Scope and status

This policy covers personal data collected via somawave.ch during the Early Bird pre‑sale, which is operated by an individual and will transition to a registered company upon launch, at which time entity details will be added. It applies to visitors and pre‑order customers in Switzerland and, where applicable, the EU/EEA under GDPR’s extraterritorial scope.​

Controller and contact

During pre‑sale, the controller is the project founder acting as a sole operator for data protection purposes, with updates to follow upon incorporation. Contact for privacy matters: privacy@somawave.ch, with a postal address to be published once the company is formed or provided upon request.​

What data is collected

• Identification and contact data such as name, email, and optional phone when provided for pre‑orders and support.​

• Order and delivery data such as shipping address, product selection, and pre‑order details to fulfill the pre‑sale.​

• Transactional data from payment providers, excluding full card numbers stored on somawave.ch.​

• Technical data including IP address, device/browser information, and consent‑based analytics events.​

Why data is used (legal bases)

• Contract necessity to process pre‑orders, arrange delivery, confirm payments, and provide essential service notices.​

• Legitimate interests to operate the site securely, prevent fraud, and provide customer support updates, balanced against data subject rights.​

• Consent for optional marketing and non‑essential cookies/analytics, with the right to withdraw at any time without affecting prior lawful processing.​

How we share your information

• Payment processors: specialized third parties such as Stripe process payments securely; somawave.ch does not store full card details.​

• Logistics and shipping: name, address, and phone number may be shared with carriers such as Swiss Post to deliver pre‑ordered products.​

• Hosting, analytics, and email providers: cloud hosting/CDN, Google Analytics (if enabled via consent), and email services are used under contracts that protect data and follow controller instructions.​

Cookies and analytics

Only essential cookies run by default, while analytics/marketing cookies activate based on consent captured through a compliant banner and preference tools. Where Google Analytics 4 is used, configuration minimizes data and honors consent, with user‑controlled retention and event settings.​

Retention and deletion

Data is retained only as long as necessary for stated purposes and then deleted or anonymized, following the storage limitation principle under Swiss and EU law. Financial and transactional records are retained to meet statutory bookkeeping and audit duties under Swiss law, including long‑term archiving obligations applicable to accounting records, after which data is securely deleted or anonymized. Account and profile data (if created) are kept until a deletion request is fulfilled, after which only legally required records are retained for statutory periods. Proof of marketing consent is stored for an appropriate period to demonstrate compliance and then minimized or removed, with ongoing reviews to ensure necessity and proportionality.​

Sensitive and health data in the community

Community and practice areas may involve voluntary user‑generated content that could reveal health‑related details, which are considered sensitive personal data. Posting such information is entirely voluntary and at the user’s own risk, and access to services does not require disclosure of sensitive data. If a future program requires processing sensitive data, separate explicit consent will be requested with clear purpose, necessity, and safeguards before any collection begins.​

International transfers

Where service providers process data outside Switzerland/EU, appropriate safeguards such as adequacy decisions or Standard Contractual Clauses are applied, and copies or summaries can be made available upon request. Transfers are limited to what is necessary for pre‑order operations, hosting, analytics (when consented), and communications.​

Your data protection rights (FADP & GDPR)

• Right to information and access to obtain a copy of personal data processed, generally within one month with possible extension for complexity.​

• Right to rectification of inaccurate or incomplete data.​

• Right to erasure where no legal obligation requires retention, subject to statutory archiving for financial records.​

• Right to restrict processing in certain circumstances such as accuracy or objection pending verification.​

• Right to data portability for personal data provided and processed by automated means, in a structured, commonly used, machine‑readable format.​

• Right to object to processing based on legitimate interests, including direct marketing, and to withdraw consent at any time for consent‑based processing.​

Requests can be submitted to privacy@somawave.ch with reasonable identity verification, and responses will be issued within one month unless an extension is justified by complexity or volume.​

Security and breach notification

Technical and organizational measures include encryption in transit, access controls with processors, and data minimization by default and design consistent with FADP and GDPR principles. If a data incident creates a likely high risk to individuals, the relevant authority will be notified without undue delay and generally within 72 hours, and affected individuals will be informed when required for their protection.​

Complaints

Individuals in Switzerland can contact the Federal Data Protection and Information Commissioner (FDPIC) and EU/EEA individuals can contact their local supervisory authority if concerns remain unresolved. Contact details for the competent authority will be provided upon request in the rights response process.​

Changes to this policy

This notice will be updated as the project incorporates, services evolve, or legal requirements change, and material changes will be communicated on the site and, where appropriate, via email to pre‑order customers.​

Contact

Questions or privacy requests can be sent to privacy@somawave.ch