Privacy policy
Data protection declaration – Revitera / Alparis GmbH
1. Introduction and scope
We, Alparis GmbH (hereinafter “we”, “us” or “responsible person”), operate the online shop revitera.ch and take the protection of your personal data very seriously. This data protection declaration explains what personal data we collect from visitors and customers (“you”) and how we process it in accordance with the Swiss Data Protection Act (DSG) and – where applicable – the EU General Data Protection Regulation (GDPR). Please read the following carefully to understand how we handle your personal data.
2. Responsible body
The person responsible for data processing on this website is:
Alparis GmbH Müligässli 1 8598 Bottighofen TG Switzerland
Email: hallo@revitera.ch Telephone: +41 76 710 53 76
You can address questions or concerns about data protection at any time to the above address.
Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our data protection representative and contact for the following regions:
- European Union (EU)
iuro Rechtsanwälte GmbH t/a Prighter, Schellinggasse 3, 1010 Vienna, Austria
Prighter offers you a simple way to exercise your data protection-related rights (e.g. requests for information or deletion). If you would like to contact us through our agent Prighter or exercise your rights as a data subject, please visit the following website: https://app.prighter.com/portal/17184033144
3. Collection and use of personal data
We only collect personal data if this is permitted (e.g. to fulfill the contract) or if you have consented. Depending on your interaction with our website, different data is collected:
a) Visiting the website
When you access our website, technical access data is automatically stored in so-called log files. This includes, for example, the IP address of the requesting device, date and time of access, pages/files accessed, browser type and version as well as the operating system. We need this information to deliver the website, to ensure security and stability, and for statistical evaluations to improve our offering. This usage data generally does not allow any direct conclusions to be drawn about you personally and is not combined with other data. We may use cookies and similar technologies to make our website user-friendly and to provide certain functions (see section 4 on tracking and analysis tools).
b) Ordering a product
When you place an order in our online shop, we collect the data necessary to process the order. This includes in particular: last name, first name, billing and delivery address, email address, telephone number if necessary (if necessary for delivery), ordered products and payment information. We process this data for the purpose of contract processing, i.e. to process your order, ship the goods, process payments and process any warranty or reversal claims. Without this data, it is not possible to conclude a contract. Providing a telephone number or email also enables us to inform you about the status of the delivery or to contact you if you have any questions.
c) Customer account
You have the option of creating a customer account. In this case, we will save the registration data you provided (name, email, password, etc.) to enable you to check out more quickly and view your order history the next time you make a purchase. This data is processed at your request and is covered by your registration (and therefore consent). You can delete your customer account at any time; In this case, your profile data will be deleted unless there are legal retention requirements.
d) Contacting us
If you contact us by email or via any existing contact forms, we will process the information you provide (e.g. name, email, concerns) to process the request and for possible follow-up questions. This communication usually takes place with your consent or at your request.
e) Newsletter and email marketing
If you register for our newsletter, we will use your email address to regularly send you our newsletter with information about our products, health tips and offers. We use the double opt-in procedure to register, which means you will only receive our newsletter after confirming your email address.
Data processing is based on your consent. You can unsubscribe from the newsletter at any time using the unsubscribe link in the newsletter or by sending us a message.
We use the service Klaviyo from the provider Klaviyo, Inc. (USA) to send and manage our newsletter. Your email address and any other data you provide (e.g. name, purchase history) will be stored on Klaviyo's servers in the USA. Klaviyo uses this information to send, personalize and statistically evaluate the newsletter on our behalf (e.g. opening and click rates). Data transfer to the USA is based on appropriate guarantees (in particular standard contractual clauses and/or certification under the EU-U.S. Data Privacy Framework). We will use your email address exclusively for the newsletter and related communication and will not pass it on to uninvolved third parties. If you unsubscribe from the newsletter, your email address will be deleted from the mailing list or blocked from further use.
f) Product reviews and customer feedback
We offer you the opportunity to rate products and leave reviews. For this we use the services Trusted Shops / eTrusted (Trusted Shops GmbH, Germany), Trustpilot (Trustpilot A/S, Denmark) and the Shopify app Trustoo (Opinew Ltd.). If you submit a review, your review data (name or pseudonym, review text, star rating, email address for verification) will be transmitted to the respective service provider and processed there. The processing takes place to present authentic customer reviews and thus to improve our offer, based on our legitimate interest (Art. 6 Para. 1 lit. f GDPR). If necessary, we have concluded agreements with the providers for order processing.
g) Cookie consent management
We use Consentmo (provider: Consentmo Ltd.) as a cookie consent tool. Consentmo is used to obtain, manage and document your consent for cookies and tracking technologies on our website. The following data is processed: consent status, time of consent and an anonymous identifier. The processing is carried out on the basis of our legitimate interest in providing evidence that consent has been obtained in accordance with data protection regulations (Art. 6 Para. 1 lit. f GDPR; Art. 31 DSG).
4. Tracking and analysis tools
In order to continuously improve our website and optimize marketing measures, we use analytics tools and tracking technologies. These services may store cookies or similar technologies on your device and collect personal data (in particular your IP address and usage data). However, we only use these tools to the extent permitted by law. If necessary, we will obtain your consent via the cookie banner. You can revoke your consent at any time via the website's cookie settings or deactivate the storage of cookies in your browser (although not all functions may then be fully available).
Specifically, we currently use the following third-party tools:
Google Analytics (GA4)
This web analysis tool from Google LLC (USA) is used to evaluate usage behavior on our website. Google Analytics uses cookies to collect information about your use of the website (including shortened IP address) and transmit it to a Google server (possibly in the USA) and store it there. We have configured Google Analytics in such a way that IP addresses are anonymized (IP anonymization), so that they cannot be directly linked to individuals. Google uses the information collected on our behalf to compile reports on website activity and to provide us with other services related to website activity and internet usage. You can prevent Google Analytics from collecting your data by installing the Google Analytics deactivation browser add-on or adjusting your cookie settings accordingly.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Google Tag Manager
We use Google Tag Manager (service provided by Google LLC) to centrally manage website tags and scripts. The Tag Manager itself does not collect personal data, but can trigger other tags that in turn collect data (such as Google Analytics or the meta pixel). If you have deactivated tracking (opt-out), Google Tag Manager will take this into account.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR; Section 25 TDDDG).
Meta pixel (Facebook pixel)
This technology from Meta Platforms Ireland Ltd. (for users in Europe) or Meta Platforms, Inc. USA (for users outside) helps us track the behavior of users after they have seen or clicked on a Facebook or Instagram ad from us. This allows us to evaluate the effectiveness of our Facebook/Instagram advertising for statistical and market research purposes. The data collected (e.g. pages visited, purchases made, IP address, browser information) is anonymous to us, i.e. we do not see any personal data about individual users. However, this data is processed by Meta to establish the connection to the respective Facebook/Instagram profile and can be used by Meta for its own advertising purposes. If you have a Facebook/Instagram account, you can influence Meta's use of cookies and pixels in your account settings. You can also deactivate the meta pixel on our site via our cookie settings.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Microsoft Clarity
We use Microsoft Clarity, a web analysis service from Microsoft Corporation (USA), on our website. Microsoft Clarity records user sessions (so-called session recording) and creates heatmaps that show us how visitors use our website (e.g. mouse movements, scrolling behavior, clicking behavior). Usage data such as IP address (shortened), device and browser information, pages visited and interaction data are collected and transmitted to Microsoft servers (possibly in the USA). Personal entries in forms (e.g. passwords, credit card details) are automatically masked according to the manufacturer.
Microsoft Clarity uses cookies and similar technologies. It is used only with your prior consent via our cookie banner. You can revoke your consent at any time via the cookie settings. Further information can be found in Microsoft's data protection declaration: https://privacy.microsoft.com/de-de/privacystatement
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Triple Pixel (TripleWhale)
We use the Triple Pixel from the provider Triple Whale, Inc. (USA). This marketing attribution tool is used to measure the effectiveness of our advertising campaigns across different channels and to improve the allocation of orders to advertising measures. Usage data such as IP address, browser information, pages visited and purchase data are collected and transmitted to Triple Whale servers in the USA. Processing takes place based on your consent via our cookie banner. The data transfer to the USA takes place on the basis of suitable guarantees (in particular standard contractual clauses).
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Google Ads Conversion Tracking / Remarketing
We use Google Ads Conversion Tracking and Remarketing (provider: Google LLC, USA / Google Ireland Ltd.). These services enable us to measure the effectiveness of our Google Ads campaigns and to show you relevant advertisements based on your previous usage behavior (remarketing). Your IP address, browser data and conversion data (e.g. purchases, page views) are recorded and transmitted to Google servers (possibly in the USA). Data transfer to the USA is based on appropriate guarantees. It is only used with your prior consent via our cookie banner. You can revoke your consent at any time via the cookie settings.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Outbrain Pixel
We use the Outbrain Pixel (provider: Outbrain Inc., USA). This tracking tool is used to measure the effectiveness of our native advertising campaigns via the Outbrain network. Your IP address, browser data and conversion data are recorded and transmitted to Outbrain servers in the USA. Processing takes place based on your consent via our cookie banner. The data transfer to the USA takes place on the basis of suitable guarantees.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Taboola Pixel
We use the Taboola Pixel (provider: Taboola Inc., USA). This tracking tool is used to measure the effectiveness of our native advertising campaigns via the Taboola network. Your IP address, browser data and conversion data are recorded and transmitted to Taboola servers in the USA. Processing takes place based on your consent via our cookie banner. The data transfer to the USA takes place on the basis of suitable guarantees.
Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).
Notes on data transfer to the USA
Please note that data can be transferred to the USA using the third-party tools mentioned. From a Swiss and EU data protection perspective, the USA is considered a country without a comprehensively adequate data protection standard. We have agreed appropriate guarantees with the respective providers (in particular standard contractual clauses and/or certifications under the EU-U.S. Data Privacy Framework or the corresponding Swiss data protection framework) in order to ensure an appropriate level of protection for your data. However, when transferring data to the USA, there is a residual risk that US authorities will be able to access the data without effective legal remedies in the EU/Switzerland. Your consent (via our cookie banner) also includes the possible transfer of data to the USA. You can of course also make use of the opt-out options to avoid data collection by these tools.
5. Use of payment service providers
As part of the ordering process, we offer various payment methods. Depending on which payment method you select, we pass on certain data to the relevant payment service provider who processes the payment. This includes, for example, the value of the goods, your IP address for fraud prevention and other details necessary for payment - but not credit card numbers or payment information that you enter directly into the payment service provider. We use the following payment services:
Shopify Payments / Stripe
Credit card payments (Visa, MasterCard, etc.) and TWINT payments are processed via Shopify Payments or Stripe. The provider is Stripe Payments Europe Ltd. (Ireland) in cooperation with Stripe, Inc. (USA). Stripe receives the payment information (e.g. credit card number, validity, amount) directly via the input mask in the checkout. The Stripe/Shopify Payments privacy policy applies. Your payment details will be processed and stored by Stripe for the purpose of payment processing. We ourselves do not store complete credit card details.
Data protection information: https://stripe.com/de/privacy & https://www.shopify.com/de/legal/datenschutz
PayPal
If you select the payment method PayPal you will be taken to the PayPal (Europe) S.à.r.l. website. et Cie, S.C.A. forwarded. There you can log in with your PayPal access data and approve the payment. We then only receive information from PayPal about the payment being made (or a cancellation). PayPal's data protection principles apply.
Data protection information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
TWINT
TWINT is a mobile payment system in Switzerland. If you pay with TWINT, the payment is processed by TWINT AG. You will be redirected to the TWINT app or website where you confirm the payment. We then receive a confirmation or error message. TWINT processes the data required for payment under its own data protection regulations.
Data protection information: https://www.twint.ch/datenschutzerklaerung-twint-id-ubs/
Klarna
We may offer payment options via Klarna (Klarna Bank AB, Sweden), e.g. purchase on account or payment in installments. When you select a Klarna payment method, personal data (e.g. name, address, date of birth, email, IP address, order details) is transmitted to Klarna to process the payment and to check your identity and creditworthiness. In this case, Klarna is the independent controller for data processing.
Data protection information: https://www.klarna.com/de/datenschutz/
We use these payment service providers to offer you a secure and convenient payment option. The legal basis for passing on the data is the fulfillment of the contract (processing of the purchase contract, Art. 31 DSG) and our legitimate interest in ensuring a reliable payment process. Please note that the payment service providers are independent controllers of your payment data. Information about data processing by them can be found in the respective data protection declaration of the service.
6. Transfer of data to third parties and processors
We will never pass on your personal data to third parties without authorization. However, to provide our services, we work with some external service providers to whom we provide data to the extent necessary (or who have access to it themselves), exclusively for the purposes stated here. These service providers are contractually obliged to process personal data exclusively on our behalf and in accordance with our instructions (so-called “processors” in the sense of the DSG or processors according to the GDPR), or they act as independent controllers, if this is stated. Specifically, these are the following recipients:
Hosting and shop platform
Our online shop is operated on the e-commerce platform Shopify (provider: Shopify International Ltd., Ireland or Shopify Inc., Canada). Shopify provides us with the online shop infrastructure and stores the data collected in our shop in their data centers. We have concluded an order processing contract with Shopify. Shopify may use subcontractors (e.g. cloud providers) to provide services, including those outside Switzerland/EU. For more information, please see Shopify's privacy policy.
The domain revitera.ch is registered via IONOS (1&1 IONOS SE, Germany). IONOS only processes technical domain data (e.g. DNS entries) and no customer data from the shop.
Shopify apps and extensions
As part of our Shopify shop, we use various apps and extensions that, as processors, can have access to certain shop data. This includes in particular:
- GemPages (GemPages, Inc.): Page builder for designing our shop pages. Access to shop data as part of page creation.
- Kaching Bundles (Kaching Appz): Bundle and shopping cart management. Access to product data and shopping cart contents.
- Trustoo (Opinew Ltd.): Product ratings and reviews. Access order details and customer information to verify reviews.
- Kaching Subscription (Kaching Appz): Management of subscriptions. Storage of customer data (name, email, address, order history, payment information) to carry out recurring deliveries.
- Kaching Upgrade (Kaching Appz): Upsell functionality in checkout. Access to shopping cart contents and order data.
- Kaching Cart (Kaching Appz): Shopping cart optimization. Access to shopping cart contents.
- Trusted Shops / eTrusted (Trusted Shops GmbH, Germany): Customer reviews and seals of quality. After purchase, a review invitation can be sent via email. Order data (order number, email address) is transmitted to Trusted Shops. The processing is carried out on the basis of our legitimate interest in quality assurance and trust building (Art. 6 Para. 1 lit. f GDPR).
- Trustpilot (Trustpilot A/S, Denmark): Customer reviews. After purchase, a review invitation can be sent via email. Order data (name, email address) is transmitted to Trustpilot. The processing is carried out on the basis of our legitimate interest in quality assurance (Art. 6 Para. 1 lit. f GDPR).
These apps process data exclusively within the scope of their respective functionality and, as Shopify partners, are subject to Shopify's data protection requirements. If necessary, we have concluded agreements with the providers for order processing.
Communication and project management
ClickUp (Provider: Mango Technologies Inc., USA): We use ClickUp as an internal tool for task management and support ticket management. In some cases, customer names, email addresses and request content can be recorded in ClickUp as part of support processing. The processing is carried out on the basis of our legitimate interest in efficient customer service (Art. 6 Para. 1 lit. f GDPR). The data transfer to the USA takes place on the basis of suitable guarantees.
Email and cloud services
Google Workspace (Provider: Google LLC, USA / Google Ireland Ltd.): We use Google Workspace for email communication (including customer communication) and document management (Google Drive). Email content, attachments, contact details and documents are processed. The processing is based on the fulfillment of the contract (Art. 6 Para. 1 lit. b GDPR) and our legitimate interest in efficient communication (Art. 6 Para. 1 lit. f GDPR). The data transfer to the USA takes place on the basis of suitable guarantees.
Accounting and tax advice
DATEV (Provider: DATEV eG, Nuremberg, Germany): We use DATEV for bookkeeping and financial accounting for our German business operations. Invoice data and, if applicable, customer names and order numbers from Shopify exports are processed. The legal basis is the fulfillment of statutory accounting obligations (Art. 6 Para. 1 lit. c GDPR).
Topal (Provider: Topal Solutions AG, Switzerland): We use Topal for the accounting of our Swiss business operations. Invoice data and, if applicable, customer names from Shopify exports are processed. The legal basis is the fulfillment of statutory accounting obligations.
Tax advisors / trustees: Our external tax advisors (in DE and CH) can, as part of their work, gain access to invoices and business documents, which may occasionally contain customer names. They are obliged by professional law to maintain confidentiality. The legal basis is the fulfillment of statutory accounting obligations (Art. 6 Para. 1 lit. c GDPR).
Logistics and shipping
For the purpose of executing your order, we pass on your delivery address and contact details to our logistics and shipping partner. Our products are delivered via the fulfillment service provider Cross Border Fulfillment GmbH (Blumenfeldstrasse 16, 9403 Goldach, Switzerland) for deliveries to Switzerland and Agro-Norm Vertriebs GmbH (Am Industriepark 1a, D-84453 Mühldorf, Germany) for deliveries to Germany and the EU. Shipping takes place via Swiss Post AG (Post) or corresponding German parcel service providers. They only receive the information that is necessary for delivery (name, address, possibly email/telephone for shipping notification). There will be no further use of the data by these service providers.
Email marketing
We use Klaviyo (Klaviyo, Inc., USA) to send our newsletter and transactional emails. Further information can be found in Section 3 lit. e).
Service provider for marketing and analysis
If we use tools such as Google Analytics, Meta-Pixel, Microsoft Clarity, Triple Pixel or Klaviyo (see above), the service providers named in Section 4 become the recipients of your data. Some of these service providers are located abroad (e.g. USA), see Section 4 on data transfer abroad and the protective measures taken. We have concluded contracts for order processing with all providers - where required by law.
Rating platforms
We work with Trusted Shops / eTrusted (Trusted Shops SE, Germany) to give you the opportunity to rate our shop and our products after your purchase. For this purpose, your email address and order reference can be sent to Trusted Shops so that you receive a review invitation. Trusted Shops processes this data as an independent controller or on behalf of. Details can be found at: https://www.trustedshops.de/impressum/#datenschutz
Authorities and legal obligations
In certain cases we are legally obliged to pass on data to third parties. This may be the case, for example, if there is a legal obligation to provide information or if we have to provide information as part of legal proceedings or official inquiries. In such cases, we only pass on data to the extent required by law and only after careful examination.
7. AI-supported data processing
7.1 Use of artificial intelligence
We use systems with artificial intelligence (AI) to improve our services, particularly in the areas of customer service and internal data processing. These systems support us in analyzing and answering customer inquiries, creating communication drafts, analyzing business data and other operational processes.
7.2 Services and service providers used
We use the following AI services that can process personal data within the scope of the stated purposes:
- Anthropic (Claude) – Anthropic, PBC, San Francisco, USA: Analysis of customer inquiries, support in the creation of email drafts and data evaluations.
- OpenAI – OpenAI, L.L.C., San Francisco, USA: Generation of text embeddings for intelligent search and assignment of queries.
- OpenClaw – AI agent platform, operated on our own server in the EU: orchestration and control of the aforementioned AI services.
7.3 Type of data processed
As part of AI-supported processing, the following personal data may be affected:
- Contents of customer inquiries (emails, contact forms, voice messages)
- Name and email address
- Order information and customer number
- Other information you provide to us as part of your communications
Sensitive data (e.g. health data in the context of dietary supplements) will only be processed if you voluntarily provide it to us and the processing is necessary to answer your request.
7.4 Data transfer to the USA
The aforementioned AI service providers (with the exception of OpenClaw, which operates on a server in the EU) are based in the USA. When using these services, personal data may be transmitted to servers in the USA. From the perspective of the Swiss Data Protection Act and the GDPR, the USA does not have an adequate level of data protection.
We have taken appropriate protective measures, in particular:
- Agreement of suitable guarantees with the respective providers (standard contractual clauses and/or certifications under the EU-U.S. Data Privacy Framework)
- Limiting the transmitted data to the necessary minimum
- Contractual obligation of the providers to process for specific purposes
There remains a residual risk that US authorities may access the data as part of surveillance programs.
7.5 No purely automated individual decisions
We do not make any decisions that are based exclusively on automated processing - including profiling - and that have legal effects on you or significantly affect you in a similar way (Art. 22 GDPR, Art. 21 DSG). AI systems serve us exclusively as support tools. All decisions that affect your rights or interests (e.g. processing of complaints, goodwill decisions, refunds) are always reviewed and taken responsibility for by a human employee.
7.6 Legal basis
The AI-supported processing of your data is based on our legitimate interest (Art. 6 Para. 1 lit. f GDPR; Art. 31 DSG) in efficient and high-quality customer service and data processing. When weighing up interests, we took into account that the AI systems are only used to provide support and do not make any independent decisions. To the extent that processing is necessary to fulfill our contractual obligations (e.g. processing your order or request), we also base this on fulfillment of the contract (Art. 6 Para. 1 lit. b GDPR; Art. 31 DSG).
7.7 Your rights
You can object to the AI-supported processing of your personal data at any time. In this case, we will no longer process your data using AI systems unless there are compelling reasons to the contrary. Please contact us at hallo@revitera.ch.
8. Duration of data storage
We process and store your personal data only for as long as is necessary for the respective purpose. This specifically means:
Order data: We generally retain your data collected for contract processing (customer account, orders, invoices, etc.) for the duration of the contractual relationship. After the contract has been fully processed or your customer account has been deleted, the data will continue to be stored to a limited extent as long as statutory retention periods apply. According to Swiss law, we are obliged to retain business documents (invoices, booking receipts, etc.) for 10 years. However, during this period the data will be blocked for other uses. After the retention obligations have expired, we will permanently delete the data.
Newsletter data: The data registered for the newsletter is stored as long as the newsletter subscription is active. After unsubscribing from the newsletter (revoking your consent), your email address will be placed on a blacklist to prevent further sending and will then be completely deleted after a reasonable period of time.
Log files: The automatically collected access data (server log files) are only stored for a limited period of time and then routinely deleted. Longer storage can occur for security reasons (e.g. to investigate misuse or fraud), then deletion will take place once the reason no longer exists.
AI-supported processing: Data that is transmitted to third-party providers as part of AI-supported processing is stored there in accordance with the respective order processing agreements and deleted after the contractually agreed deadlines have expired. For details, please refer to the data protection declarations of the respective providers.
Contact requests: If you contact us, the communication data will be retained for as long as necessary to process your request. We delete corresponding emails as soon as no further communication is expected and any legal archiving obligations have been fulfilled.
Cookies have different storage periods depending on the type (session cookies until the browser is closed, persistent cookies a few months to years). Details can be found in our cookie settings on the website. Analysis and tracking data is deleted or anonymized by the respective service providers according to their own specifications.
9. Legal basis for data processing
We base the processing of your personal data on the applicable legal bases. Under Swiss data protection law, processing is permitted if it is carried out lawfully, i.e. if it is justified by the consent of the person concerned, by law, by contract or to protect an overriding private or public interest. We process your data in particular based on the following principles:
Fulfillment of the contract: The processing of data that we need for your order, payment and delivery takes place in order to fulfil the purchase contract with you (Art. 31 DSG; corresponds to Art. 6 Para. 1 lit. b GDPR). Without this data we would not be able to carry out the contract.
Consent: If we ask you for consent (e.g. for newsletters, for setting certain cookies/tracking tools such as Microsoft Clarity, Triple Pixel), we base the data processing on your voluntary consent (Art. 31 DSG; Art. 6 Para. 1 lit. a GDPR). You have the right to revoke your consent at any time with future effect. The revocation does not affect the lawfulness of the processing before the revocation.
Legitimate interest: Some data processing takes place to protect our legitimate interests (Art. 31 DSG; Art. 6 Para. 1 lit. f GDPR), for example the analysis of user behavior to improve our offering, personalized advertising to existing customers, fraud prevention in payment processing, the storage of log data to ensure IT security or the use of AI systems for efficient Customer support. In these cases, we have carefully weighed up interests. We only process personal data on this basis to the extent that your fundamental rights and freedoms do not outweigh this. You have the right to object to such processing at any time for reasons relating to your particular situation (see Section 10).
10. Your rights as a data subject
As a person affected by data processing, you are entitled to various rights under the Swiss Data Protection Act - and, if applicable, also under the GDPR. These are in particular:
Right to information: You have the right to request information about whether we are processing personal data about you. If so, you can receive information about this data (including a copy of the data) as well as information about the purpose of processing, the categories of data processed, the recipients, the planned storage period and your other rights. (Art. 25 ff. DSG; Art. 15 GDPR)
Right to rectification: If your data is inaccurate or incomplete, you can request that it be corrected or supplemented. We will correct any incorrect information immediately. (Art. 32 DSG; Art. 16 DSGVO)
Right to deletion (“right to be forgotten”): You have the right to request the deletion of your personal data, provided the legal requirements are met. This is the case, for example, if the data is no longer necessary for the purposes for which it was collected, you have withdrawn your consent or the processing is unlawful. Please note that the Swiss Data Protection Act does not provide for an express right to deletion, but we will comply with your deletion request as long as there are no legal retention obligations or overriding interests to the contrary. (Art. 13 DSG; Art. 17 DSGVO)
Right to restrict processing: Under certain circumstances, you can request that we restrict the processing of your data (so that the data is only stored but no longer used). (Art. 15 DSG; Art. 18 GDPR)
Right to data release / data portability: You have the right to request that the personal data you have provided be released in a common electronic format, provided that the processing is automated. If you wish, we will also - if technically feasible - transfer this data directly to a third party named by you. (Art. 28 DSG; Art. 20 GDPR)
Right to object: You can object to the future processing of your personal data if we process it on the basis of a legitimate interest. In particular, you can object to the processing of your data for direct advertising at any time. In the event of an objection, we will no longer process your data for these purposes. (Art. 31 DSG; Art. 21 GDPR)
Right regarding automated individual decisions: You have the right not to be subject to a decision based solely on automated processing that has legal effects on you or significantly affects you in a similar way (Art. 22 GDPR; Art. 21 DSG). As explained in Section 7.5, we use AI systems exclusively for support purposes; all relevant decisions are made by human employees.
Revocation of consent: If you have given us consent (e.g. for newsletters or tracking), you can revoke this at any time (as already described above). All you need to do is send us an informal message (e.g. by email).
Please note that some of the rights mentioned may be subject to restrictions under the DSG. For example, the right to information can be denied or restricted if this would harm the interests of third parties or violate statutory confidentiality obligations (Art. 26 DSG). In such a case, we will inform you of the reasons for the rejection.
To exercise your rights, you can contact us at any time using the contact methods specified in Section 2. Please provide sufficient information that allows us to clearly identify you (e.g. name, email address stored with us, order number if applicable). We will examine your request as quickly as possible and respond to it within 30 days at the latest (legal deadline in the DSG). If in exceptional cases it takes longer, we will inform you accordingly.
In addition, if you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with the responsible data protection supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC) (address: Feldeggweg 1, CH-3003 Bern, www.edoeb.admin.ch). If the GDPR is applicable, you can also contact the supervisory authority in the EU member state of your place of residence.
11. Data security
We use appropriate technical and organizational security measures to protect the data we store against manipulation, loss, unauthorized access or unauthorized modification. Our security measures are continually improved in line with technological developments. For example, we use secure transmission procedures (SSL encryption) for payment and order data, restrictive access to data (only authorized persons) and regular updates and backups of our systems. However, no Internet transmission can ever be 100% secure. We would like to point out that the transmission of information via the Internet is at your own risk.
12. Changes to this privacy policy
We review this data protection declaration regularly and adapt it as soon as changes in our data processing or the legal situation require this. We will clearly announce any material changes on our website and, if necessary, obtain your renewed consent. At the end of this statement you will find information about when the text was last updated.
Status of this data protection declaration: March 2026
