Privacy Policy

We take your privacy and confidentiality seriously. We implement best practices for protecting your data and ensuring that you can access and control them at any time. If the uses of your information change, we will provide you with more information when we are in contact with you. Where necessary, we would do that by updating our privacy notice so that you can get a notification the next time you connect to our website.

My Source Ltd (« Company », “we“, “us“ or “our“), the operator and owner of the Platform, is a company that operates under the laws of Switzerland with registered number CHE-438.548.082 and having its offices located at Rue des Fontenailles 13, 1007 Lausanne.

We use https://www.swissimpactstore.com to provide your with our services with the available functionalities of the Website. If you have any questions related to how we handle your personal information or to exercise your rights to privacy (section 12) you can contact us at [email protected].

Our Website allows individuals to visit and purchase goods and services online (“Customers”) from various sellers (“Seller”) who have created an account on the Platform. When you make a purchase with a Seller, you enter into a remote contractual relationship directly with them. Sellers may either be individuals or businesses.

As a Customer, we will collect certain information about you via the features and functionalities of the Platform. We will store and host certain personal information about you including your purchase history, choices that you have made via the Platform and through the various functionalities and features of our Website. However, the Sellers will remain responsible for all information that they will collect about you and that will be stored on our Platform.

The Sellers are responsible for your personal data that they store on our Platform. This privacy notice provides your with high level information about our infrastructure, our hosting, security practices or other capabilities. However, if you want to understand more about how sellers will process your personal data, please contact them directly to obtain all details about your contractual relationship. To the extent possible, we will collaborate with them so that they can easily provide you with more information.

As a Seller, whether an individual or a business, this Platform allows you to create a user account and advertise your goods or services via a hosting environment that we will create for you. When creating an account, placing goods or services via the various means available on this e-commerce Website, we will process personal data about you or your business, including about your Customers.

Information about your Customers

All information about Customers are hosted and stored within our infrastructure under your sole responsibility as a data controller. You may decide about the purposes and means of the processing of Customers personal data on our Website, the retention periods and all other information required to comply with applicable data protection laws. We will only host Customer data on our Website on your behalf and upon your prior instructions.

Information about you as an individual Seller or a business

When processing information about Sellers, we will do so in compliance with all applicable laws in order for us to provide you with the service pursuant to the contractual relationship that you have with us. Those terms and conditions, and other terms govern your relationship with us and the conditions upon which you are allowed to use our services.

When using our website, we will collect information about you via different means and for various purposes, such as when you use the website, when creating and using your user account, when purchasing a product or filling in your payment details or interacting with us. When doing so, we will only process information that relates to you for the purposes as set out in this privacy notice. If you are a Customer, please contact directly the Sellers to obtain more information about how they use your personal information.

Information that we collect automatically

When you access our website, we may collect and use certain information about your device and your use of it. The information we collect may include your IP address, unique identifiers of your device, location data, information derived from cookies we may have stored on your device, which may contain personal data, and information about the pages visited, search terms entered or links clicked within the Platform. In the event we allow third party providers to place advertising on the website, you will have access to third party notices or, where applicable either give your prior permission or have the right to object.

Information we obtain indirectly from you / via third parties

The Platform collects information about you when you register on the website and create a user account. All information that you share with us when creating your user account is available in your dashboard, which you can access by connecting with your login and password information. In certain limited circumstances, we may access certain information from third parties, such as Sellers in the context of the contractual or pre-contractual relationship that you have with them. This applies in particular for technical or security reasons (for example, for fraud monitoring and prevention), or for other Business Purposes (such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent).

When visiting our website as a Customer or when connecting to our Platform as a Seller via your user account, we will collect personal information about you, including:

• Contact data, including when you create an account such as your full name, address and location, phone number, e-mail address, or when contacting us for support/inquiries, or when submitting information to us via a contact form or submitting a review of a product or a Seller.
• Financial data, such as your bank name and account to reimburse you of any amount that you may have paid to us, including, where applicable and strictly required for your identification your ID card or number. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Platform.
• Aggregate information and statistics data, such as where applicable, through the use of tracking technologies. When placing optional cookies or similar tracking technologies that are non-essential on your device or to operate the website, we will do so on the basis of your prior permission, unless applicable data protection laws permit us to do so otherwise;
• Media content, such as images or videos, which may contain images, audio recordings and video of you. You remain responsible for the provision of such content to us and shall, unless legally permitted, ensure to either inform or collect prior consent from any other individual captured in such media content prior to sharing this content with us to respect their image rights;
• Instant messaging data or user-to-user communications, such as any information that you may share with us by instant messaging functionalities or, where available on the website.

Deliver targeted advertising to you. We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.

Legal requests. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

When do we collect personal information about you?

1. When entering into a pre-contractual or contractual relationship with us on the Website.

When we interact with you, we may collect information from you, which may include information when you:

• create an account separately or become one of our Seller to enter into a contractual relationship with us

In the cases mentioned above, the information we collect and use is normally apparent from the context in which you provide it to us.

2. Upon creation of your user account within the Platform

When you successfully submitted information about you to create an account within the website,  you will either login directly or receive login details separately in order to log into your user account, upload information to the secured portal, interact with us and use other features available on our website.

Please note: Ensure that no confidential, nor sensitive personal data is shared nor transmitted via our Website, (including via instant messaging or via your account as a Seller), unless you are authorized to do so.

In general, we use personal information about you only:

• for the necessity and the management of the contractual relationship with us or to provide you with our specific and agreed services via the website;
• according to our legitimate interest when you use the Platform or, where permitted, for statistics, administrative or billing purposes;
• where necessary, to comply with our legal obligations for transmission to competent authorities;
• where required by law upon your prior consent or sharing your personal data outside your country of residence in countries that do not provide the same level of protection to your privacy as in your country of residence.

When processing your personal data, we collect and use information about you in accordance with all applicable data protection laws.

For authorized users of the Website

If you are a Seller, we process your personal information on the basis of the pre-contractual or contractual relationship that we will enter into with you, our legitimate interest, to comply with applicable laws, or when needed based on your prior consent.
If you are a visitor or a Customer of our Platform, we will collect information about you on the basis of either a contractual necessity if you enter into a contract with us, our legitimate interest, a legal obligation, to defend legal claims or when needed after we received your prior permission.

The main processing activities are listed below. In some cases, we do so for other reasons which are indicated to you in this section or separately via the Platform. None of your personal data is disclosed to third parties without guaranteeing their confidentiality and security or, where required by applicable law, with your prior consent.

Table for data retention, legal basis and purpose for each category of personal data

Note that this table provides some examples of data retention schedules. If you are a Customer, the purposes for which your personal data will be used and the legal bases shall remain the responsibility of the Sellers that uses our Platform. We still process certain information about Customers and Sellers for our own purposes as a data controller, such as when you enter into a contractual relationship with us and when we collect personal data to improve our security, our features to provide you with better services or  to measures audience which will often occur on an aggregate basis.

Categories of personal data:
Account data

• contact and login data
• your contact details

-> Purpose and legal basis for the processing: contractual relationship with us, management of the Platform and accounts

Financial Data
including data using Stripe or other Stripe payment methods services in accordance with their terms.

Purpose and legal basis for the processing: the same data may be processed on the basis of our legitimate interest when sending you reminders or in the event of non-payment of invoices.

Contact data
Including your professional e-mail address, postal address and, where applicable, telephone number, etc.

Purpose and legal basis for the processing: to contact you for further information or in the event of a problem with the Platform, in the context of your contract with us.

Retention period: duration of the contractual relationship or your use of the Platform.

Instant messaging data
Any information that relates to the messages exchanged with us.

Purpose and legal basis for the processing: we process such data based on the contractual relationship to respond to your queries; and legitimate interest and contractual relationship where the service is provided as a feature.

Retention period: we will retain instant messaging data as long as your account remains in effect.

Aggregated data for statistics, analytics and profiling

Purpose and legal basis for the processing: we use our legitimate interest to improve our service and for essential cookies that are not persistent. Where we do profiling or when we do not use your information, we may not need your consent, except to the use of certain tracking technologies as required.

Retention period: no longer than permitted under applicable data protection laws.

Who can access your personal data?

Only limited individuals can access your personal data, which may include the following:

• Sellers will have access to Customer personal data via their dashboard in order to, for example, manage their accounting, tax, sales and cash flow.
  our duly authorised employees, consultants or workers;
  approved third parties, such as IT service providers, or auditors.

Cross-border personal data transfer

Our servers are located in a hosting environment in Amsterdam, Netherlands as explained further in sections 10 and 12. When you exchange information with us, you acknowledge that personal information about you may leave your country of residence. As a Customer, your personal information may be transferred to the country where Sellers are located which may be outside the European Economic Area and Switzerland. As a Seller, personal information about you or your business will remain in our servers located in Amsterdam.

1.Transfer within the EEA, Switzerland and approved countries

Some information about you will be stored in Europe and Switzerland which is where our company is located. Switzerland is recognized by the EU Commission as a country with an adequate level of protection equivalent to the European privacy laws, which includes Regulation (EU) 2016/679 (GDPR). If you are located in a country of the European Economic Area (EEA) or in a country that is recognized as having an adequate legislation for the protection of personal data in your country (e.g.: Argentina, Australia, Canada, Israel, New Zealand, Uruguay), your rights to privacy are likely to rely on appropriate guarantees with regard to cross-border personal data transfer to Europe and Switzerland.

2. Transfer of your information to third country jurisdictions

Where Sellers are located in a country that does not recognize the country where they operate as having an adequate level of protection, Sellers shall rely on appropriate safeguards (such as the standard contractual clauses) with you to access personal data outside your country of residence as a Customers. However, the Website will in no event be responsible for any unlawful transfer of personal data, which remains the responsibility or Sellers.

Most of the time, if you share such personal information with us via your user account, for the purpose of entering into a contract with us. This occurs for example where the processing activity relates to: (a) the registration and management of your account, or (b) entering into a contract with us.

3. Disclosure with third parties

In certain limited cases, authorized third parties may access your personal data either as Customer or Sellers. This may include:

third parties who provide us with services for the administration of the Platform (such as IT services in the event of a breakdown or for the maintenance of our website);
other third parties, such as auditors, data center providers, or other authorised third parties only when required by law or by a court decision, to defend legal claims or in case of an investigation by a supervisory authority.

When engaging third parties, we have entered into agreements with them for the processing of your personal data so that such processing is carried out in accordance with our instructions, in a confidential, secure, transparent manner, to protect your privacy rights (section 14 to this notice) and comply with applicable data protection laws.

Cookies or similar tracking technologies may be used on the Platform to automatically collect certain information for statistical purposes only.

What are cookies and tracking technologies?

Cookies are small text files that are placed on your device when you visit a site, which are then used to identify your device for the purposes described below. Cookies set by the owner of a site are called “first party cookies”. Cookies set by other people are called “third party cookies”. Third party cookies enable the third party to provide features or functionality on or through the site (like analytics, advertising and videos). The parties that set these third-party cookies can recognize your device both when it visits our site, and when it visits certain other sites.

We currently use analytics tool.

Your web browser can be set to manage cookies and even to reject them. Do bear in mind that if you set your browser to automatically reject cookies, your user experience when visiting websites will not be the same: your preferences may not be remembered, some functionality may be lost and you may not be able to access certain areas or features of the sites.

In the event we use cookies or similar tracking technologies, we may use it on our websites and other digital services, including geo-localization, on our Platform. A cookie is a small data file that is placed on your device, which we use for the following purposes:

• Making your experience more efficient, faster and easier: by remembering your preferences, like multicurrency, geolocation, display and other settings, maintaining your session, and for authentication purposes. This helps us to provide you with a better user experience. These cookies are also referred to as session-Id cookies, authentication cookies, and user Interface customization cookies.
  Gain useful knowledge about how the site is used: by collecting information about the number of visitors and other uses. This helps us improve our sites. These cookies are also referred to as analytics cookies. For this purpose, we may use analytics services such as Google analytics, which means that Google and similar suppliers will also have access to this information (including your IP address and any other equipment identifiers such as the IMEI number and the MAC address).
  Provide easy access to our social media sites. This helps us to direct you and share with you our content within sites such as Instagram, Facebook, LinkedIn, Google Plus, or Pinterest. If we use any ‘social media plugins’, they may store cookies and similar technologies on your computer or other device. This means that the social media sites may access this information (including your IP address), may identify that you interacted with our Platform.

However, should we use one of such technology, and if you do not want certain data about you to be passed on to Google Analytics, please follow the instructions here to opt-out and deactivate the service. You may at any time set your browsing tools and refuse cookies that are not necessary to provide you with the service via the consent management tool that we may use from time to time on the Platform. For more information about cookies, you can visit the following website: https://www.allaboutcookies.org/.

Information security

We have implemented all appropriate technical and organizational measures to protect your personal information in our possession from unauthorized disclosure, use, modification or destruction. In addition, we are committed to protecting to the extent possible all the personal information we process from you from unauthorized access, modification or disclosure and to ensuring confidentiality, integrity and availability of your data. We have entered into contracts with providers to build a secure cloud infrastructure that guarantees industry standards data security measures, including confidentiality.

List of security measures

We have configured our systems to apply industry standard information security measures and used recognized security framework to protect your information, which includes, inter alia: 

• TIER IV servers (ISO 27001 and FINMA) where data is hosted in Amsterdam, Netherlands data center with dedicated hardware and on-site security;
  The list of security measures used by our hosting provider is available here;
  All systems are monitored by approved Swiss third-party IT service providers;
  Last generation firewalling;
  HTTPS and SSL encryption, disc encryption, Password strength requirements;
  Access controls via privileges and roles;
• Periodic penetration tests carried out.

Where we use third party suppliers to help us with information security measures, they have committed to comply with strict data protection requirements to ensure maximum confidentiality, integrity, and availability of your personal data.

1.Automated decision making and/or profiling

We do not conduct any such tasks with user data via our Platform.

2.Links to other websites

Our service may contain links to other sites that are not operated by us. If you click on a third-party links, you will be directed to that third party’s site. We strongly advise you to review the privacy notice of every site you visit. We have no control over and assume no responsibility for the content, privacy notice or practices of any third-party sites or services.

3.Children’s Privacy

Our Service does not address anyone under the age 18, especially if the services require one-off or regular payments. However, we may allow you to use our service if you are under the age of 18, down to 16, or where applicable local data protection law permits us to do so, down to the age of 13 (“Children“). The age of 13 should be the minimum age under which you may not be allowed to use the Platform at all. We strongly recommend that you only use this Platform only if you are above the age of 18 (“Adult”), as we may have to request additional information about you if you are not yet an Adult. For Children using our services, you must get the prior permission of your parents or legal tutor to use our Platform and contract with us. In particular, we do not knowingly collect personally identifiable information from anyone under the age of 18 on a voluntary basis. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us if you disagree with this. If we become aware that we have collected personal information from Children without verification of parental, judicial or guardian’s consent, we take steps to remove that information from our servers.

4.Data breach and incidents

We have procedures and safeguards in place to identify, assess, investigate and report data breaches at the earliest possible time. Our procedures are robust and have been disseminated to our staff who are regularly trained and informed about good IT security practices. We also ensure the confidentiality, integrity and accessibility of your data at all times.

Hosting locations

Switzerland : location of our company;
Netherlands: location of our hosting provider.

Although the Platform is accessible from anywhere in the world, we operate from Switzerland where we have our usual place of business, with all our servers located in Amsterdam, Netherlands for hosting, backup and disaster recovery purposes. We do not transmit any information about you outside our offices and Switzerland via the Platform, except where necessary to use our authorized third parties.

GreenGeeks hosting provider – a sustainable provider

The hosting of your data is located on the servers of GreenGeeks, a company located in the United States, and operating from its European subsidiary in Amsterdam, Netherlands, with redundancy servers also located in another geographic area in Amsterdam, Netherlands. You can contact GreenGeeks, if you have any questions about the hosting of your personal data. In general, our hosting providers have configured their servers so that they cannot access your data without our express authorisation.

Data retention

We will keep personal information we collect about you for as long as necessary for providing the services via the Platform to the Sellers and to you. Where we have to comply with any legal obligations (e.g.: to comply with applicable legal, tax or accounting requirements and for archiving purposes) we may keep your information for a longer period.

Where we have no legitimate business interest to continue to process your personal data or if a Seller asks us for deletion, we will either delete and ask our hosting providers and third parties to further delete your personal information, anonymise it or, if this is not possible (for example, if personal data has been stored in secured archives), we will securely store and isolate your information from any further processing until the deletion becomes possible and delete it as soon as technically possible. We will use any technology or other means to protect your data and mitigate any risks, such as obfuscation, blanking or encryption.

For more details on our data retention policies, please read section 6 to this privacy notice.

Retention schedule

For each categories of processing activities and personal data, we apply a strict data retention policy that complies with privacy-by-design and privacy-by-default principles. If you have questions or need further information concerning our data retention schedule and practices, contact us at [email protected].

As a user of our services and a Customer or a Seller on our Platform, and depending on your country of residence, you may have the right to exercise your rights or file a complaint before a competent data protection authority.

Note that: As a Customer, you have to make requests about your rights to privacy directly with the Sellers from whom you have made online purchases.

Access, Revision, Deletion

Under applicable privacy law, you may have a right to request a copy of information about you held by us. You may also have the right to revise, correct, or delete such information. Your rights to such information may be subject to limited legal and regulatory restrictions. 

Objection to processing and additional rights

Under applicable privacy law (e.g. European data privacy law), you may formally object to the processing of your personal information. In certain circumstances under applicable law, you may have the additional right to restrict aspects of the processing of your information or ask for a copy of your data to be provided to you, or a third party, in a digital format.

California-Specific Rights

Under the California Consumer Privacy Act 2018 (CCPA), California residents have specific rights regarding their personal information held by private companies. We do not sell any personal information from individuals located in California, nor do we share any such personal information with third parties for their own commercial benefits. Californian individuals can exercise their rights by contacting us at [email protected].  

Rights of European Individuals to complain in front of Data Protection Authorities

In the event that any individual located in the EEA countries and Switzerland believes that we have processed information in a manner that is unlawful or breaches your rights, or has infringed the “General Data Protection Regulation”, or the Swiss Federal Data Protection Act, you have the right to complain directly to the applicable data protection authority. The list of those authorities can be found on the European Data Protection Board website or here: https://edpb.europa.eu/about-edpb/board/members_en.