Pursuant to Art. 13 GDPR and the Swiss revFADP (nLPD). Applies to visitors, registered buyers, and wholesale partners.
Reina Olga SA, Via Arona 30, 7500 St. Moritz, Switzerland — UID CHE-271.649.623 — email: help@reinaolga.com.
Reina Olga SA is established in Switzerland and offers goods to customers in Switzerland, the EU/EEA and the United Kingdom. The Controller therefore processes personal data in compliance with both the Swiss revFADP/nLPD and, where applicable under Article 3 GDPR, the GDPR. The two frameworks are applied in parallel; where they differ, the stricter standard is observed.
This Policy applies to: (a) consumers who visit or purchase on the Site (B2C); (b) representatives, buyers and contacts of our wholesale and business clients (B2B), whose business contact data (name, role, business email and telephone) we process to manage the commercial relationship, including the designated payment contact; (c) any other individual who contacts us or whose data we lawfully receive. For B2B relationships, the business client and Reina Olga SA each act as independent data controllers in respect of the contact data they exchange.
• Identification, contact and access data: name and surname, email address, shipping and billing address, telephone number, account access credentials and any other data voluntarily provided. For B2B: company name and the name, role, email and telephone of the buyer and of the designated payment contact. • Purchase and order data: products ordered, order history, wholesale orders and related commercial information. • Billing and payment data: IBAN/bank details for wire transfers, tax code and billing address. Card data is handled directly by the payment provider and is not stored by the Controller. • Browsing and usage data: IP address, device and browser parameters, log data, registration data, interaction and transaction events, performance indicators, navigation flows and use of Site features.
5.1 Contract and legal obligations — Browsing the Site; registration and management of the account and connected services; activities necessary to conclude and perform purchase contracts (B2C and B2B wholesale orders); order processing and fulfilment; customer care and handling of requests, reports and complaints; administrative, accounting and tax activities; responding to requests from competent authorities; handling requests to exercise data subject rights. Legal basis: performance of (pre-)contractual obligations (Art. 6.1.b GDPR / Art. 31 revFADP) and compliance with legal obligations (Art. 6.1.c GDPR). 5.2 Analytics, legitimate interest and security — Statistical analysis of Site use to improve the Site and product offer; ensuring compliance with the Controller's contractual rights and legal obligations; preventing and detecting fraud; reminding a user who has started a purchase that a product remains in the shopping cart. Legal basis: legitimate interest of the Controller (Art. 6.1.f GDPR). 5.3 Marketing and profiling (consent) — With the user's consent, sending commercial communications, newsletters, updates, offers, promotions and market-research invitations; and, with consent, processing data to attribute preferences and characteristics to the user for personalised communications. Profiling does not produce legal effects on the user. Legal basis: consent (Art. 6.1.a GDPR). Refusal or revocation does not affect the ability to purchase. 5.4 Communications to existing customers (soft opt-in) — The Controller may send communications about its own similar products to the email address provided, unless the user objects. Legal basis: legitimate interest, in line with applicable e-privacy rules. Withdrawal of consent — Where processing is based on consent, the user may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Data is no longer processed for that purpose following withdrawal, and is retained only where another legal basis applies.
Personal data is processed lawfully, fairly and transparently, using IT and/or electronic tools with logic strictly related to the stated purposes. The Controller adopts appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration or destruction of personal data, and limits access to authorised staff and processors bound by confidentiality. Data is transmitted via encrypted (HTTPS) connections, and the principle of data minimisation is applied.
• Invoices and accounting records: 10 years (Art. 958f Swiss Code of Obligations) • Order / contract data: duration of relationship + up to 10 years for legal defence • Account (on closure request): 3 months for administrative purposes, then deleted • Marketing / profiling (consent): until consent withdrawn, max 12 months from last contact or renewal • Customer-care tickets: 24 months from closure After these periods personal data is deleted or anonymised.
Data may be accessed by authorised staff and by third parties that perform services on the Controller's behalf as data processors (Art. 28 GDPR / Art. 9 revFADP), bound by data-processing agreements. Current processors include: • E-commerce & payments: Shopify / Shopify Payments (Shop Pay) for the online store; Stripe for card payments; Klarna for instalment/deferred payments where offered. • Logistics / fulfilment: Monta (Netherlands, EU) for EU orders; ShiptQuick, Inc. (USA) for US orders. • Email marketing: Klaviyo, Inc. (USA). • Customer care & messaging: Google Workspace (Gmail) and TextYess (automated WhatsApp assistance). • Analytics & advertising: Google (Analytics/Ads), Meta (Facebook/Instagram Pixel), TikTok. • Wholesale order management: the Controller's B2B ordering platform and, where used, the dedicated wholesale management system. • Accounting: bexio AG (Switzerland) and the Controller's external fiduciary. An updated list of processors under Art. 28 GDPR is available on request at help@reinaolga.com.
Data is processed primarily in Switzerland and the EU/EEA. Some providers process data in the United States or other third countries. Where data is transferred outside Switzerland or the EEA to a country without an adequacy decision, the Controller ensures an adequate level of protection through: (i) the EU-US Data Privacy Framework and its Swiss-US extension, where the recipient is certified; or (ii) the European Commission's Standard Contractual Clauses 2021/914, supplemented for Switzerland by the FDPIC addendum. Users may obtain a copy of the relevant safeguards by writing to help@reinaolga.com.
Users may exercise the rights granted by Articles 15–22 GDPR and the corresponding provisions of the revFADP: access, rectification, updating and integration, erasure ("right to be forgotten"), restriction of processing, data portability, objection to processing (including for direct marketing), and withdrawal of consent at any time. Requests may be sent to help@reinaolga.com. The Controller will respond within the time limits set by applicable law.
The Site and its products are directed at adults. The Controller does not knowingly collect personal data of minors under the age applicable in the user's jurisdiction without the consent of a parent or legal guardian. If a parent or guardian becomes aware that a minor has provided personal data, they may contact help@reinaolga.com to have it deleted.
The Site uses cookies and similar technologies. For details on the cookies used, their purposes and how to manage consent, please refer to the Cookie Policy published on the Site.
The competent supervisory authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC / PFPDT), Feldeggweg 1, 3003 Bern — www.edoeb.admin.ch. Users resident in the EU/EEA may alternatively lodge a complaint with the supervisory authority of their Member State of residence.
The Controller may update this Policy at any time, publishing changes on this page with the revision date indicated below. Users are invited to consult this page periodically. Unless otherwise stated, the previous version continues to apply to data collected up to the date of the change.