Privacy Policy

1. Data Controller

Mila Stefanova Hristova (MD Crochet)
Leihgasse 12b, 6340 Baar, Zug, Switzerland
E-Mail: ivaylo.ih.hristov@gmail.com

2. Data We Collect

• First and last name
• Email address
• Delivery address
• Phone number (optional)
• Order data and history
• Payment information (processed by Stripe — not stored by us)
• Password (stored encrypted, only upon account registration)

3. Purpose of Processing

• Processing and delivering orders
• Customer communication and order confirmations by email
• Managing customer accounts
• Compliance with statutory bookkeeping obligations

4. Legal Basis (Swiss nDSG)

Processing of your data is carried out in accordance with the Swiss Federal Act on Data Protection (nDSG/revFADP, in force since 1 September 2023). The legal basis is performance of a contract (Art. 31 nDSG) and our legitimate interest in operating this online shop.

5. Data Processors (Third Parties)

We work with the following service providers who process your data on our behalf:

All US providers maintain adequate data protection guarantees (DPF certification or standard contractual clauses).

6. Your Rights

Under the nDSG, you have the right to: access your stored data · rectification of inaccurate data · erasure of your data · restriction of processing · data portability. Contact us at ivaylo.ih.hristov@gmail.com.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch

7. Data Security

We take appropriate technical and organisational measures to protect your data: SSL/TLS encryption of the website, encrypted payment processing via Stripe, passwords are hashed with bcrypt and never stored in plain text.

8. Retention Period

Order data is retained for 10 years (statutory bookkeeping obligation under Swiss Code of Obligations Art. 958f). Account data can be deleted at any time upon request (ivaylo.ih.hristov@gmail.com), unless a statutory retention obligation applies.