Community Access
By requesting community access you’ll receive early access to new sets, behind the scenes stories from our makers, and the opportunity to take part in product testing.
Privacy policy
Privacy Policy
1. What is this Privacy Policy about?
Maison Myrthus (hereinafter also “we”, “us”) collects and processes personal data relating to you or other persons (so-called “third parties”). We use the term “data” here as synonymous with “personal data” or “personal information”.
In this Privacy Policy, we describe what we do with your data when you use maisonmyrthus.ch, our other websites or our apps (hereinafter collectively the “Website”), purchase our services or products, are otherwise connected with us in the context of a contract, communicate with us, or otherwise have dealings with us.
Where appropriate, we will inform you in a timely manner in writing about additional processing activities not mentioned in this Privacy Policy. In addition, we may inform you separately about the processing of your data, e.g., in consent declarations, contractual terms, additional privacy notices, forms and information notes.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). Whether and to what extent these laws apply depends, however, on the individual case.
2. Who is responsible for processing your data?
For the data processing described in this Privacy Policy, Maison Myrthus GmbH, in Unterengstringen (“Maison Myrthus”), is responsible under data protection law, unless otherwise communicated in individual cases.
You can reach us for data protection matters and to exercise your rights under Section 11 as follows:
Maison Myrthus GmbH
In Weizenächern 35
8103 Unterengstringen
Switzerland
contact@maisonmyrthus.ch.ch
3. What data do we process?
We process various categories of data about you. The main categories are as follows:
Technical data
When you use our Website or other electronic offerings, we collect the IP address of your device and other technical data to ensure the functionality and security of these offerings. This data also includes logs in which the use of our systems is recorded. We generally retain technical data for 6 months.
To ensure functionality, we may also assign an individual code to you or your device. Technical data alone generally does not allow conclusions to be drawn about your identity. In connection with user accounts, registrations, access controls, or contract processing, however, it may be linked with other data categories (and thus possibly with your person).
Registration data
Certain offerings and services can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide certain data, and we collect data about the use of the offering or service. We generally retain registration data for 12 months after the end of service use or the deletion of the user account.
Communication data
If you contact us via the contact form, by email, telephone, letter, or other means of communication, we record the data exchanged between you and us, including your contact details and the metadata of the communication. If we wish or need to verify your identity, we collect data to identify you (e.g., a copy of an identity document).
We generally retain this data for 12 months from the last exchange with you. This period may be longer where required for evidentiary reasons or to comply with legal or contractual requirements, or for technical reasons. Emails in personal mailboxes and written correspondence are generally retained for at least 10 years.
Master data
By “master data” we mean basic data which we require, in addition to contract data (see below), for handling our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, bank details, date of birth, or customer history.
We process your master data if you are a customer or other business contact, if you act for such a person (e.g., as a contact person of a business partner), or because we wish to contact you for our own purposes or those of a contractual partner (e.g., for marketing and advertising).
We receive master data from you (e.g., in connection with a purchase or registration), from entities for which you act, or from third parties such as contractual partners, associations, and address providers, as well as from publicly accessible sources such as public registers or the internet (websites, etc.).
We generally retain this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. For purely marketing and advertising contacts, the retention period is usually significantly shorter, typically no more than 2 years since the last contact.
Contract data
This includes data arising in connection with the conclusion or performance of a contract, e.g., information about contracts and services to be provided or provided, as well as data from the period prior to contract conclusion, information required or used for processing, and information about responses.
We generally collect this data from you, contractual partners, and third parties involved in contract performance, but also from third-party sources (e.g., providers of creditworthiness data) and publicly accessible sources. We generally retain this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.
Many of the data mentioned in this Section 3 are provided by you (e.g., via forms, in communications with us, in connection with contracts, when using the Website, etc.). You are not obliged to do so, subject to individual cases. If you wish to enter into contracts with us or use services, you must provide data as part of your contractual obligations under the relevant contract, in particular master, contract, and registration data. When using our Website, the processing of technical data is unavoidable.
Where not prohibited, we also obtain data from publicly accessible sources or receive data from authorities and other third parties.
4. For what purposes do we process your data?
We process your data for the purposes explained below. These purposes, and the underlying objectives, constitute legitimate interests of us and, where applicable, of third parties.
We process your data for purposes connected with communication with you, in particular to respond to inquiries, to assert your rights, and to contact you in case of questions. For this, we use in particular communication data and master data, and in connection with offerings and services you use, also registration data. We retain this data to document our communication with you, for training purposes, quality assurance, and follow-up inquiries.
We further process data, among other things, for the initiation, administration, and execution of contractual relationships, for marketing purposes and relationship management, market research, improving our services and operations, product development, compliance with laws, instructions and recommendations of authorities and internal regulations (compliance), and other purposes, e.g., within our internal processes and administration.
5. On what basis do we process your data?
Where we request your consent for certain processing activities, we inform you separately about the relevant purposes. You may withdraw your consent at any time with effect for the future by written notice (by post) or, unless otherwise stated or agreed, by email to us; our contact details are set out in Section 2. For withdrawal of consent regarding online tracking, see Section 12.
Where you have a user account, withdrawal or contacting us may also be possible via the relevant Website or other service. Once we have received your notice of withdrawal, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before withdrawal.
Where we do not request your consent, we base the processing of your personal data on the necessity of processing for the initiation or performance of a contract with you (or the entity you represent), or on our or third parties’ legitimate interests, in particular to pursue the purposes described in Section 4 and the associated objectives and to implement appropriate measures. Our legitimate interests also include compliance with legal requirements insofar as these are not already recognized as a legal basis under applicable data protection law.
In individual cases, other legal bases may apply, which we will communicate separately where required.
6. What applies to profiling and automated individual decisions?
We may automatically evaluate certain personal characteristics of you for the purposes stated in Section 4 on the basis of your data (Section 3) (“profiling”), for example to determine preference data, to identify misuse and security risks, to carry out statistical analyses, or for operational planning.
For the same purposes, we may also create profiles, i.e., we may combine behavioral and preference data, as well as master and contract data and technical data assigned to you, in order to better understand you as a person with your interests and other characteristics.
In both cases, we ensure proportionality and reliability of results and take measures against misuse of such profiles or profiling. Where profiling could have legal effects or significant disadvantages for you, we generally provide for a manual review.
7. To whom do we disclose your data?
In connection with our contracts, the Website, our services and products, our legal obligations, or otherwise to safeguard our legitimate interests and for the purposes listed in Section 4, we may disclose your personal data to third parties, in particular to the following categories of recipients:
Service providers
We work with service providers in Switzerland and abroad who process data about you on our behalf, in joint responsibility with us, or who receive data about you from us under their own responsibility.
Authorities
We may disclose personal data to offices, courts, and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests.
Contractual partners, including customers
This includes customers (e.g., service recipients) and other contractual partners because the disclosure arises from such contracts. If you act for such a contractual partner, we may also disclose data about you in this context. Recipients also include partners with whom we cooperate.
Other persons
This refers to other cases where the involvement of third parties results from the purposes under Section 4.
All of these categories of recipients may in turn engage third parties, so that your data may also become accessible to them. We may be able to restrict processing by certain third parties (e.g., IT providers), but not by others (e.g., authorities, banks, etc.).
8. Is your personal data also transferred abroad?
As explained in Section 7, we also disclose data to other entities. These are not located only in Switzerland. Your data may therefore be processed both in Europe and in any country worldwide.
If a recipient is located in a country without an adequate level of statutory data protection, we contractually oblige the recipient to comply with applicable data protection (for this we use the revised Standard Contractual Clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is already subject to a legally recognized framework ensuring data protection and we cannot rely on an exception.
An exception may apply in particular in the case of legal proceedings abroad, in cases of overriding public interests, where contract performance requires such disclosure, where you have consented, or where the data is data you have made publicly accessible and you have not objected to its processing.
Please also note that data exchanged via the internet is often routed through third countries. Your data may therefore be transferred abroad even if the sender and recipient are in the same country.
9. How long do we process your data?
We process your data for as long as required by our processing purposes, statutory retention periods, and our legitimate interests in processing for documentation and evidentiary purposes, or where storage is technically necessary.
Further information on the respective retention and processing periods can be found under the individual data categories in Section 3 and the cookie categories in Section 12. Unless legal or contractual obligations prevent it, we delete or anonymize your data after the retention or processing period has expired as part of our usual procedures.
10. How do we protect your data?
We take appropriate security measures to protect the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counter the risks of loss, accidental alteration, unintended disclosure, or unauthorized access.
11. What rights do you have?
To help you control the processing of your personal data, you have the following rights depending on applicable data protection law:
-
The right to request information from us as to whether and which data we process about you;
-
the right to have inaccurate data corrected;
-
the right to request deletion of data;
-
the right to request the release of certain personal data in a commonly used electronic format or their transfer to another controller;
-
the right to withdraw consent where processing is based on your consent;
-
the right to obtain further information necessary to exercise these rights;
-
in the case of automated individual decisions (Section 6), the right to state your viewpoint and to request that the decision be reviewed by a natural person.
To exercise your rights, please contact us in writing, in person at our premises, or, unless otherwise stated or agreed, by email; our contact details are set out in Section 2. To prevent misuse, we must identify you (e.g., by requesting a copy of an identity document where no other method is possible).
Please note that these rights are subject to conditions, exceptions, or restrictions under applicable data protection law (e.g., to protect third parties or trade secrets). We will inform you accordingly where necessary.
If you disagree with how we handle your rights or data protection, please inform us (Section 2). In particular, if you are located in the EEA, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority of your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de. The UK supervisory authority can be reached here: https://ico.org.uk/global/contact-us/. The Swiss supervisory authority can be reached here: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.
12. Do we use online tracking and online advertising technologies?
On our Website we use various technologies that enable us and third parties engaged by us to recognize you during use and, in some cases, to track you across multiple visits. This section explains these technologies.
At its core, this is about distinguishing your accesses (via your system) from those of other users in order to ensure the functionality of the Website and to carry out analyses and personalization. We do not aim to identify you, even though we could do so to the extent that we or third parties engaged by us can identify you by combining data with registration data.
Even without registration data, the technologies are designed so that you are recognized as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning a particular identification number to you or your browser (a “cookie”).
We use such technologies on our Website and allow certain third parties to do so as well. You can configure your browser to block certain cookies or alternative technologies, to deceive them, or to delete existing cookies. You can also extend your browser with software that blocks tracking by certain third parties. Further details can be found on your browser’s help pages (often under “Privacy”) or on the websites of the third parties listed below.
We distinguish the following cookies (technologies with comparable functionality such as fingerprinting are also included):
Necessary cookies
Some cookies are necessary for the Website itself or certain functions to operate. For example, they ensure you can navigate between pages without losing information entered into a form. They also ensure you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the Website may not function.
Other cookies are necessary so that the server can store decisions or entries you have made beyond a session (i.e., a visit to the Website) if you use this function (e.g., selected language, granted consent, automatic login function, etc.). These cookies have an expiry date of up to 24 months.
Performance cookies
To optimize our Website and tailor it better to users’ needs, we use cookies to record and analyze the use of our Website, in some cases beyond the session. We do this by using analytics services from third-party providers, which are listed below. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
Marketing cookies
We and our advertising partners have an interest in controlling advertising in a targeted way, i.e., showing it as far as possible only to those we want to reach. Our advertising partners are listed below. For this purpose, we and our advertising partners—if you consent—also use cookies that can record the content accessed or contracts concluded. This enables us and our advertising partners to display advertising that we assume may interest you, on our Website and also on other websites that display advertising from us or our advertising partners.
Depending on the situation, these cookies have an expiry period ranging from a few days up to 12 months. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent, you will not see less advertising, but simply different advertising.
In addition to marketing cookies, we use further technologies to control online advertising on other websites and thereby reduce wastage. For example, we may transmit the email addresses of our users, customers, and other persons to whom we wish to show advertising to operators of advertising platforms (e.g., social media). If those persons are registered there with the same email address (which the platforms determine by matching), the operators display our advertising specifically to those persons. The operators do not receive personally identifiable email addresses of persons not already known to them. For known email addresses, however, they learn that those persons are connected to us and which content they have accessed.
We may also integrate other third-party offerings on our Website, in particular from social media providers. These offerings are disabled by default. As soon as you activate them (e.g., by clicking a button), the relevant providers can determine that you are on our Website. If you have an account with the social media provider, it can associate this information with you and thus track your use of online offerings. These social media providers process this data under their own responsibility.
We currently use offerings of the following service providers and advertising partners (insofar as they use data about you or cookies placed on your device for advertising control):
Google Ireland (Google Analytics)
Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our processor. Google Ireland relies on Google LLC (based in the USA) as its sub-processor (both “Google”).
Google uses performance cookies (see above) to track the behavior of visitors on our Website (duration, frequency of pages visited, geographic origin of access, etc.) and creates reports for us based on this.
We have configured the service so that visitors’ IP addresses are shortened by Google in Europe before being forwarded to the USA, and therefore cannot be traced back. We have disabled the “data sharing” and “Signals” settings.
Although we can assume that the information we share with Google does not constitute personal data for Google, it is possible that Google can draw conclusions about the identity of visitors for its own purposes, create personal profiles, and link this data with the Google accounts of those persons.
If you consent to the use of Google Analytics, you explicitly consent to such processing, which may include the transfer of personal data (in particular usage data relating to the Website and app, device information, and individual IDs) to the USA and other countries.
Information on data protection in Google Analytics can be found here: https://support.google.com/analytics/answer/6004245
If you have a Google account, further information on processing by Google can be found here: https://policies.google.com/technologies/partner-sites?hl=de
Google AdSense
Our Website uses Google AdSense, a service for embedding advertisements from Google Inc. (“Google”). For the embedding of advertisements, Google AdSense uses so-called “cookies”, text files stored on your computer that enable analysis of the use of the Website. In addition, Google AdSense uses web beacons (invisible graphics). Web beacons can be used to evaluate information such as visitor traffic on websites.
The information generated by cookies and web beacons about the use of our Website, including your IP address, is transmitted to a Google server in the USA and stored there, as with Google Analytics. The stored information may be passed on by Google to its contractual partners. However, the information collected by Google about your IP address is not combined with other data stored by you.
If you do not wish this, you can prevent the storage or installation of cookies by setting your browser software accordingly. Please note that in this case you may not be able to use all functions of this Website to their full extent. By using this Website, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above.
X
Plugins of the short messaging network X Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, are integrated into our internet pages. You can recognize the X plugins (tweet button) by the X logo on our site. An overview of the tweet button can be found at https://dev.X.com/.
When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the X server. X receives the information that you have visited our site with your IP address. If you click the “tweet” button while logged into your X account, you can link the content of our pages on your X profile. This allows X to associate your visit with your user account.
We would like to point out that as the provider of the pages we have no knowledge of the content of the transmitted data or its use by X. Further information can be found in X’s privacy policy. If you do not want X to be able to associate your visit to our pages, please log out of your X user account.
Plugins of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”), are integrated into our internet pages. You can recognize the LinkedIn plugins by the LinkedIn logo or the “Recommend” button.
When you visit our pages, the plugin establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our site with your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to associate your visit with your user account.
We would like to point out that as the provider of the pages we have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and settings options can be found in LinkedIn’s privacy information: http://www.linkedin.com/legal/privacy-policy
Our internet pages use so-called social plugins from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you visit a page of our website containing such a plugin, your browser establishes a direct connection to Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the relevant page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram.
This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly associate your visit to our Website with your Instagram account. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.
The information is also published on your Instagram account and displayed to your contacts there. For the purpose and scope of data collection and the further processing and use of the data by Instagram, as well as your rights and settings options to protect your privacy, please refer to Instagram’s privacy notices: https://help.instagram.com/155833707900388/
If you do not want Instagram to associate the data collected through our Website directly with your Instagram account, you must log out of Instagram before visiting our Website. You can also prevent the loading of Instagram plugins entirely by using browser add-ons, e.g., the script blocker “NoScript” (http://noscript.net/).
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into our pages. You can recognize these by the Facebook logo or the “Like” button. An overview of possible Facebook plugins can be found at: http://developers.facebook.com/docs/plugins/.
When you visit our pages, a direct connection is established between your browser and the Facebook server via these plugins. Facebook receives the information that you have visited our pages with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, the content of our pages will be linked to your Facebook profile. This allows Facebook to associate your visit with your user account.
As the website provider, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy: http://de-de.facebook.com/policy.php. If you do not want Facebook to associate your visit to our Website with your Facebook user account, please log out of Facebook before visiting our Website.
YouTube
Our internet pages contain at least one plugin from YouTube, belonging to Google Inc., LLC 901 Cherry Ave, San Bruno, CA 94066, USA. As soon as you visit a page of our Website equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed which specific page of our Website you have visited.
If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your account beforehand. Further information on the collection and use of your data by YouTube can be found in YouTube’s privacy information: http://www.youtube.com/t/privacy.
Tumblr
These internet pages use the plugins of the service Tumblr. These buttons are provided by Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA. They can be recognized by the term “Tumblr”. Using the buttons, it is possible to share a post or page of this offering on Tumblr or to follow the provider on Tumblr.
When a user accesses a website of this internet presence that contains such a button, their browser establishes a direct connection to Tumblr’s servers. The content of the Tumblr button is transmitted by Tumblr directly to the user’s browser. The provider therefore has no influence on the scope of the data that Tumblr collects using this plugin and informs users according to its state of knowledge.
According to this, only the user’s IP address and the URL of the respective website are transmitted when the button is accessed, but are not used for other purposes than displaying the button. Further information can be found in Tumblr’s privacy policy: http://www.tumblr.com/policy/de/privacy
13. Can this Privacy Policy be amended?
This Privacy Policy is not part of a contract with you. We may amend this Privacy Policy at any time. The version published on this Website is the current version.
Last updated: 07.08.2025
