Legal
Privacy Policy
Last updated: 8 July 2026
Welcome to our website. Thank you for visiting opatralondon.ch and for your interest in our company. Protecting your personal data — such as name, date of birth, phone number and address — is important to us.
The purpose of this Privacy Policy is to inform you about how we process the personal data we collect when you visit this site. Our data-protection practice is in line with the Swiss Federal Act on Data Protection (FADP), in particular the information duties set out in Art. 19 ff. FADP.
1. Controller
The controller of the data within the meaning of Art. 5 lit. j FADP is:
DM Retail GmbH
Graben 5
6300 Zug
Switzerland
Email: zurich@opatra.com
Tel.: 077 902 10 11
2. Provision of the website and creation of log files
Every time our website is accessed, our system automatically records data and information from the requesting device (computer, mobile phone, tablet, etc.).
What personal data is collected and to what extent?
- information about the browser type and version used;
- the operating system of the requesting device;
- the host name of the accessing computer;
- the IP address of the requesting device;
- date and time of access;
- websites and resources (images, files, further content) accessed on our site;
- referring website (referrer tracking);
- whether the request was successful;
- volume of data transferred.
These data are stored in the log files of our system. They are not stored together with any personal data of a specific user, so individual visitors cannot be identified from them.
Legal basis
Processing takes place under the principle of lawfulness (Art. 6 para. 1 FADP) and the requirement of good faith (Art. 6 para. 2 FADP / Art. 2 CC).
Purpose
Temporary automated storage of the data is necessary to deliver the website, to keep it compatible for as many visitors as possible, and to prevent abuse and fix errors. It also serves to secure our IT systems.
Storage period
The above technical data are deleted as soon as they are no longer required, at the latest 3 months after the site was accessed.
3. Booking form and form autosave
Our site offers a booking form for the Summer Skin Reset treatment. The data you enter into the form (name, phone, email, preferred date and time) are processed to prepare and manage your appointment.
Form autosave — important to know: so you don't lose your details if you accidentally close the tab or lose connection, the fields you type into the booking form are saved to our database as you type, before you press the final "Book" button. This lets us contact you if a booking is left incomplete. If you do not want this, please do not type into the form.
Legal basis: processing is carried out under the principle of lawfulness (Art. 6 para. 1 FADP) and good faith (Art. 6 para. 2 FADP / Art. 2 CC), for the pre-contractual exchange of information necessary to prepare a possible appointment contract.
Storage period: incomplete/autosaved leads are deleted automatically once you complete the booking, and otherwise after a reasonable follow-up window. Completed appointments are deleted after 12 months, unless statutory retention obligations (e.g. accounting) require longer storage.
Necessity: the mandatory fields must be filled in for us to process your booking. Without them we cannot accept or manage the appointment.
4. Disclosure to third parties
We treat your data confidentially and keep them only as long as necessary. We do not sell your data and do not share them with third parties for their own marketing. Disclosure may take place to collection service providers, public authorities and private persons who have a legal claim to it under statutory provisions, judicial decisions or official orders, or to authorities for the purpose of initiating legal proceedings if our legally protected rights are attacked.
5. Technical service providers we rely on
To operate this site, we rely on the following categories of processors, bound by data-processing agreements:
- Hosting and database: our cloud infrastructure provider (Supabase / Lovable Cloud) stores form entries, bookings and technical logs securely on our behalf.
- Email: the email tools we use to confirm appointments.
Some providers may process data outside Switzerland or the EU. When that happens we rely on recognised safeguards (Swiss adequacy decisions, EU Standard Contractual Clauses, or the EU–US Data Privacy Framework where applicable). More information about international transfers under Swiss law is available at edoeb.admin.ch.
6. Statistical analysis of visits (web tracking)
When you visit this site or individual files, we may record IP address, referring website, file name, date and time of access, volume of data transferred and success/failure of the request (web log). We use these access data exclusively in non-personalised form, to continually improve our web offering and for statistical purposes.
On our main website we also use Google services (e.g. Google Fonts, Google Maps) provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland; data may be transferred to Google LLC in the United States on the basis of the EU–US Data Privacy Framework. Legal basis for such transfer is your consent (Art. 6 para. 6 FADP / Art. 31 para. 1 FADP). See policies.google.com/privacy for details.
7. Cookies and local storage
This campaign site does not use advertising or cross-site tracking cookies. We use a small entry in your browser's localStorage to remember a random session identifier that links your autosaved form entries together. You can clear it any time from your browser settings.
On our main site (opatralondon.ch) additional analytics cookies (e.g. AWS load-balancer stickiness cookies, Google reCAPTCHA, Leadinfo and internal statistical cookies) may be set on the basis of your consent given via the cookie banner. Consent can be revoked at any time in the cookie settings.
8. Data security and communication by email
Your personal data are protected by technical and organisational measures during collection, storage and processing so that they are not accessible to third parties. In the case of unencrypted email communication, full data security on the transmission path to our IT systems cannot be guaranteed; for information with a high need for confidentiality, we recommend encrypted communication or postal mail.
9. Storage period and rights of the data subject
Storage period
We store personal data only to the extent and for as long as is necessary to fulfil the purposes for which they were collected, we have a legitimate overriding interest in retaining them, or we are legally obliged to do so.
Right of access
You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, access to the information under Art. 25 ff. FADP, unless access can be refused, restricted or deferred by the controller (cf. Art. 26 f. FADP). We are happy to provide a copy of the data.
Right to rectification
Under Art. 32 para. 1 FADP you have the right to request that inaccurate personal data (e.g. address, name) be corrected, unless a legal obligation prevents this. You may also request completion of the data stored with us at any time.
Right to erasure
You have the right to have your personal data erased where the data are no longer needed, the legal basis has lapsed following withdrawal of consent, there are no more legitimate grounds for processing, the data are unlawfully processed, or a legal obligation requires it. This right does not apply where processing is necessary for freedom of expression and information, where data were collected on the basis of a legal obligation, where processing is necessary for reasons of public interest, or where the data are necessary for the establishment, exercise or defence of legal claims.
Right to withdraw consent
Where you have given us explicit consent to process your personal data (Art. 6 para. 6 FADP and Art. 31 para. 1 FADP), you may withdraw it at any time. The lawfulness of processing carried out on the basis of consent before its withdrawal is not affected.
Right to data portability
On request we provide you with data collected on the basis of your consent (Art. 31 para. 1 FADP), data we received from you in the context of existing contracts (Art. 31 para. 2 lit. a FADP), and data processed in an automated procedure. We will, where technically feasible, transfer the personal data directly to a controller of your choice. Data that would infringe overriding interests of third parties (Art. 26 para. 1 lit. b FADP) may not, or only in a limited way, be transferred.
How to exercise your rights
You can exercise your rights at any time by contacting:
DM Retail GmbH · Graben 5 · 6300 Zug · Switzerland
Email: zurich@opatra.com · Tel.: 077 902 10 11
10. Notifications to the FDPIC and legal remedies
Under Art. 49 FADP, affected persons may file a report with the Swiss Federal Data Protection and Information Commissioner (FDPIC) if there are sufficient indications that data processing may infringe data-protection provisions. See edoeb.admin.ch. If you suspect that your data are being unlawfully processed on our site, you may seek judicial clarification under Art. 32 FADP (usually by an action under Art. 28 ff. CC).
