Privacy Policy
Datenschutzerklärung — Swiss DSG & EU GDPR
1. Data Controller
[PLACEHOLDER: Company name]
[PLACEHOLDER: Address]
[PLACEHOLDER: Email]
[PLACEHOLDER: Phone]
2. Data We Collect
When you use our website, we may collect the following data:
- Server log files (IP address, browser type, access time, pages visited)
- Account data (email, name) if you create an admin account
- Order data (name, address, products ordered, payment information)
- Communication data (emails, contact form submissions)
3. Legal Basis for Processing
We process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR) — processing orders and delivering products
- Legitimate interest (Art. 6(1)(f) GDPR) — website security, fraud prevention, analytics
- Legal obligation (Art. 6(1)(c) GDPR) — tax and accounting requirements
- Consent (Art. 6(1)(a) GDPR) — marketing communications, optional cookies
4. Third-Party Services
Payment Processing
We use Stripe (including TWINT) and PayPal to process payments. When you make a purchase, your payment data is transmitted directly to the payment provider. We do not store credit card or bank details.
- Stripe Privacy Policy: stripe.com/privacy
- PayPal Privacy Policy: paypal.com/privacy
Hosting
[PLACEHOLDER: Hosting provider name, location of servers, DPA reference]
5. Cookies
This website uses only technically necessary cookies (e.g. shopping cart, session). No tracking or advertising cookies are used. Technically necessary cookies do not require consent under Swiss DSG or EU GDPR.
[PLACEHOLDER: Update this section if you add analytics (Google Analytics, etc.) or marketing tools. Consent will be required for non-essential cookies.]
6. Data Retention
We retain personal data only as long as necessary for the purposes described above or as required by law. Order data is retained for [PLACEHOLDER: e.g. 10 years] in accordance with Swiss commercial and tax law (OR Art. 958f).
7. Your Rights
Under Swiss DSG and EU GDPR, you have the right to:
- Access your personal data (Art. 15 GDPR / Art. 25 DSG)
- Rectify inaccurate data (Art. 16 GDPR)
- Delete your data (Art. 17 GDPR, "right to be forgotten")
- Restrict processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- Withdraw consent at any time (Art. 7(3) GDPR)
- Lodge a complaint with a supervisory authority
Swiss authority: Federal Data Protection and Information Commissioner (FDPIC)
EU authority: [PLACEHOLDER: Relevant EU supervisory authority, if applicable]
8. International Data Transfers
Switzerland is recognized by the EU as providing adequate data protection. Where data is transferred to countries outside Switzerland/EEA (e.g. payment processors in the US), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.
9. Changes to This Policy
We may update this privacy policy from time to time. The current version is always available on this page.
Last updated: [PLACEHOLDER: Date]