Uglyfruits Data Protection Statement (OplaBio SA)
Last updated: August 19, 2025
The controller of your personal data is:
OplaBio SA
Avenue du Mail 18
2000 Neuchâtel Switzerland
Email: [email protected]
This policy applies to all personal data collection carried out:
via the e-commerce site uglyfruits.ch and its subdomains;
during registration, purchase, payment, or newsletter subscription;
during statistical, advertising, or social tracking (GA4, Ads, Facebook Pixel, Pinterest, GTM).
| nFADP Principle | Implementation at Uglyfruits |
|---|---|
| Lawfulness / transparency | Detailed information below and in the cookie banner. |
| Determined purpose | Objectives listed p.5 |
| Proportionality | Limitation of cookies to declared needs |
| Security | Measures p.9 |
| Privacy by design/default | Non-essential cookies disabled by default |
| Processing register | Maintained internally (art. 12 nFADP) |
| Impact analysis (DPIA) | Performed for advertising profiling (increased risk) |
Justifications (art. 31-32 nFADP): contract execution, predominant legitimate interests, explicit consent, legal obligation.
Identification data: name, first name, address, email, phone.
Order data: products, amount, delivery address, history
Payment data: tokenized via Datatrans (no card number stored)
Navigation data: IP address, device type, pages viewed (Google Analytics 4)
Marketing data: advertising identifiers (Ads/Meta/Pinterest).
Support data: email content and web form submissions (timestamps, messages)
| Purpose | Tool / Third party | Legal basis |
|---|---|---|
| 5.1 Site operation & basket | Essential cookies (authentication, basket) | Legitimate interest |
| 5.2 Audience measurement | Google Analytics 4 (IP anonymization) + GTM | Consent (opt-in) |
| 5.3 Advertising / Remarketing | Google Ads, Facebook Pixel, Pinterest Tag – EU User Consent extensions in CH | Explicit consent |
| 5.4 Customer service | Web forms and email | Legitimate interest |
| 5.5 Newsletter | Mail-list; unsubscribe anytime (link); LCD obligations | Consent |
| 5.6 Secure payment | Datatrans AG (PCI-DSS, ISO 27001) | Contract execution |
| 5.7 Hosting | DE / EU server compliant with ISO 27001 | Legitimate interest |
A FDPIC-compliant consent banner allows: “Accept all”, “Reject all”, “Customize”
Non-essential cookies are only placed after your choice (opt-in).
You can modify your preferences anytime via the “Cookie settings” link.
| Recipient | Country | Transfer guarantee |
|---|---|---|
| Google LLC / Google Ireland | USA/Ireland | Swiss-US DPF or adapted Swiss SCC |
| Meta Platforms Ireland / USA | EU/USA | DPF or SCC |
| Pinterest Europe Ltd | EU/USA | SCC; joint-processing addendum Pinterest |
| Hetzner Online GmbH | DE/EU | SCC Hetzner |
| Datatrans AG | Switzerland | No transfer (CH servers) Datatrans |
Any transfer to a state without an “adequate” level is subject to Swiss standard contractual clauses and, where applicable, an impact assessment (TIA).
Orders: 10 years (accounting obligations).
Inactive customer accounts: anonymization after 10 years.
Server logs: 12 months.
GA4 cookies: 14 months max.
Newsletters: until consent withdrawal or 2 years of inactivity.
Data is then securely deleted or anonymized.
Technical & organizational measures: SSL/TLS, encryption at rest, firewalls, offline backups, access control, network monitoring.
You have the rights of access, rectification, erasure, limitation, objection, portability (art. 25-28 nFADP) and the right to withdraw your consent at any time
To exercise your rights: [email protected] or postal mail (address § 1).
Any breach likely to create a high risk to your personality is notified as soon as possible to the FDPIC (art. 24 nFADP) and, if necessary, to the data subjects.
We may update this policy; the last update date appears at the top of the document. Substantial changes will be communicated to you by email and via a notification on the site.
Data protection officer: [email protected]
Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern – edoeb.admin.ch.