Effective Date: 21. February 2026
This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website https://postleslodge.com/ and purchase our art prints.
Table of Contents
- What Information We Collect
- How We Use Your Information
- Who We Share Your Information With
- Cookies and Tracking Technologies
- How We Protect Your Information
- How Long We Keep Your Information
- Your Privacy Rights
- How to Exercise Your Rights
- Children’s Privacy
- Automated Decision-Making
- Changes to This Privacy Policy
- Contact Information
- Imprint
What Information We Collect
When you visit our website or purchase art prints, we collect the following information:
Contact Form Submissions
- Name
- Email address
- Message content
Order Information & Customer Accounts
- Billing and shipping address
- Email address
- Phone number (optional)
- Customer account credentials (username, encrypted password)
- Order history
- IP address (for fraud prevention)
Payment Information
- Payment transaction data (processed securely by our payment provider Mollie — we do not store your card details)
Technical Data
- IP address
- Browser type and version
- Device information
- Pages accessed on our website
Optional Marketing Consent
- Email address (only if you separately opt in to receive future marketing communications — not currently active)
How We Use Your Information
We process your personal data based on the following legal grounds:
To Fulfil Your Order (Contractual Necessity)
- Process your payment
- Print and ship your order
- Communicate order status and shipping updates
- Handle returns, exchanges, and warranty claims (2-year warranty — see our Terms & Conditions)
- Provide customer support
- Manage your customer account
To Comply with Legal Obligations
- Comply with Swiss tax and accounting laws (10-year retention)
- Respond to legal requests from authorities
For Legitimate Business Interests
- Prevent fraudulent transactions and protect our business
- Improve our website and product offerings
- Analyse shop performance (using cookie-free analytics)
With Your Consent
- Send marketing communications (only if you opt in — not currently active)
You can withdraw consent at any time by contacting us via our contact form. Please note that withdrawing consent will not affect prior lawful processing, nor will it affect processing based on other legal grounds (contractual necessity, legal obligation).
Who We Share Your Information With
We share your data only with trusted service providers necessary to operate our shop. We do not sell your personal information to third parties.
Third-Party Service Providers:
We work with the following service providers who process data on our behalf or as independent controllers:
Payment Processing: Mollie
- What they do: Process payments securely
- What they receive: Billing information, transaction amount, payment method details
- Where: Netherlands (EU/EEA)
- Their role: Independent controller (licensed financial institution)
- Security: PCI DSS compliant
- Privacy Policy: https://www.mollie.com/legal/privacy
Print Fulfillment: ThePrintSpace
- What they do: Print and ship your art prints
- What they receive: Name, shipping address, email, order details
- Where: UK, USA, or Germany (order processed at center closest to shipping address)
- Privacy Policies:
Web Hosting: Cyon
- What they do: Host website and store data
- Where: Switzerland
- Security: Daily automatic backups, SSL encryption
- Privacy Policy: https://www.cyon.ch/legal/privacy
Data Protection & Security
Data Protection: We work with service providers who are contractually obligated to protect your data. Where required by law, we have data processing agreements in place with processors who handle data on our behalf.
International Transfers: When necessary (e.g., USA or Germany fulfillment), data is transferred using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Updates: Our service providers may update their privacy policies from time to time. The privacy policies linked above are their current versions.
Cookies and Tracking Technologies
Essential Cookies (No Consent Required)
We use essential cookies necessary for our shop to function:
- Shopping cart and checkout management
- Security protection
- Account login (keeping you logged in)
Analytics (Cookie-Free)
- Koko Analytics and Burst Statistics: Privacy-focused analytics that do NOT use cookies or track personal information
No Third-Party Tracking
We do not use:
- Social media tracking pixels
- Third-party advertising cookies
- Cross-site tracking technologies
You can manage or disable cookies through your browser settings. However, disabling essential cookies will prevent you from using our shop.
How We Protect Your Information
We implement multiple security measures to protect your data:
Technical Security
- SSL/TLS Encryption: All data transmitted is encrypted (HTTPS enforced)
- Secure Hosting: Hosted by Cyon in Switzerland with daily automatic backups
- Payment Security: Payment data processed by PCI DSS-compliant payment provider (Mollie)
- Two-Factor Authentication: Enabled for administrator accounts
- Server Log Retention: Server logs retained for 24 hours only, then automatically deleted
Despite these measures, no method of transmission or storage is 100% secure. We continuously work to protect your data but cannot guarantee absolute security.
How Long We Keep Your Information
We retain your personal data only as long as necessary for the purposes outlined or as required by law.
Active customer accounts: Until you request deletion
Inactive customer accounts (no login for 3 years): Automatically anonymized while preserving order history for tax compliance
Completed orders: 10 years (Swiss tax law requirement)
Refunded orders: 10 years (Swiss tax law requirement)
Cancelled orders: 1 year
Failed orders: 6 months
Pending orders: 1 month
Contact form submissions: 6 months after last communication
Server logs: 24 hours
What “Anonymization” Means: After retention periods expire, we replace your personal information (name, email, address) with anonymous identifiers while keeping order totals and dates for accounting purposes. This allows us to comply with tax laws while protecting your privacy.
Your Privacy Rights
You have the following rights under Swiss, EU, and UK data protection laws:
Right to Access – Request a copy of your personal data
Right to Rectification – Correct inaccurate or incomplete data
Right to Erasure – Request deletion (subject to legal retention requirements)
Right to Restriction – Limit how we process your data
Right to Data Portability – Receive your data in machine-readable format
Right to Object – Object to processing based on legitimate interest
Right to Withdraw Consent – For marketing communications
Right to Lodge a Complaint – File complaint with your data protection authority
For USA Residents (California, Virginia, Colorado, Connecticut, Utah)
If you are a resident of these states, you may have additional rights including:
- Right to know what personal information we collect
- Right to delete your personal information (subject to legal exceptions)
- Right to opt-out of “sale” or “sharing” of personal information (we do NOT sell or share your information)
- Right to non-discrimination for exercising your rights
How to Exercise Your Rights
Manage Your Account:
- Log into your account at https://postleslodge.com/my-account/
- You can:
- View your order history
- Update your billing and shipping addresses
- Change your email address and password
Request Data Export or Deletion:
- Contact us via our contact form
- Provide your order number or email address for verification
- Specify which right you wish to exercise (e.g., “I request a copy of my data” or “I request account deletion”)
Response Time: We will respond within 30 days (EU/UK/Swiss) or 45 days (USA state laws).
What We Cannot Delete: We may be legally required to retain certain data (e.g., order records for 10 years for tax compliance). We will inform you if legal obligations prevent full deletion.
Children’s Privacy
Our art prints are not specifically directed at children under 16. We do not knowingly collect sensitive information about children.
Parental Consent: If you are under 16 and located in the EU/UK, you should have parental or guardian consent before providing personal information or making a purchase.
If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us and we will delete it promptly.
Automated Decision-Making
Fraud Prevention: Our payment provider (Mollie) uses automated fraud detection to protect against fraudulent transactions. This may result in a declined payment. You have the right to request human review of any automated decision.
Our Processing: We do not use automated decision-making or profiling beyond fraud prevention.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service providers.
Notification:
- Significant changes will be posted on this page with an updated “Effective Date”
- We may notify you via email if changes materially affect your rights
- Continued use of our website after changes constitutes acceptance
Review Regularly: Please review this policy periodically to stay informed.
Contact Information
For privacy-related inquiries, to exercise your rights, or for any questions:
Contact: Contact Form
Data Controller: Estelle Pogson — See our Imprint for full contact details.
Supervisory Authority (Switzerland):
Federal Data Protection and Information Commissioner (FDPIC)
https://www.edoeb.admin.ch
Email: info@edoeb.admin.ch
Phone: +41 58 462 43 95
Imprint
The Art of Estelle Pogson — Postles Lodge
Estelle Pogson
Duggingerhof 52
4053 Basel
UID: CHE-308.689.205
estelle @ postleslodge.com