Data Controller: SpaVite, Sennereistrasse 86 Schaffhausen 8200 Switzerland
Data Protection Officer: info@spavite.com

2.1 Data Collection

We collect personal data necessary for order processing:

· Name, billing/delivery address

· Contact details (email, phone)

· Payment information (processed via encrypted third-party processors; we do not store card details)

· Purchase history

2.2 Legal Basis & Purpose

Data processing is based on:

· Contractual necessity (Art. 6 GDPR): Processing orders, delivery, returns

· Legal obligation (Art. 6 GDPR): Tax and accounting records (10-year retention required by Swiss law)

· Consent (Art. 6 GDPR): Marketing communications (opt-in only)

2.3 Swiss Data Protection (FADP)

As a Swiss-based entity, we comply with the Federal Act on Data Protection (FADP). Your data is stored on servers located within the European Economic Area (EEA) or Switzerland, ensuring adequacy decisions under GDPR Article 45.

2.4 Third-Party Processors

We utilize:

· Shopify Inc. (Platform hosting, data stored in EU/US with Standard Contractual Clauses)

· Payrexx/Datatrans (Payment processing, Swiss servers)

· Swiss Post (Logistics, limited data sharing for delivery only)

2.5 Your Rights

You retain the right to:

· Access your personal data (Art. 8 FADP)

· Rectification (Art. 5 FADP)

· Erasure ("Right to be Forgotten," Art. 4 FADP)

· Data portability

· Object to processing

Contact us at info@spavite.com for data subject requests.