Privacy policy

Last Updated: May 4, 2026

(Privacy Inquiries: info@shn.swiss)

We take the protection of your personal data seriously and treat your personal data confidentially and in accordance with applicable laws, in particular the revised Swiss Data Protection Act (revDPA, effective September 1, 2023) and – where applicable – the EU General Data Protection Regulation (GDPR). The use of our website is generally possible without providing personal data.

Responsible Party

The party responsible for data processing on this website is:

Swiss Health & Nutrition AG
Spühlstrasse 4
CH-9016 St. Gallen
Switzerland

Email: info@shn.swiss
Phone: +41 71 877 10 68

VAT number: CHE-157.641.272

What personal data do we process?

Depending on how you interact with our services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data:

Contact Information such as name, postal address, billing and shipping address, phone number, and email address.
Financial Data such as credit/debit card and financial account numbers, payment card information, transaction details, payment method, and payment confirmation.
Account Information such as username, password, configurations, and settings.
Transaction Information regarding items viewed, added to cart, purchased, returned, exchanged, or cancelled, and your past transactions.
Communication Data from your communication with us (e.g., customer support requests, chats, emails).
Device and Connection Data such as IP address, browser and device information, network connection, and other unique identifiers.
Usage Information about your interaction with our services (e.g., when and how you browse our website).

Sources of Personal Data

We obtain personal data from the following sources:

Directly from You: when creating an account, placing an order, subscribing to our newsletter, submitting customer support requests, or other communication.
Automatically Through Our Services: via your device when visiting our website, as well as through cookies and similar technologies.
From Our Service Providers: when they collect or process personal data on our behalf (e.g., payment, shipping, marketing service providers).
From Our Partners and Other Third Parties: e.g., from marketing platforms, social networks, or advertising networks, where legally permitted.

How Do We Use Your Personal Data?

We process your personal data for the following purposes:

Provision and Improvement of Our Services: Contract fulfillment, payment processing, order execution, shipping, returns, account management, personalization, and improvement of your shopping experience.
Marketing and Advertising: Sending marketing and advertising communications via email, SMS, or mail, as well as displaying online advertising – always within the scope of your consent or our legitimate interests.
Security and Fraud Prevention: Authentication, protection against fraudulent or abusive activities, security of our services.
Customer Communication: Processing your inquiries, providing customer support, maintaining customer relationships.
Compliance with Legal Obligations: Compliance with legal requirements, response to government requests, assertion or defense of legal claims.

Currency Conversion

By using our website, you (the visitor) agree that third parties may process your IP address to determine your location for the purpose of currency conversion. You also agree that this currency will be stored in a session cookie in your browser (a temporary cookie that is automatically removed when you close your browser). We do this so that the selected currency remains selected and consistent while browsing our website, allowing prices to be converted to your local currency.

Cookies and Similar Technologies

Our website uses cookies to provide you with a better user experience. Cookies are small text files that are stored on your computer and saved by your browser. They cannot contain malicious code.

We use the following cookie categories:

Technically Necessary Cookies: Required for website operation (e.g., shopping cart, login, language selection). Legal basis: Art. 6(1)(b) GDPR or Art. 31(2)(a) revDPA.
Functional Cookies: Enhance user experience (e.g., currency selection, geo-localization). Legal basis: Consent (Art. 6(1)(a) GDPR).
Analytics Cookies: Allow us to evaluate user behavior and improve the website. Legal basis: Consent.
Marketing Cookies: Used for personalized advertising. Legal basis: Consent.

You can grant, adjust, or withdraw your consent at any time through our cookie banner.

Hosting Provider and Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

IP address
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request

This data is not directly attributable to specific individuals. We do not merge this data with other data sources. We reserve the right to review this data retroactively if we become aware of concrete evidence of unlawful use.

This data and all data on this website are stored with our hosting provider Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify's privacy policy can be found at https://www.shopify.com/legal/privacy.

Relationship with Shopify (Joint Responsibility)

The services are hosted by Shopify, whereby Shopify collects and processes personal data about your access to and use of the services to provide and improve the services. Data you submit to the services is forwarded to Shopify and to third parties who may be located in countries other than your country of residence.

To protect, expand, and improve our business, we also use certain advanced Shopify features (e.g., Shop Pay, Shopify Audiences, personalization features) that incorporate data and information from your interactions with our shop, with other Shopify merchants, and with Shopify itself. As part of these advanced features, Shopify processes personal data in part as a joint controller within the meaning of Art. 26 GDPR. In these cases, Shopify is also a contact point for requests to exercise your rights regarding these processing activities.

For more information on how Shopify uses your personal data and what rights you have, see the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy/app-users and the Shopify Privacy Portal at https://privacy.shopify.com/en.

SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the lock icon in your browser bar. When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Order Processing and Payment Service Providers

To process your order, we collect the data necessary for contract fulfillment (name, shipping address, billing address, email, phone, payment data). The legal basis is Art. 6(1)(b) GDPR or Art. 31(2)(a) revDPA (contract fulfillment).

Payment Providers: Shopify Payments & Stripe

We use the service provider Shopify Payments (provided by Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, Ireland) to process payments.

Within Shopify Payments, payment processing is handled by the service provider Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland).

Data Processed: This includes, among other things, name, address, account number, bank code, credit card number, invoice amount, currency, and transaction number.
Purpose: The data is forwarded exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Fraud Prevention: To verify accounts for fraud or other issues, data may also be used to employ services such as Sift.

For more information on Shopify Payments' privacy practices, visit: https://www.shopify.com/legal/privacy. For privacy information regarding Stripe Payments Europe Ltd., see: https://stripe.com/en/privacy.

Additional Payment Methods

TWINT, PostFinance, and other local payment methods: Processing is carried out directly by the respective provider in accordance with their privacy policies.

Shipping and Logistics

To process shipping, we forward your shipping address and contact information to our logistics partners:

DHL (DHL Express (Switzerland) AG, DHL Group or the responsible DHL company in the destination country)

Legal basis: Art. 6(1)(b) GDPR or Art. 31(2)(a) revDPA (contract fulfillment).

Shipping Software: ShippyPro

To create shipping labels, transfer shipment data to shipping companies, and provide shipment tracking and return processes, we use the software ShippyPro from Italian Valley S.r.l., Piazza Francesca Morvillo 15, 50144 Firenze (FI), Italy (P.IVA 06587610483).

As part of order processing, shipping data (name, shipping address, email address, phone number for notification, order details) is transmitted to ShippyPro and forwarded to the respective shipping service provider. Processing is carried out exclusively for the purpose of shipping and shipment tracking.

We have concluded a Data Processing Agreement (DPA) with ShippyPro. Legal basis: Art. 6(1)(b) GDPR or Art. 31(2)(a) revDPA. Privacy Policy: https://www.shippypro.com/en/privacy-policy.

Newsletter Data and Email/SMS Marketing (Shopify Messaging)

If you wish to receive our newsletter, we need your email address (or phone number for SMS marketing) and your consent to receive the newsletter. We use this data exclusively for sending the newsletter and related marketing communications. You can revoke your consent to store your contact data and use it to send the newsletter at any time, for example via the "Unsubscribe" link in the newsletter or by replying accordingly to a marketing SMS.

Registration for our newsletter uses a so-called double opt-in procedure. This means that after registration, you will receive an email (or SMS) asking you to confirm your registration. This confirmation is necessary to prevent registration with third-party contact information.

Newsletter registrations are logged so we can demonstrate that the registration process complied with legal requirements. This includes storing the registration and confirmation time as well as the IP address.

Shopify Messaging

The sending of our newsletters (email and SMS), marketing campaigns, and automations is done directly from our Shopify backend via the app Shopify Messaging from Shopify Inc., 151 O'Connor Street, Ottawa, ON K2P 2L8, Canada or Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Since our shop is already hosted on Shopify, your contact data and newsletter-related data are processed within the existing Shopify infrastructure; there is no additional transmission to a separate marketing third party. As part of Shopify Messaging, the following data in particular is processed: name, email address, phone number, physical address, geolocation, IP address, and browser and operating system information.

Shopify uses this information on our behalf to send and evaluate our campaigns. To the extent Shopify uses this data to provide and improve its own platform services, the supplementary information in the section "Relationship with Shopify (Joint Responsibility)" applies.

Canada – where the app provider Shopify Inc. is based – has an adequacy decision from the EU Commission as well as a corresponding recognition decision from the Swiss Federal Council; data transfer there is therefore permitted without further safeguards. For more information, see the Shopify Privacy Policy at https://www.shopify.com/legal/privacy.

Statistical Surveys and Analysis in Newsletters

Our newsletters may contain a so-called web beacon, which is a pixel-sized file that is retrieved from Shopify servers when the newsletter is opened. As part of this retrieval, both technical information, such as information about your browser and system, as well as your IP address and the time of retrieval are collected. This information is used to technically improve the services – whether through technical data or through analysis of target audiences and their reading behavior, based on retrieval locations or access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For SMS campaigns, click and conversion data are additionally evaluated.

Cancellation / Withdrawal

You can cancel receipt of our newsletter at any time, meaning you can withdraw your consent. This simultaneously terminates your consent to send the newsletter and statistical analysis. You will find a link to cancel the newsletter at the end of each newsletter; for SMS messages, you can unsubscribe by replying as indicated in the respective message (usually with "STOP").

Legal Bases

Consent to send newsletters is based on Art. 6(1)(a) and Art. 7 GDPR or Art. 6(6) revDPA. The use of Shopify Messaging as a sending infrastructure, the conduct of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests under Art. 6(1)(f) GDPR or Art. 31(2)(d) revDPA.

Web Analytics and Advertising

Google Analytics 4

This website uses Google Analytics 4 (GA4), a web analytics service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 uses cookies and similar technologies that enable analysis of your website usage. The information generated by the cookie about your use of this website is typically transmitted to Google servers and stored there; transmission to the USA may occur.

GA4 anonymizes IP addresses by default and does not store them. On behalf of the operator of this website, Google will use this information to evaluate your website usage, compile reports on website activities, and provide other services related to website usage and internet usage to the website operator.

Legal basis: Consent via the cookie banner (Art. 6(1)(a) GDPR). Transmission to the USA is based on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. You can withdraw your consent at any time via the cookie settings.

Further Information: https://policies.google.com/privacy.

Google Ads and Conversion Tracking

We use Google Ads to advertise our products. As part of this, conversion tracking cookies are used to measure the effectiveness of our advertising campaigns. The provider is Google Ireland Limited. Legal basis: Consent via the cookie banner.

Meta Pixel (Facebook/Instagram) and Conversion API

We use the Meta Pixel and the Conversion API from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. With this, we measure the effectiveness of our advertisements on Facebook and Instagram and can define audiences for advertising purposes (Custom Audiences, Lookalike Audiences).

The transmission of server-side conversion data is carried out via Stape.io (Stape Solutions LLC, USA) as a server-side tagging provider on our behalf.

Legal basis: Consent via the cookie banner (Art. 6(1)(a) GDPR). Transmission to the USA is based on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. Meta Privacy Policy: https://www.facebook.com/privacy/policy. Stape Privacy Policy: https://stape.io/privacy-policy.

Google Shopping / Multifeeds (WoolyTech)

To provide our product catalog on Google Shopping, Meta platforms, and other marketing channels, we use the app Multiple Google Shopping Feeds (Multifeeds) from WoolyTech Pty Ltd, Australia. The app generates and transmits our product catalog in the form of structured product data feeds to the respective platforms (Google Merchant Center, Meta Commerce Manager, etc.).

As part of this service, product-related data (product title, description, price, availability, image URLs, etc.) is processed, but no direct personal data from end users. To the extent the app delivers pixel-based marketing tags in users' browsers (e.g., Meta Pixel events), the respective information about these third parties applies.

Legal basis: legitimate interest in effective product marketing (Art. 6(1)(f) GDPR) or consent via the cookie banner, insofar as marketing pixels are delivered. WoolyTech Privacy Policy: https://woolytech.com/privacy-policy/.

Fonts (Google Fonts / Locally Embedded)

This website uses fonts that – where technically possible – are embedded locally on our server, so no connection to Google servers is established. Should fonts be dynamically loaded from Google in individual cases, your browser transmits your IP address to Google Ireland Limited. Further Information: https://developers.google.com/fonts/faq/privacy.

Social Media Links

Our website contains links to our profiles on social networks (Facebook/Meta, Instagram, LinkedIn, YouTube, Vimeo). These are plain links, not embedded plug-ins. Data transmission to the respective providers only occurs when you actively click on the corresponding link and are redirected to the platform. The privacy policies of the respective provider then apply on that platform:

Meta Platforms Ireland Limited (Facebook, Instagram): https://www.facebook.com/privacy/policy
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy
Google Ireland Limited (YouTube): https://policies.google.com/privacy
Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA: https://vimeo.com/privacy

Embedded Videos (Vimeo / YouTube)

Where we embed videos from the Vimeo or YouTube platforms, this is done in enhanced privacy mode ("Privacy Enhanced Mode") or only with your consent via the cookie banner. When playing, data (including IP address) is transmitted to the respective platform. Legal basis: Consent (Art. 6(1)(a) GDPR).

Content Delivery Network (Cloudflare)

To deliver static content and protect against attacks, we sometimes use Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When you access our site, connection data (including IP address) is transmitted to Cloudflare. Legal basis: legitimate interest in security and performance (Art. 6(1)(f) GDPR). Transmission to the USA is based on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. Privacy Policy: https://www.cloudflare.com/privacypolicy/.

Translation and Multilingual Support (Hextom)

Our website is available in multiple languages. For this, we use the app Hextom Translate & Adapt from Hextom Inc., USA. Hextom does not process personal data from end users, but only content and configuration data from our shop.

Third Country Transfers

Some of the services mentioned above are based or process data in countries outside Switzerland and the EU/EEA, particularly in the USA. In these cases, we base the transfer on:

Adequacy decision from the EU Commission or recognition decision from the Federal Council (e.g., EU-U.S. Data Privacy Framework / Swiss-U.S. Data Privacy Framework, where the provider is certified), or
Standard Contractual Clauses (SCC) from the EU Commission pursuant to Art. 46 GDPR or Standard Contractual Clauses recognized by the FDPIC, or
Your explicit consent pursuant to Art. 49(1)(a) GDPR or Art. 17(1)(a) revDPA.

Children's Data

Our services are not directed at children. We do not knowingly collect personal data from children who are not yet of legal age in their country or are under 16 years old. If you are a parent or guardian of a child who has provided us with personal data, please contact us at info@shn.swiss so we can delete the data.

We do not knowingly "sell" or "share" personal data of persons under 16 years of age within the meaning of applicable privacy laws.

Security of Your Data

We use technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration (including SSL/TLS encryption, access controls, Data Processing Agreements with our service providers). Please note, however, that no security measure can guarantee absolute security. In particular, there are residual risks in data transmission over the internet. Avoid transmitting sensitive or confidential information over insecure communication channels.

Data Retention

We store personal data only as long as necessary for the respective purposes or as required by law (in particular, commercial and tax retention periods of up to 10 years pursuant to OR Art. 958f). Newsletter data is stored until consent is withdrawn.

Your Rights

Under Swiss revDPA and EU GDPR, you have the following rights regarding your personal data:

Right to Information (Art. 25 revDPA / Art. 15 GDPR): You have the right at any time to free information about your stored personal data, its origin, recipients, and the purpose of data processing.
Right to Correction (Art. 32 revDPA / Art. 16 GDPR)
Right to Deletion (Art. 32 revDPA / Art. 17 GDPR)
Right to Restrict Processing (Art. 18 GDPR)
Right to Data Portability (Art. 28 revDPA / Art. 20 GDPR)
Right to Object to processing (Art. 30 revDPA / Art. 21 GDPR)
Withdrawal of Given Consent with future effect

To exercise your rights, please contact info@shn.swiss. We may request additional information for identity verification.

Objection to Sale/Sharing for Targeted Advertising

Depending on where you reside, you may have the right to object to the "sale" or "sharing" of your personal data for targeted advertising purposes. You can exercise this right via the following page.

Global Privacy Control (GPC)

If you visit our website with the Global Privacy Control (GPC) signal enabled in your browser, we will treat this – where applicable based on your location – as an automatic opt-out request for the device and browser with which you visit the website. If we can associate the signal with an existing account, we will apply the opt-out request to that account as well. For more information about Global Privacy Control, visit https://globalprivacycontrol.org. We do not evaluate other "Do Not Track" signals.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority:

In Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, https://www.edoeb.admin.ch
In the EU: With the competent data protection supervisory authority of your member state. A list can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our services and data processing practices. The current version can always be found on this page.

Contact

If you have questions about our privacy practices or this privacy policy, or if you wish to exercise any of your rights, please contact us at: