top of page
Privacy Policy

Cross-Channel Information

1. Data Controller and Scope of this Privacy Policy

We, LaichWerk GmbH (9030 Abtwil, Switzerland), operate the website www.töff-snus.ch and, unless otherwise stated, are responsible for the data processing activities described in this Privacy Policy.

So that you know what personal data we collect about you and for what purposes we use it, please take note of the following information. We base our data protection practices primarily on Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU GDPR, whose provisions may be applicable in individual cases.

Please note that the following information is reviewed and updated from time to time. We therefore recommend that you consult this Privacy Policy regularly. Furthermore, for certain data processing activities listed below, other companies are solely or jointly responsible for data protection, meaning that the information provided by those providers is also relevant in such cases.

2. Data Protection Contact

If you have any questions about data protection or wish to exercise your rights, please contact our data protection representative by sending an email to: info@toeff-snus.ch

3. Your Rights

Where the legal requirements are met, you have the following rights as a person affected by data processing:

  • Right of access: You have the right to request free access to your personal data stored with us at any time, to the extent that we are processing it. This allows you to check what personal data we hold about you and that we are using it in accordance with applicable data protection regulations.

  • Right to rectification: You have the right to have inaccurate or incomplete personal data corrected and to be informed of the correction. In such cases, we will inform the recipients of the affected data of the changes made, unless this is impossible or involves a disproportionate effort.

  • Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular where statutory retention obligations apply, the right to erasure may be excluded. In such cases, where the conditions are met, data may be blocked rather than erased.

  • Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

  • Right to data portability: You have the right to receive the personal data you have provided to us, free of charge, in a readable format.

  • Right to object: You may object to data processing at any time, in particular to data processing in connection with direct marketing (e.g. marketing emails).

  • Right to withdraw consent: You generally have the right to withdraw consent you have given at any time. However, withdrawing your consent does not render unlawful any processing activities carried out on the basis of your consent prior to the withdrawal.

To exercise these rights, please send us an email to: info@toeff-snus.ch

  • Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, for example regarding the manner in which your personal data is being processed.

4. Data Security

We use appropriate technical and organisational security measures to protect the personal data stored with us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service providers we engage are bound by confidentiality and data protection obligations. Furthermore, these individuals are only granted access to personal data to the extent necessary for the performance of their duties.

Our security measures are continuously updated in line with technological developments. However, the transmission of information via the internet and electronic communication channels always carries certain security risks, and we are therefore unable to provide an absolute guarantee of the security of information transmitted in this way.

5. Contacting Us

When you contact us via our contact addresses and channels (e.g. by email or contact form), your personal data will be processed. The data processed includes the information you have provided to us, such as your company name, your name, your role, your email address or telephone number, and your enquiry. The time of receipt of the request is also recorded. Mandatory fields in contact forms are marked with an asterisk (*).

We process this data exclusively to handle your enquiry (e.g. to provide information about a product, to assist with contract processing such as the return of products, to incorporate your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in handling your enquiry, or, where your request relates to the conclusion or execution of a contract, the necessity for taking the required steps within the meaning of Art. 6(1)(b) EU GDPR.

6. Use of Your Data for Marketing Purposes

6.1 Central Data Storage and Analysis in the CRM System

Where a clear assignment to your person is possible, we will store and link the data described in this Privacy Policy – in particular your personal details, your contacts with us, your contract data and your browsing behaviour on our websites – in a central database. This serves the efficient management of customer data, allows us to respond adequately to your enquiries, and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in the efficient management of user data.

We analyse this data to develop our offerings in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict potential interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in carrying out marketing measures.

6.2 Email Marketing and Newsletter

An email newsletter is planned for the future.

When you register for our email newsletter (e.g. when opening or within your customer account), the following data will be collected. Mandatory fields are marked with an asterisk (*) in the registration form:

Email address

Salutation

First and last name

Date of birth

Address

By registering, you consent to the processing of this data in order to receive messages from us about our company, our snus offerings, and related products and services. This may also include invitations to participate in competitions or to review one of the aforementioned products or services. Collecting your salutation and name allows us to verify the assignment of the registration to an existing customer account and to personalise the content of our emails. Linking to a customer account helps us make the offers and content in the newsletter more relevant to you and better tailored to your potential needs.

We will use your data for email marketing until you withdraw your consent. Withdrawal is possible at any time, in particular via the unsubscribe link in all our marketing emails.

Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and for which addresses delivery failed. We also see which addresses opened the email, for how long, and which links were clicked. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise marketing emails with regard to frequency, timing, structure and content, enabling us to better tailor the information and offers in our emails to the individual interests of recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set your email program parameters so that HTML is not displayed in messages, if this is not already the default setting. Information on how to configure this setting can be found in the help sections of your email software, for example here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical analysis of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for processing the data within the meaning of Art. 6(1)(a) EU GDPR.

We use the email marketing software Omnisend (Attn. Legal department, Verkiu str. 25C, Vilnius, Lithuania) for marketing emails. Your data is therefore stored in an Omnisend database, allowing Omnisend to access your data where necessary for the provision of the software and for support in using the software. The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in using third-party services.

7. Disclosure to Third Parties and Third-Party Access

Without the support of other companies, we would not be able to provide our services in the desired form. To use the services of these companies, it is necessary to share your personal data to a certain extent. Such disclosure occurs in particular where it is necessary for the fulfilment of the contract you have requested – for example, to logistics or transport companies that deliver the requested products, or to a manufacturer fulfilling your warranty claim. For these disclosures, the necessity for the performance of the contract within the meaning of Art. 6(1)(b) EU GDPR constitutes the legal basis.

Disclosure also occurs to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are already explicitly mentioned in this Privacy Policy, such as in the marketing sections. These include, for example, IT service providers (such as software solution providers), advertising agencies and consulting firms. For this data disclosure, our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in obtaining third-party services constitutes the legal basis.

In addition, your data may be disclosed, in particular to authorities, legal advisors or debt collection agencies, where we are legally obliged to do so or where it is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is necessary for the purposes of due diligence or the execution of the transaction. For this data disclosure, our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in asserting our rights and fulfilling our obligations, or in selling our company, constitutes the legal basis.

8. Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third parties abroad, provided this is necessary for the data processing activities described in this Privacy Policy (see in particular Sections 12–15). The statutory provisions on the disclosure of personal data to third parties will of course be complied with. Where the country concerned does not provide an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected at those companies.

9. Retention Periods

We store personal data only for as long as is necessary to carry out the processing activities described in this Privacy Policy within the scope of our legitimate interest. For contract data, storage is required by statutory retention obligations. Requirements obliging us to retain data arise from accounting regulations and tax law. In accordance with these regulations, business communications, concluded contracts and booking documents must be retained for up to 10 years. Where we no longer require this data to provide services to you, the data will be blocked. This means that the data may then only be used where necessary to fulfil retention obligations or to defend and enforce our legal interests. Data is deleted once no retention obligation and no legitimate interest in its retention remains.

(Last updated: July 2025)

Back to Homepage

bottom of page