Mam NatureISO CertificationISO 13485
Medical Devices
Quality Management
Login
HomeReports & CertificationsOur SolutionsResidentialNuclear MedicineCommercial / IndustrialSavings CalculatorShopAboutBlogContact

Your Cart (0)

Your cart is empty.

Privacy Policy

Mam Nature Swiss AG · Spinnereistrasse 16 · 8645 Rapperswil-Jona · Switzerland · CHE-268.127.531

Last updated: March 2026

Mam Nature Swiss AG ("we", "us", "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information in compliance with the Swiss Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR).

Data Controller

The data controller responsible for your personal data is:

Mam Nature Swiss AG
Spinnereistrasse 16
8645 Rapperswil-Jona, Switzerland
Email: info@mam-nature.com

What Data We Collect

Order data: Name, email address, phone number, shipping and billing address, payment information (processed by Stripe/PayPal — we do not store card details).

Account data: Email address, name, and order history if you create an account.

Contact data: Name, email, phone number, and message content when you contact us.

Newsletter data: Email address and first name when you subscribe to our newsletter.

Review data: Name, location, rating, review text, and optional photos/videos you submit.

Technical data: IP address, browser type, device information, and browsing behavior collected through cookies and analytics tools.

Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR): Processing your orders, managing your account, and providing customer support.

Legitimate interest (Art. 6(1)(f) GDPR): Improving our website, fraud prevention, and marketing analytics.

Consent (Art. 6(1)(a) GDPR): Newsletter subscriptions, non-essential cookies, and marketing communications. You may withdraw consent at any time.

Legal obligation (Art. 6(1)(c) GDPR): Tax record keeping and compliance with Swiss commercial law.

Third-Party Processors

We share your data with the following third-party processors, solely for the purposes described:

Supabase (Hetzner, EU): Database hosting and user authentication.

Stripe (USA): Payment processing. Stripe is certified under the EU-US Data Privacy Framework.

PayPal (USA/EU): Alternative payment processing.

Cloudflare R2 / AWS (EU): File storage for review photos and videos.

Upstash (EU): Rate limiting and API security.

Google Analytics (USA): Website traffic analysis. IP addresses are anonymized. Google is certified under the EU-US Data Privacy Framework.

Meta Pixel (USA): Advertising measurement. Only activated with your consent.

Google Tag Manager (USA): Tag management for analytics scripts.

All US-based processors maintain adequate data protection standards through the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent safeguards.

Data Retention

Order data: Retained for 10 years after the last transaction, as required by Swiss commercial and tax law (Art. 958f OR).

Account data: Retained until you request deletion of your account.

Newsletter data: Retained until you unsubscribe.

Review data: Retained indefinitely unless you request removal.

Analytics data: Google Analytics data is retained for 14 months. Meta Pixel data follows Meta's retention policies.

Contact form data: Retained for 2 years to provide adequate customer support.

Cookies & Tracking

Essential cookies: Required for site functionality (cart, session, language preference). These do not require consent.

Analytics cookies: Google Analytics (G-VZFQDN0KZX) collects anonymized usage data to help us improve our website.

Marketing cookies: Meta Pixel tracks advertising conversions. Only activated with your explicit consent.

No banking or payment information is stored in cookies or on our servers. All payment data is processed directly by Stripe or PayPal.

Your Rights

Under the GDPR and Swiss nFADP, you have the following rights regarding your personal data:

Right of access: Request a copy of all personal data we hold about you.

Right to rectification: Request correction of inaccurate or incomplete data.

Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to restriction: Request that we limit the processing of your data.

Right to data portability: Receive your data in a structured, machine-readable format.

Right to object: Object to processing based on legitimate interest, including profiling and direct marketing.

Right to withdraw consent: Withdraw any previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@mam-nature.com. We will respond within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

HTTPS/TLS encryption for all data in transit.

Encrypted database storage with role-based access controls.

API rate limiting to prevent abuse.

Content Security Policy (CSP) headers to prevent cross-site scripting.

Regular security reviews of our infrastructure and code.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern
www.edoeb.admin.ch

EU: The supervisory authority of your country of residence.

For any data privacy questions, contact us at info@mam-nature.com.