Fast shipping to Switzerland & Liechtenstein - Free from 20CHF
Privacy Policy
JERBA PRIVACY POLICY
Last update: 6 November 2024
This privacy policy informs you how we collect, use, and disclose your personal data through this website. It also describes the choices that you have with regard your personal data.
Please read this privacy Policy carefully before submitting your personal data to us.
1. ABOUT US, JERBA, AND THIS PRIVACY POLICY
2. WHAT DATA DO WE COLLECT?
3. HOW LONG DO WE STORE YOUR DATA?
4. HOW DO WE DISCLOSE YOUR DATA?
5. HOW DO WE PROTECT YOUR DATA?
6. HOW CAN YOU CONTROL YOUR PERSONAL DATA?
7. CONTACT
1. ABOUT US, JERBA, AND THIS PRIVACY POLICY
Here you can find some general information about us, Jerba, and this privacy Policy.
1.1 About the Policy. This Jerba Privacy Policy (the “Policy”) governs the processing of person-al data collected from individual users (“you” and “your”) through the e-commerce website https://jerba.com/, including https://shop.jerba.com (“Jerba”). This Policy does not cover any third-party websites, applications, software, or services that integrate with Jerba or any oth-er third-party products and services.
1.2 Data controller. Jerba is owned and operated by LDCV GmbH having a registered address at Blegistrasse 11A, CH-6340 Baar, Switzerland, and the company registration number CHE-134.261.065 (“we,” “us,” and “our”).
1.3 Minors. We do not knowingly collect personal data belonging to persons younger than 18, as Jerba is not intended for use by minors. If you become aware a child has provided us with his or her personal data and you are a parent or a legal guardian of that child, please contact us immediately.
1.4 Term and termination. This Policy enters into force on the effective date indicated at the top of the Policy and remains valid until terminated or updated by us.
1.5 Amendments. We may change this Policy from time to time, if necessary to address the changes in our business practices, Jerba, or laws, regulations, and industry standards applicable to us. The amended version of the Policy will be posted on this page and, if we have your email address, we will send you information about all the changes implemented by us. We encourage you to review our Policy regularly to stay informed.
2. WHAT DATA DO WE COLLECT?
Here we provide an overview on what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use Jerba, and how we communi-cate with you.
2.1 We comply with data minimisation principles and use your personal data for limited pur-poses explained in this Policy. Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.
2.2 Sources of personal data. We obtain your personal data from the following categories of sources:
• Directly from you. For example, if you submit your personal data when you order our pro-ducts or contact us;
• Directly or indirectly through your activity on Jerba. When you use Jerba, we may auto-matically collect analytics information about your use of Jerba; and
• From our clients and third parties. We receive information about you from third parties to whom you have previously provided your personal data, if they have a legal basis for dis-closing your personal data to us.
2.3 What personal data do we collect directly from you?
• Orders. When you order our products, we collect your full name, email address, phone number, and delivery and invoicing addresses. We use such information to process your order, deliver the products purchased by you, issue invoices, maintain our business records, comply with our legal obligations, d contact you, if necessary, and register your user account. The legal basis on which we rely are ‘performing a con-tract with you’. We keep such data until your user account is deleted.
• Payments. When you make a payment for your order, you must provide your cho-sen payment method details (e.g., credit card number, CVV code, and expiration month and year or cryptocurrency wallet details). Your payment data is used to pro-cess payments, deliver you our products, and maintain our accounting records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our le-gitimate interests’ (i.e., to administer and protect our business). We store such data for the time period prescribed by tax laws.
• Enquiries. When you contact us by email, we collect your first name, last name, email address, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested in-formation. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to grow and promote Jerba) and ‘your consent’ (for optional personal data). We will store this data until you stop communicating with us.
• Age verification. In order to make sure that you are at the age of majority when purchasing our products, we use third-party age verification software Voltox AI. The software collects from you personal data, such as your image (selfie), first name, last name, phone number, email address, online activity, and data communicated while using Voltox AI. Some of such data (e.g., your image) may be deemed to be bi-ometric and, therefore, we will seek your consent before you submit such data through Voltox AI. Your facial features detected in your image are used for verifying your age and ensuring that our products are not sold to underaged individuals. Please note that Voltox AI uses artificial intelligence for completing the age verifica-tion process, and, therefore, your image may be used for machine training purposes. The legal bases on which we rely when processing your biometrics data are ‘comply-ing with our legal obligations’ (i.e., to ensure that our products are not sold to minors) and ‘your consent.’ Your image is not stored longer than necessary for verification purposes and we do not share it with unauthorised third parties. For more infor-mation on how your personal data is processed for age verification purposes, please refer to Voltox AI privacy policy.
2.4 What personal data do we collect while you are using Jerba?
• Analytics data. While you are browsing on Jerba, we may collect analytics data that allows us to see what kind of users access and use Jerba, which parts of Jerba you find interesting, improve our content, develop new products and services, and investigate and prevent secu-rity issues and abuse. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyse, improve, and protect Jerba) and ‘your consent’ bases. The analytics data that we collect may include, if available:
• Demographic data: information about your age, gender, location, and other demo-graphic characteristics;
• Web traffic data: number of visitors, page views, session duration, bounce rate, and referral sources;
• Conversion data: completed transactions, abandoned carts, conversion rates, and average order value;
• Online behaviour data: clicks, scroll depth, time spent on pages, and product views;
• Purchase history: information on your past purchases, order details, and preferences;
• Marketing campaign data: click-through rates, conversion rates, and cost per acquisi-tion; and
• Social media data: shares, likes, comments, and follower counts.
• Cookies. While you are browsing on Jerba, we collect your cookie-related data. We use such information to analyse the technical aspects of your use of Jerba, analyse your use of Jerba, prevent fraud and abuse, and ensure the security of Jerba. For more information on our use of cookies, please read our Cookie Policy. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., analyse our content and protect Jerba) and ‘your consent’. We will store this data as long as analytics records are necessary for our activities or you withdraw your consent.
2.5 Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”), unless you decide, at your own discretion, to provide such data to us. Sensi-tive data refers to your health, religious and political beliefs, racial origins, membership of a pro-fessional or trade association, or sexual orientation.
2.6 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive the requested information, or get your products. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.7 Your feedback. If you contact us, we may keep records of any questions, complaints, rec-ommendations, or compliments made by you and the response. Where possible, we will remove all personal data that is not necessary for keeping such records.
2.8 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as information about your orders, payment receipts, invoices, and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communi-cation that may require your prior consent. You cannot opt-out from our service-related notices.
2.9 Newsletters. We may, from time to time, offer you newsletters (subject to availability). If you opt-in for our newsletter, subscribe to our newsletter, or purchase our products, we may send you product-related information, pre-order invitations and inform you about our new products, features of Jerba, and special offers. The legal bases on which we rely is ‘your consent’ (if you opt-in) and ‘pursuing our legitimate business interests’ (i.e., promote Jerba). You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly.
3. HOW LONG DO WE STORE YOUR DATA?
Here we explain for how long we keep your data in our systems and how we delete it.
3.1 Storage of personal data. We and our data processors store your personal data only for as long as such personal data is required for the purposes described in this Policy or until you re-quest us to update or delete your personal data, whichever comes first. For more details about the period for which each type of personal data is stored, please refer to section 2. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will securely delete it from our systems.
3.2 Storage of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Policy.
3.3 Storage as required by law. When we are obliged by law to store your personal data for a certain period of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the re-quired retention period expires.
4. HOW DO WE DISCLOSE YOUR DATA?
Here you can find information about third parties that may have access to your personal data.
4.1 Disclosure to data processors. If necessary for the intended purpose of your personal data, we will disclose your personal data to entities that provide services on our behalf (our data pro-cessors). Your personal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services.
4.2 List of data processors. The data processors that may have access to your personal data are:
• Our e-commerce software service provider Ecwid located in Canada;
• Our hosting service provider Amazon Web Services located in the Unites States of America;
• Our analytics service provider Friendly Analytics located in Switzerland;
• Our payment service providers PostFinance and Twint located in Switzerland, and crypto-currency payment processors;
• Our shipping service providers Swiss Post located in Switzerland and DHL located in Ger-many;
• Our age verification software provider Voltox AI based in Germany; and
• Our independent contractors and consultants.
4.3 International transfers. Some of our data processors may be based outside the country where you reside. For example, if you reside in Switzerland, we may need to transfer your per-sonal data outside Switzerland. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protec-tion.
4.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it with prospects or partners for business or research purposes, for improving Jerba, responding to lawful requests from public authorities or developing new products and services.
4.5 Legal requests. If requested by a public authority, we will disclose information about the users of Jerba to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
4.6 Sale of personal data. We do not sell your personal data.
5. HOW DO WE PROTECT YOUR DATA?
Here you can find information on how we protect your data against breaches.
5.1 Security measures. We implement up-to-date industry appropriate technical and organisa-tional information security measures that protect your personal data from loss, misuse, unau-thorised access and disclosure. Our measures include:
a) Maintaining adequate access control mechanisms (e.g., two-factor authentication, password protection, and limited access);
b) Encryption;
c) DDOS mitigation; and
d) Conducting regular information security audits.
5.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot and will not be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. Our liability will be limited to the highest extent permitted by the applicable law.
6. HOW CAN YOU CONTROL YOUR PERSONAL DATA?
Here you can find detailed information about the rights that you have with regard to your person-al data and how to exercise those rights.
6.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
• Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
• Right to rectification: you can rectify inaccurate personal data that we hold about you;
• Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
• Right to restriction: you can ask us to restrict the processing of your personal data;
• Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that per-sonal data to another processor;
• Right to object: you can ask us to stop processing your personal data;
• Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
• Right to complaint: you can submit your complaint regarding our processing of your personal data.
6.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by using our contact details available at the end of the Policy and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
6.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
7. CONTACT
If you have any questions about this Policy, your rights, or our data protection practices, please contact us by:
• Email: hola@jerba.com
• Mail: LDCV GmbH, Blegistrasse 11A, CH-6340 Baar, Switzerland
[END]
Display prices in:CHF
