provide other services related to the use of the site and the Internet. Additionally, Google may transmit this information to third parties if required by law or to the extent that third parties process this data on behalf of Google. In no case will Google associate the Customer's IP address with other Google data.

If the Customer does not want their online activity to be available to Google Analytics, they have the option to install the browser add-on for disabling Google Analytics: https://support.google.com/analytics/answer/181881?hl=en

This add-on prevents the JavaScript code of Google Analytics (ga.js, analytics.js, and dc.js) embedded on websites from sharing information about their visit with Google Analytics.

However, installing this add-on does not prevent website owners from using other tools to perform analyses. Therefore, data can still be sent to websites or other Internet audience analysis services.

Finally, the Provider collects, through its website, certain information that the Customer's internet browser automatically transmits in server log files. These include, among other things, the user agent (browser type and browser version, operating system used), http header information (referrer URL, IP address of the device used), server request time, and connection status. These server log files are only aggregated with other data sources for error analysis.

Technologies for Advertising Purposes
The Provider's website uses the Google Analytics Remarketing functions in conjunction with the multi-device functions of Google AdWords and Google DoubleClick. These services are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

This function allows associating advertising target groups created with Google Analytics Remarketing with the multi-device functions of Google AdWords and Google DoubleClick. Thus, targeted and personalized advertisements adapted to the Customer's needs on one device (a mobile phone, for example) based on their usage and browsing habits can also be displayed on another device (a tablet or PC, for example).

If the Customer has given consent to Google, Google associates the web and app browser history with the Customer's Google account for this purpose. The same personalized advertisements can then be displayed on all devices on which the Customer logs in with their Google account.

In this function, Google Analytics collects user identifiers connected to Google, which are temporarily associated with the Provider's Google Analytics data to define and create multi-device advertising target groups.

The Customer can permanently block multi-device remarketing by disabling personalized ads in their Google account under the following link: https://www.google.com/settings/ads/onweb/

More information on this is provided in Google's privacy policy at the following address: https://www.google.com/policies/technologies/ads/

The Provider's website also uses the Google AdWords advertising tool, managed by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

As part of Google AdWords, the Provider uses what is known as conversion tracking. When the Customer clicks on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the web browser stores on the Customer's computer. These cookies expire after 30 days and are not used to personally identify users. If the Customer visits the Provider's website and the cookie has not yet expired, Google and the Provider can see that the Customer clicked on the ad and was redirected to that page.

Google informs the Provider of the total number of users who clicked on its ad and were redirected to its website with a conversion tracking tag. However, the Provider does not receive any information that allows the identification of the Customer personally.

To prevent cookies from being stored, the Customer has the option to change their browser settings. However, the Provider draws the Customer's attention to the fact that they may then not be able to use all the functions of this website in their entirety. Additionally, the Customer can prevent conversion tracking by disabling the corresponding cookie in the user settings of their web browser.

More information on this is provided in Google's privacy policy at the following address: https://www.google.de/policies/privacy/

The Provider's website also uses the Pixel advertising tool from Facebook, managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States.

Other Tools
The Provider's website uses the Google Maps mapping service, managed by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. If the Customer uses the functions of Google Maps, their IP address is recorded by Google and generally transmitted to a Google server in the United States. The Provider has no control over this data transfer.

More information on this is provided in Google's privacy policy at the following address: https://www.google.de/intl/en/policies/privacy/

Newsletter and Email Marketing

When the customer subscribes to one of the newsletters offered on the Supplier's website, the Supplier requests the customer's email address and other information to verify that they are the owner of the provided email address and that they agree to receive the newsletter (double confirmation or "double opt-in" procedure). The newsletter allows the customer to regularly receive a range of offers and recommendations that may be of interest to them. For this purpose, the Supplier collects and processes personal data regarding how the customer uses the website, the cheel software, and the newsletter (e.g., whether they open it and which links they click). The Supplier uses this data for statistical purposes to better tailor the newsletter to the customer's interests. The processing of personal data entered in the newsletter subscription form is based on the customer's consent, which they can revoke at any time. Revocation can be done via the unsubscribe link in the newsletter. The personal data collected is necessary for the preparation of content and the dispatch of the newsletter. The personal data collected by the Supplier in the context of newsletter subscription remains stored until the customer unsubscribes.

Retention Period

The Supplier processes and stores the customer's personal data as long as they use the service. It should be noted that the contractual relationship is a continuous relationship, established on the basis of periods spanning several years. In the event of termination of the contractual relationship, the Supplier is generally not obligated to store the customer's data. Therefore, data that is no longer necessary is regularly deleted, except for data whose processing may be necessary later, for example, due to legal retention obligations or absolutely essential internal purposes.

Right of Access, Right to Rectification, Right to Deletion, Right to Object, Consent

Regarding personal data, customers have the following rights in accordance with the LPD (Swiss Data Protection Act) and the GDPR (General Data Protection Regulation). The Supplier generally grants Swiss customers the rights provided in the GDPR. However, the Supplier reserves the right to make a different assessment in specific situations:
- Right of access (Art. 8 LPD, Art. 15 GDPR)
- Right to rectification (Art. 5 para. 2 LPD, Art. 16 GDPR)
- Right to deletion (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)

The mentioned rights are subject to possible restrictions of the GDPR and the respective applicable national data protection laws, whether or not related to data protection.

As part of the services provided by the Supplier, the customer is asked to give their consent to the collection, processing, transmission, and use of their personal data by the Supplier by ticking the corresponding box. The customer can, of course, withdraw their consent at any time without affecting the lawfulness of the processing based on the consent before its withdrawal. A withdrawal request can be addressed in writing to the Supplier's address mentioned above or by email to [email protected].

Links to Other Websites

The Supplier's website contains hyperlinks to third-party websites that are not operated or controlled by the Supplier. The Supplier is not responsible for their content or data protection practices.

Additional Provisions for Customers Located in the European Economic Area (EEA)

The following provisions apply only to customers located in the European Economic Area. They do not apply to Swiss customers.

Legal Basis for Processing

The processing of data for the purposes mentioned in point 5 is carried out in accordance with Article 6(1)(b) of the GDPR for the performance of the contract. The contract includes the mentioned services above. As specified above, data processing is also carried out within the framework of the legitimate interests pursued by the Supplier (Article 6(1)(f) of the GDPR). These interests include the improvement of products and services (including the distribution of mailings), monitoring and optimizing the performance of our offering, as well as the detection, prevention, and clarification of possible illegal activities. In addition, data is processed in accordance with Article 6(1)(c) of the GDPR to fulfill the legal obligations of the Supplier (including retention and documentation obligations). Personal basic data is particularly affected here. If the customer believes that one or more of the purposes specified in point 5 are not covered by the legal bases mentioned above, they can request the Supplier to no longer process their personal data for the concerned purposes ("opt-out"). Such withdrawal of the customer's consent does not prevent them from continuing to use the cheel software, unless such use necessarily involves the processing of the relevant data. The customer can notify the Supplier of the withdrawal of their consent in writing to the Supplier's address at the beginning of this Privacy Policy or by email to [email protected].

Right of Appeal

If the customer believes that the processing of their personal data violates the provisions of the GDPR, they can file a complaint with a supervisory authority in accordance with Article 77 of the GDPR. The Supplier is, of course, willing to address the questions and wishes of the customer before initiating a formal procedure. The customer can contact the Supplier in writing or by email ([email protected]).

Cheel SA
Avenue de la Gare 66
1920 Martigny
Switzerland