Datenschutzerklärung

Last Updated: March 22, 2026

This Privacy Policy explains how ledermann-johnson ("we," "us," or "our") collects, uses, and discloses your personal information when you visit or make a purchase from our online store. We are committed to protecting your privacy and processing your data in accordance with the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR).

1. Controller & Contact Information

The responsible controller for data processing is:

Miro Ledermann

Waldheimstrasse 48

3012 Bern

Switzerland

Email: ledermann.johnson@gmail.com

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

2. Personal Data We Collect

When you visit our website or make a purchase, we collect specific information necessary to provide our services. We do not collect more data than strictly required.

  • Contact & Delivery Data: First and last name, billing address, shipping address, email address, and phone number.

  • Account Information: If you create an account, we store your username and account settings. Passwords are mathematically hashed and securely encrypted; we never store or see your password in plain text.

  • Order & Transaction Data: Details about the physical goods you purchase, shopping cart contents, order history, and return/exchange requests.

  • Technical Data (Automatically Collected): IP address, browser type, time zone, and device information required to display the website correctly.

3. Purposes and Legal Bases for Processing

We process your personal data based on the following legal grounds:

  • Fulfillment of Contract (Art. 6(1)(b) GDPR / FADP): To process and deliver your orders, communicate with you regarding your purchase, and manage returns.

  • Legal Obligation (Art. 6(1)(c) GDPR / FADP): To comply with Swiss commercial and tax laws, which require us to retain accounting and transaction records for 10 years.

  • Legitimate Interests (Art. 6(1)(f) GDPR / FADP): To ensure the IT security of our store, prevent fraud, and provide basic customer support.

(Note: We currently do not use your data for email marketing, newsletters, or profiling. If this changes, we will explicitly ask for your consent beforehand).

4. Role of Shopify (Hosting)

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our physical products to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application on secure servers behind a firewall. As a Canadian/US company, Shopify transfers data internationally. This transfer is legally safeguarded by Standard Contractual Clauses (SCCs) and adequacy decisions. For more details, please review Shopify’s Privacy Policy.

5. Payment Processing

We use Shopify Payments (powered by Stripe) to process your payments securely. If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). We as the merchant never see, access, or store your full credit card details. ### 6. International Shipping Partners & Data Transfers To deliver your physical goods worldwide, we work with international logistics partners. To fulfill our shipping contract with you, we must share your delivery details (Name, Address, Phone Number) with the carrier handling your specific route.

Depending on your location and the origin of the goods, data may be transferred to the following partners located in the USA, China, or other third countries:

  • UPS (United States)

  • FedEx (United States)

  • USPS (United States)

  • CNE Express (China)

  • YunExpress (China)

Legal Notice regarding International Transfers: If a transfer occurs to a country without an adequacy decision (e.g., China), this transfer is strictly necessary for the conclusion or performance of the contract between you and us (Art. 49(1)(b) GDPR / Art. 17 FADP).

7. Cookies and Tracking Technologies

We currently only use strictly necessary cookies. These are default cookies set by Shopify required to make the website function (e.g., keeping track of items in your shopping cart, enabling secure checkout, and preventing fraud). Since we do not use third-party analytics (like Google Analytics) or marketing pixels (like Facebook Pixel), no marketing or tracking cookies are placed on your device.

8. Data Security and Retention

  • Security: We protect your personal data using industry-standard technical and organizational measures, including SSL/TLS encryption for all data transmitted through our store.

  • Retention: We retain your order data only for as long as necessary to fulfill the purposes outlined in this policy. In accordance with Swiss commercial and tax law, financial and order records are kept for a minimum of 10 years.

9. Minors

Our website is not intended for individuals under the age of 16. We do not intentionally collect personal information from children. If you are the parent or guardian and believe your child has provided us with personal information, please contact us to request deletion.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or the content of these external sites.

11. Your Data Protection Rights

Depending on your location (Switzerland or the EEA), you have the right to:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure ("Right to be forgotten"): Request deletion of your data (unless legal retention periods apply).

  • Restriction: Request a temporary halt to processing.

  • Data Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, please email us at ledermann.johnson@gmail.com. We will respond to your request within the legally required timeframe (usually 30 days) at no cost to you.

12. Right to Lodge a Complaint

If you believe that our processing of your data violates data protection laws, you have the right to lodge a complaint with a supervisory authority:

  • In Switzerland: The Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

  • In the EU/EEA: The competent national data protection authority in your country of residence.