Skip to main content

Data privacy

1. Controller and Scope

This privacy policy describes how we process personal data when you use our website and online shop, contact us or make use of our services. It applies to all processing of personal data that we carry out in the course of our business activities, both under the Swiss Federal Act on Data Protection (FADP) and, where applicable, under the General Data Protection Regulation of the European Union (GDPR).

Company:
innexo AG
Rheinstrasse 219
7000 Chur
Switzerland
E-mail: info@innexo.ch

Authorised representatives:
Matthias Gut, CSO / Co-Founder
matthias.gut@innexo.ch
+41 79 905 08 54

Michael Junghans, CEO / Co-Founder
michael.junghans@innexo.ch
+41 75 423 99 23

Data protection officer:
Matthias Gut, CSO / Co-Founder
matthias.gut@innexo.ch
+41 79 905 08 54

2. Categories of processed personal data

In particular, we process the following categories of personal data:

  • Master data (e.g. name, address, contact details, customer number).
  • Contract and order data (e.g. ordered products, shopping cart, delivery address, invoicing data),
  • Payment data (e.g. chosen payment method, payment service provider, partial data relating to the pay-ment process; we do not store full credit card details if a payment provider is used),
  • Communication data (e.g. content of e-mails, contact form enquiries, support requests).
  • Usage and technical data (e.g. IP address, log files, date and time of access, pages visited, browser used),
  • Marketing and preference data (e.g. newsletter subscription, consents, opt-ins/opt-outs).

Where necessary, we may also process particularly sensitive personal data (e.g. in the context of support cases or legal disputes); this is done only on the basis of your explicit consent or a legal basis.

3. Purposes of data processing and legal bases

We process personal data for the following purposes:

  • For the initiation, performance and execution of contracts, in particular for operating the online shop, handling orders, delivery, invoicing and customer service,
  • For providing, maintaining and improving our website and IT systems (security, stability, error analysis, sta-tistical evaluations),
  • For communicating with you (responding to enquiries, support, notifications relating to orders),
  • For marketing purposes, in particular sending newsletters, product information and promotions, where le-gally permitted or based on your consent,
  • For complying with legal obligations (e.g. commercial and tax retention obligations, information and disclo-sure obligations under the FADP and GDPR),
  • For protecting legitimate interests, for example for the establishment or defence of legal claims, fraud pre-vention or the improvement of our offering.

Where the GDPR is applicable, we base the processing in particular on the following legal grounds:

  • Your consent (Art. 6 para. 1 lit. a GDPR), e.g. for newsletters or certain cookies/tracking tools; you may re-voke this at any time with effect for the future,
  • Performance of a contract and pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
  • Compliance with legal obligations (Art. 6 para. 1 lit. c GDPR),
  • Protection of vital interests of you or another natural person (Art. 6 para. 1 lit. d GDPR).
  • Performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 lit. e GDPR),
  • Protection of our legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR), in particular for se-curity purposes, reach measurement and internal administration.

Under Swiss law, the processing of personal data is generally permitted provided that the personality rights of the data subjects are not unlawfully infringed.

4. Source of the data

We generally receive personal data directly from you when you:

  • visit our website or online shop,
  • create a customer account,
  • place an order,
  • communicate with us,
  • register for a newsletter or other services.

Where legally permissible, we may also obtain personal data from other sources (e.g. public registers, address bro-kers, payment service providers, logistics partners), for example to update address data or to assess fraud risks.

5. Disclosure of personal data and processors

We disclose personal data, within the limits permitted by law and to the extent necessary for the purposes set out above, to the following categories of recipients:

  • Service providers (processors) in Switzerland and abroad, e.g. IT providers, hosting companies, newsletter tools, payment service providers, logistics and shipping companies.
  • External consultants and professionals (e.g. fiduciary services, legal advisors), where this is necessary for contract performance or the protection of legal rights.
  • Authorities, courts and other public bodies where we are legally obliged to do so or where we assert legiti-mate interests.

We carefully select our processors and contractually oblige them to comply with the applicable data protection regulations, in particular with regard to confidentiality, data security and processing only in accordance with our instructions.

6. Disclosure of data abroad

Personal data may be disclosed abroad, in particular to countries of the European Economic Area (EEA) and to other countries where the service providers we use are located. If data is transferred to a country without an ade-quate level of data protection, we ensure that appropriate safeguards are in place (e.g. by concluding standard contractual clauses or other instruments provided by law) or that a statutory exception applies (e.g. your consent, performance of a contract, establishment of legal claims).

7. Retention period

We store personal data only for as long as necessary for the purposes for which it was collected, or as required by statutory retention obligations. If processing is no longer necessary, the data will be deleted or anonymised where possible, subject to any further processing that is necessary to comply with legal obligations or to protect legitimate interests.

8. Rights of data subjects

Under Swiss data protection law and, where applicable, the GDPR, you have in particular the following rights:

  • Right to obtain information as to whether we process personal data concerning you and, if so, which data.
  • Right to rectification of inaccurate or incomplete personal data.
  • Right to erasure of personal data, provided that there are no statutory or contractual retention obligations.
  • Right to restriction of processing under the conditions laid down by law.
  • Right to data provision or data portability in a commonly used format, provided the legal requirements are met.
  • Right to object to certain processing activities, in particular to direct marketing or processing based on legit-imate interests, unless there are compelling legitimate grounds to the contrary.
  • Where processing is based on your consent, you may withdraw this consent at any time with effect for the future.

To exercise your rights, please contact us using the contact details provided in section 1. You also have the right to lodge a complaint with the competent supervisory authority (in Switzerland with the Federal Data Protection and Information Commissioner, in the EU with the competent data protection authority of your place of residence or work).

9. Cookies, tracking and similar technologies

We use cookies and similar technologies on our website and in the online shop to enable use, analyse usage and improve our offering. Both our own cookies (first-party cookies) and cookies from third parties (third-party cookies) may be used, for example for web analytics, reach measurement or marketing.

You can configure your browser to refuse cookies or to accept only certain cookies; however, this may mean that certain functions of the website are no longer fully available. Where consent is required for certain cookies and tools (in particular under the GDPR), we obtain this via a corresponding cookie banner or a comparable tool; you can adjust your settings there at any time.

If we use analytics or marketing tools (e.g. Matomo, Google Analytics, social media plugins), we provide information here or in a separate cookie/tracking notice about the providers used, the type of data collected and the options for objection/opt-out.

10. Newsletter and electronic communication

If you subscribe to our newsletter or wish to receive electronic marketing communications, we use your e-mail ad-dress and, where applicable, further personal details to send you such information. Dispatch takes place only with your consent or on the basis of a legal permission, and you can unsubscribe from the newsletter at any time with effect for the future (e.g. via the unsubscribe link in each e-mail).

We may use an external service provider to send the newsletter; in such cases, your data will be processed on our behalf on the basis of a data processing agreement.

11. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthor-ised access, disclosure, alteration or destruction. These measures include, for example, access restrictions, author-isation concepts, encryption and regular reviews of our security measures.

12. Profiling and automated individual decisions

If we use profiling (e.g. to personalise offers or to assess certain personal aspects), this is carried out – where re-quired by law – on the basis of your consent or our legitimate interests and in accordance with legal requirements. We will only make automated individual decisions producing legal effects or significantly affecting you in the cases permitted by law, and will provide separate information in such cases.

13. Special information for customers in the EU/EEA

If we specifically offer our goods or services to persons in the territory of the European Union or the European Eco-nomic Area, personal data is processed additionally in accordance with the provisions of the GDPR. In such cases, we ensure in particular that the information obligations under Art. 13 and 14 GDPR are fulfilled, that appropriate legal bases exist for each processing activity and that the rights of data subjects under Chapter III GDPR are respect-ed.

14. Amendments to this privacy policy

We may amend this privacy policy at any time, in particular if we change our data processing activities or if new legal requirements apply. The version published on our website at any given time shall apply; in the event of material changes, we will inform you in an appropriate manner.

01.02.2026