Privacy Policy

Dealoo is an offering by Swiss CheckoutLab GmbH based in Zurich (hereinafter “CheckoutLab”). Dealoo is a network of online shops and other e-commerce companies (hereinafter the “Partner Shops”), which enables their customers (hereinafter collectively the “Customers”) to receive vouchers and special offers as a thank you for shopping and obtaining other services from other Partner Shops and additional participating companies via Dealoo. With this Privacy Policy, CheckoutLab informs about data protection at Dealoo.

Dealoo is subject to Swiss data protection law and, where applicable, foreign data protection law such as that of the European Union (EU) with the General Data Protection Regulation (GDPR). The EU recognizes that Swiss data protection law provides adequate protection.

1. Processing of Personal Data

1. 1.1 Personal data is any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular storing, disclosing, obtaining, deleting, saving, modifying, destroying, and using personal data.
2. 1.2 CheckoutLab processes personal data for the duration required for the respective purpose or purposes. In the case of longer statutory retention obligations, processing is restricted accordingly.
3. 1.3 CheckoutLab may have personal data processed by third parties – also abroad and in accordance with applicable data protection law. Such processors process personal data on behalf of CheckoutLab. CheckoutLab may also process personal data with the help of third parties – also abroad and in accordance with applicable data protection law.
4. 1.4 CheckoutLab processes the personal data necessary to offer Dealoo permanently, securely, and reliably. CheckoutLab also processes personal data that customers of Partner Shops and other persons disclose when using Dealoo and thereby give consent for the respective purpose or purposes – for example, when requesting vouchers, ordering special offers, or setting up a user account. Such personal data may include, among other things, names, email addresses, and information about registrations for email newsletters or emails to friends. CheckoutLab may process such personal data in a Customer Relationship Management system (CRM system), with online shop software, or with comparable tools.
5. 1.5 For each access to Dealoo – if transmitted by the browser used – CheckoutLab records, in particular, the following data, which is stored in databases and log files: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including version, browser including language, individual page accessed, data volume transferred, probable location, as well as the last website visited (referrer) and other information about origin, including the path from individual Partner Shops to Dealoo. CheckoutLab needs this data to offer Dealoo permanently, securely, and reliably and, in particular, to ensure the data security of Dealoo and thus the protection of personal data.
6. 1.6 CheckoutLab may exchange and otherwise process all necessary personal data with Partner Shops and additional participating companies, especially in connection with registrations for email newsletters, requesting and redeeming vouchers, and ordering and delivering special offers. When visiting the websites of Partner Shops and additional participating companies and placing orders with them, information about the content of such orders, including order number and order value, as well as the email address used and other contact addresses, may be exchanged. Partner Shops and additional participating companies are obliged to comply with applicable data protection law.
7. 1.7 CheckoutLab processes personal data in accordance with Swiss data protection law, in particular the Data Protection Act (DPA). CheckoutLab processes personal data – if and to the extent the GDPR applies – according to the following legal bases:
   • Art. 6 para. 1 lit. a GDPR for processing personal data with the consent of the data subject.
   • Art. 6 para. 1 lit. b GDPR for necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
   • Art. 6 para. 1 lit. c GDPR for necessary processing of personal data to fulfill a legal obligation to which CheckoutLab is subject under applicable EU law or the law of a country where the GDPR applies in whole or in part.
   • Art. 6 para. 1 lit. d GDPR for necessary processing of personal data to protect vital interests of the data subject or another natural person.
   • Art. 6 para. 1 lit. f GDPR for necessary processing of personal data to safeguard the legitimate interests of CheckoutLab or third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests include the business interest of CheckoutLab to provide and promote the offering, information security, enforcement of own legal claims, and compliance with Swiss law.

2. Organizational and Technical Measures

1. 2.1 CheckoutLab takes appropriate and suitable organizational and technical measures to ensure data protection and data security. CheckoutLab ensures that when processing personal data abroad and by third parties and with the help of third parties, adequate data protection is guaranteed. However, processing personal data on the Internet can always have security gaps despite organizational and technical measures, so absolute data protection and absolute data security unfortunately cannot be guaranteed.
2. 2.2 Access to Dealoo is via transport encryption (SSL / TLS).
3. 2.3 Access to Dealoo is subject – as is generally any Internet use – to indiscriminate and suspicion-independent mass surveillance and other monitoring by security authorities in Switzerland, the EU, the United States of America (USA), and other countries. CheckoutLab cannot influence the corresponding processing of personal data by intelligence services, police authorities, and other security authorities.

3. Notifications, Reminders, and Newsletters

1. 3.1 CheckoutLab may notify, remind, or otherwise inform customers of Partner Shops and other persons who use Dealoo by email and other communication channels in connection with Dealoo. CheckoutLab may offer and send notifications, reminders, and newsletters by email and other communication channels – also on behalf of Partner Shops and additional participating companies. CheckoutLab may also display ads directly to users of Dealoo depending on their behavior when visiting the website.
2. 3.2 Persons who wish to be notified or reminded or subscribe to a newsletter from CheckoutLab or a Partner Shop or other participating company must explicitly confirm the use of their email addresses and other contact addresses as well as the notifications, reminders, or newsletter subscription to prevent abuse by unauthorized third parties (“Double Opt-in”). Excluded from this are notifications, reminders, and newsletters that are necessary to fulfill a contract with the data subject or to safeguard the overriding legitimate interests of CheckoutLab.
3. 3.3 Notifications, reminders, and newsletters may contain graphics or web links that record whether a single notification, reminder, or newsletter was opened and which web links were clicked. Such graphics and web links record the use of notifications, reminders, and newsletters, and the corresponding analysis allows such notifications, reminders, and newsletters to be offered permanently, securely, and reliably.
4. 3.4 Recipients of notifications, reminders, and newsletters can unsubscribe at any time and thereby object to the mentioned analysis.

4. Cookies and Web Beacons

1. 4.1 CheckoutLab may use cookies and web beacons (web pixels) – also from third parties (third-party cookies and third-party web pixels) – for Dealoo. Cookies are, in particular, small text files that are stored on the devices of users of Dealoo. Web pixels are small images that are retrieved when using Dealoo. Cookies and web pixels, including when using third-party services, are used to analyze the use of the website to offer it permanently, securely, and reliably.
2. 4.2 Cookies can be completely or partially deactivated and deleted at any time in the browser settings. Web pixels can be blocked in the browser settings or with appropriate browser extensions. If cookies are deactivated, not all functions of Dealoo may be available. If and to the extent necessary, CheckoutLab will inform directly when using Dealoo about the use of cookies or will directly request consent for the use of cookies.

5. Third-Party Services

1. 5.1 CheckoutLab uses third-party services – also abroad, including the United States of America (USA) – to offer Dealoo permanently, securely, and reliably. Such services – including hosting and storage services as well as services for managing electronic identities – require your Internet Protocol (IP) address, as the corresponding content cannot otherwise be delivered or provided. Such services may also process further data in connection with the offering and in connection with information from other sources, in particular for their own technical and statistical purposes, including with cookies, log files, and web pixels.
2. 5.2 CheckoutLab uses Facebook Login and the "Share" function from Facebook to enable existing Facebook users to log in or register with their Facebook account instead of setting up a user account directly with Dealoo, and to allow such users to share content with their friends on Facebook. CheckoutLab needs these services from Irish Facebook Ireland Limited for a permanent, secure, and reliable offering. Cookies are also used with these services. Facebook can thus record the use of Dealoo. Facebook accounts, including privacy settings, can be managed directly on Facebook.
   Facebook in Ireland is subject to both the GDPR and Irish data protection law, ensuring adequate data protection. Facebook has published the following information on the type, scope, and purpose of data processing: Data Policy, Information about Facebook Products, "Privacy Check", Terms of Use.
3. 5.3 CheckoutLab uses Google Analytics, Google DoubleClick, and Google Tag Manager to analyze the use of Dealoo. CheckoutLab uses Google Fonts to integrate fonts. CheckoutLab uses Google Login to enable existing Google users to log in or register with their Google account instead of setting up a user account directly with Dealoo. CheckoutLab needs these services from American Google LLC for a permanent, secure, and reliable offering, and CheckoutLab anonymizes the recorded IP addresses before analysis by Google Analytics. Cookies are also used with these services. Google can record the use of Dealoo with Google Login. Google accounts, including privacy settings, can be managed directly on Google.
   Google is subject to both the EU-US and Swiss-US Privacy Shield, whereby Google undertakes to ensure adequate data protection. You can object to the collection by Google Analytics with the "Browser Add-on to deactivate Google Analytics". You can object to the collection by DoubleClick via the Google Ad Settings and via the offering from Your Online Choices. Google has published the following information on the type, scope, and purpose of data processing: Google Analytics Terms, Privacy and Google Fonts, Privacy Policy and Terms of Use – also for DoubleClick, Entry in Privacy Shield List.

6. Rights of Data Subjects

1. 6.1 Data subjects whose personal data is processed by CheckoutLab have the rights under Swiss data protection law. These include the right to information and the right to rectification, deletion, or blocking of processed personal data.
2. 6.2 Data subjects whose personal data is processed by CheckoutLab, if and to the extent the GDPR applies, may request free confirmation of whether personal data is processed by CheckoutLab and, if so, information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability, have their personal data rectified, deleted ("right to be forgotten"), or blocked.
3. 6.3 Data subjects whose personal data is processed by CheckoutLab, if and to the extent the GDPR applies, may revoke consents given at any time and object to the processing of their personal data at any time.
4. 6.4 Data subjects whose personal data is processed by CheckoutLab have the right to lodge a complaint with a competent supervisory authority for data protection. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

7. Contact Addresses and Responsibility

1. 7.1 Inquiries from supervisory authorities and data subjects are usually made by email, but can also be made by mail to CheckoutLab (Art. 4 para. 7 GDPR):
   
   CheckoutLab GmbH

8. Final Provisions

CheckoutLab may change this Privacy Policy at any time. CheckoutLab will inform users of Dealoo and other affected persons in an appropriate manner on the website about such changes.