Summary and contents

Detailed information is provided below

Scope and consent

China TCM Trading GmbH operates this Website (hereinafter the “Website“) and is the party responsible for the data. This Privacy Statement describes the collection, use, disclosure, storage and protection of your personal data. It applies to this Website and any applications, services and tools (jointly referred to as “Services“), which refer to this Privacy Statement and irrespective of the manner in which the services are accessed or used, including access via mobile devices. By using our service and / or setting up an account, you agree to the terms of this Privacy Statement and declare that you agree to the collection, use, disclosure, storage and safeguarding of your personal data as described in this Privacy Statement.

Worldwide data protection principles

This Website is part ofChina TCM Trading GmbH. China TCM Trading GmbH maintains guidelines for protecting personal data throughout its company, referred to as Binding Corporate Rules (BCRs). According to these rules, we are committed to protect your personal data and to comply with our data protection obligations, irrespective of where in our group your personal data is collected, processed and stored.

Collection of data

We collect, process and store your personal data obtained from you and from devices (also mobile devices), used by you, when setting up an account with our company, using our services, providing information using a Web form, subscribing to our newsletter, adding information to or updating your account, ordering from us as a guest or coming into contact with us in any other way. We also use plug-ins, allowing us to handle payment transactions.

Use and storage

Collected personal data is used for the following purposes: in order to provide and improve our services, enable us to ship out orders, contact you and provide you with customer service services. We store personal data of clients as long as this is essential and required for providing our services. We can also store personal data relating to closed accounts in order to prevent fraud, enforce claims, resolve problems, support investigations or carry out other measures where this is permissible or required by the applicable law.

The choice is yours

You are free to choose of how we can use your personal data to contact you and provide you with marketing messages (Newsletter).

Information, correction and deletion

It is our objective to ensure that personal data collected by us is correct and up-to-date. We offer you the option of accessing and updating your data. Furthermore you are entitled by law to request information about your personal data or that your data is deleted.

Disclosure of information

In some instances, we disclose your personal data to third parties. Such a disclosure of your data may be necessary in order to allow you to access our services, comply with statutory obligations, enforce our General Terms and Conditions, enable our marketing and promotional activities or to prevent, detect, impede and investigate fraudulent or illegal activities. Without your express consent we will not disclose your personal data to third parties for marketing and advertising purposes.

We would like to point out that payment records, in particular these relating to undisputed claims paid after the due date, as well as any enforcement information and address data will be disclosed to CRIF AG, Zurich, for rightful use in their capacity as a credit agency. CRIF will use the data to check your identity and creditworthiness. Using mathematical/statistical calculations, CRIF can use payment records to make automatic decisions, in particular, for the evaluation of the creditworthiness of a person. Further information is provided at: www.mycrifdata.ch/#/dsg

Security

We protect your data using technical and organisational security measures in order to minimise risks associated with the loss, misuse, unauthorised access, unauthorised disclosure and change. In order to achieve this we use Firewalls and data encryption, physical access restrictions for our data centres and authorisation checks for data access.

Questions or complaints

In case of questions or complaints relating to this Privacy Statement or our handling of data or in order request information or deletion, please contact us by email at gdpr@chinatrading.ch or fill in our contact form on our website. You can also contact us in writing: China TCM Trading GmbH, Pfarrmatte 6, 8807 Freienbach, Switzerland. Repräsentanz Deutschland, MedConCap GmbH, Bülterstrasse 24, DE-32584 Löhne

The company data protection officer of China TCM Trading GmbH can be reached at the above address or at (gdpr@chinatrading.ch).

Detailed information

Scope and consent

This Privacy Statement describes the collection, use, disclosure, storage and protection of your personal data. It applies for this Website and any applications, services and tools (jointly referred to as “Services“), which refer to this Privacy Statement and irrespective of the manner in which the services are accessed or used including access via mobile devices.

By using our service / or setting up an account you agree to the terms of this Privacy Statement and declare that you agree to the collection, disclosure, storage and protection of your personal data as described in this Privacy Statement. We may not be able to provide all of our services if the required data is not made available to us.

China TCM Trading GmbH, Pfarrmatte 6, 8807 Freienbach is the party responsible for your data and is thus responsible for collecting, using, disclosing, storing and protecting your personal data in accordance with our data protection principles and the respective applicable law.

Personal data

Personal data“ refers to information that can be assigned to a specific person or can be used for identifying this person, irrespective of whether this assignment or identification is made directly from this data or from this data and other additional information to which China TCM Trading GmbH has or will probably have access. Data that has been anonymised or aggregated so that combined with other information or in any other manner it cannot be used to identify a specific person, is not classed as personal data.

Changes to this Privacy Statement

In case of changes to this Privacy Statement, the amended Privacy Statement and the date on which the amended version has come into force, is published on this Website. We therefore recommend that you study the Privacy Statement regularly. Changes affecting any granted consent will be implemented by gaining a new consent.

Our data protection principles

This Website is part of China TCM Trading GmbH. China TCM Trading GmbH operates the Webshop for each country also on other domains. Our data protection principles as specified in our data protection guidelines and also in our data protection policies apply for the entire business.

Collection of data

We collect, process and store your personal data obtained from you and from devices (also mobile devices), used by you, when setting up an account with our company, using our services, providing information using a Web form, subscribing to our newsletter, adding information to or updating your account, ordering from us as a guest or coming into contact with us in any other way. We also use plug-ins, allowing us to handle payment transactions.

Personal data provided by you when using our services or setting up an account, can include the following:

Data identifying you personally, such as your name, address, phone numbers, email address or user ID (where applicable) that has been provided by you when setting up your account.

When placing orders, data provided as part of a transaction, as well as other transaction-related contents generated by you.

Other contents generated by you or relating to your account, e.g. payment information (e.g. credit card or bank account numbers).

In certain situations you will also state your age and gender when using our service.

Data provided on a web form, by updating or adding data on your account or where we communicate with you for other reasons.

Recordings of phone conversations, provided that your consent for recording has been obtained in accordance with applicable law.

Data we are obliged to collect and process according to the valid law or are entitled to do so and which we require for your authentication, identification or checking of data collected by us.

Personal data automatically collected when using our services or setting up an account, can include the following:

Data collected from devices used by you when you interact with us, such as device ID or one-off user ID, device type, ID operating system of user.

Geolocation data, including location data from your mobile phone. Please note that in most mobile devices, you can control the use of location data, using an application in the settings menu of the mobile device.

Computer and connection information, such as statistical information about viewed Web pages, time and date of the access, information about data traffic to and from Websites, referral URL, information about advertising, your IP address, your Browser history data and your Web log information. 

Personal data and non-personal user data, collected with the aid of cookies, Web Beacons and similar technologies, can include the following:

COOKIE name

COOKIE Description

CART

The association with your shopping cart.

CATEGORY_INFO

Stores the category info on the page, that allows to display pages more quickly.

COMPARE

The items that you have in the Compare Products list.

CURRENCY

Your preferred currency

CUSTOMER

An encrypted version of your customer id with the store.

CUSTOMER_AUTH

An indicator if you are currently logged into the store.

CUSTOMER_INFO

An encrypted version of the customer group you belong to.

CUSTOMER_SEGMENT_IDS

Stores the Customer Segment ID

EXTERNAL_NO_CACHE

A flag, which indicates whether caching is disabled or not.

FRONTEND

You session ID on the server.

GUEST-VIEW

Allows guests to edit their orders.

LAST_CATEGORY

The last category you visited.

LAST_PRODUCT

The most recent product you have viewed.

NEWMESSAGE

Indicates whether a new message has been received.

NO_CACHE

Indicates whether it is allowed to use cache.

PERSISTENT_SHOPPING_CART

A link to information about your cart and viewing history if you have asked the site.

POLL

The ID of any polls you have recently voted in.

POLLN

Information on what polls you have voted on.

RECENTLYCOMPARED

The items that you have recently compared.

STF

Information on products you have emailed to friends.

STORE

The store view or language you have selected.

USER_ALLOWED_SAVE_COOKIE

Indicates whether a customer allowed to use cookies.

VIEWED_PRODUCT_IDS

The products that you have recently viewed.

WISHLIST

An encrypted list of products added to your Wish list.

WISHLIST_CNT

The number of items in your Wish list.

Table 1: Cookies

Data relating to the WebPages visited, links clicked on and other operations carried out as part of our services as well as in our advertising or email contents.

Cookies are used on the Websites and mobile applications. A Cookie is a short text file stored on your device and serves to analyse usage of a website or of a mobile application and to save settings between visits to a Website or mobile application. Cookies contain no personal data. Most Browsers are set to automatically accept Cookies. It is, however, up to you to set up your Browser in such a way that Cookies are generally declined by selecting “do not accept Cookies“ in your Browser settings. As a result, you may, however, not be able to fully use all functions of the Website and our services.

In order to analyse the use of the websites and mobile applications, we also deploy various analysis tools (hereinafter «tool providers»), including Google Analytics, an advertising analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94.043 USA (for further information about Google Analytics and for deactivating the service, see: https://tools.google.com/dlpage/gaoptout/). The information generated by the Cookies about the use of this Website or mobile applications are transmitted to a server of the respective tool provider, where they are stored. This server can be outside of Switzerland (e.g. Google Analytics in the US). Tool providers use this information for evaluating the use of the Websites or mobile applications in order to compile, for instance, reports about the advertising activities for us and members of China TCM Trading group in order to provide additional services related to the use of the Website and Internet. This information may be passed on to third parties, where legally required or where third parties process this data on behalf of the tool providers. Google complies with the Privacy Shield Framework. For further information about your rights, see http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf. We do not accept any responsibility or liability for any data processing by external tool providers.

We can use technologies regarded as providing automatic decision making or generating profiles. We will not make any automatic decisions about you that would cause considerable impairment, unless where such a decision is required as part of an agreement signed with you, you have granted your consent or we are obliged by law to use such technologies.

We would like to point out that payment records, in particular relating to undisputed claims paid after the due date, as well as any enforcement information and address data will be disclosed to CRIF AG, Zurich, for rightful use in their capacity as a credit agency. CRIF will use the data to check your identity and creditworthiness and will disclose this to authorised third parties. Using mathematical/statistical calculations, CRIF can use payment records to make automatic decisions, in particular, for the evaluation of the creditworthiness of a person. Further information is provided at: www.mycrifdata.ch/#/dsg

Further information about our use of these technologies (including the "SZMnG" process for measuring scope) and the manner in which these can be restricted, can be found in our explanations to Cookies, Web Beacons and similar technologies.

 

Personal data from other sources can include the following:

Information obtained from third parties, such as demographic data, openly available, additional contact data, credit checking data and information from credit agencies, as far as this is permissible according to the applicable law.

Information from social networks, allowing you to set up an account, share information or link your account with the respective social network. These social networks can grant us automatic access to certain personal data stored on these networks (e.g. contents viewed by you, contents liked by you, information about advertising shown to you or on which you have clicked). When accessing a Website with video contents, you agree that we can share the viewing of videos by you for at least two (2) years long or until you have revoked your consent with the social network or may obtain information about your viewing of videos from this social network. Using the data protection setting on the Website of the respective social network and authorizations provided to us when access is granted. You can control which personal data we can access. By us granting you access to information stored on the Website of the respective social networks, you agree that we can collect, use and store this information in accordance with the Privacy Statement.

Information about you that can be provided by other users. Our guidelines state that that users providing information must inform the person whose information is provided about our guidelines relating to collection, use, disclosure and storage, prior to the information being provided and that such users must obtain the express prior consent from this person.

Use and storage

We use personal data collected by us for the following purposes:

in order to comply with or process statutory or contractual obligations

to provide and improve our service

to contact you and to provide customer service services for you

to detect, prevent and investigate fraudulent or illegal activities

and, provided you have given your consent, to provide you with marketing information

We store personal data from active accounts for as long as required and essential for providing our service. We can also store personal data relating to closed accounts in order to prevent fraud, enforce claims, resolve problems, support investigations or carry out other measures where this is permissible or required by the applicable law or due to required measures.

We use personal data for providing, improving and personalising our services, such as:

to fulfil the agreement signed with you, for granting access to and using our services, in particular for publishing advertisements and other contents of the user

to point out Website contents containing services and articles that you may find of interest

to access historical data, internal news (where applicable) and other features offered by us

to provide credit offers and credit opportunities from other members of our group and their associated financial institutions. We do ensure that financial information is only disclosed to the cooperating financial institutes with your the express consent

to adapt, measure and improve our services

to provide other services requested by you

we can use geolocation data to provide location-based services (such as advertisements, search results and other personal contents) 

We use personal data for getting into contact with you about your account and for providing customer service, such as:

to contact you as regards your account, to resolve problems relating to your account and for enforcing claims arising from the purchase of goods

to enforce applicable law or agreements entered into with you

for this purpose we can contact you by email, phone, SMS or post

We use personal data to personalise our advertising and marketing messages, such as:

to personalise, evaluate and improve our advertising

provided you have given your consent (or where legally permissible), to use the contact information provided by you to reach you by email, SMS, by phone or post in order to offer you discounts and promotions and to inform you about services offered by us or our group

to provide targeted marketing campaigns, service updates and promotional offers

We use personal data to prevent, detect impede and investigate fraudulent and/or illegal activities, such as:

to prevent, impede and investigate fraud, security breaches and possibly prohibited or illegal activities

to implement our Privacy Statement and other guidelines and principles

Storage of personal data:

We store personal data of clients as long as this is essential for our operation or for other required purposes. We can also store personal data relating to closed accounts in order to comply with national law, prevent fraud, enforce claims, resolve problems, support investigations or carry out other measures where this is permissible or required by the applicable law. Once we no longer require your personal data, the data will be destroyed in a secure manner.

The choice is yours

You are free to choose of how we can use your personal data to contact you and provide you with marketing messages.

Settings for marketing messages

If you do not wish to receive any marketing messages or contact from us for marketing purposes, you can stop receiving such information by following the link in the email received by you or by changing the settings options for messages in your account.

Advertising

If you do not wish to receive personal advertising, you can use programs described in our Cookies declaration, Web-Beacon and other technologies to opt out or revoke your consent. As a result, you will not received any personalised advertising in future but personal data can still be recorded as described in this Privacy Statement.

Further information about the inclusion of advertising on our and third party websites and information about how to deactivate this can be found in our explanation to Cookies, Web Beacons and similar technologies. 

Disclosure of information

Your personal data may also be disclosed to other members of the China TCM Trading group or to third parties. Your personal data may be passed on to third parties processing the data on our behalf as our agents or in order to provide certain services, which may also include an international data transfer. It is ensured that transferred personal data is adequately protected.

Data may have to be disclosed in this way in order to allow you to access our services, in order to meet statutory obligations, enforce our General Terms and Conditions, facilitate our marketing and promotional activities or to prevent, detect, impede and investigate fraudulent or illegal activities. We will limit the amount of personal data disclosed to the amount directly relevant and required for achieving the specified goal.

We will not disclose your personal data to third parties for their marketing and advertising purposes without your express consent.

We can pass on your personal data to the following third parties:

Members of China TCM Trading group who can use the data for the following purposes:

for providing mutual contents and services (such as new application, transactions and customer service)

for detecting and preventing possible fraudulent and illegal actions and infringements of data security

for providing personalised advertisements, for improving their products, websites, applications, services, tools and marketing messages. Members of the China TCM Trading- group will, however, not send out any marketing notifications if you have not agreed to receive such notifications. 

To external service providers and financial institution partners who can use the data for the following purposes:

to support us in providing our services, payment processing services and personalised advertising

to allow shipment of purchased goods and other notifications associated with the shipment

to support us in impeding, detecting, containing and investigating potential illegal actions, infringements of our General Terms and Conditions, fraud and/or security breaches in connection with collection of outstanding amounts, partner and premium programs and other business processes. 

Where third-party providers also disclose personal data, this occurs only on the basis of an agreement, limiting the use of the personal data by the third-party provider and obliging him to implement security measures in relation to this data. Third-party providers shall, in particular not be allowed to sell, lease out or disclose your personal data in any manner to third parties. When disclosing data to members of our group, such restrictions are covered by our mutually Binding Corporate Rules (see above).

To prosecution authorities, to third parties as part of legal proceedings and to legally authorised third parties:

to comply with our legal obligations, to defend our legal claims or to protect the rights, property or safety of third parties

to prosecution authorities, government bodies or authorised third parties based on a request for information in connection with investigative procedures or the suspicion of a crime, an illegal action or another action which can result in a legal liability for us, you or another user

to holders of rights, who have signed a non-disclosure agreement with us, in connection with an investigation because of fraud, infringement of intellectual property, product piracy or another illegal action, provided that, in our own judgement, we regard this as necessary or sensible

to credit agencies provided that this is permitted based on the applicable national law

to third parties involved in legal proceedings, provided that they issue us with a court order, court decision or a similar legal order or where we believe in good faith that a disclosure of the data is necessary in order to prevent immediate and impeding danger to life or limb or financial loss or report the suspicion of an illegal action.

 

Change of owner

In the event of a merger with another company or a take-over by another company we will be able to disclose information to this company in line with our data protection principles. In this case we will request from the merged company that the company complies with this Privacy Statement as regards your personal data. Where your personal data is collected, disclosed or stored for a purpose other than that specified in this Privacy Statement, you will be informed in advance about how your personal data will be processed for this purpose.

Security

We will protect your data using technical and organisational security measures in order to eliminate risks of loss, misuse, unauthorised access, unauthorised disclosure and change. To achieve this we use, for instance, firewalls and data encryption, physical access restriction to our computing centres and authorization checks for data access. In the event of suspecting that your account has been misused, please contact us immediately and follow the instructions outlined below in the Contact information section. 

Although we are taking all reasonable steps to prevent the disclosure of data as a result of incorrect data transmission and/or unauthorised access by third parties, we cannot accept any liability for such undesired incidents.

 

Information, correction and deletion

We aim to ensure that the personal data collected by us is correct and up-to-date. You are able to access your data and update it.

You can view, check and change your personal data by logging into your account. Please update your personal data immediately in the event of any changes or if it is incorrect.

Once you have published information on the website it may not be possible to change or remove this information. Upon receiving a request for deletion, we will close your account and remove your personal data from the public domain in as far as this is reasonably possible, based on your account activities and the applicable law.

Your legal right to information, correction or deletion of your personal data shall not be affected by this. According to the data protection law you are entitled to receive free information about whether we store and, if, so, what personal data about you we store. In particular, you can request information about the purpose of processing this data, the categories of personal data, the categories of recipients to which your data was or is disclosed or the planned period of storage and the origin of your data, where the data was not collected by us. You are entitled to object to us processing your personal data. You can also request that we delete your personal data or restrict the use of this data. You are furthermore entitled to have incorrect information corrected and deleted.

To request information or deletion, please contact gdpr@chinatrading.chor contact us by using the contact form on our Website. You can also write to us: China TCM Trading GmbH, Pfarrmatte 6, 8807 Freienbach, Switzerland. Repräsentanz Deutschland, MedConCap GmbH, Bülterstrasse 24, DE-32584 Löhne. The official data protection officer of China TCM Trading GmbH can be reached at the above address or under (gdpr@chinatrading.ch),

Where you are not legally entitled to request information, correction or deletion of your personal data, we can in some circumstances and in accordance with the applicable law, request such information or refuse correction or deletion of your personal data. We will, however, specify the reason for our decision in this case.

Where you withdraw your consent to the use or disclosure of your personal data for the purposes specified in this Privacy Statement, we may no longer be able to provide you with access to all our services or provide customer service.

Important information

This section contains some additional important information that we must raise and that relate to the use of our services: 

Unwanted and threatening emails

We do not tolerate a misuse of our services. It is not permitted to add other users to your Email distribution lists, contact these for business purposes or send SMS messages to them for commercial purposes even if the user has purchased from you unless where the user has expressly consented to this. The sending of unwanted or threatening emails or SMS messages constitutes an infringement of our General Terms and Conditions.

Please report such Spam or fraudulent emails to our customer service.

News tools

Our news tools may not be used for the dispatch of Spam or other contents infringing our terms of use. We automatically scan news sent via these tools and may filter these manually to check for spam, viruses, phishing attacks and other malicious activities, illegal or prohibited contents and in order to block the entire use or the prohibited content. We do, however, not store news sent via these tools indefinitely.

Third-party data protection regulations

This Privacy Statement only relates to the use and disclosure of personal data collected about you. If you disclose your data to third parties or if you land on a third-party Website, their Privacy Statement applies. We cannot guarantee the confidentiality or security of your data after you have disclosed this data to a third party. We therefore recommend to check in detail the data protection declarations and data security policies of your trading partners prior to carrying out any transaction and disclosing your data even if they are buyers or sellers on our websites.

Queries or complaints

In case of queries about our Privacy Statement or our handling of your data or where you would like to request information or deletion of data, please contact us by email at so gdpr@chinatrading.ch or use the contact form on our website. You can also write to us: China TCM Trading GmbH, Pfarrmatte 6, 8807 Freienbach, Switzerland. Repräsentanz Deutschland, MedConCap GmbH, Bülterstrasse 24, DE-32584 Löhne.

The company data protection officer of China TCM Trading GmbH can be reached at the above address or at (gdpr@chinatrading.ch).