Our visitors: The following companies are the “data controllers” who are responsible for data processing as per this data protection/ privacy declaration. In other words, the organisations which are primarily responsible under data protection law (also “we”):

Multi Switzerland AG
Ebisquare Strasse 1, 6030 Ebikon, Switzerland
(in the following “Multi Switzerland”)

Silver Moss C Retail 2014 S.à.r.l.
51, boulevard Royal, 2449 Luxemburg, Luxembourg
(in the following “SMR”)

Silver Moss C Mixed 2014 S.à.r.l.
51, boulevard Royal, 2449 Luxemburg, Luxembourg
(in the following “SMM”)

We are jointly responsible for data processing (the data controllers) and have concluded a corresponding agreement. Multi Switzerland is primarily responsible for compliance with data protection regulations if one party can fulfil these obligations for all data controllers. This applies for example to external communications with data protection authorities or, where required, to the compilation of data protection impact assessments or a processing register. All data controllers must comply with other obligations independently of one another. This applies for example to fundamental data processing principles and, where required, to compliance with legal justifications when processing personal data.

If you have questions regarding the agreement or data protection in general, please contact the following entity:

Multi Switzerland AG, Ebisquare-Strasse 1, 6030 Ebikon

Tel. +41 (0)41 349 60 00
info(at)mallofswitzerland(.)ch

It goes without saying that you may, however, also contact SMM or SMR if you have any questions.

Our partners and/or suppliers: The following companies are the “data controllers” who are responsible for data processing as per this data protection/ privacy declaration. In other words, the organisations which are primarily responsible under data protection law (also “we”):

Multi Switzerland AG
Ebisquare Strasse 1, 6030 Ebikon, Switzerland
(in the following “Multi Switzerland”)

Silver Moss C Retail 2014 S.à.r.l.
51, boulevard Royal, 2449 Luxemburg, Luxembourg
(in the following “SMR”)

Silver Moss C Mixed 2014 S.à.r.l.
51, boulevard Royal, 2449 Luxemburg, Luxembourg
(in the following “SMM”)

We are jointly responsible for data processing (the data controllers) and have concluded a corresponding agreement. Multi Switzerland is primarily responsible for compliance with data protection regulations if one party can fulfil these obligations for all data controllers. This applies for example to external communications with data protection authorities or, where required, to the compilation of data protection impact assessments or a processing register. All data controllers must comply with other obligations independently of one another. This applies for example to fundamental data processing principles and, where required, to compliance with legal justifications when processing personal data.

If you have questions regarding the agreement or data protection in general, please contact the following entity:

Multi Switzerland AG, Ebisquare-Strasse 1, 6030 Ebikon

Tel. +41 (0)41 349 60 00
info(at)mallofswitzerland(.)ch

It goes without saying that you may, however, also contact SMM or SMR if you have any questions.

Our visitors: When you visit the Mall of Switzerland or our website www.mallofswitzerland.ch and use our related products and services (together “services”), we will process your data in order to provide the services; to prepare the contract for conclusion and to perform the corresponding contract. For more information on our services, click here. Our services are primarily intended for people who are domiciled or habitually resident in Switzerland:

• When we conclude a contract with you, for example if you use our multistorey car park; purchase a gift card from us; use our Wi-Fi; hire a wheelchair; use our child care services or register for an event, then we will process the data provided prior to conclusion of the contract or the registration (e.g. on the order form) and also information regarding the contract itself (e.g. conclusion date and object of the contract). During and after the term of the contract we will process information regarding the contract and/or the use of services; payments; contact with our customer service department; claims; complaints; termination of the contract and – should there be any disputes regarding the contract – also regarding these disputes and corresponding proceedings.
• When you visit the Mall of Switzerland, you may be photographed or filmed. These activities serve first and foremost to pursue criminal acts and misdemeanours and to assert our house rules. We may, however, also use the images for statistical purposes which are not related to specific individuals. These images will be erased within three months if there is no overriding interest in archiving them.
• Before we conclude a contract we may verify our contractual partner’s credit rating, in other words the probability that they may default on payment, particularly if we pre-finance a transaction, of if we offer a specific payment option. To do so, we will obtain address and credit-rating information from Dun & Bradstreet or Trace, credit agencies. Dun & Bradstreet and Trace each maintain their own database for this purpose. We will only use this data to verify your address and credit rating and will then erase it (with the exception of a current address). Insofar as expedient with regard to the conclusion of a contract, we may also obtain additional data from public registers (e.g. the commercial register) or the Internet.
• If you register and log onto one of our websites (e.g. onto https://www.mallofswitzerland.ch/intranet-login), we will process the data provided when you register and data regarding your activities while you are logged on or also before or after you logged on/off if we can assign the collected data to you (for more on this see also Item 5).
• If you order services from us online (e.g. at https://shop.boncard.ch/mallofswitzerland), we will process your contact data; the shopping basket and/or the order; information regarding the delivery destination and the type of shipping; and your payment data.
• If you transfer data to us by other means, such as [when taking part in a competition or a raffle], we will process the data which is transferred to us such as [to notify or publicise the winners]. We will also process the above-mentioned data to evaluate statistics which help us to improve and develop products and business strategies. We may also use this data for marketing purposes; for more information on this, see Item 4.

You may transfer data to us which relates to someone else (e.g. representatives, employees, family members, economic beneficiaries). We will assume that this data is correct and that you are authorised to make it available to us. Please inform the relevant individuals regarding our data processing (e.g. by making a reference to this data protection/ privacy declaration) insofar as you are legally required to provide this information.

Our partners and/or suppliers: If you lease rental premises from us; we procure goods or services from you; or we have any other business relationship with you, we will process data to prepare the contract for conclusion and to perform the corresponding contract.

• If we conclude a contract with you, for example a leasing contract or a service agreement, then we will process the data provided prior to conclusion of the contract and also information regarding the contract itself (e.g. conclusion date and object of the contract). During and after the term of the contract we will process information regarding the contract and/or the use of services; payments; contact with our customer service department; claims; complaints; termination of the contract and – should there be any disputes regarding the contract – also regarding these disputes and corresponding proceedings.
• Before we conclude a contract we may verify our contractual partner’s credit rating, in other words the probability that they may default on payment, particularly if we pre-finance a transaction, of if we offer a specific payment option. To do so, we will obtain address and credit-rating information from Dun & Bradstreet or Trace, credit agencies. Dun & Bradstreet and Trace each maintain their own database for this purpose. We will only use this data to verify your address and credit rating and will then erase it (with the exception of a current address). Insofar as expedient with regard to the conclusion of a contract, we may also obtain additional data from public registers (e.g. the commercial register) or the Internet.
• If we have contact with you regarding a contract, then we will process in particular the data which you transfer to us. This includes in particular information regarding your financial circumstances and your capacity and willingness to bear risk. In addition to this and within the scope of our legal obligations and internal guidelines, we carry out sanction listing and comparable checks of our customers and/or their management bodies and economic beneficiaries and, when doing so, obtain data from relevant data bases, including identification data such as the date of birth of listed persons; information on economic and political links; and information on sanction listings. This may also include personal data which is particularly worthy of protection.
• If you register and log onto one of our websites (e.g. onto https://www.mallofswitzerland.ch/intranet-login), we will process the data provided when you register and data regarding your activities while  you are logged on or also before or after you logged on/off if we can assign the collected data to you. For more information on processing of your data which relates to our website, please see the corresponding data protection/ privacy declaration, which can be viewed https://mallofswitzerland.ch/en/data-protection/cookies, and our cookie policy, which can be viewed at https://mallofswitzerland.ch/en/data-protection/cookies
• We will also process the above-mentioned data to evaluate statistics which help us to improve and develop products and business strategies. We may also use this data for marketing purposes; for more information on this, see Item 4.

We process less personal data in the case of contractual partners who are companies because data protection law only covers data concerning natural persons (i.e. human beings). We do, however, process data concerning contact persons with whom we have contact, e.g. name, contact details, professional details and information arising from communications, and also information regarding superiors, etc. as part of the general information concerning companies with whom we work.

You may transfer data to us which relates to someone else (e.g. representatives, employees, family members, economic beneficiaries). We will assume that this data is correct and that you are authorised to make it available to us. Please inform the relevant individuals regarding our data processing (e.g. by making a reference to this data protection/ privacy declaration) insofar as you are legally required to provide this information.

Our visitors: We process personal data in order to advertise our services and third-party services:

• Newsletters: We send out electronic information and newsletters which include advertisements for our offerings [as well as also for the offerings of other companies with whom we work]. We will request your consent before doing so unless we are advertising specific offerings to existing customers. [In this context, in addition to your name and email address, we will also process information regarding which services you have already used; whether you open our newsletters and which links you click. To do so, our mailing service provider provides a feature which primarily functions via invisible image files which are loaded by a server via an encrypted link which enables it to transmit the corresponding information. This is a widely used process which helps us to assess the impact of newsletters and to optimise our newsletters. You can avoid this measurement by activating the relevant settings in your email programme (e.g. by deactivating automatic loading of image files).
• Events: We may hold events. If you participate in them, we will process the registration data so that we can organise and hold the event and, where applicable, to contact you after the event. We may also take pictures at the event which we will, for example, share on social media. In such cases we will make you aware of this separately. Any liability of the Mall of Switzerland’s owner or management company is excluded.
• Promotional phone calls: We may make phone calls to our customers and, in individual cases, to potential customers and, when doing so, process the corresponding data concerning the people we have spoken to and, where applicable, affiliated persons at the company which we have phoned.
• Market research: We also process data in order to improve services and develop new products. This includes information on your purchases or your reaction to newsletters or information obtained from surveys or social media; from media monitoring services and from public sources.
• Our partners and/or suppliers: Newsletters: We send out electronic information and newsletters which include advertisements for our offerings [as well as also for the offerings of other companies with whom we work]. We will request your consent before doing so unless we are advertising specific offerings to existing customers. [In this context, in addition to your name and email address, we will also process information regarding which services you have already used; whether you open our newsletters and which links you click. To do so, our mailing service provider provides a feature which primarily functions via invisible image files which are loaded by a server via an encrypted link which enables it to transmit the corresponding information. This is a widely used process which helps us to assess the impact of newsletters and to optimise our newsletters. You can avoid this measurement by activating the relevant settings in your email programme (e.g. by deactivating automatic loading of image files).
• Events: We may hold events. If you participate in them, we will process the registration data so that we can organise and hold the event and, where applicable, to contact you after the event. [We may also take pictures at the event which we will, for example, share on social media. In such cases we will make you aware of this separately.]
• Promotional phone calls: We may make phone calls to our customers and, in individual cases, to potential customers and, when doing so, process the corresponding data concerning our business partners and, where applicable, affiliated persons at the company which we have phoned.
• Market research: We also process data in order to improve services and develop new products. This includes information on your purchases or your reaction to newsletters or information obtained from surveys or social media; from media monitoring services and from public sources.

Our visitors: For technical reasons, a range of data is generated every time you use our website. This data is temporarily stored in log files. This applies primarily to the end device’s IP address; information concerning the internet service provider and your end device’s operating system; information regarding the referring URL; information regarding the browser used; the date and time of the request; and the content requested during the website visit.

In addition to this, our website uses cookies, files which your browser automatically stores on your end device. This enables us to differentiate between individual visitors, but generally without personally identifying them. Cookies may also include information on the requested pages and the duration of the visit. Some cookies (“session cookies”) are erased when you close your browser. Others (“permanent cookies”) are stored for a specific period of time so that we can recognise visitors when they revisit the site. We may also use other technologies, for example to save data in the browser, but also for recognition, such as pixel tags or fingerprints. Pixel tags are invisible images or a programme code which are loaded by a server and enable specific types of evaluation. Fingerprints are information regarding your end device’s configuration data and make it possible to differentiate it from other end devices.

We use log files and data which we collect via cookies and similar technologies to enable visitors to use our website as well as to ensure system security and stability; to optimise our website and for statistical purposes. In addition to this, cookies and other technologies may originate from third-party companies who provide us with specific functions. For more information on this, see below.

You can configure your browser settings to block specific cookies or similar technologies or to erase cookies and other stored files. For more information on this, see your browser’s help pages (usually under the keywords “data protection” or “privacy”).

Our visitors: Third-party cookies and similar technologies enable these parties to compile analyses and evaluations for us so that we can understand how our website is used and optimise our online offering. In addition to this, these third-party providers may approach you with individualised advertising on websites and in social networks operated by these third parties or their partners and measure how effective advertising is (e.g. if you come to our website via an ad and your activity on our website. The corresponding third-party providers may track use of the website for this purpose and combine their records with further information from other websites. This enables them to track user behaviour across multiple websites and end devices in order to provide us with statistical evaluation which is based on this data. The providers may also use this information for their own purposes, such as for personalised advertising on their own website or on other websites. If a user is registered with the provider, then the latter can assign the usage data to the relevant user.

Google is such a service provider. For more information on this, see below. We may, however, also use other service providers who generally process personal and other data in a similar way. For information on what cookies we use, please see our cookie declaration, which can be viewed at: https://mallofswitzerland.ch/en/data-protection/cookies. It also provides information on the purpose of cookie use and on the relevant provider’s data protection/ privacy declarations.

Among other services, we use Google Analytics, an analysis service provided by Google LLC (Mountain View, USA) and Google Ireland Ltd. (Dublin, Ireland). Google collects certain types of information regarding users’ behaviour on the website and the end devices which they use. In Europe visitors’ IP addresses are shortened before they are forwarded to the USA. Google uses the data it collects to provide us with evaluations, but also processes some data for its own purposes. For information on Google Analytics’ privacy policy click here, If you have a Google account, you can also obtain more information here.

Our visitors: We are active on social networks and other platforms (in particular Instagram, Facebook, YouTube and TikTok). If you communicate with us there or comment on/ share content, then we will collect data regarding this and use it primarily to communicate with you; for marketing purposes and for statistical evaluation (see Items 4 and 6). Please note that the platform provider also collects and uses data (e.g. on user behaviour), where applicable together with other data which they have (e.g. for marketing purposes or to personalise platform content). Insofar as we have joint responsibility with the provider, we conclude a corresponding agreement. Information on this agreement is available from the provider.

Our partners and/or suppliers: If you apply for a job with us, we will process the data which we receive from you within the scope of the application process and, where applicable, additional data from public sources such as social media for professionals. We will use this data within the scope of your job application and may also use it statistical purposes which are not related to personal data.

Our visitors: Yes, because many processes cannot be carried out without processing personal data, including standard and even internal processes. It is not always possible to determine exactly in advance what processing will be carried out or how much data will be processed, however the following are typical situations:

• Communications: If we are in contact with you (e.g. if you call our customer services department or communicate with us via a social media platform), then we will process data regarding communication content and the type, time and place of the communication. For identification purposes we may also process information regarding proof of identity.
• Compliance with legal requirements: We may process data and/or disclose it to the authorities within the scope of statutory obligations or powers and to comply with internal guidelines.
• Prevention: We process data to prevent criminal acts and other offences, for example to combat fraud or within the scope of internal investigations.
• Legal proceedings: Insofar as we are involved in legal proceedings (e.g. a court case or administrative proceeding), we will process data regarding, for example, parties to the proceedings and other involved persons such as witnesses or informants and disclose data to such parties, courts and authorities; in some circumstances they may also be located abroad.
• IT security: We also process data for the monitoring, inspection, analysis, securing and testing of our IT infrastructure, as well as also for back-ups and data archiving.
• Transactions: When we sell or acquire claims, other assets, operating units or companies, we process data to the extent required to prepare and carry out such transactions, such as information about clients and/or their points of contact or employees, and also disclose such data to buyers or sellers.
• Other purposes: We process data to the extent required for other purposes, such as training and education, administration (e.g. contract management, accounting, assertion of and defence against claims, evaluation and improvement of internal workflows, compilation of anonymous statistics and evaluations); acquisition or sale of claims, transactions, operating units or companies and to protect legitimate interests.

Our partners and/or suppliers: Yes, because many processes cannot be carried out without processing personal data, including standard and even internal processes. It is not always possible to determine exactly in advance what processing will be carried out or how much data will be processed, however the following are typical situations:

• Communications: If we are in contact with you (e.g. if you call our customer services department or communicate with us via a social media platform), then we will process data regarding communication content and the type, time and place of the communication. For identification purposes we may also process information regarding proof of identity.
• Compliance with legal requirements: We may disclose data to the authorities within the scope of statutory obligations or powers and to comply with internal guidelines.
• Prevention: We process data to prevent criminal acts and other offences, for example to combat fraud or within the scope of internal investigations.
• Legal proceedings: Insofar as we are involved in legal proceedings (e.g. a court case or administrative proceeding), we will process data regarding, for example, parties to the proceedings and other involved persons such as witnesses or informants and disclose data to such parties, courts and authorities; in some circumstances they may also be located abroad.
• IT security: We also process data for the monitoring, inspection, analysis, securing and testing of our IT infrastructure, as well as also for back-ups and data archiving.
• Competition: We process data regarding our competitors and the market environment in general (e.g. the political situation, activities of professional associations, etc.). When doing so we may also process data regarding key persons, in particular their names, contact details, roles or positions and their public statements.
• Transactions: When we sell or acquire claims, other assets, operating units or companies, we process data to the extent required to prepare and carry out such transactions, such as information on clients and/or their points of contact or employees, and also disclose such data to (potential) buyers or sellers.
• Other purposes: We process data to the extent required for other purposes, such as training and education, administration (e.g. contract management, accounting, assertion of and defence against claims, evaluation and improvement of internal workflows, compilation of anonymous statistics and evaluations); acquisition or sale of claims, transactions, operating units or companies and to protect legitimate interests.

Our visitors: Within the scope of our activities we may disclose personal data to a variety of entities. These include in particular the following recipients:

• Other affiliated companies in the group: We are a member of the Multi Group under the umbrella of Multi Corporation B.V. respectively the ADIA Group under the umbrella of the Abu Dhabi Investment Authority. We may disclose data to affiliated companies, in particular to use specific services provided by the group, such as accounting and IT services. Affiliated companies also provide each other with mutual assistance in other regards and may also exchange personal data when doing so. We may, for example, transmit personal data to affiliated companies and also use this data for further purposes parallel to Item 6 above. When doing so, we often cooperate with affiliated companies and share joint responsibility under data protection law. For information on your rights as a data subject, please do not hesitate to contact us (in such cases we will liaise with other affiliated companies) or to contact the other companies directly;
• With persons who are affiliated with you, such as authorised representatives, guarantors, stand-ins and family members and, in the case of company contacts, employees and the company itself;
• Credit agencies and providers of sanction listing and other databases, to whom we may disclose required information regarding you within the scope of a request for information;
• Administrative bodies, the authorities and courts within the scope of our legal obligations and in connection with proceedings in which we are a party or third party;
• Third parties, for example in connection with the acquisition or sale of assets, companies or business units by us;
• Service providers, in particular providers of IT services (such as providers of hosting or data analysis services) or of administration and consulting services. These providers may process data on our behalf or under their own responsibility. For more information on service providers for our website, see Item 5.2;
• Banks, providers of shipping and logistics services, Swiss Post, etc.

Recipients of personal data may also be located outside of Switzerland and Luxembourg, in particular within the EU and/or the EEA but also potentially in other countries around the world, such as the United Arab Emirates. We may also transfer data to authorities and other persons outside of Switzerland if we are legally obliged to do so or, for example, within the scope of corporate acquisition or legal proceedings (see Item 6 for more information). Not all of these countries have adequate data protection regulations. We offset the lower level of protection by means of corresponding guarantees, in particular so-called EU Commission standard data protection clauses, which can be viewed here. In certain cases we may also transfer data without such guarantees if this transfer complies with data protection law-related regulations, for example if you have consented to the corresponding disclosure or if the disclosure is required to perform a contract; to establish, exercise or assert legal claims or is in the overriding public interest.

Our partners and/or suppliers: Within the scope of our activities we may disclose personal data to a variety of entities. These include in particular the following recipients:

• Other affiliated companies in the group: We are a member of the Multi Group under the umbrella of Multi Corporation B.V. respectively the ADIA Group under the umbrella of the Abu Dhabi Investment Authority. We may disclose data to affiliated companies, in particular to use specific services provided by the group, such as accounting and IT services. Affiliated companies also provide each other with mutual assistance in other regards and may also exchange personal data when doing so. We may, for example, transmit personal data to affiliated companies and also use this data for further purposes parallel to Item 5 above. When doing so, we often cooperate with affiliated companies and share joint responsibility under data protection law. For information on your rights as a data subject, please do not hesitate to contact us (in such cases we will liaise with other affiliated companies) or to contact the other companies directly; 
• With persons who are affiliated with you, such as authorised representatives, guarantors, stand-ins and family members and, in the case of company contacts, employees and the company itself;
• Brokers if we cooperate with brokers for our services and transfer information regarding you to these brokers so that they can contact you directly;
• Credit agencies and providers of sanction listing and other databases, to whom we may disclose required information regarding you within the scope of a request for information;
• Administrative bodies, the authorities and courts within the scope of our legal obligations and in connection with proceedings in which we are a party or third party;
• Third parties, for example in connection with the acquisition or sale of assets, companies or business units by us;
• Service providers, in particular providers of IT services (such as providers of hosting or data analysis services) or of administration and consulting services. These providers may process data on our behalf or under their own responsibility;
• Banks, providers of shipping and logistics services, Swiss Post, etc.

Recipients of personal data may also be located outside of Switzerland and Luxembourg, in particular within the EU and/or the EEA but also potentially in other countries around the world, such as the United Arab Emirates. We may also transfer data to authorities and other persons outside of Switzerland if we are legally obliged to do so or, for example, within the scope of corporate acquisition or legal proceedings (see Item 5 for more information). Not all of these countries have adequate data protection regulations. We offset the lower level of protection by means of corresponding guarantees, in particular so-called EU Commission standard data protection clauses, which can be viewed here. In certain cases we may also transfer data without such guarantees if this transfer complies with data protection law-related regulations, for example if you have consented to the corresponding disclosure or if the disclosure is required to perform a contract; to establish, exercise or assert legal claims or is in the overriding public interest.

Our visitors: We process your personal data for as long as this is required for processing purposes (in the case of contracts, generally for the term of the contractual relationship); for as long as we have a legitimate interest in storage (e.g. to assert legal claims, for archiving or to ensure IT security) and for as long as the data is subject to a legal archiving obligation (there is, for example, a ten-year archiving period for some data). After expiry of these periods we will erase or anonymize your personal data.

Our partners and/or suppliers: We process your personal data for as long as this is required for processing purposes (in the case of contracts, generally for the term of the contractual relationship); for as long as we have a legitimate interest in storage (e.g. to assert legal claims, for archiving or to ensure IT security) and for as long as the data is subject to a legal archiving obligation (there is, for example, a ten-year archiving period for some data). After expiry of these periods we will erase or anonymize your personal data.

Our visitors: We take appropriate technical and organisational measures to ensure that your personal data is protected in a manner which is appropriate to the corresponding level of risk. We cannot, however, ensure absolute data security; some residual risks are unavoidable.

Our partners and/or suppliers: We take appropriate technical and organisational measures to ensure that your personal data is protected in a manner which is appropriate to the corresponding level of risk. We cannot, however, ensure absolute data security; some residual risks are unavoidable.

Our visitors: Depending on the applicable law, data processing is only permitted if the applicable law specifically permits it. This does not apply in the case of Swiss data protection law but is, for example, the case under the European General Data Protection Regulation (GDPR), insofar as it applies. In such cases our processing of your personal data will be based on the following legal bases:

• Art. 6 Para. 1 (b) GDPR for processing which is required for the performance of a contract with the data subject or to take steps prior to entering into a contract (see Item 3 for more information);
• Art. 6 Para. 1 (f) GDPR for processing which is required to protect our legitimate interests or legitimate third-party interests, insofar as these interests are not overridden by the data subject’s fundamental freedoms or rights or by their interests. This applies in particular to compliance with Swiss law; our interest in carrying out our activities in the long term and in a manner which is user friendly, secure and reliable; and for the purposes stated under Items 3–7);
• Art. 6 Para. 1 (c) GDPR for processing which is required to comply with a legal obligation under the law of a member state of the European Economic Area (EEA). The EEA includes the EU states and Iceland, Norway and Liechtenstein;
• Art. 6 Abs. 1 (a) GDPR for processing which we carry out with your separate consent.

You are not generally obliged to disclose data to us, with the exception of individual cases (e.g. if you must fulfil a contractual obligation and this involves the disclosure of data to us).

Our partners and/or suppliers: Depending on the applicable law, data processing is only permitted if the applicable law specifically permits it. This does not apply in the case of Swiss data protection law but is, for example, the case under the European General Data Protection Regulation (GDPR), insofar as it applies. In such cases our processing of your personal data will be based on the following legal bases:

• Art. 6 Para. 1 (b) GDPR for processing which is required for the performance of a contract with the data subject or to take steps prior to entering into a contract (see Item 0 for more information);
• Art. 6 Para. 1 (f) GDPR for processing which is required to protect our legitimate interests or legitimate third-party interests, insofar as these interests are not overridden by the data subject’s fundamental freedoms or rights or by their interests. This applies in particular to compliance with Swiss law; our interest in carrying out our activities in the long term and in a manner which is user friendly, secure and reliable; and for the purposes stated under Items 3–7;
• Art. 6 Para. 1 (c) GDPR for processing which is required to comply with a legal obligation under the law of a member state of the European Economic Area (EEA). The EEA includes the EU states and Iceland, Norway and Liechtenstein;
• Art. 6 Abs. 1 (a) GDPR for processing which we carry out with your separate consent.

You are not generally obliged to disclose data to us, with the exception of individual cases (e.g. if you must fulfil a contractual obligation and this involves the disclosure of data to us).

Our visitors: Under the conditions and within the scope of applicable data protection law, you have specific rights to request a copy of your personal data respectively to exert influence on our processing of this data:

• Information: You may request information regarding whether we process personal data concerning you and, if yes, what data is processed as well as further information regarding our data processing.
• Rectification and restriction: You may have incorrect personal data rectified and incomplete data completed as well as have processing of your data restricted.
• Erasure and objection: You may have personal data erased and object to the processing of your data, effective for the future. You may, in particular, object at any time to processing of your personal data on grounds relating to your personal situation; and object at any time to processing of data in our legitimate interest and for direct marketing purposes.
• Transfer: You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable format, insofar as the corresponding processing is based on your consent or required to perform a contract.
• Withdrawal: Insofar as we process data on the basis of your consent, you may withdraw this consent at any time. This withdrawal will only be effective for the future  and, in the case of a withdrawal, we reserve the right to continue to process data on the basis of another reason.

If you wish to assert such a right, then please do not hesitate to contact us at:

Multi Switzerland AG, Ebisquare-Strasse 1, 6030 Ebikon

Tel. +41 (0)41 349 60 00
info(at)mallofswitzerland(.)ch

We will generally need to verify your identity in order to process your enquiry. In addition to this, you also have the right to submit a complaint against our processing of your data to the responsible data protection supervisory authority. In Switzerland this is the Swiss Federal Data Protection and Information Commissioner (EDÖB). Furthermore you have the right – insofar as the GDPR is applicable – to submit a complaint to a responsible European data protection supervisory authority.

Our partners and/or suppliers: Under the conditions and within the scope of applicable data protection law, you have specific rights to request a copy of your personal data respectively to exert influence on our processing of this data:

• Information: You may request information regarding whether we process personal data concerning you and, if yes, what data is processed as well as further information regarding our data processing.
• Rectification and restriction: You may have incorrect personal data rectified and incomplete data completed as well as have processing of your data restricted.
• Erasure and objection: You may have personal data erased and object to the processing of your data, effective for the future. You may, in particular, object at any time to processing of your personal data on grounds relating to your personal situation; and object at any time to processing of data in our legitimate interest and for direct marketing purposes.
• Transfer: You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable format, insofar as the corresponding processing is based on your consent or required to perform a contract.
• Withdrawal: Insofar as we process data on the basis of your consent, you may withdraw this consent at any time. This withdrawal will only be effective for the future and, in the case of a withdrawal, we reserve the right to continue to process data on the basis of another reason.

If you wish to assert such a right, then please do not hesitate to contact us at:

Multi Switzerland AG, Ebisquare-Strasse 1, 6030 Ebikon

Tel. +41 (0)41 349 60 00
info(at)mallofswitzerland(.)ch

We will generally need to verify your identity in order to process your enquiry. In addition to this, you also have the right to submit a complaint against our processing of your data to the responsible data protection supervisory authority. In Switzerland this is the Swiss Federal Data Protection and Information Commissioner (EDÖB). Furthermore you have the right – insofar as the GDPR is applicable – to submit a complaint to a responsible European data protection supervisory authority.