Compass for Cancer about hero image

Privacy

Privacy Policy

How we handle your data – transparently, economically, and in compliance with GDPR.

PRIVACY POLICY

1) Introduction and Contact Details of the Data Controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to all data that can be used to identify you personally.


1.2 Data Controller

The data controller for data processing on this website, in accordance with the General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (revDSG), is:

Compass for Cancer

Laura Herbella
Trader License No. 1514147
Dubai, United Arab Emirates

Email: info@compassforcancer.com
Website: www.compassforcancer.com


2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, we only collect data that your browser transmits to the page server (so-called server log files):

  • Visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser and operating system used
  • IP address (anonymized if applicable)

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

2.2 For security reasons, this website uses SSL or TLS encryption, recognizable by "https://" and the padlock symbol in the browser's address bar.


3) Hosting

Shopify

We use Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland for hosting our website.

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on Shopify's servers. We have concluded a data processing agreement with Shopify. For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

Cloudflare

We use a Content Delivery Network from: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

This service enables faster delivery of content via regionally distributed servers. Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and loading speed of our website. Cloudflare has joined the EU-US Data Privacy Framework, which ensures the European level of data protection based on an adequacy decision by the European Commission.


4) Cookies

We use cookies — small text files that are stored on your device. Session cookies are deleted after closing the browser, persistent cookies remain for a longer period.

Technically necessary cookies are used in accordance with Art. 6 Para. 1 lit. b or lit. f GDPR. Analytics and marketing cookies are only set with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time via our cookie consent tool.


5) Cookie Consent Tool

To obtain effective user consent for cookies requiring consent, we use a cookie consent tool. This is displayed as an interactive user interface when the page is accessed. Cookies requiring consent are only loaded if you actively accept them. The tool itself sets technically necessary cookies to store your preferences. Processing is carried out in accordance with Art. 6 Para. 1 lit. f and lit. c GDPR.


6) Contact

When you contact us by email or contact form, your data will be processed exclusively for the purpose of handling and responding to your inquiry, in accordance with Art. 6 Para. 1 lit. f or lit. b GDPR. Your data will be deleted as soon as the matter in question has been definitively clarified and there are no legal retention obligations preventing deletion.


7) Customer Account

If you open a customer account, the personal data required for this will be processed in accordance with Art. 6 Para. 1 lit. b GDPR. Your account can be deleted at any time by sending a message to info@compassforcancer.com.


8) Newsletter

If you subscribe to our newsletter, we use the double opt-in procedure: you will first receive a confirmation email with a verification link before you receive newsletters. The legal basis is Art. 6 Para. 1 lit. a GDPR.

We use the service for sending newsletters: Klaviyo, Inc., 125 Summer St, Boston, MA 02110, USA. We have concluded a data processing agreement with the provider.

You can unsubscribe from the newsletter at any time via the unsubscribe link in the newsletter or by email to info@compassforcancer.com. After unsubscribing, your email address will be immediately deleted from the distribution list.


9) Order Processing and Payment Service Providers

9.1 General

For order processing, we process name, email address, and payment data in accordance with Art. 6 Para. 1 lit. b GDPR.

9.2 Shopify Payments / Stripe

When paying by credit card, debit card, or SEPA via Shopify Payments, the processing is handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Your payment data will be passed on exclusively for payment processing.

9.3 PayPal

When paying via PayPal, the processing is carried out by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal's privacy policy applies: https://www.paypal.com/de/legalhub/privacy-full

9.4 Klarna

When paying with Klarna, the transaction is processed by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna may share your data with credit agencies for credit assessment and fraud prevention. Further information: https://www.klarna.com/de/datenschutz/

9.5 Apple Pay

When paying with Apple Pay, the transaction is processed by Apple Distribution International, Hollyhill Industrial Estate, Cork, Ireland. Apple uses hardware and software security features on your device. Apple only stores anonymized transaction data. Further information: https://support.apple.com/de-de/HT203027

9.6 Google Pay

When paying with Google Pay, the transaction is processed by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google transmits a one-time transaction number for verification. Further information: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de


10) Meta Pixel (Facebook/Instagram)

The Meta Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, is integrated into our website.

The Meta Pixel makes it possible to track the behavior of visitors to our website after they have been redirected to our website by clicking on a Facebook or Instagram ad. This allows us to evaluate the effectiveness of our advertisements and use them for statistical and market research purposes.

The data collected in this way is anonymous to us - we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible. Meta can use this data for its own advertising purposes in accordance with Meta's data policy.

Processing only takes place with your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our cookie consent tool.

For data transfers to the USA, Meta has joined the EU-US Data Privacy Framework. Further information on data processing by Meta: https://www.facebook.com/privacy/explanation


11) Shopify Analytics

This website uses the web analytics service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (data is also transferred to Canada: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4).

Shopify Analytics collects pseudonymized visitor data (IP address, browser information, page interactions) for statistical analysis of user behavior. Processing only takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR and can be deactivated via our cookie consent tool.


12) Best Currency Converter

This website uses the "Best Currency Converter" service from Grizzly Apps SRL, Str. Muresului Nr. 7, Brasov, Romania. The service collects your IP address to adjust the currency display in accordance with Art. 6 para. 1 lit. f GDPR. The IP address is not permanently stored. After the first currency adjustment, a functional session cookie is set, which is automatically deleted after the session ends.


13) Rights of the data subjects

13.1 The applicable data protection law grants you the following rights:

  • Right to information in accordance with Art. 15 GDPR
  • Right to rectification in accordance with Art. 16 GDPR
  • Right to erasure in accordance with Art. 17 GDPR
  • Right to restriction of processing in accordance with Art. 18 GDPR
  • Right to notification in accordance with Art. 19 GDPR
  • Right to data portability in accordance with Art. 20 GDPR
  • Right to withdraw consent in accordance with Art. 7 para. 3 GDPR
  • Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

To exercise your rights, please contact: info@compassforcancer.com

13.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS.

IF YOUR DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME. UPON RECEIPT OF YOUR OBJECTION, WE WILL IMMEDIATELY CEASE PROCESSING FOR DIRECT MARKETING PURPOSES.


14) Storage period

Order data is retained for 10 years (commercial and tax obligations). Newsletter data is stored until revocation. Inquiry data is deleted 6 months after final processing. In all other cases, personal data is deleted as soon as it is no longer necessary for the purposes for which it was collected.