1. General information about GDPR

Here you can read about what the new GDPR EU privacy reform implies for your customer relationship to TOKO AG. If you have any other questions, please feel free to contact us at gdpr(at)swixsport.no.

What is GDPR?
The EU's new privacy reform, better known as the "General Data Protection Regulation" (GDPR), is designed to improve your data security across European borders in EU and EEA countries. Privacy is important to us in TOKO AG, and here you will find information about how we work to comply with the new Privacy Policy.

A Better Experience for You
The new regulation becomes part of the Swiss/German legislation and is an additional assurance that your personal information is processed correctly and in accordance with the law. There will be greater responsibility for us in processing and securing your customer data while at the same time being able to conduct your online shopping in the same way as before.

Your consent
Your current consent is still valid. What's new is that you can now choose whether you want to receive offers and news via email and that the information about your consent and what it implies is up to date. You may withdraw your consent at any time by contacting gdpr(at)swixsport.no. You can also simply sign up for the newsletter by following the instructions at the bottom of the newsletter you received.

Coordinator and Third Party
The Managing Director of Brav Norway AS (the TOKO AG parent company in Norway) is generally responsible for the company's processing of personal data. To provide a tailor-made experience for you, we might use external partners, but your personal data is in no way neglected or sold to third parties. We guarantee that. In our Terms & Conditions you can read more about our processing of personal data.

Privacy Policy
Regarding GDPR, we have adapted and simplified our privacy statement. In the statement, you can read more about how we process your personal information and what kind of information it concerns. The declaration informs you of the customer data you provide for a purchase with us and the contact points for the information internally in our system.

Data Protection Officer
We have appointed a personal representative who is an employee of Brav Norway AS (parent company of TOKO AG). The Ombudsman is our internal privacy advisor who guides us in ensuring that privacy is being taken care of and that we constantly adhere to the regulations.

Increased Security for Your Customer Data
The new directive requires that we have a full overview of all the company's personal data and demand security for them. In the event of a data breach, which may affect your personal information, we follow the rules for reporting obligations stated in the GDPR.

2. Privacy Statement TOKO AG

This Privacy Statement tells you how we collect and process personal information.

Brav Norway AS, by the CEO, is the responsible manager for the processing of personal data by the company. The daily practitioner has the ultimate responsibility to ensure that all processing and handling of personal data is in accordance with applicable law. The daily responsibility is delegated to our privacy Ombudsman, also called "Data Protection Officer" (DPO). The delegation covers only the day-to-day tasks and not the responsibility itself.

The tasks of the DPO are to provide employee information and advice on privacy legislation, monitor compliance with the privacy regulation and internal guidelines, as well as advise on privacy implications and be the contact point for the registrar and the audit.

Evry AS is our general data processor and is our supplier for the development and maintenance of our ERP system. Barga Technical Services GmbH is our operating supplier and data processor for Toko.ch.

Information collected relating to site operation is stored on servers operated by the provider. Only TOKO AG, Evry AS and Barga Technical Services GmbH have access to the information collected. A separate data-processing agreement between TOKO AG and Evry AS governs what information the provider has access to and how it should be processed.

Personal Information
To make a purchase with TOKO AG we need name (business/personal name), address, mobile number and e-mail.

This is required to ship the products you have ordered to the correct shipping address, keep up to date with the order movements, and contact you if there should be a need for your order.

We are required to keep order information in connection with accounting, fee handling and any warranty / return handling. This history is deleted after ten years. Order information is securely stored in our ERP system, hosted in cloud servers by Microsoft. The ERP system servers are located in Amsterdam, Netherlands.

Your Rights
You have the right to access your personal information as we have registered in accordance with applicable law. You may at any time request to receive this information without consideration in accordance with the law. Normally you will receive the personal information you have requested from us within 3-5 business days, but it may take longer depending on the season and circumstances.

You may also, at any time, ask us to delete or correct your personal information, provided that we are not obliged to keep these in accordance with applicable law or other obligations we have.

Information must be delivered / transferred safely. If you submit the request electronically (e.g. via email or chat), and unless you request otherwise, the information should be provided in a standardized electronic form, such as XML or Excel.

You may withdraw the consent on marketing you have given us at any time by contacting gdpr(at)swixsport.no or by using the information at the bottom of any newsletter we send out.
You are entitled to appeal to the Data Inspectorate of the Swiss Federal Council if you find that your personal information is not processed in accordance with this Statement.

If you have experienced anything you think is a violation of the GDPR rules by TOKO AG, you may appeal by sending a written request to gdpr(at)swixsport.no or in letter form to the following address:

Brav Norway AS
ATT: GDPR
Blåswixvegen 5
NO-2624 Lillehammer
Norway

Storing Personal Information
Accounting laws requires us to store transaction data for 10 years, but also in order to safeguard customer rights in connection with warranty and complaint pursuant to the Consumer Purchase Act, the Purchase Act and TOKO AG terms of sale, we store the purchase history for 10 years.

Security of Personal Data
TOKO AG have good practices in place to ensure that unauthorized personnel do not have access to your personal information and that processing of data is in accordance with the requirements of applicable law. You can feel rest assured that we store your personal information in a safe way.

Delivery of Goods
We cooperate with UPS, Schenker and Bring for the transport of goods and we provide personal information necessary to deliver the goods to you. The information shared with the carriers is the name, address, email and telephone number. The information will be deleted from the carrier within 36 months, unless the applicable law indicates otherwise.

Cookies
Cookies are small text files stored on your device when you download a webpage. These are used to improve your user experience. The purpose of cookies is to provide the website with basic functionality such as session management, analysis, personalization and marketing. First-party cookies are required for the web page to work. Third-party cookies are used for analysis, marketing and personalization of the website. Without the use of cookies, our webpages will not work.
Here you can see an overview of cookies used on Toko.ch:

Domain Name Expiry Information
.toko.ch _gat 2 years Google Analytics. Used to distinguish users.
.toko.ch _gid 24 hours Google Analytics. Used to distinguish users.
.toko.ch _ga 24 hours Google Analytics. Used to distinguish users.
.toko.ch allow-cookies 365 days TYPO3 CMS cookie, used to see if cookies are enabled or not.

How to Avoid Cookies
If you want to avoid using cookies, you can set your browser to not accept them. See the browser's help pages for settings. Please note that if you choose to exclude cookies, many of the features of Toko.ch will not work.

We collect anonymous information about visitors to Toko.ch. The purpose of this is to improve the user experience and further develop information services on the site. Examples of what the statistics provide is how many people visit different pages, how long the visit lasts, what sites users come from and what browsers are used. The information is processed in unidentified and aggregated form. Unidentified means that we cannot track the information we collect back to the individual user. We collect the entire IP address, but the IP address is unidentified so that only the first three groups in the address are used to generate statistics. That is, if the IP address consists of the numbers 195.159.103.82, only 195.159.103.xx. is used. In addition, the IP addresses are processed at the aggregate level, that is, all data is merged into a group and not processed individually. We use Google Analytics on our site. Information from this tool is never provided from TOKO AG to other parties.

Personal Information to Third Parties
TOKO AG will never share, sell, transfer or otherwise disclose your personal information in any way other than described in our privacy statement. The only exception to this is whether we are legally obligated or have obtained your specific consent. Collaborators will only have access to the information if this is required to perform services for TOKO AG. In such cases, data processing agreements are entered into in order to safeguard information security, in addition, TOKO AG will decide how processing of the information will take place.

Changes to the Statement
If we make changes to this Privacy Statement, we will post the revised version here with an updated revision date (see bottom of page). We urge you to review the statement regularly. If major changes are made that significantly change our privacy practices, we may also notify you in other ways, such as by email.

Contact Information
If you have questions about personal information, please contact Swix Sport AS's Privacy Representative at e-mail gdpr(at)swixsport.no.
Postal Address:
Brav Norway AS
ATT: GDPR
Blåswixvegen 5
NO-2624
Lillehammer
Norway

Privacy Policy Last Modified: 22.05.2018