Shopping cart




General Privacy Policy

What is this privacy policy about?

Vikarus ("we" or "us") collects and processes personal data that concerns you or other individuals ("third parties"). We use the term "data" here interchangeably with "personal data".


"Personal data" refers to data that relates to a specific or identifiable person, meaning that conclusions can be drawn about their identity based on the data itself or with corresponding additional data. "Sensitive personal data" is a category of personal data that is particularly protected under applicable data protection law. Examples of sensitive personal data include data revealing racial or ethnic origin, health data, information about religious or philosophical beliefs, biometric data for identification purposes, and information about union membership.


In this privacy policy, we describe what we do with your data when you use, other websites from us, or our apps (together, "Website"), use our services or products, are otherwise in contact with us as part of a contract, communicate with us, or have any other dealings with us. Where appropriate, we will inform you in writing in advance about additional processing activities that are not mentioned in this privacy policy. Additionally, we may inform you separately about the processing of your data, for example in consent forms, contractual terms, additional privacy policies, forms, and notices.


This privacy policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Federal Act on Data Protection ("FADP"), and the new Federal Act on Data Protection ("nFADP"). However, the extent to which these laws are applicable depends on the individual case.


Who is responsible for the treatment of your data?

For the data processing of Vikarus described in this data protection explanation Vikarus GmbH, with addresses at Bergstrasse 71, 8032 Zurich ("Vikarus"), is responsible, as far as in individual cases nothing else is communicated.


You can reach us for your data protection concerns and the exercise of your rights in accordance with section 11 of this General Privacy Policy (“GPP”) as follows:


Vikarus GmbH
Bergstrasse 71,
8032 Zurich


What data do we process?

We process different categories of data about you. The main categories are as follows:


Technical Data: When you use our website or other electronic offerings, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of these offerings. This data also includes protocols that record the use of our systems. We generally retain technical data for six (6) months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device (e.g., in the form of a cookie, see section 12 of this GPP). The technical data in itself do not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).


Registration Data: Certain offers and services can only be used with a user account or registration, which can take place directly through our systems or via our external login service provider. In doing so, you must provide us or the third-party service provider with certain information, and we collect information about your use of the offer or service. Access controls to certain facilities may generate registration data; depending on the control system, biometric data may also be generated. We generally retain registration data for 12 months after the end of the use of the service or the termination of the user account.


Communication Data: If you are in contact with us via the contact form, e-mail, telephone, letter, or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g., a copy of an identification document). We generally retain this data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or if it is technically required. E-mails in personal mailboxes and written correspondence are generally retained for at least 10 years.


Master Data: We use the term Master Data to refer to the basic data that we need, in addition to the Contractual Data (see below), to process our contractual and other business relationships or for marketing and advertising purposes, such as name, contact data and information about, for example, your role and function, your bank account(s), your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or are working for one (e.g., as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g., in the context of marketing and advertising). We receive master data from you yourself (e.g., when making a purchase or as part of a registration), from bodies for which you work, or from third parties such as our contractual partners, associations, and address dealers, and from publicly accessible sources such as public registers or the Internet (websites, social media, etc.). As a rule, we keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. For pure marketing and advertising contacts, the period is usually much shorter, usually no more than two (2) years since the last contact.


Contractual Data: This is data that arises in connection with the conclusion or processing of a contract, e.g., information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions. We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third-party sources (e.g., providers of credit data) and from publicly available sources. As a rule, we keep this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if required for evidentiary reasons or to comply with legal or contractual requirements, or if technically necessary.


Behavioral and Preference Data: Depending on our relationship with you, we try to get to know you and better tailor our products, services and offers to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties - including publicly available sources. Based on this information, we can calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is partly already known to us (e.g., when you use our services), or we obtain this data by recording your behavior (e.g., how you navigate on our website). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which may be between two and three (2-3) weeks and 24 months depending on the nature of the data. This period may be longer if this is necessary for evidentiary reasons or to comply with legal or contractual requirements, or if it is technically required. We describe how tracking works on our website in section 12 of this GPP.


The vast majority of the data mentioned in section 3 of this GPP is directly disclosed by the user. You are not obliged to do so, subject to individual cases, e.g., in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular Master, Contractual and Registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable.


Insofar as it is not inadmissible, we further take data from publicly accessible sources or receive data from authorities and other third parties.


  1. For what purposes do we process your data?

We process your data for the purposes we explain below. Further information for the online area can be found in sections 12 and 13 of this GPP. These purposes or the underlying objectives represent legitimate interests of us and, where applicable, of third parties. You will find further information on the legal basis for our processing in section 5 of this GPP.


We process your data for purposes related to communication with you, in particular to respond to inquiries and assert your rights (section 11 of this GPP) and to contact you in the event of queries. For this purpose, we use Communication Data and Master Data in particular. We retain this data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.


We process data for the initiation, administration, and processing of contractual relationships.


We process data for marketing purposes and to maintain relationships, e.g., to send our customers and other contractual partners personalized advertising on products and services from us and from third parties. This may, for example, take the form of regular contracts via channels for which we have contact information from you, but also as part of individual marketing campaigns. You can refuse such contacts at any time (see at the end of this section 4 of this GPP) or refuse or withdraw your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the Internet more specifically to you (see section 12 of this GPP).


We further process your data for market research, to improve our services and operations, and for product development. We may also process your data for security and access control purposes. We process personal data for compliance with laws, directives and recommendations of authorities and internal regulations ("Compliance"). We also process data for the purposes of our risk management and prudent corporate governance, including business organization and development. We may process your data for other purposes, e.g., as part of our internal processes and administration or for training and quality assurance purposes.


  1. On what basis do we process your data?

If we ask for consent for the processing of specific data, we will inform you separately about the purpose of the data processing. Given consent can be revoked at any time through (1) written notification (by post) with effect for the future; (2) our contact details found in section 2 of this GPP; or (3) a user account through the website or similar services. Once notification of revoke is received, Vikarus will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. For the revocation of your consent for online tracking, refer to section 12 of this GPP.


Where we do not ask for your consent for data processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation and/or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, such as for the fulfillment of the purposes and their respective goals set out above under section 4 of this GPP. We further have a legitimate interest in being compliant with legal requirements, insofar as this is not already recognized as a legal basis by the applicable data protection law in each case (e.g., in the case of the GDPR, the law in EEA and Switzerland).


If we receive sensitive data (e.g., health data, information on political, religious, or ideological views or biometric data for identification purposes), we may also process your data on the basis of other legal grounds, e.g., in the event of disputes due to the necessity of processing for possible lawsuit or the enforcement or defense of legal claims. In individual cases, other legal grounds may come into play, which we will communicate to you separately where necessary.


  1. What applies to profiling and automated individual decisions?

We may automatically evaluate ("profile") certain of your personal characteristics for the purposes mentioned in section 4 of this GPP using your data (section 3 of this GPP), if we want to determine preference data, but also to determine abuse and security risks, to perform statistical evaluations or for operational planning purposes. For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, but also master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteristics.


In both of the above-mentioned cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.


  1. To whom do we disclose your information to?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in section 4 of this GPP, we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service providers: we work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or receive data about you from us in their own responsibility.


Contractual partners including customers: First of all, this refers to our customers and other contractual partners, because this data transfer results from these contracts. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. Recipients further include contractual partners with whom we cooperate.


Authorities: We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us under their own responsibility.


Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 4 of this GPP.


All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks, etc.).


  1. Does your personal data also end up abroad?

As explained in Section 7 of this GPP, we also disclose data to other entities. These are not only located in Switzerland. Your data may therefore be processed both in Europe and in other countries; in exceptional cases, however, in any country in the world.


If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here:, unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally available by you, the processing of which you have not objected to.


  1. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods, and our legitimate interests in processing for documentation and evidence purposes require or storage is technically necessary. You will find further information on the respective storage and processing periods for the individual data categories in section 3 of this GPP and for the cookie categories in section 12 of this GPP. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.


  1. How do we protect your data?

We take reasonable security measures to protect the confidentiality, integrity, and availability of your personal information, to protect it against unauthorized or unlawful processing, and to protect it against the risks of loss, accidental destruction, unauthorized disclosure, or access.


  1. What rights do you have?

Under certain circumstances, applicable data protection law grants you the right to object to the processing of your data, in particular that for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing.


To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on applicable data protection law:

  • the right to request information from us as to whether and what data we are processing about you;
  • the right to have us correct data if it is inaccurate;
  • the right to request that we delete data;
  • the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • the right to withdraw consent where our processing is based on your consent;
  • the right to obtain, on request, further information necessary to exercise these rights;

If you wish to exercise any of the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by email; you will find our contact details in section 2 of this GPP. In order for us to rule out abuse, we must identify you (e.g., with a copy of your ID card, unless otherwise possible).


Please note that conditions, exceptions, or restrictions apply to these rights under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly if necessary.


If you do not agree with our handling of your rights or data protection, please let us know (Section 2 of this GPP). In particular, if you are located in the EEA, the United Kingdom or Switzerland, you also have the right to complain to the data protection supervisory authority in your country.


  1. Do we use online tracking and technology?

On our website, we use various techniques with which we and third parties engaged by us can recognize you during your use and possibly also track you over several visits. In this section, we inform you about this.


In essence, this is so that we can distinguish accesses by you (via your system) from accesses by other users, so that we can ensure the functionality of the website and carry out evaluations and personalization’s. In doing so, we do not want to infer your identity, even if we can do so to the extent that we or third parties engaged by us can identify you through combination with registration data. Even without registration data, however, the techniques used are designed to recognize you as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific recognition number (a so-called "cookie").


We use such techniques on our website and allow certain third parties to do so as well. You can program your browser to block, deceive, or delete existing cookies from certain cookies or alternative techniques. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the heading "Privacy") or on the websites of the third parties that we list below.


A distinction is made between the following cookies (techniques with comparable functionalities such as fingerprinting are included here):


Necessary cookies: some cookies are necessary for the functioning of the website as such or certain functions. They ensure, for example, that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies only exist temporarily ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond one session (i.e., one visit to the website), if you request this function (e.g., selected language, given consent, the function for an automatic login, etc.). These cookies have an expiration date of up to 24 months.


Performance cookies: in order to optimize our website and corresponding offers and to better adapt them to the needs of users, we use cookies to record and analyze the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Performance cookies also have an expiration date of up to 24 months. Details can be found on the websites of the third-party providers.


  1. What data do we process on our pages in social networks?

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks and other platforms operated by third parties and collect the data about you described in section 3 and below there. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g., about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g., to personalize advertising) and to control their platforms (e.g., which content they show you).


We process this data for the purposes described in section 4 of this GPP, in particular for communication, marketing purposes (including advertising on these platforms, see section 12 of this GPP) and market research. You will find information on the relevant legal basis in section 5. We may ourselves disseminate content published by you (e.g., comments on an announcement) (e.g., in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g., inappropriate comments).


For more information about the edits of the operators of the platforms, please refer to the privacy notices of the platforms. There you can also find out in which countries they process your data, which rights of access, deletion, and other data subjects you have and how you can exercise these or obtain further information.


  1. Can this privacy policy be changed?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.


  1. Autoritative Version

The German version of the General Privacy Policy shall take precedence over the English version in the event of any discrepancies or inconsistencies.


Last update: July 28th 2023

Back to our Wines
Vikarus Logo Icon

Keep in touch
with the angel

Vikarus Flasche bedeckt von Vorhängen