StickSafe

Privacy Policy

 

1. Data controller

Data controller within the meaning of Art. 5(j) of the Swiss Data Protection Act (DSG) and Art. 4(7) of the General Data Protection Regulation (GDPR):

Helvetic Vaultware

Detlef Eling

Hinterbergstrasse 19

6330 Cham

Switzerland

+41 41 553 71 91

info@sticksafe.ch

2. General information on data processing

We process the personal data of our customers and website visitors only to the extent necessary to provide a fully functional website, our content and our services. Data is processed only where there is a legal basis for doing so or where consent has been given.

2.1 Legal bases

Under the FADP (Art. 31):

Consent; performance of a contract; overriding private or public interest; legal obligation.

Under the GDPR (Art. 6(1)):

(a): Consent

(b): Performance of a contract / pre-contractual measures

(c): Legal obligation

(f): Legitimate interest

2.2 Begriffe

Begriffe wie „Personendaten”, „Bearbeitung”, „Verantwortlicher”, „Auftragsbearbeiter” verwenden wir im Sinne von Art. 5 DSG bzw. Art. 4 DSGVO.

3. Datensicherheit

Wir treffen angemessene technische und organisatorische Massnahmen (Art. 8 DSG, Art. 32 DSGVO):

  • TLS/HTTPS-Verschlüsselung für alle Datenübertragungen
  • Zugriffsbeschränkungen auf befugte Personen
  • regelmässige Aktualisierung der eingesetzten Software
  • verschlüsselte Datensicherung (Backups)

4. Server log files

When you visit the website, the hosting provider records technically necessary data in log files:

IP address (truncated or full)

Date and time of access

Page/file accessed

Amount of data transferred

Referrer URL

Browser type, version, operating system

Purpose: smooth operation, defence against attacks, error analysis.

Legal basis: Art. 31(2)(d) DSG / Art. 6(1)(f) GDPR (legitimate interest).

Retention period: typically 7–90 days (see CHECK note below).

Host: hosttech GmbH, Seestrasse 15a, 8805 Richterswil, Switzerland.

⚠️ CHECK: The specific retention period must be requested from the host.

5. Cookies and similar technologies

5.1 What are cookies?

Cookies are small text files that are stored on your device when you visit our website. Similar technologies (local storage, session storage, pixels) are treated in the same way.

5.2 Consent management

We use the Complianz plugin as a consent management tool. Functionally necessary cookies are set without consent (Art. 31(2)(a) DSG, Art. 6(1)(f) GDPR). All non-essential cookies are only set after you have given your active consent. Complianz is configured for opt-in in the banner. Functional cookies are always active; statistics and marketing categories are not pre-selected on your first visit. Visitors can actively accept, reject or save individual settings.

You can withdraw your consent at any time via the ‘Cookie settings’ link in the website footer.

5.3 Cookies used

Note: The following list is based on the plugins currently in use. We recommend running a cookie scan before publication to verify the specific cookie names, expiry dates and values (instructions: Browser DevTools → Application → Cookies, or in the Complianz dashboard).

Functional (mandatory, without consent)

CookieproviderPurposeDuration
wordpress_logged_in_*sticksafe.chLogin-Session BackendSession
wp-settings-*, wp-settings-time-*sticksafe.chWordPress settings1 Jahr
woocommerce_cart_hashsticksafe.chShopping basket contentsSession
woocommerce_items_in_cartsticksafe.chNumber of items in the basketSession
wp_woocommerce_session_*sticksafe.chShopping basket session2 Tage
pll_languagesticksafe.ch (Polylang)Language preference1 Jahr
cmplz_* (mehrere)sticksafe.ch (Complianz)Recording of consent status1 Jahr
__stripe_midStripeFraud prevention at checkout1 Jahr
__stripe_sidStripeFraud prevention (session)30 Min.

Statistics / Marketing (only with consent)

The following cookies and similar technologies are only set with your active consent. Statistical cookies are used to measure reach. Marketing cookies are used to measure the effectiveness of advertising campaigns and track purchase conversions.

Cookie / ProviderPurposeDurationthird country
_pmw_session_data, _pmw_persistent_data / Pixel Manager for WooCommerceManagement and handling of marketing and conversion events in the WooCommerce shopSession or depending on the configurationDepending on the linked service, in particular Google/USA
_ga, _ga_*, _gid (Google Analytics 4)Reach measurement, conversion trackingup to 2 yearsUSA
_gcl_au, _gcl_aw (Google Ads)Conversion-Tracking, Remarketing90 daysUSA

Google Analytics 4

We use Google Analytics 4 to analyse how our website is used. It is integrated via Complianz and is only activated in the ‘Statistics’ category once you have given your consent. Google Analytics may process information about website usage, technical browser and device information, as well as IP-related information that is either anonymised or, in the case of GA4, not stored permanently.

Google Ads Conversion Tracking

We use Google Ads Conversion Tracking to measure the success of our advertising campaigns, in particular to track purchase conversions in the WooCommerce shop. Google Ads Conversion Tracking is integrated via the “Pixel Manager for WooCommerce” plugin by SweetCode. The plugin is connected to Complianz; the explicit consent mode is enabled. Google Ads Conversion Tracking is therefore only activated in the “Marketing” category once you have given your consent.

The following services are currently configured in Pixel Manager for WooCommerce:

  •          Google Ads Conversion ID
  •          Google Ads Purchase Conversion Label

Data processed

When using Google Analytics 4 and Google Ads conversion tracking, the following data in particular may be processed:

  •          IP address or IP-related technical information
  •          Browser and device information
  •          pages and products viewed
  •          Click and order behaviour, e.g. add to basket, checkout and purchase
  •          Order total and order ID
  •          technical cookies and device identifiers
  •          User ID (if applicable) for logged-in customers

Legal basis: Processing is carried out on the basis of your consent in accordance with Section 31(1) of the Data Protection Act and Article 6(1)(a) of the GDPR. You may withdraw or amend your consent at any time via the ‘Manage consent’ or ‘Cookie settings’ link.

Transfer to a third country

Google may transfer personal data to the US. According to its own statements, Google LLC is certified under the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework; this certification is also listed in the official Data Privacy Framework directory. In addition, standard contractual clauses and other appropriate safeguards may be used.

The provider’s privacy policy:
Google: https://policies.google.com/privacy

Processing as part of the ordering process

6.1 What data?

When you place an order with sticksafe.ch, we process:

  • First name and surname
  • Billing and delivery address
  • Email address
  • telephone number (if applicable)
  • Order details (product, quantity, price)
  • Payment details (see 7.1)
  • IP address and order date and time
  • Any activation tokens generated (StickSafe Tokens plugin)

6.2 Purpose

Contract processing, delivery, invoicing, bookkeeping, customer service, compliance with statutory retention obligations, token generation for software activation.

6.3 Legal basis

  • Section 31(2)(a) of the Data Protection Act / Article 6(1)(b) of the GDPR (performance of a contract)
  • Section 31(2)(c) of the Data Protection Act / Article 6(1)(c) of the GDPR (legal obligation – accounting)

6.4 Retention period

  • Retention period: 10 years (Art. 958f of the Swiss Code of Obligations / § 147 of the German Fiscal Code for German customers)
  • Customer account: until the account is deleted
  • Activation token: valid for the duration of active use; remains linked to the order to prevent misuse

6.5 Activation token (StickSafe Tokens plugin)

To activate the StickSafe software, a unique activation token is generated when the order is placed. The token is stored on our servers alongside the order number. It is not shared with third parties. The token is used to prevent misuse (multiple activations) and to validate the licence.

7. External service providers (order processing)

7.1 Stripe (payment processing)

Provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (for EU/Swiss customers); Parent company: Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA.

Plugins used: “WooCommerce Stripe Gateway” (payment processing) and “Stripe Tax – Sales tax automation for WooCommerce” (automatic tax calculation).

Data transferred:

  • Name, email address, billing and delivery addresses
  • Payment details (the card number is transmitted directly to Stripe – we do not receive the card number in plain text)
  • Order total, order number, order items
  • IP address, device information (fraud prevention)
  • For Stripe Tax, additionally: delivery address + product categories for real-time tax calculation

Purpose: Payment processing, fraud prevention, automatic VAT calculation.

Legal basis: Section 31(2)(a) of the Data Protection Act / Article 6(1)(b) of the GDPR (performance of a contract); for the calculation of tax, additionally Article 6(1)(c) of the GDPR (legal obligation).

Data processing: We have a data processing agreement in place with Stripe (Stripe DPA, available online in the Stripe dashboard).

Transfer to third countries: Stripe may transfer data to the US. Basis: EU Standard Contractual Clauses + EU-US Data Privacy Framework (Stripe is certified).

Stripe Privacy Policy: https://stripe.com/de/privacy

7.2 Hosting

Hoster: hosttech GmbH, Seestrasse 15a, 8805 Richterswil, Schweiz.

Purpose: Provision of the website, delivery of digital content (software downloads, activation tokens).

Legal basis: Section 31(2)(a) of the Data Protection Act / Article 6(1)(f) of the General Data Protection Regulation.

Data processing: A data processing agreement is in place with the hosting provider.

7.3 Creating a backup

To ensure the security of the website and the underlying database, our hosting provider, hosttech, creates automatic backups. According to hosttech, the hosting servers create automatic full backups of all files every 24 hours. These are available for a maximum period of seven days.

Backups may contain personal data relating to customers, in particular order details, customer details, account information and technical log data.

Purpose: To restore the website in the event of a fault, to protect against data loss, to ensure data security and to carry out technical maintenance.

Legal basis: Section 31(2)(d) of the Data Protection Act (DSG) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest lies in the secure and stable operation of the website and in ensuring that it can be restored in the event of a fault.

Retention period: According to hosttech, the hosting provider’s automatic backups are available for a maximum of seven days. Backups created manually – for example, as part of maintenance, updates or migrations – are only stored for as long as is necessary for the respective purpose and are subsequently deleted.

7.3 Google Fonts

The fonts used on our website are hosted locally on our own web server. No connection is made to Google Fonts or any other external font provider when the fonts are loaded. Consequently, no personal data is transmitted to Google as a result of the font integration.

8. Transfer to third countries

Where personal data is transferred to countries outside Switzerland and the EEA, this will only take place if

  • an adequacy decision is in place (e.g. the EU-US Data Privacy Framework for certified organisations),
  • EU Standard Contractual Clauses (SCCs) have been concluded with the recipient, or
  • the data subject has given their explicit consent (Art. 17 of the Data Protection Act / Art. 49 of the GDPR).

Specifically, this applies in particular to data transfers to the USA (Stripe, and possibly Google, Meta, Microsoft and Pinterest) and, where applicable, to China (TikTok, provided that the tracking pixel is active).

List of countries deemed adequate by the FDPIC: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html

9. Getting in touch

If you contact us by email, we will process the information you provide in order to deal with your enquiry.

This may include, in particular, the following data:

  • Name, if provided
  • Email address
  • Telephone number, if provided
  • Details of your enquiry
  • Time of initial contact
  • any further information you choose to provide us with

Your data is processed in order to respond to your enquiry, to communicate with you and, where applicable, to take steps prior to entering into a contract or to fulfil an existing contractual relationship.

Legal basis: Section 31(2)(a) of the Data Protection Act (DSG) and Article 6(1)(b) of the General Data Protection Regulation (GDPR), insofar as the contact is made in connection with a contract or pre-contractual measures. In all other cases, processing is carried out on the basis of our legitimate interest in the proper handling of your enquiry in accordance with Art. 31(2)(d) of the Data Protection Act (DSG) and Art. 6(1)(f) of the General Data Protection Regulation (GDPR).

Retention period: Your enquiry will be stored for as long as is necessary to process it. General enquiries are usually deleted after 24 months at the latest, provided there are no legal retention obligations to the contrary. Correspondence relating to contracts or business matters may be retained for up to 10 years due to legal retention obligations.

10. Multilingualism (Polylang plugin)

The website is available in several languages. To manage your language preference, we store the pll_language cookie (see 5.3). No data is shared with third parties.

11. Your rights

As a data subject, you have the following rights:

  • Right of access (Art. 25 DSG / Art. 15 GDPR)
  • Rectification (Art. 32 of the Data Protection Act / Art. 16 of the GDPR)
  • Erasure (Art. 32 of the Data Protection Act / Art. 17 of the GDPR), provided there is no legal obligation to retain the data
  • Restriction of processing (Article 18 of the GDPR)
  • Data portability (Art. 28 of the Data Protection Act / Art. 20 of the GDPR)
  • Objection to processing based on legitimate interests (Art. 30 DSG / Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Section 31(1) of the Data Protection Act / Article 7(3) of the GDPR)

To make a claim, please contact: info@sticksafe.ch

We may ask you to provide proof of identity to ensure that the information is provided to the authorised person.

12. Right to complain

Individuals residing in Switzerland:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)

Feldeggweg 1, 3003 Bern

https://www.edoeb.admin.ch

Data subjects residing in the EEA:

The supervisory authority of the country of residence.

13. Automated decision-making / Profiling

No fully automated individual decision-making process that has legal effects on you or similarly significantly affects you will take place.

In particular, there is no automated credit check, no automated scoring, no automated rejection of orders and no automated pricing based on personal characteristics.

When using Google Analytics 4 and Google Ads, pseudonymous usage, event and conversion data may be processed with your consent. This processing is used to measure reach, analyse website usage and assess the success of advertising campaigns. It does not result in automated individual decision-making within the meaning of Section 21 of the Data Protection Act (DSG) or Article 22 of the General Data Protection Regulation (GDPR).

You can withdraw or change your consent to statistical and marketing services at any time via the ‘Manage consent’ or ‘Cookie settings’ link.

14. Changes to this privacy policy

We will update this privacy policy whenever changes to our data processing practices make this necessary. The version available at the time of your visit shall apply.

As of: May 2026