Privacy and Data Policy of VollWeb

VOLLWEB PRIVACY POLICY
Updated: June 2025

INTRODUCTION AND PRELIMINARY PROVISIONS

This Privacy Policy (hereinafter referred to as the “Policy”) sets forth the terms and conditions under which Vollweb (hereinafter “Vollweb”, “we”, “us” or “our”) collects, processes, stores, uses, protects, and, under certain circumstances, discloses personal data and related information of users (hereinafter “User”, “you” or “your”) who access, browse, or use Vollweb’s website, including all subdomains, mobile applications, and other related digital media (hereinafter “Website” or “Platform”).

This Policy is drafted in accordance with the following regulations:

Regulation (EU) 2016/679 (GDPR),

Directive 2002/58/EC (ePrivacy),

Swiss Federal Act on Data Protection (DSG),

Swiss Code of Obligations (CO),

Other applicable national and European laws.

Your acceptance of this Policy is deemed explicit upon performing any of the following actions:
(i) accessing or browsing the Website; (ii) creating a user account; (iii) subscribing to newsletters; (iv) placing orders; (v) participating in promotions; or (vi) any other interaction with the Platform.

Vollweb reserves the unilateral and unconditional right to modify, update, supplement, or replace this Policy, in whole or in part, at any time and without prior notice. It is the User’s responsibility to periodically review the published content. Continued use of the Website after changes are published constitutes tacit acceptance of those changes.

1. DEFINITIONS AND INTERPRETATION

For the purposes of this Policy, the following terms shall have the meanings assigned:
1.1. “Personal Data”: Information relating to an identified or identifiable natural person.
1.2. “Processing”: Any operation or set of operations performed on personal data, whether automated or not.
1.3. “Data Controller”: Vollweb, who determines the purposes and means of the processing.
1.4. “Data Processor”: Third parties processing data on behalf of Vollweb.
1.5. “Consent”: A freely given, specific, informed and unambiguous indication by which the User agrees to the processing of their data.
1.6. “Data Breach”: A security breach leading to the destruction, loss, alteration, unauthorized disclosure or access to personal data.
1.7. “Profiling”: Automated processing used to evaluate personal aspects using data.
1.8. “Cookies”: Small text files stored on the User’s device to record preferences.
1.9. “IP Address”: Numeric identifier of a device on the network.
1.10. “Pseudonymization”: Processing that prevents direct attribution to a subject.
1.11. “Biometric Data”: Physiological or behavioral information for personal identification.
1.12. “Health Data”: Information related to a person’s physical or mental health.
1.13. “Supervisory Authority”: EDÖB in Switzerland and equivalent authority in User’s country of residence.
1.14. “International Transfer”: Data transfer to countries outside the EEA.
1.15. “Indirect Distribution Model”: Dropshipping and logistics system used by Vollweb.

2. DATA CONTROLLER

Name: Juan Pereira (individual)

Trade Name: Vollweb

Email: info@vollweb.ch

Address: Buchs SG, 9470, St. Gallen, Switzerland

Business Activity: Web design, development and maintenance.

3. CATEGORIES OF DATA COLLECTED

Vollweb may collect and process the following categories:
3.1. Identification and contact data: Full name, address, email, phone number, encrypted username.
3.2. Transaction data: Purchase history, orders, amounts, billing/shipping addresses.
3.3. Financial data: Partial credit card data, bank details, payment history.
3.4. Technical data: IP address, browser type/version, OS, device IDs, cookies, server logs.
3.5. Preferences and profiling: Browsing history, product preferences, survey responses.
3.6. Communication data: Emails, form submissions, recordings (with consent).
3.7. Social media data: Public information provided by the User.
3.8. Derived data: Behavioral profiles, customer segmentation, interest scores.
3.9. Special categories: Collected only when strictly necessary and with explicit consent (race, religion, health, etc.).

4. SOURCES OF DATA

4.1. Directly from User: Registrations, orders, subscriptions, surveys.
4.2. Automatically: Cookies, tracking pixels, server logs.
4.3. Third-party sources: Hosting providers, payment gateways, social networks.
4.4. Logistics (dropshipping): Data needed for delivery.

5. PURPOSES AND LEGAL BASES

Processing is carried out for:
5.1. Contract management and service delivery (Art. 6.1.b GDPR).
5.2. User account management (Art. 6.1.b GDPR).
5.3. Payment and fraud prevention (Art. 6.1.b & f GDPR).
5.4. Legal compliance (Art. 6.1.c GDPR).
5.5. Marketing communications (Art. 6.1.a or f GDPR).
5.6. User experience customization (Art. 6.1.a or f GDPR).
5.7. Analytics and service improvement (Art. 6.1.f GDPR).
5.8. Platform security (Art. 6.1.f GDPR).
5.9. Claims and data rights management (Art. 6.1.c GDPR).
5.10. Promotions and contests (Art. 6.1.a or b GDPR).
5.11. Logistics coordination (Art. 6.1.b or f GDPR).

6. DATA RETENTION PERIODS

Transactional data: Up to 10 years for tax compliance.

User account data: While active + 3 years.

Communications: 3 years after last interaction.

Marketing data: Until withdrawal or objection.

Technical data: 2 years or anonymization.

Data rights logs: 5 years for legal compliance.

7. DATA RECIPIENTS

7.1. Internal staff: Vollweb employees.
7.2. Processors: Hosting (Hostinger), payments (Stripe, Twint), marketing, IT services.
7.3. Partners (dropshipping): Manufacturers, shipping companies.
7.4. Authorities: Tax, judicial, regulatory bodies.
7.5. Corporate transactions: Mergers, acquisitions.
7.6. With consent: Any authorized third party.

8. INTERNATIONAL DATA TRANSFERS

Vollweb ensures lawful international transfers through:
8.1. Adequacy decisions.
8.2. Standard Contractual Clauses.
8.3. Binding Corporate Rules.
8.4. GDPR exceptions.

9. USER RIGHTS

Users may exercise:
9.1. Right to information.
9.2. Right of access.
9.3. Right to rectification.
9.4. Right to erasure.
9.5. Right to restrict processing.
9.6. Right to data portability.
9.7. Right to object.
9.8. Right to withdraw consent.
9.9. Right to lodge a complaint with EDÖB or local authority.

To exercise rights: info@vollweb.ch (response within one month).

10. COOKIES AND SIMILAR TECHNOLOGIES

10.1. Types: Essential, preferences, statistics, marketing.
10.2. Consent: Explicit, not pre-selected.
10.3. Control: Via cookie banner or browser settings.
See our Cookie Policy for more details.

11. DATA SECURITY

Implemented measures include: encryption, access control, pseudonymization, regular audits, employee training, incident response.

12. POLICY UPDATES

Updates will be published with modification date. Continued use implies acceptance.

13. CONTACT & COMPLAINTS

Questions or rights requests: info@vollweb.ch. Complaints: EDÖB (www.edoeb.admin.ch).

14. TECHNICAL INFRASTRUCTURE

Platform: WordPress, WooCommerce, plugins, hosting, databases.

15. GOVERNING LAW AND JURISDICTION

Swiss law. Courts of St. Gallen, unless otherwise required by law.

16. FINAL PROVISIONS

16.1. Entire agreement.
16.2. Severability.
16.3. Language: English version prevails.
16.4. Contact: info@vollweb.ch

© Vollweb. All rights reserved.