Privacy policy
Last updated: April 21, 2026Reading time: 6 min
At Chic Time, we consider the protection of your personal data a fundamental commitment. This policy explains, in full transparency, what data we collect, for what purpose, how long we keep it, and what rights you retain at any time.
1Data controller
The controller of your personal data is Chic Time - Saviano Sàrl, a Swiss limited liability company (VAT / IDE CHE-173.731.287), with its registered office at Route du Grand-Lancy 53, 1212 Grand-Lancy, Suisse.
For any question regarding the protection of your data or to exercise your rights, you can contact us by email at contact@chic-time.com.
2Data collected
We only collect the data necessary to deliver our services. The categories are as follows:
- Order data: last name, first name, shipping and billing address, email, phone number, products purchased.
- Account data: username, password (hashed), order history, preferences.
- Browsing data: IP address, pages viewed, traffic source, device type.
- Payment data: no card number is ever stored on our servers - everything is processed by Stripe and PayPal.
- Support data: emails exchanged with our customer service, tickets opened.
3Purposes and legal bases
Each processing activity is based on a specific legal ground under the GDPR (article 6) and the Swiss nFADP:
| Purpose | Legal basis |
|---|---|
| Process and deliver your order, manage your customer account | Performance of a contract |
| Secure the website, prevent fraud, improve our services | Legitimate interest |
| Measure audience and site performance | Consent |
| Send our commercial newsletter | Consent |
| Retain accounting records | Legal obligation |
4Recipients and processors
Your data is only shared with the technical providers and partners who assist us, strictly for the purposes detailed above:
- Stripe (Ireland) - secure card payment processing.
- PayPal (Luxembourg) - PayPal payment processing.
- Hetzner Online GmbH (Germany) - server hosting.
- Cloudflare (United States) - content delivery network and DDoS protection.
- Carriers (Colissimo, DHL, Chronopost) - order delivery.
- Brevo (France) - transactional emails and newsletter delivery.
- Google Analytics (with consent) - anonymized audience measurement.
Each of these providers is contractually bound to comply with GDPR requirements (processor clauses under article 28).
5Retention periods
We retain your data only for as long as necessary for the stated purposes or to comply with our legal obligations:
| Data type | Duration |
|---|---|
| Order data (accounting) | 10 years (art. 958f Swiss CO) |
| Customer account data | Period of activity + 3 years after inactivity |
| Browsing data and logs | 12 months maximum |
| Measurement and marketing cookies | 13 months maximum |
| Customer support emails | 3 years after last interaction |
Once these periods expire, data is irreversibly anonymized or permanently deleted.
6Your rights
In accordance with the GDPR and the Swiss nFADP, you have the following rights over your personal data at any time:
- Right of access - obtain a copy of the data concerning you
- Right to rectification - correct inaccurate information
- Right to erasure (right to be forgotten)
- Right to restriction of processing
- Right to portability - receive your data in a structured format
- Right to object - in particular to profiling and direct marketing
- Right to withdraw your consent at any time
- Right to issue directives regarding the fate of your data after your death
8Transfers outside the EU
Some of our processors (Cloudflare, Google Analytics) may involve a transfer of data to the United States. These transfers are governed by:
- Standard contractual clauses adopted by the European Commission (decision 2021/914)
- The EU–US Data Privacy Framework (adequacy decision of 10 July 2023)
- Additional technical measures (encryption, pseudonymization)
We carry out a Transfer Impact Assessment for every new processor located outside the EU/Switzerland.
9Data security
We implement technical and organizational measures to protect your data against any unauthorized access, alteration, or disclosure:
- Communications encryption via TLS 1.3
- 3D Secure authentication on every payment
- Restricted access to data on a need-to-know basis
- Encrypted and redundant backups
- Regular security audits and continuous dependency updates
In the event of a data breach posing a risk to your rights and freedoms, we undertake to notify the competent supervisory authority and to inform you within 72 hours.
10Minors
The www.chic-time.com website is intended for adults. We do not knowingly collect data concerning minors under the age of 16. If you believe a minor has provided us with data without parental authorization, please contact us at contact@chic-time.com for immediate deletion.
11Changes to this policy
This policy may be updated to reflect legal, regulatory, or technical developments. Any substantial change will be notified to you:
- By email if you are a registered customer
- Via an information banner displayed on the site for at least one month
The last update date always appears at the top of this document.
12Contact and complaints
For any question or request regarding your personal data, contact us:
- Email: contact@chic-time.com
- By post: Saviano Sàrl, Route du Grand-Lancy 53, 1212 Grand-Lancy, Suisse
If you believe your rights are not being respected after contacting us, you may lodge a complaint with the competent supervisory authority:
- In Switzerland: PFPDT - Federal Data Protection and Information Commissioner
- In France: CNIL - Commission nationale de l'informatique et des libertés
- In other EU countries: the competent national supervisory authority
A question about your data or a right to exercise? Our team responds within 30 days, often within 72 hours.
Contact us →