Privacy policy.

Who we are (Controller)

Esper Broderie Sàrl ("Esper Broderie", "we", "us").

Contact: info@esperbroderie.com · WhatsApp +41 77 525 2834 · esperbroderie.com

Registered address: Noville, Switzerland

Market Address: Montreux, Switzerland

Privacy contact/DPO: info@esperbroderie.com

Scope

This policy explains how we handle personal data when you visit our site, submit Meta/Instagram lead forms, message us on WhatsApp, place an order, or interact with our ads, social pages, and embedded widgets/integrations.

Data we collect (and sources)

Identity & contact (name, email, phone/WhatsApp, delivery details).
Order & personalization (item, size, color, initials/text/symbols, images you provide).
Communications (website forms, email, WhatsApp, Instagram/Facebook messages, support notes).
Payment metadata from providers (we do not store full card numbers).
Technical/analytics (IP, device, browser, cookies/IDs, events from Meta Pixel/Instagram, Google Analytics if enabled).
Marketing preferences (opt-ins/opt-outs).
Sources: directly from you; Meta Lead Ads; our website; WhatsApp; analytics/advertising partners.

Why and how we use data (purposes & legal bases)

Process orders & personalize embroidery (contract).
Customer support & WhatsApp assistance (contract / legitimate interests).
Payments & invoicing via Payrexx/Stripe (contract / legal obligation).
Delivery/returns with carriers (contract).
Accounting & tax compliance (legal obligation).
Security, fraud prevention, service improvement (legitimate interests).
Analytics & ad measurement/retargeting (consent where required / legitimate interests).
Direct marketing by email/WhatsApp/SMS (consent; you can opt out anytime).

Consent & your choices

Lead/checkout forms: clear checkboxes for marketing; service messages rely on contract necessity.

WhatsApp: if you contact us for an order/design, we treat messages as service communications; for marketing we ask for explicit opt-in. Reply STOP to withdraw.

Cookies/tracking: we use a banner and preference center where required. You can change preferences anytime and manage cookies in your browser.

Who we share data with (processors/partners)

We use trusted providers that process data under our instructions (data processing agreements in place):

Payments: Payrexx; Stripe.
Communications:Communications: WhatsApp Business Platform/Meta; email provider (e.g., Resend).
Hosting/CDN & website platform: Lovable/CDN providers.
Ads & analytics: Meta (Facebook/Instagram), Google Analytics (if used).
Couriers & logistics: e.g., Swiss Post, DHL.
Accounting & auditors: for invoicing compliance.

Third-party widgets/integrations: When you use embedded tools (e.g., payment iframes, Instagram content, WhatsApp click-to-chat), those providers may collect device/usage data as independent controllers—see their privacy notices.

We do not sell your personal data.

International transfers

If providers process data outside Switzerland/EEA (e.g., EU/US/UK), we use recognized safeguards such as Standard Contractual Clauses and appropriate supplementary measures.

Retention & deletion

We keep data up to 10 years from your last interaction or completion of the relevant purpose, unless law requires longer or we can safely delete sooner:

Leads, orders, communications (incl. WhatsApp), personalization details, support records: up to 10 years.
Accounting/invoicing/tax evidence: up to 10 years (Swiss law).
Marketing consent logs & preferences: up to 10 years (or until you withdraw consent; we then keep minimal proof of withdrawal).

We delete or anonymize when no longer needed. Backups are overwritten on rolling cycles.

Your rights

Under Swiss nFADP and, where applicable, GDPR, you can access, correct, delete, restrict, port, and object to processing. You may withdraw consent at any time (e.g., reply STOP on WhatsApp or use unsubscribe links).

To exercise rights: info@esperbroderie.com (we may verify identity).

Complaints: You can contact us first, or lodge a complaint with the Swiss FDPIC (Federal Data Protection and Information Commissioner) or, where GDPR applies, with an EU supervisory authority.

Employee & contractor access (need-to-know only)

Access to personal data is limited to authorized Esper Broderie employees and contracted service providers who need it to perform their duties for us (e.g., fulfilling orders, support, accounting).

Role-based, least-privilege access; MFA where appropriate.
Confidentiality obligations and contractual safeguards for staff and contractors.
Access is revoked immediately when roles change or contracts end.
Processors are bound by data processing agreements and security requirements.

Cookies & tracking technologies

We use cookies and similar tech for site functionality, analytics, and advertising (e.g., Meta Pixel). Where required, we request consent via a banner and provide a cookie preference center. You can also manage cookies in your browser settings.

Children

Our services target adults purchasing for themselves/family. We do not knowingly collect data from children under 16 without parental consent.

Security

We apply proportionate technical and organizational measures: HTTPS/TLS in transit; secure hosting; access controls and MFA; staff training; encryption and logs by providers where applicable; least-privilege; contractual and vendor due diligence; regular reviews. No method is 100% secure, but we work to protect your data.

Automated decisions/profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use simple segmentation (e.g., past purchases, region) to tailor offers.

User-generated content & testimonials

With your permission, we may display photos/reviews you share; you can withdraw permission at any time by contacting us.

Updates to this policy

We may update this policy; the latest version and effective date appear here. Material changes will be highlighted.