Privacy Policy

Last updated: June 2026

This Privacy Policy explains how XU Scarf Collection ("we", "us", "our") collects, uses, and protects your personal data when you use our website and purchase our products. We comply with the Swiss Federal Act on Data Protection (nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

XU Scarf Collection
Zurich, Switzerland
Email: info@xuscarf.com

2. Data We Collect

When you place an order: First and last name, delivery address, email address, country. Payment data (card details, TWINT, PostFinance) is processed directly by Payrexx and is never stored on our servers.

When you subscribe to our newsletter: Email address only, with your explicit consent.

Technical data: We do not use analytics cookies or tracking pixels. Our server may log IP addresses for security purposes only.

3. Legal Basis for Processing

• Order fulfillment (Art. 6(1)(b) GDPR / Art. 31(2)(a) nDSG): Name, address, and email are required to process and deliver your order.
• Consent (Art. 6(1)(a) GDPR / Art. 31(1) nDSG): Email address for the newsletter is only collected with your explicit opt-in consent. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): We retain order data for accounting and tax purposes as required by Swiss law (10 years).

4. Third-Party Service Providers

We share your data only where necessary to fulfill your order:

• Payrexx AG (Granges-Paccot, Switzerland) — Payment processing. Your payment data is governed by Payrexx's privacy policy.
• Swiss Post AG (Bern, Switzerland) — Shipping and delivery. Your name and delivery address are transmitted to generate a shipping label.
• Microsoft / GoDaddy — Email delivery via Office 365 SMTP for order confirmations and customer communication.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Retention

• Order data: Retained for 10 years to comply with Swiss accounting law (OR Art. 958f).
• Newsletter email: Retained until you unsubscribe.
• Server logs: Deleted after 30 days.

6. Your Rights

Under the nDSG and GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Withdrawal of consent: Withdraw newsletter consent at any time by emailing us.
• Complaint: Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or with your local EU supervisory authority if you are an EU resident.

7. Cookies

We only use technically necessary cookies (e.g., shopping cart state stored in your browser's localStorage). We do not use advertising, analytics, or tracking cookies. No cookie consent banner is therefore required.

8. Data Security

All data is transmitted over HTTPS. Payment data is handled exclusively by Payrexx using PCI DSS-compliant infrastructure and never passes through or is stored on our servers.

9. Contact for Privacy Requests

For any privacy-related requests, please contact:
info@xuscarf.com

Back to Shop