Privacy policy

Privacy Policy

1. Scope and purpose

We respect your privacy and process personal data in accordance with Swiss data protection law (FADP) and – where EU customers are concerned – the GDPR.

This notice describes the nature, scope, purposes and legal bases of processing, categories of recipients, international transfers, retention periods, your rights and our security measures.

2. Controller

Maxlin GmbH ("Provider" / "we")
Hofgutweg 16A
3063 Ittigen, Switzerland
Phone: +41 (0)31 889 0 889
Email: info@sparklingshrimp.com
Authorized representative: Sebastian Marten

3. Data protection contact

No data protection officer is legally required under Swiss law; please use the contact details above for any privacy queries.

For EU data subjects, the above address is likewise your primary point of contact.

4. Categories of personal data

  • Master data: name, billing and shipping address, date of birth (age verification).
  • Contact data: email address, phone number.
  • Contract/order data: cart, products purchased, order/delivery history, returns.
  • Payment data: payment method, transaction ID/token (we do not store full card numbers).
  • Communication data: messages sent via contact forms and emails.
  • Usage/technical data: IP address, timestamps, logs, device/browser data, cookie IDs, consent records.
  • Marketing data: newsletter status, preferences and, where permitted, open/click metrics.

5. Purposes of processing

  • Initiating, concluding and performing purchase contracts including delivery and returns.
  • Compliance with legal obligations (e.g., tax retention, age verification).
  • Customer communication and support.
  • Payment processing and fraud prevention.
  • Operation, security and improvement of our website and systems.
  • Newsletter, web analytics and (re)marketing – in each case only based on consent.

6. Legal bases (GDPR for EU customers)

  • Art. 6(1)(b) GDPR (contract and pre‑contractual measures).
  • Art. 6(1)(c) GDPR (legal obligations).
  • Art. 6(1)(a) GDPR (consent for newsletter/cookies/tracking).
  • Art. 6(1)(f) GDPR (legitimate interests: IT security, fraud prevention, service optimisation).

Under Swiss law, processing is based on proportionality and purpose limitation (FADP).

7. Sources of data

We primarily obtain data directly from you (checkout, account, contact). Usage/technical data is generated automatically when you visit our site. Status information may be provided by payment/shipping providers.

8. Obligation to provide

Certain information is required for ordering, delivery and payment; without it, we cannot conclude the contract. Marketing/newsletter data is voluntary.

9. Recipients / categories of recipients

  • Payment service providers (e.g., Stripe, PayPal, acquiring banks).
  • Shipping/logistics providers (e.g., Swiss Post, DHL, DPD, UPS, in‑house courier).
  • IT/hosting/email/newsletter providers and a consent management platform.
  • Tax advisors and authorities where legally required.

Data processing agreements are in place; Standard Contractual Clauses (SCC) are used for third‑country transfers.

10. International transfers

Transfers outside Switzerland/EU/EEA occur only with an adequacy decision, appropriate safeguards (EU SCCs plus supplementary measures) or your explicit consent.

11. Retention and deletion

We retain personal data only as long as necessary or legally required:

  • Contract/accounting records: generally 10 years (statutory retention in Switzerland).
  • Customer account: until you delete it.
  • Newsletter data: until consent is withdrawn.
  • Cookies/tracking: per cookie lifetime or until revocation or browser deletion.

After expiry, data is deleted or anonymised.

12. Cookies and consent

We use necessary cookies (e.g., cart, login, checkout). Analytics/marketing cookies are set only with your consent via our banner. You can withdraw consent at any time with effect for the future ("Cookie settings").

13. Web analytics

With your consent we use analytics services for reach measurement and to improve our services. Pseudonymous user profiles may be created. Legal basis: consent; withdrawal possible at any time.

14. (Re)marketing and advertising

With consent we use marketing tags (e.g., for campaign measurement and interest‑based ads); transfers to the USA may occur. Appropriate safeguards are implemented.

15. Newsletter

For newsletters, we process your email address and, where provided, your name. Double opt‑in and logging of consent apply. You may unsubscribe at any time.

16. Payment processing

We transmit order and payment data to payment service providers who may process as independent controllers (e.g., fraud/risk checks).

17. Shipping/logistics

For delivery we transfer name, address and, where required, email/phone to shipping providers for delivery and notifications.

18. Age verification

We sell alcoholic products only to persons aged 18+. To comply with the law we may collect your date of birth and perform verification or identity checks.

19. Customer account

You may create an account. We store profile data, order history and preferences until you delete the account.

20. Automated decision‑making/profiling

We do not conduct solely automated decision‑making producing legal effects. Marketing segmentation may occur based on your consent.

21. Your rights

Subject to legal conditions you have rights of access, rectification, erasure, restriction, data portability, objection (including to direct marketing) and withdrawal of consent.

Switzerland: you may lodge a complaint with the FDPIC. EU: you may complain to your local supervisory authority.

22. Data security

We implement appropriate technical and organisational measures (e.g., access controls, encryption, backup concepts) to protect data.

23. Changes to this notice

We may amend this notice to reflect legal or operational changes. The version published on our website applies.

24. Contact

Please direct privacy queries to the Controller (see section 2).

Status: 24 August 2025