Datenschutzerklärung

Last updated: October 16,  2025

This Privacy Policy describes how ArteFact GmbH ("we", "us", or "our") collects, uses, and discloses your personal data when you visit shop.artandfact.ch (the "Site"), use our services, make a purchase, or otherwise interact with us (together, the "Services").

"You" or "your" refers to any individual whose data we process under this policy, whether you are a customer, website visitor, or another affected person.

Please read this Privacy Policy carefully.

General notice

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Act on Data Protection (FADP), every person has the right to privacy and protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with statutory data protection regulations and this Privacy Policy.

In cooperation with our hosting providers, we strive to protect our databases as best as possible against unauthorized access, loss, misuse, or falsification.

Please note that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data from third-party access is not possible.

By using this website, you consent to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or file names retrieved, date, and time may be stored on the server for statistical purposes without being directly linked to you personally. Personal data such as your name, address, or email address are collected voluntarily wherever possible. Without your consent, data will not be shared with third parties.

1. Controller

ArteFact GmbH
Stockerstrasse 32
8002 Zurich, Switzerland

Contact for data protection inquiries:
E-Mail: dataprotection@artandfact.ch

2. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The current version is always available on this page; the "Last updated" date will be adjusted accordingly. In case of significant changes, we will inform you as required by law.

3. What Personal Data we collect

We collect personal data directly from you, automatically through your use of the Services, and from third parties. This includes, among others:

  • Contact details (name, address, phone number, email)
  • Order information (billing and shipping address, payment data, order history)
  • Account information (username, password, security questions)
  • Support and communication content
  • Usage data (IP address, device and browser information, interactions with the site)
  • Data from third parties (e.g., payment providers, shipping companies, Shopify)

4. Purposes and Legal Bases for Processing

We process your data for the following purposes:

  • Performance of contracts and provision of services
  • Customer communication and support
  • Payment and shipping processing
  • Marketing and personalized offers (where permitted)
  • IT security and fraud prevention
  • Compliance with legal obligations

Legal bases under the revised FADP include:

  • Your consent (e.g., newsletter subscription)
  • Contract performance (e.g., order processing)
  • Legal obligation
  • Overriding private interest (e.g., security, service improvement)

5. Data Transfers Abroad

We use service providers (e.g., Shopify, payment and shipping providers) that may be located abroad.

A list of countries recognized by the Swiss Federal Council as providing an adequate level of data protection can be found here.

If we transfer data to countries without an adequate level of protection, we ensure contractual safeguards (e.g., standard contractual clauses).

6. Retention Periods

We retain personal data only as long as necessary for the respective purpose:

  • Contract and order data: 10 years (statutory retention requirement)
  • Account data: until your account is deleted
  • Marketing data: until you withdraw consent
  • Support and communication data: 2 years after the last contact

7. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, improve, and personalize the website.

Tool / Service

Location

Purpose / Type of Processing

Privacy Notice

Shopify

Canada / USA

Platform for the online shop; sets essential cookies for cart, login, and checkout.

Link

Google Analytics

USA

Analyzes user behavior (page views, interactions).

Link 

Google Tag Manager

USA

Manages analytics and marketing tools; does not itself process personal data.

Link

Meta/Facebook Pixel

USA

Marketing, retargeting, ad performance measurement.

Link

Microsoft Clarity

USA

Evaluates user behavior (clicks, scrolling, interactions).

Link

Cloudflare

USA

Content Delivery Network (CDN), security, DDoS protection; processes IP addresses.

Link

Google Fonts

USA

Displays consistent fonts; IP address transmitted to Google unless hosted locally.

Link

Essential cookies are used based on our legitimate interest in providing and securing the website (Art. 6(1)(f) GDPR / Art. 31(1) revised FADP). Analytics and marketing cookies are only used with your explicit consent (Art. 6(1)(a) GDPR / Art. 6(6) revised FADP). You can withdraw your consent anytime in the cookie settings on our website.

You can also block or delete cookies in your browser settings, though this may affect website functionality.

8. Data Disclosure

We disclose personal data only as necessary for the purposes mentioned above or with your consent, for example to:

Category

Example Recipients

Purpose of Disclosure

IT service providers

Hosting provider, Cloudflare

Website operation and security (e.g. CDN, protection against attacks)

Payment providers

Stripe, PayPal

Payment processing (name, billing address, credit card data)

Versandunternehmen

z. B. DHL, Post

Delivery of ordered goods

Marketing- und Analysepartner

Google, Meta/Facebook, Microsoft Clarity

Analytics, marketing, ad optimization

Behörden

Nationale Aufsichts- oder Steuerbehörden

Legal compliance

Konzern- oder verbundene Unternehmen

interne Gesellschaften

 Internal administration and organisation


9. Data Subject Rights under Revised FADP

You have the right to:

  • Access your stored data, including its source and recipients
  • Request a free copy of your data
  • Correct inaccurate data
  • Request deletion of your data
  • Receive your data in a common format (data portability)
  • Object to certain processing activities
  • Withdraw your consent at any time
  • Know whether profiling or automated decisions are used (currently not in use)

To exercise your rights, contact us at dataprotection@artandfact.ch.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Feldeggweg 1, 3003 Bern, Switzerland – www.edoeb.admin.ch

11. Data Security

We apply technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including:

  • SSL/TLS encryption
  • Access restrictions
  • Regular data backups
  • Employee training

12. Children and Minors

Our services are not directed at individuals who are not legally competent under Swiss law. We do not knowingly collect data from such individuals. Parents or guardians may request deletion of unlawfully collected data.

Controller:
ArteFact GmbH
Stockerstrasse 32
8002 Zurich, Switzerland
E-Mail: dataprotection@artandfact.ch