Privacy policy

Last updated: May 2026

1. Data controller

The data controller within the meaning of the Swiss Federal Act on Data Protection (FADP / revFADP) is:

Natasha Boll
Sole proprietorship (business name: Boll Group)
Operator of the brand Teardrop Jewellery
Guggenbühlstrasse 24, 8953 Dietikon, Switzerland

Contact for data protection enquiries: via the contact form on teardropjewellery.com. Our complete contact details can be found in our Legal Notice.

2. Scope

This Privacy Policy applies to the website teardropjewellery.com and all related online services, including the online shop, the newsletter, and communication via the contact form.

It is based on the Swiss Federal Act on Data Protection (FADP) as in force since 1 September 2023.

3. What data we process

3.1 Data you actively provide

  • Order data: first and last name, delivery address, billing address
  • Contact data: email address, optionally phone number
  • Payment data: depending on the chosen payment method (details see Section 7)
  • Communication data: content of your requests via the contact form
  • Customer account data: if you create a customer account (optional)
  • Reviews: when you submit a product review

3.2 Data collected automatically

  • Technical data: IP address, browser type, device information, operating system
  • Usage data: pages visited, time spent, click behaviour
  • Cookies and tracking data: details see separate Cookie Policy

3.3 Data from your order history

  • Order history and purchasing behaviour
  • Shipping and delivery information
  • Return and complaint data

4. Purposes of data processing

We process your data exclusively for clearly defined purposes:

  • Contract performance: processing your order, payment, shipping, returns
  • Customer service: responding to enquiries, handling complaints
  • Legal obligations: bookkeeping, tax duties, retention periods
  • Marketing: sending newsletters (only with your explicit consent)
  • Website optimisation: analysing user behaviour, improving the website
  • Fraud prevention: protection against abusive orders

5. Legal bases and legitimate interests

The processing of your personal data takes place on the following legal grounds:

  • Contract performance (Art. 31 para. 2 lit. a FADP) — for order processing and shipping
  • Consent (Art. 6 FADP) — for newsletter, marketing cookies, and optional tracking tools
  • Legal obligation — for bookkeeping (Art. 958f Swiss Code of Obligations) and tax duties

Legitimate interests (Art. 31 para. 2 FADP)

We additionally process data to protect the following concrete legitimate interests:

  • Protection against cyber attacks (e.g. DDoS attacks, brute-force attempts, hacking attempts)
  • Fraud prevention (e.g. fraudulent orders, credit card fraud, identity misuse)
  • Ensuring website functionality (load detection, error analysis, maintenance)
  • Direct marketing to existing customers within an existing business relationship
  • Assertion, exercise, and defence of legal claims (e.g. in the case of complaints or disputes)

6. Profiling and automated data evaluation

As part of our email marketing (Klaviyo), profiling within the meaning of Art. 5 lit. f FADP takes place:

  • What happens: Klaviyo analyses your purchasing behaviour, your clicks in our emails, the product pages you visit, and possibly your browsing behaviour on our website.
  • Purpose: We group customers into segments (e.g. "new customers", "frequent buyers", "inactive customers") in order to send you more relevant emails and offers.
  • Consequences: No fully automated individual case decision with legal effect takes place (e.g. no automated rejection of orders). You simply receive more personalised content.
  • Objection: You can object to profiling at any time by unsubscribing from the newsletter or contacting us via the contact form.

When using our advertising and analytics tools (Meta Pixel, TikTok Pixel, Google Analytics), profiling also takes place — but exclusively based on your active consent in the cookie banner.

7. Third-party providers and processors

We use carefully selected service providers who process data on our behalf. With all relevant providers, data processing agreements are in place that ensure appropriate data protection.

7.1 Shop platform

Shopify International Limited (based in Ireland, parent company: Shopify Inc., Canada)

Our entire online shop runs on Shopify. Shopify processes all order data, customer account data, and technical data.

  • Server locations: primarily in Ireland (EU) and the USA
  • Privacy policy: shopify.com/legal/privacy
  • Data transfer to the USA: based on EU Standard Contractual Clauses

7.2 Domain registration

Namecheap Inc. (USA)

The domain teardropjewellery.com is registered with Namecheap. Only our own registration data is processed — no customer data.

7.3 Payment providers

When paying, your payment data is transmitted directly to the respective payment service provider. We do not store full credit card or bank details.

  • Shopify Payments / Stripe Payments Europe Ltd. (Ireland/USA) — for Visa, Mastercard, American Express, Apple Pay, Google Pay
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg)
  • TWINT AG (Switzerland)

Privacy policies: stripe.com/de-ch/privacy · paypal.com · twint.ch

7.4 Shipping

Swiss Post Ltd. (Switzerland)

For shipping your order, your name and delivery address are transmitted to Swiss Post.

Through the Official Swiss Post App integrated in our Shopify, shipping labels are created.

7.5 Shipping insurance and tracking

  • Insureful — shipping insurance (if activated); servers in EU/USA
  • ParcelWILL (Parcel Panel) — tracking; processes delivery address and tracking number

7.6 Email marketing and reviews

Klaviyo, Inc. (USA)

For newsletters, automated emails (e.g. order confirmations, shipping confirmations, cart reminders), pop-ups (e.g. discount sign-up), and product reviews (Klaviyo Reviews). Processed data includes email address, name, order data, and behavioural data.

  • Privacy policy: klaviyo.com/legal/privacy
  • Data transfer: USA (Standard Contractual Clauses)
  • Newsletter sign-up takes place only with your explicit consent through the double opt-in procedure, which you can withdraw at any time.

7.7 Pop-ups and sign-up forms

  • Klaviyo Pop-ups (through Klaviyo, see above)
  • Spark Pops (by Spark) — occasionally activated pop-ups for promotions and sign-up forms; essentially processes email addresses with your consent

7.8 Contact form

Hulk Form Builder (by HulkApps, via Shopify app)

Processes the data you enter in the contact form (name, email, enquiry).

7.9 Business communication

Google Workspace (Google Ireland Ltd.)

We use Google Workspace (Gmail, Drive, etc.) for internal communication and administration. When you contact us by email or contact form, your data is processed there.

7.10 Analytics, tracking, and advertising

These tools are activated exclusively after your active consent via our cookie banner.

  • Google Analytics (Google Ireland Ltd.) — website analysis, user behaviour
  • Google & YouTube Channel (via Shopify app) — integration with Google Shopping
  • Meta Pixel (Meta Platforms Ireland Ltd.) — for advertising on Facebook and Instagram
  • TikTok Pixel (TikTok Information Technologies UK Ltd.) — for advertising on TikTok

Details on all activated cookies can be found in the Cookie Policy.

7.11 Social media integration

  • Instafeed — embeds content from our Instagram profile on the website
  • Links to our profiles on Instagram, TikTok, Pinterest in the footer and on the site

When such content is accessed, data may be transmitted to the respective platforms (Meta Platforms Ireland Ltd., TikTok, Pinterest Inc.).

7.12 Website extensions and internal tools

  • PageFly Page Builder and Buy Box (Shopify apps) — used to design and optimise individual pages; may process technical data
  • Order Printer and Matrixify (Shopify apps) — internal tools for printing receipts and managing data; no external access, internal processing only

8. Cookies and tracking technologies

Our website uses cookies and similar technologies. On your first visit, you will see a cookie banner (Shopify Customer Privacy / Consent Banner), through which you can manage your consent.

Detailed information can be found in our separate Cookie Policy on teardropjewellery.com.

You can withdraw or adjust your consent at any time by reopening the cookie settings on the website.

Browser settings and anti-tracking

You can also influence tracking through your browser:

  • block cookies generally or delete them selectively
  • activate the "Do Not Track" signal
  • install anti-tracking extensions (adblockers, privacy tools)
  • browse in private / incognito mode

Please note that some functions of our website (e.g. shopping cart, login) will not work without technically necessary cookies.

9. Newsletter and email marketing

When you sign up for our newsletter (e.g. via a pop-up or the sign-up form in the footer), we process your email address and any other voluntarily provided data for the purpose of sending newsletters, promotions, and personalised offers.

  • Sign-up takes place via the double opt-in procedure — you will receive a confirmation email that you must actively confirm.
  • You can unsubscribe from the newsletter at any time, either via the unsubscribe link in every email or by contacting us through the contact form.
  • After unsubscribing, your data will be removed from the newsletter distribution list.

Email service provider: Klaviyo, Inc. (USA)

10. International data transfer

Some of our service providers are based outside Switzerland. We transfer your data to the following countries:

  • EU/EEA (Ireland, Luxembourg): Shopify, Stripe, PayPal, Google, Meta, TikTok — adequate level of data protection under Swiss law
  • USA: Klaviyo, Namecheap, partly Shopify, Google, Meta — transfer based on EU Standard Contractual Clauses and additional safeguards
  • Canada: Shopify parent company — Canada is recognised by the Swiss Federal Data Protection Commissioner as a country with adequate data protection
  • United Kingdom (UK): TikTok parent company — the UK is recognised by the Swiss Federal Data Protection Commissioner as a country with adequate data protection

We take all reasonable measures to ensure appropriate protection even when data is transferred abroad.

11. Retention period

We store your data only as long as necessary for the respective purposes:

  • Order and invoice data: 10 years (statutory retention obligation under Art. 958f Swiss Code of Obligations)
  • Customer account: as long as the account exists; deletion possible at any time upon request
  • Contact enquiries: generally up to 2 years after completion of the enquiry
  • Newsletter data: until unsubscribe or withdrawal of consent
  • Technical data and cookies: depending on the cookie type; details see Cookie Policy
  • Marketing and tracking data: until withdrawal of consent

After the retention period has expired, your data will be deleted or anonymised.

12. Your rights as a data subject

Under the Swiss Federal Act on Data Protection, you have the following rights at any time:

  • Right to information — you can request information about which data we have stored about you (Art. 25 FADP)
  • Right to rectification — correction of incorrect or incomplete data
  • Right to erasure — deletion of your data, provided no statutory retention obligations apply
  • Right to restriction of processing
  • Right to data portability — receipt of your data in a common, machine-readable format (Art. 28 FADP)
  • Right to withdraw consent — e.g. for newsletter or marketing cookies
  • Right to object to profiling — see Section 6
  • Right to lodge a complaint — with the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, edoeb.admin.ch

To exercise your rights, please contact us via the contact form on teardropjewellery.com.

We process requests within the statutory period — generally 30 days.

13. Data security

We take appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse:

  • Transmission of the website exclusively via encrypted SSL/TLS connection (HTTPS)
  • Access restrictions on internal data
  • Selection of service providers with recognised data protection standards (ISO-certified providers, data processing agreements)
  • Regular updating of security mechanisms

Despite all care, complete security of data transmission over the internet cannot be guaranteed.

14. Data breaches — notification obligation

In the event of a data breach that poses a high risk to your personality or fundamental rights, we will, in accordance with Art. 24 FADP:

  • Notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) within 72 hours
  • In the case of high risk, also notify the affected persons directly

15. Children and minors

Our offer is not actively directed at persons under the age of 16. Persons under 16 should not transmit personal data to us without parental consent.

If we become aware that a person under 16 has transmitted data to us without parental consent, we will delete this data without delay.

16. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy in order to adapt it to changes in legislation, service providers, or website functions.

The current version is always available at teardropjewellery.com/privacy-policy with the date of the latest update at the top.

17. Contact for data protection questions

For questions about data protection or to exercise your rights, you can reach us via:

Contact form: on teardropjewellery.com

We respond within 2 business days on average.