Made to Measure
Sweden
Betterwalls

Privacy

Status: October 2025

1. Data Controller

The data controller pursuant to the General Data Protection Regulation (GDPR) and other data protection provisions is:

Vision Consulting AG
Compliance
Bächausstrasse 61
CH-8806 Bäch SZ
Switzerland

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
Website: www.betterwalls.se

Note: Vision Consulting AG has not appointed a data protection officer as there is no statutory obligation to do so.

1b. Data Transfer to Switzerland

The processing of your data is carried out partly by the data controller in Switzerland. Switzerland has an adequacy decision from the European Commission (Decision 2000/518/EC as amended by Implementing Decision (EU) 2024/1159), which means that an adequate level of data protection is ensured.

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

We generally only process personal data from our users to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data regularly occurs only with the user's consent. An exception applies in cases where it is not possible to obtain consent in advance for factual reasons and the processing of the data is permitted by statutory provisions.

2.2 Legal Basis for Processing

Insofar as we obtain consent from the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

2.2a Data Processors

We use external service providers to provide our services (e.g. Shopify, Google Analytics, payment service providers, shipping companies). We have concluded agreements pursuant to Article 28 GDPR (data processing agreements) with all data processors who process personal data on our behalf. These agreements ensure that processing only takes place in accordance with our instructions and that an adequate level of protection is guaranteed.

2.3 Deletion of Data and Storage Period

The data subject's personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for continued storage of the data for the conclusion or fulfilment of a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system reaches our website (referrer URL)
  • Websites accessed by the user via our website
  • Amount of data transferred
  • Message about successful retrieval

The data is also stored in our system's log files. This data is not stored together with the user's other personal data.

3.2 Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR lies in these purposes.

3.3 Storage Period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session ends. In the case of storage of data in log files, this occurs at the latest after seven days. Storage beyond this is possible. In such cases, the users' IP addresses are deleted or anonymised so that an association with the calling client is no longer possible.

3.4 Possibility of Objection and Removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in or by the browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

4.2 Categories of Cookies

We use the following categories of cookies on our website:

Necessary Cookies (technically required)

  • Purpose: Basic functionality of the website, session management, shopping cart, checkout
  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)
  • Storage period: Session cookies (deleted after browser is closed) or up to 30 days

Preference Cookies

  • Purpose: Storage of user settings (language, region)
  • Legal basis: Article 6(1)(a) GDPR (consent)
  • Storage period: Up to 12 months

Statistics Cookies

  • Purpose: Analysis of user behaviour, optimisation of website
  • Legal basis: Article 6(1)(a) GDPR (consent)
  • Storage period: Up to 24 months

Marketing Cookies

  • Purpose: Display of personalised advertising, tracking across multiple websites
  • Legal basis: Article 6(1)(a) GDPR (consent)
  • Storage period: Up to 24 months

4.3 Specific Cookie List

The following cookies are used on our website:

Shopify cookies (necessary):

  • _shopify_s: Session ID, 1 day
  • _shopify_y: Permanent store ID, 1 year
  • cart: Shopping cart information, 14 days
  • cart_sig: Shopping cart signature, 14 days
  • secure_customer_sig: Customer login signature, 20 years
  • storefront_digest: Store authentication, 2 years

Google Analytics cookies (statistics, only with consent):

  • _ga: Client ID to distinguish users, 2 years
  • _gid: Client ID to distinguish users, 24 hours
  • _gat: Request rate limiting, 1 minute

Facebook cookies (marketing, only with consent):

  • _fbp: Facebook Pixel tracking, 3 months
  • fr: Facebook ad ID, 3 months

Google Ads cookies (marketing, only with consent):

  • _gcl_au: Google Ads conversion tracking, 90 days
  • IDE: Google DoubleClick, for ad targeting and remarketing, 13 months
  • test_cookie: Checks browser's cookie support, 15 minutes
  • Conversion cookie: Specific cookie for each conversion action, 30 days

4.4 Legal Basis and Purpose of Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6(1)(a) GDPR when the user has given consent.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The user data collected via technically necessary cookies is not used to create user profiles. The use of analysis cookies is carried out for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can thus constantly optimise our offering.

Our legitimate interest in the processing of personal data pursuant to Article 6(1)(f) GDPR lies in these purposes.

4.5 Storage Period, Possibility of Objection and Removal

Cookies are stored on the user's computer and transmitted from there to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all functions of the website in full.

You can adjust your cookie settings at any time via our cookie banner.

5. Google Analytics

5.1 Scope of Processing of Personal Data

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies that enable an analysis of your use of the website.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. We have activated IP anonymisation on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website use and internet use to the website operator.

5.2 Legal Basis for Processing Personal Data

The legal basis for the use of Google Analytics is Article 6(1)(a) GDPR (consent). Use only takes place if you have given your consent via our cookie banner.

5.3 Purpose of Data Processing

The use of Google Analytics aims to analyse our website and optimise our internet presence.

5.4 Storage Period

The data we send that is linked to cookies is automatically deleted after 14 months. Deletion of data whose storage period has been reached takes place automatically once a month.

5.5 Possibility of Objection and Removal

You can prevent the storage of cookies by making appropriate settings in your browser. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

As an alternative to the browser plugin, you can revoke your consent via our cookie banner or click on this link to prevent the collection of Google Analytics within this website in the future (opt-out only works in this browser and only for this domain). An opt-out cookie will then be placed on your device. If you delete your cookies in this browser, you must click on this link again.

5.6 Data Transfer to Third Countries

Google processes your data in the USA. The USA has an adequacy decision from the European Commission (EU-US Data Privacy Framework). Google LLC is certified under the EU-US Data Privacy Framework. More information at: https://www.dataprivacyframework.gov/

More information about data protection at Google Analytics can be found at: https://support.google.com/analytics/answer/6004245

6. Social Media Plugins

6.1 Facebook Social Plugins

Our website uses so-called social plugins ("plugins") from the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

Plugins are marked with a Facebook logo (white "f" on a blue background or a "thumbs up" symbol) or are marked with the addition "Facebook Social Plugin".

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website by it.

Through the integration of plugins, Facebook receives the information that you have visited the corresponding page on our website. If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you interact with plugins, for example by clicking the "like" button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there.

Legal basis: Article 6(1)(a) GDPR (consent via cookie banner)

Purpose: Integration of social network functions, enabling sharing of content

Data transfer: Facebook processes data partly in the USA. Meta Platforms is certified under the EU-US Data Privacy Framework.

Objection: If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. You can also block Facebook plugins completely with add-ons for your browser.

More information about the purpose and scope of data collection and processing of data by Facebook can be found in Facebook's privacy notices: https://www.facebook.com/about/privacy/

6.3 Google Tag Manager

We use Google Tag Manager, a service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Description and scope: Google Tag Manager is a tag management solution with which we can manage so-called website tags via an interface. Tags are small code elements on our website that are used, among other things, to measure traffic and visitor behaviour, register the effect of online advertising and social channels, use remarketing and target audience targeting, and test and optimise websites.

Google Tag Manager itself (which implements tags) is a cookie-free domain and does not register any personal data. Tag Manager activates other tags which in turn can collect data. This collection takes place through the tools integrated via Tag Manager (e.g. Google Analytics, Facebook Pixel).

Legal basis: Article 6(1)(f) GDPR (legitimate interest in effective management and optimisation of our marketing tools)

Purpose: Centralised management and implementation of analysis and marketing tags without direct code changes

Data transfer: Tag Manager can transfer technical information (IP address, browser, device) to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework.

Objection: You cannot deactivate Tag Manager directly, but you can deactivate the individual services integrated via Tag Manager (e.g. Google Analytics, Facebook Pixel) via our cookie banner.

More information about Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

6a. Meta Pixel (Facebook Pixel)

We use "Meta Pixel" (formerly "Facebook Pixel") on our website, a service from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

6a.1 Description and Scope of Data Processing

Meta Pixel is a code snippet that is integrated on our website and records various actions by visitors. The following data is collected and transmitted to Meta:

  • Technical information: IP address, browser type, operating system, device type
  • URLs visited and timestamps
  • Interactions on the website (page views, clicks, products added to cart, purchases)
  • HTTP referrer (previous website)
  • Cookie data and device ID
  • For logged-in Facebook users: connection to your Facebook profile

Meta Pixel sets cookies (see section 4.3: _fbp, fr) that enable recognition of your browser on future visits.

6a.2 Purposes of Use for Meta Pixel

We use Meta Pixel for the following purposes:

Conversion tracking: Measuring the effectiveness of our Facebook and Instagram advertising campaigns by recording conversions (e.g. purchases, registrations)

Custom Audiences: Creating audiences based on website visitors for targeted advertising on Facebook and Instagram

Remarketing: Displaying personalised ads to people who have already visited our website

Lookalike Audiences: Creating audiences that resemble our existing customers

Optimisation of advertising campaigns: Automatic optimisation of the delivery of our ads to people who are most likely to perform the desired action

6a.3 Legal Basis

The legal basis for the use of Meta Pixel is Article 6(1)(a) GDPR (consent). Processing only takes place if you have given your consent via our cookie banner.

6a.4 Data Transfer to Third Countries

Meta also processes collected data on servers in the USA. Meta Platforms is certified under the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/

In addition, we have concluded standard contractual clauses with Meta pursuant to Article 46 GDPR.

6a.5 Storage Period

Meta stores data collected via the pixel for different periods:

  • Event data (e.g. page views, purchases): 90 days
  • Custom Audiences: Up to 180 days after last activity or until we delete them
  • Cookies: Up to 90 days (cookie _fbp)

6a.6 Objection Options and Opt-Out

You have several options to prevent data collection via Meta Pixel:

1. Cookie banner: Reject marketing cookies in our cookie banner or revoke your consent.

2. Facebook settings: If you have a Facebook account, you can deactivate the display of personalised ads in your ad settings:

  • Facebook: https://www.facebook.com/settings?tab=ads
  • Instagram: Via the app under Settings → Ads

3. Browser settings: Block cookies from Meta in your browser settings or use browser extensions such as "Facebook Container" (Firefox).

4. Logging out of Facebook: Log out of Facebook before visiting our website to prevent direct connection to your profile.

More information about Meta Pixel and data protection:

  • Meta's privacy policy: https://www.facebook.com/privacy/explanation
  • Meta Pixel data usage: https://www.facebook.com/business/help/742478679120153
  • Meta's cookie policy: https://www.facebook.com/policies/cookies/

6b. Google Ads Conversion Tracking

We use Google Ads conversion tracking, a service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), to measure the effectiveness of our Google Ads advertising campaigns.

6b.1 Description and Scope of Data Processing

When you click on one of our Google ads, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 days and are not used for personal identification.

If you visit certain pages on our website and the cookie has not yet expired, Google and we can see that you clicked on the ad and were forwarded to this page.

Data collected:

  • Cookie ID
  • Timestamp of ad click
  • Pages visited on our website
  • Actions performed (e.g. purchases, registrations)
  • IP address (shortened)
  • Technical information (browser, device, operating system)

Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Google Ads customers' websites.

6b.2 Purposes of Use

The information collected using the conversion cookie is used to:

  • Create conversion statistics (e.g. how many users make a purchase after clicking on an ad)
  • Measure the success of our advertising campaigns
  • Optimise our advertising campaigns
  • Calculate cost per conversion

6b.3 Legal Basis

The legal basis for the use of Google Ads conversion tracking is Article 6(1)(a) GDPR (consent). Processing only takes place if you have given your consent via our cookie banner.

6b.4 Data Transfer to Third Countries

Google also processes your data on servers in the USA. Google LLC is certified under the EU-US Data Privacy Framework. More information: https://www.dataprivacyframework.gov/

6b.5 Storage Period

Conversion cookies have a storage period of 30 days. Conversion statistics are stored by Google for different periods, usually for 90 days.

6b.6 Objection Options and Opt-Out

You can prevent participation in conversion tracking in various ways:

1. Cookie banner: Reject marketing cookies in our cookie banner or revoke your consent.

2. Browser settings: Set your browser so that cookies from the domain "googleadservices.com" are blocked.

3. Google Ads settings: Deactivate personalised ads in your Google account settings:
https://adssettings.google.com/

4. Browser plugin: Install Google Analytics Opt-out Browser Add-on:
http://tools.google.com/dlpage/gaoptout

5. Additional opt-out options:
- Digital Advertising Alliance: http://www.aboutads.info/choices/
- Network Advertising Initiative: http://www.networkadvertising.org/choices/

More information about Google Ads and data protection:

  • Google's privacy policy: https://policies.google.com/privacy
  • Google Ads conversion tracking: https://support.google.com/google-ads/answer/1722022

7. Shopify E-Commerce Platform

Our website is operated on the e-commerce platform Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (or if you are resident in North America, Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada).

7.1 Scope of Data Processing

Shopify processes the following data to provide the e-commerce infrastructure:

  • Order data (products, quantities, prices)
  • Customer data (name, address, email, telephone number)
  • Payment information (however, not stored permanently by us)
  • Technical data (IP address, browser, device)
  • User behaviour (pages visited, clicks, dwell time)

7.2 Legal Basis and Purpose

Legal basis: Article 6(1)(b) GDPR (performance of contract) and Article 6(1)(f) GDPR (legitimate interest in reliable hosting and e-commerce infrastructure)

Purpose: Provision of online store, order management, payment processing, shipping management, customer support

7.3 Shopify Analytics

Shopify automatically collects analytics data on the use of our store:

  • Number of visitors and page views
  • Dwell time and bounce rate
  • Conversions and abandoned shopping carts
  • Product views and purchases
  • Geographical origin of visitors

This data is used to optimise our store offering and improve the user experience.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in store optimisation)

7.4 Storage Period

Shopify stores your data as long as you have a customer account with us or we are legally obliged to store it (e.g. tax storage periods of up to 10 years).

7.5 Data Transfer to Third Countries

Shopify processes data on servers in Canada and the USA. Shopify is certified under the EU-US Data Privacy Framework and has concluded standard contractual clauses with us.

More information about data protection at Shopify can be found at: https://www.shopify.com/legal/privacy

8. Payment Service Providers

8.1 PayPal

On our website we offer payment via PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you pay with PayPal, your entered payment information is transferred to PayPal. The data transfer to PayPal is based on Article 6(1)(b) GDPR (performance of contract) and only to the extent necessary for payment processing.

PayPal may also transfer data to the USA. PayPal is certified under the EU-US Data Privacy Framework.

More information about data processing by PayPal can be found in PayPal's privacy policy: https://www.paypal.com/se/webapps/mpp/ua/privacy-full

8.2 Shopify Payments

We use Shopify Payments as an additional payment service provider. Shopify Payments is provided by Shopify International Limited or Shopify Inc. and cooperates with various payment service providers (e.g. Stripe).

When paying via Shopify Payments, your payment information is transferred encrypted via a secure connection. We do not store any credit card information ourselves. The payment information is transferred directly to the payment service provider and processed there.

Legal basis: Article 6(1)(b) GDPR (performance of contract)

Purpose: Secure processing of online payments

Data transfer: Shopify Payments may transfer data to the USA and Canada. Shopify is certified under the EU-US Data Privacy Framework.

More information: https://www.shopify.com/legal/privacy

9. Shipping Companies

To handle shipping, we forward your data to the following shipping companies:

9.1 DHL (Deutsche Post DHL Group)

Provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

Data transferred: Name, delivery address, telephone number (optional), email address (for tracking), package contents (product description)

Legal basis: Article 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Storage period: According to statutory storage periods within transport law

Privacy notices: https://www.dhl.de/de/privatkunden/information/datenschutz.html

9.2 DPD (DPD Deutschland GmbH)

Provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

Data transferred: Name, delivery address, telephone number (optional), email address (for tracking)

Legal basis: Article 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Privacy notices: https://www.dpd.com/de/de/datenschutzerklaerung/

9.3 Schweizer Post

Provider: Die Schweizerische Post AG, Wankdorfallee 4, 3030 Bern, Switzerland

Data transferred: Name, delivery address, telephone number (optional), email address (optional)

Legal basis: Article 6(1)(b) GDPR (performance of contract)

Purpose: Delivery of ordered goods

Privacy notices: https://www.post.ch/de/pages/footer/datenschutz

10. Newsletter

10.1 Description and Scope of Data Processing

You have the option to subscribe to our newsletter via our website. The newsletter is sent via Shopify. The following data is transferred to us during registration:

  • Email address (mandatory information)
  • IP address of the calling computer
  • Date and time of registration

In connection with the registration process, your consent is obtained for the processing of this data and reference is made to this privacy policy.

After your registration, you will receive an email to confirm your registration (double opt-in procedure). Only after confirmation by clicking on the link in this email will you be added to the newsletter list.

10.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data after registration for the newsletter by the user is Article 6(1)(a) GDPR where consent exists.

The collection of the email address serves to deliver the newsletter. The collection of the IP address and the time of registration serves to be able to trace any misuse of the data subject's email address at a later date and as proof of the consent given.

10.3 Storage Period

The data is deleted as soon as it is no longer required to achieve the purpose of collection. The user's email address is therefore stored as long as the newsletter subscription is active.

10.4 Possibility of Objection and Removal

The newsletter subscription can be cancelled at any time by the registered user. For this purpose, there is a corresponding link in each newsletter. This also enables a revocation of consent to the storage of personal data collected during the registration process.

12. Registration and Customer Account

12.1 Description and Scope of Data Processing

You have the option to register on our website and create a customer account. The following data is collected:

  • Email address (mandatory information)
  • Password (stored encrypted)
  • Title, first name and surname
  • Address (billing address, optional delivery address)
  • Telephone number (optional)
  • Date of birth (optional)
  • IP address and time of registration

In connection with the registration process, your consent is obtained for the processing of this data.

12.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data is Article 6(1)(a) GDPR where consent exists. If registration aims to fulfil a contract or implement measures before concluding a contract, an additional legal basis is Article 6(1)(b) GDPR.

Registration is necessary to provide certain content and services on our website. A customer account enables you in particular to:

  • Place orders without re-entering your data
  • View your order history
  • Manage your address details
  • Save your settings

12.3 Storage Period

The data is deleted as soon as it is no longer required to achieve the purpose of collection. This is the case when you delete your customer account. Storage beyond this may take place if we are legally obliged to store it (e.g. commercial or tax storage periods of up to 10 years for order data).

12.4 Possibility of Objection and Removal

You have the option at any time to delete your customer account. Please contact us using the contact details provided or use the account deletion function in your customer area.

12a. Order Processing and Contract Performance

12a.1 Description and Scope of Data Processing

When purchasing products in our online store, the following personal data is collected and processed in connection with order processing:

Mandatory information:

  • Title, first name and surname
  • Billing address (street, house number, postcode, city, country)
  • Email address
  • Order data (ordered products, quantities, prices, order number, order date)

Optional information:

  • Different delivery address
  • Telephone number
  • Date of birth (when selecting payment method "purchase on invoice" for credit check)
  • Company information (for commercial orders)

Automatically collected data:

  • IP address
  • Date and time of order
  • Payment information (however, not stored permanently by us but transferred directly to payment service providers)

The data is required to process your purchase contract. Without this data, we cannot process and execute your order.

12a.2 Legal Basis for Data Processing

The legal basis for processing data in connection with order processing is Article 6(1)(b) GDPR (performance of contract). Processing is necessary to fulfil the purchase contract.

12a.3 Disclosure of Data

Your order data is forwarded to the following recipients to the extent necessary to fulfil the contract:

  • Shipping companies (DHL, DPD, Schweizer Post): Name, delivery address, telephone number (optional), email address (for tracking)
  • Payment service providers (PayPal, Shopify Payments): Name, billing address, email address, payment information
  • Shopify (e-commerce platform): All order data for technical processing (see section 7)

Disclosure to other third parties does not take place unless we are legally obliged to do so (e.g. to tax authorities) or you have given express consent.

12a.4 Storage Period

Your order data is stored during the performance of the contract. After the contract has been fulfilled, the data is stored under statutory storage periods:

  • Commercial storage obligations (§ 257 HGB): 10 years for commercial books, inventories, opening balance sheets, annual financial statements, accounting documents
  • Tax storage obligations (§ 147 AO): 10 years for invoices and accounting documents

After these periods have expired, the data is deleted unless you have consented to longer storage or we are obliged to longer storage for legal reasons.

12a.5 Possibility of Objection and Removal

The collection and processing of data is absolutely necessary for the performance of the purchase contract. Without this data, we cannot process your order. An objection to data processing in connection with contract performance is therefore not possible as long as the contractual relationship exists.

After statutory storage periods have expired, you can request deletion of your order data at any time.

13. Contact Form and Email Contact

13.1 Description and Scope of Data Processing

Our website contains a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted and stored to us. This data is usually:

  • Name
  • Email address
  • Subject
  • Message
  • IP address and time of sending

Alternatively, contact is possible via the email address provided. In this case, the personal data transmitted with the email from the user is stored.

In this context, there is no disclosure of data to third parties. The data is used exclusively for processing the conversation.

13.2 Legal Basis and Purpose of Data Processing

The legal basis for processing data is Article 6(1)(a) GDPR where consent exists. The legal basis for processing data transmitted when sending an email is Article 6(1)(f) GDPR. If email contact aims to conclude a contract, an additional legal basis is Article 6(1)(b) GDPR.

The processing of personal data aims only to handle the contact. In the case of contact via email, the necessary legitimate interest in processing the data also lies therein.

13.3 Storage Period

The data is deleted as soon as it is no longer required to achieve the purpose of collection. For personal data from the contact form's input mask and those sent via email, this is when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

Storage beyond this may take place if statutory storage periods exist.

13.4 Possibility of Objection and Removal

The user has the option at any time to revoke consent to the processing of personal data. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Please contact us using the contact details provided for this purpose.

All personal data stored in connection with the contact is deleted in this case, to the extent that no statutory storage periods prevent this.

14. Product Reviews

If you leave a product review on our website, the following data is stored:

  • Your name or pseudonym (as stated by you)
  • Email address (not published)
  • Review text
  • Star rating
  • Date of review
  • IP address (to prevent abuse)

Legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest in genuine customer reviews)

Purpose: Publication of customer opinions, improvement of product quality, building trust

Storage period: Reviews are stored permanently until you request deletion or we must remove the review for legal reasons.

14a. IMPORTANT: Your Right to Object

You have the right to object to the processing of your personal data at any time!

Pursuant to Article 21 GDPR, you can in particular object:

  • Objection to direct marketing: If your data is processed for advertising purposes, you can object at any time and without giving reasons. After your objection, we will no longer use your data for advertising purposes.
  • Objection to processing based on legitimate interest: If processing is based on Article 6(1)(f) GDPR (legitimate interest), you can object for reasons arising from your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds.

How to object:

Email: dataprotection@vision.ch
Phone: +41 44 560 94 30
In writing: Vision Consulting AG, Compliance, Bächausstrasse 61, CH-8806 Bäch SZ, Switzerland

For objection to newsletter: Click the unsubscribe link in each newsletter.

For objection to cookies and tracking: Adjust your settings in the cookie banner or use browser settings.

15. Data Subject Rights

If personal data concerning you is processed, you are a data subject under the GDPR and you have the following rights vis-à-vis the data controller:

15.1 Right of Access (Article 15 GDPR)

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing exists, you can request information from us about the following:

  • the purposes for which the personal data is being processed
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
  • the planned period for storing the personal data concerning you
  • the existence of a right to rectification or erasure of personal data concerning you
  • the existence of a right to restriction of processing or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • all available information about the origin of the data if the personal data was not collected from the data subject
  • the existence of automated decision-making including profiling and meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

15.2 Right to Rectification (Article 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the data controller if the processed personal data concerning you is inaccurate or incomplete.

15.3 Right to Restriction of Processing (Article 18 GDPR)

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the data controller to verify the accuracy of the personal data
  • the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use
  • the data controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims
  • if you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been established whether the data controller's legitimate grounds override your grounds

15.4 Right to Erasure (Article 17 GDPR)

You may request the data controller to erase personal data concerning you without undue delay, and the data controller is obliged to erase this data without undue delay if one of the following grounds applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed
  • You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal ground for the processing
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR
  • The personal data concerning you has been unlawfully processed
  • The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union law or Member State law to which the data controller is subject

The right to erasure does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation or for the performance of a task carried out in the public interest
  • for the establishment, exercise or defence of legal claims

15.5 Right to Notification (Article 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the data controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the data controller to be informed about these recipients.

15.6 Right to Data Portability (Article 20 GDPR)

You have the right to receive the personal data concerning you which you have provided to the data controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data has been provided, where:

  • the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
  • the processing is carried out by automated means

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one data controller to another data controller, where technically feasible.

15.7 Right to Object (Article 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The data controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

15.8 Right to Withdraw Data Protection Consent (Article 7(3) GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

15.9 Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority responsible for Sweden is:

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Sweden
Phone: +46 8 657 61 00
Email: imy@imy.se
Website: https://www.imy.se

16. Data Security

We use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser when visiting the website. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in your browser's lower status bar.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

17. Currency and Amendment of this Privacy Policy

This privacy policy is current and has the status of October 2025.

Through further development of our website and offers thereon or due to changed statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be retrieved and printed by you at any time on the website at https://www.betterwalls.se/pages/privacy