Privacy policy

Privacy Policy

Last Updated: May 25, 2025

Preamble

Surprey, a prospective entity under the laws of Switzerland ("we," "us," or "our"), is committed to safeguarding the personal data of individuals interacting with our online retail platforms, operating at https://schweiztrendshop.ch (serving the Swiss market) and https://surprey.com (serving the European Union market), collectively referred to as the "Stores." Hosted on the Shopify platform, the Stores adhere to the Swiss Federal Act on Data Protection (FADP) and Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). This Privacy Policy delineates the modalities of collection, processing, storage, disclosure, and protection of personal data, alongside the rights afforded to data subjects.

Article 1: Categories of Personal Data Collected

1.1 Personal Identifiable Information
We collect personal data necessary for contractual fulfillment, including but not limited to full name, electronic mail address, billing address, and delivery address, provided during account creation or order placement.

1.2 Financial Transaction Data
Payment-related data, such as credit or debit card details, are processed securely by Shopify’s payment gateway. We do not retain complete financial particulars beyond what is mandated for transaction verification.

1.3 Technical and Behavioral Data
Through cookies, web beacons, and analogous technologies, we gather data concerning your device (e.g., IP address, browser type, operating system), browsing patterns, and interactions with the Stores, including pages accessed and products viewed.

1.4 Communication Data
Correspondence via email, contact forms, or customer support channels, including content and metadata, is collected to facilitate effective communication.

1.5 Marketing and Preference Data
Subscription to newsletters or marketing communications entails the collection of email addresses and expressed preferences, subject to explicit consent.

Article 2: Purposes of Data Processing

2.1 Contractual Performance
Personal data is processed to execute purchase agreements, encompassing order processing, delivery, return handling, and customer support.

2.2 Service Enhancement
Analytical data informs the optimization of the Stores’ functionality, user experience, and product offerings.

2.3 Marketing Communications
With prior consent, we utilize data to dispatch promotional materials, newsletters, or personalized offers, revocable at the data subject’s discretion.

2.4 Legal Compliance
Data processing ensures adherence to Swiss and EU statutory obligations, including taxation, consumer protection, and data protection regulations.

2.5 Security and Fraud Prevention
Processing is conducted to safeguard the Stores against fraudulent activities and to maintain cybersecurity integrity.

Article 3: Legal Bases for Processing under GDPR

3.1 Performance of a Contract
Processing is lawful where necessary to fulfill contractual obligations with the data subject, per Article 6(1)(b) GDPR.

3.2 Consent
Explicit, informed consent, per Article 6(1)(a) GDPR, governs marketing communications and non-essential cookies, withdrawable at any time.

3.3 Compliance with Legal Obligations
Processing is conducted to meet statutory requirements under Swiss and EU law, pursuant to Article 6(1)(c) GDPR.

3.4 Legitimate Interests
We process data for legitimate interests, such as service improvement and fraud prevention, per Article 6(1)(f) GDPR, provided such interests are not overridden by the data subject’s rights.

Article 4: Data Sharing and Third-Party Disclosure

4.1 Platform Provider
Shopify, as our hosting and operational platform, processes personal data to enable website functionality, payment processing, and analytics, in compliance with FADP and GDPR.

4.2 Sub-Processors
We engage third-party service providers (e.g., logistics firms, payment processors, marketing platforms) acting as data processors under binding data processing agreements, ensuring compliance with applicable data protection laws.

4.3 Legal and Regulatory Disclosure
Personal data may be disclosed to competent Swiss or EU authorities to satisfy legal obligations, such as tax audits or judicial proceedings.

4.4 Business Transfers
In the event of a merger, acquisition, or asset sale, personal data may be transferred to a successor entity, subject to equivalent data protection safeguards.

Article 5: Cookies and Tracking Technologies

5.1 Cookie Categories
We deploy:

• Essential Cookies: Indispensable for core Store functionality, such as cart management and session maintenance.
• Analytical Cookies: Facilitate performance analysis (e.g., via Google Analytics).
• Marketing Cookies: Enable targeted advertising, activated only with consent.

5.2 Consent Management
Data subjects may configure cookie preferences via our Cookie Consent Banner or browser settings. A comprehensive Cookie Policy is accessible at https://schweiztrendshop.ch/cookie-policy or https://surprey.com/cookie-policy.

Article 6: Data Storage and Security Measures

6.1 Storage Environment
Personal data is stored on Shopify’s secure servers, adhering to GDPR and FADP standards.

6.2 Security Protocols
We implement technical and organizational measures, including encryption, access controls, and regular security assessments, to mitigate risks of unauthorized access, loss, or alteration. Notwithstanding, no system guarantees absolute security.

Article 7: Cross-Border Data Transfers

7.1 Primary Processing Location
Data is primarily processed in Switzerland, recognized by the EU as offering adequate data protection under GDPR.

7.2 International Transfers
Transfers to third countries (e.g., Shopify servers in the United States) are governed by Standard Contractual Clauses or other GDPR-compliant mechanisms to ensure equivalent protection.

Article 8: Data Subject Rights

8.1 Enumerated Rights
Under FADP and GDPR, data subjects are entitled to:

• Right of Access: Obtain confirmation of processing and a copy of personal data (Article 15 GDPR, Article 25 FADP).
• Right to Rectification: Correct inaccurate or incomplete data (Article 16 GDPR, Article 32 FADP).
• Right to Erasure: Request deletion, subject to legal retention obligations (Article 17 GDPR, Article 32 FADP).
• Right to Restriction: Limit processing under specified conditions (Article 18 GDPR).
• Right to Data Portability: Receive data in a structured, commonly used format (Article 20 GDPR).
• Right to Object: Oppose processing based on legitimate interests, including direct marketing (Article 21 GDPR).
• Right to Withdraw Consent: Revoke consent without affecting prior processing lawfulness (Article 7 GDPR).

8.2 Exercise of Rights
Requests may be submitted to support@surprey.com or Ulmenstrasse 7, 8636 Wald-ZH, Switzerland. Responses will be provided within one month, extendable where legally permissible. Complaints may be lodged with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or an EU supervisory authority.

Article 9: Data Retention Periods

9.1 Retention Principles
Personal data is retained only for the duration necessary:

• Transactional Data: Retained for seven years to comply with Swiss and EU fiscal and consumer protection laws.
• Account Data: Maintained until account deletion or erasure request, unless retention is legally mandated.
• Marketing Data: Kept until consent withdrawal or unsubscription.
• Analytical Data: Anonymized after 14 months or as configured by analytics providers.

Article 10: Protection of Minors

10.1 Age Restriction
The Stores are not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors. Upon notification, such data will be promptly deleted.

Article 11: Third-Party Links

11.1 External Websites
The Stores may link to external sites (e.g., payment gateways, social media platforms). We bear no responsibility for their data protection practices, and data subjects are advised to review respective privacy policies.

Article 12: Amendments to this Policy

12.1 Policy Updates
We reserve the right to amend this Privacy Policy to reflect operational or legal changes. Material amendments will be communicated via email or a prominent notice on the Stores, with the “Last Updated” date reflecting the current version.

Article 13: Contact Information

13.1 Data Controller
For GDPR and FADP purposes, the data controller is:
Schweiz Trend Shop / Surprey
Ulmenstrasse 7, 8636 Wald-ZH, Switzerland
Email: support@surprey.com

13.2 Inquiries
Direct all inquiries regarding this Privacy Policy or data protection practices to the above contact details.

Article 14: Language and Translations

14.1 Official Version
This Privacy Policy is drafted in English. Translations in German, French, or Italian are available upon request to comply with Swiss multilingual requirements.