Privacy Policy

Last updated: December 5, 2025

Thank you for your interest in the information on our website!

With the help of this privacy policy, we would like to inform all persons who use this website about the nature, scope, and purposes of the processing of personal data. Personal data in this context is any information that could be used to personally identify you as a user of our website (theoretically, possibly indirectly or by linking various data), including your IP address. Information stored in cookies is generally not considered personal data, or only in exceptional cases; however, this is covered by a special regulation which makes the permissibility of using cookies—depending on their purpose—largely dependent on the active consent of the users.

In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including data collection on our website. In particular, you, as a data subject, will be informed about your rights.
We strive to provide this information in gender-neutral language. If any wording does not yet reflect this, we would like to point out that this information applies to all people of every gender.

The terms used in our privacy policy and our data protection practices are governed by the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.

Responsible party within the meaning of the GDPR

Bodyswiss AG
Bodenstrasse 5
8332 Rumlikon
Switzerland

E: admin@bodyswiss.com
T: +41 44 740 11 88




Data collection on our website

Your personal data is collected on the one hand when you explicitly provide it to us, and on the other hand, data, particularly technical data, is automatically collected when you visit our website. Some of this data is collected to ensure the proper functioning of our website. Other data may be used for analytical purposes. However, you can generally use our website without having to provide any personal information.

Technologies on our website


Cookies and Local Storage

We use cookies on our website to make our online presence more user-friendly and functional. Some cookies remain stored on your device.

Cookies are small data packets that are exchanged between your browser and our web server when you visit our website. They do not cause any harm and are used solely to recognize website visitors. Cookies can only store information provided by your browser, i.e., information that you have entered into the browser yourself or that is present on the website. Cookies cannot execute code and cannot be used to access your device.

The next time you visit our website using the same device, the information stored in cookies can subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). The stored and returned information allows the respective web application to recognize that you have already accessed and visited the website using your device's browser.

Cookies contain the following information:

  • Cookie Name
  • Name of the server from which the cookie originally originated
  • Cookie ID number
  • A date on which the cookie is automatically deleted.

Depending on their purpose and function, we divide cookies into the following categories:

  • Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to retain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g., login, shopping cart).
  • We use statistics cookies to understand how visitors interact with our website by collecting and analyzing information anonymously. This gives us valuable insights to optimize both the website and our products and services.
  • Marketing cookies are used to set targeted advertising activities for users on our website.
  • Unclassified cookies are cookies that we are currently trying to classify together with providers of individual cookies.

Depending on their storage duration, we also divide cookies into session and persistent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close your browser. No information remains on your device. Persistent cookies store information between visits to the website. This information allows the website to recognize you as a returning visitor on your next visit and respond accordingly. The lifespan of a persistent cookie is determined by the cookie provider.

The legal basis for the use of technically necessary cookies is our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent. You can withdraw your consent to the use of cookies at any time for the future. Consent is voluntary. Failure to give consent will not result in any disadvantages. Further information about the cookies we actually use (in particular their purpose and storage duration) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.

You can also configure your internet browser to generally prevent cookies from being stored on your device, or to ask you each time whether you agree to the setting of cookies. You can delete cookies that have already been set at any time. For detailed instructions on how to do this, please refer to your browser's help function.

Please note that disabling cookies entirely may result in limited functionality on our website.

Our website also uses so-called local storage functions (also known as "local storage"). This involves storing data locally in your browser's cache, which remains even after you close the browser – unless you clear the cache or it is session storage – and can still be accessed.

Third parties cannot access data stored in Local Storage. If specific plugins or tools use Local Storage functions, this will be described in the respective plugin or tool description.

If you do not want plugins or tools to use local storage functions, you can control this in your browser settings. Please note that this may result in limited functionality.

External hosting

Category: General processing activity
Purpose: technical provision, operation and delivery of the website
Data types: technical data and usage data
Affected: Visitors to the online service
Recipients: Hosting service providers and technical infrastructure partners
Technologies: Server and network infrastructure
Legal basis: legitimate interest (provision & operation)

Our website is hosted by an external hosting provider. When you access the website, various technical data is processed that is necessary for its operation, security, and content delivery. This typically includes information that your browser automatically transmits. The data processed may include:

  • IP address
  • Date and time of access
  • accessed pages or files
  • amount of data transferred
  • Messages about successful or failed retrievals
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device

The hosting provider processes this data to ensure the technical operation of the website, to detect attacks or misuse, to troubleshoot problems, and to provide a stable connection. This processing is carried out exclusively on our behalf. The legal basis for this processing is our legitimate interest in the secure, reliable, and efficient operation of our website.

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Email: support-de@google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: Web analytics, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipients: EU, USA
Data processed: IP address, website visit details, user data
Affected parties: Website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: Consent (purpose)
Certifications: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/privacy/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, we use the functions of the web analytics service Google Analytics to analyze user behavior and optimize our online presence. The reports provided by Google serve to analyze the performance of our website and to measure the success of any campaigns run through our website.

Google Analytics uses cookies that enable us to analyze the use of our website. Full details (name, purpose, storage duration) regarding these cookies can be found in our detailed list of cookies used.

Google Analytics can use local storage. This is an alternative to using cookies to store the client ID. This makes it possible to track user behavior without setting cookies.

Information about website usage, such as browser type/version, operating system used, the previously visited page, hostname of the accessing computer (IP address), and time of the server request, is generally transmitted to and stored on a Google server. We have a contract with Google for this purpose.

On our behalf, Google will use this information to evaluate the use of our website, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage.

We use Google Analytics only with IP anonymization enabled by default. This means that Google shortens a user's IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics is not linked to other Google data.

During website visits, user behavior is recorded in the form of so-called events. These can include the following:

  • Page views, the click path of a user
  • First visit to our website
  • visited websites
  • Starting a session
  • Interaction with our website
  • User behavior (e.g., clicks, scrolls, dwell time, bounce rates)
  • File downloads
  • Viewed/clicked ads
  • Interaction with videos
  • internal search queries

Furthermore, the following is recorded:

  • Approximate location (region)
  • Date and time of visit
  • IP address (in abbreviated form)
  • Technical information about the browser or the devices used (e.g. language setting, screen resolution)
  • Internet provider
  • Referrer URL (via which website/advertising material a user came to our website)

This data is processed primarily by Google for its own purposes, such as profiling (without our ability to influence this).

Data relating to the use of our website is deleted immediately after the end of the retention period we have set. Google Analytics sets a default retention period of 2 months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), and 50 months (Google Analytics 360 only). We select the shortest retention period that best suits our purpose. You can inquire about our current retention period at any time.

Data whose retention period has expired is automatically deleted once a month.

Further details can be found in the linked additional information. It is recommended that you check these links regularly for changes, as Google Analytics may update its features and privacy policy. Further information about your rights and contact details can be found in the general section of this privacy policy.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, browser version and name
Affected parties: Website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/

Our website uses so-called web fonts, provided by Google, for the uniform display of fonts.

To display Google Web Fonts, your browser must connect to Google's servers. This allows Google to know that our website was accessed via your IP address. Google also stores the IP address of the browser on the visitor's device. If your browser does not support Web Fonts, a standard font from your device will be used.

Every Google Font request automatically transmits information such as language settings, screen resolution, browser version, and browser name, along with the IP address, to Google servers. Google uses this collected usage data to determine the popularity of fonts. Google publishes these results on internal analytics pages (e.g., Google Analytics).

With Google Fonts, we can use fonts on our own website without having to upload them to our server. Google Fonts is an important component for maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data and is a significant advantage, especially when using mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts and support all common browsers.

Google stores requests for CSS assets on its servers for one day. This allows us to use the fonts with a Google stylesheet. The font files themselves are stored at Google for one year. To delete data prematurely, you must contact Google support ( https://support.google.com ).

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Personalized advertising, conversion tracking, remarketing, campaign success measurement
Category: Marketing
Recipients: EU, USA
Data processed: IP address, website visit details, user data
Affected: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/privacy/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

This website uses Google Ads to promote our products and services. Google Ads is Google's own online advertising system.

It's important for us to know whether an interested visitor ultimately becomes our customer. To measure this, we use conversion tracking. Furthermore, we want to be able to re-engage visitors to our website in a targeted way. We achieve this through remarketing (retargeting).

Google Ads is used for both conversion tracking and remarketing, meaning we can see what happened after you clicked on one of our ads. For this service to work, cookies are used and visitors are sometimes added to remarketing lists so they are only shown specific advertising campaigns.

This is done using a pseudonymous identification number (pID) that is assigned to a user's browser. This pID allows the service to recognize which ads have already been displayed to a user and which have been clicked. The data is used for cross-website ad targeting by enabling Google to identify the pages visited.

Our goal is to use Google Ads to target our website's offerings to visitors who are genuinely interested in what we offer. Conversion tracking data allows us to measure the effectiveness of individual advertising campaigns and optimize our website for our visitors. Conversions can be measured using cookies.

The information generated is transferred by Google to a server in the USA for evaluation and stored there. Google only transfers data to third parties if required by law or as part of commissioned data processing. Under no circumstances will Google link a user's data with other data collected by Google.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA)
Purpose: Protection against abuse, prevention of spam
Category: Technically Required
Recipients: EU, USA
Data processed: IP address, website visit details
Affected: Users:
Technology: JavaScript call, cookies, local storage
Legal basis: Legitimate interest, Data Privacy Framework https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/

Our website uses the Google reCAPTCHA service to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google's servers. This allows Google to know that our website was accessed via a user's IP address.

reCAPTCHA is used to verify whether data entry on our website is done by a human or an automated program. To do this, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user accesses our website. For this analysis, reCAPTCHA evaluates various pieces of information.

According to our information, Google processes the following data:

  • the address of the page from which the user came
  • IP address
  • Information about the operating system
  • Cookies
  • Mouse and keyboard behavior
  • Date and language settings
  • All JavaScript objects
  • Screen resolution

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.

Cookies are used to process this service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not combined with other data from other Google services, unless a user is logged into their Google account while using the reCAPTCHA plugin. Furthermore, reCAPTCHA also uses local storage on the user's device for data storage.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technically Required
Recipients: EU, USA
Data processed: IP address
Affected: Users:
Technology: JavaScript call
Legal basis: Legitimate interest, Data Privacy Framework https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/

Our website uses the Google Tag Manager service.

The Tag Manager is a service that allows us to manage website tags through a single interface. This enables us to integrate code snippets, such as tracking codes or conversion pixels, into websites without modifying the source code. The Tag Manager only forwards the data; it neither collects nor stores it. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves solely to manage other services within our online offering.

When Google Tag Manager starts, the browser establishes a connection to Google's servers. These are primarily located in the USA. This allows Google to know that our website was accessed via a user's IP address.

The Tag Manager resolves other tags, which may in turn collect data. However, the Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with the Tag Manager.

Contact

Our website offers various ways to contact us, such as via contact forms or provided email addresses. When you contact us, the personal data you provide will be processed solely for handling and responding to your inquiry. This processing occurs where necessary for carrying out pre-contractual measures or fulfilling a contract, or based on legitimate interests, such as maintaining customer relationships or documenting processes.

Providing certain information may be necessary to fully process a request. Without this information, processing the request may be impossible or severely limited.

Personal data from contact requests may also be stored in a customer or prospect database based on legitimate interests in order to optimize communication and customer support. Use for marketing purposes will only occur if separate consent has been obtained or a legitimate interest exists, and no overriding legitimate interests of the data subject preclude such use.

Personal data from contact requests is stored only as long as necessary for processing and handling the request or as required by law. After the request has been fully processed and any applicable legal retention periods have expired, the data is deleted or anonymized. Generally, deletion occurs no later than three years after the request has been processed without further contact, unless longer legal or contractual retention obligations apply.

Further information on how personal data is handled can be found in the website's privacy policy.

Meta Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, email: privacy@facebook.com
Parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
Purpose: Web analytics, tracking (conversion)
Category: Marketing
Recipients: EU, USA
Data processed: Visitor data (e.g., IP address, location data), behavioral data (e.g., clicks, time spent, conversion data), device data (e.g., browser type, operating system), e-commerce data (e.g., order ID, product information)
Affected parties: Website visitors
Technology: JavaScript, cookies (details in the cookie list), tracking pixels
Legal basis: Consent (purpose)
Certifications: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework
Website: https: www.facebook.com/business/tools/meta-pixel
Further information:
https://www.facebook.com/privacy/policy/
https://www.facebook.com/legal/terms

Our website uses the Meta-Pixel service of the social network Facebook for the analysis, optimization and economic operation of our online services.

Meta pixels allow Meta to identify our website visitors as a target audience for displaying personalized ads. Accordingly, we use meta pixels to show our ads only to users who have demonstrated an interest in our online offerings or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on websites visited) that we transmit to Meta (so-called "Custom Audiences"). Meta pixels also help us ensure that our meta ads align with users' potential interests and are not perceived as intrusive. Furthermore, meta pixels allow us to track the effectiveness of meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called "conversion").

User actions are stored in one or more cookies. These cookies allow meta-data (such as IP address, user ID) to be matched with data from a Facebook account. The collected data is anonymous and inaccessible to us and is only used for advertising purposes. Users can prevent this linking to their Facebook account by logging out before taking any action.

To adjust which types of ads are displayed within Facebook, users can visit the page set up by Meta and follow the instructions for adjusting interest-based advertising settings: https://www.facebook.com/settings?tab=ads

The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.

Further details can be found in the linked additional information. It is recommended that you check these links regularly for changes, as Meta may update its features and privacy policy. Further information regarding your rights and contact details can be found in the general section of this privacy policy.

Server log files

Category: General processing activity
Purpose: technical safety, stability, and fault analysis
Data types: technical connection data and access data
Affected: Visitors to the online service
Recipient: Hosting provider or technical service provider
Technologies: Server protocols
Legal basis: legitimate interest (technical operation & safety)

When you access our website, server log files are automatically created. These log files contain the following data, which the browser automatically transmits:

  • IP address
  • Date and time of access
  • accessed file or page
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser type and version used
  • Operating system used
  • Referrer URL (previously visited page)
  • Hostname of the accessing device

This data is processed to ensure the functionality, security, and stability of our website, in particular to defend against or track attacks (e.g., DDoS attacks), for error analysis, and for the technical provision of the website. The legal basis for this is our legitimate interest in the secure and error-free provision of the website.

The log file data is automatically deleted after a standard technical period, as soon as it is no longer required for the aforementioned purposes. Longer storage may occur in individual cases if data is needed for evidentiary purposes (e.g., to investigate security-related incidents). This data is not combined with other data sources.

SSL encryption

We use the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser for your visit to our website. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed padlock symbol in your browser's status bar. The use of this protocol is based on our legitimate interest in employing appropriate encryption technologies.

We also employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved and kept up-to-date with technological developments.

Webcare

Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent Management
Category: technically required
Recipients: EU, AT
Data processed: IP address, consent data
Affected: Users:
Technology: JavaScript call, cookies, Swarm crawler
Legal basis: Legitimate interest, consent (swarm crawler for evaluating search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/company/info

We use the Webcare tool for consent management on our website. Webcare records and stores the decisions of each user of our website. Our consent banner ensures that statistical and marketing technologies such as cookies or external tools are only set or activated after the user has given their explicit consent.

We store information about whether the user has confirmed the use of cookies. The user can revoke this consent at any time by accessing the cookie settings and managing their consent declaration. Existing cookies are deleted after consent is revoked. A cookie is also set to store information about the user's consent status; this is explained in the cookie details. Furthermore, the IP address of the respective user is transmitted to DataReporter's servers when this service is accessed. The IP address is neither stored nor linked to any other user data; it is used solely for the correct functioning of the service.

With the help of Webcare, our website is regularly scanned for technologies relevant to data protection law. This scan is only conducted for users who have explicitly given their consent (for statistical or marketing purposes). User search results are evaluated by Webcare in anonymized form and solely with regard to technologies, and are used to fulfill our information obligations. To start the Swarmcrawler technology, a request is sent to our servers, and the user's IP address is transmitted for data transfer purposes. Servers located geographically close to the user's location are selected. It can be assumed that for users within the EU, a server located within the EU will be chosen. The user's IP address is not stored and is deleted immediately after the communication ends.

General information on data protection

The following provisions apply in principle not only to data collection on our website, but also generally to the processing of personal data in general.

Personal data

Personal data is information that can be individually associated with you. Examples include your address, name, postal address, email address, and telephone number. Information such as the number of users visiting a website is not personal data because it does not allow for identification of a single person.

Legal basis for the processing of personal data

Unless more specific information is provided in this privacy policy (e.g. regarding the technologies used), we may process your personal data on the basis of the following legal grounds:

  • Consent pursuant to Art. 6 para. 1 lit. a GDPR – the data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contractual performance and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR – The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR – The processing is necessary for compliance with a legal obligation.
  • Protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR – The processing is necessary to protect the vital interests of the data subject or another natural person.
  • Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our home country.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We will only share your personal data with third parties if:

  • You according to Article 6 paragraph 1 letter a GDPR express consent have granted permission
  • the transfer according to Article 6 paragraph 1 letter f GDPR to safeguard the legitimate interests as well as being necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • for forwarding to Article 6 paragraph 1 letter c GDPR one legal obligation exists, insofar as this is legally permissible and/or
  • according to Article 6 paragraph 1 letter b GDPR for the Handling of contractual relationships is required with you.

Collaboration with data processors

We carefully select our service providers who process personal data on our behalf. If we engage third parties to process personal data on the basis of a data processing agreement, this is done in accordance with [relevant legal provisions/regulations]. Article 28 GDPR .

Transfer to third countries

If we process data in a third country, or if this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done on the basis of the legal grounds outlined above for the transfer of data.

Subject to explicit consent or contractual necessity, we process or have data processed in accordance with Articles 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection rules.

Data transfer to the USA

We would like to expressly point out that, as of July 10, 2023, the EU Commission issued an adequacy decision regarding the EU-US Data Privacy Framework pursuant to Article 45(1) of the GDPR. Accordingly, organizations or companies (as data importers) in the USA that are registered in a public list as part of the Data Privacy Framework's self-certification process offer an adequate level of protection for data transfers. Whether a specific service provider is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search

The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. It establishes binding guarantees to comply with all requirements of the European Court of Justice; for example, it stipulates that access by US intelligence services to EU data is limited to what is necessary and proportionate, and that a court is established to review data protection practices, to which individuals in the EU also have access.

If we transfer any data to the USA or use a service provider based in the USA, we will explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).

It should be noted that, apart from significant improvements, the Data Privacy Framework only applies partially and only to data transfers to those data importers in the USA that appear in the public list of certified organizations/companies.

What could the transfer of personal data to the USA mean for you as a user, and what risks are involved?

Risks for you as a user, insofar as data importers in the USA are affected, who are not covered by the Data Privacy Framework, include the powers of the US intelligence agencies and the legal situation in the USA, which, according to the CJEU, no longer guarantees an adequate level of data protection. These include, among other things, the following points:

  • Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on surveillance measures by intelligence agencies and does not offer any guarantees for non-US citizens.
  • Presidential Policy Directive 28 (PPD-28) does not provide effective legal remedies for affected individuals against actions by US authorities and does not include any safeguards to ensure proportionate measures.
  • The ombudsman's office provided for in the Privacy Shield does not have sufficient independence from the executive branch; it cannot issue binding orders to the intelligence services.

Legally compliant transfer of data to the USA based on standard contractual clauses for data importers that are not covered by the Data Privacy Framework?

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCCs) with Decision 2021/914/EU. These create a new legal basis for data transfers in countries where the same level of data protection as in the EU does not apply.

Is data transfer to the USA legally compliant based on consent?

If data is transferred to a service provider based in the USA that is not covered by the Data Privacy Framework and this data transfer is based on explicit consent, we will inform you explicitly about this in this privacy policy, in particular in the description of the technologies used on our website.

What measures do we take to ensure that data transfers to the USA comply with the law?

Where US providers offer this option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.

Storage duration in general

Unless an explicit storage period is specified when collecting data (e.g., as part of a declaration of consent), we are required to... Article 5 paragraph 1 letter e GDPR We are obligated to delete personal data as soon as the purpose for its processing no longer exists. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected as a result.

We generally store and retain personal data until the termination of a business relationship or until the expiry of applicable warranty, guarantee or limitation periods, and beyond that until the conclusion of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.

Storage duration in particular

Specific information regarding data retention periods can be found in the descriptions of individual technologies on our website. Our cookie table provides information about the storage duration of individual cookies. Additionally, you can always contact us directly to inquire about the specific data retention period. Please use the contact details provided in this privacy policy for this purpose.

Rights of those affected

Affected persons have the right to:

  • (i) pursuant to Article 15 GDPR, Information to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
  • (ii) pursuant to Article 16 GDPR, immediately Correction to request correction or completion of your personal data stored with us;
  • (iii) pursuant to Article 17 GDPR, under certain circumstances the deletion to request the deletion of your personal data stored with us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • (iv) pursuant to Article 18 GDPR, the (temporary) Restriction of processing to request your personal data if you contest the accuracy of the data, the processing is unlawful but you object to its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;
  • (v) pursuant to Article 20 GDPR, You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its direct transmission to another controller; however, this only covers those personal data of yours that we process using automated procedures based on your consent or on the basis of a contract;
  • (vi) pursuant to Article 21 GDPR, if your personal data is processed on the basis of our legitimate interest, Contradiction to object to the processing of your personal data, provided there are grounds for doing so arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation;
  • (vii) pursuant to Article 7(3) GDPR Your consent, once given, can be given to us at any time You can revoke your consent. This means that we will no longer be permitted to continue processing data based on this consent. Among other things, you have the option to revoke your previously granted consent to the use of cookies on our website with effect for the future by clicking on our [link to cookie policy]. Cookie settings call;
  • (viii) pursuant to Article 77 GDPR You have the right to lodge a complaint with a supervisory authority regarding our unlawful processing of your data. You can lodge a complaint . As a rule, you can contact the supervisory authority of your habitual residence or place of work, or our company headquarters.

The competent supervisory authority for Bodyswiss AG is:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Tel.: +41 (0) 58 462 43 95,

Assertion of data subject rights

You decide how your personal data is used. Therefore, if you wish to exercise any of your rights mentioned above, please feel free to contact us by email at admin@bodyswiss.com or contact us by mail or telephone.

Please help us clarify your request by answering questions from our staff regarding the specific processing of your personal data. If there are legitimate doubts about your identity, we may request a copy of your identification.

For questions regarding data protection, you can reach us at admin@bodyswiss.com or using the other contact details listed in this privacy policy.

Rumlikon , December 5, 2025