Protecting your personal data is important to us. This privacy policy explains how we collect, process and use data — in compliance with the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR).
Manuel Rogg
PadLab
Bahnhofstrasse 51C
5430 Wettingen
Switzerland
Email: info@padlab.store
This website uses no cross-site tracking, no profiling, and no advertising cookies. The only analytics tool in use is Plausible (see section 9), which is cookieless and aggregate-only. The shopping cart is stored locally in your browser (localStorage) so it is not lost when you navigate between pages. This data never leaves your device and can be cleared at any time via your browser settings.
If you sign in to a customer account, technically necessary session data (tokens) are stored locally in your browser to keep you signed in. These are strictly required for the login to work.
Our website is hosted by Netlify, Inc. (USA). When you visit the website, the server automatically collects technical data:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest). This data collection is technically necessary to display the website securely and reliably.
If you use the bulk-order contact form, the submitted data (name, email address, message, quantity) is processed via Netlify Forms and forwarded to us. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).
For registration and sign-in of customer accounts we use Supabase (Supabase Inc., servers operated in the EU). The following data is processed and stored:
Legal basis: Art. 6(1)(b) GDPR (performance of contract / pre-contractual measures). More information: supabase.com/privacy.
Transactional emails (e.g. registration confirmation, password reset) are sent through the service provider Resend (Resend, Inc., USA). Your email address is processed for delivery.
Legal basis: Art. 6(1)(b) GDPR (performance of contract). More information: resend.com/legal/privacy-policy.
Payments are processed by Stripe, Inc. (USA). You will be redirected to a secure checkout page hosted by Stripe for the payment process.
The data necessary for payment and shipping (name, email address, billing/shipping address, phone number, credit card details) is transmitted directly to Stripe. The phone number is required by our Thai logistics partner for delivery contact. We do not store any credit card data ourselves.
Legal basis: Art. 6(1)(b) GDPR (performance of contract). Stripe also processes certain data for fraud prevention purposes. More information: stripe.com/privacy.
We embed YouTube videos using the enhanced privacy mode (youtube-nocookie.com). YouTube does not store cookies on your device as long as you do not play the video.
Only when you actively click "Play" will a connection to YouTube servers be established and your IP address transmitted.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in presenting our content attractively) and Art. 6(1)(a) GDPR (your consent by playing the video).
To protect email addresses from spam bots, we use a script by Cloudflare, Inc. (USA). This script decodes email addresses locally in your browser. No personal data is transmitted to Cloudflare.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in spam prevention).
We use Plausible Analytics (Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia — EU) to measure aggregate, anonymous traffic to this site. Plausible does not use cookies, does not collect personal data, does not generate or store any persistent identifier, and does not track users across sites or devices. IP addresses are processed only transiently to derive a daily-rotating, salted hash and are not stored. The data we receive consists of aggregate counts (page views, referrer, country, browser, device type).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding overall site usage). Because no personal data is processed, no consent is required (Recital 26 GDPR; ePrivacy Directive — no terminal-equipment access). More information: plausible.io/privacy and plausible.io/data-policy.
If you contact us by email, your email address and the content of your message will be stored for the purpose of processing your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in customer communication).
Some of our service providers (Netlify, Stripe, Resend, Google/YouTube, Cloudflare) are based in the USA. Supabase operates the servers used for our project in the EU (Frankfurt). For order fulfilment, the shipping address is additionally transmitted to our logistics partner in Thailand.
For EU/EEA data subjects (GDPR): Data transfers to the USA are legally secured through the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCC). The transfer to Thailand is based on Art. 49(1)(b) GDPR (necessary for the performance of a contract).
For Swiss data subjects (revFADP): Because the revised Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) applies in parallel to the GDPR, the safeguards listed above (SCC, contract-performance necessity under Art. 17 revFADP) also apply to Swiss data subjects. Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC / EDOEB).
We store your data only as long as necessary for the respective purpose or as required by statutory retention periods.
You have the following rights regarding your personal data:
Please contact us at info@padlab.store. You also have the right to lodge a complaint with the competent data protection authority (Switzerland: FDPIC, EU: your national authority).
Last updated: April 2026