Varlion Privacy Policy

Last updated: July 14, 2025

1. Introduction and Data Controller

Welcome to Varlion.com. At Varlion, we are committed to protecting your privacy and ensuring your personal data is handled safely, transparently, and responsibly. This Privacy Policy describes what personal information we collect, how we use and protect it, and the rights you have over it.

The data controller for your data is:

• Company Name: Varlion GmbH
• Tax ID (UID): CHE-161.325.041
• Address: Kägiswilerstrasse 17, CH-6060 Sarnen OW, Switzerland
• Contact email: contact@varlion.com

2. What information do we collect?

We collect different types of information to provide you with our services:

• Identification and Contact Data: Name, surname, email address, phone number.
• Transaction Data: Details of the products you purchase, order history, shipping and billing address, and partial payment information (we never store your full card details).
• Technical and Browse Data: IP address, browser type, operating system, and information on how you interact with our website. This information is mostly collected through cookies.

3. For what purpose and on what legal basis do we process your data?

We process your data for specific purposes, always based on a legal basis recognized by the GDPR:

• To manage your purchase and ship your order: We use your identification and transaction data to process your payment, prepare your order, and deliver it to you.
  Legal Basis: Performance of a contract.
• To communicate with you: To send you information about your order, answer your inquiries, or provide support.
  Legal Basis: Performance of a contract.
• To send you marketing communications (Newsletter): To send you news, offers, and promotions about our products.
  Legal Basis: Your explicit consent.
• To improve our website and services: We analyze Browse data to understand how you use our site and thereby improve the user experience.
  Legal Basis: Your consent (for analytics cookies) and legitimate interest.
• To comply with legal obligations: For example, to issue invoices and comply with tax regulations.
  Legal Basis: Compliance with a legal obligation.

4. Who do we share your data with?

We do not sell your personal data. We only share it with trusted providers who help us offer our services, always under strict data processing agreements:

• E-commerce Platforms: Our store runs on PrestaShop, which manages the website's operations.
• Payment Gateways: We share the necessary data with our payment providers (e.g., Stripe, PayPal) to securely process the transaction.
• Logistics and Transport Companies: We provide your contact and address details to courier companies so they can deliver your order.
• Marketing and Communication Tools: We use Brevo to manage newsletter mailings, provided we have your consent.
• Web Analytics Tools: We use Google Analytics to analyze website traffic, based on your consent for the use of analytics cookies.
• Public Authorities: We may disclose your data if required by law.

5. International Data Transfers

Some of our providers, such as Google (USA) or Meta (USA), are located outside the European Economic Area. These international transfers are carried out with the highest security guarantees, as our providers adhere to the EU-U.S. Data Privacy Framework (DPF), which ensures a level of data protection equivalent to that in Europe.

6. How long do we keep your data?

We only keep your data for the time strictly necessary to fulfill the purpose for which it was collected and to comply with legal obligations. For example:

• Your order data will be kept for the duration of the business relationship and subsequently for the periods required by tax and accounting legislation.
• Data for marketing communications will be kept until you withdraw your consent.

7. What are your rights and how to exercise them?

The GDPR grants you the following rights over your personal data:

• Access: The right to know what data we hold about you and how we process it.
• Rectification: The right to correct inaccurate data or complete incomplete data.
• Erasure (Right to be forgotten): The right to request that we delete your data, provided there is no legal obligation to retain it.
• Objection: The right to object to certain data processing, such as direct marketing.
• Restriction of Processing: The right to request that we temporarily suspend the processing of your data in certain circumstances.
• Portability: The right to receive your data in a structured format and to transmit it to another controller.
• Withdrawal of Consent: For processing based on your consent (like the newsletter), you have the right to withdraw it at any time, easily.
• Right to lodge a complaint: If you believe your rights have not been duly addressed, you have the right to lodge a complaint with the competent data protection supervisory authority.

To exercise any of these rights, you can send us an email at contact@varlion.com, attaching a copy of your ID to verify your identity.

8. Cookies and Tracking Technologies

We use cookies for the proper functioning of the website and for other analytical and marketing purposes. You do not manage cookie consent through your browser, but through the settings panel shown to you on your first visit. For detailed information on each cookie we use and to manage your preferences, please see our Cookie Policy.

9. Security and Modifications

We implement technical and organizational security measures to protect your data. However, no transmission over the Internet is 100% secure. We are committed to notifying you of any security breach that may pose a high risk to your rights.

We may update this Privacy Policy periodically. We recommend you review it to stay informed of any changes.

10. Applicable Law

This Privacy Policy is governed by the laws of Switzerland and, for residents of the European Union, by the provisions of the GDPR, which shall prevail in case of conflict.