Made to Measure
France
Betterwalls

Privacy

Status: October 2025

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

Vision Consulting AG
Compliance
Bächausstrasse 61
CH-8806 Bäch SZ
Switzerland

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
Website: www.betterwalls.fr

Note: Vision Consulting AG has not appointed a data protection officer, as there is no legal obligation to do so.

1b. Data Transfer to Switzerland

The processing of your data is partly carried out by the controller in Switzerland. Switzerland benefits from an adequacy decision of the European Commission (Decision 2000/518/EC as amended by Implementing Decision (EU) 2024/1159), ensuring an adequate level of data protection.

2. General Information on Data Processing

2.1 Scope of Personal Data Processing

In principle, we only process the personal data of our users to the extent necessary to provide a functional website as well as our content and services. The processing of personal data regularly takes place only after user consent. An exception applies in cases where prior consent is not possible for factual reasons and where data processing is permitted by legal provisions.

2.2 Legal Basis for Processing

Insofar as we obtain the consent of the data subject for personal data processing operations, Art. 6(1)(a) GDPR serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

2.2a Data Processing

We use external service providers to provide our services (e.g., Shopify, Google Analytics, payment service providers, shipping service providers). We have concluded contracts compliant with Art. 28 GDPR (data processing agreements) with all processors who process personal data on our behalf. These contracts ensure that processing is carried out only according to our instructions and that an adequate level of protection is guaranteed.

2.3 Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accesses our website (referrer URL)
  • Websites accessed by the user's system through our website
  • Volume of data transferred
  • Message about successful access

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

3.2 Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

3.3 Storage Period

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or anonymized, so that it is no longer possible to identify the accessing client.

3.4 Possibility of Objection and Deletion

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection by the user.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

4.2 Cookie Categories

We use the following cookie categories on our website:

Necessary cookies (technically required)

  • Purpose: Basic website functionality, session management, shopping cart, payment
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
  • Storage period: Session cookies (deleted after browser closure) or up to 30 days

Preference cookies

  • Purpose: Storage of user settings (language, region)
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Storage period: Up to 12 months

Statistical cookies

  • Purpose: Analysis of user behavior, website optimization
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Storage period: Up to 24 months

Marketing cookies

  • Purpose: Display of personalized advertising, tracking across multiple websites
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Storage period: Up to 24 months

4.3 Specific Cookie List

The following cookies are used on our website:

Shopify cookies (necessary):

  • _shopify_s: Session ID, 1 day
  • _shopify_y: Permanent store ID, 1 year
  • cart: Shopping cart information, 14 days
  • cart_sig: Shopping cart signature, 14 days
  • secure_customer_sig: Customer login signature, 20 years
  • storefront_digest: Store authentication, 2 years

Google Analytics cookies (statistical, only with consent):

  • _ga: Client ID to distinguish users, 2 years
  • _gid: Client ID to distinguish users, 24 hours
  • _gat: Request rate throttling, 1 minute

Facebook cookies (marketing, only with consent):

  • _fbp: Facebook pixel tracking, 3 months
  • fr: Facebook advertising ID, 3 months

Google Ads cookies (marketing, only with consent):

  • _gcl_au: Google Ads conversion tracking, 90 days
  • IDE: Google DoubleClick, for ad targeting and remarketing, 13 months
  • test_cookie: Checks browser cookie support, 15 minutes
  • Conversion cookie: Specific cookie for each conversion action, 30 days

4.4 Legal Basis and Purpose of Data Processing

The legal basis for processing personal data using technically necessary cookies is Art. 6(1)(f) GDPR. The legal basis for processing personal data using cookies for analysis purposes, in the presence of corresponding user consent, is Art. 6(1)(a) GDPR.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

User data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies serves the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can thus constantly optimize our offering.

These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6(1)(f) GDPR.

4.5 Storage Period, Possibility of Objection and Deletion

Cookies are stored on the user's computer and transmitted by it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.

You can adjust your cookie settings at any time via our cookie banner.

5. Google Analytics

5.1 Scope of Personal Data Processing

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies that enable analysis of your use of the website.

The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. We have activated IP anonymization on this website. As a result, your IP address will be truncated beforehand by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and Internet use to the website operator.

5.2 Legal Basis for Personal Data Processing

The legal basis for using Google Analytics is Art. 6(1)(a) GDPR (consent). Use only takes place if you have previously given your consent via our cookie banner.

5.3 Purpose of Data Processing

The use of Google Analytics serves the purpose of analyzing our website and optimizing our Internet presence.

5.4 Storage Period

Data that we send and that is linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

5.5 Possibility of Objection and Deletion

You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

As an alternative to the browser plugin, you can revoke your consent via our cookie banner or click this link to prevent future collection by Google Analytics on this website (the opt-out only works in this browser and only for this domain). An opt-out cookie will then be stored on your device. If you delete your cookies in this browser, you will need to click this link again.

5.6 Data Transfer to Third Countries

Google processes your data in the USA. The USA benefits from an adequacy decision of the European Commission (EU-US Data Privacy Framework). Google LLC is certified under the EU-US Data Privacy Framework. You can find more information at: https://www.dataprivacyframework.gov/

You can find more information about data protection at Google Analytics at: https://support.google.com/analytics/answer/6004245

6. Social Media Plugins

6.1 Facebook Social Plugins

So-called social plugins ("plugins") of the social network Facebook are used on our website, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

The plugins are identified by a Facebook logo (white "f" on a blue tile or a "thumbs up" sign) or are identified by the addition "Facebook Social Plugin".

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The plugin content is transmitted directly by Facebook to your browser and integrated by it into the website.

By integrating the plugins, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can attribute the visit to your Facebook account. If you interact with the plugins, for example by clicking the "Like" button or making a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner)

Purpose: Integration of social network functions, possibility to share content

Data transfer: Facebook processes data partly in the USA. Meta Platforms is certified under the EU-US Data Privacy Framework.

Objection: If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. You can also completely block Facebook plugins with add-ons for your browser.

You can find more information about the purpose and scope of data collection and its processing by Facebook in Facebook's data protection information: https://www.facebook.com/about/privacy/

6.3 Google Tag Manager

We use Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Description and scope: Google Tag Manager is a tag management solution with which we can manage so-called website tags via an interface. Tags are small code elements on our website that serve, among other things, to measure traffic and visitor behavior, to record the effect of online advertising and social channels, to use remarketing and audience targeting, and to test and optimize websites.

Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect personal data. The Tag Manager triggers other tags that may collect data. This collection is carried out by the tools integrated via the Tag Manager (e.g., Google Analytics, Facebook Pixel).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient management and optimization of our marketing tools)

Purpose: Centralized management and implementation of analysis and marketing tags without direct code modifications

Data transfer: The Tag Manager may transfer technical information (IP address, browser, device) to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.

Objection: You cannot directly disable the Tag Manager, but you can disable the individual services integrated via the Tag Manager (e.g., Google Analytics, Facebook Pixel) via our cookie banner.

More information about Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

6a. Meta Pixel (Facebook Pixel)

We use the "Meta Pixel" (formerly "Facebook Pixel") on our website, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

6a.1 Description and Scope of Data Processing

The Meta Pixel is a code snippet integrated on our website that records various actions of visitors. The following data is collected and transmitted to Meta:

  • Technical information: IP address, browser type, operating system, device type
  • URLs visited and timestamps
  • Interactions on the website (pages viewed, clicks, products added to cart, purchases)
  • HTTP referrer (previous website)
  • Cookie data and device identifiers
  • For users logged into Facebook: attribution to your Facebook profile

The Meta Pixel places cookies (see section 4.3: _fbp, fr) that enable recognition of your browser during subsequent visits.

6a.2 Purposes of Using the Meta Pixel

We use the Meta Pixel for the following purposes:

Conversion tracking: Measuring the effectiveness of our Facebook and Instagram advertising campaigns by recording conversions (e.g., purchases, registrations)

Custom audiences: Creating audiences based on website visitors for targeted advertising on Facebook and Instagram

Remarketing: Displaying personalized advertising to people who have already visited our website

Lookalike audiences: Creating audiences similar to our existing customers

Advertising campaign optimization: Automatic optimization of the delivery of our ads to people most likely to take the desired action

6a.3 Legal Basis

The legal basis for using the Meta Pixel is Art. 6(1)(a) GDPR (consent). Processing only takes place if you have given your consent via our cookie banner.

6a.4 Data Transfer to Third Countries

Meta also processes the collected data on servers in the USA. Meta Platforms is certified under the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/

In addition, we have concluded standard contractual clauses with Meta in accordance with Art. 46 GDPR.

6a.5 Storage Period

Meta stores the data collected via the pixel for varying periods:

  • Event data (e.g., pages viewed, purchases): 90 days
  • Custom audiences: Up to 180 days after the last activity or until deletion by us
  • Cookies: Up to 90 days (_fbp cookie)

6a.6 Objection and Opt-Out Options

You have several options to prevent data collection by the Meta Pixel:

1. Cookie banner: Refuse marketing cookies in our cookie banner or revoke your consent.

2. Facebook settings: If you have a Facebook account, you can disable the display of personalized advertising in your advertising settings:

  • Facebook: https://www.facebook.com/settings?tab=ads
  • Instagram: Via the app under Settings → Advertising

3. Browser settings: Block Meta cookies in your browser settings or use add-ons like "Facebook Container" (Firefox).

4. Facebook logout: Log out of Facebook before visiting our website to prevent direct attribution to your profile.

More information about the Meta Pixel and data protection:

  • Meta privacy statement: https://www.facebook.com/privacy/explanation
  • Meta Pixel data use: https://www.facebook.com/business/help/742478679120153
  • Meta cookie policy: https://www.facebook.com/policies/cookies/

6b. Google Ads Conversion Tracking

We use Google Ads conversion tracking, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), to measure the effectiveness of our Google Ads campaigns.

6b.1 Description and Scope of Data Processing

When you click on one of our Google ads, a conversion tracking cookie is stored on your device. These cookies expire after 30 days and are not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page.

Data collected:

  • Cookie ID
  • Timestamp of the ad click
  • Pages visited on our website
  • Actions performed (e.g., purchases, registrations)
  • IP address (truncated)
  • Technical information (browser, device, operating system)

Each Google Ads customer receives a different cookie. Cookies therefore cannot be tracked across the websites of Google Ads customers.

6b.2 Purpose of Use

The information obtained using the conversion cookie serves to:

  • Create conversion statistics (e.g., how many users make a purchase after clicking on an ad)
  • Measure the success of our advertising campaigns
  • Optimize our advertising campaigns
  • Calculate cost per conversion

6b.3 Legal Basis

The legal basis for using Google Ads conversion tracking is Art. 6(1)(a) GDPR (consent). Processing only takes place if you have given your consent via our cookie banner.

6b.4 Data Transfer to Third Countries

Google also processes your data on servers in the USA. Google LLC is certified under the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/

6b.5 Storage Period

Conversion cookies have a storage period of 30 days. Conversion statistics are stored by Google for varying periods, generally for 90 days.

6b.6 Objection and Opt-Out Options

You can prevent participation in conversion tracking in various ways:

1. Cookie banner: Refuse marketing cookies in our cookie banner or revoke your consent.

2. Browser settings: Configure your browser to block cookies from the domain "googleadservices.com".

3. Google Ads settings: Disable personalized advertising in your Google account settings:
https://adssettings.google.com/

4. Browser plugin: Install the Google Analytics opt-out browser add-on:
http://tools.google.com/dlpage/gaoptout

5. Other opt-out options:
- Digital Advertising Alliance: http://www.aboutads.info/choices/
- Network Advertising Initiative: http://www.networkadvertising.org/choices/

More information about Google Ads and data protection:

  • Google Ads privacy statement: https://policies.google.com/privacy
  • Google Ads conversion tracking: https://support.google.com/google-ads/answer/1722022

7. Shopify E-Commerce Platform

Our website is hosted on the Shopify e-commerce platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (or if you reside in North America, Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada).

7.1 Scope of Data Processing

Shopify processes the following data to provide the e-commerce infrastructure:

  • Order data (products, quantities, prices)
  • Customer data (name, address, email, phone number)
  • Payment information (however, this is not permanently stored by us)
  • Technical data (IP address, browser, device)
  • Usage behavior (pages visited, clicks, visit duration)

7.2 Legal Basis and Purpose

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in reliable hosting and e-commerce infrastructure)

Purpose: Provision of the online store, order processing, payment processing, shipping processing, customer support

7.3 Shopify Analytics

Shopify automatically collects analytics data on the use of our store:

  • Number of visitors and pages viewed
  • Visit duration and bounce rate
  • Conversions and cart abandonments
  • Product views and purchases
  • Geographic origin of visitors

This data serves to optimize our store offering and improve user experience.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in store optimization)

7.4 Storage Period

Shopify stores your data as long as you have a customer account with us or as long as we are legally required to store it (e.g., tax retention periods of up to 10 years).

7.5 Data Transfer to Third Countries

Shopify processes data on servers in Canada and the USA. Shopify is certified under the EU-US Data Privacy Framework and has concluded standard contractual clauses with us.

You can find more information about data protection at Shopify at: https://www.shopify.com/legal/privacy

8. Payment Service Providers

8.1 PayPal

On our website, we offer payment via PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you pay with PayPal, your entered payment data is transmitted to PayPal. The transmission of data to PayPal is based on Art. 6(1)(b) GDPR (performance of contract) and only to the extent necessary for payment processing.

PayPal may also transfer data to the USA. PayPal is certified under the EU-US Data Privacy Framework.

You can find more information about data processing by PayPal in PayPal's privacy statement: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

8.2 Shopify Payments

We use Shopify Payments as another payment service provider. Shopify Payments is provided by Shopify International Limited or Shopify Inc. and cooperates with various payment service providers (e.g., Stripe).

When paying via Shopify Payments, your payment data is transmitted in encrypted form via a secure connection. We do not store credit card data ourselves. Payment data is transmitted directly to the payment service providers and processed there.

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

Purpose: Secure processing of online payments

Data transfer: Shopify Payments may transfer data to the USA and Canada. Shopify is certified under the EU-US Data Privacy Framework.

More information: https://www.shopify.com/legal/privacy

9. Shipping Service Providers

For shipping processing, we transmit your data to the following shipping service providers:

9.1 DHL (Deutsche Post DHL Group)

Provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

Data transmitted: Name, delivery address, phone number (optional), email address (for shipment tracking), package contents (product description)

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Storage period: According to legal retention periods under transport law

Data protection information: https://www.dhl.de/de/privatkunden/information/datenschutz.html

9.2 DPD (DPD Deutschland GmbH)

Provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

Data transmitted: Name, delivery address, phone number (optional), email address (for shipment tracking)

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Data protection information: https://www.dpd.com/de/de/datenschutzerklaerung/

9.3 Swiss Post

Provider: Swiss Post Ltd, Wankdorfallee 4, 3030 Bern, Switzerland

Data transmitted: Name, delivery address, phone number (optional), email address (optional)

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Data protection information: https://www.post.ch/en/pages/footer/data-protection

10. Newsletter

10.1 Description and Scope of Data Processing

You have the option to subscribe to our newsletter via our website. The newsletter is sent via Shopify. For this purpose, the following data is transmitted to us during registration:

  • Email address (required field)
  • IP address of the accessing computer
  • Date and time of registration

For data processing, your consent is obtained during the registration process and reference is made to this privacy statement.

After registration, you will receive an email to confirm your registration (double opt-in procedure). Only after confirmation by clicking the link in this email will you be added to the newsletter distribution list.

10.2 Legal Basis and Purpose of Data Processing

The legal basis for data processing after newsletter subscription by the user is, in the presence of consent, Art. 6(1)(a) GDPR.

The collection of the email address serves to deliver the newsletter. The collection of the IP address and the time of registration serves to be able to trace any possible misuse of a data subject's email address at a later time and as proof of the consent given.

10.3 Storage Period

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the newsletter subscription is active.

10.4 Possibility of Objection and Deletion

The newsletter subscription can be cancelled at any time by the user concerned. A corresponding link can be found in each newsletter. This also enables revocation of consent to the storage of data collected during the registration process.

11. Registration and Customer Account

11.1 Description and Scope of Data Processing

You have the option to register on our website and create a customer account. The following data is collected:

  • Email address (required field)
  • Password (stored in encrypted form)
  • Title, first name and last name
  • Address (billing address, optional delivery address)
  • Phone number (optional)
  • Date of birth (optional)
  • IP address and time of registration

During the registration process, your consent to the processing of this data is obtained.

11.2 Legal Basis and Purpose of Data Processing

The legal basis for data processing, in the presence of consent, is Art. 6(1)(a) GDPR. If the registration serves the performance of a contract or the implementation of pre-contractual measures, the additional legal basis is Art. 6(1)(b) GDPR.

Registration is necessary for the provision of certain content and services on our website. A customer account allows you, among other things, to:

  • Place orders without re-entering your data
  • View your order history
  • Manage your address data
  • Save your settings

11.3 Storage Period

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when you delete your customer account. Storage beyond this may take place if we are legally required to retain it (e.g., commercial or tax retention periods of up to 10 years for order data).

11.4 Possibility of Objection and Deletion

You have the option at any time to delete your customer account. Contact us for this purpose at the address provided or use the account deletion function in your customer area.

12. Order Processing and Contract Performance

12.1 Description and Scope of Data Processing

When purchasing products in our online store, the following personal data is collected and processed as part of order processing:

Required fields:

  • Title, first name and last name
  • Billing address (street, house number, postal code, city, country)
  • Email address
  • Order data (products ordered, quantities, prices, order number, order date)

Optional fields:

  • Different delivery address
  • Phone number
  • Date of birth (optional)
  • Company data (for business orders)

Data collected automatically:

  • IP address
  • Date and time of order
  • Payment information (however, this is not permanently stored by us but transmitted directly to payment service providers)

The data is necessary for processing your purchase contract. Without this data, we cannot process and execute your order.

12.2 Legal Basis for Data Processing

The legal basis for data processing as part of order processing is Art. 6(1)(b) GDPR (performance of contract). Processing is necessary for the performance of the purchase contract.

12.3 Data Transmission

Your order data is transmitted to the following recipients, to the extent necessary for contract performance:

  • Shipping service providers (DHL, DPD, Swiss Post): Name, delivery address, phone number (optional), email address (for shipment tracking)
  • Payment service providers (PayPal, Shopify Payments): Name, billing address, email address, payment information
  • Shopify (e-commerce platform): All order data for technical processing (see section 7)

Transmission to other third parties does not take place unless we are legally required to do so (e.g., to tax authorities) or you have expressly consented.

12.4 Storage Period

Your order data is stored for the duration of contract processing. After conclusion of the contract, the data is stored for the duration of the French legal retention periods:

  • Accounting and tax obligations: 10 years for invoices and accounting documents (in accordance with the French Commercial Code and Tax Procedures Code)
  • Order and invoice data: 10 years

After expiration of these periods, the data is deleted unless you have consented to storage beyond this or we are required to retain it longer for legal reasons.

12.5 Possibility of Objection and Deletion

The collection and processing of data is absolutely necessary for the performance of the purchase contract. Without this data, we cannot process your order. Objection to data processing as part of contract performance is therefore not possible as long as the contractual relationship exists.

After expiration of the legal retention periods, you can request deletion of your order data at any time.

13. Contact Form and Contact by Email

13.1 Description and Scope of Data Processing

A contact form is available on our website that can be used for electronic contact. If a user uses this option, the data entered in the input form is transmitted to us and stored. This data is generally:

  • Name
  • Email address
  • Subject
  • Message
  • IP address and time of sending

Alternatively, contact is possible via the email address provided. In this case, the user's personal data transmitted with the email is stored.

In this context, there is no transmission of data to third parties. The data is used exclusively for processing the conversation.

13.2 Legal Basis and Purpose of Data Processing

The legal basis for data processing, in the presence of consent, is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted when sending an email is Art. 6(1)(f) GDPR. If email contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.

The processing of personal data serves us only to process the contact. In case of contact by email, this is also where the necessary legitimate interest in data processing lies.

13.3 Storage Period

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input field and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been definitively clarified.

Storage beyond this may take place if there are legal retention periods.

13.4 Possibility of Objection and Deletion

The user has the option at any time to revoke their consent to the processing of personal data. If the user contacts us by email, they can object at any time to the storage of their personal data. In such a case, the conversation cannot be continued. Please contact us for this purpose at the address provided.

All personal data that was stored during contact is deleted in this case, unless legal retention periods prevent this.

14. Product Reviews

If you write a product review on our website, the following data is stored:

  • Your name or pseudonym (as you provided it)
  • Email address (not published)
  • Review text
  • Star rating of the review
  • Date of review
  • IP address (for abuse prevention)

Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in genuine customer reviews)

Purpose: Publication of customer reviews, improvement of product quality, trust building

Storage period: Reviews are stored permanently until you request deletion or we must remove the review for legal reasons.

14a. IMPORTANT: Your Right to Object

You have the right to object at any time to the processing of your personal data!

In accordance with Art. 21 GDPR, you can in particular object to:

  • Objection to direct marketing: If your data is processed for advertising purposes, you can object to this at any time and without giving reasons. After your objection, we will no longer use your data for advertising purposes.
  • Objection to processing based on legitimate interest: If processing is based on Art. 6(1)(f) GDPR (legitimate interest), you can object for reasons arising from your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds for the processing.

How to object:

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
In writing: Vision Consulting AG, Compliance, Bächausstrasse 61, CH-8806 Bäch SZ, Switzerland

For objection to the newsletter: Click the unsubscribe link in each newsletter.

For objection to cookies and tracking: Adjust your settings in the cookie banner or use browser settings.

15. Rights of the Data Subject

When personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

15.1 Right of Access (Art. 15 GDPR)

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request information about the following:

  • the purposes for which the personal data is processed
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
  • the envisaged period for which the personal data concerning you will be stored
  • the existence of a right to request rectification or erasure of personal data concerning you
  • the existence of a right to request restriction of processing or to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • all available information about the source of the data if the personal data is not collected from the data subject
  • the existence of automated decision-making, including profiling, and meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for the data subject

You have the right to request whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request information about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

15.2 Right to Rectification (Art. 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete.

15.3 Right to Restriction of Processing (Art. 18 GDPR)

Under the following conditions, you can request restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
  • the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use
  • the controller no longer needs the personal data for the purposes of processing but you need them for the establishment, exercise or defense of legal claims
  • if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds

15.4 Right to Erasure (Art. 17 GDPR)

You may request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following grounds applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed
  • You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing
  • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR
  • The personal data concerning you has been unlawfully processed
  • Erasure of the personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject

The right to erasure does not exist to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation or for the performance of a task carried out in the public interest
  • for the establishment, exercise or defense of legal claims

15.5 Right to Information (Art. 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate to all recipients to whom the personal data concerning you has been disclosed such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

15.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

  • the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
  • the processing is carried out by automated means

In exercising this right, you furthermore have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible.

15.7 Right to Object (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

15.8 Right to Revoke Consent under Data Protection Law (Art. 7(3) GDPR)

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of processing carried out on the basis of consent until revocation.

15.9 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The competent supervisory authority for France is the Commission Nationale de l'Informatique et des Libertés (CNIL). You can find more information at: https://www.cnil.fr/

CNIL contact details:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715
75334 Paris Cedex 07
Phone: +33 1 53 73 22 22
Website: https://www.cnil.fr/

16. Data Security

When visiting the website, we use the widespread SSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our Internet presence is transmitted in encrypted form by the closed representation of the key or padlock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

17. Currency and Modification of this Privacy Statement

This privacy statement is currently valid and has the status of October 2025.

Due to the development of our website and offers made on it, or due to changes in legal or regulatory requirements, it may be necessary to modify this privacy statement. The current privacy statement can be accessed and printed at any time on the website at https://www.betterwalls.fr/pages/privacy.