Privacy Policy

Last updated: 05/05/2026

Thank you for visiting our website and for your interest in our company.

This Privacy Policy informs all users of our website about the type, scope, and purpose of the processing of personal data. Personal data includes all information by which you can be personally identified – even indirectly or by combining different data sources. This includes, in particular, the IP address of your device. Information stored in cookies generally does not constitute personal data, or only in exceptional cases; however, special legal requirements apply to their use, especially regarding necessary consent.

In the general section of this Privacy Policy, you will receive basic information on data protection and the processing of personal data on our website. Furthermore, we will inform you in detail about your rights as a data subject.

We strive for the most gender-neutral wording possible. Should individual terms not fully reflect this, all information naturally applies to people of all genders.

The terms used in this Privacy Policy and the processing of personal data are based on the General Data Protection Regulation of the European Union ("GDPR") and the applicable national data protection regulations.

Controller in terms of the GDPR

Bodyswiss AG
Bodenstrasse 5
8332 Rumlikon
Switzerland

Email: admin@bodyswiss.com
Phone: +41 44 740 11 88

Data collection on our website

Personal data about you is collected, on the one hand, when you explicitly provide it to us. On the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure the flawless functioning of our website. Other data can be used for analysis purposes. However, you can generally use our website without having to provide personal information.

Technologies on our website

Cookies and Local Storage

To provide our website in a user-friendly and technically optimized way, we use cookies. These are small data sets that are stored or exchanged between your browser and our web server. Some of these cookies remain on your device.

Cookies serve, in particular, to recognize visitors when they revisit our website. They do not contain malware, cannot execute independent code, and do not allow access to your device.

When you visit our website again, the information stored in the cookie can be transmitted either to us ("first-party cookies") or to third-party services ("third-party cookies"). This allows us to recognize that the website has already been visited with the same browser.

A cookie can contain the following information in particular:

Cookie name
Origin server
Individual identification number
Cookie expiration date

Depending on their function, we distinguish between the following types of cookies:

Technically necessary cookies
Statistics or analysis cookies
Marketing and advertising cookies
Unclassified cookies

Furthermore, we distinguish between session cookies and persistent cookies. Session cookies are automatically deleted after closing the browser. Persistent cookies remain stored on the device for a longer period and allow recognition during subsequent visits.

The use of technically necessary cookies is based on our legitimate interest in the secure and functional operation of the website. Statistics and marketing cookies, on the other hand, are only used after your consent. Consent already given can be revoked at any time with effect for the future.

Additional information on the specific cookies used, their purpose, and storage duration can be found both in this Privacy Policy and in the cookie banner on our website.

You also have the option to restrict or completely deactivate the storage of cookies via your browser settings. Cookies already stored can be deleted at any time. Please note, however, that individual functions of our website may be limited as a result.

On our website, we also use so-called local storage functions, also known as "local storage". Data is stored locally in your browser's cache, which persists even after closing the browser – unless you clear the cache or it is session storage – and can be read out.

Third parties cannot access the data stored in local storage. If special plugins or tools use local storage functions, this is described in the respective plugin or tool.

If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We point out that this may lead to functional limitations.

External Hosting

Category: General processing activity
Purpose: Technical provision, operation, and delivery of the website
Data types: Technical data and usage data
Data subjects: Visitors of the online offer
Recipients: Hosting service providers and technical infrastructure partners
Technologies: Server and network infrastructure
Legal basis: Legitimate interest (provision and operation)

Our website is operated by an external hosting provider. When the website is accessed, various technical data required for the operation, security, and delivery of content are processed. This generally includes information automatically transmitted by the browser. The processed data may include:

IP address
Date and time of access
Pages or files accessed
Amount of data transferred
Messages about successful or unsuccessful retrievals
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing device

The hosting provider processes this data to ensure the technical operation of the website, detect attacks or misuse, resolve disruptions, and provide a stable connection. The processing is carried out exclusively on our behalf. The legal basis for the processing is our legitimate interest in the secure, reliable, and efficient operation of our website.

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Email: support-de@google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: Web analysis, success measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipients: EU, USA
Processed data: IP address, website visit details, user data
Data subjects: Website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: Consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/privacy/
https://business.safety.google/adsprocessorterms/
You can find out where Google data centers are located here: https://www.google.com/about/datacenters/locations/

On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and optimize our online presence. The reports provided by Google serve to analyze the performance of our website and measure the success of possible campaigns via our website.

Google Analytics uses cookies that enable an analysis of the use of our website. All details, especially name, purpose, and storage duration, of the cookies can be found in our specific list of used cookies.

Google Analytics can use Local Storage. This is an alternative to using cookies for storing the client ID. This allows tracking user behavior without setting cookies.

Information about the use of the website, such as browser type/version, operating system used, the previously visited page, hostname of the accessing computer or IP address, and time of the server request, is usually transmitted to a Google server and stored there. We have concluded a contract with Google for this.

On our behalf, Google will use this information to evaluate the use of our website, compile reports on activities within our website, and provide us with other services related to the use of our website and internet usage.

We only use Google Analytics with IP anonymization activated by default. This truncates the IP address of a user by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics will not be merged with other Google data.

During the website visit, user behavior is recorded in the form of so-called events. These can represent the following:

Page views and the click path of a user
First visit to our website
Visited websites
Start of a session
Interaction with our website
User behavior, such as clicks, scrolls, dwell time, bounce rates
File downloads
Ads viewed or clicked
Interaction with videos
Internal search queries

Furthermore, the following is recorded:

Approximate location (region)
Date and time of visit
IP address in truncated form
Technical information about the browser or the devices used, e.g., language setting or screen resolution
Internet provider
Referrer URL, i.e., via which website or advertising material a user came to our website

The processing of this data is essentially carried out by Google for its own purposes, such as profiling, without our influence.

The data about the use of our website will be deleted immediately after the retention period we have set. Google Analytics provides us with a default retention period of two months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We choose the shortest storage period that corresponds to our intended use. You can inquire about the currently set retention period at any time.

Data whose retention period has been reached is automatically deleted once a month.

Additional details can be found in the linked further information. It is recommended to regularly check these links for changes, as Google Analytics may update its functions and privacy policies. Further information on rights and contact details can be found in the general part of this Privacy Policy.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Processed data: IP address, language settings, screen resolution, browser version and name
Data subjects: Website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information:
https://developers.google.com/fonts/faq
https://policies.google.com/privacy
https://www.google.com/about/datacenters/inside/locations/

Our website uses so-called web fonts provided by Google for the uniform display of fonts.

To display web fonts from Google, the browser you are using must establish a connection to Google's servers. This informs Google that our website has been accessed via your IP address. The IP address of the browser of the website visitor's device is also stored by Google. If your browser does not support web fonts, a standard font from your device will be used.

With every Google Font request, in addition to the IP address, information such as language settings, screen resolution, browser version, and name are automatically transmitted to Google servers. Google can determine the popularity of fonts through the collected usage data. Google publishes the results on internal analysis pages, e.g., Google Analytics.

Google Fonts allows us to use fonts on our own website without having to upload them to our server. Google Fonts is an important component for maintaining the high quality of our website. All Google fonts are automatically optimized for the web; this saves data volume and is a great advantage, especially when using mobile devices. When you visit us, the low file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts and support all common browsers.

Google stores requests for CSS assets on its servers for one day. This allows us to use the fonts with the help of a Google stylesheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google support: https://support.google.com.

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Personalized advertising, conversion tracking, remarketing, campaign performance measurement
Category: Marketing
Recipients: EU, USA
Processed data: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/privacy/
https://business.safety.google/adsprocessorterms/
You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/inside/locations/

We use the Google Ads service on this website to promote our products and services. Google Ads is Google's in-house online advertising system.

It is important for us to know whether an interested visitor ultimately becomes our customer. To measure this, we use conversion tracking. We also want to be able to re-engage with visitors to our website in a targeted manner. We achieve this through remarketing or retargeting.

Google Ads is used for both conversion tracking and remarketing, which means we can see what happened after you clicked on one of our ads. For this service to work, cookies are used and visitors are sometimes added to remarketing lists to be targeted with specific advertising campaigns.

This is done using a pseudonymous identification number (pID) that the user's browser receives and is assigned to them. This pID allows the service to recognize which ads have already been displayed to a user and which have been called up. The data is used for cross-site advertising by allowing Google to identify the pages visited by the user.

Our goal in using Google Ads is to ensure that our website's offerings reach those visitors who are genuinely interested in what we offer. The data from conversion tracking allows us to measure the effectiveness of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.

The generated information is transmitted by Google to a server in the USA for evaluation and stored there. Data is only transferred by Google to third parties due to legal regulations or within the scope of order data processing. Under no circumstances will Google link a user's data with other data collected by Google.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Protection against abuse, spam prevention
Category: Technically necessary
Recipients: EU, USA
Processed data: IP address, website visit details
Data subjects: Users
Technology: JavaScript call, cookies, local storage
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/

Our website uses the Google reCAPTCHA service to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA starts, the browser establishes a connection to Google's servers. This informs Google that our website has been accessed via a user's IP address.

reCAPTCHA aims to check whether data entry on our website is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. reCAPTCHA evaluates various information for the analysis.

According to our information, the following data is processed by Google:

the address of the page from which the user comes
IP address
information about the operating system
cookies
mouse and keyboard behavior
date and language settings
all JavaScript objects
screen resolution

The data collected during the analysis is forwarded to Google and used by Google. reCAPTCHA analyses run entirely in the background.

Cookies are used to process the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into their Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses local storage on the user's end device to store data.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technically necessary
Recipients: EU, USA
Processed data: IP address
Data subjects: Users
Technology: JavaScript call
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/

The Google Tag Manager service is used on our website.

The Tag Manager is a service that allows us to manage website tags via a single interface. This allows us to embed code snippets such as tracking codes or conversion pixels on websites without having to interfere with the source code. The data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering.

When Google Tag Manager starts, the browser establishes a connection to Google's servers. These are mainly located in the USA. This informs Google that our website has been accessed via a user's IP address.

The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If deactivation has been made at domain or cookie level, this remains valid for all tracking tags implemented with the Tag Manager.

Contacting us

Our website offers various ways to contact us, for example via contact forms or provided email addresses. When you contact us, the personal data you provide will be processed exclusively for the purpose of handling and responding to your inquiry. Processing is carried out insofar as this is necessary for the implementation of pre-contractual measures or for the fulfillment of a contract, or on the basis of legitimate interests, for example for maintaining customer relationships or for documenting processes.

The provision of certain data may be necessary to process an inquiry completely. Without this information, processing of the inquiry may not be possible or may be limited.

Personal data from contact inquiries may also be stored in a customer or prospect database on the basis of legitimate interests in order to optimize communication and support. Use for marketing purposes only takes place if separate consent has been given or a legitimate interest exists and there are no overriding legitimate interests of the data subject that oppose it.

Personal data from contact inquiries will only be stored for as long as is necessary for the processing and handling of the inquiry or as long as legal retention periods exist. After final processing of the inquiry and expiry of any legal deadlines, the data will be deleted or anonymized. As a rule, deletion takes place no later than three years without further contact, unless longer legal or contractual retention obligations exist.

Further information on the handling of personal data can be found in the website's privacy policy.

Meta Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Email: privacy@facebook.com
Parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
Purpose: Web analysis, tracking (conversion)
Category: Marketing
Recipients: EU, USA
Processed data: Visitor data, e.g., IP address, location data; behavioral data, e.g., clicks, time spent, conversion data; device data, e.g., browser type, operating system; e-commerce data, e.g., order ID, product information
Data subjects: Website visitors
Technology: JavaScript, cookies (details in the cookie list), tracking pixels
Legal basis: Consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
Website: https://www.facebook.com/business/tools/meta-pixel
Further information:
https://www.facebook.com/privacy/policy/
https://www.facebook.com/legal/terms

To analyze and optimize our online offering and to measure the effectiveness of advertising measures, we use the Meta Pixel service from Meta Platforms on our website.

Meta Pixel allows visitors to our website to be assigned to specific target groups so that interest-based advertisements can be displayed on Meta's platforms. In addition, we can track whether users have been redirected to our website after clicking on an advertisement and have carried out certain actions ("conversion tracking").

For this purpose, information about user behavior is processed and partly stored in cookies. Meta may link this information to an existing Facebook or Instagram account. The evaluations provided to us are exclusively in anonymized form.

Users can manage or deactivate personalized advertising within their Facebook account via the corresponding settings: https://www.facebook.com/settings?tab=ads

The settings apply across devices.

Further information on data processing by Meta can be found in the provider's privacy policy mentioned above.

Server Log Files

Category: General processing activity
Purpose: Technical security, stability and error analysis
Types of data: Technical connection data and access data
Data subjects: Visitors to the online offering
Recipients: Hosting provider or technical service providers
Technologies: Server logs
Legal basis: Legitimate interest (technical operation; security)

When you visit our website, so-called server log files are automatically created. These log files contain the following data, which the browser automatically transmits:

IP address
Date and time of access
Accessed file or page
Amount of data transferred
Notification of successful retrieval
Browser type and browser version used
Operating system used
Referrer URL (previously visited page)
Hostname of the accessing device

This data is processed to ensure the functionality, security, and stability of our website, in particular to ward off or track attacks, e.g., DDoS attacks, for error analysis, and for the technical provision of the website. The legal basis for this is our legitimate interest in the secure and error-free provision of the website.

The log file data is automatically deleted after a technically customary period as soon as it is no longer required for the stated purposes. Longer storage may occur in individual cases if data is required for evidentiary purposes, e.g., to clarify security-relevant incidents. This data is not merged with other data sources.

SSL encryption

For your visit to our website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. You can recognize whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in the status bar of your browser. The use of this method is based on our legitimate interest in using appropriate encryption techniques.

Furthermore, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date.

General information on data protection

The following provisions apply in principle not only to data collection on our website, but also generally to other processing of personal data.

Personal data

Personal data refers to information that can be individually assigned to you. Examples include your address, your name, as well as your mailing address, email address, or telephone number. Information such as the number of users visiting a website is not personal data because it does not allow for identification of a single person.

Legal Bases for Processing Personal Data

Unless more specific information is provided in this privacy policy, e.g., for the technologies used, we may process your personal data on the basis of the following legal grounds:

Consent in accordance with Art. 6 para. 1 lit. a GDPR – the data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation in accordance with Art. 6 para. 1 lit. c GDPR – processing is necessary for compliance with a legal obligation.
Protection of vital interests in accordance with Art. 6 para. 1 lit. d GDPR – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that, in addition to the GDPR regulations, national data protection provisions in your or our home country may apply.

Transfer of Personal Data

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We only share your personal data with third parties if:

you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
the disclosure is necessary in accordance with Art. 6 para. 1 lit. f GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 lit. c GDPR, provided this is legally permissible, and/or
it is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you.

Cooperation with Processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 GDPR.

Transfer to Third Countries

If we process data in a third country or if this occurs in the context of using third-party services or the disclosure or transfer of data to other persons or companies, this will only take place on the basis of the legal grounds for data transfer presented above.

Subject to explicit consent or contractual necessity, we process or have data processed in accordance with Art. 44-49 GDPR only in third countries with a recognized adequate level of data protection or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations.

Data Transfer to the USA

We would like to explicitly point out that the EU Commission issued an adequacy decision on July 10, 2023, in accordance with Art. 45 para. 1 GDPR, regarding the EU-US Data Privacy Framework. Accordingly, organizations or companies as data importers in the USA that are registered in a public list under the self-certification of the Data Privacy Framework offer an adequate level of protection for data transfers. Whether the specific provider of a service is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search

The Data Privacy Framework represents a valid legal basis for the transfer of personal data to the USA. This creates binding guarantees to comply with all requirements of the ECJ. For example, it provides that access by US intelligence services to EU data is limited to what is necessary and proportionate, and a data protection review court is created, to which individuals in the EU also have access.

If we transfer data to the USA or if we use a service provider located in the USA, we explicitly refer to this in this privacy policy, especially in the description of the technologies on our website.

It should be noted that the Data Privacy Framework, despite significant improvements, only applies partially and only to data transfers to those data importers in the USA that appear on the public list of certified organizations or companies.

What can the transfer of personal data to the USA mean for you as a user and what risks are associated with it?

Risks for you as a user exist in any case as far as data importers in the USA are concerned that do not fall under the Data Privacy Framework. These risks particularly concern the powers of US intelligence services and the legal situation in the USA, which, in the opinion of the ECJ, currently no longer ensures an adequate level of data protection. Among other things, these include the following points:

Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide any restrictions on the surveillance measures of intelligence services and no guarantees for non-US citizens.
Presidential Policy Directive 28 (PPD-28) does not provide data subjects with effective remedies against measures taken by US authorities and does not provide any limits to ensure proportionate measures.
The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; it cannot issue binding orders to intelligence services.

Lawful transfer of data to the USA based on standard contractual clauses for data importers not covered by the Data Privacy Framework

In June 2021, the European Commission adopted new standard contractual clauses (SCC) with Decision 2021/914/EU. These create a new legal basis for data transfer to countries where the same level of data protection as in the EU does not apply.

Lawful transfer of data to the USA based on consent

If data is transferred to a service provider located in the USA that is not covered by the Data Privacy Framework, and this data transfer is based on explicit consent, we explicitly inform about this in this privacy policy, especially in the description of the technologies used on our website.

What measures do we take to make data transfer to the USA legally compliant?

Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and access by US authorities is not possible.

Storage Duration in General

Unless an explicit storage duration is specified during data collection, e.g., within the scope of a declaration of consent, we are obligated, in accordance with Art. 5 para. 1 lit. e GDPR, to delete personal data as soon as the purpose for their processing no longer exists. In this context, we would like to point out that legal retention obligations to which we are subject constitute a legitimate purpose for the continued processing of the personal data covered by them.

We generally store and retain data in a personalized form until the termination of a business relationship or until the expiry of applicable warranty, guarantee, or limitation periods, and beyond that until the end of any legal disputes in which the data is needed as evidence, or in any case until the end of the third year after the last contact with a business partner.

Storage Duration in Particular

Within the description of individual technologies on our website, you will find specific information on the storage duration of data. Our cookie table provides information on the storage duration of individual cookies. Additionally, you can always ask us directly about the specific storage duration of data. For this purpose, please contact us using the contact details provided in this privacy policy.

Rights of Data Subjects

Data subjects have the right:

(I) to request information about their personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

(II) to request the immediate rectification of inaccurate or completion of your personal data stored by us in accordance with Art. 16 GDPR;

(III) to request the erasure of your personal data stored by us under certain circumstances in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;

(IV) to request the temporary restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse their erasure, we no longer need the data, but you need them for the establishment, exercise or defense of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;

(V) to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format from us or to request their direct transmission to another controller in accordance with Art. 20 GDPR. However, this only applies to those of your personal data that we process by automated means on the basis of your consent or a contract;

(VI) to object to the processing of your personal data in accordance with Art. 21 GDPR, if your personal data is processed on the basis of our legitimate interest, provided that there are reasons arising from your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;

(VII) to withdraw your once given consent to us at any time in accordance with Art. 7 para. 3 GDPR. This means that we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option to withdraw your once given consent to the use of cookies on our website with effect for the future by accessing our cookie settings;

(VIII) to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company's registered office.

The competent supervisory authority for Bodyswiss AG is:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
Phone: +41 (0) 58 462 43 95

Assertion of Data Subject Rights

You decide on the use of your personal data. Should you wish to exercise any of your aforementioned rights against us, you are welcome to contact us via email at admin@bodyswiss.com, by post, or by phone.

Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. In case of justified doubts about your identity, we may request a copy of your ID.

For questions regarding data protection, you can reach us at admin@bodyswiss.com or using the other contact details provided in this privacy policy.

Rumlikon, May 05, 2026