Privacy policy


Version: 1.0

Date: 11.07.2024

Data Protection Declaration


As we place great importance on protecting your data and privacy, we have developed this data protection declaration to explain what we implement in this area when you browse our website www.mydoxa.com.

This data protection declaration only covers data processing related to our website. Specific data protection declarations may apply to other services and offerings that we may provide, such as our mobile application myDoxa.

In Switzerland, your data is primarily protected under the Federal Act of 25 September 2020 on Data Protection (FADP) and the Federal Ordinance of 31 August 2022 on Data Protection (DPO). Our data protection declaration and practices are aligned with the legal provisions contained in these legislations.

While we strive to simplify our data protection declaration, the difficulty in understanding may stem from the legal language. Therefore, we have taken the initiative to gather the main definitions here to facilitate understanding of our data protection declaration, as derived from the FADP.

  • Data Subject: the natural person whose personal data is being processed.
  • Personal Data: any information relating to an identified or identifiable natural person.
  • Sensitive Personal Data: data on religious, philosophical, political or trade union opinions or activities; data on health, intimate sphere or racial or ethnic origin; genetic data; biometric data uniquely identifying a natural person; data on criminal and administrative prosecutions or sanctions; data on social assistance measures.
  • Processing: any operation related to personal data, regardless of the means and procedures used, including the collection, recording, storage, use, modification, communication, archiving, erasure or destruction of data.
  • Controller: the private individual or federal body who, alone or jointly with others, determines the purposes and means of processing personal data.
  • Processor: the private individual or federal body who processes personal data on behalf of the controller.
  • Federal Data Protection and Information Commissioner (FDPIC): the authority responsible for monitoring the correct application of federal data protection provisions, particularly the FADP.

Finally, we use the term "data" interchangeably with "personal data".


Who are we and how to contact us?

Swiss Safe Collect SA is the name of our company. For any questions related to data processing regarding the website www.mydoxa.com, you can contact us by mail at the following address: Swiss Safe Collect, Espace de l'Europe 3, 2000 Neuchâtel. You can also contact us by email at hello@mydoxa.com or through our contact form.


What is our role in data protection?

When you browse our website, we may process some of your personal data. According to the FADP, we are the controller.

Our Role

As the controller, we are responsible for determining the reasons why we process your personal data, how it is processed, and the security measures. When we work with service providers in our activities, we ensure that they share our commitment to data protection and adhere to the same standards that we apply.

Your Role

Data protection is everyone's responsibility. We encourage you to read our data protection declaration.

We also encourage you, if you are one of our customers, to consult the contractual documents that bind us, as they may contain additional details on how we process your data.

Finally, if you provide us with personal data concerning other people, such as family members, we assume that you have been previously authorized to do so and that the data is accurate.


When and how do we collect your data?

As soon as you interact with our website for the first time, we collect data (e.g., to know whether you consent to the use of cookies or not). You also provide us with your data when you contact us (e.g., through our email address or contact form), when you create your customer account, or when using our online store.


What categories of data do we process?

Depending on your browsing on our website, we may process the following categories of data:

Contact Data

We collect your contact data, especially when you create a customer account, subscribe to our newsletter, or contact us through our contact form. In this context, we process your name, first name, address, phone number, and email address.

Account Data

In the context of using your customer account, we process data specific to your interactions with our services provided on our website. This includes your order history and details of any current or expired subscriptions.

Economic Data

When using the paid services of our website available through our online store, we process your economic data. This includes payment details. Payment method data is only processed by our partner Stripe Payments Europe Limited. We do not process credit card numbers or CVC numbers.

Internet and Connection Data

For technical reasons and to improve our website, each use generates certain data, including your IP address, information about your internet service provider and the operating system of your device, information about the referring URL, information about the browser used, the date and time of access, and the content viewed during the visit to the website.

What about sensitive data?

We do not collect or process any sensitive personal data on our website.

What about data relating to minors?

Although access to our website is open to all, our services are exclusively intended for adults. We do not target minors and do not knowingly collect any personal data concerning them.

Why do we process your data?

We process your data for communication purposes with you, particularly to respond to your requests and to exercise your rights, as well as to inform you about our services and offerings. We also process your data to handle your orders and subscriptions through your customer account. Additionally, we process your personal data to generate traffic statistics useful for improving our website. Finally, we process your personal data to comply with laws, directives, and recommendations from authorities.

What are your rights ?

Your rights vary depending on specific circumstances and may have exceptions. In general, the LPD provides the following:

  • You have the right to access your data.
  • You have the right to request the delivery or transmission of your data in a commonly used electronic format.
  • You have the right to have your inaccurate data corrected.
  • You have the right to object to the processing of your data.
  • You have the right to request the deletion or destruction of your data.
  • You have the right to require that an automated individual decision be reviewed by a human.

If you wish to exercise the above rights with us, you can contact us. To prevent abuse, we must first identify you (e.g., by means of a copy of your ID if no other identification method is possible). Please note that conditions, exceptions, and restrictions may apply when exercising these rights under the LPD (e.g., to protect third parties or trade secrets). If applicable, we will inform you.

If you believe we are processing your data in violation of data protection provisions, you also have the option to report us to the FDPIC. We encourage you to inform us first so that we have the opportunity to address your concerns. If we are unable to resolve the issue, you can contact the FDPIC by following the instructions on their website.

How do we secure your data?

We take appropriate security measures, such as encryption, to ensure the security of your personal data and to guarantee its confidentiality, integrity, availability, and traceability. Unfortunately, data security can never be entirely guaranteed. If you believe your personal data has been compromised, please contact us immediately.

Where is your data stored?

The personal data we collect is stored on our premises as well as in data centers operated by our service providers.

How long do we retain your data?

We process your personal data as long as necessary for the purpose of processing, as long as we have a legitimate interest in retaining it (e.g., to assert our rights, for archiving, or to ensure IT security), and as long as the data is subject to a legal retention obligation. For certain data, the retention period is, for example, ten years. Once these periods have elapsed, we destroy your personal data.

Regarding your customer account, your personal data is retained for the entire duration of the account's existence. If a deletion of the customer account is requested, the data will be deleted no later than 30 days after the request, after verifying any unpaid debts and other relevant issues that might prevent immediate deletion.

To whom do we disclose your data?

Managing our website involves collaboration with specialized external service providers, including for its creation, maintenance, and hosting. We work with providers recognized in their field of expertise to ensure the proper functioning of our website and, more generally, the quality of our services. As part of these collaborations, it may be necessary to share your data with our providers. Rest assured that these disclosures are strictly limited to what is necessary and are made in accordance with legal requirements.

When personal data is shared with a provider located outside Switzerland or the European Economic Area (EEA) that does not offer an adequate level of protection, we require the provider to commit to complying with applicable data protection legislation (for this purpose, we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the provider is already subject to a legally accepted set of rules ensuring data protection or if we can invoke an exception.

Our service providers

Provider Purpose Location of Processing

Biskoui

(Privacy Policy)

Biskoui is a consent management system for cookies that we use to manage third-party services on our website.

Switzerland

Google (Google Analytics)

(Privacy Policy)

Google Analytics is an analytics service that we use to track the usage of our website and prepare reports on user activity.

EEA/USA

Google (Google Maps)

(Privacy Policy)

Google Maps is an online mapping service that we use to help our users easily locate places and create routes.

EEA/USA

Klaviyo

(Privacy Policy)

Klaviyo is a marketing platform that we use to manage and optimize our communication campaigns, personalizing messages and analyzing performance to better meet our users' needs.

USA

Seal Subscriptions

(Privacy Policy)

Seal Subscriptions is a subscription management solution that we use to offer and manage user subscriptions, facilitating recurring payments and automatic renewals.

Canada

Shopify

(Privacy Policy)

Shopify is an online commerce platform that we use to manage and facilitate transactions on our website, including product management, subscriptions, and shipping.

EEA/Canada

StoreRocket

(Privacy Policy)

StoreRocket is a point-of-sale location service that we use to help our users find physical locations where our products are distributed.

UK

Stripe

(Privacy Policy)

Stripe is an online payment solution that we use to securely process financial transactions on our website.

EEA/USA

What cookies do we use?

Our website uses cookies. For each service, you can access the list of cookies by clicking on our cookie banner.

How can I block cookies?

You can block cookies by enabling a setting in your browser that allows you to refuse the installation of cookies. You can also use our cookie banner to manage your preferences. If you use your browser settings to disable, reject, or block cookies, some parts of our website may not function properly. In some cases, our website may not be accessible at all. Please note that when third parties use cookies, we have no control over how these third parties use these cookies.

Important Disclaimer on Privacy Policy Translation

This document is a translation of the original French version of the Privacy Policy. Only the French version holds legal validity. In case of any discrepancies or differences in interpretation between the English and French versions, the French version shall prevail.

Updated on July 11, 2024

The privacy statement is protected by copyright. Any reproduction, distribution, or other use of the statement, whether modified or not, is prohibited unless prior written consent from the author is obtained. Unauthorized uses of the statement will be prosecuted.