Data protection

Last updated on: 8 July 2024

We attach great importance to the transparent handling of personal data. This privacy policy provides information on what personal data we collect, for what purpose and to whom we pass it on. To ensure a high level of transparency, this privacy policy is regularly reviewed and updated.

1. data collection by the website hosting provider

Our server/hosting provider is GoEast GmbH, Oberstrasse 222, 9014 St. Gallen, Switzerland.

The web servers of GoEast GmbH use Amazon AWS and collect general data and information each time our website is accessed. This data is stored in the server log files. Among other things, the browser used and its version, the operating system, the referrer website, the sub-websites, the date and time of access, an Internet Protocol (IP) address, the Internet Service Provider (ISP) and other data and information that serve to defend against dangers in the event of system attacks are recorded.

We do not use this general data and information to draw any conclusions about the person. Rather, this information is used to deliver the content correctly, optimise the website, ensure the functionality of our IT systems and provide law enforcement authorities with the necessary information in the event of a cyber attack.

The data can be statistically analysed, but no personal reference is made. The anonymous data of the server log files are stored separately from all personal data provided by a person for six months.

2. contact information

If you have any questions or concerns about the protection of your data by us, you can contact us at any time by e-mail at Responsible for the data processing that takes place via this website is

Militärkantine St.Gallen AG
Kreuzbleicheweg 2, 9000 St.Gallen

Person responsible for data protection:
Anna Tayler
+41 71 279 10 00

3 General principles

3.1 What data we collect from you and from whom we receive this data

First and foremost, we process personal data that you provide to us or that we collect when operating our website. We may also receive personal data about you from third parties. This may include the following categories:

  • Personal master data (name, address, dates of birth, etc.);
  • Contact data (mobile phone number, email address, etc.);
  • Financial data (e.g. account details);
  • Online identifiers (e.g. cookie identifiers, IP addresses);
  • Location and traffic data;
  • Sound and image recordings;
  • particularly sensitive data (e.g. biometric data or information about your health).

3.2 Under what conditions do we process your data?

We treat your data confidentially and in accordance with the purposes set out in this privacy policy. We ensure transparent and proportionate processing.

If, in exceptional cases, we are unable to comply with these principles, data processing may still be lawful because there is a justification. In particular, the following grounds for justification may apply:

  • Your consent;
  • the performance of a contract or pre-contractual measures;
  • our legitimate interests, provided that your interests do not outweigh ours.

3.3 How can you withdraw your consent?

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent, unless we have another justification.

You can withdraw your consent at any time by sending an e-mail to the address given in the legal notice. Data processing that has already taken place is not affected by this.

3.4 In which cases can we pass on your data to third parties?

a. Principle

Under certain circumstances, we may need to utilise the services of third parties or affiliated companies and commission them to process your data (so-called processors). Categories of recipients are in particular

  • Accounting, fiduciary and auditing companies;
  • Consultancy firms (legal advice, taxes, etc.);
  • IT service providers (web hosting, support, cloud services, website design, etc.);
  • Payment service providers;
  • providers of tracking, conversion and advertising services.

We ensure that these third parties and our affiliated companies comply with data protection requirements and treat your personal data confidentially.

We may also be obliged to disclose your personal data to authorities.

b. Visiting our social media channels

We may have embedded links to our social media channels on our website. This is visible to you in each case (typically via corresponding icons). If you click on the icons, you will be redirected to our social media channels.

In this case, the social media providers are informed that you have accessed their platform from our website. The social media providers can use the data collected in this way for their own purposes. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the providers.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are obliged to protect data to the same extent as we are. The transfer may take place worldwide.

If the level of data protection does not correspond to that in Switzerland, we will carry out a prior risk assessment and contractually ensure that the same level of protection is guaranteed as in Switzerland (e.g. by means of the new standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link: https: //

3.5 How long do we store your data?

We only store personal data for as long as is necessary to fulfil the individual purposes for which the data was collected.

Data that we store when you visit our website is stored for twelve months. An exception applies to analysis and tracking data, which may be stored for longer.

We store contract data for longer, as we are obliged to do so by law. In particular, we must retain business communications, concluded contracts and accounting documents for up to 10 years. If we no longer need such data from you to perform the services, the data will be blocked and we will only use it for accounting and tax purposes.

3.6 How do we protect your data?

We will keep your data secure and take all reasonable measures to protect your data from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it will be necessary for us to pass on your enquiries to companies affiliated with us. Your data will also be treated confidentially in these cases.

Within our website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser.

3.7 What rights do you have?

a. Right to information

You can request information about the data we have stored about you at any time. Please send your request for information together with proof of identity to

You also have the right to receive your data in a commonly used file format if we process your data automatically and if:

  • you have given your consent for the processing of this data; or
  • you have provided data in connection with the conclusion or fulfilment of a contract.

We may restrict or refuse to provide information or data if this conflicts with our legal obligations, our own legitimate interests, public interests or the interests of a third party.

The processing of your request is subject to the statutory processing period of 30 days. However, we may extend this period due to a high volume of enquiries, for legal or technical reasons or because we require more detailed information from you. You will be informed of the extension in good time, at least in text form.

b. Erasure and rectification

You have the option of requesting the erasure or rectification of your data at any time. We may reject the request if statutory provisions oblige us to store the data for a longer period or to store it unchanged or if your request conflicts with a legal authorisation.

Please note that exercising your rights may be in conflict with contractual agreements and may have a corresponding impact on the performance of the contract (e.g. premature cancellation of the contract or cost consequences).

c. Legal recourse

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner:

3.8 Changes to the privacy policy

We may amend this Privacy Policy at any time. The changes will also be published; you will not be informed separately.

4 Individual data processing operations

4.1 Provision of the website and creation of log files

What information do we receive and how do we use it?

When you visit our website, certain data is automatically stored on our servers or on servers of services and products that we purchase and/or have installed for the purposes of system administration, for statistical or backup purposes or for tracking purposes. These are

  • the name of your internet service provider;
  • Your IP address (under certain circumstances);
  • the version of your browser software
  • the operating system of the computer used to access the URL
  • the date and time of access
  • the website from which you visit the URL
  • the search terms you used to find the URL.

Why are we allowed to process this data?

This data cannot be assigned to a specific person and is not merged with other data sources. The log files are stored in order to guarantee the functionality of the website and to ensure the security of our information technology systems. This is our legitimate interest.

How can you prevent data collection?

The data is only stored for as long as is necessary to fulfil the purpose for which it was collected. Accordingly, the data is deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website; you therefore have no option to object to this.

4.2 Amazon CloudFront

Our website uses Amazon CloudFront, a content delivery network (CDN) service from Amazon Web Services, Inc. A CDN helps to deliver content from our website to end users faster by providing files from servers that are geographically closer to the user.

By using Amazon CloudFront, data, such as your IP address, is transferred to Amazon servers and processed there to ensure the best possible performance and security when loading website content.

Amazon may use this data to compile usage statistics, monitor network events and to recognise and prevent attacks or misuse. Further information on data processing by Amazon can be found in the Amazon Web Services privacy policy.

4.3 Imgix

This website uses the imgix service for optimising images in real time, imgix Inc, 423 Tehama St. San Francisco, CA 94103, USA. Your IP address is sent to imgix. The service has undertaken to comply with European data protection guidelines and has joined the EU-US Privacy Shield agreement. For further questions about data protection at imgix:

4.4 Mailjet

We use the Mailjet service for sending newsletters, Sinch Mailjet, 43 rue de Dunkerque, 75010 Paris, France.

BrainBox Generators is a service provided by BrainBox Solutions GmbH to recognise all data protection-relevant services on a website and, among other things, to help with the creation of the privacy policy. No personal data is collected or processed in the process.