Privacy Policy

Privacy policy

1. What is this privacy statement about?
Data protection is a matter of trust, and your trust is important to us. Trust begins with transparency. In this data protection declaration we therefore inform you how and why we collect, process and use your personal data. This data protection declaration is based on the European Data Protection Basic Regulation - EDPBR for short - which has established itself internationally as a benchmark for strong, effective data protection.

2. Who are we?
FB Universe Ltd, L’Ambjent Building Block C Flat 3, Telghet Ix-Xemxijia, San Pawl Il-Bahar,SPB 9020 is responsible for data processing in accordance with this data protection declaration ("we" or "us").
If you have any questions regarding this privacy policy or the processing of your personal data, please contact us as follows:
FB Universe Ltd.
L’Ambjent Building Block C Flat 3
Telghet Ix-Xemxijia, San Pawl Il-Bahar
SPB 9020

[email protected]

3. Who is this privacy policy intended for?
Our data processing primarily concerns our customers, but also other persons whose personal data we process. This data protection declaration applies in all our business areas and regardless of the channel through which you contact us, e.g. in a branch, by telephone, in an online shop, on a website, in an app, via a social network, at an event, etc. This privacy policy applies to the processing of both existing and future personal data. Certain offers and services (e.g. competitions) may also be subject to additional data protection provisions that apply in addition to this data protection declaration.

This Privacy Policy is not applicable if another company is responsible for a specific data processing. Another company may, for example, be responsible for a certain data processing, alone or jointly with us, if you visit our social media sites (e.g. Facebook fan pages) or interact with social plug-ins integrated into our websites (e.g. the Facebook "Like" button), if you visit a third-party website linked by us, or if we pass on personal data to third parties such as public authorities (for details on such passing-on, please see Section 8). In these cases, please consult the privacy policy of the company concerned, which you can usually find on their website.

4. What are "personal data" and what does "processing" mean?

Data protection law governs the processing of personal data. This also applies to this privacy policy. "Personal data" is all information that can be associated with a specific natural person, i.e. a person. "Processing" means any handling of your personal data. In Switzerland, information is also considered personal data if it relates to a specific legal entity (e.g. information about a contract with a company).

5. Which personal data do we process and for what purposes?

Depending on the occasion and purpose, we process different personal data. You will find more details in this section and often also in general terms and conditions, conditions of participation and additional privacy statements.

In principle, we collect your personal data directly from you, e.g. when you send us data or communicate with us. Incidentally, you are generally not obliged to provide us with personal data unless the disclosure is necessary to fulfill a contractual obligation. However, we are often not in a position to provide an offer or service without you providing us with the necessary information.

Apart from yourself, personal data may also be collected from other sources, e.g. from other companies of the FB Universe Group or from third parties such as credit agencies, media monitoring companies, providers of online services such as providers of Internet analysis services, financial service providers for payments, address dealers, from public registers, from the media, from the Internet, etc.

Among other things, we process personal data - possibly also personal data that is particularly sensitive - in the following situations for the following purposes:


We process Personal Data when you contact us or we contact you, for example, when you contact a customer service representative and when you write to us or call us. For this purpose, it is generally sufficient for us to provide information such as name and contact details, the time of the relevant communication and its content, which may also include personal data of third parties. We use this information to provide you with information or communications, to process your request and communicate with you, and for quality assurance and training. We also forward messages within the FB Universe Group to the responsible company offices, e.g. if your request concerns another company.

Purchase of goods and use of services:

We also process personal data when you use our services, e.g. when you purchase goods or services from us. In doing so, we process your personal data e.g. in the context of processing orders and contracts or for delivery and invoicing. When shopping in online shops or using a bonus or loyalty card, we also collect and process personal data in connection with your creditworthiness and your purchasing and payment behaviour. For example, we collect creditworthiness information from third parties in order to decide whether to offer you purchase on account, and we process information about which purchases you make, when and how often in which stores or online shops in order to derive information about your preferences and affinities for certain products or services. This information helps us to provide you with targeted information about other offers and to better tailor our offerings to meet demand.

Loyalty and bonus programs:

We process personal data as part of our loyalty and bonus program. In addition to contact details, we also process personal data about the use of the program by you and, if applicable, members of the same household and other information, e.g. information about your shopping habits, your preferences and your affinities to certain products and services, which helps us to inform you specifically about offers and to gear our range of products and services more closely to demand. You will find further details on this in this data protection declaration under "Purchase of goods and use of services" and in the corresponding general terms and conditions or conditions of participation.

Visit of web pages:

When you visit our websites, we process personal data depending on the offer and functionality. This includes technical data such as information about the time of access to our website, the duration of the visit, the pages called up and information about the device used (e.g. tablet, PC or smartphone). We use this data to provide the website, for IT security reasons and to improve the user-friendliness of the website. We also use "cookies" and similar technologies. Cookies are files that are stored on the end device when you visit our website. In many cases they are necessary for the functionality of the website and are automatically deleted after the visit. Other cookies remain stored for a certain period of time and are used to personalise the offer or enable us to display targeted advertising to you. We also use cookies and technologies of third party providers in the USA or worldwide, e.g. for analysis services of providers such as Google or additional functions of providers such as Facebook, which may result in the provider concerned receiving data about you. If you have a customer account with us, we may associate usage data with your profile to help us derive information about your preferences and affinities for certain products or services. You have the option of rejecting or deactivating cookies and thus preventing the processing of the data generated by a cookie by configuring your end device accordingly or by installing a corresponding browser add-on. However, this may mean that you will not be able to use all the functions of the website. For further information on the personal data processed in connection with our websites, please refer to section 6.

Online offers and apps:

If you use online offers from us, we also process personal data to provide, improve and develop these offers. This also applies if you do not purchase any goods or services. Depending on the type of offer, this includes information about a customer account and its use as well as information about the installation and use of mobile applications. We also process personal data in order to personalise the offer and to provide you with offers tailored to your interests and affinities.

Information and direct marketing:

We process personal data to the extent legally permissible for the purpose of sending written or electronic information and advertising messages, unless you have objected to this processing. For example, we process your contact details so that we can send you the relevant communications. In the case of e-mail newsletters, push messages and other electronic communications, we may also process information about your use of the communications (e.g. whether you have downloaded images embedded in an e-mail, i.e. whether you have opened the e-mail) so that we can get to know you better, tailor our offers more precisely to you and generally improve our services. You can usually block this processing of usage data in your e-mail program if you do not agree to it.

Competitions, sweepstakes and similar events:

From time to time we organize competitions, sweepstakes and similar events. We may process your contact information and information about your participation in these contests, sweepstakes and similar events for the purpose of conducting such contests, sweepstakes and similar events, communicating with you in this regard and for promotional purposes. You will find further details on this in the respective conditions of participation.

Entering our premises:

When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we will collect device-specific information upon registration and may ask you to register by providing your name and e-mail address or mobile phone number. We may also process and analyze data about your use of our Wi-Fi service.

Customer events:

If we hold customer events (such as advertising events, further education and training, sponsoring events, cultural and sporting events), we also process personal data. This includes the name and postal or e-mail address of the participants or interested parties and, depending on the event, other data such as your date of birth. We process this information for the purpose of organizing customer events, but also to get in direct contact with you and to get to know you better. You will find further details in the respective terms and conditions of participation.

Market research and media monitoring:

We process personal data for market and opinion research. For this purpose, we may use information about your purchasing behaviour (for further details, please refer to "Purchasing goods and using services" above), but also information from customer surveys, polls and studies and other information, e.g. from the media, from social media, from the Internet and from other public sources. We may also make use of media monitoring services or conduct media monitoring ourselves and process personal data.

Contact with our company as business partner:

We work together with various companies and business partners, e.g. with suppliers, with commercial buyers of goods and services, with cooperation partners and with service providers (e.g. IT service providers). For the purpose of contract initiation and processing, planning, accounting and other purposes related to the contract, we also process personal data about the contact persons in these companies, e.g. name, function, title and communication with us. Depending on the field of activity, we are also required to examine the company concerned and its employees in more detail, e.g. by means of a security check. In this case, we may also collect and process further information from third parties. We may also process personal data to improve our customer orientation, customer satisfaction and customer loyalty (customer/supplier relationship management).


We process personal data for our own and the group's internal administration. For example, we may process Personal Data for the administration of IT or real estate. We also process personal data for accounting and archiving purposes and, in general, for auditing and improving internal processes.

Corporate transactions:

We may also process Personal Data for the preparation and execution of corporate acquisitions and disposals and of purchases or sales of assets. The subject matter and scope of the data collected or transferred will depend on the stage and subject matter of the transaction.

Job applications:

We also process personal data when you apply for a job with us. For this purpose, we generally require the usual information and documents and those specified in a job advertisement, which may also contain personal data of third parties.

Compliance with legal requirements:

We process personal data to comply with legal requirements and to prevent and detect violations. This includes, for example, the receipt and processing of complaints and other reports, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are legally obliged to do so. In each case we may also process personal data of third parties.

Legal compliance:

We process Personal Data in various constellations in order to protect our rights, e.g. to enforce claims in court, in or out of court and before authorities in Switzerland and abroad or to defend ourselves against claims. In doing so, we may process your personal data and the personal data of third parties or pass on personal data to third parties in Switzerland and abroad, insofar as this is necessary and permissible.

6. How do we process personal data when you visit our websites?
What personal data do we process?

Technical data (log files):

When you visit our websites, we process personal data depending on the offer and functionality. For technical reasons, this initially includes automatically collected data stored in log files, so-called log files. This includes, for example, the IP address as well as device-specific information such as the MAC address and the operating system of the end device (tablet, PC, smartphone, etc.), information about your Internet service provider, information about the contents called up and date and time of the visit to the website or information about logins.

Cookies and similar technologies:

Depending on their functionality, we may also use cookies. Cookies are small files which our website automatically creates in your browser and which are stored on your end device. Cookies contain a unique number (an ID) that we can assign to a specific Internet user, but usually without knowing his or her name, and, depending on the intended use, additional information, e.g. about pages called up and the duration of the visit to a page.

On the one hand, we use session cookies, in which, among other things, information about the origin and storage period of the cookie is stored. These cookies are deleted again after each visit to our website. We use such cookies, for example, to store a shopping basket over several page views of the user.

On the other hand, we use permanent cookies that remain stored for a certain period of time even after the respective browser session has ended. Such cookies are used to recognize a visitor during a later visit, e.g. to save language settings over several browser sessions or to display content on the website that is tailored to your interests. In this way, we collect information about your visits, the pages called up, the articles viewed and your shopping basket, for example. After the programmed duration has expired (usually between one month and two years), such cookies are automatically deactivated.

We also use similar technologies such as pixel tags (small image files loaded from a server, which transmit certain information to the server operator) or fingerprints (information about the configuration of a device or about a browser). Some cookies or similar technologies originate from other companies of the FB Universe Group or from third parties. This is the case, for example, when we use third-party functions on our website. It also affects evaluation services that also work with cookies and similar technologies; you will find more detailed information on this below. This enables our partners to address you on our websites or on websites of third parties as well as in social networks with individualised advertising and to measure their effect.

Data on user behaviour:

On our website we use Google Analytics, an analysis service of Google LLC in the USA. Google uses cookies for this purpose, which enable an analysis of the use of the website. Google thereby collects information about your behaviour on our website and the device used for this purpose (tablet, PC, smartphone etc.). This includes usage data such as type and version of the browser, the address (URL) of the website from which you accessed our website, the name of your provider, the IP address of the terminal device, date and time of access to our website as well as pages visited and length of stay. This information is stored on a Google server in the USA. However, your IP address will be shortened in the EU or EEA before this happens. Only in exceptional cases will the full IP address be transferred to the USA. Google is bound by the US Privacy Shield Program in the USA. Based on this information we receive evaluations from Google. Google Analytics also makes it possible to assign data, sessions and interactions across multiple end devices to a pseudonymous user ID and thus to analyze the activities of a user not known by name across devices. You can find more detailed information under the terms of use or the Google privacy policy (

We use similar services of other providers with locations worldwide. These providers may record the user's use of the website in question, for example by using cookies and similar technologies. These records may be combined with similar information from other websites. The behaviour of a particular user can thus be recorded across multiple websites and across multiple devices. The respective provider may also use this data for its own purposes, e.g. for personalised advertising on its own website and on other websites to which it supplies advertising. If a user is registered with the provider, the provider can assign the usage data to this person. For this purpose, he will usually obtain the consent of the person concerned and enable him to revoke this consent according to his instructions. The processing of such personal data is carried out here by the provider in his responsibility and according to his own data protection regulations.

Social Plug-Ins:

Our websites use social plug-ins, e.g. from Facebook, YouTube, Twitter or Instagram. This means that buttons of the respective providers are displayed, e.g. the "Like" button of Facebook, or content of the respective provider is integrated on the website. When you visit a website that uses such a social plugin, your browser establishes a connection with the respective provider. The content of the social plugin is transmitted to your browser by the respective provider and integrated into the respective website. Through this process, the provider concerned receives the following data in particular:

the information that your browser has called up the website in question;

the IP address of the device used, even if you do not have an account with the provider.

If you are logged in at the same time, the provider can assign the visit to your personal profile. If you interact with a social plug-in - e.g. click on a "Like" button or make a comment - the corresponding information is transmitted by your browser to the relevant provider and stored there. It may also be published on your profile with the relevant provider and displayed to your contacts. Even if you visit our social media sites (e.g. Facebook fan pages) or interact with social plug-ins integrated into our websites (e.g. the Facebook "Like" button), personal data may be transmitted directly to the provider concerned or collected and stored by it. The provider of the social network in question is primarily responsible for processing such data. Insofar as we are jointly responsible with the provider in question, we will enter into a corresponding agreement with them, the main content of which you can find out about from the provider. Further information on data processing by the providers of social networks can be found in the privacy policies of the respective social networks (e.g. Facebook, YouTube, Twitter, Instagram).

For which purposes do we process these personal data?

Provision of the website: The recording of certain log files and the use of certain cookies is mandatory for technical reasons in connection with the provision of the website and its functions. Other cookies and similar technologies help us to guarantee and secure the various functions and offers of our website and to make our website more attractive;

Website administration: The storage and processing of log files and cookies helps us to maintain and troubleshoot, to ensure the security of our website and to combat fraud;

Personalization of the website:

We customize certain areas and content of our website to your needs and interests, e.g. by storing your choice of language or personalized content display;

User behaviour analysis: We use web analytics services to better understand how our websites are used and to improve their content, functionality and find ability.


We may target you with interest-based advertising on our Web Sites or on third party Web Sites, or we may display advertisements to you during your continued use of the Internet after you have visited our Web Sites;

Cookies and similar technologies of third parties enable the companies concerned to provide services for us or to address you with advertisements that might be of particular interest to you.
If you have a customer account with us, we may also evaluate this personal data and link it to other personal data, for example, to non-personal statistical information and to other personal data we have collected about you in order to derive information about your preferences and affinities for certain products or services. Even if you are not logged in at the time you visit our website, this data may be associated with your profile.

How can you prevent this processing?

You can configure your end device so that a message appears before a new cookie is created. This also allows you to reject cookies. You can also delete cookies from your mobile device. You also have the option of preventing the collection of the data generated by the cookie (including your IP address) and the processing of this data by downloading and installing an appropriate browser add-on. However, rejecting or deactivating cookies may mean that you will not be able to use all the functions of the website.

You can prevent the use of Google Analytics by installing an add-on for your browser, a so-called browser add-on. You also have the possibility to revoke any consent you may have given to the respective providers or to object to their processing, e.g. at Google via

If you do not want a provider of a social network to collect data about you via our website, you must log out of the respective provider before you visit our website. Even when logged out, the providers collect anonymous data via the social plug-ins. This data can be assigned to your profile if you log in to the provider concerned at a later date. In these cases, the provider concerned processes personal data in each case on its own responsibility and according to its own data protection regulations. If you want to prevent the provider from assigning data to your profile, you must delete the corresponding cookies. You can also completely prevent the loading of the social plug-ins with add-ons for your browser, e.g. with NoScript.

7. On what legal basis do we process personal data?
Depending on the purpose of the data processing, our processing of personal data is based on different legal bases. We may process personal data in particular if the processing is either:

is necessary for the performance of a contract with the data subject or for pre-contractual measures at his or her request (e.g. the examination of his or her application for a contract)

is necessary for the protection of legitimate interests;

is based on an effective consent which has not been withdrawn; or
is necessary to comply with legal requirements.

As a rule, we process particularly sensitive personal data only with the express consent of the data subject, unless the data in question has obviously been made public by the data subject or the processing is necessary to comply with the law or legal provisions.

Data will only be transferred abroad under the conditions specified in sections 8 and 9.

8. To whom do we transfer your personal data?
Your personal information will only be passed on to other companies to the extent described below. Under no circumstances will we sell your personal data to third parties. We do not trade with personal data.

We may pass on your personal data to other companies of the FB Universe Group. The FB Universe Group also includes its respective subsidiaries. The transfer of personal data to other group companies is often for internal group administration purposes. In certain cases, individual companies of the FB Universe Group may also process your personal data in their own interest for the processing purposes stated in this privacy policy. Your personal data can then also be linked and processed for the respective purposes with personal data originating from other companies of the FB Universe Group.

We may then pass on your personal data to companies if we use their services. This may also involve companies outside the FB Universe Group. By selecting such data processors and by entering into appropriate contractual agreements, we ensure that data protection is guaranteed during the entire processing of your personal data by data processors. Our order data processors are obliged to process the personal data exclusively on our behalf and according to our instructions and to take suitable technical and organisational measures for data security. This includes in particular services in the area of credit assessment, e.g. if you wish to make a purchase on account, and IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement, etc.

In individual cases, it is also possible that we may pass on personal data to recipients outside the FB Universe Group for their own purposes, e.g. if we consider this to be legally required or necessary to protect our interests. In these cases, the recipient is responsible for its own data protection. This applies in particular to the following cases:

We may disclose your personal data to third parties (e.g. courts and authorities in Switzerland and abroad) if this is required by law or requested by the authorities. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons. We may also disclose personal data to other parties involved in the proceedings;

if we transfer claims against you to other companies such as debt collection agencies;

when we are reviewing or executing transactions such as business combinations or the acquisition or sale of individual parts of a company or its assets or become the subject of a transaction ourselves.

9. When do we disclose your personal data abroad?
The recipients of your personal data may be located abroad - even outside the EU or EEA. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or in the EU/EEA.

If we transfer your personal data to such a country, we will ensure that your personal data is protected in an appropriate manner. One means of doing so is by concluding data transfer agreements with the recipients of your personal data in third countries, which ensure the necessary data protection. These include contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Similarly, the transfer of data to recipients who are subject to the US Privacy Shield Program is also permitted. An example of the data transfer agreements we generally use can be found here: Please contact us if you would like more information about the data transfer agreements we have entered into or any other appropriate guarantees we apply to international transfers. In exceptional cases, transfer to countries without adequate protection may also be permitted in other cases, e.g. based on express consent or for the purpose of asserting, exercising or defending legal claims.

10. Do we perform profiling?
By "profiling" we mean a process by which Personal Data is automatically processed in order to analyse or predict personal aspects. We often perform profiling. For example, we analyse shopping behaviour, use of our websites and apps and other transaction and behaviour data and make assumptions about your personal interests, preferences, affinities and habits. Profiling helps us to better tailor our offering to your individual needs and to provide you with only advertising and offers that are actually relevant to you. In order to improve the quality of our analyses, we may also link personal data that originates from different sources, e.g. data collected offline and online as well as data collected through various of our services or data that we receive from other companies in the FB Universe Group. If such profiling is related to direct marketing, you have the right to object to it as described in Section 15.

11. Do we make automated individual decisions?
As a rule, we do not carry out automated individual decisions. We will inform you separately should we use automated individual decisions in individual cases. Automated individual case decisions" are decisions that are made completely automatically, i.e. without any relevant human influence, and which have negative legal effects or other similar negative effects on you.

12. How do we protect your personal data?
We take appropriate security measures of a technical nature (e.g., encryption, pseudonymization, logging, access restriction, data backup, etc.) and of an organizational nature (e.g., instructions to our employees, confidentiality agreements, reviews, etc.) to maintain the security of your Personal Information, to protect it from unauthorized or unlawful processing and to counteract the risk of loss, unintentional alteration, unintentional disclosure or unauthorized access. However, security risks cannot generally be completely ruled out; certain residual risks are usually unavoidable.

13. How long do we store your personal data?
We store your personal data in personal form as long as it is necessary for the specific purpose for which we collected it, in the case of contracts generally at least for the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or avert claims, for archiving purposes and to ensure IT security. We also store your personal data for as long as they are subject to a statutory retention obligation. For example, a ten-year retention period applies to certain data. For other data, short retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the Internet (log data). In certain cases we also ask for your consent if we want to store personal data for a longer period of time (e.g. for job applications that we want to keep pending). We will delete or make your personal data anonymous after the expiry of the above-mentioned periods.

14. How do we process personal data of children?
The processing of personal data of children is generally not part of our business activities. However, if we do process personal data of children, we take special care to protect children, and if we process personal data of children based on consent, we ask parents or legal representatives for their consent. If consent has been given for a child by his or her parents or legal representatives, the adult person is free to revoke this consent at a later date.

15. What rights do you have in connection with the processing of your personal data?
You have the right to object to data processing if we process your personal data on the basis of a legitimate interest. You can also object to data processing in connection with direct advertising (e.g. advertising e-mails) at any time. This also applies to profiling, insofar as it is connected with such direct advertising.

As far as the respective applicable requirements are met and no legal exceptions apply, you also have the following rights:

Right to information:

You have the right to be informed in a transparent, clear and comprehensive manner about how we process your personal data and what rights you have in connection with the processing of your personal data. With this privacy policy, we are fulfilling this obligation. If you wish to receive further information, please feel free to contact us.

Right to information:

You have the right to request information about your personal data stored by us at any time and free of charge. This gives you the opportunity to check which personal data we are processing about you. In individual cases, the right to information may be restricted or excluded, especially if there are doubts about identity or if this is necessary to protect other people.

Right to correction:

You have the right to have incorrect or incomplete personal data corrected or completed and to be informed of the correction.

Right of deletion:

You have the right to request the deletion of your personal data if the personal data are no longer necessary for the purposes for which they were collected, if you have effectively withdrawn your consent or have effectively objected to their processing, or if the personal data are processed unlawfully. In individual cases, the right to deletion may be excluded, in particular if the processing is necessary for the exercise of freedom of expression or the exercise of legal claims.

Right to restrict processing:

Under certain circumstances, you have the right to demand that the processing of your personal data be restricted. This may mean, for example, that personal data is not (temporarily) processed or that published personal data is (temporarily) removed from a website.

Right to data transfer:

You have the right to receive from us the personal data which you have provided us with in a structured, common and machine-readable format, provided that the specific data processing is based on your consent or is necessary for the fulfilment of the contract and the processing is carried out with the aid of automated procedures.

Right of withdrawal:

If we process your personal data on the basis of your consent, you have the right to revoke your consent at any time. The revocation is only valid for the future; however, processing activities based on your consent in the past will not become unlawful by your revocation.

16. How can you contact us?
If you wish to exercise any of the above rights or if you have any other questions or concerns about this Privacy Policy or the processing of your personal data, you are welcome to contact us as indicated in section 2. This is the best way for us to deal with your request.

You are then also free to contact our data protection officer or our representative in the European Union or the European Economic Area using the contact information below:

Data Protection Officer: Sandra Vogelmann

17. Changes to this privacy policy
This data protection declaration can be adapted over time, especially if we change our data processing or if new legal regulations become applicable. We will actively inform persons whose contact details are registered with us of any significant changes if this is possible without disproportionate effort. In general, data processing is subject to the data protection declaration in the version current at the start of the processing in question.