Skip to Content
📜 PRIVACY POLICY1. DATA CONTROLLER2. PERSONAL DATA WE COLLECT3. PURPOSES OF PROCESSING4. LEGAL BASES FOR PROCESSING (GDPR / UK GDPR)5. COOKIES & TRACKING TECHNOLOGIES6. DATA SHARING7. INTERNATIONAL DATA TRANSFERS8. DATA RETENTION9. SECURITY MEASURES10. YOUR RIGHTS11. CHILDREN’S PRIVACY12. AI-SPECIFIC PRIVACY RULES13. THIRD-PARTY LINKS14. POLICY UPDATES15. CONTACT INFORMATION

📜 PRIVACY POLICY

Hagrec SA (“the Company”, “Hagrec”, “we”, “our”, “us”)

Last Updated: 01.01.2026

English is the sole legally binding version. Translations are provided for convenience only.

This Privacy Policy explains how Hagrec SA collects, uses, stores, shares, and protects personal data when you:

  • visit our websites or online shops,
  • create or use an account,
  • place an order or use subscriptions,
  • interact with our products and AI tools,
  • contact customer support, or
  • engage with any other Hagrec services (together, the “Services”).

This Policy is designed to comply with:

  • the Swiss Federal Act on Data Protection (nFADP),
  • the EU General Data Protection Regulation (GDPR),
  • the UK GDPR (where applicable), and
  • applicable e-commerce, marketing, and consumer protection laws.

By using our website, purchasing products, or interacting with our Services, you acknowledge that you have read and understood this Policy.

1. DATA CONTROLLER

The entity responsible for processing your personal data is:

Hagrec SA

Vergnolet 8E

1070 Puidoux

Switzerland

📧 info@hagrec.ch

For EU/EEA or UK customers, Hagrec may appoint a local representative where legally required. Details of such representatives (if appointed) will be made available on request.

2. PERSONAL DATA WE COLLECT

We collect the following categories of personal data:

2.1 Data you provide voluntarily

For example, when you create an account, place an order, contact us, or subscribe to a newsletter:

  • Name and surname
  • Email address and phone number
  • Billing and shipping address
  • Account login credentials (stored in hashed / protected form)
  • Order details, invoices, and checkout information
  • Messages, support requests, and other communications
  • Product preferences, survey responses, and reviews
  • Data and documents you upload or store in your customer account

2.2 Data collected automatically

When you visit our website or use our Services, we may automatically collect:

  • IP address and approximate location (city/region where available)
  • Browser type, version, and language
  • Device information (device type, operating system, screen size)
  • Cookies and similar identifiers
  • Website usage data (pages visited, time on page, clicks, navigation paths)
  • Session logs, timestamps, referral URLs and technical log data

2.3 Transaction & billing data

When you make a purchase or use paid Services, we process:

  • Payment method information (in tokenized form via payment providers)
  • Order history and invoice data
  • Subscription plans, renewal dates, and payment status
  • VAT / tax details (for B2B/B2C where applicable)

We do not store full credit card numbers. Payments are processed through certified third-party providers (e.g. PCI-DSS compliant gateways).

2.4 AI interaction data

If you use our AI-based features (assistant, recommender, chat, etc.) we may process:

  • The prompts, questions, or inputs you send to AI tools
  • The AI-generated outputs shown to you
  • Technical metadata (timestamps, device/browser information, error logs, language, approximate location)

This data is used only to provide, secure, and improve AI Services and to detect misuse or abuse.

We do not use your personal data from AI interactions to train underlying AI models unless you have explicitly consented to this.

2.5 Sensitive data

We do not intentionally request or target sensitive data such as health information, religious beliefs, political opinions, or biometric identifiers.

If you voluntarily provide sensitive information (e.g., about skin conditions, allergies, or health concerns) in a message or form, you consent to our processing of that information solely for the purpose of responding to you and providing the requested service or advice. We do not store or use this data for any other purpose. You should avoid sharing more sensitive data than is necessary.

3. PURPOSES OF PROCESSING

We process personal data for the following purposes:

3.1 Fulfilment of purchases and contractual obligations

  • Processing and confirming orders
  • Handling payments and invoicing
  • Delivering products and services
  • Setting up and managing user accounts
  • Managing returns, refunds, warranty requests, and customer service cases
  • Communicating with you regarding your orders or account

3.2 Service improvement and security

  • Monitoring website and Service performance
  • Debugging, error detection, and troubleshooting
  • Improving products, user experience, and features
  • Detecting, preventing, and investigating fraud, abuse, or technical attacks
  • Ensuring IT, network, and data security

3.3 Legal compliance

  • Fulfilling tax, accounting, archiving, and record-keeping obligations
  • Responding to lawful requests and investigations by authorities
  • Complying with consumer, product-safety, and e-commerce regulations

3.4 Marketing and communication (with consent where required)

  • Sending newsletters, product updates, and promotions
  • Informing you about new features, services, or campaigns
  • Conducting satisfaction surveys and feedback campaigns
  • Creating anonymised statistics for internal business analysis
  • Running remarketing or retargeting campaigns where legally permitted

You may withdraw your consent to marketing at any time, for example by clicking “unsubscribe” in an email or contacting us.

4. LEGAL BASES FOR PROCESSING (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR)
    To process orders, deliver products and services, provide your account, handle returns and warranties, and communicate with you.
  • Legitimate interests (Art. 6(1)(f) GDPR)
    For security and fraud prevention, ensuring service stability, improving products and user experience, basic analytics using minimal technical data, and limited direct marketing to existing customers (where permitted by law, e.g., under Swiss e-commerce rules or EU’s ‘soft opt-in’ for similar products). You may withdraw consent at any time.
  • Legal obligations (Art. 6(1)(c) GDPR)
    For tax, accounting, regulatory, and consumer protection obligations, as well as responding to authorities.
  • Consent (Art. 6(1)(a) GDPR)
    For email marketing where required, non-essential cookies (analytics/marketing cookies), certain optional AI uses, and specific data sharing where requested or required.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies on our websites and platforms.

5.1 Types of cookies

  • Essential (strictly necessary) cookies
    Required for basic functionality: login, shopping cart, checkout, security. The website cannot function properly without them.
  • Preference cookies (where used)
    To remember choices such as language or region.
  • Analytics cookies
    To understand how visitors use the website (e.g. pages visited, time spent) and improve our Services.
  • Marketing / tracking cookies
    To deliver more relevant advertising and measure campaign performance (where used).

5.2 Legal basis for cookies

  • Essential cookies are used on the basis of our legitimate interests in providing a secure and functional website and e-commerce platform.
  • Analytics and marketing cookies are only used with your consent where required by law. You can withdraw consent at any time via the cookie banner or your browser settings.

5.3 Cookie choices

On your first visit, you will see a cookie banner that allows you to:

  • “Accept all” cookies
  • “Only essential” cookies
  • Optionally “Customise” or “Manage preferences” (where available)

You can later adjust your cookie settings via your browser or our cookie settings (if provided).

5.4 More Information

For full details about the cookies and similar technologies we use, including their purposes, providers, and retention periods, please refer to our Cookie Policy:

6. DATA SHARING

We share personal data only with trusted third parties where necessary for business operations and to fulfil our obligations.

6.1 Service providers (processors)

For example:

  • Payment service providers
  • IT hosting, cloud, and infrastructure providers
  • Email and communication platforms
  • Analytics and performance monitoring tools
  • Customer support and CRM platforms
  • Logistics, shipping, and fulfilment partners

These service providers process data only on our instructions and under data processing agreements where required.

6.2 Legal and regulatory authorities

We may disclose personal data where required by law, court order, or regulatory request, or to protect our rights, property, or the safety of others.

6.3 No sale of personal data

We do not sell, rent, or trade personal data to third parties.

7. INTERNATIONAL DATA TRANSFERS

Your personal data may be processed in Switzerland, within the EU/EEA, the UK, and, where necessary, in other countries.

If data is transferred to a country without an adequacy decision (from Switzerland, the EU, or the UK), we implement appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
  • Equivalent contractual, technical, or organisational safeguards under Swiss and UK law.

You can contact us for more information about international transfers and safeguards.

8. DATA RETENTION

We keep personal data only as long as necessary for the purposes described in this Policy or to comply with legal obligations.

Typical retention periods include:

  • Customer account data: For as long as your account is active. If you request account deletion, we will delete or anonymise your personal data within 30 days, unless legally required to retain it (e.g., for tax, warranty, or legal claims).
  • Order and invoice data: Usually 10 years for tax and accounting obligations (under Swiss and many EU rules).
  • Customer support communications: Usually up to 24 months, unless a longer period is needed for evidence or legal purposes.
  • Marketing data (newsletter subscriptions): Until you withdraw consent or we consider the data no longer necessary.

We may retain anonymised or aggregated data that no longer identifies you for statistical or analytical purposes.

9. SECURITY MEASURES

We apply appropriate technical and organisational measures to protect personal data, including:

  • encryption in transit and, where appropriate, at rest
  • access controls and authentication procedures
  • firewalls, monitoring, and intrusion detection/prevention
  • regular updates, patches, and security assessments
  • role-based access restrictions for staff

No system is completely free from risk, but we strive to maintain a level of security appropriate to the risks associated with our processing.

10. YOUR RIGHTS

Depending on your jurisdiction (for example, under the GDPR, UK GDPR, and nFADP), you may have the following rights:

  • Right of access – to know whether we process your personal data and obtain a copy.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – to request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing – to request limited use of your data in specific cases.
  • Right to data portability – to receive personal data in a structured, commonly used format and transmit it to another controller where technically feasible.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time (without affecting earlier, lawful processing).

You also have the right to lodge a complaint with a data protection authority, such as:

  • the Swiss Federal Data Protection and Information Commissioner (FDPIC), or
  • an EU / UK supervisory authority in your country of residence or work.

To exercise your rights, please contact: info@hagrec.ch

We will respond to your request within 30 days of verification, as required by GDPR and nFADP. If the request is complex or numerous, we may extend this period by up to 60 days, informing you of the extension and reasons.

11. CHILDREN’S PRIVACY

Our websites, products, and Services are not intended for children under 16 (or a higher age where local law requires).

We do not knowingly collect personal data from children. If you believe that a minor has provided data to us, please contact us so that we can review and, where appropriate, delete such information.

12. AI-SPECIFIC PRIVACY RULES

When you use our AI features:

  • Your inputs (questions, prompts) and the AI outputs may be logged to operate the service, monitor quality, prevent abuse, and ensure security.
  • We do not use your personal data from AI interactions to train underlying AI models unless you have given explicit consent.
  • You should avoid entering highly sensitive data (such as detailed health or financial information) unless it is strictly necessary and you understand the risks.

AI usage is governed by:

  • this Privacy Policy, and
  • our AI Safety Notice.

AI outputs may be inaccurate or incomplete and must not be used as a substitute for professional advice.

13. THIRD-PARTY LINKS

Our websites and Services may contain links to third-party websites, apps, or services.

We are not responsible for the privacy practices, content, or security of such third parties. We recommend reviewing their privacy policies separately before providing any personal data.

14. POLICY UPDATES

We may update this Privacy Policy from time to time to reflect:

  • changes in laws or regulations,
  • updates to our Services or internal processes, or
  • new security and compliance requirements.

The updated Policy will be published on our website with an updated “Last Updated” date at the top.

Continued use of our website or Services after such changes constitutes acceptance of the updated Policy.

15. CONTACT INFORMATION

For privacy inquiries, please contact us at info@hagrec.ch (Data Protection Officer, General Inquiries).