×
×
×

Privacy Policy

The responsible entity within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
ofinto ag
Jonas Romer
Bischofszellerstrasse 53
CH-9200 Gossau SG, Switzerland
Email: info@ofinto.co.uk
Website: www.ofinto.co.uk

Your Rights as a Data Subject

Using the contact details provided, you may exercise the following rights at any time:

  • Right to information about your data stored with us and its processing (Art. 15 GDPR),
  • Right to rectification of inaccurate personal data (Art. 16 GDPR),
  • Right to erasure of your data stored with us (Art. 17 GDPR),
  • Right to restriction of data processing where we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Right to object to the processing of your data by us (Art. 21 GDPR), and
  • Right to data portability if you have consented to data processing or have entered into a contract with us (Art. 20 GDPR).

If you have given us consent, you may withdraw it at any time with effect for the future.

You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller (for Switzerland: the Federal Data Protection and Information Commissioner, FDPIC).

A list of German supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

General Note on Data Processing

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Federal Act on Data Protection, FADP), every person has the right to protection of their privacy as well as protection against misuse of their personal data. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or email address, are collected on a voluntary basis as far as possible. Without your consent, your data will not be passed on to third parties unless this is necessary for the fulfilment of a contract.

Processing of Personal Data and Legal Bases

Personal data is all information that relates to an identified or identifiable person. Processing includes any handling of personal data, regardless of the means and procedures used. We process personal data in accordance with Swiss data protection law. Furthermore, we process personal data - insofar as and to the extent that the EU GDPR is applicable - in accordance with the following legal bases in connection with Art. 6(1) GDPR:

  • lit. a) Consent of the data subject.
  • lit. b) Performance of a contract with the data subject and implementation of corresponding pre-contractual measures.
  • lit. c) Compliance with a legal obligation.
  • lit. f) Safeguarding the legitimate interests of us or third parties, unless the interests of the data subject prevail.

We process personal data for the duration necessary for the respective purpose or purposes. In the case of longer-term retention obligations, we restrict processing accordingly.

Cookies and Consent Management

This website uses cookies. These are small text files that make it possible to store specific user-related information on the user's device. Some cookies are technically necessary for the operation of the site (essential cookies), while others help us to improve our offer and display advertising (functional, statistical and marketing cookies).

To manage the cookies used and the consents you grant, we use the Consent Manager from Cookiebot (provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark). When you enter our website, a connection is established to Cookiebot's servers to obtain your consents and other declarations regarding cookie usage. Cookiebot then stores a cookie in your browser to be able to assign the consents granted or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. The use of Cookiebot is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request. This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

Data Transfer to Third Countries

As part of our business activities and the operation of our website, we use various services from third-party providers, some of which are located in countries outside Switzerland and the EU, particularly in the USA. When these services are active, your personal data may be transferred to the respective providers.

For data transfers to the USA, there is an adequacy decision by the European Commission ("EU-U.S. Data Privacy Framework") as well as by the Swiss Federal Council ("Swiss-U.S. Data Privacy Framework"). We ensure that our service providers are certified under this framework or that we have agreed on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the EU Commission, to ensure an adequate level of data protection.

Contract Fulfilment and Customer Account

For the purchase of products via our online shop and the processing of your order, we process the necessary personal data. This includes your first name, surname, billing address, company address and delivery address, as well as your email address. Voluntary information such as your telephone number is also processed if you provide it. This data is passed on to our internal systems (ERP, order systems) as well as to external partners such as delivery agents and sub-suppliers to fulfil your order. The legal basis for this processing is the performance of a contract pursuant to Art. 6(1)(b) GDPR.

We share this data with the following service providers who assist us in contract processing:

  • Our ERP system, Orderdesk (Order Desk, Inc., USA)
  • Our shop system, BigCommerce (BigCommerce, Inc., USA)
  • Our fulfilment partners WKS Druckholding GmbH (Germany) and Sieber Transport AG (Switzerland)

The storage of this data is necessary for the fulfilment of the contract. Even after the conclusion of the contract, personal data remains stored to comply with legal retention obligations. Early deletion is only possible to the extent that no contractual or legal obligations prevent it.

Communication and Customer Enquiries

Contact Form, Live Chat and CRM

We use the CRM system Reamaze (provider: Lantirn, Inc., USA) to process customer enquiries in order to be able to process your enquiries faster and more efficiently. This represents a legitimate interest pursuant to Art. 6(1)(f) GDPR. Enquiries to our email addresses, our live chat and via our Facebook page are processed with Reamaze. Lantirn Inc. is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework. Further information can be found in Reamaze's privacy policy: https://www.reamaze.com/privacy.

Appointment Booking via Calendly

For booking appointments (e.g. for our showroom or consultations), we integrate the service Calendly (Calendly LLC, USA). The data you enter (name, email, possibly telephone number, company) is processed for the organisation of the appointment. The processing is necessary for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR). Calendly is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

B2B Customer Management via Salesmate

To maintain our customer relationships in the B2B sector, we use the CRM system Salesmate (Salesmate, Inc., USA). We process data of our customers (e.g. name, address, email, order data, communication history) to initiate and fulfil contracts. The legal basis is the performance of the contract (Art. 6(1)(b) GDPR) as well as our legitimate interest in efficient customer management (Art. 6(1)(f) GDPR). Salesmate is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

Email Communication via Klaviyo

We use the service provider Klaviyo (Klaviyo, Inc., USA) for various types of email communication. Klaviyo is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework, which ensures an adequate level of data protection for data transfer.

The use of Klaviyo is based on different legal grounds:

  • Performance of a contract (Art. 6(1)(b) GDPR): For transactional emails that are necessary for processing your purchase, such as shipping confirmations or emails with assembly instructions after purchase.
  • Legitimate interest (Art. 6(1)(f) GDPR): For emails related to an abandoned shopping cart to remind you of your potential purchase. You can object to this type of communication at any time.
  • Consent (Art. 6(1)(a) GDPR): For sending our marketing newsletter. Registration for this is done via a double opt-in procedure. The newsletters contain tracking pixels (web beacons) that help us understand if and when emails were opened and which links were clicked. This performance measurement is also only carried out on the basis of your consent.

You can withdraw your consent to receive the marketing newsletter and the associated performance measurement at any time by using the "Unsubscribe" link at the end of each newsletter. Further information can be found in Klaviyo's privacy policy: https://www.klaviyo.com/legal/privacy-policy.

Payment Processing

To provide services that require payment, we request additional data, such as payment details, in order to execute your order. We store this data in our systems until the legal retention periods have expired.

External Payment Service Providers

We use external payment service providers, through whose platforms users and we can make payment transactions. The processing of payments is carried out via the payment service provider Adyen (Adyen N.V., Netherlands). We have concluded a data processing agreement with Adyen. For the purpose of preventing and detecting fraud, we transmit your IP address to Adyen. We do not collect or store the complete payment data.

The data processed by the payment service providers includes inventory data (e.g. name, address), bank data (e.g. account numbers, credit card numbers, passwords, TANs) as well as contract, sum and recipient-related information. This information is necessary to carry out the transactions. The data entered is only processed and stored by the payment service providers. We only receive information regarding the confirmation (acceptance) or rejection of the payment.

The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions. We use the service providers on the basis of Art. 6(1)(b) GDPR (performance of contract) as well as in the interest of a smooth, convenient and secure payment process (Art. 6(1)(f) GDPR).

Purchase on Account via CembraPay AG

If you select the payment method CembraPay (CembraPay AG, Switzerland), your data will be transmitted to CembraPay for identity and credit checks. CembraPay also uses your data for its own marketing purposes. Details can be found in CembraPay's privacy policy: https://cembrapay.ch/de/privacy.

Web Analysis and Marketing

Google Services

We use various services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google") on our website. For data transfers to the USA, Google LLC is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

Google Analytics

To analyse website usage, we use Google Analytics. This is done on the basis of our legitimate interest (Art. 6(1)(f) GDPR) to improve our offer. We have activated IP anonymisation, so that your IP address is shortened by Google within the EU/EEA or Switzerland before being transmitted to the USA. You can prevent collection by Google Analytics by installing the browser plugin available at the following link: Disable Google Analytics.

Google Ads and Conversion Tracking

We use Google Ads to draw attention to our offers. The associated conversion tracking helps us to measure the success of our advertising measures. This processing is only carried out on the basis of your consent (Art. 6(1)(a) GDPR). Further information can be found at: https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager to manage website tags through an interface. The Tag Manager itself does not process any personal data of users.

Other Services and Tools Used

Website Design and Optimisation

Shogun Pagebuilder

To design individual pages of our website, we use the Shogun Pagebuilder (Shogun Labs, Inc., USA). Shogun processes aggregated usage statistics on our behalf to analyse the performance of the pages. This serves our legitimate interest in optimising our web presence (Art. 6(1)(f) GDPR). If personalisation functions based on user data are used, this is only done on the basis of your consent (Art. 6(1)(a) GDPR). Shogun is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

A/B Testing with Ablyft

We use the service Ablyft (ABlyft GmbH, Germany) to test different versions of our website. According to the provider, no personal data such as IP addresses are stored. To technically enable the tests, cookies may be set. The use of Ablyft is exclusively based on your consent (Art. 6(1)(a) GDPR).

Address Completion with Woosmap

In the checkout process, we offer automatic address completion through the service Woosmap (Web Geo Services, France). While you enter your address, the address fragments are transmitted to Woosmap to make suggestions to you. This serves our legitimate interest in providing a user-friendly and error-free ordering process (Art. 6(1)(f) GDPR).

Location Detection with Geotargetly

To show you the correct version of our website for your country, we use the service Geotargetly (USA). This service determines your approximate location based on your IP address. According to the provider, the IP address is not stored. This processing is based on our legitimate interest in offering you a localised shopping experience (Art. 6(1)(f) GDPR).

Marketing and Partner Programmes

Performance Marketing with Criteo

We use the services of Criteo SA (France) to show you interest-based advertising on partner websites (retargeting). Criteo uses cookies for this purpose that record your browsing behaviour. This processing only takes place if you have given us your explicit consent via our consent management tool (Art. 6(1)(a) GDPR).

Affiliate Marketing with Affiliatly and Awin

We use affiliate networks to remunerate the mediation of sales by partners. For this purpose, we use the services of Affiliatly (USA) and Awin (AWIN AG, Germany). When you arrive on our site via an affiliate link, a cookie is set to track the successful mediation. Pseudonymised data (e.g. order ID, goods value) is transmitted. The setting of these cookies is only done on the basis of your consent (Art. 6(1)(a) GDPR).

Microsoft Bing Ads

We use the conversion tracking of Microsoft Corporation (USA). A cookie is stored on your computer if you have reached our website via a Microsoft Bing advertisement. This allows us to measure the success of our advertisements. This is done on the basis of your consent (Art. 6(1)(a) GDPR). Microsoft is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework. You can express your objection here: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB.

Customer Feedback and Reviews

Customer Reviews with Judge.me

We use the review platform Judge.me (Judge.me Ltd, UK). After a purchase, you have the opportunity to rate our products. For this purpose, you will receive an email from us. The processing of your data (order details, email address) is carried out to safeguard our legitimate interests in improving our customer service (Art. 6(1)(f) GDPR). For data transfers to the United Kingdom, there is an adequacy decision by the EU Commission. Details can be found at: https://judge.me/privacy.

Customer Surveys with LoudHippo

After completing your order, we show you a survey from the provider LoudHippo (USA) on the confirmation page. This serves our legitimate interest in improving our service (Art. 6(1)(f) GDPR). If you participate, your answers will be stored together with your order data and your email address at LoudHippo. Participation is voluntary. LoudHippo is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework.

Social Media Plugins

We integrate plugins from various social networks on our website. When you access a page that contains such a plugin, your browser establishes a direct connection with the servers of the respective network. If you have an account there and are logged in, the visit can be associated with your profile. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the providers.

Copyrights

The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of any files, the written consent of the copyright holder must be obtained in advance.

General Disclaimer

All information on our Internet offer has been carefully checked. We endeavour to offer our information service in a current, factually correct and complete manner. Nevertheless, the occurrence of errors cannot be completely excluded. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless there is proven intentional or grossly negligent fault.

Changes

We may adapt this privacy policy at any time without prior notice. The current version published on our website applies. Insofar as the privacy policy is part of an agreement with you, we will inform you of the change by email or other appropriate means in the event of an update.

Questions to the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection listed at the beginning of the privacy policy in our organisation directly.

Gossau SG, 31.07.2025

Take the smart route to the premium office now

    1
  • Home