For your first subscription, enjoy one month free with the code WELCOME1

Privacy Policy


How to read this document

This privacy policy ("Policy") applies to all persons with whom we interact in the course of our business. We process data about you when you use our websites (our "Site"), whether as a visitor or authorized user of our web portal or platforms, when you follow our activities as a registrant on our site, if you are an investor, supplier or one of our customers. By visiting our Site, interacting with us, purchasing products or creating an account to access our platform and become an authorized user (hereinafter referred to as "user", "you", "your" or "yours"), you agree to use our Sites in accordance with our terms and conditions, accessible on our website.

This Policy tells you how we collect personal data about you ("Personal Data") directly or indirectly, and how we use, store, transfer, share, modify or delete it ("Use"). It also describes the measures we take to protect your personal data and how you can exercise your rights. The French version of this Privacy Policy prevails over all other language versions.


1. Our personal data protection commitments

The protection of your privacy and the confidentiality of your personal data are of paramount importance to us. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, modification or deletion. These measures include

  • Encryption of sensitive data (e.g. bank details) during transmission and storage.
  • Multi-factor authentication for internal system access.
  • Regular audits of our IT systems to identify and correct vulnerabilities.
  • Ongoing data protection awareness training for our employees.

Data breach management

In the event of a personal data breach likely to infringe your rights and freedoms, we :

  • We will inform you as soon as possible, in accordance with Article 33 of the RGPD.
  • Notify the competent authority (CNIL or FDPIC) within 72 hours of detecting the incident.
  • We will implement corrective actions to prevent such an incident from happening again.

2. Our role in data processing

Stylla ("Stylla", "we", "us" or "our") is a brand of Swiss Prime Lab SA, a company incorporated under Swiss law, registered in the Commercial Register of the Canton of Vaud under number CHE-220.856.620 , with its registered office at Rue de la Grotte 6, 1003 Lausanne, Switzerland.

When processing your personal data, Stylla acts as data controller in accordance with the applicable legal provisions, in particular:

  • General Data Protection Regulation (GDPR) for residents of the European Economic Area (EEA) and the United Kingdom.
  • Swiss Federal Data Protection Act (FADP) for Swiss residents.

Role and responsibilities

  • As data controller, we determine the purposes and means of the processing of your personal data described in this Policy.
  • In some cases, we use subcontractors (third-party service providers) to carry out specific processing on our behalf. These subcontractors are bound by strict contractual agreements to guarantee the confidentiality, security and compliance of the data they process.

Contact us :
If you have any questions regarding the management of your personal data or the exercise of your rights, please contact us:

  • E-mail address : [email protected]

  • Postal address : Swiss Prime Lab SA, Rue de la Grotte 6, 1003 Lausanne, Switzerland.

You will also find additional information in section 14 of this Policy .

3. The personal data we collect and use

The information we process about you may include various categories of personal data, depending on your interactions with us. Here are the main categories of personal data we collect:

Examples of categories of personal data


Contact data

  • Purposes: To manage your customer relationship, respond to your requests and personalize your experience.

  • Examples: Last name, first name, email address, telephone number.

  • Legal basis: Performance of the contract (Article 6(1)(b) RGPD) or explicit consent for subscriptions (Article 6(1)(a) RGPD).

  • Retention period: This data is kept for the duration of our contractual relationship and up to 3 years after your last contact for marketing purposes.

Professional contact data

We collect and share personal information about your company's employees in order to :

  • Purpose :

    • Facilitate communication and collaboration with our business partners and suppliers.

    • Manage our contractual relationship with you, including billing and order management.

  • Data categories :

    • Last name, first name, professional e-mail address, professional telephone number.

  • Legal basis :

    • Performance of the contract or taking of pre-contractual measures at your request (Article 6(1)(b) RGPD).

    • Legitimate interest to ensure smooth and efficient communication with our partners (Article 6(1)(f) RGPD).

  • Shelf life :

    • Data is kept for the duration of the contractual relationship and up to 5 years after its end, in accordance with our legal and regulatory obligations.

  • Data sharing :

    • This data is only shared with our business partners and suppliers as part of collaborative projects, and with the necessary safeguards to protect your personal data.

Financial data from customers and partners

  • Purposes: To manage payments, prevent fraud and meet our legal obligations.

  • Examples: Bank details, transaction history.

  • Legal basis: Performance of the contract (Article 6(1)(b) RGPD) and legal obligation (Article 6(1)(c) RGPD).

  • Retention period: Data retained for 10 years in accordance with accounting requirements.

Profiling data

  • Purpose: to provide personalized offers and improve our marketing strategy.

  • Examples: Browsing history, purchases made, clicks on our marketing campaigns.

  • Legal basis: explicit consent via cookies (Article 6(1)(a) RGPD).

  • Retention period: Profiling data is kept for a maximum of 13 months after collection, in accordance with CNIL recommendations.

Data we obtain from third-party service providers for advertising purposes

  • Purposes: To broaden our audience and conduct targeted campaigns.

  • Examples: Demographic and behavioral data.

  • Legal basis: explicit consent obtained by our partners (Article 6(1)(a) RGPD).

  • Retention period: Depends on the specific agreement with the service provider, but does not exceed 13 months for data generated by cookies.

Aggregate information and statistical data

We collect and use aggregated and anonymized information and statistical data to:

  • Purpose :

    • Measure the audience and analyze the performance of our website.

    • To improve our services and optimize the user experience.

    • Generate anonymous statistical reports for internal or partnership purposes.

  • Data categories :

    • Navigation data (pages visited, clicks, time spent on site).

    • Technical information (browser type, operating system).

    • Approximate geographical data (e.g. city location).

  • Legal basis :

    • Prior consent for the installation of non-essential cookies or similar tracking technologies (Article 6(1)(a) RGPD and Articles 5 and 7 of the ePrivacy Directive).

    • Legitimate interest for cookies strictly necessary for the operation of our site (Article 6(1)(f) RGPD).

  • Shelf life :

    • Data collected by non-essential cookies is kept for a maximum of 13 months, in accordance with CNIL recommendations.

    • Anonymized or aggregated information can be stored indefinitely, as it does not allow users to be identified.

  • Consent management :

    • You can manage your cookie preferences via the dedicated banner or your browser settings. We respect your right to withdraw your consent at any time, with no impact on the use of essential cookies.

Media content

When you use our platform, we may access or collect multimedia content related to your user account, including:

  • Categories of content collected :

    • Images, photos, icons, videos or other multimedia content that you upload or use in your user account.

  • Purpose :

    • Display and personalize your user account.

    • Improve our services or display content in collaborative environments, where applicable.

  • User responsibilities :

    • You are solely responsible for making such content available. Before sharing multimedia content with us, you must :

      • Obtain all necessary authorizations or consents from persons appearing on such content.

      • Ensure that such content does not infringe copyright, trademark or other legal restrictions.

  • Legal basis :

    • Explicit consent to download and process multimedia content (Article 6(1)(a) RGPD).

    • Legitimate interest to provide and personalize our services (Article 6(1)(f) RGPD).

  • Shelf life :

    • Multimedia content is kept for as long as your user account is active, or until you delete it from your account. A final deletion will be applied after 30 days if your account is closed.

  • Sharing content :

    • Multimedia content is only shared with third parties if this is necessary for the performance of the service (e.g. in a shared collaborative space) or to comply with a legal obligation.

Data collected automatically via devices

  • Purpose :

    • Ensure site safety and smooth operation.

    • Detect and prevent fraud or malicious activity.

  • Data categories :

    • IP addresses.

    • Connection logs and site activity.

    • Browser type and operating system.

  • Legal basis :

    • Legitimate interest to secure our services (Article 6(1)(f) RGPD).

  • Shelf life :

    • Connection logs are kept for a maximum of 6 months, except in the event of legal obligation or fraud investigation.

Customer support data and complaints

  • Purpose :

    • Handle requests for assistance and complaints.

    • Improve our services by analyzing recurring complaints.

  • Data categories :

    • Contact information (name, email, phone).

    • Details of requests or complaints (message content, attachments).

  • Legal basis :

    • Performance of the contract (Article 6(1)(b) RGPD).

    • Legitimate interest to improve our services (Article 6(1)(f) RGPD).

  • Shelf life :

    • Data retained for 2 years after request closure, except in the event of litigation (extension in accordance with legal requirements).

Instant messaging data

When you use our instant messaging features or interact with us via our Site, we collect and store your communications for:

  • Purpose :

    • Respond to your requests and ensure effective follow-up of your interactions.

    • Improve our services by analyzing exchanges to identify trends or solve recurring problems.

    • Prevent any potential abuse or fraud in the use of our services.

  • Categories of data collected :

    • Message content (text, attachments).

    • Communication metadata (date, time, participant IDs).

  • Legal basis :

    • Performance of a contract or pre-contractual measures at your request (Article 6(1)(b) RGPD).

    • Legitimate interest in improving our services and preventing abuse (Article 6(1)(f) RGPD).

  • Shelf life :

    • E-mail data is kept for a maximum period of 12 months after the last interaction, unless there is a legal obligation or a particular legitimate interest requiring longer retention (for example, in the event of litigation or fraud).

  • Data sharing :

    • Your e-mail data will only be shared with third parties in the following cases:

      • To meet legal or regulatory obligations.

      • With service providers to host or process messages, while respecting confidentiality and appropriate contractual guarantees.

  • Data security :

    • We use encryption mechanisms to protect your communications during transmission and storage. Access to this data is restricted to authorized employees in the course of their duties.



4. When and how do we collect your personal data?

When you use our site, become a customer, open an account, interact or collaborate with us, or when we share our latest news with you, we collect information about you by various means and for various purposes described in this Policy.

Information we obtain from you

In the majority of cases, Stylla collects or accesses your personal data directly from you, in particular in the following situations:

Time of collection

Background to the collection of your personal information

When registering on our website

We collect personal data about you when you create a user account or become a customer by purchasing one of our products. This includes your contact details, such as your home address, in order to send you or deliver the Stylla products you have ordered.

When creating your user account on the site

When you submit your data to create an account on our Site, you will receive directly or separately the login information to access your user account. Note that you may use social media plugins to register or log in to your account on our Site, subject to the terms of service of those platforms.

For warranty and repair questions

We collect your contact information when you need to interact with our community support service for questions related to our product warranty or customer service. At that time, we will ask you to provide additional information to help us respond to your request and identify you as one of our customers.

For warranty or withdrawal purposes

We collect your contact information when you need to interact with our community support service for questions related to our product warranty or customer service. At that time, we will ask you to provide additional information to help us respond to your request and identify you as one of our customers.

By contacting us in writing or online

When you ask questions by e-mail, via webchat, or submit queries via our contact form or instant messenger, we will ask you to provide :

  • Your full name

  • Your e-mail address

If necessary, we may request additional information to confirm your identity. Your conversations may be saved temporarily to enable us to improve our customer service and respond to your concerns about our products.

By interacting and posting comments on social networks

We may also collect information about you in order to interact and respond when you mention Stylla on social networks, rate our company, or post other comments. This helps us to optimize customer satisfaction.

When you call us

Where permitted and after informing you, we may record calls to improve our community care service.

 

Please note: when using instant messaging or free-form text functions, please ensure that you do not share or transmit any personal, confidential or sensitive data via our site (including via instant messaging), unless you are authorized to do so and, where applicable, after having duly informed the persons concerned of the processing of their personal data.

Information we collect automatically


Data categories

Description

User device and browser information

When you use our sites, Stylla may collect and use certain information about your device and its use. The information we collect may include:

  • Your IP address

  • Unique identifiers for your device

  • Location data

  • Information derived from cookies stored on your device, which may contain personal data

  • Information about the pages visited, search keywords entered or links clicked on our Sites

To find out more about the information we collect online, please see our Cookie Notice.

Information collected by third parties using cookies and other tracking technologies

In some cases, when you use our Site, we may share your personal information with third parties. This may occur when we allow third-party suppliers to place advertising content on the Site. You can manage your preferences and choose to enable or disable this sharing via our cookie banner.



5. Why do we use your personal data?

When you connect to our site and use the site via your user account, we collect personal information about you, in particular for the following purposes:

Main purposes for which we may use your data


Manage your user account and contractual relationship

We access your data via your user account in the following situations:

Purpose :

  • Create and manage your user account.

  • To provide the products or services you have requested.

  • Facilitate your interactions with our site and platforms.

Legal basis :

  • Performance of a contract (Article 6(1)(b) GDPR).

  • Legitimate interest to ensure the efficient management of your account (Article 6(1)(f) RGPD).

Examples of data used: Name, e-mail address, contract details.

When we have a contract with you

We collect and use the personal data of our :

  • Business partners: this includes staff and third parties with whom you collaborate as part of the services you provide to us or as part of a commercial relationship.

  • Customers: we store your information to manage the contract linked to the products or services you request.

This data is collected before, during and after the conclusion of a contract with you.

Assisting customers with after-sales service

Purpose :

  • Responding to your requests for assistance, managing warranties and handling claims.

Legal basis :

  • Performance of a contract (Article 6(1)(b) GDPR).

Examples of data used: order information, customer service interaction history.

Improve our services and your user experience

Purpose :

  • Analyze your interactions with our site and collect your feedback to optimize our products and services.

Legal basis :

  • Legitimate interest for the continuous improvement of our services (Article 6(1)(f) RGPD).

Examples of data used: Browsing data, customer feedback.

Analysis and profiling

Purpose :

  • Better understand our audience and personalize our offers.

Legal basis :

  • Consent for profiling activities requiring the use of cookies (Article 6(1)(a) RGPD).

Examples of data used: Browsing history, interactions with marketing campaigns.

For advertising purposes

Purpose :

  • Send you personalized newsletters or promotions.

  • Serve targeted advertising on third-party platforms.

Legal basis :

  • Consent for marketing communications (Article 6(1)(a) RGPD).

  • Legitimate interest in advertising related to similar products (Article 6(1)(f) RGPD).

Examples of data used: E-mail address, purchase history, browsing data



6. Legal basis for processing your personal data

We use your personal data in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (FADP) . Here are the legal bases on which we rely, associated with the main processing activities:



Legal basis

Examples of data processing activities

Performance of a contract (Article 6(1)(b) RGPD)

We use your data where necessary to :

  • Manage your user account.

  • Process your orders and deliveries of products or services.

  • Provide assistance with your warranties or claims.

Legitimate interest (Article 6(1)(f) RGPD)

We use your personal data for the following purposes:

  • To improve our services and personalize your experience (e.g. analysis of navigation data).

  • To send you communications about products similar to those you have already purchased.

  • To guarantee the security of our systems and detect potential fraud.

Compliance with a legal obligation (Article 6(1)(c) RGPD)

We process your data for :

  • Meet our accounting, tax and administrative obligations.

  • Respond to requests from the competent authorities (for example, as part of an investigation).

Consent (article 6(1)(a) RGPD)

We use your data only with your prior consent in the following cases:

  • To send you newsletters and personalized marketing offers.

  • To use cookies or similar technologies for non-essential advertising or analytical purposes (see our Cookie Policy).

  • For processes requiring sensitive or specific data.



For authorized users

We process your personal data on the basis of the pre-contractual or contractual relationship we establish with you, as well as our legitimate interest or overriding private interest . These processing activities are described below. In some cases, we process your personal data for other reasons, which are indicated in this section or separately via the Site. None of your personal data is disclosed to third parties unless its confidentiality, integrity, availability and security are guaranteed. Where required by law, we may retain your information or seek your prior consent.

Summary of purposes, legal basis and retention periods by data category

Categories of personal data


Purpose of processing and legal basis


Shelf life


Data linked to your user account

Management of our Site, your account and your contractual relationship with us

We retain your personal information for the duration of your account, use of our Site or contract with us.

Financial data

Collected by third parties in accordance with their terms and conditions.

Generally speaking, we never receive financial information about you, except to send you reminders in the event of non-payment of invoices.

For as long as you have an account with us, use our Site or have a contract with us: Your information is kept for as long as your account is active, you use our Site or you have a current contract with us.

After this period: if you delete your account or terminate your contract, we will delete your information, unless we are legally required to retain it. This policy applies to both customer and business partner accounts.

Contact data

Such as your name, personal or business e-mail, postal address and, if necessary, your telephone number.

  • Depending on your contract with us: whether you are a customer, a person with an account on our website or a business partner, to manage your account or when you send us a request.

  • Contact details: we also use your contact details to contact you at your request or with your consent, for example, to provide further information or in the event of a problem with the Site.

Duration of contract with you: as a customer or business partner, we retain your information for as long as your account is active.

After query resolution: as soon as a query is resolved and no further follow-up is required, your data will be deleted.

E-mail address and contact for marketing purposes

We use your e-mail and contact data:

  • (a) With your prior consent (opt-in); or

  • (b) On the basis of our overriding legitimate or private interest (opt-out).

Depending on your country of residence, we may send you content that may be of interest to you as part of a customer sale or business partnership to share our news. Our aim is to provide you with quality services tailored to your needs and requests.

All users: if no communication takes place for a maximum period of 13 months, or if you unsubscribe from our newsletters, we will ask you to confirm your registration.

For our customers: we keep your e-mail address to manage our products, for example during the warranty period.

Multimedia content

transmitted by our Site (photos, icons, files). 

Our aim is to provide you with quality services tailored to your needs and requirements. You are free to include these media in your user account, for example by logging in via third-party services such as Facebook or Gmail. Please consult the terms and conditions of third-party sites.

Instant messaging data

Any data related to the use of instant messaging.

We process this data according to :

  • Your (pre)contractual relationship with us: to respond to your requests, solve technical problems and provide customer support.

  • Our legitimate, private overriding interest: or according to your contractual relationship with us when the service is provided as a feature of our Site.

We will retain instant messaging data for as long as your account remains open or as long as necessary to respond to your requests as a person with an account on our site, a business partner or a member of the general public. Once your request is closed or if your account is closed, we will delete your data. 

Data aggregated for statistical, analysis, segmentation and profiling purposes

We rely on our legitimate interest to collect personal data regarding the use of our Sites, to improve our service and for essential cookies that are not persistent. Where we are profiling or not using your information, we may not need your consent, except for the use of certain tracking technologies, where applicable (see cookie policy.

We do not store your data for longer than is permitted by law, and in any case for no longer than 24 months. As a general rule, we do not collect any personally identifiable data beyond what is strictly necessary.


7. Limit the collection and use of your personal data

At Stylla , we apply the principle of data minimization in accordance with Article 5(1)(c) of the GDPR and the Swiss Federal Data Protection Act (FADP). This means that:

  • We only collect personal data that is strictly necessary for the purposes defined in this Policy.

  • When personal data is no longer required, we delete it, anonymize it or make it securely inaccessible.

Our minimization practices include :

  • Design of our forms : mandatory fields are limited to the information required to process your requests (e.g. name, e-mail, address for orders).

  • Anonymization and pseudonymization : transformation of personal data into anonymous or pseudonymized data when the purposes can be achieved without using direct identifiers.

  • Deletion of obsolete data : implementation of retention policies that guarantee the deletion of data exceeding the necessary or legal period.

  • Limited sharing with third parties : Only necessary information is passed on to our partners and subcontractors, with strict contractual guarantees.

Concrete examples:

  • When you purchase online, we only collect the information we need to process your order (name, delivery address, payment details).

  • If you contact our customer service department, we retain only the information necessary to resolve your problem. Once the request has been closed, your data will be deleted within a reasonable period of time, unless otherwise required by law.

Final objective:
We ensure that your personal data is processed proportionately and aligned with privacy principles by design and by default.


8. Sharing and access to your personal data

Who can access your data?

Only authorized persons may access your personal data. We ensure that these persons :

  • Respect the same confidentiality and security standards as those applied by Stylla .

  • Use your data only for the purposes set out in this Policy.

Recipients may include :

  • Our in-house employees and consultants : working directly to manage your customer relationship, process your orders or provide support.

  • Third-party contractors : such as IT service providers, auditors or logistics partners.

  • Business partners : within the framework of specific collaborations (e.g.: distribution of targeted advertising content).

Controlled sharing with third parties

When we use third parties to process your data, we :

  • Let's sign strict contracts with these service providers to guarantee :

    • Confidentiality and security of processed data.

    • Processing in accordance with our instructions and applicable laws.

  • Let's limit access to only the information they need to carry out their missions.

Examples:

  • Financial services : We only share your information with secure payment providers (e.g. Payzen) to validate your transactions.

  • IT services : Your data may be hosted or backed up on servers managed by service providers such as Amazon Web Services (AWS).

Your rights concerning the sharing of your data

You have the right to :

  • Obtain information about the third parties with whom your data is shared.

  • Request a copy of the contractual guarantees put in place to protect your data (e.g. standard contractual clauses).

  • You may object to the sharing of your data, except where such sharing is necessary for the performance of a contract or to comply with a legal obligation.


Cross-border data transfer

Your personal data may be transferred internationally in the following situations:

  • Hosting your data on servers located abroad (e.g. AWS).

  • Collaboration with business partners outside the EEA, the UK or Switzerland.

If you are located in the European Economic Area (EEA), the United Kingdom or Switzerland

For users and customers located in the EEA, the UK and Switzerland, any transfer to us or to third parties in these regions does not require any additional safeguards, as Switzerland is recognized by the European Commission as offering an adequate level of protection, equivalent to European privacy laws.

Please note : you can consult the complete list of approved countries on the website of the Swiss Federal Data Protection and Information Commissioner, where transfers of personal data can be considered safe.

Transfer outside the EEA, UK and Switzerland

Where data is transferred outside the EEA, UK and Switzerland to countries not recognised as suitable, we use appropriate legal mechanisms:

  • Standard contractual clauses (SCC) approved by the European Commission.

  • Specific transfer agreements with our partners.

  • Additional technical measures , such as data encryption during transmission.

a) Transfers to third countries 

If you are located in a country that does not recognize our country as offering an adequate level of protection, we will rely on appropriate safeguards (such as standard contractual clauses or other legal transfer mechanisms) to access personal data outside your country of residence. Often, you will share personal data with us, via the Site, on a voluntary basis, for the purpose of entering into a contract with us or on the basis of your consent. For example, this may occur when the processing activity is related to:

  • (a) registering and managing your account, or (b) entering into a contract with us. 

  • (b) Disclosure to 

In certain limited cases, authorized third parties outside our company may have access to your data. These may include :

  • Third parties who provide us with services for the administration and management of the Site (such as IT services in the event of breakdowns or for maintenance)

  • Financial services, such as Payzen (Lyra Network), which you may use on the Site to purchase certain products and which may access information strictly necessary to secure the payment you make via the Site. You can consult the conditions and privacy policy of these financial providers here : Payzen | Terms of use | Privacy notice. Stylla does not access your payment details when you pay online, unless we need to reimburse you or send you a reminder in the event of late payment.

  • Other authorized third parties, such as our CRM platform, data center providers, IT providers, such as Amazon Web Services, or other authorized third parties.

Where we use third parties, we have entered into agreements with them for the processing of your personal data so that this processing is carried out in accordance with our instructions, in a confidential, secure and transparent manner, to protect your privacy rights and comply with data protection laws.


9. Cookies and tracking technologies

Depending on the country in which you reside, you can manage your preferences with regard to cookies and other tracking technologies by using the consent management tools available on our Site. This section applies to cookies and other tracking technologies. It explains what our use of cookies and other tracking technologies means for you and how to disable tracking (for example, by using opt-in or opt-out preferences). Where we collect data that may enable us to identify you, the other sections of this Policy will apply.

Consent management tool : For more details on the cookies we use, you can read our list of cookies which you can view on our cookie consent management tool here or on the footer of our Site. 

You can also find out how tracking technologies work on other websites you use by accessing the corresponding cookie notice.

What are cookies?

Cookies are small text files placed on your device when you visit a site. They are then used to identify your device for the purposes described below. Cookies set by the site owner are called "first-party cookies". Cookies set by third parties are called "third-party cookies". Third-party cookies enable companies outside Stylla to provide functionality on or via the Site (such as analytics, social media plugins to share or connect you to our Site, or even advertising or video viewing). The parties setting these third-party cookies may recognize your device when it visits our Site and when it visits certain other sites.

What types of cookies do we use?

We generally use certain types of cookies during your session on our website ("session cookies "). To enhance your experience or remember your preferences or choices, we may use cookies that will remain on your device unless you delete them ("persistent cookies").

Categories of cookies and tracking technologies we may use



Strictly necessary ("required" ) cookies

These cookies and tracking technologies enable our websites to function properly and improve the security of your online experience. For example, they are used when you need to authenticate yourself or use login features to access restricted sections of our websites, such as patient or doctor areas, or to navigate between different pages and restricted sections of a website or application.

Performance cookies

These cookies may allow us to:


  • to improve our websites;

  • remember your language and other preferences as you navigate ;

  • enable other features on our websites, applications, platforms and devices to optimize your online experience.

Social network cookies

On our Site, we may also use social network plugins to allow you to share interesting content or to connect to certain accounts and share your personal data with us. These platforms may access your browsing history and collect information about your browsing path on their own terms. You can obtain more information by logging on to our Site.

Statistical cookies

These cookies help us to better understand the use of our Site, to establish statistics on visits and usage, such as information on each page visited, the duration of navigation on each page, the time required to download a particular page, as well as user actions on each page (clicks, selections, etc.).

Other tracking technologies

When using third-party websites, mobile applications, devices, web platforms or through other online means, certain embedded tracking technologies may be used, such as:

  • Web beacons , web server data and similar technologies;

  • Tracking pixels, which we may include in the form of an image in the communications we send you. This allows us to know when you read the e-mails we send you, to send you more relevant content and to improve our communications with you.


By using these technologies, we may receive aggregated or anonymous information. In some cases, we may collect data about you, such as :

  • Location data : such as the city, region and location from which you opened your e-mail;

  • IP address ;

  • Browser and device information : such as mobile or desktop operating system, email software type, device and user agent;

  • Time and date : when you open our electronic communications.

Other tracking tools may enable features such as remote interactions with you via chatbots, instant messaging and other online features on our Site or via third-party software we use for our business.



Why do we use cookies on our Site?

We use them for the following purposes:

  • Making your experience more efficient , faster and easier: by remembering your preferences, such as language, display and other settings, by maintaining your session and for authentication purposes. This enables us to offer you a better user experience. These cookies are also known as session cookies, authentication cookies and user interface personalization cookies.

     

  • Obtain useful knowledge about how the site is used : by collecting data on the number of visitors and other uses. This helps us to improve our sites. These cookies are also known as statistical cookies. For this purpose, we use services such as Google Analytics, which means that Google and similar providers will also have access to this information (including your IP address and any other equipment identifiers such as IMEI number and MAC address).

     

  • Ensure easy access to our websites. This enables you to direct and share our content on sites such as Facebook, Twitter, LinkedIn, YouTube or Pinterest, or to allow you to share content that interests you. When we use this technology, these "social network plug-ins" may store cookies and similar technologies on your device. In this way, social networking sites can access this information (including your IP address) and know that you have interacted with our Site.

     

  • Better understand the profile of our audience. This helps us better understand our audience and improve our responses, messages and interactions with our community and customers.

     

  • To improve our marketing communications to you. Some cookies, such as web beacons or tracking pixels, may be used by third-party systems, such as customer relationship management systems or other service providers that help us manage e-mail campaigns. These tracking tools enable us to better understand the success of our communications and the relevance of shared content. This may enable us to reduce the number of e-mails sent, and to offer you content, scientific information or initiatives better suited to your interests.

     

  • Advertising and retargeting. We run marketing campaigns, often via third-party platforms and under the control of these third parties. These campaigns do not require us to collect your data directly, but use third-party platforms that collect this data in accordance with their terms and conditions and privacy policy.

     

Google Analytics

If we use any of these technologies, and if you do not wish certain data about you to be transmitted to Google Analytics, please follow the instructions here to refuse and deactivate the service . You may at any time adjust your browser settings and refuse cookies that are not necessary to provide you with the service via the consent management tool that we may use from time to time on the Site. For more information on cookies, please visit https://www.allaboutcookies.org/. 

How can you oppose or refuse cookies?

Subject to the specific provisions of the legislation of your country, in particular in the European Union, we will inform you and request your prior consent (opt-in) before placing tracking technologies on your device, or grant you a right to object (opt-out) to the purposes described in this section.

Your web browser, e-mail software (such as Microsoft Outlook or Google Gmail) and other clients you use may be configured to manage cookies and similar tracking tools, or even refuse them by default. Please note that if you set your browser to automatically refuse cookies, your user experience on our Site may be affected: your preferences may not be remembered, certain functionality may be lost and you may not be able to access certain areas or features of the Sites.

10.  Your options to unsubscribe from our communications

We may send you information about our services as part of your contract with us, your membership, your account, as well as information about our activities and products. If you have chosen to receive information or updates from us, you can always unsubscribe from our commercial communications at any time by clicking on "unsubscribe" in the e-mail

You can find more information in our section 14 on your privacy rights or by contacting us at [email protected]

11. Our security measures to protect your personal data

We implement appropriate technical and organizational measures to protect your personal data against accidental or unauthorized processing, loss, disclosure, use, alteration or destruction. Where appropriate, we use protective techniques such as encryption, pseudonymization, de-identification and other technologies to secure your information, including measures to restore access to your information. We also require our service providers to comply with recognized standards of data confidentiality, integrity, availability and security.

We conduct tests and evaluations of our technologies and processes, including reviews of our business partners and suppliers, to ensure that our security controls remain effective. In addition, when we no longer need your information, we further anonymize or delete it if it is no longer necessary for the purposes for which it was originally collected.

List of safety measures

We have implemented robust safeguards to ensure the confidentiality, integrity and availability of your data, including :

  1. Transmission and access protection :

    • Encryption of sensitive data (e.g. 256-bit AES) during transmission and storage.

    • HTTPS/SSL protocols for secure browsing on our site.

    • Role-based access controls to restrict data access to authorized persons only.

  2. System protection :

    • Firewalls and "bastion hosts" to protect our databases from unauthorized access.

    • Continuous system monitoring to detect and prevent intrusions.

    • Regular backups and Disaster Recovery Plans.

  3. Organizational protection :

    • Regular awareness-raising and training for our employees on security and data protection.

    • Periodic audits to ensure compliance of internal processes and third-party partners.

Data breach management

In the event of an incident affecting your personal data, we undertake to :

  • React immediately to identify and correct the source of the violation.

     

  • Inform you promptly if the incident is likely to affect your rights and freedoms, in accordance with Article 33 of the RGPD.

     

  • Notify the competent authority (CNIL or Swiss Federal Data Protection Commissioner) within 72 hours of detecting the violation , if necessary.

     

Requirements for our service providers

When we use third parties to process or store your data, we require them to:

  • Adhere to strict information security protocols.

     

  • Sign data protection agreements, guaranteeing compliance with our standards and applicable laws.

     

  • To inform us immediately of any incident affecting data processed on our behalf.

     

Regular audits and controls

We regularly test our systems to :

  • Identify and correct potential vulnerabilities.

     

  • Check that safety measures remain in line with technological and regulatory developments.

     



12. Where is your personal data stored and processed?

Your personal data is stored on secure infrastructures provided by our trusted providers, mainly Shopify, Stripe and our in-house ERP. We ensure that all storage locations meet the highest standards of security and confidentiality, in compliance with the RGPD and the FADP.

Storage locations by treatment

  • Data related to your account and orders :

    • All data associated with customer accounts, orders and interactions with our e-commerce store are stored on Shopify servers. These servers are located in the United States and other countries with guarantees that comply with international standards.

  • Payment details :

    • Payments are processed directly by Shopify Payments and Stripe, two PCI-DSS-compliant service providers. We do not store your credit card details, which are managed exclusively by these service providers.

  • Marketing data and CRM :

    • Your marketing data (newsletter subscriptions, interactions) are stored on our partner marketing platforms and in our secure CRM. The servers used for these services are mainly located in Europe (Ireland, France) with secure backups.

  • Other operating data :

    • Information relating to your interactions with our teams (e.g. HR data, customer service) is centralized and stored in our ERP. This ERP is hosted on servers located in Switzerland and Europe, with advanced encryption measures.

Guarantees for international transfers

When your data is transferred outside Switzerland or the European Union, we apply the following protection mechanisms:

  • Standard Contractual Clauses (SCC ): Concluded with Shopify and Stripe, guaranteeing an RGPD-compliant level of protection.

  • Compliance with the Data Privacy Framework: For service providers based in the United States, we only work with entities certified to meet standards comparable to those in the European Union.

  • Hosting in appropriate countries: Most of our service providers use data centers located in countries recognized as offering an appropriate level of protection (Ireland, Luxembourg, France).

Safety measures for storage facilities

We require our service providers to implement the highest standards of data security, including :

  • Advanced encryption : Data encrypted at rest (AES 256-bit) and during transmission.

  • System monitoring : Continuous checks to detect and prevent intrusions.

  • International certifications : ISO 27001, SOC 2 and PCI-DSS compliant.

Examples of service providers

  1. Shopify : Provides the infrastructure for our online store, storing all data related to user accounts and orders. Shopify is PCI-DSS certified for payment management.
  2. Stripe/Shopify Pay : Handles financial transactions and stores payment data securely.
  3. CRM and marketing tools : host your marketing data on servers located mainly in Ireland and France, with backups in RGPD-compliant zones.
  4. In-house ERP : Centralizes our operational data on servers hosted in Switzerland and Europe.


13. Retention periods for your personal data

We retain your personal data only for as long as is necessary to achieve the purposes described in this Policy, or to comply with applicable legal obligations.

Retention periods by data category

  • Data related to user accounts and orders :

    • Kept for the duration of your active account. If your account is closed, this data is deleted or anonymized within 12 months , unless otherwise required by law (e.g. billing documents).

  • Payment details :

    • Payment data processed by Shopify and Stripe are stored in accordance with the policies of these service providers, only for as long as is necessary to validate transactions or meet legal obligations (e.g. 10 years for accounting documents).

  • Marketing data :

    • Your information (e-mails, preferences) is kept in our CRM for a maximum of 13 months after your last interaction or your unsubscription from our newsletters.

Data deletion and anonymization

When your data is no longer required, we :

  • Delete them from our systems, including those of our third-party service providers.

  • We anonymize data when complete deletion is technically impossible or unnecessary (e.g. for statistical analysis).

Specific legal obligations

We respect the retention periods imposed by applicable laws, in particular :

  • Tax and accounting documents : kept for 10 years in accordance with Swiss and European regulations.

  • Data relating to complaints or disputes : Kept until the dispute is resolved, then archived for 5 years if necessary.

Your rights concerning data retention

You can ask for :

  • Early deletion of your data, subject to legal requirements.

  • A copy of the data retained before deletion or anonymization.


14. Your rights regarding your personal data and how to exercise them

In accordance with the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (FADP) , you have several rights regarding your personal data. These rights depend on the purposes for which we process your data and the legal basis used.

Your rights

You may exercise the following rights, subject to legal or technical limitations:

  1. Right of access (Article 15 RGPD) :

    • You can request a copy of the personal data we hold about you, as well as information about how it is processed.

  2. Right of rectification (Article 16 RGPD) :

    • If your data is inaccurate or incomplete, you can ask for it to be corrected.

  3. Right of deletion or "right to be forgotten" (Article 17 RGPD) :

    • You can request the deletion of your personal data when:

      • They are no longer required for the purposes for which they were collected.

      • You withdraw your consent, or oppose their processing.

      • Their treatment is illegal.

  4. Right to restrict processing (Article 18 RGPD) :

    • You may request that the processing of your data be restricted in the following cases:

      • You dispute the accuracy of the data.

      • You are opposed to their removal, but wish to limit their use.

  5. Right to object (Article 21 RGPD) :

    • You may object at any time to the processing of your data for direct marketing purposes.

  6. Right to data portability (Article 20 RGPD) :

    • You may request to receive your personal data in a structured, machine-readable format, or its transfer to another data controller.

  7. Right to withdraw your consent (Article 7 RGPD) :

    • If we process your data on the basis of your consent, you may withdraw it at any time without any impact on past processing.

How to exercise your rights

You can contact us to exercise your rights via :

  • E-mail address : [email protected]

  • Postal address : Swiss Prime Lab SA, Rue de la Grotte 6, 1003 Lausanne, Switzerland.

Terms and conditions

  • We undertake to respond to your requests within 30 days of receipt, except in the case of complex requests.

  • We may ask you for additional information to verify your identity before processing your request.

Right to complain

If you believe that we are not respecting your rights or applicable laws, you may file a complaint with the competent authority:

  • In Switzerland : Federal Data Protection and Information Commissioner (FDPIC).

  • In the European Union : Data Protection Authority in your country of residence (list available here ).



15. Automated decision-making and personalization of our services

A) Automated decision-making and/or profiling

We do not use algorithms to make decisions based solely on automated decision-making, including profiling. A person will always be involved to validate the decisions resulting from such use.

B) Links to other websites

Our service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party site. We strongly advise you to consult the privacy notice of each site you visit. We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third-party site or service.

C) Privacy of children and minors

Our service is not intended for persons under the age of 18, particularly if the services require one-time or regular payments. However, we may allow you to use our service if you are under the age of 18, up to the age of 16, or if permitted by applicable local data protection legislation, up to the age of 13 ("Children"). The age of 13 should be the minimum age below which you may not be permitted to use the Site at all. We strongly recommend that you only use this Site if you are over 18 ("Adult"), as we may need to ask you for additional information if you are not yet an Adult.

For children using our services, you must obtain prior permission from your parent or legal guardian to use our Site and contract with us. We do not knowingly collect personally identifiable information from anyone under the age of 18 on a voluntary basis. If you are a parent, guardian or person having parental authority and you are aware that your child has provided us with personal information, please contact us at [email protected] if you do not agree. If we become aware that we have collected personal information from children without verification of parental, legal or guardian consent, we will take steps to delete such information from our servers based on your instructions.

16. Changes to the privacy policy

Stylla may update this Privacy Policy from time to time by posting revisions on this Site.  In the event of material revisions, we may place a notice or pop-up notice on this Site and, if required by law, we will notify you directly.

17. Contact

We provide information that is easily accessible via our Site or on request. If you have any questions or requests relating to data protection, please contact us using the following details:

Swiss Prime Lab SA
Rue de la Grotte 6
1003 Lausanne

Email : [email protected]
Last update : Marchr 21, 2025

GDPR representative for the EU : Timelex CV/SC (incorporated and existing under the laws of Belgium under number 0890.217.005 ), with registered office at rue Joseph Stevensstraat 7, 1000 Brussels, Belgium. Email : [email protected].