Privacy policy

HSG Shop GmbH privacy policy

This privacy policy is subject to Swiss law. The collection and processing of data is governed in particular by the Swiss Data Protection Act (FADP). European Union (EU) provisions, in particular the General Data Protection Regulation (GDPR), are only considered if they are applicable.

We may adapt this privacy policy at any time without prior notice. The latest version published on our website applies.

As of February 2024

1) Data processing controller

HSG Shop GmbH, Dufourstrasse 50, CH-9000 St. Gallen is responsible for data processing as described below.

Tel: +41 71 224 30 15
Email: shop@unisg.ch

2) Collection and processing of personal data

We collect and process personal data that we receive in the course of our business operations and business relationships.

In the course of our business relationship, you must provide the personal data that is required for establishing and implementing a business relationship and fulfilling the associated contractual obligations. Without this data, we are generally unable to conclude or process a contract with you (or the body or individual you represent). Our website cannot be used without the disclosure of certain information for safeguarding data traffic (such as IP address).

We may also process publicly disclosed or accessible personal data if this is appropriate for our business operations.

3) Processing purposes

We use the personal data we collect primarily to process orders for products purchased from our online shop.

Under the GDPR, the basis for this is Art. 6(1)(b) GDPR, which permits the processing of data to fulfil a contract or for precontractual measures.

We also process personal data about you and other people, provided we are permitted to do so and we deem it to be appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest in line with the purpose:

  • Internal market research and marketing purposes

  • Development of our products and services, as well as our websites, apps and other platforms

  • Advertising and marketing, provided you have not objected to the use of your data

4) Payment providers

We use specialist providers to process our customers’ payments securely and reliably. Credit card payments are processed via Worldline (formerly SIX Payment Services). The legal provisions of the individual provider, such as their terms & conditions (T&Cs) or privacy policy, also apply to the processing of payments.

5) Data disclosure

In the course of our business operations and the purposes outlined in section 3, we also disclose data to third parties, where permitted and where we deem it to be appropriate, either because they process this data for us, or because they wish to use it for their own purposes. This particularly applies to the following bodies:

  • HSG Alumni, Dufourstrasse 50, 9000 St. Gallen, Switzerland

  • University of St.Gallen, Dufourstrasse 50, 9000 St. Gallen, Switzerland

We also disclose customer data to bodies entrusted with processing the order (such as Swiss Post), if required.

For recipients located in countries without adequate statutory data protection, we contractually obligate the recipient to comply with the applicable data protection, unless they are already subject to legally recognised regulations that ensure data protection and we have no recourse to an exemption clause (here we use the European Commission’s revised standard contractual clauses, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en).

Exceptions may apply, namely in the case of legal proceedings in other countries, as well as in cases of overriding public interest or if the contract implementation requires such disclosure, if you have granted consent or if you have made the data concerned generally accessible and have not objected to its processing.

6) Retention period

We process and store your personal data for as long as required to fulfil our contractual and statutory obligations or for the processing purposes, i.e. for the duration of the entire business relationship (from contract initiation, through implementation, to termination), for example, as well as in accordance with the statutory retention and documentation requirements. Therefore, it is possible that personal data will be retained for the period in which claims may be made against our company and if we are otherwise legally obliged to do so, or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it is generally deleted or anonymised wherever possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system protocols, logs).

7) Data security

We take appropriate technical and organisational security precautions to protect your personal data against unauthorised access and misuse.

8) Website

When you use our websites, various forms of personal data are collected. This privacy policy explains which data we collect when you visit our website and what we use it for. It also explains how we do this and for what purpose.

This policy applies to the following website: https://www.hsgshop.ch/. Please also note that this may contain links to other websites, for which different data protection rules may apply.

8a) Data collected

When we collect and process personal data, we comply with the statutory requirements of the applicable data protection legislation. The processing of personal data is governed by the Federal Data Protection Act (FADP). If the EU’s GDPR is applicable, Art. 6(1)(b) and (f) of the GDPR form the legal basis for the processing.

Our websites collect a range of general data with each visit. This general data and information are stored in server log files. The following data is collected:

  • IP address

  • Date and time of request

  • Time zone difference to GMT

  • Content of request

  • Access status/http status code

  • Amount of data transferred in each case

  • Website from which the request originates

  • Browser (including language and version)

  • Operating system

When this general data is used it is not associated with a specific individual. Collecting this data is a technical requirement that allows us to display our website and ensure its stability and security. The basis of the data processing is Art. 6(1)(f) GDPR, which permits the processing of data for fulfilling a contract or for precontractual measures.

8b) Encrypted payment transactions

If, after concluding a fee-based contract, there is an obligation to send us your payment details (e.g. account number for direct debit authorisation), this data is required to process the payment.

Payment transactions using standard payment methods (Visa/MasterCard, TWINT) are made exclusively via an encrypted SSL and/or TLS connection.

During encrypted communication, the payment details you send us cannot be viewed by third parties.

8c) SSL and/or TLS encryption

This website uses SSL and/or TSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send us as the website operator. You can tell that a connection is encrypted when your browser’s address bar changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser bar.

When SSL encryption is enabled, the data you send us cannot be viewed by third parties.

8d) Cookies

Our website uses cookies. These are small text files that are stored on your computer, from where they can be retrieved. Cookies ensure you can log in to our services and personalise the website. To do this, our website uses cookies that collect information about your IP address, the time and duration of your visit, the number of times you visit, your use of forms, your search settings, your display view, and your settings for favourites on our website. Cookies have various retention periods.

You can prevent our website from setting cookies at any time using the appropriate settings in your internet browser to permanently reject to the setting of cookies. In addition, cookies that have already been enabled can be deleted at any time via an internet browser or other software programs. This is possible in all standard internet browsers. If the data subject disables the setting of cookies in their internet browser, they may not be able to fully use all the functions of our website.

Within the scope of GDPR, cookies that are required to carry out electronic communication or provide certain functions (e.g. basket) you require are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure that its services are free from technical errors and optimised. If other cookies (e.g. cookies that analyse your browsing history) are stored, these are referred to separately in this privacy policy.

8e) Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics also deploys cookies and uses this information to evaluate your use of the website on behalf of the operator of this website, to compile reports about website activity, and to provide the website operator with other services relating to website activity and internet usage. The IP address that your browser transmits to Google Analytics by your browser is not merged with other Google data.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the US, where it is stored.

Google Analytics cookies are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and the information it provides. Google may also disclose this information to third parties if it is legally required to do so or if third parties process this data on Google’s behalf.

8f) Newsletter

We may send you our newsletter in the context of our business or contractual relationship. As a customer, you will receive information about our products, important announcements and other developments. You can unsubscribe from the newsletter at any time by clicking the link provided in every newsletter email or using the relevant contact details in the legal notice.

8g) Data security

In order to protect your data, we have implemented numerous technical and organisational measures to ensure the most comprehensive protection of the personal data processed by this website. Communicating by email, fax, mobile phone or internet apps involves risks such as the possibility that the content of the message may be viewed, modified or lost. HSG Shop GmbH assumes no liability for this.

9) Your rights

You may exercise the following rights against us with regard to your personal data:

  • The right to be informed

  • The right to have data rectified or deleted

  • The right to restrict processing

  • The right to object to processing

Where data processing on our website is based on your consent, you may withdraw such consent at any time without stating a reason and with ongoing effect. Please send your notice of withdrawal to the controller by email at shop@unisg.ch.

The legality of data processing carried out prior to your notice of withdrawal remains unaffected by this. To allow us to process your requests regarding the exercise of your rights, you may be required to prove your identity so that we can clearly identify you.

In the EU, data subjects have the right to complain to the relevant supervisory authority in the EU in the event of a data protection breach.

In Switzerland, there is no right to complain to a supervisory authority. Individuals in Switzerland may instead report a data protection breach to the Federal Data Protection and Information Commissioner.