Boukii Sàrl, Chemin de la Cierne des Paccots 39, 1619 Les Paccots, Fribourg, Switzerland is the operator of the website www.boukii.com and www.boukii.ch of the services offered on the latter. [He or she] is thus responsible for the collection, processing and use of your personal data as well as for the compliance of the data processing with the applicable data protection legislation. 

Your trust is very important to us, which is why we take data protection very seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance on the Federal Data Protection Act (FDPA), the Telecommunications Act (TCA) and any other data protection provisions of Swiss or EU legislation that may apply, in particular the General Data Protection Regulation (GDPR). 

To find out what personal data we collect about you and how we use it, please read the information below carefully. 

  1. Consultation of our website

When you visit our site, our servers temporarily record each access in a log file. The following technical data is recorded, in principle as with any connection to a web server, without any intervention on your part and stored by us until it is automatically deleted after a maximum of 12 months: 

  • the IP address of the computer accessing the site,
  • the name of the owner of the IP space (usually your ISP),
  • the date and time of access,
  • the website from which you linked to our site (originating URL) and any search terms used,
  • the name and URL of the file accessed,
  • the status code (e.g. error message),
  • the operating system of your computer,
  • the browser you are using (type, version and language),
  • the communication protocol used (ex: HTTP/1.1)

The purpose of collecting and processing this data is to enable the use of our website (establishment of a connection), to ensure the long-term security and stability of the system and to enable the optimization of our online offer, but also for internal statistical purposes. 

If you provide us with personal data of other persons, e.g. data of the recipient of a gift, please provide us with personal data of the recipient only if you are entitled to do so according to the applicable data protection laws and if the person concerned agrees that you provide his or her personal data to us for processing purposes. 

These processing operations are based on our legitimate interest according to Art. 6 para. 1 letter f GDPR. 

  1. Creation of a customer account

To place orders in our online store, you can either order as a visitor or create a customer account. When you register for a customer account, we collect the following data: 

  • first and last name
  • mailing address
  • email address
  • Phone number
  • password

This data is collected in order to provide the customer with direct, password-protected access to his or her basic data stored in our system. The customer can consult his completed and current orders or manage/modify his personal data. 

Your consent according to Art. 6 para. 1 letter a GDPR is the legal basis for the processing of data for this purpose. 

  1. Purchase on the online store

If you wish to place orders in our online store, we require the following data for the execution of the contract: 

  • first and last name
  • billing address (if different from the delivery address)
  • payment information (depending on the payment method chosen)
  • login, i.e. email address and password (for registered customers)

Except as otherwise provided in this Privacy Policy or in the absence of your separate consent, we will only use the above data to perform this contract, including processing your orders, delivering the ordered products and ensuring that payment is properly made. 

If you provide us with personal data of other persons, e.g. data of the recipient of a gift, please provide us with personal data of the recipient only if you are entitled to do so according to the applicable data protection laws and if the person concerned agrees that you provide his or her personal data to us for processing purposes. 

The performance of a contract in accordance with Art. 6 para. 1 letter b GDPR is the legal basis for processing data for this purpose. 

  1. Transmission of data to third parties

We will only pass on your personal data if you have expressly consented to this, if we are under a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce our rights arising from the contractual relationship. 

In addition, we will pass on your data to third parties insofar as this is necessary for the use of the website and the execution of the contract (including outside the website), in particular for the processing of your bookings or your support requests. This includes the carrier responsible for shipping the ordered goods as well as the respective external service provider responsible for processing your support request. The website is hosted on servers located in Switzerland. The purpose of the data transfer is to provide and maintain the functionality of our website. This is our legitimate interest according to Art. 6 para. 1 letter f GDPR. 

When you pay by credit card on the website, we transmit your credit card information to the issuer and acquirer via the payment service provider Datatrans AG, Kreuzbühlstras-se 26, 8008 Zurich. 

Finally, we transmit your credit card information to the issuer and acquirer of your credit card when you pay by credit card on our site. If you choose to pay by credit card, you must enter all necessary information. The legal basis for the transfer of data in this case is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR. With regard to the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer. 

  1. Data transmission to foreign countries

We may also transfer your personal data to third-party companies (contracted service providers) abroad for the data processing specified in this privacy policy. These companies are subject to the same level of data protection as we are. If the level of data protection in a given country does not correspond to the Swiss or EU level, we will establish a contract to ensure that the protection of your personal data always corresponds to that of Switzerland or the EU. 

6. Right to information, rectification, erasure and restriction of processing; right to data portability 

Upon request, you have the right to obtain information about your personal data stored by us. Furthermore, you have the right to the correction of incorrect data and the deletion of your personal data, as long as there is no legal obligation to store the data or no legal basis for us to process the data. 

You may contact us for the above purposes at the following email address theboukiiteam@boukii.ch. We may ask you, at our discretion, for proof of identity to process your requests. 

  1. Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or total loss and against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments. 

You should always keep your login information confidential and close the browser window when you have finished communicating with us, especially if you are not the only person using the computer. 

We also take data protection in our company very seriously. Our employees and the service companies we commission are bound to secrecy and to compliance with the legal provisions on data protection. 

8 Data retention 

We only store personal data for as long as is necessary for the use of the above-mentioned tracking and analysis services and for further processing based on our legitimate interest. We retain contractual data for a longer period of time as required by legal retention obligations. The retention obligations that require us to retain data arise from financial accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for a maximum of 10 years. As soon as we no longer need this data for the performance of our services, it will be blocked. The use of this data is restricted to tax and accounting purposes. 

  1. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for monitoring data protection.