Implementation of the European General Data Protection Regulation (GDPR)

In this article

Since 25 May 2018, the European General Data Protection Regulation (GDPR) has been in force. The GDPR applies to all businesses that operate within the EU, sell or offer goods and/or services in the EU, and which process Personal Data such as names, addresses, phone numbers, bank details, dates of birth or IP addresses of natural persons who are located within the EU. A website top-level domain such as .de or .eu, or the acceptance of payment in euro is sufficient to establish the existence of European operations. 
The standardisation of regulations governing the processing of personal data is primarily aimed at improving transparency in relation to the processing of consumer data and enhancing the protection afforded to this data.

Does the GDPR apply to Swiss businesses?

Yes, due to its extraterritorial character, the GDPR also applies to Swiss businesses that voluntarily take steps to actively solicit persons located in the EU (e.g., by advertising, an EU domain or by offering payment options denominated in euro).
To ensure that your Voucher and/or Ticket Shop is GDPR-compliant, we have expanded and updated a number of aspects of
The cookie banner is displayed in order to fulfil the new notification obligations under GDPR. Learn more here.

Integration of the Shop with iFrame

We have turned off this banner for customers, whom we know to integrate their shop into their own website using an iFrame. If you work with an iFrame and we have not turned off the anner, you can turn off the cookie banner in the manner described here.


Anonymisation of IP addresses for Google Analytics

We have configured the instance of  Google Analytics that is integrated into your shop, so that visitors' IP addresses are anonymised by Google.


Newsletter consent with the Double Opt-In Process

If you have activated the  option for visitors to register for your newsletter, a Double Opt-In process is used. That means that the customer must first check the box for the newsletter and, after confirming the order, will receive an additional e-mail with a link to confirm registration. 

In addition, we have updated the text giving consent.


Data Protection Statement

New requirements include not only the obligation to identify the purpose of the processing of personal data; there must also be a clear, lawful basis for the processing. In addition, the Data Subject must be notified of the duration for which the Personal Data will be stored. The Data Subject must further be notified of the right to be informed about the Data. Data Subjects are entitled to require the Data Controller to delete the Personal Data, for instance if the Data is no longer necessary for the purpose for which it was originally gathered.

Contact details of the Data Controller and the Data Protection Officer

The Data Protection Statement must include the contact details of the website operator. If you have an internal Data Protection Officer, this person's contact details must be disclosed.

In the case of businesses outside the EU, there must be an additional point of contact in the form of a representative in the EU.

Model Data Protection Statement prepared by e-guma

We have updated and expanded our model Data Protection Statement in e-guma.

The field labelled  Contact details of the representative in the European Union is only shown in the case of businesses that are not located in the EU.

It is important for you to enter the necessary contact details and click on Show Preview to verify the Data Protection Statement.

Learn  here how to edit the Data Protection Statement.

Use of a pre-existing Data Protection Statement

Do you already have a Data Protection Statement that covers the processing undertaken in your e-guma SHOP? 
e-guma offers several options for using existing Data Protection Statements.
  • As text - You can copy the content of your existing Data Protection Statement directly into the field.
  • As a PDF - You can upload your Data Protection Statement as a PDF
  • As a link - You can enter the URL of your Data Protection Statement

Learn  here how to enter your existing Data Protection Statement in e-guma.


Data Processing Agreement

We have prepared a data processing agreement that you can complete on your PC, before downloading it for your records.

Additional Measures

Additional measures that we have taken in response to GDPR include:
  • Appointing a corporate Data Protection Officer
  • Auditing our Data Sub-Processors in respect of their processing of personal data 
  • Internal training for our employees
These measures should not be seen as a definitive response, but are subject to ongoing monitoring and revision.