Select Page

PRIVACY POLICY

Owner and operator of this online shop, the company:
  • VITLI
  • 9200 Gossau, Schwalbenstr. 28B
  • UID/MwSt.: CHE-181.536.405
    (hereinafter referred to as the “Controller”, “we” or “us”).

This privacy policy regulates the collection, processing and use of personal data of users (hereinafter referred to as “user”, “customer” or “you”) when visiting and using our online shop. This is done in accordance with the Swiss Federal Act on Data Protection (FADP) or the EU General Data Protection Regulation (GDPR).


1. Contact for data protection questions

If you have any questions about data protection or to assert your rights (e.g. information, correction or deletion of data), you can contact us as follows:

2. Types and purposes of data processing

We process personal data only of natural persons (data of legal entities and companies are not covered by the term personal data under applicable law). The scope of data processing depends on the nature of your interaction with our online store:
2.1. Accessing the Website (Server Log Files)
When you visit our website, the server of our web hosting provider automatically collects technical data and stores it temporarily for a maximum of 7 to 30 days:
  • IP address of the terminal, operating system, type, version and language of the browser used.
  • Date and time of access, length of stay on the subpages and the website from which the access was made (referrer URL).
  • Legal basis: Legitimate interest in ensuring the stability, functionality and IT security of the system (Art. 6 para. 1 lit. f GDPR / Art. 31 para. 1 FADP).
2.2. Opening a customer account and order processing
In order to process orders in the online shop, deliver deliveries and process returns, complaints and payments, we collect the following data:
  • Salutation, first and last name, company name if applicable (optional).
  • Delivery and billing address (street, house number, zip code, city, country).
  • Email address and phone number (for delivery notifications).
  • Payment details (depending on the payment method chosen).
  • Legal basis: Performance of a contract or implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR / Art. 31 para. 2 lit. a FADP).
2.3. Newsletters and contact forms
  • Newsletter: If you sign up for our newsletter, we will process your e-mail address and data about your opening behaviour for marketing purposes. Registration takes place in a secure double opt-in procedure (confirmation via link required).
  • Contact forms: In the case of inquiries via contact form, chat or e-mail, the information will be used exclusively to process and answer your request.
  • Legal basis: Your voluntarily given consent (Art. 6 para. 1 lit. a GDPR / Art. 31 para. 1 FADP).

3. Disclosure of data to third parties

We only pass on your personal data to third parties if this is necessary for the performance of the contract, if there is a legal obligation, if we have a legitimate interest in doing so or if you have expressly consented. The disclosure is limited to the minimum absolutely necessary for the respective purpose.
3.1. Payment service providers and financial institutions
For the secure processing of cashless transactions, the payment data is transmitted to authorized payment service providers. We do not store credit card information on our servers. Depending on the payment method chosen, it will be passed on:
  • PostFinance Ltd (Bern, Switzerland): To process direct payments and authorize the connected payment channels.
  • TWINT AG (Zurich, Switzerland): To identify and authorize fast mobile payments via smartphone.
  • Credit cards (Visa / Mastercard): Processing is carried out via PCI-DSS-certified acquirers. The data is forwarded directly to the card issuers for validation (including 3D Secure / Identity Check).
  • Other payment services (Stripe, PayPal, Apple Pay, Google Pay): When selecting these services, the respective data protection regulations of these external operators also apply.
3.2. Logistics and shipping service providers
For the physical delivery of the ordered goods, your address data and, if applicable, contact details (e-mail/telephone for delivery status updates) will be passed on to logistics partners:
  • Swiss Post Ltd (Bern, Switzerland): As the main logistics provider for parcel and letter shipping in Switzerland.
  • External courier and freight forwarding services (e.g. DHL, DPD, FedEx, UPS): For express, bulky goods or international shipments. These partners are contractually obliged to treat your data confidentially and for a specific purpose.
3.3. Credit check and purchase on account (B2B / B2C)
If you choose the payment method “purchase on account” or register as a B2B customer, we reserve the right to carry out an automated identity and credit check. For this purpose, data (name, address, date of birth) may be transmitted to credit reference agencies (e.g. CRIF AG, POWERPAY / MF Group AG, Intrum AG). The result of this statistical evaluation (score value) determines the availability of this payment method.
  • Legal basis: Legitimate interest in avoiding payment defaults and credit fraud (Art. 6 para. 1 lit. f GDPR / Art. 31 para. 1 FADP).

4. Data transfer to third countries (incl. USA)

Some of our technology service providers (e.g. Google, Intuit) have their headquarters or servers outside of Switzerland and the European Union. The data transfer to the USA is based on the applicable adequacy decisions of the Swiss Federal Council and the EU Commission: Swiss-U.S. Data Privacy Framework (DPF) and the EU-U.S. Data Privacy Framework. For providers who are not certified under this agreement, the level of data protection is secured by the conclusion of standard contractual clauses (SCC).

5. Analyse-, Marketing-Tools und Spam-Schutz

Zur Optimierung unseres Onlineshops und zum Schutz unserer Formulare können auf unserer Website Dienste von Drittanbietern integriert sein:
5.1. Google Analytics 4 (GA4) & Google Ads
  • Wir nutzen GA4 zur Analyse des Nutzerverhaltens. IP-Adressen werden von Google standardmässig und sofort vor der Speicherung anonymisiert.
  • Diese Systeme nutzen erweiterte Konversionsfunktionen (Enhanced Conversions). Daten wie E-Mail-Adressen werden gehasht (SHA256-Algorithmus) sicher übertragen, sodass keine direkte Identifikation der Person stattfinden kann.
5.2. Newsletter-Versanddienste (Brevo / MailChimp)
  • Für die Verwaltung von Abonnenten und den Versand von Marketing-E-Mails nutzen wir professionelle Plattformen (z. B. Brevo / Sendinblue oder MailChimp / Rocket Science Group).
  • Diese E-Mails enthalten sogenannte Zählpixel, um zu messen, ob die E-Mail geöffnet und welche Links angeklickt wurden. Dies dient der bedarfsgerechten Anpassung unserer Inhalte.
5.3. Google reCAPTCHA / Cloudflare
  • Zum Schutz von Formularen (Registrierung, Login, Kontakt) vor Spam, Bots und Cyberangriffen setzen wir Sicherheits-Tools ein, die das Netzwerkverhalten der Nutzer analysieren.
5.4. Google Consent Mode v2 (Consent Management)
  • All analysis and marketing tools (Sections 5.1 and 5.2) are ONLY activated when you have given your active consent via our cookie banner (so-called opt-in). The rejection of these tools does not affect the shopping process in the online shop.

6. Storage period of data

We only store personal data for as long as is necessary for the fulfilment of the respective purposes or as required by law:
  • Customer account data: Until the time of a deletion request by the user.
  • Contract and accounting data: Will be stored for 10 years in accordance with the statutory retention obligations of the Swiss Code of Obligations (CO, Art. 957-963) and tax regulations. After this period, the data will be blocked or irrevocably deleted.

7. Your rights as a data subject

In accordance with the FADP and GDPR, you have the following rights, which you can assert at any time free of charge by sending us an e-mail:
  1. Right to information: You have the right to know what data we process about you and to request a copy of that data free of charge.
  2. Right to rectification: You can request the immediate correction of incorrect or incomplete data.
  3. Right to erasure (“right to be forgotten”): You can request the deletion of your data, provided that there is no legal obligation to retain data (e.g. 10-year retention obligation for invoices).
  4. Right to restriction and objection: You can object to the processing of your data for direct marketing purposes at any time.
  5. Right to data portability: You have the right to receive your data in a common, machine-readable format.
  6. Right of appeal: You have the right to lodge a complaint with the competent data protection supervisory authority (in Switzerland: Federal Data Protection and Information Commissioner – FDPIC, Feldeggweg 1, CH-3003 Bern).

8. Data security

We use modern, advanced technical and organizational security measures (in accordance with Art. 32 GDPR / Art. 8 FADP). All data traffic between your browser and our server – including the entire order process, logins and shopping cart – is transmitted encrypted using the secure SSL / TLS protocol (HTTPS).
As of: June 2026

schwalbenstr. 28 b

ch 9200 gossau

[email protected]

tel. 076 801 82 42

Terms and conditions

Privacy policy