Data protection

 

Data Protection (Privacy Notice Excerpt)

1) Contract Processing & Customer Accounts (Art. 6(1)(b) GDPR)

We collect and process personal data when it is necessary to:

  • perform or prepare a contract with you (e.g., enquiries, bookings, events, classes, purchases), or

  • open/manage a customer account for you.

The specific data collected appears on the relevant input forms (e.g., name, contact details, billing/delivery information). You may request deletion of your customer account at any time by contacting us at the address in the “Controller” section of our Privacy Policy.

We use the data you provide strictly for contract performance. After a contract has been fully completed or your customer account is deleted, we block your data from routine use and retain it only as required by law (tax/commercial retention). After those statutory periods expire, your data is deleted unless:

  • you have expressly consented to continued use, or

  • we are legally permitted to retain/use it for another purpose (which we will explain to you in our Privacy Policy).

2) Bexio — Accounting Software (Buchhaltungssoftware)

When you purchase a paid product or service, your basic customer master data required for invoicing is transmitted to our ERP/accounting provider bexio solely for the purpose of issuing invoices and fulfilling our accounting obligations.

Swiss retention: Due to the retention obligations under the Swiss Code of Obligations (OR) Art. 957 et seq., invoice-related data must be retained for 10 years and cannot be deleted earlier, even if your customer account on our website is deleted.

Data Processing Agreement (DPA):
We have concluded a Data Processing Agreement with bexio obliging bexio to protect customer data and not disclose it to third parties. (Reference: bexio “Auftragsverarbeitung” / DPA)

3) Use of Your Data for Direct Advertising

3.1 Email Newsletter

If you subscribe to our newsletter, we will send you periodic information about our services and offers. The only mandatory field is your email address; any additional details are optional and help us address you personally.

We use a double opt-in: you will receive a confirmation email and must click the link to complete your subscription. By activating the link, you consent to our use of your data for newsletter purposes under Art. 6(1)(a) GDPR.

For security and audit, we store your IP address, and the date/time of subscription. We use newsletter registration data exclusively for sending the newsletter. You may unsubscribe at any time via the link in each email or by contacting us. Upon unsubscribing, your email will be promptly removed from our mailing list unless you have consented to other uses or we are legally permitted to use it as described in this notice.

Existing customers: If you have given us your email during a purchase/booking, we may email you offers for similar services based on our legitimate interests in direct marketing (Art. 6(1)(f) GDPR and, where applicable, §7(3) UWG (DE)). You may object at any time; we will then stop.

3.2 Newsletter via Mailchimp (if used)

We may send newsletters via Mailchimp (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). We transfer your subscription data to Mailchimp under Art. 6(1)(f) GDPR (effective, secure, user-friendly delivery).

Mailchimp may use tracking pixels/web beacons in emails to compile anonymised, aggregate statistics (opens, clicks, technical metadata). Data is pseudonymised and not linked to other personal data. If you do not wish your newsletter usage to be analysed, please unsubscribe.

For international transfers, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses in Mailchimp’s DPA). See Mailchimp’s Privacy Policy and DPA on their website.

3.3 Advertising by Post (if used)

Based on our legitimate interests in personalised direct marketing (Art. 6(1)(f) GDPR), we may store your name, postal address and, where provided in the contractual relationship, your title, academic degree, year of birth and professional/industry designation, to send you relevant offers by post.
You may object at any time by contacting us.

4) Order Handling & Service Providers

4.1 Fulfilment Partners

To fulfil contracts, we share necessary personal data with:

  • Transport/delivery partners (name, delivery address) to deliver goods, and

  • Banks/payment providers (payment data) to process payments.

Transfers occur under Art. 6(1)(b) GDPR (contract performance).

4.2 External Shipping Partners (if used)

Where we cooperate with external couriers, we share your name and delivery address exclusively for delivery purposes (Art. 6(1)(b) GDPR).

4.3 Payment Service Providers

PayPal (if offered):
If you pay with PayPal (including cards/SEPA via PayPal, “Pay Later”/instalments), we transfer payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., L-2449 Luxembourg for payment processing (Art. 6(1)(b) GDPR). PayPal may carry out credit checks under Art. 6(1)(f) GDPR (legitimate interest in assessing credit risk). For details (incl. credit bureaus and scoring), see PayPal’s privacy notice. You can object with PayPal; PayPal may still process data where necessary for the contract.

Stripe (if offered):
If you pay by card via Stripe Payments Europe, Ltd., Dublin, we transfer necessary order and payment data for processing (Art. 6(1)(b) GDPR). See Stripe’s privacy notice for details.

5) Embedded & Online Services (if used)

5.1 YouTube

We may embed YouTube videos (Google LLC). In privacy-enhanced mode, cookies are set only when playback starts. If you are logged into Google, playback may be associated with your account. Google may create usage profiles under Art. 6(1)(f) GDPR (legitimate interests in advertising/market research). You can object via YouTube/Google settings.

5.2 Google Ads Conversion Tracking

We may use Google Ads conversion cookies to measure campaign effectiveness under Art. 6(1)(f) GDPR (legitimate interest in targeted advertising). You can opt out by blocking advertising cookies in your browser or via Google’s ad settings.

5.3 Meta (Facebook) Pixel

With your consent (Art. 6(1)(a) GDPR), we may use the Meta pixel to measure ad performance and build audiences. You can withdraw consent anytime. Additional opt-out options exist via industry tools (e.g., DAA/EDAA).

5.4 Web Analytics (Google Analytics)

We may use Google Analytics with IP anonymisation (anonymizeIp) under Art. 6(1)(f) GDPR (legitimate interest in statistics and optimisation). You can opt out via Google’s browser add-on or an in-site opt-out cookie.

5.5 HubSpot (if used)

For inbound marketing/CRM, we may use HubSpot (cookies, pseudonymous analytics) under Art. 6(1)(f) GDPR. You can object by blocking cookies in your browser. See HubSpot’s Privacy Policy for details.

5.6 Google Maps

We may embed Google Maps to display our location. Google may process usage data under Art. 6(1)(f) GDPR (legitimate interests). You can disable Maps by turning off JavaScript (site functionality will be limited).

5.7 Social Pages (Fanpages)

We maintain pages on platforms (e.g., Facebook/Instagram/YouTube) to inform and interact with customers. Platform operators may set cookies and create usage profiles for advertising/analytics (some outside the EU/CH). Processing is based on Art. 6(1)(f) GDPR (our legitimate interests) or Art. 6(1)(a) GDPR where you consent on the platform. Please consult each platform’s privacy settings and opt-out tools (e.g., DAA/EDAA).

6) Rights of Data Subjects

Under applicable law (GDPR/UK GDPR/nFADP), you may have the right to:

  • Access your data (Art. 15 GDPR)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction (Art. 18)

  • Notification to recipients regarding rectification/erasure/restriction (Art. 19)

  • Data portability (Art. 20)

  • Object to processing based on legitimate interests and to direct marketing (Art. 21)

  • Withdraw consent at any time (Art. 7(3))

  • Lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, please contact us using the details in our Privacy Policy. We may request information to verify your identity. We aim to respond within one month (or as permitted for complex requests).

7) Storage Duration

We retain personal data for as long as necessary to perform the contract and meet legal obligations (e.g., Swiss accounting/tax retention under OR Art. 957 et seq. — 10 years). After statutory periods expire and provided we no longer need the data for legal claims or legitimate interests, we delete it. If you request deletion earlier, we will assess whether statutory or contractual obligations require continued retention of specific data (e.g., invoices).

Controller & Contact (for your website footer/header)

Private Chef by Marian Podola
Furi 151, 3920 Zermatt, Switzerland
Email: marian@private-chef.ch