Privacy policy

Version from February 11, 2026

In this privacy policy, we, Formetta GmbH (hereinafter referred to as we or us), explain how we collect and process personal data when you use our website and our online store, communicate with us or make purchases from us.


Personal data is all information that relates to an identified or identifiable person. If you provide us with the personal data of other persons (e.g. family members or work colleagues), please ensure that these persons are aware of this privacy policy and that you are authorized to do so.


This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA / nFADP). Whether and to what extent these laws are applicable depends on the individual case (e.g. residence in the EU/EEA).


The terms used are not gender-specific.


1. Who can I contact if I have questions about data protection?

The controller responsible for the data processing described here is:

Formetta GmbH

Im Bungert 7, 8820 Wädenswil, Switzerland

E-mail: [email protected]



2. What data do we collect?

We process personal data that we receive from you (e.g. when you place an order, open an account or contact us) as well as data that is technically generated during the operation of our website.


Depending on use, we process in particular:


a) Master data and account data
Name, contact details, delivery and billing address, user name/password (if you create a customer account), settings.


b) Order and contract data
Ordered products, shopping cart/wish list contents, transaction history, returns/exchanges, communication in connection with orders.


c) Payment and billing data
Payment method, payment status/confirmation and transaction details. (Card data is usually processed directly by payment service providers; see section 5.)


d) Communication data
Contents of inquiries, support communication, e-mail correspondence.


e) Technical data and usage data
IP address, device/browser/network information, unique identifiers, log data, access times, pages visited and interactions, cookie/tracking information (see section 4).


Data sources

  • Directly from you;
  • automatically by the website/services (cookies, logs);
  • via service providers who provide services on our behalf (e.g. store platform, payment processing, shipping/logistics, support).


3. What do we use your data for?

We use your personal data primarily for the operation of our online store and to process orders.


Typical purposes:

  1. Contract fulfillment and service provision: accepting orders, processing payments, organizing delivery, processing returns/exchanges, managing accounts, customer service.
  2. Communication: answering inquiries, providing information on orders/services.
  3. Operational security and fraud prevention: secure use of the website, fraud detection, IT security, traceability of transactions.
  4. Marketing and advertising: e.g. sending marketing messages by e-mail/SMS/post and personalized advertising within the scope of the store and marketing functions used (see sections 4 and 5), insofar as permitted and depending on your settings/consent.
  5. Legal obligations and enforcement: accounting/taxes, legal retention, defense and enforcement of claims.


Legal bases under GDPR (where applicable):

  • Contract/contractual initiation (Art. 6 para. 1 lit. b GDPR)
  • Legal obligation (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interests, e.g. operational security, prevention of misuse, optimization (Art. 6 para. 1 lit. f GDPR)
  • Consent, e.g. newsletter/optional marketing functions (Art. 6 para. 1 lit. a GDPR)

In accordance with the Swiss Data Protection Act, we process personal data within the framework of the legal principles (including purpose limitation, proportionality, transparency and data security) and - where necessary - based on your consent or for contract processing or to protect overriding interests.


Consent that has been granted can be revoked at any time. The revocation is effective for the future.



4. Cookies/tracking and other technologies in connection with the use of our website
We use cookies and similar technologies in order to:

  • make the website technically available (e.g. shopping cart, checkout, language settings),
  • store functions and preferences,
  • understand usage and improve offers,
  • (depending on configuration) support marketing and personalization.

Shopify environment: Our store is based on Shopify. Shopify typically sets and processes cookies/similar technologies for the operation of the store (e.g. for sessions, shopping cart, checkout security and fraud prevention). In addition, depending on the functions used, technologies for analysis and personalized advertising may be used, including with the involvement of Shopify's partners.


Your options:

You can restrict or delete cookies via your browser settings. If you block cookies, certain functions (e.g. shopping cart/checkout) may be impaired.



5. Who will my data be passed on to?

We only pass on personal data if this is necessary for the purposes in section 3, is legally permissible or if you have given your consent. Recipients may be in particular:


a) Shopify (store platform & hosting)
Our store is provided via Shopify. Shopify processes personal data in order to provide and improve its services. Depending on the scope of functions, Shopify may also act as its own controller (e.g. for certain advanced functions that involve interactions with Shopify and other merchants). In these cases, the information provided by Shopify is authoritative (see section 12 below).


b) Payment service providers
Payments are processed via the payment methods offered in the checkout. Payment service providers process the data required for the payment (e.g. payment status, transaction details; card data is usually processed directly by the payment service provider). You can see which payment methods are available in the checkout.


c) Shipping/logistics and fulfillment service providers
We typically pass on the name, address and – where necessary – contact details to transport/logistics partners for delivery purposes.


d) IT, support and security service providers
Service providers for operation, maintenance, support, data analysis (if used), fraud prevention and security. This may include in particular the following providers: – Octane.ai (personalization and marketing automation) – Recharge (management of subscription and recurring orders)


e) Marketing and advertising partners (if used)
Insofar as we use marketing functions, data may flow to marketing/advertising partners in order to play out and measure campaigns. Klaviyo (email marketing and marketing automation) in particular may be used for this purpose. Such partners use data in accordance with their own data protection notices.


f) Authorities, courts, consultants
If we are legally obliged to do so or if this is necessary to assert/defend against claims.


If third parties process personal data on our behalf, we conclude the necessary data protection agreements (e.g. order processing agreements).



6. Will my data be transferred abroad?

It is possible that we may disclose personal data abroad, in particular because we use service providers (in particular Shopify and its subcontractors) who may also process data outside Switzerland or the EEA.


Level of protection and guarantees:

  • The following applies to transfers from Switzerland: Disclosure abroad only takes place if the destination country offers an adequate level of data protection or suitable guarantees exist (e.g. standard contractual clauses) or a legal exception applies.
  • For transfers from the EEA (GDPR), we use – depending on the case – suitable guarantees such as standard contractual clauses (SCCs) or rely on an adequacy decision.

USA (typical constellation for international service providers):

If data is transferred to the USA, we can – depending on the recipient – rely on the EU-U.S. Data Privacy Framework or the Swiss-U.S. Data Privacy Framework (if the recipient is certified) and/or on standard contractual clauses. This may apply in particular to service providers such as Shopify, Octane.ai, Klaviyo or Recharge.



7. How long will my data be stored?

We store personal data for as long as is necessary for the stated purposes, in particular:

  • for the duration of the business relationship and contract processing,
  • in addition, in accordance with statutory retention and verification obligations (e.g. accounting obligations),
  • and for as long as claims can be asserted.

Technical log data is generally stored for a shorter period (typically up to 12 months), unless security-related reasons require longer storage.



8. How do we protect your data?

We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse or alteration. These include access restrictions, secure transmissions, logging and organizational protective measures.


Please note: No security measure is absolute. When transmitting confidential information, we recommend using secure channels.



9. Am I obliged to disclose my data?

In principle, you are not required to provide personal data simply to visit the website (except for technically necessary data such as IP address).

However, to place an order you must provide the data required for checkout, payment, delivery and invoicing. Without this data, we are generally unable to fulfill the contract.



10. What data protection rights do I have?

Depending on the applicable law (Switzerland/DSG and/or EU/DSGVO), you have the following rights in particular:

  • Information/access to your personal data
  • Correction of incorrect data
  • Deletion (provided there are no retention obligations/overriding interests to the contrary)
  • Restriction of processing (GDPR)
  • Objection to processing, in particular to direct marketing (GDPR; within the framework of Swiss law depending on the circumstances)
  • Data disclosure / data portability (depending on the conditions)
  • Withdrawal of consent with effect for the future

To exercise your rights, please contact us using the details in section 1.

We may request suitable proof of identification.


Right to lodge a complaint:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) (information on the FDPIC website).
  • EU/EEA: Complaint to the competent data protection supervisory authority of your place of residence/work or of the suspected infringement.


11. Data of children

Our services are not aimed at children. We do not knowingly collect personal data from children who are under the age of majority under applicable law. If you are a parent/guardian and believe that a child has provided us with personal data, please contact us (section 1).



12. Notes on Shopify

Our store is provided via Shopify. Shopify processes personal data to provide and improve the services. Depending on the functions used, Shopify may also act as its own controller and process requests to exercise rights for this processing directly. The information and settings within the Shopify environment and Shopify's privacy policy are authoritative.



13. Changes

We may amend this Privacy Policy at any time. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of significant changes in a suitable form (e.g. by email or notice on the website), insofar as legally required.