Privacy Policy

1. Controller

The data controller responsible for this website is Nivellipso AG, Bahnhofstrasse 1, 4500 Solothurn, Switzerland. For data protection inquiries, contact our Data Protection Officer at dpo@nivellipso.com.

2. Data We Collect

We collect the following categories of personal data:

• Account information: name, email address, dental licence number, practice name and address, billing details.
• Order details: products ordered, quantities, shipping address, order history, invoices.
• Technical data: IP address (retained for fraud detection and security for 90 days), browser type, pages visited, referrer URL, timestamps. Collected via server logs.
• Communication data: emails, support tickets, and chat messages you send to us.

3. Purpose and Legal Basis

• Contract performance (Art. 6(1)(b) GDPR): processing orders, account management, shipping, invoicing.
• Legal obligation (Art. 6(1)(c) GDPR): VAT records, device traceability under EU MDR, anti-money-laundering requirements.
• Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, IT security, aggregate analytics to improve our service.
• Consent (Art. 6(1)(a) GDPR): optional newsletter, preference cookies. You may withdraw consent at any time.

4. Third Parties

• Stripe, Inc. — payment processing. Stripe is PCI-DSS Level 1 certified. Card data never touches our servers.
• Shipping carriers (DHL, Swiss Post) — your name, address, and order reference are shared for delivery.
• Plausible Analytics — cookieless, privacy-friendly visitor analytics hosted in the EU. No personal data transferred.
• Email infrastructure — transactional emails sent via a Swiss-hosted SMTP relay. No marketing data shared.

We do not sell your personal data. We do not use third-party advertising trackers.

5. Retention

• Account data: retained while your account is active, plus 3 years after closure.
• Order and invoice data: 10 years (Swiss statutory accounting obligation).
• IP/security logs: 90 days.
• Support correspondence: 3 years.

6. Your Rights

Under GDPR and the Swiss nDSG you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data where no legal basis remains.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Restriction — ask us to pause processing under certain circumstances.

Exercise any of these rights by emailing dpo@nivellipso.com. We respond within 30 days. You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

7. International Transfers

Data may be transferred to processors in the EU/EEA, which the European Commission has deemed adequate. Transfers outside the EU/EEA (e.g., Stripe US) are covered by Standard Contractual Clauses.

8. Changes to This Policy

We may update this policy as our practices evolve or when required by law. Material changes will be communicated by email to active account holders at least 30 days before taking effect.